Bugtraq mailing list archives
RE: Is predictable spam filtering a vulnerability?
From: Lance James <lance.james () bakbone com>
Date: Fri, 18 Jun 2004 16:29:40 -0700
Your point on the Rejected messages is that it does happen. Reverse-NDR's are a real problem - and are a loophole since NDR is a smtp spec. On a second note, your comment on filters, (not involving the me2 spam filter companies) filters do not stop spam, and sometimes they are truly more detrimental. There was an article posted on security focus that brought up all of these issues with security and spam. www.securityfocus.com/infocus/1763 (it's two parts, that's the first one, it leads to the other one.). The social engineering attack would have to be well surveilled to pull off, but it is definitely possible by a long term and determined attacker. Lance -----Original Message----- From: Aaron Cake [mailto:aaron () vltpm com] Sent: Thursday, June 17, 2004 7:19 AM To: bugtraq () securityfocus com Subject: RE: Is predictable spam filtering a vulnerability?
During a recent email conversation with several participants, we discovered that the email service of one participant silently dropped legitimate emails that happened to contain certain combinations of words common in spam. I believe this sort of filter is common practice, and in fact even in place for some of my own email addresses. However, this experience made me think: isn't predictable spam filtering in general a vulnerability that could be used as a hoax device?
Certainly. I have brought this issue up with several other ISPs who insist on blocking my personal domain because I'm a "little guy". They can't prove that I don't spam, so they default to blocking everything that comes from me instead. AOL is the biggest and perhaps most annoying offender. I personally see this as a denial of service attack against MYSELF. Obviously not meant to be malicious in nature, but quite effective regardless. Imagine if I decided to use a spam fitler against someone else...I make an email that contains known rejected words. I send that email, setting the "FROM" address and header to be that of my victim. If I send out hundreds of these messages, I can use someone else's spam filter to mail-bomb my victim with "rejected" messages. The REAL issue is that any email filter that silently drops messages can easily mistake legitimate mail for spam. The user never knows, sometimes the sender doesn't know, and the braindead admins who set up the filter think they've done their job. What is even more useless is when the message is bounced with instructions on how to get off their block list. You send an email to their admin, yet it is bounced! Spam filters are often worse then the spam problem itself. --- Aaron Cake Technical Services Advanced Computer Ideas Phone: 1-519-433-0279 Fax: 1-519-433-5413
Current thread:
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages), (continued)
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages) der Mouse (Jun 25)
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Seth Breidbart (Jun 25)
- Re: Is predictable spam filtering a vulnerability? Ilya Sher (Jun 18)
- Re: Is predictable spam filtering a vulnerability? Gadi Evron (Jun 19)
- Re: Is predictable spam filtering a vulnerability? krispykringle (Jun 21)
- RE: Is predictable spam filtering a vulnerability? Romulo M. Cholewa (Jun 19)
- RE: Is predictable spam filtering a vulnerability? Andrew Hunter (Jun 19)
- Re: Is predictable spam filtering a vulnerability? Crispin Cowan (Jun 22)
- [OT] Safe spam filtering methods (was: Is predictable spam filtering a vulnerability?) The Fungi (Jun 22)
- Re: Is predictable spam filtering a vulnerability? Phil Barnett (Jun 23)
- RE: Is predictable spam filtering a vulnerability? Lance James (Jun 19)
- RE: Is predictable spam filtering a vulnerability? David Brodbeck (Jun 25)