Firewall Wizards mailing list archives

Re: regarding spam...

From: "John Adams" <jna-dated-1017886905.064da4 () retina net>
Date: Fri, 29 Mar 2002 21:21:34 -0500 (EST)


I think TMDA does a far better job of doing this. It requires no such
knowledge transfer, but a small amount of action on the part of the
sender. I've become a serious fan of it recently, as my spam volume has
gone to zero and I don't miss mail because I use tmda-pending.

It's at: http://software.libertine.org/tmda/

Basically, you profile all your email and make a whitelist (I have a
script that does this, ask for it if you need it), and then install the
auto confirm code.

If people mail you and they're on the whitelist or confirmed list, they're
allowed in. If not, they get a confirmation message which they must reply
to. Replying to the confirmation message processes their old message and
adds their name to your 'confirmed' list.

Spammers now have a new issue to face - it's computationally expensive to
recieve and reply to EVERY message they get back, and they can't fake it
because there's a checksum in the email that must be returned, thus
slowing down their delivery efforts if everyone is using TMDA.

Of course, if they -do- reply, you have a verifiable address that you can
report to abuse@foo. ;)

I also have a script called tmda_dropreport that tells me what's going on
with TMDA. Since I started using TMDA on the 11th, I've seen:

$ ./tmda_dropreport.pl

Period: Mon Mar 11 08:51:35 EST 2002 to Fri Mar 29 21:18:43 EST 2002
Msgs Processed: 5412

       Control Messages: 72 (91.46%)
               Confirm       51 (0.94%)
               Append        21 (0.39%)

       Accepts: 4950 (91.46%)
               by Confirmed  63 (1.16%)
               by headers    3635 (67.17%)
               by from       40  (0.74%)
               by from-file  1218 (22.51%), Whitelist 1155 (21.34%)

         Drops: 418 (7.72%)
               Unknown Addr  417 (7.71%)
               Still Pending 16
               Blacklist     1 (0.02%)
               By Rule       0

-john

On Fri, 29 Mar 2002, Alberto Begliomini wrote:

There is a tool called DCC (http://www.rhyolite.com/anti-spam/dcc)
that uses a similar concept in a way.

-Alberto

--
Alberto Begliomini                              Email: aub () coldstone com
Coldstone Consulting, LLC                       Voice: 650-654-5938
Security, Systems and Networks Administration   Fax:   650-631-8722


Marcus J. Ranum wrote:

Out of 30 messages in the input queue yesterday 30 were spam.
27 of those were korean or chinese.

I'm trying to think of ways to deal with spam E-mails and
have been kicking around a few ideas with some friends of
mine. Most of the truly effective ways we can imagine to
deal with spam rely on spam-knowledge propagation: in other
words a human being someplace in the mix says "this is spam"
and based on that determination causes the offending message
to disappear from all mailboxes.

So, a side effect of this approach is a 'web of trust' with
respect to noise email. :) Suppose I tell the mail system
"I trust Dodge Mumford's judgement regarding what is spam"
then my mail system will automatically move into my spam
folder all emails that Dodge moves into his spam folder.
We might choose to look out for eachother in a reflexive
relationship, or we might choose to additionally trust an
outside source, etc, etc.

It occurs to me that this would be pretty easy to implement,
with a bit of small extra kludgery. You could build it right
into an imap server by having it apply the extra processing
when someone moves a message into a folder called "spam" -
in fact this way _one_ person in an organization could keep
an up-to-date set of Eudora filters that would be leveraged
by everyone in that spam trust ring.

Does anyone know if this is already being done? Does anyone
see any really compelling reason it wouldn't work?

mjr.
---
Marcus J. Ranum          Chief Technology Officer, NFR Security, Inc.
Work:                    http://www.nfr.com
Personal:                http://www.ranum.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


--
J. Adams                                        http://www.retina.net/~jna

Fiber line / Shine, Enlight the Globe / In Light, communicate / Connect.
        ~~ Lassigue Bendthaus - Fiber

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

regarding spam... Marcus J. Ranum (Mar 29)
- Re: regarding spam... Ryan Russell (Mar 29)
- Re: regarding spam... Alberto Begliomini (Mar 29)
  - Re: regarding spam... John Adams (Mar 30)
- Re: regarding spam... Jubilation T Cornpone (Mar 29)
- Re: regarding spam... Adam Shostack (Mar 29)
- Re: regarding spam... Robert Graham (Mar 30)
- <Possible follow-ups>
- RE: regarding spam... Max Enders (Mar 29)
- Re: regarding spam... Antonomasia (Mar 30)