Re: [Nanog-futures] spam-l list
Jim Popovitch wrote: > On Fri, May 15, 2009 at 02:29, Jo Rhett wrote: >> That's funny, given that Mailman is the source of significant amounts >> of backscatter. > > Mailman is neither an MTA nor a MUA. Something before or after > Mailman is backscattering. > > -Jim P. Mailing list replying something is held for moderation, etc., has been used quite a bit by spammers in the last couple of years. Gadi. ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
Rich Kulawiec wrote: > I'll argue that doing the latter *is* doing the former. Some sites set > the putative sender to the real address of their member; others use an > address at the site itself. But all of them (AFAIK) use the member's > full name even though the member isn't the one sending the message or > ncrafting its content. And in all cases, the message was never anywhere > near the putative sender's mail client or mail system. I think that's > enough to label the exercise "forgery". We'll have to agree to disagree. I think of forgery as using someone's name without permission, this is more like embezzlement. :-) And look at what just popped up on the radar, it may be connected to this specific incident. "Hackers launch Facebook phishing attack" http://money.cnn.com/2009/05/14/technology/facebook_hackers.reut/index.htm > But the forgery question aside: these messages are (a) unsolicited > (b) bulk (c) email, which means they're spam by definition -- and > that's easily sufficient reason to block the sites which are not only > deliberately emitting them, but have gone through considerable pains to > do so. Agreed! -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On Fri, May 15, 2009 at 10:40:47AM -0700, Jay Hennigan wrote: > Which begs the question as to whether it was truly forged, or whether > the subscriber followed the link to "Give us your email account password > so we can spam your entire address book" which is default (mis)behavior > on such sites. I'll argue that doing the latter *is* doing the former. Some sites set the putative sender to the real address of their member; others use an address at the site itself. But all of them (AFAIK) use the member's full name even though the member isn't the one sending the message or ncrafting its content. And in all cases, the message was never anywhere near the putative sender's mail client or mail system. I think that's enough to label the exercise "forgery". But the forgery question aside: these messages are (a) unsolicited (b) bulk (c) email, which means they're spam by definition -- and that's easily sufficient reason to block the sites which are not only deliberately emitting them, but have gone through considerable pains to do so. As to "collateral damage" (mentioned in another followup): as I argued (at length and successfully) about this time last year on IETF-ASRG during a discussion of the BCP for DNSBL operation, there's no such thing. I won't recapitulate that entire argument here, but the short version is that there is no such thing as "collateral damage" in this context because there's no "damage" of any kind. None. Zero. Zilch. Nada. Incidentally, I *did* at one point try content-filtering these messages, even though I consider content filtering a vastly inferior method of inbound spam control and largely unworthy of professional use. But as I discovered while running the experiment, these social spamming sites change the content just often enough to render those filters rather ineffective. After fiddling with it for a while, I realized that my attempt to be A Nice Guy about it was pointless, and that outright blacklisting of their domains was a much better choice. ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] spam-l list
On Fri, May 15, 2009 at 02:29, Jo Rhett wrote: > That's funny, given that Mailman is the source of significant amounts > of backscatter. Mailman is neither an MTA nor a MUA. Something before or after Mailman is backscattering. -Jim P. ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
> Is this really enough of a problem to devote the MLC and Merit's > energy toward solving it? if it distracts them from censoring messages from my peers and from sending nasty-grams to my peers, i think it's a great idea! randy ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] observation on long delays
> SMS is probably the last line of defense for independent notifications but is not a very good broadcast/sbscribe medium, and is ridiculously expensive. randy ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On Fri, May 15, 2009 at 11:51:45AM -0700, Steve Feldman wrote: [snip] > Is this really enough of a problem to devote the MLC and Merit's > energy toward solving it? > > I do agree that if this really is worth the effort, filtering on the > subject will cause much less collateral damage than filtering on the > sender's domain. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] observation on long delays
SMS is probably the last line of defense for independent notifications of events, but even that uses the internet as an exchange mechanism between carriers. The net is becoming on super SPOF. The recent CA event comes to mind. Lots of opportunities. Best, Marty On 5/14/09, Randy Bush wrote: >> There must be a better way in 2009. > > interestingly enough, i am not sure there is. maybe lucy's suggestion > of twitter? i have never looked at it. but she says there are girls > there! > > but i imagine twitter uses many of the same pipes and so forth that the > rest of the net does. > > not an easy question. > > randy > > ___ > Nanog-futures mailing list > Nanog-futures@nanog.org > http://mailman.nanog.org/mailman/listinfo/nanog-futures > -- Martin Hannigan mar...@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On May 15, 2009, at 11:29 AM, Martin Hannigan wrote: > > Mailman can easily snatch phrases in subjects like stock social net > invites and 'out of office' or vacation messages. Probably with a very > high success rate as well requiring no intervention by admins. Or we could just accept the fact that we'll occasionally have to delete these messages ourselves. Is this really enough of a problem to devote the MLC and Merit's energy toward solving it? I do agree that if this really is worth the effort, filtering on the subject will cause much less collateral damage than filtering on the sender's domain. [My own opinions, SC hat off.] Steve ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
The user does have to click on 'invite' and can select some or all once the contact slurp occurs. My thought is that they opted to invite everyone thus nanog getting invited. IIRC, Facebook, all mail portals, and other like portals invite you to 'find' contacts on their system this way. Mail portals will transition your mbox from one to another using this method, FWIW. It is certainly a nice feature (no comment on security). Mailman can easily snatch phrases in subjects like stock social net invites and 'out of office' or vacation messages. Probably with a very high success rate as well requiring no intervention by admins. Best, Marty On 5/15/09, Jay Hennigan wrote: > Rich Kulawiec wrote: >> The NANOG list got hit this morning by spam from facebook, using >> the forged address of a subscriber. Any number of "social networks" >> are using this tactic -- grabbing the address books of members and >> then spamming every address in them on behalf of their latest >> victmember. > > Which begs the question as to whether it was truly forged, or whether > the subscriber followed the link to "Give us your email account password > so we can spam your entire address book" which is default (mis)behavior > on such sites. > >> They know that this approach will likely hit any/all mailing lists >> in the address book, which is why they forge the sender address: >> it's more likely to get through to lists which use the sender address >> as a form of validation. > > I'm not sure if I would call that a forgery if the address owner > willingly (albeit cluelessly) supplied the credentials to his email > account and instructed the spa^H^H^Hsocial networking site to "invite > all of these addresses". > > Yes, Facebook, etc. putting up a website asking for people to supply > their email username/password is dead wrong. Perhaps not as egregiously > wrong as putting up a website asking for people's banking > username/password, but wrong. As Mr. Barnum observed, about every 60 > seconds someone will fall for either or both. I am *somewhat* surprised > that it would happen *here* of all places. > > -- > Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net > Impulse Internet Service - http://www.impulse.net/ > Your local telephone and internet company - 805 884-6323 - WB6RDV > > ___ > Nanog-futures mailing list > Nanog-futures@nanog.org > http://mailman.nanog.org/mailman/listinfo/nanog-futures > -- Martin Hannigan mar...@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
Rich Kulawiec wrote: > The NANOG list got hit this morning by spam from facebook, using > the forged address of a subscriber. Any number of "social networks" > are using this tactic -- grabbing the address books of members and > then spamming every address in them on behalf of their latest victmember. Which begs the question as to whether it was truly forged, or whether the subscriber followed the link to "Give us your email account password so we can spam your entire address book" which is default (mis)behavior on such sites. > They know that this approach will likely hit any/all mailing lists > in the address book, which is why they forge the sender address: > it's more likely to get through to lists which use the sender address > as a form of validation. I'm not sure if I would call that a forgery if the address owner willingly (albeit cluelessly) supplied the credentials to his email account and instructed the spa^H^H^Hsocial networking site to "invite all of these addresses". Yes, Facebook, etc. putting up a website asking for people to supply their email username/password is dead wrong. Perhaps not as egregiously wrong as putting up a website asking for people's banking username/password, but wrong. As Mr. Barnum observed, about every 60 seconds someone will fall for either or both. I am *somewhat* surprised that it would happen *here* of all places. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On May 15, 2009, at 8:03 AM, Rich Kulawiec wrote: > The NANOG list got hit this morning by spam from facebook, using > the forged address of a subscriber. It was more likely someone importing their contact list indiscriminately > This does have a useful side effect: anyone who works for these > companies can't use the mailing lists I'm hosting, well, at least > not from their corporate domains. I recommend that the MLC do the > same or equivalent for the NANOG list. > > facebook.com We'll consider a blacklist, but it's dangerous, I know their are some good engineers @facebook.com. -- kris ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] spam-l list
Jo Rhett wrote: > On May 14, 2009, at 4:57 AM, Rich Kulawiec wrote: >> Subscribe via: spam-l-requ...@spam-l.com >> It's run by Mailman. > > That's funny, given that Mailman is the source of significant amounts > of backscatter. I wonder if this indicates a significant lack of clue > factor in the new owners...? Mailman is highly configurable. Gadi. ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
[Nanog-futures] Countermeasures for spam from "social networks"
The NANOG list got hit this morning by spam from facebook, using the forged address of a subscriber. Any number of "social networks" are using this tactic -- grabbing the address books of members and then spamming every address in them on behalf of their latest victmember. They know that this approach will likely hit any/all mailing lists in the address book, which is why they forge the sender address: it's more likely to get through to lists which use the sender address as a form of validation. On the mailing list servers I run, I've blacklisted all traffic from the following list of domains (which I'm sure is incomplete). In sendmail access file parlance: Connect:example.com ERROR:5.7.1:"550 Mail refused" This does have a useful side effect: anyone who works for these companies can't use the mailing lists I'm hosting, well, at least not from their corporate domains. I recommend that the MLC do the same or equivalent for the NANOG list. badoo.com birthdayalarm.com classmates.com eventbrite.com facebook.com facebookmail.com fanbox.com fanboxnotes.com faniq.com friendsite.com friendster.com godtube.com grouply.com hi5.com iminlikewithyou.com indiashines.com jcomm2.com kaneva.com linkedin.com multiply.com mydailyflog.com mylife.com myspace.com myyearbook.com ning.com perfspot.com plaxo.com refriendz.com reunion.com ringo.com scour.com spoke.com stumbleupon.com tagged.com taggedmail.com tagstat.com tfbnw.net twitter.com unyk.com xing.com yaari.com yaarinvites.com youbundle.com ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] observation on long delays
On Thu, May 14, 2009 at 05:02:58PM -0500, Tim Yocum wrote: > I mailed nanog-support@ earlier today with a suggestion to add a link > to the outages list over on the NANOG site where we direct folks to > other lists for off-topics. Outages are not best tracked on NANOG and > haven't been for a very long time. +1. I think redirecting traffic to mailop, dns-operations, spam-l or outages (as appropriate) is a fine idea. > I highly doubt any of the traceroutes posted on NANOG (or on the > outages list) were of any value to those troubleshooting the issues > seen today. Something tells me based on the gravity of the issue, > plenty of other data was floating around to help pinpoint the failure. Probably so. Although there's some value in knowing "it's not just me" for many values of "me", which is why I checked the outages list before attempting to perform any diagnosis. ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] observation on long delays
>> The main NANOG list was never intended on being an outage list. > Really? I believe if you actually look at its history, you'll find that > outage discussion has been an integral part of NANOG since its inception. certainly at its inception. various censorious regimes make 'since' a bit untrue. randy ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
