funsec mailing list archives

RE: Postage Is Due for Companies Sending E-Mail

From: Drsolly <drsollyp () drsolly com>
Date: Wed, 8 Feb 2006 14:28:09 +0000 (GMT)

On Tue, 7 Feb 2006, Ryan Counts wrote:

I can't wait to receive my first NDR due to insufficient postage...  I'm
a little curious about a few aspects of this :


Well, I don't know how they're doing it, but here's what I'd do:

1) What happens if a machine on your network gets botted?  Is your
company responsible for the postage of all these emails?


Yes. Just like you're responsible for fixing my garden wall if you rammed 
into it on acccount of your faulty brakes.

2) I'm guessing auditing this in any way - to verify they are billing
you correctly for example - could get a little cumbersome.


It should be easy. All you need to do, is count the emails sent via their 
system.

3) What about personal emails from a company's employees to members of
AOL?  You mean I gotta pay for my people to send jokes to their
ex-girlfriend's sister-in-law's roommate?


Company employees sending personal mail, would have to use the free system 
and take their chances like everyone else.

3) Is it just me, or does it seem that the ultimate result of this will
be improved virii?


What's a virii?

Most of the spam I receive today seems to be from
infected machines, which are sending emails that from a technical
standpoint can look completely legit and trace back only to the infected
machine. From that perspective, it seems that this is only going to
increase financial burdens on small companies that can't afford good
workstation security.


No, it creates an incentive on small companies to clean up their botted 
computers and stop it happening again.

Hmmmm, maybe they could file a class-action
against Microsoft for security holes...  As it is, right now the biggest
problem in filtering spam is verifying the source, so how does this help
that in any way?


It verifies who the source really is, and that this source has been 
willing to pay for the email to be delivered.
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Postage Is Due for Companies Sending E-Mail, (continued)
- - - Re: Postage Is Due for Companies Sending E-Mail Valdis . Kletnieks (Feb 07)
    - Re: Postage Is Due for Companies Sending E-Mail der Mouse (Feb 08)
    - Re: Postage Is Due for Companies Sending E-Mail Stephen J. Smoogen (Feb 07)
    - Re: Postage Is Due for Companies Sending E-Mail Drsolly (Feb 07)
    - Re: Postage Is Due for Companies Sending E-Mail Stephen J. Smoogen (Feb 08)
    - Re: Postage Is Due for Companies Sending E-Mail Vicky Røde (Feb 07)
- Re: Postage Is Due for Companies Sending E-Mail Dude VanWinkle (Feb 06)
  - Re: Postage Is Due for Companies Sending E-Mail Bill Weiss (Feb 07)
- FW: Postage Is Due for Companies Sending E-Mail Richard M. Smith (Feb 04)
- RE: Postage Is Due for Companies Sending E-Mail Ryan Counts (Feb 08)
  - RE: Postage Is Due for Companies Sending E-Mail Drsolly (Feb 08)
    - Re: Postage Is Due for Companies Sending E-Mail Stephen J. Smoogen (Feb 08)
    - Re: Postage Is Due for Companies Sending E-Mail der Mouse (Feb 08)
    - Re: Postage Is Due for Companies Sending E-Mail Dude VanWinkle (Feb 08)
    - Re: Postage Is Due for Companies Sending E-Mail Drsolly (Feb 08)
  - Re: Postage Is Due for Companies Sending E-Mail der Mouse (Feb 08)