On Wed, 16 Aug 2006, Simon Waters wrote:
You snipped the bit where I said "It would work for a minority use."
Sorry, don't think that is relevant really - least I have no data on
what minority uses are for captchas, nor majority uses or what the
difference is.
The reason people use image
On Wed, Aug 16, 2006 at 09:21:06AM +0100, Simon Waters wrote:
>
> The reason people use image recognition is it is something (most) humans find
>
> very easy, but requires considerable investment of effort (or resource for
> self training) to teach computers, and readily permits of variations
On Wednesday 16 Aug 2006 01:13, Paul Jakma wrote:
> On Thu, 10 Aug 2006, Simon Waters wrote:
> > I've no doubt some captcha can be invented in ASCII, but this isn't
> > it.
>
> 'tis. It works for at least one blog platform, where I've never once
> had comment spam.
You snipped the bit where I sai
Paul Jakma wrote:
ASCII captches are no less effective than image-captcha just without
the nasty "ban the blind from the internet!" side-effects.
Then again you have Authen::Captcha that has sound based Captcha's as
well
/ Mat
On Thu, 10 Aug 2006, Simon Waters wrote:
I've no doubt some captcha can be invented in ASCII, but this isn't
it.
'tis. It works for at least one blog platform, where I've never once
had comment spam.
a kid), and it would be relatively trivial to code it to handle the
types of questions fo
Alexander Harrowell [11/08/06 17:09 +0100]:
> Holding the geek snobbery for a moment, I don't think I've ever worked
> anywhere where the e-mail wasn't MSExchange...so that would kill 100% of
> "e-mail containing actual financially meaningful information".
Yes it would if host type was the only f
> The problem is that I already see enough legit mail hit the
> quarantine due to being HTML/multipart, suspected of being sent
> "direct-to-MX" due to Exchange's bizarre habit of not providing an
> audit trail via Received headers, etc.
Of course by the time you can inspect the body of a message
> On 10 Aug 2006, at 22:07, Barry Shein wrote:
> [...]
> >The vector for these has been almost purely Microsoft Windows.
>
> I wonder. From the point of view of a MX host (as opposed to a
> customer-facing smarthost), would TCP fingerprinting to identify the
> OS and apply a weighting to the
on Fri, Aug 11, 2006 at 09:38:46AM +0100, Peter Corlett wrote:
>
> On 10 Aug 2006, at 22:07, Barry Shein wrote:
> [...]
> >The vector for these has been almost purely Microsoft Windows.
>
> I wonder. From the point of view of a MX host (as opposed to a
> customer-facing smarthost), would TCP f
On Fri, 11 Aug 2006 09:38:46 BST, Peter Corlett said:
>
> On 10 Aug 2006, at 22:07, Barry Shein wrote:
> [...]
> > The vector for these has been almost purely Microsoft Windows.
>
> I wonder. From the point of view of a MX host (as opposed to a
> customer-facing smarthost), would TCP fingerprin
On 11 Aug 2006, at 05:24, Hank Nussbacher wrote:
[...]
Please show me which virus scanner scans html pages for the words
like V I A G R A, or Free M O R T G A G E, as it is going outbound.
It's the one you're going to have to write, or coerce somebody to
write, if you want it that much.
I
On 10 Aug 2006, at 22:07, Barry Shein wrote:
[...]
The vector for these has been almost purely Microsoft Windows.
I wonder. From the point of view of a MX host (as opposed to a
customer-facing smarthost), would TCP fingerprinting to identify the
OS and apply a weighting to the spam score b
On Friday 11 Aug 2006 05:24, Hank Nussbacher wrote:
> On Thu, 10 Aug 2006, Florian Weimer wrote:
> > You should look after the automated tools (probably using a virus
> > scanner or something like this) and trigger a covert alert once they
> > are detected. If the spam sent out is of the right ki
On Fri, 11 Aug 2006, Florian Weimer wrote:
I assumed your Internet cafe example was the concrete scenario you
were trying to address. There are quite a few scaners which contain
Not only. Just used as an example so everyone can be on the same page.
There are hugely different two scenarios
* Hank Nussbacher:
> Please show me which virus scanner scans html pages for the words like
> V I A G R A, or Free M O R T G A G E, as it is going outbound.
I assumed your Internet cafe example was the concrete scenario you
were trying to address. There are quite a few scaners which contain
sig
On Thu, 10 Aug 2006, Florian Weimer wrote:
You should look after the automated tools (probably using a virus
scanner or something like this) and trigger a covert alert once they
are detected. If the spam sent out is of the right kind, you can
phone the police and have the guy arrested.
Pleas
On Thu, 10 Aug 2006, Florian Weimer wrote:
Back in 2002 I asked if anyone had a solution to block or rate limit
outgoing web based spam.
What is web-based spam? Comment spam? Wiki defacements? Or do you
want to stop spam sent via web mailers? That's their job. They know
more about their
On 8/11/06, Florian Weimer <[EMAIL PROTECTED]> wrote:
How can I, as an ISP, stop abuse that is carried out over HTTPS?
There are technological solutions for intercepting HTTPS traffic, but
I don't think we want to put them to even wider use.
1. Concentrate on finding abusive "patterns"
2. F
Much of this misses the point about spam.
There is spam, and there is SPAM.
spam is when some jerk sends me an ad I don't want.
SPAM is when some jerk uses sophisticated, illegal techniques to send
a few hundred million ads a day.
The most effective technique currently uses zombie spambot arm
* Suresh Ramasubramanian:
> Yes, Sean - they are. But it is far, far more productive for the
> source of this abuse to be choked off. Call it the difference between
> using mosquito repellant and draining a huge pool of stagnant water
> just outside your home.
How can I, as an ISP, stop abuse
* Hank Nussbacher:
> I guess I wasn't clear enough in my first posting. I am not
> interested in smtp (port 25 spam). We have that covered. I am only
> interested in blocking outgoing web based spam. A user sits and sends
> out spam via automated tools via Hotmail, Yahoo, Gmail, or whatever
>
That pretty much sums it up. Lose a little bit of revenue versus causing
a service outage and losing a lot of revenue.
-M
--
Michael Nicks
Network Engineer
KanREN
e: [EMAIL PROTECTED]
o: +1-785-856-9800 x221
m: +1-913-378-6516
Hank Nussbacher wrote:
On Thu, 10 Aug 2006, Ken Simpson wrote:
* Hank Nussbacher:
> Back in 2002 I asked if anyone had a solution to block or rate limit
> outgoing web based spam.
What is web-based spam? Comment spam? Wiki defacements? Or do you
want to stop spam sent via web mailers? That's their job. They know
more about their customers than you, and
On Thu, 10 Aug 2006, Peter Corlett wrote:
On 10 Aug 2006, at 19:12, Hank Nussbacher wrote:
I'll answer on-list since this answer can benefit others. The primary
reason that the ISP wants to block outbound webmail spam is because the
100s of BLs on the Internet end up blocking large segments
On 10 Aug 2006, at 19:12, Hank Nussbacher wrote:
I'll answer on-list since this answer can benefit others. The
primary reason that the ISP wants to block outbound webmail spam is
because the 100s of BLs on the Internet end up blocking large
segments of the IP space due to spam reporting by
On Thu, 10 Aug 2006, Ken Simpson wrote:
I've had a a situation in the past that required this same application.
I ended up using amavisd-new with custom views for incoming and outgoing
mail. For spam originating from inside, it was dropped completely, for
spam originating from the outside, subj
> I've had a a situation in the past that required this same application.
> I ended up using amavisd-new with custom views for incoming and outgoing
> mail. For spam originating from inside, it was dropped completely, for
> spam originating from the outside, subject was rewritten.
Can you elab
At 04:02 PM 09-08-06 -0500, Michael Nicks wrote:
I've had a a situation in the past that required this same application. I
ended up using amavisd-new with custom views for incoming and outgoing
mail. For spam originating from inside, it was dropped completely, for
spam originating from the out
On Thu, 10 Aug 2006, Suresh Ramasubramanian wrote:
Lots of groups state that ISPs must take responsibility for lots of
things.
Lots of ISPs together stated that ISPs must take responsibility for a
few things.
The movie industry joined together and introduced the Hays Production
Code. The co
On Thursday 10 Aug 2006 01:14, Paul Jakma wrote:
> On Thu, 10 Aug 2006, Stefan Bethke wrote:
> > Do you have any links or references?
>
> Just ask the user some basic question. E.g.:
>
> What is 2 added to 23?:
I've no doubt some captcha can be invented in ASCII, but this isn't it. AI
alr
On 8/10/06, Simon Waters <[EMAIL PROTECTED]> wrote:
The webmail provider on the other hand can easily and cheaply check if content
from one member is suspicious in either content or volume, and suspend the
account. So perhaps you are trying to apply the solution in the wrong place.
Being a w
On Wednesday 09 Aug 2006 18:28, Suresh Ramasubramanian wrote:
>
> 2. West african cities like Lagos, Nigeria, that are full of
> cybercafes that use this satellite connectivity, and have a huge
> customer base that has a largish number of 419 scam artists who sit
> around in cybercafes doing noth
On 8/10/06, Sean Donelan <[EMAIL PROTECTED]> wrote:
On Thu, 10 Aug 2006, Suresh Ramasubramanian wrote:
> The MAAWG bcps, for example, state that ISPs must take responsiblity
> for mitigating outbound spam and abuse.
The RIAA, for example, states that ISPs must take responsibility for
mitigating
On Thu, 10 Aug 2006, Suresh Ramasubramanian wrote:
The MAAWG bcps, for example, state that ISPs must take responsiblity
for mitigating outbound spam and abuse.
The RIAA, for example, states that ISPs must take responsibility for
mitigating copyright infringement by its users.
Lots of groups s
On 8/10/06, Sean Donelan <[EMAIL PROTECTED]> wrote:
Do we really want ISPs to become the enforcers for every Internet
application someone may use or abuse? Webmail, online game cheating, blog
complaints, auctions disputes, instant message harrasment, music sharing,
online gambling, etc.
Imagin
Barry> I assume you were about to provide us with one great legal
Barry> case cite. Don't be shy, go right ahead.
The law is online in several places. Feel free to go read it.
On Thu, 10 Aug 2006, Suresh Ramasubramanian wrote:
On 8/10/06, Sean Donelan <[EMAIL PROTECTED]> wrote:
Shouldn't most of freemail/webmail services be doing their own outbound
spam and virus checking now?
Yes, Sean - they are. But it is far, far more productive for the
source of this abuse to
I assume you were about to provide us with one great legal case
cite. Don't be shy, go right ahead.
On August 9, 2006 at 13:57 [EMAIL PROTECTED] (Allan Poindexter) wrote:
>
> > John Levine <[EMAIL PROTECTED]> writes:
>
> Allan> I would let any ISP I use make this mistake once. Afte
On 8/10/06, Sean Donelan <[EMAIL PROTECTED]> wrote:
Shouldn't most of freemail/webmail services be doing their own outbound
spam and virus checking now?
Yes, Sean - they are. But it is far, far more productive for the
source of this abuse to be choked off. Call it the difference between
usin
On Thu, 10 Aug 2006, Stefan Bethke wrote:
Do you have any links or references?
Just ask the user some basic question. E.g.:
What is 2 added to 23?:
regards,
--
Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A
Fortune:
"Being disintegrated makes me ve
On Wed, 9 Aug 2006, Matthew Black wrote:
Use of "captchas" has serious accessibility issues:0
visually-impaired users will have trouble completing forms. From a
legal standpoint, this is a no-go and most definitely not possible
for any government or public-sector agency in the United States.
On Wed, 9 Aug 2006, Hank Nussbacher wrote:
The key here is the bottom Received with the mshttpd. Only once it hits
telgua.com.pt (this is just an example of the dozens I see per day), does it
get converted into smtp, but the xx.56.145.19 IP is the one that gets listed
in spam BLs.
Basically
I've had a a situation in the past that required this same application.
I ended up using amavisd-new with custom views for incoming and outgoing
mail. For spam originating from inside, it was dropped completely, for
spam originating from the outside, subject was rewritten.
Hope this helps.
-
On Wed, 9 Aug 2006, Ken Simpson wrote:
Typical SMTP headers of http based spam:
Received: from pmx2.montclair.edu (smtp-in.montclair.edu [130.68.1.65])
by broadway.montclair.edu
(iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))
with ESMTP id <[EMAIL PROTECTED]> for
x; Wed,
> John Levine <[EMAIL PROTECTED]> writes:
Allan> I would let any ISP I use make this mistake once. After that
Allan> the individuals responsible would be up on ECPA charges.
John> I suppose any ISP foolish enough not to disclaim ECPA
John> confidentiality gets what it deserves.
The
On Aug 9, 2006, at 2:15 PM, Barry Shein wrote:
I think what was being talked about was that a lot of spam now comes
as embedded images which unpack into ads for the usual stuff. It's
actually been going on for a few years but I guess as the other stuff
gets more and more effectively blocked th
I think what was being talked about was that a lot of spam now comes
as embedded images which unpack into ads for the usual stuff. It's
actually been going on for a few years but I guess as the other stuff
gets more and more effectively blocked this form becomes more salient.
Thus far I don't kn
On 8/9/06, Gregory Kuhn <[EMAIL PROTECTED]> wrote:
>
> I think he's talking about blog spam, which is definitely submitted
> over HTTP.
Similar. Picture this ...
1. A satellite connectivity provider, that provides connectivity to
huge swathes of west africa, among other places.
2. West af
> I thought it was pretty clear that he was talking about e-mail spam
> submitted using HTTP to webmail services like hotmail, yahoo and gmail:
I guess I'm still a little confused about the poster's original
request. It sounds like he is interested in stopping his own users
from spamming via we
On 9-Aug-2006, at 12:02, Ken Simpson wrote:
Maybe I'm just an ignorant e-mail postmaster. I thought that
nearly all e-mail was (E)SMTP-based (LMTP excepted).
If it doesn't use the SMTP protocol, it's not reaching any
mailbox. HTTP is a web browser protocol. WebMail gets converted
by the web
Ken Simpson wrote:
Maybe I'm just an ignorant e-mail postmaster. I thought that
nearly all e-mail was (E)SMTP-based (LMTP excepted).
If it doesn't use the SMTP protocol, it's not reaching any
mailbox. HTTP is a web browser protocol. WebMail gets converted
by the web server and is subsequently r
> Maybe I'm just an ignorant e-mail postmaster. I thought that
> nearly all e-mail was (E)SMTP-based (LMTP excepted).
>
> If it doesn't use the SMTP protocol, it's not reaching any
> mailbox. HTTP is a web browser protocol. WebMail gets converted
> by the web server and is subsequently routed usi
Hi Hank,
Have you had any luck combining Squid in a transparent proxy
configuration with SpamAssassin? A commercial plugin like Cloudmark
might provide better performance (since it doesn't have to evaluate
thousands of regex rules for each connection).
How to run Squid as a transparent proxy:
ht
On Wed, 9 Aug 2006 18:11:47 +0300 (IDT)
Hank Nussbacher <[EMAIL PROTECTED]> wrote:
[original message edited for brevity--m.black]
Based on my stats from Spamcop, 60% of all outgoing spam is http based
rather than smtp based. Others may have slightly higher or lower numbers.
So, is there an
Michael> We use the standard SpamAssassin, ClamAV setup both on
Michael> ingress and egress. On egress we set the detection levels
Michael> and divert and save anything that is marked as Spam rather
Michael> than sending it on with headers and subject modifications.
I would let any ISP I
On Wed, 09 Aug 2006 15:59:52 +0200
Jeroen Massar <[EMAIL PROTECTED]> wrote:
On Wed, 2006-08-09 at 09:50 -0400, Mills, Charles wrote:
I think if such a thing would exist, the "verification" gifs to prevent
automated free yahoo and hotmail account signups would be defeated as
well.
You mean Ca
isaster Recovery
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Michael K. Smith - Adhost
Sent: Wednesday, August 09, 2006 9:11 AM
To: Hank Nussbacher; Nanog
Subject: Re: ISP wants to stop outgoing web based spam
Hello Hank:
On 8/9/06 3:28 AM,
On Wed, 2006-08-09 at 09:50 -0400, Mills, Charles wrote:
> I think if such a thing would exist, the "verification" gifs to prevent
> automated free yahoo and hotmail account signups would be defeated as
> well.
You mean Captcha (http://en.wikipedia.org/wiki/Captcha)
Which is not so much of an iss
On Wed, 2006-08-09 at 06:11 -0700, Michael K. Smith - Adhost wrote:
[..]
> My answer is based on the word "startup" so I'm assuming "no money"
> but I could be "wrong". :-) We use the standard SpamAssassin, ClamAV
> setup both on ingress and egress.
Currently the trend seems to be to send images
Title: Re: ISP wants to stop outgoing web based spam
Hello Hank:
On 8/9/06 3:28 AM, "Hank Nussbacher" <[EMAIL PROTECTED]> wrote:
>
> Back in 2002 I asked if anyone had a solution to block or rate limit
> outgoing web based spam. Nothing came about from that thr
Back in 2002 I asked if anyone had a solution to block or rate limit
outgoing web based spam. Nothing came about from that thread. I have an
ISP that *wants* to stop the outgoing spam on an automatic basis and be
a good netizen. I would have hoped that 4 years later there would be
some technical
61 matches
Mail list logo
