Firewall Wizards mailing list archives

RE: regarding spam...

From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Tue, 2 Apr 2002 10:51:49 -0500

Note: As always, these comments are my own, and not that of my employer...

I would agree that the vast majority of spam has a display name from
yahoo/hotmail, but in actuality is coming off open relays in Asia. 

This brings up an interesting point I was thinking about last night. Let's
say this hypothetical service decides that the latest "Invest in this stock
now!" mail is spam. Seems like a reasonable decision. The hypothetical
company blocks this mail to all of their customers. The marketer for that
little gem takes exception to this, and decides that they are being blocked
from doing business. They throw a few lawyers at the company, and bu-bye to
this product...

I'm not sure how you could avoid that. Any thoughts?
Andy




---------------------------------------------------------
Andrew J. Kalat,                | Direct:(404)236-2713 
IT Infrastructure Manager       | Main:  (404)236-2600
Internet Security Systems, Inc. | E-Mail: akalat () iss net
6303 Barfield Road                | <http://www.iss.net/>
Atlanta, GA 30328                         | PGP key available.



-----Original Message-----
From: Bill Royds [mailto:email () royds net]
Sent: Monday, April 01, 2002 10:17 PM
To: Crispin Cowan; Kalat, Andrew (ISS Atlanta)
Cc: 'Marcus J. Ranum'; firewall-wizards () nfr com
Subject: RE: [fw-wiz] regarding spam...


I find very little spam that actually comes from hotmail.com, yahoo.com, but
a fair amount from mail.com.
The from address is almost invariable forged, so is rather useless if
stopping spam.
Until the last few weeks, most of the spam I got was bounced through open
relays. In the last few weeks, I have found a lot is just sent through cheap
ISP's in Mexico or China or Korea.
The city of Battle Creek, Michigan did the most recently to increase the
spread of spam by threatening a black hole list with criminal charges
because it found their server was relaying spam, tested it, and accidentally
crashed it (on a Lotus Notes bug).

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com]On Behalf Of Crispin Cowan
Sent: Mon April 01 2002 19:23
To: Kalat, Andrew (ISS Atlanta)
Cc: 'Marcus J. Ranum'; firewall-wizards () nfr com
Subject: Re: [fw-wiz] regarding spam...


Kalat, Andrew (ISS Atlanta) wrote:

To Marcus' point later in the thread, this doesn't really hurt the

spammers,

and this would likely start the same type of arms race you see in the
anti-virus efforts, but it does help the business user population somewhat,

What WOULD hurt the spammers is a spam filter designed to be deployed as 
an EGRESS filter for large domains. I get an obnoxious amount of spam 
from the same domains time and time again.  Some of them are free 
webmail servers (hotmail.com, yahoo.com, mail.com, etc.) while others 
are obscure Asian ISPs (263.net comes to mind). The clear pattern that 
emerges is:

    * these large providers are not actually suborning spamming
    * but they *are* supporting so many users and/or giving out accounts
      so liberally that they cannot effectively police them

If there was a product that such large providers could deploy at their 
gateway that filtered *outgoing* mail, and the only thing it did was to 
bounce a copy of suspected outgoing spam back to the senders inbox, then 
a spammer's inbox would fill to bursting almost immediately, and the 
provider could lock out their account from sending any more mail until 
the issue was resolved.

Throw-away yahoo/hotmail/mail.com accounts would be a lot less cost 
effective if they could only send 10 spams each before they locked out.

I know: this requires very low margin providers to expend more effort, 
and we already know that they don't put much effort into spam fighting. 
This egress filter proposal is an attempt to minimize their effort 
required for effectivenss, and thus hopefully reduce their costs in 
dealing with spam cleanup efforts, e.g. the thousands of complaints that 
pour in after a large spam incident.

Presumably some of the readers out there are in companies in the content 
filtering business. Consider this a product opportunity.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: regarding spam..., (continued)
- - - Re: regarding spam... Thorkild Stray (Apr 02)
    - Re: regarding spam... R. DuFresne (Apr 02)
    - Re: regarding spam... R. DuFresne (Apr 02)
    - Re: regarding spam... Adam Shostack (Apr 03)
    - Re: regarding spam... Ryan Russell (Apr 03)
    - Re: regarding spam... Adam Shostack (Apr 03)
    - Re: regarding spam... Rick Murphy (Apr 02)
    - Re: Re: regarding spam... Andrew Fremantle (Apr 03)
    - Re: regarding spam... Mikael Olsson (Apr 03)
  - RE: regarding spam... Jeff Brown (Apr 02)
- RE: regarding spam... Kalat, Andrew (ISS Atlanta) (Apr 02)
  - Re: regarding spam... Crispin Cowan (Apr 03)
  - RE: regarding spam... Rama Kant (Apr 03)
- Re: regarding spam... fwwiz (Apr 03)
- Re: regarding spam... Echo OnLine Administration (K.H) (Apr 03)