funsec mailing list archives
Re: 95% of User Generated Content is spam or malicious
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 22 Feb 2010 07:17:05 -0500
On Sun, Feb 21, 2010 at 08:53:29PM -0800, Tomas L. Byrnes wrote:
If you think those who have to, by virtue of commercial need or policy, run "wide open and only deny known bad" networks are "lucky", you have an odd definition of luck.
That is not what I said. What I said was: Perhaps some lucky folks can still get away with it: if so, great and I referring to default-permit models for email, and to how those who could get away with using that model are lucky. <shrug> They are. They may not *realize* that they are, but they are. The flipside of this is that some of the people who really can't and really shouldn't are still trying to. And they're easy marks for vendors hawking garbage overpriced block-the-bad-guys products and services. As Paul Russell recently put it on spam-l: "An entire industry has grown up around the flawed assumption that it is feasible to seperate the wheat from the chaff in our mail flows by inspecting every grain (message). There are two groups which benefit from the acceptance of this myth: the vendors who sell A/S and A/V products, and the bad guys who have already figured out how to get around every one of these products." There's now a seemingly endless parade of these products, all of which have been quite thoroughly beaten. Their vendors divide neatly into two categories: those that know this, but keep pushing products anyway because it's easy to make a quick buck off the naive and foolish; and those that are blissfully ignorant and actually think the crap they're peddling works.
However, that does define the largest networks, biggest commercial entities, any academic institution, and just about anyone who wants to have a widely accessible business on the Internet.
Having run networks, mail servers, web operations, etc. for some of those -- as you may or may not know, I've been here for a little while -- I'm quite familiar with their operational requirements. And guess what: even a lot of those don't need to use default-permit models for email. But this being funsec and not spam-l, I'm not going to get into the rather long exposition about why that's the case. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: 95% of User Generated Content is spam or malicious, (continued)
- Re: 95% of User Generated Content is spam or malicious Dave Paris (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Drsolly (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 15)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 15)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 18)
- Re: 95% of User Generated Content is spam or malicious der Mouse (Feb 18)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 21)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 21)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Dan Kaminsky (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Dan Kaminsky (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Hubbard, Dan (Feb 23)
- Re: 95% of User Generated Content is spam or malicious Joel Esler (Feb 23)
- Re: 95% of User Generated Content is spam or malicious Ned Fleming (Feb 23)
- Re: 95% of User Generated Content is spam or malicious Hubbard, Dan (Feb 23)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 23)
- Re: 95% of User Generated Content is spam or malicious der Mouse (Feb 22)
- Re: 95% of User Generated Content is spam or malicious der Mouse (Feb 22)