Re: Another security vendor spamming

[Rich Kulawiec <rsk () gsp org>]

On Thu, Apr 23, 2009 at 08:07:39AM +0100, Mike Preston wrote:
> I think the worst vendor I personally see for this is a certain spam
> gateway supplier spamming me on a regular basis even though I have opted
> out of their list once.

I "opt out" of spammer effluent via a (permanent) blacklist, either
at the SMTP level or (in particularly egregious cases) in a firewall.
I recommend this course of action to others.

Now, as to "spamming anti-spam vendors"...I include those doing
challenge/response, since of course C/R inevitably generates backscatter
spam, and has long since joined the list of "worst practices".   Others do
callbacks, another worst practice, and one that not only directly supports
spam, but enables DoS attacks.  Others have engaged in good old fashioned
direct spamming; others have decided to fight abuse with abuse, another
worst practice; and others have decided that (in the guise of stopping
spam) that it's reasonable to append their self-promoting dreck to every
message sent by their clueless users, thus spamming-by-proxy.  Some of
them have done two or three of these at once.  A couple have issued
cartooneys, which I read as an explicit request for global blacklisting.

In all cases, though, such blacklisting is permanent.  I *might* be
somewhat more forgiving with an entity that doesn't claim to be in
the anti-spam game...but those who say they are should be held
to a MUCH higher standard.

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.