
This package contains a Waffle e-mail spam filter, written in response to
a recent increase in the amount of e-mail spam.


The filter accepts mail only from sources "registered" to send to a
particular Waffle account; mail from other sources is either deleted or
diverted to a "spam" mailbox.  The filter provides the capability for
sources who are not registered to verify their e-mail address and thus
become registered, by means at least fairly resistant to spammers.  As an
added (necessary?) convenience, those to whom e-mail is sent become
automatically registered.


The concept behind this filter program ought to be readily portable to any
e-mail system, given knowledge of the system's internals or mailbox formats.
This implementation was written with a minimal knowledge of the particulars
of the Waffle mailbox format.


HOW IT WORKS:

In a full installation, the filter is invoked twice per user per outside
connection call.

The first invocation, before the call to the neighboring site, searches
for e-mail from the user and notes the addresses to which e-mail is being
set.  All such addresses are immediately added to the user's registry.


The second invocation, made right after the call and before the user reads
his e-mail, kicks off a rather more complex sequence of events, as follows.

The user's mailbox is read, message by message.  The sender of each message
is checked against first against the registry.  If the sender's e-mail
address is in the registry, the e-mail is passed through.

If the sender's e-mail address is NOT in the registry, another list called
the "probation" list is checked.

If the sender is not in the "probation" list, a "key" word or phrase is
randomly chosen and sent to the sender in a message which tells him that he
must return the "key" in another message, before a given date and time, in
order for his e-mail to pass through the filter.  His message is then either
dropped or placed in a special "spam" mailbox.

If the sender is in the "probation" list, his e-mail is checked for the
"key" sent him.  If he has responded with the "key" in time, he is removed
from the "probation" list and added to the registry.  If he has not, he is
sent a reminder.  To avoid "loops", the number of reminders is limited.

If the sender has not responded within the "probation" time, he is summarily
dropped and any new attempts by him to send e-mail to the user will start
from the beginning.


SECURITY:

This system provides two modes of security against spammers.

First, the spammer who sends e-mail with a false return address never knows
his message has been rejected.  End of story.

If he uses a  real return address, the use of a randomly-chosen "key" along
with a randomly-chosen "message", the choices of both which are (hopefully)
unique to the user, mitigates against the possibility of a filter-
penetrating robot; at the very least it increases by orders of magnitude the
resources required of the spammer working to deliver his unwanted messages.



ISSUES:

In this implementation, the filter must be invoked before and after each
UUCP call to another site.  It will not work well in sites which receive
UUCP calls.  There are several fixes possible: one is to invoke the filter
at the beginning and end of each user's session.  Another is to invoke it at
the end of each UUCP connection as usual, and to pipe outgoing e-mail
through it.


