NO !
What is this.. I've had lots and lots from steve@blueyonder whoever he is?!
This is the future of e-mail, if something better at spam suppression
doesn't come along.
** Reply to message from "Stephen J. Wilcox" <steve@telecomplete.co.uk>
on Mon, 8 Mar 2004 21:08:10 +0000 (GMT)
:
: What is this.. I've had lots and lots from steve@blueyonder whoever he is?!
Not sure, but I got 4 of them, and it took 12 hours from my only post over
the weekend to get them. Since I cannot get mail to @@blueyonder since I
will not play this little game I hope he sees this and realizes it is a really
BAD idea to run such a service for the lists is is subscribed to.
James Edwards
Routing and Security
jamesh@cybermesa.com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
505-988-9200 SIP:1(747)669-1965
Jeff Shultz wrote:
This is the future of e-mail, if something better at spam suppression
doesn't come along.
Pace en requiat email
Jeff Shultz [3/9/2004 2:54 AM] :
This is the future of e-mail, if something better at spam suppression
doesn't come along.
You are joking, right?
Clueless users and bad software have been a feature of email (or anything else on the internet) since quite some time.
This is the future of e-mail, if something better at spam suppression
doesn't come along.
Cool, even more email sent to my mailbox that has nothing to do with anything
I've sent or requested (get these as a result of email address spoofing viruses
too)
Steve
James
Blueyonder is the ISP part of a Cable TV company over here in the UK.
Looks like the are playing with various 'annoying' (IMHO) anti-spam technologies. Personnally I've looked at this technique at a request of one of users who thought it might be a better idea than the Spamassassin system, we use. For this very reason where the 'from' is kept by mailing list systems I was dubious it would work. Looks like (for once) I was right to be dubious.
Only because I was up checking on a remote problem...
This is the future of e-mail, if something better at spam suppression
doesn't come along.
Like the Delete function? what's NOT better than easily duped validation
mechanisms? Perhaps the only reason spammers haven't bothered is because
adoption rates are so low.
Consider:
1) in order to reduce annoyance, systems validate essentially ONCE. At best,
they're going to validate once a month or so.
2) it's trivial these days to register a fresh domain and enter auth servers.
Fraudulent registrations are already common.
3) DHCP assignments on broadband are *just* stable enough that someone can
setup some verifiable servers and send some mostly mundane messages
4) it's technically trivial to collect verify responses and direct things
into a bot that senses a validation system and replies(via email or web,
either is a well-known pattern that MUST remain valid once deployed to
customer sites, to be useful to the customers) as needed.
5) it'll take longer to clean these out of your validation system than it
will for them to move onto another domain that's newly in(hours).
All you've really down is open up your whitelisting policy to the outside
world. Well, that and tie up more system resources to manage the database.
Now ask yourself how you're going to track down a validated server that went
away, to be replaced by more spam from 0wned systems. Your own protection
system has opened the door. You think getting help stopping a DDOS in
progress is bad? And of course, the folks you're asking for help are the
ones getting spammed by your validation email to begin with. Congratulations.
If these annoying systems become widespread, very smart people with more time
than us to work on it will have no trouble defeating them.