Full Disclosure mailing list archives
Re: SPAM and "undisclosed recipients"
From: Michael Gale <michael () bluesuperman com>
Date: Sat, 15 Nov 2003 21:39:47 -0700
Hello, There are plenty of anti-spam solutions out there, for those who look. Many have been posted to this list. Post: --snip-- From: Michael Gale <michael () bluesuperman com> To: <full-disclosure () lists netsys com> Subject: Re: [Full-disclosure] a PGP signed mail? Has to be spam! Date: Tue, 11 Nov 2003 21:39:26 -0700 ... Anti-spam tools - DCC, Razor, RBL, Bayesian Statistical Token Analysis and then whitelist and blacklist. .... --snip-- The above list are freely available - if you know how to set them up :) It not then look at http://www.mxtreme.com/ I believe this is the top of the line anti-spam tool out there -- using mostly all of the above list but providing a GUI and anti-virus. Michael. On Sat, 15 Nov 2003 21:37:49 -0500 "Kristian Hermansen" <khermansen () ht-technology com> wrote:
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Jonathan A. Zdziarski Sent: Saturday, November 15, 2003 7:37 PM To: Steve Wray Cc: 'Kristian Hermansen'; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] SPAM and "undisclosed recipients" [Insert usual plug for bayesian filters here....yadah yadah....99.9% accurate... blah blah] We could open up a whole can of worms about this topic, but the product of any of these discussions always ends up the same: even if we had an authenticated, secure SMTP protocol, the requirement of marketing departments would be that anyone who registered a new domain could easily "get on the wagon"...and that is where it all comes crumbling down; a spammer makes well over the $8.95 it would cost to register a domain and become an "authenticated SMTP sender" (heck, they spend $4000 on sacrificial servers to get confiscated from a colo facility every mailing)...there's no reason a spammer couldn't register a couple domains every time he bulk mailed; prepaid credit cards can easily hide identity and, as I said before, marketing departments and a significant portion of people who are pro-privacy won't allow proof of identity to become a requisite for sending email - even at the domain level. passing legislation, writing new protocol, etc., only makes it more difficult for spammers but ultimately a spammer will be able to easily adapt to whatever environment they are forced to function in (wouldn't you if your livelihood depended on it?) whether that involves more heavily utilizing stolen accounts, viruses, or registering new domain names regularly, spammers will adapt. The one damning piece of evidence in every spam sent out is the content itself which is why contextual analysis (especially when deployed system-wide with a bit of networking groups in place) is far more effective to resolving the spam issue than trying to convince the world to rewrite SMTP. Several filters have even gotten to the point where they provide useful information to help ISPs conserve resources instead of using them to fight spam. I think 99.9% (1 in 1000 spams gets through) is a pretty darn good (and realistic) statistic...if only all ISPs filtered at the server level, we'd put spammers out of business. Jonathan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ---------------------------------------------------------------- There should be a way to stop the email spamming. You could use their weaknesses as a way to prevent spam. The fact is that most SPAM is sent in MASS quantities all at one time, or a very short interval. If servers could somehow have a "global awareness" of the activity of spammers this could be prevented. Take for instance Hotmail. Millions of users have accounts here. Hotmail could "sense" a massive flood of "identical" content to multiple users of their service and automatically label it as SPAM. Of course, the downside is legitimate mass mailings that are sent out everyday from places like PC Magazine, Security Focus, and other opt-in mailing lists would be flagged as well. Unless, in a new email security protocol, they implemented user specified WHITELISTS on email servers to allow legitimate bulk emails (that otherwise would be flagged) to be let through. A sort of"Guilty until proven innocent" approach. Just a thought... Kristian Hermansen CEO - H&T Technology Solutions khermansen () ht-technology com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SPAM and "undisclosed recipients" Kristian Hermansen (Nov 15)
- Re: SPAM and "undisclosed recipients" Valdis . Kletnieks (Nov 15)
- Re: SPAM and "undisclosed recipients" Jason DiCioccio (Nov 15)
- Re: SPAM and "undisclosed recipients" Kristian Hermansen (Nov 15)
- RE: SPAM and "undisclosed recipients" Steve Wray (Nov 15)
- RE: SPAM and "undisclosed recipients" Jonathan A. Zdziarski (Nov 15)
- RE: SPAM and "undisclosed recipients" Kristian Hermansen (Nov 15)
- RE: SPAM and "undisclosed recipients" Scott Taylor (Nov 15)
- Re: SPAM and "undisclosed recipients" Michael Gale (Nov 15)
- RE: SPAM and "undisclosed recipients" Jonathan A. Zdziarski (Nov 15)
- Re: SPAM and "undisclosed recipients" Kristian Hermansen (Nov 15)