Security Incidents mailing list archives
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}
From: Valdis.Kletnieks () vt edu
Date: Mon, 16 Oct 2006 22:40:13 -0400
On Mon, 16 Oct 2006 12:39:40 CDT, Paul Schmehl said:
--On Monday, October 16, 2006 13:29:59 -0400 Valdis.Kletnieks () vt edu wrote:What Paul is *trying* to do is deal with the fact that any Windows-like box with spamware is *also* configured to send mail out. What he's *looking* for is called "SPF", not "outbound MX".For various reasons, which you can easily google, I don't think spf (at least in its present form) is a useful solution.
You think that SPF (where you ask what a sites expected outbound servers are, to tell if you're getting it from an expected source) is broken, but you think that looking at a site's list of *inbound* to identify outbound servers is *sensible*??!? I'm going to go out on a limb here, and predict that if *anything*, getting mail *from* a site listed in an MX is a sign that it's probably spam. Why? If the site is large enough to hire a competent admin, they probably have a split in/out configuration. And if they outsourced to Postini or someplace, again it would be a split in/out configuration. If they're small enough to do it all with one server, they're probably not big enough to hire experienced people. As a result, if you hear from that site, it's much more likely that it's some spammer abusing a vulnerable PHP script on the server (hey, if one box is both in and out mail, it's likely the web server too...), than an actual person trying to get hold of you. (The other possibility is that the site is misconfigured and as a result does accept-then-bounce and/or virus-scanner spewback, both of which count as spam in my book...)
Attachment:
_bin
Description:
Current thread:
- Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}, (continued)
- Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 16)
- Re: Massive SPAM Increase gabriel rosenkoetter (Oct 16)
- Re: Massive SPAM Increase Jamie Riden (Oct 17)
- Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Dude VanWinkle (Oct 17)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} benfell (Oct 16)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 16)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} gabriel rosenkoetter (Oct 17)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Valdis . Kletnieks (Oct 16)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 16)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} gabriel rosenkoetter (Oct 17)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Valdis . Kletnieks (Oct 17)
- Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 17)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} benfell (Oct 16)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Dude VanWinkle (Oct 17)
- RE: Massive SPAM Increase Vince Valenti (Oct 17)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Jamie Riden (Oct 17)
- Re: Massive SPAM Increase Graeme Fowler (Oct 09)