Firewall Wizards mailing list archives
RE: regarding spam...
From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Tue, 2 Apr 2002 10:51:49 -0500
Note: As always, these comments are my own, and not that of my employer... I would agree that the vast majority of spam has a display name from yahoo/hotmail, but in actuality is coming off open relays in Asia. This brings up an interesting point I was thinking about last night. Let's say this hypothetical service decides that the latest "Invest in this stock now!" mail is spam. Seems like a reasonable decision. The hypothetical company blocks this mail to all of their customers. The marketer for that little gem takes exception to this, and decides that they are being blocked from doing business. They throw a few lawyers at the company, and bu-bye to this product... I'm not sure how you could avoid that. Any thoughts? Andy --------------------------------------------------------- Andrew J. Kalat, | Direct:(404)236-2713 IT Infrastructure Manager | Main: (404)236-2600 Internet Security Systems, Inc. | E-Mail: akalat () iss net 6303 Barfield Road | <http://www.iss.net/> Atlanta, GA 30328 | PGP key available. -----Original Message----- From: Bill Royds [mailto:email () royds net] Sent: Monday, April 01, 2002 10:17 PM To: Crispin Cowan; Kalat, Andrew (ISS Atlanta) Cc: 'Marcus J. Ranum'; firewall-wizards () nfr com Subject: RE: [fw-wiz] regarding spam... I find very little spam that actually comes from hotmail.com, yahoo.com, but a fair amount from mail.com. The from address is almost invariable forged, so is rather useless if stopping spam. Until the last few weeks, most of the spam I got was bounced through open relays. In the last few weeks, I have found a lot is just sent through cheap ISP's in Mexico or China or Korea. The city of Battle Creek, Michigan did the most recently to increase the spread of spam by threatening a black hole list with criminal charges because it found their server was relaying spam, tested it, and accidentally crashed it (on a Lotus Notes bug). -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of Crispin Cowan Sent: Mon April 01 2002 19:23 To: Kalat, Andrew (ISS Atlanta) Cc: 'Marcus J. Ranum'; firewall-wizards () nfr com Subject: Re: [fw-wiz] regarding spam... Kalat, Andrew (ISS Atlanta) wrote:
To Marcus' point later in the thread, this doesn't really hurt the
spammers,
and this would likely start the same type of arms race you see in the anti-virus efforts, but it does help the business user population somewhat,
What WOULD hurt the spammers is a spam filter designed to be deployed as an EGRESS filter for large domains. I get an obnoxious amount of spam from the same domains time and time again. Some of them are free webmail servers (hotmail.com, yahoo.com, mail.com, etc.) while others are obscure Asian ISPs (263.net comes to mind). The clear pattern that emerges is: * these large providers are not actually suborning spamming * but they *are* supporting so many users and/or giving out accounts so liberally that they cannot effectively police them If there was a product that such large providers could deploy at their gateway that filtered *outgoing* mail, and the only thing it did was to bounce a copy of suspected outgoing spam back to the senders inbox, then a spammer's inbox would fill to bursting almost immediately, and the provider could lock out their account from sending any more mail until the issue was resolved. Throw-away yahoo/hotmail/mail.com accounts would be a lot less cost effective if they could only send 10 spams each before they locked out. I know: this requires very low margin providers to expend more effort, and we already know that they don't put much effort into spam fighting. This egress filter proposal is an attempt to minimize their effort required for effectivenss, and thus hopefully reduce their costs in dealing with spam cleanup efforts, e.g. the thousands of complaints that pour in after a large spam incident. Presumably some of the readers out there are in companies in the content filtering business. Consider this a product opportunity. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: regarding spam..., (continued)
- Re: regarding spam... Thorkild Stray (Apr 02)
- Re: regarding spam... R. DuFresne (Apr 02)
- Re: regarding spam... R. DuFresne (Apr 02)
- Re: regarding spam... Adam Shostack (Apr 03)
- Re: regarding spam... Ryan Russell (Apr 03)
- Re: regarding spam... Adam Shostack (Apr 03)
- Re: regarding spam... Rick Murphy (Apr 02)
- Re: Re: regarding spam... Andrew Fremantle (Apr 03)
- Re: regarding spam... Mikael Olsson (Apr 03)
- Re: regarding spam... Crispin Cowan (Apr 03)
- RE: regarding spam... Rama Kant (Apr 03)