funsec mailing list archives
Re: 95% of User Generated Content is spam or malicious
From: Dave Paris <dparis () w3works com>
Date: Wed, 10 Feb 2010 22:24:27 -0500
I've been around long enough to be on so many spam lists that an average day sees about 23,000 attempts to deliver all manner of crap to my inbox. Also on average, about 120 make it through to my mail client. Of those, all but 40 are marked and moved out of the way by Firefox's junk filters. On a bad day, 5 will slip through that are actually junk - everything else is valid. I do get the rare false positive. That means the attempted delivery is a stream comprised of 98% unadulterated shit - as Rich brackets it. Where the trick (to the extent it's a trick, I suppose) lies here is what it takes to knock down this volume. Qmail + RBL + Graylisting + A/V + SpamAssassin (flags at 3.5). I run that on a single PIII 450MHz, w/768MB RAM and sitting at the end of a 1MB pipe which has *plenty* of remaining capacity. It doesn't take gobs of hardware and the solution saves tons of bandwidth by forcing graylisting. While the benefit is unknown, I do utilize SPF to do some small part in reducing mail forged with my domain(s). Various outbound filters only permit traffic destined for port 25 to be sent from specific hosts - none of which are userland. It's not a silver bullet nor is it some unique, mystic solution, but this setup does demonstrate that it's possible to knock down a very large volume using a modest amount of hardware, free software, and a couple hours of elbow grease. Best~ -d Robert Portvliet wrote:
It's sad that we are unable to even make a dent in solving this problem. Added together, the bandwidth & capacity wasted by all this junk must be staggering.
Rich Kulawiec wrote:
On Wed, Feb 10, 2010 at 10:40:53AM -0500, Robert Portvliet wrote:It's sad that we are unable to even make a dent in solving this problem.We do. We've had the ability to do so for many years. It's not difficult or complicated or expensive. It requires no new technology, no new standards, no new software. What we lack is the *will* to do so. As succinctly put by Paul Vixie on NANOG a while back: If you give people the means to hurt you, and they do it, and you take no action except to continue giving them the means to hurt you, and they take no action except to keep hurting you, then one of the ways you can describe the situation is "it isn't scaling well". ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 95% of User Generated Content is spam or malicious Robert Portvliet (Feb 07)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Robert Portvliet (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Dave Paris (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Drsolly (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 15)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 15)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 18)
- Re: 95% of User Generated Content is spam or malicious der Mouse (Feb 18)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 21)
- Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 21)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 22)
- Re: 95% of User Generated Content is spam or malicious Robert Portvliet (Feb 10)
- Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 10)