by Guest » Wed Jan 12, 2005 2:18 pm
I know what to do:
Limit the rate at which new disposables can be created by INCOMING mail. Some number per day, or perhaps per hour.
Per hour makes sense, since only scripts (the "automated signups on [the] other sites" mentioned by josh) would cause the coincidence of MANY NEW ADDRESSES, ALL FROM THE SAME ORIGINATING site, all within a few minutes. Even if a user gets lots of new spam, it would not all come from the same place WITH ONE NEW ADDRESS EACH. This would be the signature of this form of abuse.
Make the limit reasonably large, to give the user time to recover if a spammer or prankster actually DOES attack the spamgourmet address creation concept itself [other threads have postulated this possiblity; replies in those threads say this has NOT happened yet]. If ever attacked, of course, the user would begin using or change his watchword[s] or prefix.
Of course, this limitation would make spamgourmet vulnerable to a new form of denial of service attack: Create lots of addresses for a victim and they go dead. But this is also unlikely.
I think this is it. I can't think of any difficulty this protocol would create for a legitimate user.
Anyone have any ideas?