Firewall Wizards mailing list archives
RE: regarding spam...
From: "Bill Royds" <email () royds net>
Date: Mon, 1 Apr 2002 22:16:34 -0500
I find very little spam that actually comes from hotmail.com, yahoo.com, but a fair amount from mail.com. The from address is almost invariable forged, so is rather useless if stopping spam. Until the last few weeks, most of the spam I got was bounced through open relays. In the last few weeks, I have found a lot is just sent through cheap ISP's in Mexico or China or Korea. The city of Battle Creek, Michigan did the most recently to increase the spread of spam by threatening a black hole list with criminal charges because it found their server was relaying spam, tested it, and accidentally crashed it (on a Lotus Notes bug). -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of Crispin Cowan Sent: Mon April 01 2002 19:23 To: Kalat, Andrew (ISS Atlanta) Cc: 'Marcus J. Ranum'; firewall-wizards () nfr com Subject: Re: [fw-wiz] regarding spam... Kalat, Andrew (ISS Atlanta) wrote:
To Marcus' point later in the thread, this doesn't really hurt the spammers, and this would likely start the same type of arms race you see in the anti-virus efforts, but it does help the business user population somewhat,
What WOULD hurt the spammers is a spam filter designed to be deployed as an EGRESS filter for large domains. I get an obnoxious amount of spam from the same domains time and time again. Some of them are free webmail servers (hotmail.com, yahoo.com, mail.com, etc.) while others are obscure Asian ISPs (263.net comes to mind). The clear pattern that emerges is: * these large providers are not actually suborning spamming * but they *are* supporting so many users and/or giving out accounts so liberally that they cannot effectively police them If there was a product that such large providers could deploy at their gateway that filtered *outgoing* mail, and the only thing it did was to bounce a copy of suspected outgoing spam back to the senders inbox, then a spammer's inbox would fill to bursting almost immediately, and the provider could lock out their account from sending any more mail until the issue was resolved. Throw-away yahoo/hotmail/mail.com accounts would be a lot less cost effective if they could only send 10 spams each before they locked out. I know: this requires very low margin providers to expend more effort, and we already know that they don't put much effort into spam fighting. This egress filter proposal is an attempt to minimize their effort required for effectivenss, and thus hopefully reduce their costs in dealing with spam cleanup efforts, e.g. the thousands of complaints that pour in after a large spam incident. Presumably some of the readers out there are in companies in the content filtering business. Consider this a product opportunity. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: regarding spam... Crispin Cowan (Mar 31)
- <Possible follow-ups>
- Re: regarding spam... Ryan Russell (Mar 31)
- Re: regarding spam... John Adams (Mar 31)
- RE: regarding spam... Kalat, Andrew (ISS Atlanta) (Apr 01)
- Re: regarding spam... Crispin Cowan (Apr 01)
- RE: regarding spam... Bill Royds (Apr 02)
- Re: regarding spam... Thorkild Stray (Apr 02)
- Re: regarding spam... R. DuFresne (Apr 02)
- Re: regarding spam... R. DuFresne (Apr 02)
- Re: regarding spam... Adam Shostack (Apr 03)
- Re: regarding spam... Ryan Russell (Apr 03)
- Re: regarding spam... Adam Shostack (Apr 03)
- Re: regarding spam... Crispin Cowan (Apr 01)
- Re: regarding spam... Rick Murphy (Apr 02)
- Re: Re: regarding spam... Andrew Fremantle (Apr 03)
- Re: regarding spam... Mikael Olsson (Apr 03)