Re: [exim] Anti Phishing Trick

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Marilyn Davis
Data:  
Para: exim-users
Asunto: Re: [exim] Anti Phishing Trick
On Thu, 25 Aug 2005, Fred Viles wrote:

> On 25 Aug 2005 at 10:18, Marilyn Davis wrote about
>     "Re: [exim] Anti Phishing Trick":

>
> | On Thu, 25 Aug 2005, Fred Viles wrote:
> | 
> | > On 25 Aug 2005 at 9:17, Marilyn Davis wrote about
> | >     "Re: [exim] Anti Phishing Trick":
> |...
> | > | Is it expected that a spam filter stops a Joe Job?
> | > 
> | > It might, but it is not expected to in general.  Techniques to detect 
> | > bogus DSNs are relevant.  Why do you ask?
> | 
> | Well, we've had these conversations before, when talking about
> | challenge/response systems, and I keep thinking about them.

>
> Right. C/R systems also generate collateral spam. That's usually
> considered one of the arguments against them.
>
> | I just
> | don't get it that collateral mail is so awful -- except when it's part
> | of a Joe Job, which I don't see a filter stopping.
>
> I don't know what "collateral mail" is. The term I used, "collateral


I mean all mail that is automatically generated because of some
incoming mail, for any reason.

> spam", is by definition directed to innocent third parties. It is
> what makes a Joe Job (forging a legitimate victim sender address on a
> spam run) damaging.


I think of "spam" as advertising email. But maybe you also think of
it as Joe Job email, which is evil prank email. The Joe Jobs I've
experienced were an evil destructive attack on a political group and
did not look like advertising so that they wouldn't be stopped by spam
filters.

Advertisers have nothing to gain by forging a legitimate victim sender
address. In fact, they lose that victim as a customer. Do your users
experience a lot/any of that?

>
> Ah! Writing that makes me think I misunderstood your question. A
> good spam filter isn't expected to block the *results* of a Joe Job
> (incoming collateral spam), but it should be very effective in
> minimizing *outgoing* collateral spam. If that's what you meant, I
> change my answer to "yes".
>
> | Collateral mail seems to me to be a really useful feature of the email
> | system.
>
> Please define the term, maybe I would agree.
>
> |...
> | I'm not sure I understand what you're saying about DSNs. You don't
> | want spam to generate an auto-response, which bounces and then lands
> | in your user's mailboxes? Is that the only issue?
>
> In a black-and-white world spam should not generate an auto-response
> or DSN, period. How close we can get to an ideal world, and how much
> effort we (as mail admins) are ethically obligated to expend to get
> there is where the grey areas lie.


I'd say that spam ought not generate an auto-response or DSN that gets
anywhere, except back to the spammer or a blackhole. Or are you
worrying about the total bandwidth of the whole system?

>
> | Collateral mail, unless it generates a DSN for me to detect and
> | blackhole, hits one of three targets:
> |
> | 1. Someone who wants it.
> |
> | 2. A spammer.
> |
> | 3. Poor Joe, which a filter can't help.
> |
> | Or, what am I missing?
>
> If by "collateral mail" you mean all auto responses and DSNs,
> nothing. My point is that every reasonable effort should be made to
> avoid generating such for cases 2 and 3. Specifically, generating
> such for detected spam from known forwarding hosts should be avoided.


Detecting spam from "known forwarding hosts" means using the
blacklists? If you auto-respond to spam from a known forwarding host,
unless it is a joe job, what is the bad thing?

Thank you for discussing this with me. As you can see, I give it lots
of thought.

Marilyn

>
> - Fred
>
>
>
>
>
>


--