lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu Nov 10 16:00:32 2005
From: bart.lansing at hushmail.com (Bart Lansing)
Subject: WAS: Re: RE: Spamcop automated reporting script...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Bob,  took a little trip to KnujOn, and have a comment or two...

>From the site, with comments parenthetically inserted inline:

_________________________

I already have a spam filter/blocker, why do I need KnujOn?

Filters and blockers stop spam from reaching mailboxes but do not
actually stop the flow of spam. The messages pile up and must be
reviewed and deleted. Would it not be nice to just dump all the
messages in a program and have them returned to the sender?
(Collecting and bouncing back all of the spam certainly does not
block the flow of Spam either...in fact, you just doubled the
traffic and if the actual sender is a bot'd machine, all you are
doing is needlessly conjesting the 'net and not doing anything to
the spammer.)

How is KnujOn different from current anti-spam programs?

Filters and blockers search emails for keywords and other content
that flag messages as possible junk mail and then divert the email
to a quarantine area for review or deletion. KnujOn takes junk
email and returns it to the sender.  (Sooooooooooooo, you have.a
bounceback routine when you find a forged sender....see
above....returning to sender is bad, Bob.  A better approach would
be traffic shaping, which of course is already being done elsewhere
by others, which throttles the spam and forces it to time out.  Of
course, just nuking the stuff before it hits the mail gateways is a
tried and true approach as well)

What does KnujOn do?

KnujOn has a special algorithm that finds out where the email is
really coming from and then returns the email to the sender. KunjOn
also collects information about junk mailers and detects fraudulent
Internet activity, alerting possible victims before damage is done.
(So, you use the same [or similar] algortithm that has been
employed by Spamcop and Co. for some time now to validate the
header information and then, when you find a forged sender, you
clog the internet with useless bouncebacks to machines that are
likely not owned by the spammer you want to harm.)
___________________________

Looks to me like a) nothing new from a technology perspective, b)
something we would NOT want to see done vis-a-vis rampant
bouncebacks, and c) something that does nothing like SpamCop does
to inform ISPs and other interested parties of the spam that is
occuring.  In short, IMHO, this is a bad idea.

Cheers

Bart

On Thu, 10 Nov 2005 06:35:23 -0800 bruen@...drain.net wrote:
>If you would like an alternative, you can sign up for a beta test
>at
>www.KnujOn.com. All you will have to do is forward your spam to an

>email
>address which you will be given. Everything else is taken care of.

>The
>signup is free and easy but limited. Click the Personal tab...
>
>           cheers, bob
>
>On Thu, 10 Nov 2005, Aditya Deshmukh wrote:
>
>> > Has anyone got a automated spamcop reporting script?
>> >
>> >
>> > Thanks in advance if you can send in .txt format
>> > preferably offlist.
>>
>> I hit the send before I could explain what I wanted to do...
>> I have a spamcop account - and I managed to get the spamcop
>> Url with the reportID to a file using fetchmail + grep
>> Combination.
>>
>> But there is some thing I cannot get working with the
>> Spamcop spam submission form used to complete the spam
>> Reporting. Has anyone made something like this before ?
>>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNzbocACgkQfw4CJpLBxON27ACfXqaV3eHVQaE7M6NfJAEmTeWLaMQA
oLtdPV5aAyBILH77oJuTrKQuiFbE
=34E4
-----END PGP SIGNATURE-----




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ