Re: How To Kill Spam Dead?
Eric Lemings wrote: How do I use SpamAssassin (along with any other necessary mail software) to kill spam dead? I mean so that it doesn't even reach my mail spool directory. I've looked in FAQ after FAQ, site after site, book after book, and the closest thing to an answer that I've found is the chapter in O'Reilly's SpamAssassin book where it says you can use the SpamAssassin score to allow MIMEDefang (or other Milter) to bounce spam during the SMTP transaction but doesn't specify how. Any pointers, links, or info greatly appreciated. BTW I use Sendmail as my MTA. Thanks, Eric. You could use procmail rules I guess, though a simpler method would be to use something like MailScanner (http://www.mailscanner.info) -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763
Re: How To Kill Spam Dead?
From: "Michele Neylon :: Blacknight" <[EMAIL PROTECTED]>
Eric Lemings wrote:
How do I use SpamAssassin (along with any other necessary mail software)
to kill spam dead? I mean so that it doesn't even reach my mail spool
directory.
I've looked in FAQ after FAQ, site after site, book after book, and the
closest thing to an answer that I've found is the chapter in O'Reilly's
SpamAssassin book where it says you can use the SpamAssassin score to
allow MIMEDefang (or other Milter) to bounce spam during the SMTP
transaction but doesn't specify how.
Any pointers, links, or info greatly appreciated. BTW I use Sendmail as
my MTA.
Thanks,
Eric.
You could use procmail rules I guess, though a simpler method would be to
use something like MailScanner (http://www.mailscanner.info)
The procmail rules needed are on the spamassassin wiki. I use procmail
here. I also use it to feed it to a individual spam folder for review.
I also use a slightly advanced feature of procmail to tell it not to
scan mail that comes from this list. (I also use more advanced simple
to jettison email from certain people identified as trolls or from
sites that insist upon using confirmation messages to allow my mail
through. I consider their confirmation requests to be spam, attempts
to validate my address for future spam runs, rude, and just plain
annoying. So I jettison anything from those sites that looks like
such a request. (And in one case I had to jettison everything from
a Brazilian ISP.) Setting those rules is quite easy in ProcMail. I
suppose it is in other products. ProcMail has the pleasing default
behavior of not changing email content in any way on its own.
I also misuse one of its features to play two different alert sounds
when email from three different sources come in. Those are priority
sources, like customer or partner. So attending to them pronto is a
good idea. {^_-} I wonder if I could get mailscanner or one of those
other bloated tools to do it.
{^_^}
Re: How To Kill Spam Dead?
At 18:12 29-05-2007, Eric Lemings wrote: How do I use SpamAssassin (along with any other necessary mail software) to kill spam dead? I mean so that it doesn't even reach my mail spool directory. I've looked in FAQ after FAQ, site after site, book after book, and the closest thing to an answer that I've found is the chapter in O'Reilly's SpamAssassin book where it says you can use the SpamAssassin score to allow MIMEDefang (or other Milter) to bounce spam during the SMTP transaction but doesn't specify how. Any pointers, links, or info greatly appreciated. BTW I use Sendmail as my MTA. http://wiki.apache.org/spamassassin/IntegratedInMta There is a section for sendmail. The Install documentation for the milter usually explains how to get it to reject spam. Regards, -sm
RE: How To Kill Spam Dead?
> -Original Message- > From: SM [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 29, 2007 9:54 PM > To: users@spamassassin.apache.org > Subject: Re: How To Kill Spam Dead? > > At 18:12 29-05-2007, Eric Lemings wrote: > > > >How do I use SpamAssassin (along with any other necessary mail > >software) to kill spam dead? I mean so that it doesn't even reach > >my mail spool directory. > > > >I've looked in FAQ after FAQ, site after site, book after book, and > >the closest thing to an answer that I've found is the chapter in > >O'Reilly's SpamAssassin book where it says you can use the > >SpamAssassin score to allow MIMEDefang (or other Milter) to bounce > >spam during the SMTP transaction but doesn't specify how. > > > >Any pointers, links, or info greatly appreciated. BTW I use > >Sendmail as my MTA. > > http://wiki.apache.org/spamassassin/IntegratedInMta > > There is a section for sendmail. The Install documentation for the > milter usually explains how to get it to reject spam. Where exactly are these docs? All I see is a page full of links. Thanks, Eric.
RE: How To Kill Spam Dead?
> -Original Message- > From: jdow [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 29, 2007 7:39 PM > To: users@spamassassin.apache.org > Subject: Re: How To Kill Spam Dead? > > From: "Michele Neylon :: Blacknight" <[EMAIL PROTECTED]> > > > Eric Lemings wrote: > >> How do I use SpamAssassin (along with any other necessary > mail software) > >> to kill spam dead? I mean so that it doesn't even reach > my mail spool > >> directory. > >> I've looked in FAQ after FAQ, site after site, book after > book, and the > >> closest thing to an answer that I've found is the chapter > in O'Reilly's > >> SpamAssassin book where it says you can use the > SpamAssassin score to > >> allow MIMEDefang (or other Milter) to bounce spam during the SMTP > >> transaction but doesn't specify how. > >> Any pointers, links, or info greatly appreciated. BTW I > use Sendmail as > >> my MTA. > >> Thanks, > >> Eric. > >> > > > > > > You could use procmail rules I guess, though a simpler > method would be to > > use something like MailScanner (http://www.mailscanner.info) > > The procmail rules needed are on the spamassassin wiki. I use procmail > here. I read through these Procmail docs and all I found was how to filter spam -- that is, it's still passed through the delivery process. For certain levels of spam (as scored by SpamAssassin), I don't even want to see it. I want Sendmail (via a milter or whatever) to reject it completely. The Subject and Send may get logged for diagnostic purposes but other than that it doesn't get stored anywhere on the mail server. For less certain spam, I may deliver to a separate folder/mailbox for review which is what I have Sendmail (and associated mailing software) doing now. Thanks, Eric.
RE: How To Kill Spam Dead?
At 07:55 30-05-2007, Eric Lemings wrote: Where exactly are these docs? All I see is a page full of links. These links point to software which can be used with SpamAssassin. If you follow the links, you should see a webpage to download the software. That webpage may contain instructions on how to install the software. The download usually includes documentation. There may be a README or INSTALL file which explains how to install the software. Regards, -sm
RE: How To Kill Spam Dead?
On Wed, 30 May 2007, Eric Lemings wrote: > I read through these Procmail docs and all I found was how to filter > spam -- that is, it's still passed through the delivery process. > > For certain levels of spam (as scored by SpamAssassin), I don't even > want to see it. I want Sendmail (via a milter or whatever) to reject > it completely. The Subject and Send may get logged for diagnostic > purposes but other than that it doesn't get stored anywhere on the > mail server. > > For less certain spam, I may deliver to a separate folder/mailbox for > review which is what I have Sendmail (and associated mailing software) > doing now. Take a look at the spamassassin procmail ruleset at http://www.impsec/org/~jhardin/antispam/ for a starting point. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- If someone has a gun and is trying to kill you, it would be reasonable to shoot back with your own gun. -- the Dalai Lama, May 15, 2001 --- 524 days until the Presidential Election
RE: How To Kill Spam Dead?
On Wed, 30 May 2007, John D. Hardin wrote: > Take a look at the spamassassin procmail ruleset at > http://www.impsec/org/~jhardin/antispam/ for a starting point. Bah. That URL should, of course, be: http://www.impsec.org/~jhardin/antispam/ -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- If someone has a gun and is trying to kill you, it would be reasonable to shoot back with your own gun. -- the Dalai Lama, May 15, 2001 --- 524 days until the Presidential Election
Re: How To Kill Spam Dead?
From: "John D. Hardin" <[EMAIL PROTECTED]>
On Wed, 30 May 2007, John D. Hardin wrote:
Take a look at the spamassassin procmail ruleset at
http://www.impsec/org/~jhardin/antispam/ for a starting point.
Bah. That URL should, of course, be:
http://www.impsec.org/~jhardin/antispam/
Your request for http://www.impsec.org/~jhardin/antispam/ could not be
fulfilled, because the connection to www.impsec.org (207.210.83.140) could
not be established.
host www.impsec.org
www.impsec.org has address 207.210.83.140
Your request for http://207.210.83.140/~jhardin/antispam could not be
fulfilled, because the connection to 207.210.83.140 (207.210.83.140) could
not be established.
For the filtering Eric needs to filter in the return value from spamc
or on a recognizeable feature of his spam markup. Some markups have a
string of asterisks one per unit score. So searching for at least five
asterisks in a row on the same row as the appropriate header name does
it. Not knowing his setup I can't get more specific. I simply toss all
the spam in a spam folder, sort by score, and examine the lower scores
before tossing them all into a training folder because I manually train.
{o.o}
Re: How To Kill Spam Dead?
From: "John D. Hardin" <[EMAIL PROTECTED]>
On Wed, 30 May 2007, John D. Hardin wrote:
Take a look at the spamassassin procmail ruleset at
http://www.impsec/org/~jhardin/antispam/ for a starting point.
Bah. That URL should, of course, be:
http://www.impsec.org/~jhardin/antispam/
THAT said, this following link might be a barely scratching the surface
"good start." Robert Alan Soloway has been arrested for a host of spam
related offenses. Now, if they apply a gruesome enough punishment maybe
others will become a little less likely to spam.
Of course, we also need to go after his, and other spammer's, food chains
and nail some of those hides to the wall as well.
http://www.foxnews.com/story/0,2933,276573,00.html
{^_-}
Re: How To Kill Spam Dead?
guys, even though we use SA for tagging... the real short to long term
solution is TMDA
just my 2c worth
On 5/31/07, jdow <[EMAIL PROTECTED]> wrote:
From: "John D. Hardin" <[EMAIL PROTECTED]>
> On Wed, 30 May 2007, John D. Hardin wrote:
>
>> Take a look at the spamassassin procmail ruleset at
>> http://www.impsec/org/~jhardin/antispam/ for a starting point.
>
> Bah. That URL should, of course, be:
>
> http://www.impsec.org/~jhardin/antispam/
THAT said, this following link might be a barely scratching the surface
"good start." Robert Alan Soloway has been arrested for a host of spam
related offenses. Now, if they apply a gruesome enough punishment maybe
others will become a little less likely to spam.
Of course, we also need to go after his, and other spammer's, food chains
and nail some of those hides to the wall as well.
http://www.foxnews.com/story/0,2933,276573,00.html
{^_-}
Re: How To Kill Spam Dead?
Dennis Kavadas wrote: > guys, even though we use SA for tagging... the real short to long term > solution is TMDA I remember one of my friends saying just that - about 5 years ago. It might be fine for personal email, but it's not very useful in a business context. Too much end-user education required. /Per Jessen, Zürich
Re: How To Kill Spam Dead?
Per Jessen wrote: Dennis Kavadas wrote: guys, even though we use SA for tagging... the real short to long term solution is TMDA I remember one of my friends saying just that - about 5 years ago. It might be fine for personal email, but it's not very useful in a business context. Too much end-user education required. That, and TDMA is a blight upon the internet. It is at best misguided, and at worst irresponsible, to use challenge-response email systems.
Re: How To Kill Spam Dead?
John Rudd wrote: > Per Jessen wrote: >> Dennis Kavadas wrote: >> >>> guys, even though we use SA for tagging... the real short to long term >>> solution is TMDA >> >> I remember one of my friends saying just that - about 5 years ago. It >> might be fine for personal email, but it's not very useful in a >> business context. Too much end-user education required. > > That, and TDMA is a blight upon the internet. It is at best > misguided, and at worst irresponsible, to use challenge-response email > systems. > > Agreed. Challenge response systems attempt to solve the problem of spam by forwarding it to someone else and hoping they'll use good judgment for you and only approve mail they actually sent. You're turning your spam problems into theirs. The problem boils down to forged spam emails. If you're using TMDA and a forged spam comes in, your TMDA system in-turn spams that victim of forgery. After spaming them, you're hoping that they'll be nice and delete the message for you, because you're too lazy to do it yourself. My question is, why should I not activate the spam, after your TMDA system has chosen to intrude on MY mailbox in an attempt to solve YOUR spam problems? Do I have any prior agreement with you to perform this task properly? Are you paying me for my time? Oh, that's right, you're not paying me, nor have you previously asked me if it's ok to do this to my mailbox, so I'm free to do as I please.. Well then, who am I to stop you from getting advertisements you might actually want? *click* Seriously, I take this approach to every TMDA challenge I get. I encourage everyone to do the same. It is not your responsibility to filter people's spam for them, so take the time and return the problem back to its original owner.
Re: How To Kill Spam Dead?
From: "Per Jessen" <[EMAIL PROTECTED]>
Dennis Kavadas wrote:
guys, even though we use SA for tagging... the real short to long term
solution is TMDA
I remember one of my friends saying just that - about 5 years ago. It
might be fine for personal email, but it's not very useful in a
business context. Too much end-user education required.
TMDA involves challenge/response. I ***NEVER*** reply to spam.
A challenge, from a challenge response system is spam. Hence I
***NEVER*** reply to challenges. I have rerouted messages to idiots
who use it to tell them that their email host is broken and is very
unlikely to allow mail from me through. I suggest they get a real mail
service.
{^_^}
Re: How To Kill Spam Dead?
From: "John Rudd" <[EMAIL PROTECTED]>
Per Jessen wrote:
Dennis Kavadas wrote:
guys, even though we use SA for tagging... the real short to long term
solution is TMDA
I remember one of my friends saying just that - about 5 years ago. It
might be fine for personal email, but it's not very useful in a
business context. Too much end-user education required.
That, and TDMA is a blight upon the internet. It is at best misguided,
and at worst irresponsible, to use challenge-response email systems.
Amend that, at worst monumentally stupid and probably should be
criminal to use challenge/response
{^_^}I hope I'm clear that I don't like it.
Re: How To Kill Spam Dead?
From: "Matt Kettler" <[EMAIL PROTECTED]>
John Rudd wrote:
Per Jessen wrote:
Dennis Kavadas wrote:
guys, even though we use SA for tagging... the real short to long term
solution is TMDA
I remember one of my friends saying just that - about 5 years ago. It
might be fine for personal email, but it's not very useful in a
business context. Too much end-user education required.
That, and TDMA is a blight upon the internet. It is at best
misguided, and at worst irresponsible, to use challenge-response email
systems.
Agreed. Challenge response systems attempt to solve the problem of spam
by forwarding it to someone else and hoping they'll use good judgment
for you and only approve mail they actually sent. You're turning your
spam problems into theirs.
The problem boils down to forged spam emails. If you're using TMDA and a
forged spam comes in, your TMDA system in-turn spams that victim of
forgery. After spaming them, you're hoping that they'll be nice and
delete the message for you, because you're too lazy to do it yourself.
My question is, why should I not activate the spam, after your TMDA
system has chosen to intrude on MY mailbox in an attempt to solve YOUR
spam problems?
Do I have any prior agreement with you to perform this task properly?
Are you paying me for my time? Oh, that's right, you're not paying me,
nor have you previously asked me if it's ok to do this to my mailbox, so
I'm free to do as I please..
Well then, who am I to stop you from getting advertisements you might
actually want?
*click*
Seriously, I take this approach to every TMDA challenge I get. I
encourage everyone to do the same. It is not your responsibility to
filter people's spam for them, so take the time and return the problem
back to its original owner.
After the third challenge my .procmailrc recipe grows a little as it
intercepts their email early before SpamAssassin and thoughtfully
redirects it to /dev/null. There is a Brazillian ISP on that list at the
moment, for example.
{^_^}
Re: How To Kill Spam Dead?
On Thu, 31 May 2007, jdow wrote: > this following link might be a barely scratching the surface "good > start." Robert Alan Soloway has been arrested for a host of spam > related offenses. Now, if they apply a gruesome enough punishment > maybe others will become a little less likely to spam. +1 Gibs! I want gibs! > Of course, we also need to go after his, and other spammer's, food > chains and nail some of those hides to the wall as well. > > http://www.foxnews.com/story/0,2933,276573,00.html -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- USMC Rules of Gunfighting #9: Accuracy is relative: most combat shooting standards will be more dependent on "pucker factor" than the inherent accuracy of the gun. --- 523 days until the Presidential Election
Re: How To Kill Spam Dead?
most, if not all spam have spoofed addresses headers that do not resolve to a valid account on any host, that said, how is it a problem ? On 5/31/07, Matt Kettler <[EMAIL PROTECTED]> wrote: John Rudd wrote: > Per Jessen wrote: >> Dennis Kavadas wrote: >> >>> guys, even though we use SA for tagging... the real short to long term >>> solution is TMDA >> >> I remember one of my friends saying just that - about 5 years ago. It >> might be fine for personal email, but it's not very useful in a >> business context. Too much end-user education required. > > That, and TDMA is a blight upon the internet. It is at best > misguided, and at worst irresponsible, to use challenge-response email > systems. > > Agreed. Challenge response systems attempt to solve the problem of spam by forwarding it to someone else and hoping they'll use good judgment for you and only approve mail they actually sent. You're turning your spam problems into theirs. The problem boils down to forged spam emails. If you're using TMDA and a forged spam comes in, your TMDA system in-turn spams that victim of forgery. After spaming them, you're hoping that they'll be nice and delete the message for you, because you're too lazy to do it yourself. My question is, why should I not activate the spam, after your TMDA system has chosen to intrude on MY mailbox in an attempt to solve YOUR spam problems? Do I have any prior agreement with you to perform this task properly? Are you paying me for my time? Oh, that's right, you're not paying me, nor have you previously asked me if it's ok to do this to my mailbox, so I'm free to do as I please.. Well then, who am I to stop you from getting advertisements you might actually want? *click* Seriously, I take this approach to every TMDA challenge I get. I encourage everyone to do the same. It is not your responsibility to filter people's spam for them, so take the time and return the problem back to its original owner.
Re: How To Kill Spam Dead?
if i had never meet you before and if i asked you to knock on my door before
barging in, would you believe that was to much to ask of you ?
On 6/1/07, jdow <[EMAIL PROTECTED]> wrote:
From: "Per Jessen" <[EMAIL PROTECTED]>
Dennis Kavadas wrote:
> guys, even though we use SA for tagging... the real short to long term
> solution is TMDA
I remember one of my friends saying just that - about 5 years ago. It
might be fine for personal email, but it's not very useful in a
business context. Too much end-user education required.
TMDA involves challenge/response. I ***NEVER*** reply to spam.
A challenge, from a challenge response system is spam. Hence I
***NEVER*** reply to challenges. I have rerouted messages to idiots
who use it to tell them that their email host is broken and is very
unlikely to allow mail from me through. I suggest they get a real mail
service.
{^_^}
Re: How To Kill Spam Dead?
why ? On 5/31/07, John Rudd <[EMAIL PROTECTED]> wrote: Per Jessen wrote: > Dennis Kavadas wrote: > >> guys, even though we use SA for tagging... the real short to long term >> solution is TMDA > > I remember one of my friends saying just that - about 5 years ago. It > might be fine for personal email, but it's not very useful in a > business context. Too much end-user education required. That, and TDMA is a blight upon the internet. It is at best misguided, and at worst irresponsible, to use challenge-response email systems.
Re: How To Kill Spam Dead?
why isn't it useful in a business context ? there sender gets a challange once ! ...how is that a problem ? On 5/31/07, Per Jessen <[EMAIL PROTECTED]> wrote: Dennis Kavadas wrote: > guys, even though we use SA for tagging... the real short to long term > solution is TMDA I remember one of my friends saying just that - about 5 years ago. It might be fine for personal email, but it's not very useful in a business context. Too much end-user education required. /Per Jessen, Zürich
Re: How To Kill Spam Dead?
Dennis Kavadas wrote: most, if not all spam have spoofed addresses headers that do not resolve to a valid account on any host, that said, how is it a problem ? Tell that to my Inbox that gets 40 or 50 bounces a day from clueless admins who accept then bounce. I get info@, webmaster@, dns@ etc. Usually I just blacklist their IP's until they smarten up. And since I manage servers for over 500K users, usually they smarten up pretty quick. TMDA challenges go right in the trash, especially if it's a cmpany I want to do business with or someone I'm trying to help out. Just my $0.02 Rick
Re: How To Kill Spam Dead?
Dennis Kavadas schrieb: if i had never meet you before and if i asked you to knock on my door before barging in, would you believe that was to much to ask of you ? think about it if 1.000.000 People claim to be me , and you ask always me if i was it how do you think i react Matthias Häker
Re: How To Kill Spam Dead?
Dennis Kavadas wrote: why ? On 5/31/07, John Rudd <[EMAIL PROTECTED]> wrote: Per Jessen wrote: > Dennis Kavadas wrote: > >> guys, even though we use SA for tagging... the real short to long term >> solution is TMDA > > I remember one of my friends saying just that - about 5 years ago. It > might be fine for personal email, but it's not very useful in a > business context. Too much end-user education required. That, and TDMA is a blight upon the internet. It is at best misguided, and at worst irresponsible, to use challenge-response email systems. (this really ought to be an FAQ somewhere) Misguided: As was stated elsewhere, you're moving the burden of your anti-spam decision to another person's resources (not just their system resources, but their actual personal time). Further, this burden will ONLY be placed upon legitimate senders, as spambots wont see the challenge and direct-spammers will either ignore it or catalog it. So, it's essentially a tax upon legitimate senders. That's stupid (and there aren't many things I outright call stupid). Irresponsible: Challenge-Response anti-spam email systems are a perfect vector for implementing a joe-job style denial of service. Consider that if challenge-response/TDMA systems become widespread, say one million users. Now lets say a spam goes out that claims to be from [EMAIL PROTECTED], and domain.tld doesn't have anything in place like SPF, DK, nor DKIM (or if they have SPF, it's in done in a way that's exploitable and thus useless but keeps them from being blocked for not having an SPF record). So, now [EMAIL PROTECTED] is about to get a flood of a million challenge messages. Probably within a few seconds. Even if these don't reach his own account because of his own challege-reponse system, they WILL hit his mail server. One million extra email messages (above and beyond usual production email rate) in a few seconds is nothing to dismiss. Most email services would be overwhelmed by that. And the potential flood is even higher if more people adopt the technology. And, remember what I said above about spammers might catalog those challenge-response messages? There's a growing overlap between spam senders and organized crime. The very people who might use their botnet to send spam might turn around and use it to leverage a list of known challenge-response users to get them to be the source of a distributed denial of service attack. Challenge-response systems are just ripe for abuse by 3rd parties. Using them is allowing you and your resources to be ripe for abuse, and is therefore irresponsible.
Re: How To Kill Spam Dead?
Dennis Kavadas wrote: if i had never meet you before and if i asked you to knock on my door before barging in, would you believe that was to much to ask of you ? If you are a business or someone looking for help, you either have an open door policy or you asked for someone to help you out. Asking them to knock first is just rude and, in the case of businesses, standing in the way of doing business, since your clients can not easily get a hold of you. Rick
Re: How To Kill Spam Dead?
Terrible analogy. How often do you get a million people all knocking on your door at once? Dennis Kavadas wrote: if i had never meet you before and if i asked you to knock on my door before barging in, would you believe that was to much to ask of you ? On 6/1/07, jdow <[EMAIL PROTECTED]> wrote: From: "Per Jessen" <[EMAIL PROTECTED]> Dennis Kavadas wrote: > guys, even though we use SA for tagging... the real short to long term > solution is TMDA I remember one of my friends saying just that - about 5 years ago. It might be fine for personal email, but it's not very useful in a business context. Too much end-user education required. TMDA involves challenge/response. I ***NEVER*** reply to spam. A challenge, from a challenge response system is spam. Hence I ***NEVER*** reply to challenges. I have rerouted messages to idiots who use it to tell them that their email host is broken and is very unlikely to allow mail from me through. I suggest they get a real mail service.
Re: How To Kill Spam Dead?
If your assumption here were true, joe-job attacks would be practically unheard-of. And for it to be a successful joe-job attack, the sending account doesn't have to exist, only the sending mail domain has to exist. Dennis Kavadas wrote: most, if not all spam have spoofed addresses headers that do not resolve to a valid account on any host, that said, how is it a problem ? On 5/31/07, Matt Kettler <[EMAIL PROTECTED]> wrote: John Rudd wrote: > Per Jessen wrote: >> Dennis Kavadas wrote: >> >>> guys, even though we use SA for tagging... the real short to long term >>> solution is TMDA >> >> I remember one of my friends saying just that - about 5 years ago. It >> might be fine for personal email, but it's not very useful in a >> business context. Too much end-user education required. > > That, and TDMA is a blight upon the internet. It is at best > misguided, and at worst irresponsible, to use challenge-response email > systems. > > Agreed. Challenge response systems attempt to solve the problem of spam by forwarding it to someone else and hoping they'll use good judgment for you and only approve mail they actually sent. You're turning your spam problems into theirs. The problem boils down to forged spam emails. If you're using TMDA and a forged spam comes in, your TMDA system in-turn spams that victim of forgery. After spaming them, you're hoping that they'll be nice and delete the message for you, because you're too lazy to do it yourself. My question is, why should I not activate the spam, after your TMDA system has chosen to intrude on MY mailbox in an attempt to solve YOUR spam problems? Do I have any prior agreement with you to perform this task properly? Are you paying me for my time? Oh, that's right, you're not paying me, nor have you previously asked me if it's ok to do this to my mailbox, so I'm free to do as I please.. Well then, who am I to stop you from getting advertisements you might actually want? *click* Seriously, I take this approach to every TMDA challenge I get. I encourage everyone to do the same. It is not your responsibility to filter people's spam for them, so take the time and return the problem back to its original owner.
Re: How To Kill Spam Dead?
From: "Rick Macdougall" <[EMAIL PROTECTED]>
Dennis Kavadas wrote:
if i had never meet you before and if i asked you to knock on my door
before barging in, would you believe that was to much to ask of you ?
If you are a business or someone looking for help, you either have an open
door policy or you asked for someone to help you out.
Asking them to knock first is just rude and, in the case of businesses,
standing in the way of doing business, since your clients can not easily
get a hold of you.
Actually the situation is the reverse of the stranger at the door situation.
THEY are the stranger to whom I am replying. I've not hit a corporation
stupid enough to turn me away with a C/R.
All the C/R's I have experienced are from ME answering THEIR email. That
in NO WAY matches the stranger at the door. HE is the stranger at the door
not me. Most of the C/Rs have been to messages on mailing lists. That is
as utterly unfriendly as you can get. And, again, HE is the stranger at the
door
I was trying to help.
That level of rudeness does not set well with me. Call me a crotchety old
bitch if you want. But I will continue to reject C/R, often with extreme
prejudice,
into the foreseeable future.
{^_^}
Re: How To Kill Spam Dead?
Dennis Kavadas wrote: > most, if not all spam have spoofed addresses headers that do not > resolve to a valid account on any host, that said, how is it a problem ? Really? How are you so sure of this? Read up on the term "joe job".
Re: How To Kill Spam Dead?
Dennis Kavadas wrote: most, if not all spam have spoofed addresses headers that do not resolve to a valid account on any host Tell that to the thousands of our clients who have to deal with the bouncebacks and other junk -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763
Re: How To Kill Spam Dead?
> think about it > > if 1.000.000 People claim to be me , and you ask always me if i was it > > how do you think i react I did run into what I consider to be a responsible C/R system today-- this is the NDR generated by my own mail server: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: @.com SMTP error from remote mail server after end of data: host [000.00.000.00]: 550 POSSIBLE SPAM! CLICK HERE TO DELIVER: http://33.4mail.com/l/? So what their server is doing is fakerejecting the message after DATA, then quarantining it and giving the release URL as part of the SMTP transaction. This eliminates my major objection to C/R: the challenge goes to the host that attempted to send the message and not to the (probably forged) return-address. No backscatter, no joejob potential. The only problem I see is that some MTAs may "clean up" the message until it's unrecognizable. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com "...Life is not a journey to the grave with the intention of arriving safely in one pretty and well-preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!!" -- Bill McKenna
Re: How To Kill Spam Dead?
jdow wrote:
From: "Rick Macdougall" <[EMAIL PROTECTED]>
Dennis Kavadas wrote:
if i had never meet you before and if i asked you to knock on my
door before barging in, would you believe that was to much to ask of
you ?
If you are a business or someone looking for help, you either have an
open door policy or you asked for someone to help you out.
Asking them to knock first is just rude and, in the case of
businesses, standing in the way of doing business, since your clients
can not easily get a hold of you.
Actually the situation is the reverse of the stranger at the door
situation.
THEY are the stranger to whom I am replying. I've not hit a corporation
stupid enough to turn me away with a C/R.
All the C/R's I have experienced are from ME answering THEIR email. That
in NO WAY matches the stranger at the door. HE is the stranger at the
door
not me. Most of the C/Rs have been to messages on mailing lists. That is
as utterly unfriendly as you can get. And, again, HE is the stranger
at the door
I was trying to help.
That level of rudeness does not set well with me. Call me a crotchety old
bitch if you want. But I will continue to reject C/R, often with
extreme prejudice,
into the foreseeable future.
{^_^}
Heh, I think I love you :)
Rick
Re: How To Kill Spam Dead?
i think we all need to read the TMDA FAQ ! :-)
On 6/1/07, Rick Macdougall <[EMAIL PROTECTED]> wrote:
jdow wrote:
> From: "Rick Macdougall" <[EMAIL PROTECTED]>
>
>> Dennis Kavadas wrote:
>>> if i had never meet you before and if i asked you to knock on my
>>> door before barging in, would you believe that was to much to ask of
>>> you ?
>>>
>> If you are a business or someone looking for help, you either have an
>> open door policy or you asked for someone to help you out.
>>
>> Asking them to knock first is just rude and, in the case of
>> businesses, standing in the way of doing business, since your clients
>> can not easily get a hold of you.
>
> Actually the situation is the reverse of the stranger at the door
> situation.
> THEY are the stranger to whom I am replying. I've not hit a corporation
> stupid enough to turn me away with a C/R.
>
> All the C/R's I have experienced are from ME answering THEIR email. That
> in NO WAY matches the stranger at the door. HE is the stranger at the
> door
> not me. Most of the C/Rs have been to messages on mailing lists. That is
> as utterly unfriendly as you can get. And, again, HE is the stranger
> at the door
> I was trying to help.
>
> That level of rudeness does not set well with me. Call me a crotchety
old
> bitch if you want. But I will continue to reject C/R, often with
> extreme prejudice,
> into the foreseeable future.
>
> {^_^}
Heh, I think I love you :)
Rick
Re: How To Kill Spam Dead?
On Thursday 31 May 2007, John D. Hardin wrote: >On Thu, 31 May 2007, Rick Macdougall wrote: >> jdow wrote: >> > That level of rudeness does not set well with me. Call me a crotchety >> > old bitch if you want. But I will continue to reject C/R, often with >> > extreme prejudice, into the foreseeable future. >> >> Heh, I think I love you :) > >+1 > The line forms over there, way over there. >-- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 >--- > It is not the business of government to make men virtuous or > religious, or to preserve the fool from the consequences of his own > folly. -- Henry George >--- > 523 days until the Presidential Election -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) We have a equal opportunity Calculus class -- it's fully integrated.
Re: How To Kill Spam Dead?
On Thu, 31 May 2007, Rick Macdougall wrote: > jdow wrote: > > > > That level of rudeness does not set well with me. Call me a crotchety old > > bitch if you want. But I will continue to reject C/R, often with > > extreme prejudice, into the foreseeable future. > > Heh, I think I love you :) +1 -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It is not the business of government to make men virtuous or religious, or to preserve the fool from the consequences of his own folly. -- Henry George --- 523 days until the Presidential Election
Re: How To Kill Spam Dead?
I've read it in the past. What part do you think changes the issues
being raised about challenge-response systems?
Dennis Kavadas wrote:
i think we all need to read the TMDA FAQ ! :-)
On 6/1/07, Rick Macdougall <[EMAIL PROTECTED]> wrote:
jdow wrote:
> From: "Rick Macdougall" <[EMAIL PROTECTED]>
>
>> Dennis Kavadas wrote:
>>> if i had never meet you before and if i asked you to knock on my
>>> door before barging in, would you believe that was to much to ask of
>>> you ?
>>>
>> If you are a business or someone looking for help, you either have an
>> open door policy or you asked for someone to help you out.
>>
>> Asking them to knock first is just rude and, in the case of
>> businesses, standing in the way of doing business, since your clients
>> can not easily get a hold of you.
>
> Actually the situation is the reverse of the stranger at the door
> situation.
> THEY are the stranger to whom I am replying. I've not hit a corporation
> stupid enough to turn me away with a C/R.
>
> All the C/R's I have experienced are from ME answering THEIR email. That
> in NO WAY matches the stranger at the door. HE is the stranger at the
> door
> not me. Most of the C/Rs have been to messages on mailing lists. That is
> as utterly unfriendly as you can get. And, again, HE is the stranger
> at the door
> I was trying to help.
>
> That level of rudeness does not set well with me. Call me a crotchety
old
> bitch if you want. But I will continue to reject C/R, often with
> extreme prejudice,
> into the foreseeable future.
>
> {^_^}
Heh, I think I love you :)
Rick
Re: How To Kill Spam Dead?
Dennis Kavadas wrote: > i think we all need to read the TMDA FAQ ! :-) I have read the entire general section. None of it seems to address any of the concerns about TMDA posted by me or anyone else on this list. The only part that's even vaguely relevant to this discussion are sections 1.1 and 1.5. To the extent that these address any of the problems with TMDA, they merely deny they exist. However, both are minor problems, as they affect the person behind the TMDA, not everyone else, so I really don't care. However, none of the FAQ seems to deal with the real issues with TMDA. Impact on the rest of the world. It all boils down to the basic problem that TMDA is a spam generating system that exacerbates and amplifies the power of joe-jobs. In the case of forged-from spam messages you're sending unsolicited email to an uninterested third party. The vast majority of spam runs do use real addresses. They try not to nonexistent junk addresses, because these are always caught in simple call-back filters. Spammers generally use addresses out of their email database for both To: and From: addresses. Many of these are undeliverable due to being old, but spammers do generally try to use real return addresses. Anyone telling you spammers only or mostly use bogus return addresses either hasn't studied spam extensively or is deluding themselves. Pulling the first spam off the top of NANAS: From: Poste Italiane <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> This is a real commercial site's info contact. http://www.poste.it/azienda/posterisponde/ Gee, I didn't have to try hard to find one that I could confirm as an innocent joe.. As for reading material, I think you need to read the SpamCop Listing criteria: http://www.spamcop.net/fom-serve/cache/14.html Note that any misdirected challenge/response can get you blacklisted in spamcop. ie: if a spammer sends you mail with my address in the return-path and you challenge, your server is now qualified to be spamcop blacklisted. There's a reason for this. You've just spammed someone. I also think you should consider reading: http://kmself.home.netcom.com/Rants/challenge-response.html While it is a rant, it does outline the problems involved in challenge-response systems quite well. TMDA is immune to a few of them, however, TMDA is: Definitely Subject to 0, 2, 6, and 11. Please address these. Subject to 1,4,5, and 9, but the merits here are debatable so they can be ignored as far as I'm concerned. Immune or largely immune to 7. Subject to 8, but the presented argument only applies to people who don't remember what they've sent. Can be made immune to 10, but involves manual whitelisting. Immune to 3 if you run your own, subject if you outsource but the same goes for outsourcing anything.
Re: How To Kill Spam Dead?
Dennis Kavadas wrote: > why isn't it useful in a business context ? > there sender gets a challange once ! ...how is that a problem ? > Hi Dennis, It's not a problem per se, just not very useful. In a business context, in particular in a non-English speaking country, the challenge will often cause confusion. Perhaps not for techies, but e.g. for secretaries, and other non-IT functions. And most businesses have more of those than techies. So a TMDA challenge is often at first a time-waster, and later just ignored. /Per Jessen, Zürich
Re: How To Kill Spam Dead?
Matt Kettler writes: > [lots of correct stuff] > ... > Anyone telling you spammers only or mostly use bogus return addresses > either hasn't studied spam extensively or is deluding themselves. Well, they *used* to use bogus addresses -- that was the case 2 or 3 years ago, before Sender Address Verification [1]. Since then, spam generally uses randomly-chosen, "real" user addresses, as Matt says. [1]: http://taint.org/2007/03/16/134743a.html I've written my thoughts about C-R backscatter here: [2] [2]: http://taint.org/2005/09/11/012434a.html The only way I can see to have a NON-abusive challenge-response system nowadays, would be to restrict challenges to domains for which the challenged message passed SPF, Domain Keys or DKIM tests. (You'd still annoy your correspondents, but at least you wouldn't be creating spam for innocent third parties.) None of the C-R filters bother doing that, though. --j.
Re: How To Kill Spam Dead?
From: "Justin Mason" <[EMAIL PROTECTED]>
Matt Kettler writes:
[lots of correct stuff]
...
Anyone telling you spammers only or mostly use bogus return addresses
either hasn't studied spam extensively or is deluding themselves.
Well, they *used* to use bogus addresses -- that was the case 2 or 3
years ago, before Sender Address Verification [1]. Since then, spam
generally uses randomly-chosen, "real" user addresses, as Matt says.
[1]: http://taint.org/2007/03/16/134743a.html
I've written my thoughts about C-R backscatter here: [2]
[2]: http://taint.org/2005/09/11/012434a.html
The only way I can see to have a NON-abusive challenge-response system
nowadays, would be to restrict challenges to domains for which the
challenged message passed SPF, Domain Keys or DKIM tests. (You'd still
annoy your correspondents, but at least you wouldn't be creating spam for
innocent third parties.)
None of the C-R filters bother doing that, though.
If I am replying to a sender's email and the sender is rude enough not
to let my reply through then "scroom".
Hey, Jo, come on over to my house for the !
Jo arrives. But the usual doorway transaction fails because a new
filter is in place that orders Joe to go back home and call from home
to say he's coming.
Scroom. I'd go home and stay home.
{^_^}
