Re: [Asrg] Cutting down spam load
Yakov Shafranovich <research@solidmatrix.com> Fri, 20 June 2003 21:01 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA08658 for <asrg-archive@odin.ietf.org>; Fri, 20 Jun 2003 17:01:06 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5KL0ct08823 for asrg-archive@odin.ietf.org; Fri, 20 Jun 2003 17:00:38 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TSzu-0002Hu-Fn for asrg-web-archive@optimus.ietf.org; Fri, 20 Jun 2003 17:00:38 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA08587; Fri, 20 Jun 2003 17:00:33 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TSzp-0003Go-00; Fri, 20 Jun 2003 17:00:33 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19TSzp-0003En-00; Fri, 20 Jun 2003 17:00:33 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TSzK-00025g-7j; Fri, 20 Jun 2003 17:00:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TSz2-00024p-1B for asrg@optimus.ietf.org; Fri, 20 Jun 2003 16:59:44 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08423 for <asrg@ietf.org>; Fri, 20 Jun 2003 16:59:41 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TSz0-0003Dm-00 for asrg@ietf.org; Fri, 20 Jun 2003 16:59:42 -0400
Received: from 000-228-098.area5.spcsdns.net ([68.27.130.7] helo=68.27.130.7 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19TSyy-0003Dj-00 for asrg@ietf.org; Fri, 20 Jun 2003 16:59:41 -0400
Message-Id: <5.2.0.9.2.20030620165724.00bdadc8@std5.imagineis.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
To: gep2@terabites.com, Yakov Shafranovich <research@solidmatrix.com>, asrg@ietf.org
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: Re: [Asrg] Cutting down spam load
In-Reply-To: <B0000024122@nts1.terabites.com>
References: <5.2.0.9.2.20030620112322.00b9fac8@std5.imagineis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
X-GCMulti: 1
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 20 Jun 2003 16:59:19 -0400
At 04:19 PM 6/20/2003 -0500, gep2@terabites.com wrote: > >>AND, don't forget, another big benefit is blocking NOT ONLY JUST spam, but > >>also > >>viruses/worms/trojans. In many cases, those are sent from 'legitimate' > >>senders > >>and without hijacking open relays... so things like spf wouldn't help > >>(even IF > >>you could realistically speaking block 'non-verifiable' senders, which > is way > >>less than clear) but my permissions-list approach would block probably > >>80-90% or > >>more of such malicious stuff, too. By blocking (by default) ALL > attachments > >>coming from people you don't normally expect to get attachments from, > you're > >>blocking malicious code, too. Sure, you'll open up the "attachments > allowed" > >>window for people you trust and authorize to send those, but that's > going to > >>typically be a small percentage of the people you'd normally maybe receive > >>(ordinary) E-mails from. > > >We do research into fighting spam, not viruses and worms. How does blocking > >attachements going to stop spammers? > >Although > > 1) some spammers have been known to install spambots and zombies in > unwitting >users' systems, and those are installed via attachments; That is true and Barry Shein has pointed this out before. However, your approach still does not solve the issue of dealing with ASCII spam. >and > > 2) text-as-image attachments are occasionally used by spammers to > circumvent >content/keyword scanners, > >the real point is that by this one permission-based whitelist approach, we >can >use one, cohesive, straightforward, and incrementally deployable approach to >take a big bite out of BOTH spam AND viruses/trojans... arguably the two >biggest >and most pressing problems we have on the Internet today. TODAY, what about tomorow? How long will it take spammers to adapt? Mere days. >Meanwhile, in so doing, we'll also help prevent the irresponsible and >wasteful >growth of (unnecessary) HTML-burdened E-mail, which all by itself could be >expected to perhaps make as much as a 30-50% or more reduction in the total >E-mail load, net-wide. We are not in the traffic reducing business. If we would be why not advocate the use of gzip compression on all HTTP transactions? That would save tremendous amount of time as well? Yakov _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Cutting down spam load gep2
- Re: [Asrg] Cutting down spam load Vernon Schryver
- Re: [Asrg] Cutting down spam load Yakov Shafranovich
- Re: [Asrg] Cutting down spam load gep2
- Re: [Asrg] Cutting down spam load Yakov Shafranovich