RE: [exim] Anti Phishing Trick

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\M\Marc Sherman at <-
MMMMMarc Sherman at ->
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: RE: [exim] Anti Phishing Trick
On Thu, 25 Aug 2005, Herb Martin wrote:

> Also, there is a fourth category:
>
> 4. The Spammee

Sure, I can think of a scenario which fits that description quite
well.

In its full glory, it goes like this:

* A mailing list sends one of our users a spam

* We recognise it as a spam (yup, I've seen the content, it was no
false positive!) and so we reject it.

* The mailing list sends our user a notice saying excuse me, but we
sent you a mailing and it was rejected, and here it it again

* We recognise it again as a spam, and reject it again.

* The mailing list sends our user yet another notice saying excuse me
but we tried twice to send you a mailing and it was rejected, so we're
probing your address to see if it still accepts mail: if not then we
intend to unsubscribe you.

* This time there is no spam body included. We accept the notice, so
the user does not get unsubscribed after all. The user gets the
notice (which they didn't really want).

This was really the fault of the mailing list, for accepting the spam
in the first place. I *suppose* we could devise ways of handling the
situation such that neither the mailing list nor the user was
inconvenienced - but it would probably have to involve a black hole at
some point - and if everyone did that, how would the mailing list ever
learn that it was redistributing spam - which our users - in no
uncertain terms - make only too clear to us that they do not want?

Going back to some earlier discussion, there was a suggestion that
manual intervention and review of the item by the mail admin could be
a solution. You know, it's happened more than once that a spam was so
cleverly worded that I, as mail admin, was on the point of being taken
in by it as genuine mail. In all probability, then, there have been
occasions where I really *was* taken in. Equally, there may have been
occasions where the mail was genuine but I rated it as abusive, I
suppose. I think my review is probably a bit more accurate than the
automated checks (spamassassin etc.) implemented in the mailer, but
I'm by no means perfect (and I'm *far* more expensive than the
automated checks, so I try to minimise the time spent on such tasks),
so I think I'd have to say (based on this sample) that mail admin
review, while it can certainly be useful, is no "magic bullet".

all the best


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Exiscan CLAMAV RAR failureRe: [exim] Anti Phishing Trick->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)