Found on Scripting News: A feature for a mail server?.

What if every mail server supported a new feature. An XML-RPC interface with one entry point. It takes one parameter, a user name and returns a struct containing a boolean. The boolean is true if there is such a user on that machine. It's a struct so more info can be returned later. My email program could send a message to the server each piece of mail came from. Hey you got someone with this name, and do they send out spam? If the answer is no, filter it to the bit bucket.

Nice idea, but it's already there. Ok, not "XML-RPC", but there are other formats out there and some are much older. You can use the SMTP VRFY command on many mail servers to verify a user. Problem: since user checking on many machines is very hard work (think about stuff like http://hotmail.com/ or http://gmx.de/ - multi-million-user sites!), so not every host supports it, many hosts don't allow VRFY to not give out too much data (since spammers can use this interface to check addresses for legitimacy, too!) and some only give you an OK on every check (for the same reasons, they just hide better).

So would it solve the problem at hand? No. Spammers would just start to use the very same interface to validate their own email lists and use one picked randomly out of the pool of their addresses as the sender. What would we get? Nothing better than now, only better disguised. You have to take into account that spammers do learn, too. They might be at the bottom of social behaviour on the net, but they are not necessarily stupid.

Maybe I'm missing something or it's too early in the morning, but couldn't we ask the servers if they know about this person sending me the spam. I have a feeling that most of the spam I get comes from made-up people.

Oh, sure they are. They have been for some time now. Spammers are not interested in responses. One of the most important things to note: spammers don't care for email replies. They actually don't care for the recipient at all - all they do is send out mail, that's all. They are paid for that. There might be click-throughs (most of porn spam is to get people to click the links in the mail, that's why most porn spam nowadays is HTML with embedded images). But nobody in that business wants you to return anything to the sender.

So what to do about spam? The currently best practice is to set up a Bayesian mail filter like bmf or any of the like projects. There are some to integrate into mail clients, some to integrate into the mail server. Just watch out for them. I use bmf to filter mail on my server and it works quite well after feeding it several hundred mails and it gets better every round. False positives are down to only 2-3 a day (and mostly administrative stuff that is easily spotted in the spambox) and false negatives are down to 5-7 a day, easily spotted in the prefiltered inbox, too. The vast majority of about 70-80 spam mails per day are filtered out just fine.

Found on Scripting News.