Tweet
Ihr kennt sicher das Problem: Trotz Spamfilter landet permanent das Müll von irgendwelchen Untermenschen in eurer Mailbox. Ich habe mir daher mal Gedanken gemacht wie ich das zumindest temporär lösen würde. Temporär in dem Sinne bis sich etwas Einheitliches etabliert hat.
Mein Problem ist allerdings, ich habe zwar von php und mySQL Ahnung aber an der tiefgreifenderen Konfiguration und dem Scripting vom Rest nicht wirklich.
Falls sich also jemanden finden sollte der gewillt ist diese Idee umzusetzen hier bitte, haut rein:
Mein Problem ist allerdings, ich habe zwar von php und mySQL Ahnung aber an der tiefgreifenderen Konfiguration und dem Scripting vom Rest nicht wirklich.
Falls sich also jemanden finden sollte der gewillt ist diese Idee umzusetzen hier bitte, haut rein:
###############################################################################
mail authentification system
###############################################################################
Contents
-------------------------------------------------------------------------------
1 ........................................................................ Idea
2 ..................................................................... Concept
3 ................................................................ Requirements
1. Idea
-------------------------------------------------------------------------------
There's no way to prevent beeing spamed by some assholes, even with a
spamfilter you will get some spam thats not recognized.
This document shows a concept that should be save as long theres no AI or OCR
software that is able to challenge a captcha.
What is a captcha?
http://en.wikipedia.org/wiki/Captcha
Every person that want's to send you mails has to sign up your "friends"-list
one time and master a captcha.
The user should be able to add adresses by himself for already known and
trusted adresses.
2. Concept
-------------------------------------------------------------------------------
Someone sends an email to your server.
If the server receives this mail it starts the script that checks if the
sender is in the "friends"-table of the SQL-server.
If the sender is in the "ignore"-table, delete the mail.
If it is in the list its ok and the mail passes trought.
If it is NOT in the list the server starts a script that does the following
steps:
Check if the sender is already in the "activation"-table. If yes move his mail
to the "cache"-table.
If the sender is not in the "activation"-table continue with the following
steps:
Create an entry in the "activation"-table of the SQL-server, including an
activation code. If this is successfull...
Move the mail(s) of the senders adress to the "cache"-table of the SQL-server,
don't let them pass trought.
Send an authentification mail to the senders adress including the url to the
authentification page.
The user has to open the authentification page now, the URL includes the code
to proof if it was realy send by your server to the user. It could look like
this for example: authmail.php?code=22ap3l60m2kl12g022
If the sender is not going to authentificate himself within a time which is
set by the admin the sender will be moved to the "ignore"-table and the
cached mails are deleted.
If the code is the same as the one in the database the script displays a
captcha that the user has to challenge to authentificate himself. This is the
critical point of the whole idea. As long as theres no AI or OCR software that
is able to master the captcha you are save.
If the captcha is passed the sender will never again confronted with the
authentification procedure except the SQL-tables are lost.
The script will now move he senders data to the "friends"-table and send the
cached mails of the sender back to the MTA. The client can now access the
mails.
3. Requirements
-------------------------------------------------------------------------------
a *nix system
sql (mysql only atm)
mailtransfer agent (independet)
webserver (must be able to execute php)
script languages (php only atm)
The webserver must be able to run one of the (script)languages that handle the
authentification page.
The scriptlanguages must be able to connect to the choosen database. Except
this you are free to use ANY (script)language of your choice.
Thanks to
-------------------------------------------------------------------------------
Vispillo for some technical help
mail authentification system
###############################################################################
Contents
-------------------------------------------------------------------------------
1 ........................................................................ Idea
2 ..................................................................... Concept
3 ................................................................ Requirements
1. Idea
-------------------------------------------------------------------------------
There's no way to prevent beeing spamed by some assholes, even with a
spamfilter you will get some spam thats not recognized.
This document shows a concept that should be save as long theres no AI or OCR
software that is able to challenge a captcha.
What is a captcha?
http://en.wikipedia.org/wiki/Captcha
Every person that want's to send you mails has to sign up your "friends"-list
one time and master a captcha.
The user should be able to add adresses by himself for already known and
trusted adresses.
2. Concept
-------------------------------------------------------------------------------
Someone sends an email to your server.
If the server receives this mail it starts the script that checks if the
sender is in the "friends"-table of the SQL-server.
If the sender is in the "ignore"-table, delete the mail.
If it is in the list its ok and the mail passes trought.
If it is NOT in the list the server starts a script that does the following
steps:
Check if the sender is already in the "activation"-table. If yes move his mail
to the "cache"-table.
If the sender is not in the "activation"-table continue with the following
steps:
Create an entry in the "activation"-table of the SQL-server, including an
activation code. If this is successfull...
Move the mail(s) of the senders adress to the "cache"-table of the SQL-server,
don't let them pass trought.
Send an authentification mail to the senders adress including the url to the
authentification page.
The user has to open the authentification page now, the URL includes the code
to proof if it was realy send by your server to the user. It could look like
this for example: authmail.php?code=22ap3l60m2kl12g022
If the sender is not going to authentificate himself within a time which is
set by the admin the sender will be moved to the "ignore"-table and the
cached mails are deleted.
If the code is the same as the one in the database the script displays a
captcha that the user has to challenge to authentificate himself. This is the
critical point of the whole idea. As long as theres no AI or OCR software that
is able to master the captcha you are save.
If the captcha is passed the sender will never again confronted with the
authentification procedure except the SQL-tables are lost.
The script will now move he senders data to the "friends"-table and send the
cached mails of the sender back to the MTA. The client can now access the
mails.
3. Requirements
-------------------------------------------------------------------------------
a *nix system
sql (mysql only atm)
mailtransfer agent (independet)
webserver (must be able to execute php)
script languages (php only atm)
The webserver must be able to run one of the (script)languages that handle the
authentification page.
The scriptlanguages must be able to connect to the choosen database. Except
this you are free to use ANY (script)language of your choice.
Thanks to
-------------------------------------------------------------------------------
Vispillo for some technical help
Moderator
Kommentar