Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

A radical idea on spam control 1

Status
Not open for further replies.
paleogryph

paleogryph

MIS
Apr 11, 2002
144
US
A radical idea on spam control:
Why do we treat email differently than ip packets?
Why not treat emails as if they were any other kind of traffic that needed to be filtered in the most robust way possible.

Yes, I use SpamAssassin and have a blacklist a mile long...

But why not block everything and then unblock only known legit addresses.
Users complain? So what!
The days of email innocence are long gone...
Domains are hijacked by spammers, headers manipulated and filtering rules bent.

You want an example:

Spammers will always be ahead of the curve.

Filter mail based on whether the address is in your address book.
If someone wants to send you a mail and they are not in your book there are other methods to confirm legitimacy.



>Think for yourself<
...or someone else will do it for you.
 
Sort by date Sort by votes
&quot;Does anyone know if it legal for the post office to not deliver mail simply because they think that the addresse might not want it?&quot;

Breach of contract - the sender has bought a postage stamp.

&quot;Can a spammer with a smart lawyer apply the same argument to Email?&quot;

Nah, don't think so. Might try sueing the ISP for not letting his emails go through. Except most ISPs have a &quot;no junk mail&quot; clause in their consumer agreements, so that's that case out the window then.

In the UK, there is the Mail Preference Service - people who send junk mail have to consult with the MPS database before sending it. If you register with the MPS, and someone then sends you junk mail, the mailer is liable for a hefty fine.

There is also a Telephone Preference Service and a Fax Preference Service. Oh, by the way. it's free! :)


<marc> i wonder what will happen if i press this...[pc][ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
 
Upvote 0 Downvote
If we're going to get silly about it, maybe we should allow clones, and their job would be to stand behind anyone on a computer, and hit them with a large ruler if they send out spam.

Gestgulkan - Totally agree with keeping politians out of the internet, and off the streets and out of parliament buildings too if it can be arranged.

But the whole legal thing is a farse, I mean, I live in south london, and people get mugged there every day, and that is illigal as well so I am led to believe.

I am also led to beleive that it would take an awfull lot of rescources to track down all unsolicited emails and deal with it, that would mean more taxes to pay for it - not interrested, I'd rather press my delete button, if my email is on all these lists then great, if they find my name on the internet fab, and if they connect the two together, well good luck to them if that's all they have to do with their lives.

I still think the Matrix is a fictional film.
 
Upvote 0 Downvote
Lol, its unfair to make comments like your first one without warning, especially when I am trying to drink my first cup of coffee and prefer not wearing it :p
 
Upvote 0 Downvote
heh, you can't make that because it violates our patents that are mostly pre-published but have some very small specifics that are different than everyone elses...

Riiiiight...

-Tarwn
 
Upvote 0 Downvote
Anybody here know the exact mechanics of CR?

Is it being touted as a replacement for POP3 or summat?


 
Upvote 0 Downvote
Your SMTP server has a database of authorized senders. Anyone in the database can send to you and your SMTP server will pass it into your mailbox.

Anyone not on the list gets a return email stating basically, &quot;If you want your earlier email to be delivered, click on this link&quot;.

Your system can then validate delivery, and possibly record the IP address from which the verification was made, etc.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
Mmmmm - that's all I'll say for now.
{{This kind of set-up did cross my mind during the course of this thread - but I thought it unworkable}}
I'll need to find more details from somewhere.
Seems that my mail server will spend most of it's time chasing spam.
 
Upvote 0 Downvote
question: who would the CR server reply to if the spammer's forged the email address? you can hardly reply just to the originating IP address.

given that &quot;support@microsoft.com&quot; are apparently junk mailing a virus at the moment (story: the poor microsoft server would be inundated with hundreds of messages &quot;please click this link to confirm the email you sent&quot;.

<marc> i wonder what will happen if i press this...[pc][ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
 
Upvote 0 Downvote
Be great for people to be immediately notified that their servers had been hijacked to send out unsolicited and forged mail no?
 
Upvote 0 Downvote
And what if the poor unfortunate was johnsmith@someisp.com?
Or sleipnir214@hisISP.com?
Let's see, 1 piece of Spam to 10 000 recicipients.... 10 000 C-R emails to sleipnir's inbox. nice!

problem no.2
spammer spams...using forged email address
recipient sends C-R email to forged email address
poor innocent receives &quot;unidentified&quot; email, sends C-R back...

one piece of spam could generate a whole lot more traffic!

<marc> i wonder what will happen if i press this...[pc][ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
 
Upvote 0 Downvote
But you're forgetting the alternative.

johnsmith@someisp.com is compromised, and sends out 1 piece of spam to 10,000 recipients who all receive it. The email remains compromised and sends out another 10,000 emails a day ad-naseum until johnsmith or his isp happens to make time to do a security check.

Sure, poor unfortunated looses his email for a day because someone compromised it.... now he knows to fix it ASAP!

-Rob
 
Upvote 0 Downvote
I'm afraid the majority of spam uses spoofed email addresses, not compromised accounts.
(ever wondered how you get spam from HJKHJK6786BJK@678HjhgjH.random89234h.com?)

and if an email address is spoofed, the poor guy whose email address is used by the spammer can do nothing about it.

Try it yourself using outlook express...
go to tools --> accounts --> highlight your email account --> select properties --> change your email address to something bizarre (santaclaus@northpole.com?) --> select OK

now send an email to your ACTUAL email address.

read the email you just sent yourself - you'll see it says &quot;from: &quot; $whatever you've typed in.

do remember to change your email address back to normal afterwards!

of course, just because you &quot;say&quot; you're santaclaus@northpole.com doesn't mean you'll ever receive email addressed to santaclaus@northpole.com - any email sent to this address will actually be delivered to the real owner (c/o Rudolf).

Although you've spoofed your email, this doesn't make you anonymous - the email can still be tracked because the header will include the IP address of the sending SMTP server (normally this is your ISP's SMTP server).
But you can't send an email to an IP address !

<marc> i wonder what will happen if i press this...[pc][ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
 
Upvote 0 Downvote
Sure, and I realize there are better ways too spoof than that such that the receiver can't track you so easily. In fact I think that was an extra credit problem in one of my classes... had to send an untraceable message to our teach... if he could figure who sent it without our confirmation we didn't get the points. As I remember, many people lost out because they sent it from their home machines, or other machines on campus which required them to log in at what point or another, the final trick besides logging onto the open relay server he gave us access to was to find an anonmyous computer.

That said, I would've assumed the emails wouldn't be going to the from address, but to the server admin from where they were originating... which more often than not from what I hear, are open relays. Obviouslly, this isn't a method which is all so effective with people using mass ISP's. Yahoo isn't going to authenticate for you, nor is AOL... however, if I were running my own mail server my above statement holds :).

-Rob
 
Upvote 0 Downvote
One thing can be taken as read:
there is no one magic bullet solution to spam
I suppose we could reduce it to an 'acceptable' level - but it would take the effort of a number of part solutions to achieve.

One thing I would like to propose is to allow only 'Approved Official' SMTP servers on the internet.
This would work in the same way as the DNS system. These smtp servers will only accept mail from other such authorised servers.
On being contacted by another smtp server they can do either of the following:

a. before accepting the email-check the authorised database.
If the smtp server is authenticated - then accept the mail,
other wise don't accept the connection.

OR

b. take the contacting smtp server at face value and accept the mail - THEN check the official database. If the contacting smtp cannot be verified, then silently drop the email.
 
Upvote 0 Downvote
But is spam really such a big deal?

We all get the same junk through the door every day, and we throw it away like we always have. Whats the big deal with doing it with spam ?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

H
  • Locked
  • Question
Okta apps validation
Replies
0
Views
5K
hemanth4
H
sysadmin10
  • Locked
  • Question
Onboarding a new MSP customer
Replies
0
Views
386
sysadmin10
sysadmin10
sakulati
  • Locked
  • Question
A Question On New Hire IT Process 1
Replies
3
Views
378
SamBones
SamBones
johnherman
  • Locked
  • News
More on Privacy invasions by US government
Replies
0
Views
355
johnherman
johnherman
mahman
  • Locked
  • Question
New cabling business advice
Replies
1
Views
383
mforrence
mforrence

Part and Inventory Search

Sponsor

Back
Top