Re: regarding spam...

[Robert Graham <robert_david_graham () yahoo com>]

There have been several approaches to this using MD5 checksums on
"Sender+Subject" fields and message bodies. The technique is simply to calcuate
the hash, send to a centralize server, which then sends back information
indicating whether this is "mass" e-mail. Presumably, you could insert human
elements to differentiate among "mass" (like fw-wiz) and "spam".

Spammers have responded by automatically varying Sender, Subject, and Message
Body. Notice how many e-mail arrives with a subject line appended with some
random characters? They do this to avoid Subject line hashes.

I litter the Internet with addresses like "fwwiz020329 () robertgraham com" in
order to attract spam to my domain. The theory is that I match those e-mails
against my real e-mail address of "myself () robertgraham com" and discard
duplicates. This technique hasn't been as effective as I hoped. 

In any event, spammers don't care. They are playing a numbers game. When you
play games like this, you and your friends escape the onslaught temporarily,
but spammers are unaffected. It's like anti-biotics: you are really just
encouraging them to evolve new techniques rather than seriously harming them.
Your investment in evading them becomes more than simply deleting the e-mails
in the first place.



--- "Marcus J. Ranum" <mjr () nfr com> wrote:
> Out of 30 messages in the input queue yesterday 30 were spam.
> 27 of those were korean or chinese.
>
> I'm trying to think of ways to deal with spam E-mails and
> have been kicking around a few ideas with some friends of
> mine. Most of the truly effective ways we can imagine to
> deal with spam rely on spam-knowledge propagation: in other
> words a human being someplace in the mix says "this is spam"
> and based on that determination causes the offending message
> to disappear from all mailboxes.
>
> So, a side effect of this approach is a 'web of trust' with
> respect to noise email. :) Suppose I tell the mail system
> "I trust Dodge Mumford's judgement regarding what is spam"
> then my mail system will automatically move into my spam
> folder all emails that Dodge moves into his spam folder.
> We might choose to look out for eachother in a reflexive
> relationship, or we might choose to additionally trust an
> outside source, etc, etc.
>
> It occurs to me that this would be pretty easy to implement,
> with a bit of small extra kludgery. You could build it right
> into an imap server by having it apply the extra processing
> when someone moves a message into a folder called "spam" -
> in fact this way _one_ person in an organization could keep
> an up-to-date set of Eudora filters that would be leveraged
> by everyone in that spam trust ring.
>
> Does anyone know if this is already being done? Does anyone
> see any really compelling reason it wouldn't work?
>
> mjr. 
> ---
> Marcus J. Ranum          Chief Technology Officer, NFR Security, Inc.
> Work:                    http://www.nfr.com
> Personal:                http://www.ranum.com
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards


__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - send holiday greetings for Easter, Passover
http://greetings.yahoo.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards