Author: Bill Hacker Date: To: exim Subject: Re: [exim] Report of new spam technique
Matt wrote:
> Bill Hacker wrote:
>
>
>
>>- But it is not really all that clear which of several 'ratware'
>>techniques the author and AOL person interviewed
>>were on about...
>
>
>
> It is simply detailing the method of sending via the ISP's mailservers
> instead of directly from user|spammer pc's.
>
>
> Matt
>
Yes. That was the easy part.
But how is that 'new', and suddenly such a massive or 'increased' threat
that several newsfeeds picked it up
and a statement was made:
"The problem is that if ISPs don't tackle it, then by mid-2006 we're
going to have the spam levels at 95 percent of all e-mails, which is
going to cause failures to occur all over the place," he added.
That would presuppose some new vulnerability, more ISP's running either
WindWoes MTA's or *N*X MTA's configured less expertly than it was a year
ago.
I don't see that as the case:
- WinWoes share of 'backbone' server penetration apparently peaked over
a year ago, and continues to decline.
- Few professional ISP's of any size would risk using 'Exchange' and
such outside of a corporate intranet.
- The level major-provider UNIX MTA anti-spam configuration expertise
seems to be improving, not declining, (Exim, Postfix, Courier-MTA, -
even Sendmail has been improved).
So; I am still looking for the 'smoking gun' w/r ISP relay vulnerability.
Spammers may be trying harder, but so are the rest of us.
We have the advantage of operating in the open, cooperatively, and with
a better 'trust' model.
Ergo, the article(s) still look(s) like sensationalism and FUD to me.
But I remain paranoid enough to ask 'what have I missed', what do we
need to now change // make sure we have already changed // do not forget
to check ..... to stop such a risk?
'A good plan, violently implemented right now, will always beat a better
plan delayed a week'. GSP, Jr.
