Re: [sr #105343] message digests

[Earl Hood <earl@xxxxxxxxxxxx>]

On June 22, 2006 at 17:40, Ed Wildgoose wrote:

> > Only a problem if you have software that creates message-ids that
> > include actual email addresses.  This is unusual, and with the spam
> > world we live in today, not recommended.
> 
> Aha.... This finally explains the huge unstoppable spam runs I have been 
> seeing against my mailserver.  I thought it was some dumbass who was 
> trying some wierd number based dictionary spam on my server (despite 
> plenty of 554 responses), but now I see that it was all my msgid's that 
> were being harvested!
> 
> Is it possible to at least mangle them in some way so the dumb robots 
> don't think they are real.

A good argument to use something like the MD5 hash of the message-id
as linking/threading handle versus the ID itself.

This should be technically possible w/o having to redesign mhonarc code.
It may be possible to MD5 the message-id and references/in-reply-to
data when a message is first read and use the resulting values for
threading calculations.

Some extra work is needed for the auto-link of message-ids in
message bodies.  The message-id in the body would have to be hashed
first before checking if it can be linked.  Of course, those doing
anti-harvesting customizations (e.g. SPAMMODE) on their archives,
message-id linking in irrelevant (since message-ids look like addresses
and gets masked/obfsucated).

RMM will need to be made aware of such things since it can take
message-ids.

What needs to be determined is if hashing of IDs should always be
done or if it should be controled by a resource (e.g. HASHMESGIDS).
Since a perl installation may not have the MD5::Digest module installed,
mhonarc would definitely need to work with and w/o hashing.

--ewh