[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] SPAM and "undisclosed recipients"

To: "[Full Disclosure]" <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] SPAM and "undisclosed recipients"
From: Scott Taylor <security@303underground.com>
Date: Sat, 15 Nov 2003 20:51:16 -0700

On Sat, 2003-11-15 at 19:37, Kristian Hermansen wrote:

> There should be a way to stop the email spamming.  You could use their
> weaknesses as a way to prevent spam.  The fact is that most SPAM is sent in
> MASS quantities all at one time, or a very short interval.  If servers could
> somehow have a "global awareness" of the activity of spammers this could be
> prevented.  Take for instance Hotmail.  Millions of users have accounts
> here.  Hotmail could "sense" a massive flood of "identical" content to
> multiple users of their service and automatically label it as SPAM.  Of
> course, the downside is legitimate mass mailings that are sent out everyday
> from places like PC Magazine, Security Focus, and other opt-in mailing lists
> would be flagged as well.  Unless, in a new email security protocol, they
> implemented user specified WHITELISTS on email servers to allow legitimate
> bulk emails (that otherwise would be flagged) to be let through.  A sort of
> "Guilty until proven innocent" approach.  Just a thought... 
> 
>  
> Kristian Hermansen
> CEO - H&T Technology Solutions
> khermansen@ht-technology.com

This is the basis of razor/pyzor/dcc - finding fingerprints within the
content of messages and comparing a new email to a public database of
fingerprints of reported emails.

SpamAssassin will use those as factors, it adds in scores from various
realtime blackhole lists, sitewide or user-specific bayesian scoring,
plus assigning points based on characteristics like colored backgrounds
and lines of all yelling. And it supports user and site-wide whitelists
and blacklists. And it will weight your new score based on previous
emails you sent - so regular business contacts can get questionable
emails through if they have a history of good scoring email. And
spammers just dig themselves a deeper hole. With all the features
available, so grows the effort to tune it the way you want. And admins
who only know their way around a GUI will quickly get lost, as there is
no GUI. Of course, anyone requiring that probably shouldn't be allowed
in the server room in the first place without an escort. 

--
Scott Taylor - <security@303underground.com> 

BOFH Excuse #389:

/dev/clue was linked to /dev/null

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] SPAM and "undisclosed recipients"
  - From: "Kristian Hermansen" <khermansen@ht-technology.com>

Prev by Date: RE: [Full-Disclosure] SPAM and "undisclosed recipients"
Next by Date: Re: [Full-Disclosure] SSH Exploit Request
Previous by thread: RE: [Full-Disclosure] SPAM and "undisclosed recipients"
Next by thread: RE: [Full-Disclosure] SPAM and "undisclosed recipients"
Index(es):
- Date
- Thread