Re: [exim] Anti Phishing Trick

Top Pagina
Delete this message
Reply to this message
Auteur: Fred Viles
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] Anti Phishing Trick
On 25 Aug 2005 at 10:18, Marilyn Davis wrote about
    "Re: [exim] Anti Phishing Trick":


| On Thu, 25 Aug 2005, Fred Viles wrote:
| 
| > On 25 Aug 2005 at 9:17, Marilyn Davis wrote about
| >     "Re: [exim] Anti Phishing Trick":

|...
| > | Is it expected that a spam filter stops a Joe Job?
| >
| > It might, but it is not expected to in general. Techniques to detect
| > bogus DSNs are relevant. Why do you ask?
|
| Well, we've had these conversations before, when talking about
| challenge/response systems, and I keep thinking about them.


Right. C/R systems also generate collateral spam. That's usually
considered one of the arguments against them.

| I just
| don't get it that collateral mail is so awful -- except when it's part
| of a Joe Job, which I don't see a filter stopping.


I don't know what "collateral mail" is. The term I used, "collateral
spam", is by definition directed to innocent third parties. It is
what makes a Joe Job (forging a legitimate victim sender address on a
spam run) damaging.

Ah! Writing that makes me think I misunderstood your question. A
good spam filter isn't expected to block the *results* of a Joe Job
(incoming collateral spam), but it should be very effective in
minimizing *outgoing* collateral spam. If that's what you meant, I
change my answer to "yes".

| Collateral mail seems to me to be a really useful feature of the email
| system.


Please define the term, maybe I would agree.

|...
| I'm not sure I understand what you're saying about DSNs. You don't
| want spam to generate an auto-response, which bounces and then lands
| in your user's mailboxes? Is that the only issue?


In a black-and-white world spam should not generate an auto-response
or DSN, period. How close we can get to an ideal world, and how much
effort we (as mail admins) are ethically obligated to expend to get
there is where the grey areas lie.

| Collateral mail, unless it generates a DSN for me to detect and
| blackhole, hits one of three targets:
|
| 1. Someone who wants it.
|
| 2. A spammer.
|
| 3. Poor Joe, which a filter can't help.
|
| Or, what am I missing?


If by "collateral mail" you mean all auto responses and DSNs,
nothing. My point is that every reasonable effort should be made to
avoid generating such for cases 2 and 3. Specifically, generating
such for detected spam from known forwarding hosts should be avoided.

- Fred