Full Disclosure mailing list archives
RE: SPAM and "undisclosed recipients"
From: Scott Taylor <security () 303underground com>
Date: Sat, 15 Nov 2003 20:51:16 -0700
On Sat, 2003-11-15 at 19:37, Kristian Hermansen wrote:
There should be a way to stop the email spamming. You could use their weaknesses as a way to prevent spam. The fact is that most SPAM is sent in MASS quantities all at one time, or a very short interval. If servers could somehow have a "global awareness" of the activity of spammers this could be prevented. Take for instance Hotmail. Millions of users have accounts here. Hotmail could "sense" a massive flood of "identical" content to multiple users of their service and automatically label it as SPAM. Of course, the downside is legitimate mass mailings that are sent out everyday from places like PC Magazine, Security Focus, and other opt-in mailing lists would be flagged as well. Unless, in a new email security protocol, they implemented user specified WHITELISTS on email servers to allow legitimate bulk emails (that otherwise would be flagged) to be let through. A sort of "Guilty until proven innocent" approach. Just a thought... Kristian Hermansen CEO - H&T Technology Solutions khermansen () ht-technology com
This is the basis of razor/pyzor/dcc - finding fingerprints within the content of messages and comparing a new email to a public database of fingerprints of reported emails. SpamAssassin will use those as factors, it adds in scores from various realtime blackhole lists, sitewide or user-specific bayesian scoring, plus assigning points based on characteristics like colored backgrounds and lines of all yelling. And it supports user and site-wide whitelists and blacklists. And it will weight your new score based on previous emails you sent - so regular business contacts can get questionable emails through if they have a history of good scoring email. And spammers just dig themselves a deeper hole. With all the features available, so grows the effort to tune it the way you want. And admins who only know their way around a GUI will quickly get lost, as there is no GUI. Of course, anyone requiring that probably shouldn't be allowed in the server room in the first place without an escort. -- Scott Taylor - <security () 303underground com> BOFH Excuse #389: /dev/clue was linked to /dev/null _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SPAM and "undisclosed recipients" Kristian Hermansen (Nov 15)
- Re: SPAM and "undisclosed recipients" Valdis . Kletnieks (Nov 15)
- Re: SPAM and "undisclosed recipients" Jason DiCioccio (Nov 15)
- Re: SPAM and "undisclosed recipients" Kristian Hermansen (Nov 15)
- RE: SPAM and "undisclosed recipients" Steve Wray (Nov 15)
- RE: SPAM and "undisclosed recipients" Jonathan A. Zdziarski (Nov 15)
- RE: SPAM and "undisclosed recipients" Kristian Hermansen (Nov 15)
- RE: SPAM and "undisclosed recipients" Scott Taylor (Nov 15)
- Re: SPAM and "undisclosed recipients" Michael Gale (Nov 15)
- RE: SPAM and "undisclosed recipients" Jonathan A. Zdziarski (Nov 15)
- Re: SPAM and "undisclosed recipients" Kristian Hermansen (Nov 15)