funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 95% of User Generated Content is spam or malicious

From: Dave Paris <dparis () w3works com>
Date: Wed, 10 Feb 2010 22:24:27 -0500
I've been around long enough to be on so many spam lists that an average 
day sees about 23,000 attempts to deliver all manner of crap to my 
inbox.   Also on average, about 120 make it through to my mail client. 
Of those, all but 40 are marked and moved out of the way by Firefox's 
junk filters.  On a bad day, 5 will slip through that are actually junk 
- everything else is valid.  I do get the rare false positive.

That means the attempted delivery is a stream comprised of 98% 
unadulterated shit - as Rich brackets it.

Where the trick (to the extent it's a trick, I suppose) lies here is 
what it takes to knock down this volume.  Qmail + RBL + Graylisting + 
A/V + SpamAssassin (flags at 3.5).  I run that on a single PIII 450MHz, 
w/768MB RAM and sitting at the end of a 1MB pipe which has *plenty* of 
remaining capacity.  It doesn't take gobs of hardware and the solution 
saves tons of bandwidth by forcing graylisting.  While the benefit is 
unknown, I do utilize SPF to do some small part in reducing mail forged 
with my domain(s).  Various outbound filters only permit traffic 
destined for port 25 to be sent from specific hosts -  none of which are 
userland.

It's not a silver bullet nor is it some unique, mystic solution, but 
this setup does demonstrate that it's possible to knock down a very 
large volume using a modest amount of hardware, free software, and a 
couple hours of elbow grease.

Best~
-d

Robert Portvliet wrote:

It's sad that we are unable to even make a dent in solving this problem.
Added together, the bandwidth & capacity wasted by all this junk must be
staggering.



Rich Kulawiec wrote:

On Wed, Feb 10, 2010 at 10:40:53AM -0500, Robert Portvliet wrote:

It's sad that we are unable to even make a dent in solving this problem.


We do.  We've had the ability to do so for many years.  It's not difficult
or complicated or expensive.  It requires no new technology, no new
standards, no new software.

What we lack is the *will* to do so.  As succinctly put by Paul Vixie
on NANOG a while back:

      If you give people the means to hurt you, and they do it, and
      you take no action except to continue giving them the means to
      hurt you, and they take no action except to keep hurting you,
      then one of the ways you can describe the situation is "it isn't
      scaling well".

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: