[nzlug] OT: getting joe-jobbed by spammer

Mark Foster blakjak at blakjak.net
Tue Mar 25 14:59:43 NZST 2008 

> On Tue, 2008-03-25 at 13:41 +1300, Jim Cheetham wrote:
>> I'd be happy if spammers improved and verified their mailing lists to
>> only use legit addresses. The current scattershot approach means that
>> we have to waste time rejecting unknown recipients most of the time.
>
> Scattershot - such as dictionary attack - is a vital spammers' tool. My
> wife's email addresses have never been published to the web, only used
> privately, but already her inbox is filling up with sure-fire stock
> tips, lonely girls, g3n3r1c \/iAAAAAAgrA and so forth.

Spammers can generate emails at will and with almost no cost. It's hardly
likely that they'll ever do anything to help us out in that regard.


>
>> The real addresses will receive spam regardless of the quality of the
>> spammer address databases ... so we're going to have to rely on
>> content inspection rather than the mechanics of how the message
>> arrived anyway ... and if we're not needing to waste resources on
>> rejecting invalid addresses, we'll have more available for inspection
>> :-)
>
> The only way to defeat spam is to have a whilelist system where senders
> are approved via out of band means, rather than challenge/response. I
> tried challenge/response for a while, but some spammer tweaked some
> sending bots to loop the challenge messages and flood me.

Be careful when you make authoritive statements like that.
Whitelist systems are considered by many to be obtrusive and excessively
paranoid.

A tiered approach is usually best, with 'scoring' systems that will rate a
message as spam based on criteria, including:

source email address
destination email address
source IP address
content + header/relay path analysis

If you want to be able to receive emails from 'everywhere' then this is in
my experience the best compromise. Aggressive Whitelisting mechanisms
where anything that isnt manually approved is dropped, is too likely to
result in a false positive, IMHO.


(I could launch into a philosophical argument about the origins of spam,
the need to get the drones kicked off the internet and to trace the people
controlling the drones, etc etc, but that gets far too depressing...)

Mark.

More information about the NZLUG mailing list