Firewall Wizards mailing list archives
Re: regarding spam...
From: Robert Graham <robert_david_graham () yahoo com>
Date: Fri, 29 Mar 2002 15:22:42 -0800 (PST)
There have been several approaches to this using MD5 checksums on "Sender+Subject" fields and message bodies. The technique is simply to calcuate the hash, send to a centralize server, which then sends back information indicating whether this is "mass" e-mail. Presumably, you could insert human elements to differentiate among "mass" (like fw-wiz) and "spam". Spammers have responded by automatically varying Sender, Subject, and Message Body. Notice how many e-mail arrives with a subject line appended with some random characters? They do this to avoid Subject line hashes. I litter the Internet with addresses like "fwwiz020329 () robertgraham com" in order to attract spam to my domain. The theory is that I match those e-mails against my real e-mail address of "myself () robertgraham com" and discard duplicates. This technique hasn't been as effective as I hoped. In any event, spammers don't care. They are playing a numbers game. When you play games like this, you and your friends escape the onslaught temporarily, but spammers are unaffected. It's like anti-biotics: you are really just encouraging them to evolve new techniques rather than seriously harming them. Your investment in evading them becomes more than simply deleting the e-mails in the first place. --- "Marcus J. Ranum" <mjr () nfr com> wrote:
Out of 30 messages in the input queue yesterday 30 were spam. 27 of those were korean or chinese. I'm trying to think of ways to deal with spam E-mails and have been kicking around a few ideas with some friends of mine. Most of the truly effective ways we can imagine to deal with spam rely on spam-knowledge propagation: in other words a human being someplace in the mix says "this is spam" and based on that determination causes the offending message to disappear from all mailboxes. So, a side effect of this approach is a 'web of trust' with respect to noise email. :) Suppose I tell the mail system "I trust Dodge Mumford's judgement regarding what is spam" then my mail system will automatically move into my spam folder all emails that Dodge moves into his spam folder. We might choose to look out for eachother in a reflexive relationship, or we might choose to additionally trust an outside source, etc, etc. It occurs to me that this would be pretty easy to implement, with a bit of small extra kludgery. You could build it right into an imap server by having it apply the extra processing when someone moves a message into a folder called "spam" - in fact this way _one_ person in an organization could keep an up-to-date set of Eudora filters that would be leveraged by everyone in that spam trust ring. Does anyone know if this is already being done? Does anyone see any really compelling reason it wouldn't work? mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
__________________________________________________ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- regarding spam... Marcus J. Ranum (Mar 29)
- Re: regarding spam... Ryan Russell (Mar 29)
- Re: regarding spam... Alberto Begliomini (Mar 29)
- Re: regarding spam... John Adams (Mar 30)
- Re: regarding spam... Jubilation T Cornpone (Mar 29)
- Re: regarding spam... Adam Shostack (Mar 29)
- Re: regarding spam... Robert Graham (Mar 30)
- <Possible follow-ups>
- RE: regarding spam... Max Enders (Mar 29)
- Re: regarding spam... Antonomasia (Mar 30)