lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F840F17.7010104@nd.edu>
From: prussell at nd.edu (Paul Russell)
Subject: Re: Dealing with spam (was: Spam with PGP)

Devin Nate wrote:
> You've done better than us. How have you managed to train your users to 
> forward the email as the full email, incl all headers, etc? We've found 
> most forwarded messages do not include all headers, and therefore 
> forwarded messages train the spam database with semi legit emails (i.e. 
> headers are legit because they are forwarded).

Several webmail products, including Horde IMP, have a built-in "report as spam"
button. When the user clicks the button, a complete copy of the message, 
including full headers and HTML source, is sent to the address specified in the
site configuration. I singled out IMP because we use it. I have seen other
webmail products with the same feature, but do not recall their names.

Most users can learn to do things the right way. It is the few who cannot or
will not, who make us crazy. We have a diverse user community using a variety
of email clients (at least half a dozen are supported by our Help Desk). Our
Help Desk created a web page with detailed instructions for every supported
client, and most of the users who forward spam manually have learned to do it
right.

--
Paul Russell
Senior Systems Administrator
University of Notre Dame


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ