Re: [exim] Heads up?

Top Page
Delete this message
Reply to this message
Author: Mike Wiebeld
Date:  
To: exim-users
Subject: Re: [exim] Heads up?
"Is encryption a solution for spoofing?"

Nope. Encryption is completely different from authentication.

"This wouldn't stop me from using it. With my lousy content filtering,
which I'm too lazy to upgrade, I've had a few phone calls and
face-to-face encounters with people who were hurt and frustrated
because my system (as politely as I could) said they were suspected
spam."

That's why I prefer for the MTA to drop their connection with a simple reference on why. Usually being "your site is on blacklist foo" so they can sort it out. I've only had one problem with that and that was from an AOL server.

"And many broken systems simply eat suspected spam and no one knows."

This is a very bad thing. The MTA should be rejecting email so the sender can deal with it. Messages should only "disappear" because the PostMaster has decided to take specific action with those specific messages. Everything else should go to the users. They're the only ones who can really tell if questionable messages are spam or not. Maybe they DO order their medications from a legitimate online drugstore.

"BTW, it's not *my* FUSSP. I'm just trying to find the baby in the bathwater.

When people get so angry, I get suspicious that there is one."

The "baby" is easy to find. Challenge/response systems DO cut down on your spam, but they do that by moving the workload to other people's systems. If these systems are so great, then why don't the PostMasters implementing it sort through the outbound messages by hand and determine whether or not to send the challenge email themselves? Why do they leave it up to an automated process?

There isn't one simple solution to spam. The best you can do (without being an anti-social nutcase) is to use a variety of filters/blocks/etc to get the spam down to acceptable levels. I've achieve an 800% reduction where I work. We used to get 80% spam (out of every 10 messages, 8 would be spam) but with blacklisting, spamassassin and fake names, we now get 2 good messages for every spam message with 7 out of 10 messages being rejected at the MTA. But that still leaves us with about 2,800 messages a day (both inbound and outbound) and just under 1,000 of those are flagged as possibly spam and sent on to the users.

I'm also looking at implementing greylisting, but I want to do it in a way that isn't so anti-social. It isn't difficult to cut down the spam by 80-90%. But it is difficult to cut it further without becoming one of the anti-social jerks on the Internet.

>>> Marilyn Davis <marilyn@???> 03/23/05 12:33PM >>>

On Wed, 23 Mar 2005, Marilyn Davis wrote:

> On Wed, 23 Mar 2005, Fred Viles wrote:
>
> > On 23 Mar 2005 at 11:51, Marilyn Davis wrote about
> >     "Re: [exim] Heads up?":

> >
> > | On Wed, 23 Mar 2005, Mike Wiebeld wrote:
> > |
> > | > Marilyn,
> > | > :)
> > | > Please don't take this the wrong way, I just found it humorous.
> > | >
> > | > http://www.rhyolite.com/anti-spam/you-might-be.html
> > |
> > | Cute.
> > |... (but...)
> >
> > dont-get-no-respect-6
> >      Nothing in this list applies to your solution to the spam
> >      problem except some entries that are neither ironic nor silly.  

> >
> > | The ones where you have to go to the web and read a hard-to-OCR font
> > | aren't vulnerable to robot attack -- if done right.
> >
> > They are vulnerable to the problem that a significant fraction of
> > legitimate senders won't be willing to jump through the hoop. Duh,
> > as you would say.


This wouldn't stop me from using it. With my lousy content filtering,
which I'm too lazy to upgrade, I've had a few phone calls and
face-to-face encounters with people who were hurt and frustrated
because my system (as politely as I could) said they were suspected
spam.

And many broken systems simply eat suspected spam and no one knows.

I taught a class in Python at a defense industry company. As always,
I ran an email list for the class and sent the materials. 2 out of
the 8 material sets were quietly eaten by their spam-absorber. But,
that's their bug, but my frustration, and my class'.


> > And your FUSSP still needs a *viable* solution to the spoofed
> > address/collateral spam problem. SPF is not it. > > No? I guess
> > I don't understand SPF then. Can you please explain?


Is encryption a solution for spoofing?

BTW, it's not *my* FUSSP. I'm just trying to find the baby in the
bathwater.

When people get so angry, I get suspicious that there is one.

Marilyn


*
This e-mail, including attachments, may contain information that is privileged, proprietary, non-public, confidential, trademarked, copyrighted or exempt from disclosure and is intended to be conveyed only to the designated recipients(s). If you are not an intended recipient, please delete this e-mail, including attachments, and do not disseminate, distribute or copy this communication, by e-mail or otherwise. The unauthorized use, dissemination, distribution or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. We reserve the right to monitor and review the content of all messages sent to or from this e-mail address.