Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: regarding spam...

From: "Bill Royds" <email () royds net>
Date: Mon, 1 Apr 2002 22:16:34 -0500
I find very little spam that actually comes from hotmail.com, yahoo.com, but a fair amount from mail.com.
The from address is almost invariable forged, so is rather useless if stopping spam.
Until the last few weeks, most of the spam I got was bounced through open relays. In the last few weeks, I have found a 
lot is just sent through cheap ISP's in Mexico or China or Korea.
The city of Battle Creek, Michigan did the most recently to increase the spread of spam by threatening a black hole 
list with criminal charges because it found their server was relaying spam, tested it, and accidentally crashed it (on 
a Lotus Notes bug).

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com]On Behalf Of Crispin Cowan
Sent: Mon April 01 2002 19:23
To: Kalat, Andrew (ISS Atlanta)
Cc: 'Marcus J. Ranum'; firewall-wizards () nfr com
Subject: Re: [fw-wiz] regarding spam...


Kalat, Andrew (ISS Atlanta) wrote:


To Marcus' point later in the thread, this doesn't really hurt the spammers,
and this would likely start the same type of arms race you see in the
anti-virus efforts, but it does help the business user population somewhat,


What WOULD hurt the spammers is a spam filter designed to be deployed as 
an EGRESS filter for large domains. I get an obnoxious amount of spam 
from the same domains time and time again.  Some of them are free 
webmail servers (hotmail.com, yahoo.com, mail.com, etc.) while others 
are obscure Asian ISPs (263.net comes to mind). The clear pattern that 
emerges is:

    * these large providers are not actually suborning spamming
    * but they *are* supporting so many users and/or giving out accounts
      so liberally that they cannot effectively police them

If there was a product that such large providers could deploy at their 
gateway that filtered *outgoing* mail, and the only thing it did was to 
bounce a copy of suspected outgoing spam back to the senders inbox, then 
a spammer's inbox would fill to bursting almost immediately, and the 
provider could lock out their account from sending any more mail until 
the issue was resolved.

Throw-away yahoo/hotmail/mail.com accounts would be a lot less cost 
effective if they could only send 10 spams each before they locked out.

I know: this requires very low margin providers to expend more effort, 
and we already know that they don't put much effort into spam fighting. 
This egress filter proposal is an attempt to minimize their effort 
required for effectivenss, and thus hopefully reduce their costs in 
dealing with spam cleanup efforts, e.g. the thousands of complaints that 
pour in after a large spam incident.

Presumably some of the readers out there are in companies in the content 
filtering business. Consider this a product opportunity.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: