Security Incidents mailing list archives
Re: Decrease in Threats?
From: Will Aoki <waoki () umnh utah edu>
Date: Mon, 30 Jan 2006 12:03:00 -0700
On Sun, Jan 29, 2006 at 12:15:13PM +1300, Bojan Zdrnja wrote:
Greylisting works OK at the moment as spammers have no need to go around it. But, you can be sure that once greylisting reaches critical level of deployment, spammers will go around it very easy (basically they just have to modify their applications).
Indeed, I believe that some spammers, accidentally or deliberately, have already done just that. Last summer, I saw pill-spammers sending multiple messages from the same source, with the same envelope, and to the same recipient over about a seven-minute period. This cut through my greylisting quite effectively until I increased the greylist delay. I haven't noticed any viruses yet that are effective at bypassing greylisting - I've only seen a few make it as far as my antivirus in the last few weeks. To get around greylisting, they'd need to dedicate space to keeping track of what sender they used for each recipient. If and when spammers and virus authors do start changing their methods, I predict the use of greylisting to buy time for spam- & virus-traps to feed a good old-fashioned blacklist. -- William Aoki KD7YAF waoki () umnh utah edu 5-1924
Current thread:
- Decrease in Threats? Rohny Jotton (Jan 25)
- Re: Decrease in Threats? Aubs (Jan 25)
- Re: Decrease in Threats? Andrew Simmons (Jan 26)
- Re: Decrease in Threats? ACMurray (Jan 25)
- RE: Decrease in Threats? James C Slora Jr (Jan 25)
- Re: Decrease in Threats? Bill Borton (Jan 27)
- Re: Decrease in Threats? Bojan Zdrnja (Jan 29)
- Re: Decrease in Threats? Will Aoki (Jan 30)
- Re: Decrease in Threats? Gene Rackow (Jan 30)
- Re: Decrease in Threats? Bojan Zdrnja (Jan 29)
- RE: Decrease in Threats? Tom Milliner (Jan 29)
- Re: Decrease in Threats? Kurt Seifried (Jan 30)
- Re: Decrease in Threats? Aubs (Jan 25)