Re: [tlug] giving up on email

[Godwin Stewart <gstewart@example.com>]

On Mon, 12 Apr 2004 11:11:29 +0200, David Santinoli <u235@example.com> wrote:

> I heard about some piece of software actually performing these checks.
> However, this strategy seems viable for personal use only - lookups
> require time, and carefully crafted messages containing tens or hundred
> of domain names in control of the spammer could DOS a mail server.

Of course, you could limit the lookups and stop as soon as one fits the
criteria.

> (Checking the authoritative name servers of the spamvertised domains
> instead of the hostnames might be a bit more secure.)

True. There are a few DNS services preferred by spammers. Not to mention the
more recent trojans which turn unsuspecting home users into authoritative
nameservers for some .biz domains. Not that you'd need to do a lookup for
that - if there's a .biz domain anywhere in the mail then it's guaranteed
spam.

> Anyway, I'd also check Spamhaus and/or SPEWS in addition to the
> geographical black lists.

Spamhaus for the source, and SPEWS for the spamvertised hosts.

> This sort of "lightweight legal suit" soon proved quite effective, as it
> was resorted to by an ever increasing number of spam victims.  (Up to now,
> I've won 5 out of 5 of these suits, for a grand total of 860 euro.)

Bravissimo!

> Of course, the abuse of Italian network resources by third parties, and
> the lack of appropriate reaction by some providers - which I guess is
> probably the cause of your blacklisting - is an entirely different
> matter.

Yes, that's what I meant.

Can't the Italian providers who do nothing about the abuse be considered
accomplices by their inaction? If it were possible to go after
interbusiness.it, tiscali.it and libero.it armed with this, everyone's spam
load would be reduced drastically and Italy might just be able to clean up
the reputation it has.

We have a similar problem here in France with laposte.net and wanadoo.fr.
Laposte.net lets anyone join up from anywhere in the world (in particular
from Nigeria) and use their formmail to send 419 spam all over the place.
They even got themselves kicked off completel.fr's network for that (and
that's saying something because completel.fr is notoriously spam-friendly).

Wanadoo.fr (aka wanapoo, wanaclue, wanadoodoo or dontwannado) is just
terminally clueless and doesn't even know what "blacklisting" means.
Literally. they also make half-assed attempts at keeping spam and viruses
out of their network but do fsck all about preventing them from going out.

Of course, the Italians and the French are both pretty clueless when it
comes to matters network-related. For example, France has just made it
illegal to publish proof-of-concept code demonstrating a vulnerability in
software:

http://www.securityfocus.com/archive/1/359969/2004-04-01/2004-04-08/2

So much for the government's push towards Open Source. I wonder how much
Microsoft paid the French government to pass this "security by obscurity"
law.

-- 
G. Stewart   --   gstewart@example.com -- gstewart@example.com
Registered Linux user #284683 (Slackware 9.0, Linux 2.4.25)
--------------------------------------------------------------
Always the dullness of the fool is the whetstone of the wits.
        -- William Shakespeare, "As You Like It"

Attachment: pgp00008.pgp
Description: PGP signature