lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: adam at (Szilveszter Adam)
Subject: E-mail spoofing countermeasures (Was: Backdoor
 not recognized by Kaspersky)

Maybe I should know better, but I can't resist...

Bill Royds wrote:

>  Having a MS record would not eliminate spam coming from users validated on
> the sending server, but it would identify the server that it comes from as
> "knowing" the sender name. Compromised client boxes would need to use the
> ISP mail server to send mail, rather than  spewing it directly, since the
> servers allowed on the MS entry for that domain would not include the client
> host.

Which would help you because? After all, today's experience indicates 
that any offenders reported to the respective abuse@ addresses get dealt 
with swiftly, effectively and they fix their ways soon after this. Sure.

Also don't forget that there are ISPs where you can get on without 
registering and the ISP fees are paid through your phone bill. 
(so-called Internet-by-call)

>   Either the ISP owing the server blocks spam spew or that ISP gets a
> blackhole block that would be very effective. 

No it wouldn't be. I as a customer of an ISP have *absolutely* NO 
responsibility for what my ISP does or doesn't do. And no, "change ISPs" 
is not an option. Just like "change your place of work" isn't. If we do 
not want to create a two-tier Internet society, where the "full" 
Internet citizens are the ones who have their own systems that they 
admin, with fixed IP blocks and own domains, and there are "all the 
rest" whom the "first-class" never even thinks about or if they do than 
only in terms of them being a menace that limits the "pros" to play with 
this new toy they have built for themselves, than no. I as a user and 
customer of an ISP have as much right to use Internet services as anyone 
else, regardless of what my ISP or place of work or country or whatever 

>    Yesterday I inspected the spam I had in my spam bucket for kinds of
> actual senders (last sender on Received header for my ISP). Of 11 spam
> messages in the last hour, 9 were from compromised machines sending
> directly. If they had to send this stuff through their ISP (comcast,
> telstra, swbell etc.), they would  be blocked fairly quickly. The envelope
> from address was often Yahoo, so the ISP would block on this as well.

Which would be great because? You could not use several email addresses 
from the same MUA? Or your solution to this is the same: get your own 
domains, be your authoritative DNS too and reserve a fixed netblock 
while at it?

>   Requiring MS entries would not block spam or viruses immediately but would
> help make RBL lists more effective and prosecution of spammers easier
> (easier to trace a registered user of an ISP).

RBL lists these days are like the "whistleblower line" of the BSA. If 
you want to hurt somebody, you report them since it is rather easy to 
get on but rather hard to get off, since most of the RBLs are run by 
exactly the people who think that they belong to the "first-class" 
netizens. Modern spam detection should no longer rely on them.

It seems that some people

a) ignore that societal problems cannot be solved by technology
b) are apperantly married to ideas just because they sounded cool at first.


Powered by blists - more mailing lists