Anti-spam methods (was: Re: Comcast blocking port 25? (not what
you think))
bscott at ntisys.com
bscott at ntisys.com
Mon May 10 18:22:01 EDT 2004
On Mon, 10 May 2004, at 6:00pm, bbell at hp.com wrote:
>> I do predict that spammers will adapt to this new authenticated email
>> world rather quickly. Namely, they will modify their spam-cannon-laden
>> viruses ...
>
> That seems likely, but how much email is send from virus-attacked
> computers?
All we can tell for sure is that quite a lot of spam currently comes
direct from consumer Internet feed address space. Possible sources include:
- People who manage to configure open relays or open proxies, either
through poorly designed software, or user incompetence. These people
get relay-raped.
- Spammers who buy Internet feeds, use them until they get caught, and
then fade back into the woodwork.
- Users who unintentionally run spam-relay software. These include
Trojan software (the game that also sends spam or whatever), "click me"
worms that depend on the user, and self-propagating software that
attacks vulnerable software.
- Users who intentionally run spam-relay software, because the spammers
claim (truthfully or not) they will pay the users for doing so.
> The SPF approach seems to have the goal on making DNS-based blacklists
> reasonable, not addressing the spam-from-a-virus problem.
SPF prevents spammers from spoofing a domain that does not want to be
spoofed. That has value by itself, as it means you can now whitelist on
selected "From" addresses reliably. It is unlikely SPF will actually stop
spam.
--
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind. |
More information about the gnhlug-discuss
mailing list