On 25-Aug-06, at 3:20 PM, Kenneth Porter wrote:
--On Friday, August 25, 2006 12:05 AM -0700 Plenz <[EMAIL PROTECTED]
online.de> wrote:
I disagree. To check out what happens I converted a JPG picture
into a GIF
file
and sent it to myself. One time I converted it with IrfanView and the
second time with PaintShop Pro. Both GIF files had the result
"giftopnm: EOF or error reading data portion..." So I produced a
corrupt
(?) image, but it was not spam.
I think we should discourage all broken content in email and on the
web.
At one time we could assume that broken content was an honest
mistake and make an attempt at fixing it. But with the rise of
malicious content attempting to exploit bugs in content handlers
(like overruns in image libraries), we should simply reject
anything that fails to pass validation, on the assumption that's it
out to get us.
This includes not just broken images but also broken HTML, which is
so commonly used to conceal spam.
We need to stop giving a free pass to broken content creation
software just because it's popular. When someone sends you broken
content, you should react the same way you would if they sent you
documents on dirt-smeared paper. Stop letting your emperor walk
around naked.
I would, and do, go even further and discourage broken Server/DNS
configurations.
I've downright had it with all this crap hitting my server.
I'm now doing checks right at the MTA and if the sending server fails
any hostname, HELO, domain name, SPF etc., checks they don't even get
to my content filters. The biggest thing we have in our favour is
that the spambots are mostly broken or running on machines that will
fail most of these checks.
For legitimate email, I send an message to the admins responsible for
the broken configs with my log entries explaining why their email was
blocked. It's up to them to fix it if they want to send email my way.
I know this isn't practical in an environment where you're
administering hundreds or thousands of accounts, and I feel your
pain, but I think it's time we encouraged proper and correct server
and DNS configurations so we can use all the tools at our disposal to
our advantage.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
416-247-7740