| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: khermansen at ht-technology.com (Kristian Hermansen) Subject: SPAM and "undisclosed recipients" -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Jonathan A. Zdziarski Sent: Saturday, November 15, 2003 7:37 PM To: Steve Wray Cc: 'Kristian Hermansen'; full-disclosure@...ts.netsys.com Subject: RE: [Full-Disclosure] SPAM and "undisclosed recipients" [Insert usual plug for bayesian filters here....yadah yadah....99.9% accurate... blah blah] We could open up a whole can of worms about this topic, but the product of any of these discussions always ends up the same: even if we had an authenticated, secure SMTP protocol, the requirement of marketing departments would be that anyone who registered a new domain could easily "get on the wagon"...and that is where it all comes crumbling down; a spammer makes well over the $8.95 it would cost to register a domain and become an "authenticated SMTP sender" (heck, they spend $4000 on sacrificial servers to get confiscated from a colo facility every mailing)...there's no reason a spammer couldn't register a couple domains every time he bulk mailed; prepaid credit cards can easily hide identity and, as I said before, marketing departments and a significant portion of people who are pro-privacy won't allow proof of identity to become a requisite for sending email - even at the domain level. passing legislation, writing new protocol, etc., only makes it more difficult for spammers but ultimately a spammer will be able to easily adapt to whatever environment they are forced to function in (wouldn't you if your livelihood depended on it?) whether that involves more heavily utilizing stolen accounts, viruses, or registering new domain names regularly, spammers will adapt. The one damning piece of evidence in every spam sent out is the content itself which is why contextual analysis (especially when deployed system-wide with a bit of networking groups in place) is far more effective to resolving the spam issue than trying to convince the world to rewrite SMTP. Several filters have even gotten to the point where they provide useful information to help ISPs conserve resources instead of using them to fight spam. I think 99.9% (1 in 1000 spams gets through) is a pretty darn good (and realistic) statistic...if only all ISPs filtered at the server level, we'd put spammers out of business. Jonathan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ---------------------------------------------------------------- There should be a way to stop the email spamming. You could use their weaknesses as a way to prevent spam. The fact is that most SPAM is sent in MASS quantities all at one time, or a very short interval. If servers could somehow have a "global awareness" of the activity of spammers this could be prevented. Take for instance Hotmail. Millions of users have accounts here. Hotmail could "sense" a massive flood of "identical" content to multiple users of their service and automatically label it as SPAM. Of course, the downside is legitimate mass mailings that are sent out everyday from places like PC Magazine, Security Focus, and other opt-in mailing lists would be flagged as well. Unless, in a new email security protocol, they implemented user specified WHITELISTS on email servers to allow legitimate bulk emails (that otherwise would be flagged) to be let through. A sort of "Guilty until proven innocent" approach. Just a thought... Kristian Hermansen CEO - H&T Technology Solutions khermansen@...technology.com
Powered by blists - more mailing lists