[Remops] dealing with spam to admin address

[Ryan Lackey]

I've gotten more than a bit lax in checking the "admin" address on my
remailer, due to normal spam.

I generally like to reply in person to LE or others reporting serious 
remailer abuse (even if it is just "this is how it works, we can block
addresses if you want, but it's technically beyond our capability to track
already-sent messages, and infeasible to track future messages due to 
design"), as this seems to resolve the matter, at least for a US national
and remailers not located in Germany.

Normal antispam techniques (bayes, spamassassin, etc.) seem to be a bad
idea for abuse reporting addresses in general, due to false positives
when spam messages, etc. are included.

I'm thinking of implementing a "reply to this message if you actually
sent the mail, with some CAPTCHA" for the admin address.  Then, I could
be pretty confident that admin mail was legitimate abuse complaints, and
I'd forward it to a cellphone or some other more-frequently-checked device.

Would this be "best practice" for remailer operations?  Does anyone else
do something simailar?  I know a lot of people send admin to /dev/null,
but I'd rather not do that.  I'm currently getting about 50 messages per
day, 99+% spam.

The most obnoxious thing recently was someone "friending" me on facebook
to make an abuse complaint (related to "offensive messages", not even
a ticking-time-bomb bomb threat!).  This requires at least 2 levels of
looking things up (PGP key for admin includes my addresses/name, and google
would link the two)