Firewall Wizards mailing list archives
Re: regarding spam...
From: "John Adams" <jna-dated-1017886905.064da4 () retina net>
Date: Fri, 29 Mar 2002 21:21:34 -0500 (EST)
I think TMDA does a far better job of doing this. It requires no such knowledge transfer, but a small amount of action on the part of the sender. I've become a serious fan of it recently, as my spam volume has gone to zero and I don't miss mail because I use tmda-pending. It's at: http://software.libertine.org/tmda/ Basically, you profile all your email and make a whitelist (I have a script that does this, ask for it if you need it), and then install the auto confirm code. If people mail you and they're on the whitelist or confirmed list, they're allowed in. If not, they get a confirmation message which they must reply to. Replying to the confirmation message processes their old message and adds their name to your 'confirmed' list. Spammers now have a new issue to face - it's computationally expensive to recieve and reply to EVERY message they get back, and they can't fake it because there's a checksum in the email that must be returned, thus slowing down their delivery efforts if everyone is using TMDA. Of course, if they -do- reply, you have a verifiable address that you can report to abuse@foo. ;) I also have a script called tmda_dropreport that tells me what's going on with TMDA. Since I started using TMDA on the 11th, I've seen: $ ./tmda_dropreport.pl Period: Mon Mar 11 08:51:35 EST 2002 to Fri Mar 29 21:18:43 EST 2002 Msgs Processed: 5412 Control Messages: 72 (91.46%) Confirm 51 (0.94%) Append 21 (0.39%) Accepts: 4950 (91.46%) by Confirmed 63 (1.16%) by headers 3635 (67.17%) by from 40 (0.74%) by from-file 1218 (22.51%), Whitelist 1155 (21.34%) Drops: 418 (7.72%) Unknown Addr 417 (7.71%) Still Pending 16 Blacklist 1 (0.02%) By Rule 0 -john On Fri, 29 Mar 2002, Alberto Begliomini wrote:
There is a tool called DCC (http://www.rhyolite.com/anti-spam/dcc) that uses a similar concept in a way. -Alberto -- Alberto Begliomini Email: aub () coldstone com Coldstone Consulting, LLC Voice: 650-654-5938 Security, Systems and Networks Administration Fax: 650-631-8722 Marcus J. Ranum wrote:Out of 30 messages in the input queue yesterday 30 were spam. 27 of those were korean or chinese. I'm trying to think of ways to deal with spam E-mails and have been kicking around a few ideas with some friends of mine. Most of the truly effective ways we can imagine to deal with spam rely on spam-knowledge propagation: in other words a human being someplace in the mix says "this is spam" and based on that determination causes the offending message to disappear from all mailboxes. So, a side effect of this approach is a 'web of trust' with respect to noise email. :) Suppose I tell the mail system "I trust Dodge Mumford's judgement regarding what is spam" then my mail system will automatically move into my spam folder all emails that Dodge moves into his spam folder. We might choose to look out for eachother in a reflexive relationship, or we might choose to additionally trust an outside source, etc, etc. It occurs to me that this would be pretty easy to implement, with a bit of small extra kludgery. You could build it right into an imap server by having it apply the extra processing when someone moves a message into a folder called "spam" - in fact this way _one_ person in an organization could keep an up-to-date set of Eudora filters that would be leveraged by everyone in that spam trust ring. Does anyone know if this is already being done? Does anyone see any really compelling reason it wouldn't work? mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
-- J. Adams http://www.retina.net/~jna Fiber line / Shine, Enlight the Globe / In Light, communicate / Connect. ~~ Lassigue Bendthaus - Fiber _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- regarding spam... Marcus J. Ranum (Mar 29)
- Re: regarding spam... Ryan Russell (Mar 29)
- Re: regarding spam... Alberto Begliomini (Mar 29)
- Re: regarding spam... John Adams (Mar 30)
- Re: regarding spam... Jubilation T Cornpone (Mar 29)
- Re: regarding spam... Adam Shostack (Mar 29)
- Re: regarding spam... Robert Graham (Mar 30)
- <Possible follow-ups>
- RE: regarding spam... Max Enders (Mar 29)
- Re: regarding spam... Antonomasia (Mar 30)