Great Circle Associates List-Managers
(May 2001)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Spam Filters vs. Mailing Lists
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Date: Fri, 18 May 2001 15:09:40 -0700
To: "Bernie Cosell" <bernie @ fantasyfarm . com>
Cc: Chuq Von Rospach <chuqui @ plaidworks . com>, "list-managers" <list-managers @ GreatCircle . COM>
In-reply-to: <200105182006 . f4IK6JR11732 @ mail . rev . net>


On Friday, May 18, 2001, at 01:05 PM, Bernie Cosell wrote:

I have a bit of a meta-question...

On 18 May 2001, at 10:11, Chuq Von Rospach wrote:

Fairly widespread. Right now, for instance, I'm seeing a lot of stuff
bounced if it has the word "homepage" in it, which is (IMHO) ludicrous.

Is this for real?

Bernie -- would I lie to you? Old buddy?

(grin)

Yes, it's true. One of my mailing lists is currently having a discussion about homepages for students on educational servers. And there are currently two domains of subscribed users bouncing back every message with the word "homepage" in it as being virus ridden.

I've written the admins to suggest their virus checkers get a clue, but if the admin had a clue going in, he'd have never done it that way. It reeks of panic/emergency hacking.

When I was running majordomo as my list server, I started having a few domains kick back mail as spam -- because I was using the bulk_mailer program to speed delivery. anything that put that phrase in its received lines has to be spam, right? (that's why my copies of bulk_mailer now identify themselves in received lines as ulkbay_ailermay. honest. I couldn't make this stuff up....)

I think that *that's* more indicative of the depth and breadth of what we
have to deal with than almost anything else...  It is one thing when the
average skill of the *user* goes into the crapper, but quite another when
the *sysops*, too, follow their clientiele into the without-a-clue
crapper...  Whew!!

yah. I had that talk with one of my admins today -- bounces that get through the bounce processor, and he was wondering why he was getting them. Yet another unreadable, non-standard, not-necessarily-accurate set of bounces that have to be manually handled.

Now, I realize that most e-mail standards are only a decade or so old, and it takes time on the internet for people to build systems, so perhaps I'm being too picky to think that people could actually follow standards and quit reinventing the wheels with six sides...

They're basically
non-apologetic and take the attitude that such things are acceptable
collateral damage in their approach to dealing with incoming spam, and
that's that.

That's always something that their clients ought to be told -- because if they have false positives, they are bouncing other stuff, too. INcluding stuff that might really matter to the recipient. So I *always* pass those kind of messages on to the subscriber, so they know their ISP is bouncing stuff improperly and thinks its a feature, not a bug. Rarely are list messages life or death to a person, but if they're bouncing list stuff -- they're bouncing other stuff, too. And that other stuff might be.

Imagine not getting a consulting proposal because it was bounced because it has the word "homepage" in it. and not knowing about it until you accept another, much less lucrative job...

I analyzed the last couple and I noticed that there is now the email
equivalent of a "root kit" -- that is, we're now at the stage where a
clueless script kiddie can touch off an email worm without having a clue
about 'vbs' or self-replicating software or anything like that. So, IMO,
things are going to get worse, perhaps a LOT worse, before they get
better.

thank god I strip all mime off my lists. I've always planned to enhance demime to allow me to selectively strip mime, but I've never had time. Right now -- I'll just put that one on hold for a year.

these are all trojans, that arrive
and invite the unwary/unclued to shoot themselves in their collective
feet, and they do it with amazing and mindboggling consistency].

remember when users simply infected mail lists with viruses warning of FALSE viruses? Well, those same users are now really infected....

Since,
IMO, the density of clueness is going down, overall, I think that these
things will always be finding more and more gullible 'hosts' and so be an
essentially unstoppable plague on our house.

not if the people building mail clients build them so they aren't wide open to this kind of crap. Not that I'm mentioning any specific software houses by name or anything.

but much of the spam issue wouldn't be a problem TODAY if Eric Allman had known to shut down open relaying years ago. Today, the only way you'll ever get the open relays shut down is if everyone upgrades to a version of their MTA that won't talk to any version of sendmail older than 8.9.3.

Same is true of the mail clients -- being able to execute code (or worse, auto-execute code. What WERE they thinking?) is stupid. And the people who set that up had a lot more warning than the sendmail folks did with open relays. In retrospect, we should have known better than to set things up wide open, based on the reality that anything that can be exploited will be. But allowing arbitrary code execution? Even the java folks knew better than that -- their security model may not be perfect, but at least they realized they needed one....

Yeah, and we're just seeing the beginning of the *fun* ones: the ones
that mutate on every propagation, that download new 'stealth modules' and
patch themselves on-the-fly, that hide more cleverly in their host
systems..

yeah, that self modification stuff is (at an intellectual level) fascinating. For folks who don't know what's going on, these new viruses move in and set up housekeeping and basically intertwine themselves into EVERYTHING. And if you read USENET on that box, it finds out what your NNTP server is, and quietly watches some alt groups. and the authors of these viruses post updates to those alt groups, which when the virus sees them, it downloads and updates itself with them. So once its on your system, the author can UPDATE it with new features, teach it to better hide itself, add new distribution methods, or turn it virulent or suicidal, any time he wants.

Or, for that matter, anyone who wants to write update modules for it can, simply by posting them to the newsgroup and posing as the author. Even if the author didn't want to cause damage, someone who does can piggyback on his work any time they want.

(shudder)

tell you what. Makes *me* damn glad my desktops all run MacOS. Not that I *assume* I'm safe, by the way.



--
Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
[<chuqui @
plaidworks .
com> = <me @
chuqui .
com> = <chuq @
apple .
com>]
Yes, yes, I've finally finished my home page. Lucky you.

Yes, I am an agent of Satan, but my duties
are largely ceremonial.





Follow-Ups:
References:
Indexed By Date Previous: Re: Spam Filters vs. Mailing Lists
From: "Roger B.A. Klorese" <rogerk @ QueerNet . ORG>
Next: Re: Spam Filters vs. Mailing Lists
From: "David W. Tamkin" <dattier @ ripco . com>
Indexed By Thread Previous: Re: Spam Filters vs. Mailing Lists
From: JC Dill <inet-list @ vo . cnchost . com>
Next: Re: Spam Filters vs. Mailing Lists
From: Tim Pierce <twp @ rootsweb . com>

Google
 
Search Internet Search www.greatcircle.com