Security Basics mailing list archives

Re: Spam prevention vs mitigation

From: Champ Clark III <cclark () quadrantsec com>
Date: Thu, 12 Apr 2012 18:03:08 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That being said, a let through rate of 3-6 spam/user/day is overly
high.

Thanks, Erik

Maybe, maybe not. Depends on the "spam". For example, let say the
individual has signed up for an account on Victoria Secrets web site.
When they did, then neglected to uncheck mark the "send me e-mail"
box.

Now the user complains about "spam" Victoria Secret. (I only use them
as an example because i've seen it happen). The end user will swear
up and down they've "never signed up for it!". Sure, they can
"unsubscibe", but then you're trusting the user to known how to do
this and to actually do it.

Is the username something common like "bob () example com" or
"mary () example com". Common targets will get hit a lot. It also
depend on the e-mail volume and they "type" of user they are. Ie -
they never post to mailing list/group verses someone who always posts
to groups? What the spam to legit email rate.

- --
- - Champ Clark III (cclark () quadrantsec com)
Quadrant Information Security (http://quadrantsec.com)
Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPh1EcAAoJENnmXt7Lmc3KIrcH/i6+BpTKi0mToH7/d/DaT8tV
/AGv7hr5g1q2L0zNGGAu7CXKNwDDqYwT5yE2+lL11zLLYJsAZsabiGV7VUOq6SmT
DYKHNmBAWPKj/eYnBokNz2GFqMr42eHVMqNeBxmMIBTQQfI0LZBA12SxA8HTZ8Uu
gpAL+kKBRpx1TZtK9tT4fYpQNiuBZH3H6g0MV6S42+fX5dbihpHce6V3LuoPVH+C
FT9FGGuYo/80FeMTD/nfOCBygWwShXGmMTm1IeShPqt/cyZ1Z7A7sJcAbE7/sjx7
6L6MvmasA+ADSlU/vi9nCFoLCYRgC0DQ3iho2J7kyxxn6TVg9wzjM1d67m2TPZw=
=R1wQ
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Spam prevention vs mitigation Steve Sirag (Apr 12)
- RE: Spam prevention vs mitigation Ivan Carlos (Apr 12)
- Re: Spam prevention vs mitigation List Man (Apr 12)
- RE: Spam prevention vs mitigation Erik Soosalu (Apr 12)
  - Re: Spam prevention vs mitigation Champ Clark III (Apr 12)
- RE: Spam prevention vs mitigation Steve Melcher (Apr 12)
- Re: Spam prevention vs mitigation Clint Davis (Apr 12)
  - Re: Spam prevention vs mitigation Champ Clark III (Apr 12)
    - RE: Spam prevention vs mitigation Gillmer, Renier, VF-NZ (Apr 15)
- Re: Spam prevention vs mitigation Todd Haverkos (Apr 12)
  - Re: Spam prevention vs mitigation Champ Clark III (Apr 12)
  - RE: Spam prevention vs mitigation Joseph Laico (Apr 12)
- Re: Spam prevention vs mitigation Ansgar Wiechers (Apr 15)
- RE: Spam prevention vs mitigation Mike Saldivar (Apr 15)
- <Possible follow-ups>
- RE: Spam prevention vs mitigation Vincent Yeo (Apr 15)

(Thread continues...)