Re: [exim] Report of new spam technique

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Richard Clayton
Date:  
À: Bill Hacker
CC: exim
Sujet: Re: [exim] Report of new spam technique
In message <4204D104.9090909@???>, Bill Hacker
<wbh@???> writes

>Matt wrote:
>
>> It is simply detailing the method of sending via the ISP's mailservers
>> instead of directly from user|spammer pc's.
>>
>Yes. That was the easy part.
>
>But how is that 'new', and suddenly such a massive or 'increased' threat
>that several newsfeeds picked it up


it's been picked up because SpamHaus released a press release on
Thursday on this topic -- which has been picked up by various people,
including BBC online who misunderstood considerably :( For Steve
Linford's orginal words see:

    http://www.spamhaus.org/news.lasso?article=156


>and a statement was made:
>
>"The problem is that if ISPs don't tackle it, then by mid-2006 we're
>going to have the spam levels at 95 percent of all e-mails, which is
>going to cause failures to occur all over the place," he added.
>
>That would presuppose some new vulnerability,


no it's just hype -- and if you look at SpamHaus's page you'll see that
they said "visible signs of the beginning of a slow meltdown of email
delivery systems " and journalists turned this into "about to collapse"

>So; I am still looking for the 'smoking gun' w/r ISP relay vulnerability.


in fact, having the junk sent via ISP smarthost systems is Very Good
News, precisely because it's really, really easy to spot there by
examining logs

<shameless plug>
    http://www.cl.cam.ac.uk/~rnc1/extrusion.pdf
</shameless plug>


I do see signs that the amount of junk being sent via compromised
customers is now less per customer than a year ago (presumably because
the bad guys are worried about per-customer limits). In practice it
remains trivial to spot their rubbish at even at a few hundred a day
(because the pattern is just not the same as a normal customer would
send; below this level it's hard to distinguish customers relaying email
to off-site workers) -- and virus infection patterns can show up with as
few as five messages per day :)

>Spammers may be trying harder, but so are the rest of us.
>We have the advantage of operating in the open, cooperatively, and with
>a better 'trust' model.
>
>Ergo, the article(s) still look(s) like sensationalism and FUD to me.


well indeed. In particular, the originally cited one

    http://www.chron.com/cs/CDA/ssistory.mpl/business/3025235


had a quote from AOL saying

    "95 percent of all spam aimed at AOL's 29 million members is coming
    from provider computers"


which is probably not at all surprising given that AOL has been going
out of its way for the last year or two to block huge ranges of IP
address space and insist that email is delivered via smarthost (ISP
relay) arrangements. Sounds as if they've succeeded :)

- -- 
richard                                              Richard Clayton


They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin