Fighting Filters and DDoS
2nd September 2003
Paul Graham’s essays on fighting spam are generally excellent; it was Paul who sparked the recent flurry of activity surrounding Bayesian statistical filters and inspired the creation of some of the best tools for fighting spam yet. Paul’s latest suggestion, Filters that fight back, seems to me to miss the mark in a big way. Paul suggests email servers should “follow” links in any email received. This would turn the tables on spam, as suddenly sending out a million spams would result in a million useless hits to the site being promoted, quickly brining it to its knees. It’s a great concept, until some malicious script kiddie realises that they’ve been handed a tool to run massive distributed denial-of-service attacks on any domain they care to target. Not to mention that such a feature would make many legitimate mass email tools prohibitively expensive to run.
Update: It turns out that this issue has already been discussed in the FAQ attached to the essay. The suggested solution is to use a blacklist, with servers only hitting sites that are linked to from an email and listed on the blacklist.
More recent articles
- OpenAI's new open weight (Apache 2) models are really good - 5th August 2025
- ChatGPT agent's user-agent - 4th August 2025
- The ChatGPT sharing dialog demonstrates how difficult it is to design privacy preferences - 3rd August 2025