BLOWBACK: A Spam Blocking System
by Danny Sleator

Introduction

I've developed a system to thwart spam. I've named it BLOWBACK because its based on the idea of BLOWing email BACK to the sender before they can deliver email to me. (Blowback is also a term used by the CIA to refer to the unintended consequences of the US government's international activities that have been kept secret from the American people. And it's the title of a book by Chalmers Johnson.)

I've been using BLOWBACK since January 2001. It works almost perfectly. Legitimate senders have no trouble at all sending me email, yet almost no spam gets through.

My implementation of BLOWBACK is publically available for download from this site. I only ask that you give me appropriate credit if you use this system or my ideas. This implementation is written in perl, and works under unix (linux, etc). It makes use of the .maildelivery mechanism, which is supported by MMDF and MH.

How It Works

BLOWBACK is based on a very simple idea: require a person sending me email to do something by hand in order to get their message delivered to me. When somebody sends me an email, BLOWBACK saves it on my machine, and sends back an automatic response email requiring the person to click a link (or reply to the message) in order to get their original message "released" to me. Here's a typical such automatic response:

   From: Not D. Sleator <xsleator@hyper.link.cs.cmu.edu>
   To: xosexygoddessox@aol.com
   Subject: (8574839487) Below is the result of your feedback form
   
   Dear friend:
   
   You recently sent me (Danny Sleator) email with the above subject
   line.  This email has not been delivered.  You can deliver it in
   one of two ways: either reply to this message (include the above
   subject line), or go to the following URL:
   
     http://www.link.cs.cmu.edu/cgi-bin/mail/deliver.pl?id=9878060853
   
   You will not need to do this again for subsequent messages.

   This email was generated by BLOWBACK, a system I've developed to
   thwart spam.  For more information, see:

     http://www.cs.cmu.edu/~sleator/blowback/
   
   Note: Mail sent to the xsleator address is not read by anybody.
   
             Sincerely,
    
             Danny Sleator <sleator+@cs.cmu.edu>

Note that the auto-response email is sent from a special address (xsleator instead of sleator) whose mail I do not read. There are two reasons for this. First of all, the "From" field in most spam is garbage, so if you send email to that address it just bounces. Obviously I don't want my regular inbox to be filled with such bounced emails. Secondly by sending from a different address, I remove the danger of creating a mail loop.

A random 10-digit number is used to identify the message. This number is prepended to the subject line and is also included in the URL provided. When xsleator receives an email with a number like that in the subject, it releases the appropriate email.

Although it is easy to get mail through to me (by following the instructions above), I didn't want to require an explicit release step for every piece of email sent to me. So the system examines the sender's address and if it's "trusted", the email is delivered to me immediately. An address is trusted if it's in a file of addresses of people who have previously released email to me. An address is also trusted if it matches a pattern in a file of patterns that I maintain by hand. For example, "*edu" is currently one of these patterns. This means that any email from a .edu site gets through.

Additions

Sometimes it IS useful to be able to get an email from an automatic process. For example, suppose I buy something from www.acme.com. I'd like to be able to receive an automatic sale confirmation from Acme. One way to do this is to add *acme.com to the trusted pattern file. This is what I usually do. But it's not ideal, because Acme may start to spam me later. And I don't want to have the burden of editing the pattern list very often.

So to handle this, BLOWBACK lets me create addresses that can be used a bounded number of times. When I register on Acme'ss web site, I'll use the address "sleator+tempACME3@cs.cmu.edu". The first 3 times this address is used, the mail gets through unimpeded. After that, email to that address is treated just like any other email.

If enough people start to use the BLOWBACK concept, spammers might build bots that can automatically release the email. If this happens, I can make the task harder. I can can make it so that you have to successfully pass a CAPTCHA in order to have your email released to me.

Of course BLOWBACK can be combined with more sophisticated pattern matching methods to identify spam. In this case, if the fits a spam-like pattern, it can be handled using the BLOWBACK mechanism. If it doesn't look like spam, it can be delivered.

Download and Caveats

The code is available on my FTP site as a as separate files or as a tar archive.

I developed this system for my own use, because I don't like to get spam. My purpose was not to produce highly portable and easy to install software that would be used by millions of people. I have not attempted to port it to other systems, or document it as well as I would if I expected a lot of other people to use it. And I'm not an expert on email systems, and I don't know how other systems work. I suspect that the code I've written could be fairly easily ported to other mail delivery systems and operating systems. But that's a guess.

There's another limitation to wide-spread acceptance of the system as implemented here. Two BLOWBACK users from mutually non-trusted domains cannot communicate with eachother. (The automatic response email will never be seen.) Thus, the current implementation is better suited for people who live on trusted domains, such as .edu. [There are various ways around this, such remembering the subject line of messages that you send out, and automatically accepting messages with similar subject lines, at least for some period of time.]

Other work

It turns out that a similar idea was independently invented, implemented, and published by Nic Wolff. This system was subsequently improved by Michael Buro, who also published his implementation. These systems are based on a sophisticated procmail script that implements the BLOWBACK idea. Marco Paganini also implemented and packaged the the same idea for linux, only he called it ASK. Not only that, but there are now at least two commercial systems (SpamArrest and The Spam Eater) implementing these ideas.

Peter Venable has implemented BLOWBACK and packaged it for use in the CMU CS environment.

Andy Valencia implemented a similar challenge/response system he calls Traveler. Instead of keeping a white list of addresses and domains as we do in BLOWBACK, he keeps a list of addresses that work to deliver mail to him. When you send him email to vandys@vsta.org a vacaton program tells you to fill out a form at www.vsta.org/contact/andy.html. When you do this, it sends you email with a randomly generated address like ajv-rodenteye@vsta.org. You can then use this address to get him mail.

There are also other spam blocking systems, based on completely different principles. Here are links to a few of them:

http://spamassassin.taint.org
http://www.rhyolite.com/anti-spam/dcc/
http://razor.sourceforge.net/
http://www.cs.cmu.edu/~jcl/programs/hasher/hasher.html

Danny Sleator

---

sleator@cs.cmu.edu

Last modified: Wed Nov 24 15:24:03 EST 2004