Re: [Nanog-futures] Countermeasures for spam from "social networks"
On 5/19/09 5:34 PM, "Joe Abley" wrote: > > On 19-May-2009, at 15:10, Michael K. Smith - Adhost wrote: > >> [snip] > > Your point is that the modern version of is to quote the entire > message without adding anything? :-) > No, but I was going to say something "funny" and I keyed the message to send before I could be witty. I wasn't going to try it twice. Mike ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On 19-May-2009, at 15:10, Michael K. Smith - Adhost wrote: > [snip] Your point is that the modern version of is to quote the entire message without adding anything? :-) ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On Fri, May 15, 2009 at 2:53 PM, Joe Provo wrote: On Fri, May 15, 2009 at 11:51:45AM -0700, Steve Feldman wrote: [snip] > Is this really enough of a problem to devote the MLC and Merit's > energy toward solving it? > > I do agree that if this really is worth the effort, filtering on the > subject will cause much less collateral damage than filtering on the > sender's domain. Eh. I think has lost its relevance. You were there went it meant something. It's (and other phraseology) cultural significance is less and less everyday and is indicative of the nature of change that takes place on the Internet, oh, every two years now I suppose. The more we can automate to match "community" policy the easier it is to maintain and the more fair it is to the users and the admins. No? Best, Martin ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On Fri, May 15, 2009 at 2:53 PM, Joe Provo wrote: > On Fri, May 15, 2009 at 11:51:45AM -0700, Steve Feldman wrote: > [snip] > > > Is this really enough of a problem to devote the MLC and Merit's > > energy toward solving it? > > > > I do agree that if this really is worth the effort, filtering on the > > subject will cause much less collateral damage than filtering on the > > sender's domain. > > > > Eh. I think has lost its relevance. You were there went it meant something. It's (and other phraseology) cultural significance is less and less everyday and is indicative of the nature of change that takes place on the Internet, oh, every two years now I suppose. The more we can automate to match "community" policy the easier it is to maintain and the more fair it is to the users and the admins. No? Best, Martin -- Martin Hannigan mar...@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
Rich Kulawiec wrote: > I'll argue that doing the latter *is* doing the former. Some sites set > the putative sender to the real address of their member; others use an > address at the site itself. But all of them (AFAIK) use the member's > full name even though the member isn't the one sending the message or > ncrafting its content. And in all cases, the message was never anywhere > near the putative sender's mail client or mail system. I think that's > enough to label the exercise "forgery". We'll have to agree to disagree. I think of forgery as using someone's name without permission, this is more like embezzlement. :-) And look at what just popped up on the radar, it may be connected to this specific incident. "Hackers launch Facebook phishing attack" http://money.cnn.com/2009/05/14/technology/facebook_hackers.reut/index.htm > But the forgery question aside: these messages are (a) unsolicited > (b) bulk (c) email, which means they're spam by definition -- and > that's easily sufficient reason to block the sites which are not only > deliberately emitting them, but have gone through considerable pains to > do so. Agreed! -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On Fri, May 15, 2009 at 10:40:47AM -0700, Jay Hennigan wrote: > Which begs the question as to whether it was truly forged, or whether > the subscriber followed the link to "Give us your email account password > so we can spam your entire address book" which is default (mis)behavior > on such sites. I'll argue that doing the latter *is* doing the former. Some sites set the putative sender to the real address of their member; others use an address at the site itself. But all of them (AFAIK) use the member's full name even though the member isn't the one sending the message or ncrafting its content. And in all cases, the message was never anywhere near the putative sender's mail client or mail system. I think that's enough to label the exercise "forgery". But the forgery question aside: these messages are (a) unsolicited (b) bulk (c) email, which means they're spam by definition -- and that's easily sufficient reason to block the sites which are not only deliberately emitting them, but have gone through considerable pains to do so. As to "collateral damage" (mentioned in another followup): as I argued (at length and successfully) about this time last year on IETF-ASRG during a discussion of the BCP for DNSBL operation, there's no such thing. I won't recapitulate that entire argument here, but the short version is that there is no such thing as "collateral damage" in this context because there's no "damage" of any kind. None. Zero. Zilch. Nada. Incidentally, I *did* at one point try content-filtering these messages, even though I consider content filtering a vastly inferior method of inbound spam control and largely unworthy of professional use. But as I discovered while running the experiment, these social spamming sites change the content just often enough to render those filters rather ineffective. After fiddling with it for a while, I realized that my attempt to be A Nice Guy about it was pointless, and that outright blacklisting of their domains was a much better choice. ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
> Is this really enough of a problem to devote the MLC and Merit's > energy toward solving it? if it distracts them from censoring messages from my peers and from sending nasty-grams to my peers, i think it's a great idea! randy ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On Fri, May 15, 2009 at 11:51:45AM -0700, Steve Feldman wrote: [snip] > Is this really enough of a problem to devote the MLC and Merit's > energy toward solving it? > > I do agree that if this really is worth the effort, filtering on the > subject will cause much less collateral damage than filtering on the > sender's domain. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On May 15, 2009, at 11:29 AM, Martin Hannigan wrote: > > Mailman can easily snatch phrases in subjects like stock social net > invites and 'out of office' or vacation messages. Probably with a very > high success rate as well requiring no intervention by admins. Or we could just accept the fact that we'll occasionally have to delete these messages ourselves. Is this really enough of a problem to devote the MLC and Merit's energy toward solving it? I do agree that if this really is worth the effort, filtering on the subject will cause much less collateral damage than filtering on the sender's domain. [My own opinions, SC hat off.] Steve ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
The user does have to click on 'invite' and can select some or all once the contact slurp occurs. My thought is that they opted to invite everyone thus nanog getting invited. IIRC, Facebook, all mail portals, and other like portals invite you to 'find' contacts on their system this way. Mail portals will transition your mbox from one to another using this method, FWIW. It is certainly a nice feature (no comment on security). Mailman can easily snatch phrases in subjects like stock social net invites and 'out of office' or vacation messages. Probably with a very high success rate as well requiring no intervention by admins. Best, Marty On 5/15/09, Jay Hennigan wrote: > Rich Kulawiec wrote: >> The NANOG list got hit this morning by spam from facebook, using >> the forged address of a subscriber. Any number of "social networks" >> are using this tactic -- grabbing the address books of members and >> then spamming every address in them on behalf of their latest >> victmember. > > Which begs the question as to whether it was truly forged, or whether > the subscriber followed the link to "Give us your email account password > so we can spam your entire address book" which is default (mis)behavior > on such sites. > >> They know that this approach will likely hit any/all mailing lists >> in the address book, which is why they forge the sender address: >> it's more likely to get through to lists which use the sender address >> as a form of validation. > > I'm not sure if I would call that a forgery if the address owner > willingly (albeit cluelessly) supplied the credentials to his email > account and instructed the spa^H^H^Hsocial networking site to "invite > all of these addresses". > > Yes, Facebook, etc. putting up a website asking for people to supply > their email username/password is dead wrong. Perhaps not as egregiously > wrong as putting up a website asking for people's banking > username/password, but wrong. As Mr. Barnum observed, about every 60 > seconds someone will fall for either or both. I am *somewhat* surprised > that it would happen *here* of all places. > > -- > Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net > Impulse Internet Service - http://www.impulse.net/ > Your local telephone and internet company - 805 884-6323 - WB6RDV > > ___ > Nanog-futures mailing list > Nanog-futures@nanog.org > http://mailman.nanog.org/mailman/listinfo/nanog-futures > -- Martin Hannigan mar...@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
Rich Kulawiec wrote: > The NANOG list got hit this morning by spam from facebook, using > the forged address of a subscriber. Any number of "social networks" > are using this tactic -- grabbing the address books of members and > then spamming every address in them on behalf of their latest victmember. Which begs the question as to whether it was truly forged, or whether the subscriber followed the link to "Give us your email account password so we can spam your entire address book" which is default (mis)behavior on such sites. > They know that this approach will likely hit any/all mailing lists > in the address book, which is why they forge the sender address: > it's more likely to get through to lists which use the sender address > as a form of validation. I'm not sure if I would call that a forgery if the address owner willingly (albeit cluelessly) supplied the credentials to his email account and instructed the spa^H^H^Hsocial networking site to "invite all of these addresses". Yes, Facebook, etc. putting up a website asking for people to supply their email username/password is dead wrong. Perhaps not as egregiously wrong as putting up a website asking for people's banking username/password, but wrong. As Mr. Barnum observed, about every 60 seconds someone will fall for either or both. I am *somewhat* surprised that it would happen *here* of all places. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Countermeasures for spam from "social networks"
On May 15, 2009, at 8:03 AM, Rich Kulawiec wrote: > The NANOG list got hit this morning by spam from facebook, using > the forged address of a subscriber. It was more likely someone importing their contact list indiscriminately > This does have a useful side effect: anyone who works for these > companies can't use the mailing lists I'm hosting, well, at least > not from their corporate domains. I recommend that the MLC do the > same or equivalent for the NANOG list. > > facebook.com We'll consider a blacklist, but it's dangerous, I know their are some good engineers @facebook.com. -- kris ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
[Nanog-futures] Countermeasures for spam from "social networks"
The NANOG list got hit this morning by spam from facebook, using the forged address of a subscriber. Any number of "social networks" are using this tactic -- grabbing the address books of members and then spamming every address in them on behalf of their latest victmember. They know that this approach will likely hit any/all mailing lists in the address book, which is why they forge the sender address: it's more likely to get through to lists which use the sender address as a form of validation. On the mailing list servers I run, I've blacklisted all traffic from the following list of domains (which I'm sure is incomplete). In sendmail access file parlance: Connect:example.com ERROR:5.7.1:"550 Mail refused" This does have a useful side effect: anyone who works for these companies can't use the mailing lists I'm hosting, well, at least not from their corporate domains. I recommend that the MLC do the same or equivalent for the NANOG list. badoo.com birthdayalarm.com classmates.com eventbrite.com facebook.com facebookmail.com fanbox.com fanboxnotes.com faniq.com friendsite.com friendster.com godtube.com grouply.com hi5.com iminlikewithyou.com indiashines.com jcomm2.com kaneva.com linkedin.com multiply.com mydailyflog.com mylife.com myspace.com myyearbook.com ning.com perfspot.com plaxo.com refriendz.com reunion.com ringo.com scour.com spoke.com stumbleupon.com tagged.com taggedmail.com tagstat.com tfbnw.net twitter.com unyk.com xing.com yaari.com yaarinvites.com youbundle.com ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
