Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Page 1 of 2 1 2 >
Topic Options
#176142 - 21/08/2003 06:57 the death of e-mail?
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
A friend of mine who runs his own personal .com domain is currently exasperated by the spamming and virus issues. He's got spammers forging messages "from" his domain, generating huge amounts of back-scatter (bounced messages and the like). Add on the volume of crap generated by e-mail viruses, and he's seriously considering pulling the plug. As in "if you want to contact me, call me on the phone".

Are we truly doomed? Is there a hope? Will we be forced to go back to "closed" e-mail systems like Prodigy originally was, where the only way to contact somebody on the inside will be to be an insider yourself? Will DNSSEC, S/MIME and other crypto technologies come to the rescue? Can you imagine yourself configuring your mailer to reject all unsigned messages?

Top
#176143 - 21/08/2003 07:03 Re: the death of e-mail? [Re: DWallach]
robricc
carpal tunnel

Registered: 30/10/2000
Posts: 4931
Loc: New Jersey, USA
As in "if you want to contact me, call me on the phone".
It will take a lot more than Sobig to make me do that. However, becuase of shit like this, I decided to outsource me and my office's webhosting a couple months ago. What a relief it is to not have to worry about servers getting hacked, spam relays, etc.

PS- I got infected with Sobig. Thankfully, nobody else in the office did.
_________________________
-Rob Riccardelli
80GB 16MB MK2 090000736

Top
#176144 - 21/08/2003 08:26 Re: the death of e-mail? [Re: DWallach]
jaharkes
enthusiast

Registered: 20/08/2002
Posts: 340
Loc: Pittsburgh, PA
He's got spammers forging messages "from" his domain, generating huge amounts of back-scatter (bounced messages and the like).

Same here, the double bounces are annoying (3740 bounces over the past 12 days). But what really gets to me is the fact that my domain got blacklisted about three times already, even though the Received: headers clearly show that the spam emails did not originate from or were relayed by any of my machines.

The worst of all was the father of a 5 year old that started filling my inbox with hatemail after his daughter got porn spam with a faked from address that made it look like it was coming from my domain.
_________________________
40GB - serial #40104051 gpsapp

Top
#176145 - 21/08/2003 08:31 Re: the death of e-mail? [Re: jaharkes]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
What's a 5 year old doing unattended with her own email account anyway? Anybody who's used the internet for any period of time knows that you'll always get spam and 90% of it is porn.

Top
#176146 - 21/08/2003 08:40 Re: the death of e-mail? [Re: tman]
frog51
pooh-bah

Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
Surely 5 year olds have a major requirement for Toner cartridges and viagra like the rest of us??
_________________________
Rory
MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi
MkII, 240Gb in Mark Lord dock
MkII, 80Gb SSD in dock

Top
#176147 - 21/08/2003 08:48 Re: the death of e-mail? [Re: DWallach]
Anonymous
Unregistered


text messaging is the wave of the future

Top
#176148 - 21/08/2003 08:59 Re: the death of e-mail? [Re: frog51]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Yep. She must be trying to get her accredited diploma from a renown college as well!

Top
#176149 - 21/08/2003 09:01 Re: the death of e-mail? [Re: frog51]
Daria
carpal tunnel

Registered: 24/01/2002
Posts: 3937
Loc: Providence, RI
When I was 5 I didn't need my hair back.

Top
#176150 - 21/08/2003 09:01 Re: the death of e-mail? [Re: tman]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
She may have also accumulated a large amount of debt in those 5 years, and be looking for some way to reduce it.
_________________________
Matt

Top
#176151 - 21/08/2003 09:05 Re: the death of e-mail? [Re: Dignan]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
It's never too early to start finding financial independence by working from home . . .
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#176152 - 21/08/2003 09:09 Re: the death of e-mail? [Re: JeffS]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
Many young girls keep pen-pals. There are lots of people in Nigeria who would like to write to her.
_________________________
Matt

Top
#176153 - 21/08/2003 09:37 Re: the death of e-mail? [Re: Dignan]
justinlarsen
old hand

Registered: 31/12/2001
Posts: 1109
Loc: Petaluma, CA
messaging is the wave of the future

Nope I've already gotten span on my phone 4 times.
_________________________
---- Justin Larsen

Top
#176154 - 21/08/2003 09:44 Re: the death of e-mail? [Re: justinlarsen]
loren
carpal tunnel

Registered: 23/08/2000
Posts: 3826
Loc: SLC, UT, USA
Ditto on the SMS spam. I was f'n ANGRY when i got them too... i had believed my cell phone was the one last bastion of non-advertisement ladden communication. Nope.

I'm about to give up email myself. Even with spamcop and spamassassin i still get over 100 spams a day. Having the same email for close to 7 years will do that to ya. I just can't make myself change the address though... it'd be like letting them win.
_________________________
|| loren ||

Top
#176155 - 21/08/2003 09:51 Re: the death of e-mail? [Re: justinlarsen]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
Hey, I didn't say that
_________________________
Matt

Top
#176156 - 21/08/2003 09:51 Re: the death of e-mail? [Re: Dignan]
loren
carpal tunnel

Registered: 23/08/2000
Posts: 3826
Loc: SLC, UT, USA
us flat mode viewers are always screwing up the threads =]
_________________________
|| loren ||

Top
#176157 - 21/08/2003 09:55 Re: the death of e-mail? [Re: loren]
cmtempeg
journeyman

Registered: 29/07/2003
Posts: 66
Loc: Minneapolis, Minnesota, USA
Yeah

I wish you could do the nested-mode that slashcode has. You can see all the posts in full, yet still have thread context.
_________________________
Hello, my name is Bingo. I like to climb on things. Can I have a banana? eek eek.

Top
#176158 - 21/08/2003 09:57 Re: the death of e-mail? [Re: loren]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
the one last bastion of non-advertisement ladden communication.
The Empeg bbs? (except for the VERY rare occurrence)
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#176159 - 21/08/2003 09:58 Re: the death of e-mail? [Re: loren]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
I view in flat mode
_________________________
Matt

Top
#176160 - 21/08/2003 09:58 Re: the death of e-mail? [Re: cmtempeg]
loren
carpal tunnel

Registered: 23/08/2000
Posts: 3826
Loc: SLC, UT, USA
YES! THAT would be excellent. I wonder if UBBThreads has any plans for that...
_________________________
|| loren ||

Top
#176161 - 21/08/2003 11:51 Re: the death of e-mail? [Re: loren]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
I just can't make myself change the address though... it'd be like letting them win.

As I've moved from undergraduate to graduate school to my current job, I've left .forward files pointing on to my new address. About two years ago, I killed them because all I was getting through them was spam. Now if you e-mail an old address of mine you get an automatic message telling you to find my new address. That helped a lot, as I used to maintain an FAQ that was widely mirrored through the Usenet FAQ archives, and thus widely spidered by evil spammers.

My frustrated friend is particularly concerned about the brand value he built behind his domain name as a consulting organization. He's actually posted a US$1000 bounty for information leading to successful prosecution of the guy using his domain name. Heaven only knows, the guy may not be specifically picking on him, but might be doing this to everybody's domain names.

So, back to my original question. To all you sysadms out there, if you had a switch you could throw that would make your server reject all e-mail that did not contain a digital signature that correctly tied the e-mail message back to its source DNS domain (perhaps through the use of DNSSEC), and if a simple patch was available for your MTA of choice to sign its outgoing mail in such a fashion... would you be willing to throw the switch?

Top
#176162 - 21/08/2003 12:03 Re: the death of e-mail? [Re: DWallach]
julf
veteran

Registered: 01/10/2001
Posts: 1307
Loc: Amsterdam, The Netherlands
So, back to my original question. To all you sysadms out there, if you had a switch you could throw that would make your server reject all e-mail that did not contain a digital signature that correctly tied the e-mail message back to its source DNS domain (perhaps through the use of DNSSEC), and if a simple patch was available for your MTA of choice to sign its outgoing mail in such a fashion... would you be willing to throw the switch?

Absolutely. But a harder question is "Would you accept mail from AOL"?


Top
#176163 - 21/08/2003 12:15 Re: the death of e-mail? [Re: DWallach]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
if you had a switch you could throw that would make your server reject all e-mail that did not contain a digital signature that correctly tied the e-mail message back to its source DNS domain (perhaps through the use of DNSSEC), and if a simple patch was available for your MTA of choice to sign its outgoing mail in such a fashion... would you be willing to throw the switch?
No. Incoming mail is more important than outgoing mail, and we have to expect poor support from other users.

In other words, be strict in what you send and lenient in what you receive. (Or whatever words that was originally stated with.)

In addition, I might legitimately send mail from one domain via another domain's server. I, in fact, do that regularly right now, when sending mail from my personal domain address from work.

There are conceivably other options, though, even ones that involve crypto. I just don't think that that's the right solution.
_________________________
Bitt Faulk

Top
#176164 - 21/08/2003 12:48 Re: the death of e-mail? [Re: DWallach]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Nope. It would prevent a lot of email coming in. If everybody else out there installed the patches however then it would be fine to flick the switch.
At the moment most of the people out there aren't technical enough to care or even know about the problem and how to fix it.

Top
#176165 - 21/08/2003 13:17 Re: the death of e-mail? [Re: tman]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
If everybody else out there installed the patches however then it would be fine to flick the switch.

Okay, now how high a percentage would be enough that you'd stop accepting e-mail from unpatched systems? Keep in mind here that these hypothetical signatures would only amount to a guarantee that the domain in the "from" line was legit. You'd have no guarantee that the user within wasn't forged. However, if you did get spam from one of these things, you'd have some proof of who really sent the spam.

Somehow, the whole world rapidly dropped telnet and rsh and moved quickly to ssh / OpenSSH. As far as I can tell, the big difference is that, if our organization dropped telnet, it only realistically effected our own users. External people were never really counting on telnet to actually log in here. If we dropped traditional e-mail support, then you're breaking things for people who might have legitimately expected to be able to send you mail.

More food for thought: consider the ratio of legit e-mail to spam that you get, either in terms of bytes or number of messages. How low must the signal-to-noise ratio be where it's no longer cost-effective to find the signal among the noise?

Top
#176166 - 21/08/2003 13:30 Re: the death of e-mail? [Re: DWallach]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Just knowing that the domain is legit is way better than what we've got now. If they're excessive then you can just block the entire domain and just have exceptions for people you want.

The switch over from telnet/rsh to ssh happened reasonably quickly and without incident because as you said it only affected your own users. If they wanted to connect then they would have to get a client or just not connect anymore. Also people that would be using telnet/rsh with your hosts would be authorised users and you'd know who was who and who should have access.

As to the ratio it depends really. For my personal email then an occasional blocked email isn't that important so about 80%-90% correctly delivered really. You could log attempts but you're still wasting time looking through the list to make sure you've not lost anything important.
The difference between personal where lost email isn't major against business where lost email could be lost income is the big point here. I know people that use Hotmail and have the exclusive option set in their spam filter which only allows addresses from the address book to be delivered.

It's an interesting point to make. How much lost email are you willing to put up with to ensure that your spam fighting works?

Top
#176167 - 21/08/2003 13:37 Re: the death of e-mail? [Re: frog51]
Laura
pooh-bah

Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
I'm sure she also needs penis enlargement like I do
_________________________
Laura

MKI #017/90

whatever

Top
#176168 - 21/08/2003 13:40 Re: the death of e-mail? [Re: Laura]
DLF
addict

Registered: 24/07/2003
Posts: 500
Loc: Colorado, N.A.
I think they're betting on wives being the decision-makers on that one.

Hey, we're getting into a pretty weird area here.
_________________________
-- DLF

Top
#176169 - 22/08/2003 01:36 Re: the death of e-mail? [Re: tman]
peter
carpal tunnel

Registered: 13/07/2000
Posts: 4180
Loc: Cambridge, England
The difference between personal where lost email isn't major against business where lost email could be lost income is the big point here.
I'd tend to agree, but the other way round. Lost income is no biggie, a company goes down and people move on. And an unanswered business email is usually chased-up anyway. But I've got several valued friendships that narrowed in the past to a single email or snail-mail before expanding again.

It's an interesting point to make. How much lost email are you willing to put up with to ensure that your spam fighting works?
Nil.

Peter

Top
#176170 - 22/08/2003 06:34 Re: the death of e-mail? [Re: loren]
altman
carpal tunnel

Registered: 19/05/1999
Posts: 3457
Loc: Palo Alto, CA
Spambayes. I used to use cloudmark (and even subscribed at $2/month) but it was still letting some through. After a week of training, I maybe get 2 a day which it doesn't filter out.

Yes, I still have to check the "possible spam" folder, but after the first week of training I've not found anything non-spam in there.

Strongly, strongly recommended. spambayes.sourceforge.net I think.

Hugo

Top
#176171 - 22/08/2003 07:57 Re: the death of e-mail? [Re: altman]
JBjorgen
carpal tunnel

Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
Thanks Hugo, I've been wanting to dump spamnet for a while now.
_________________________
~ John

Top
#176172 - 22/08/2003 08:27 Re: the death of e-mail? [Re: altman]
cmtempeg
journeyman

Registered: 29/07/2003
Posts: 66
Loc: Minneapolis, Minnesota, USA
I second using bayes! It works like a charm in most cases.

I host my mail on my personal mailserver and use spamassassin with bayes and network (rbl/checksum) lookups. I'm down to maybe 1 false negative per week.

I've set up exim to use rbls also, which returns a "user not here, go away" result code to the sending mail server that was found in the rbl. With rbl checks, 80% of the spam doesn't even make it to spamassassin. Another 19.9% is easily handled by heuristic checks, checksums and bayes.

I have, however, begun to see attempts to poison the bayes databases by including many random words that aren't typically associated with spam. This is where the heuristics come into play. Usually these emails are a bunch of random words (bayes doesn't think its spam), and a single image, which is an ad. Spamassassin detects most of these, especially when you have the distributed checksum tests like pyzor and dcc turned on.
_________________________
Hello, my name is Bingo. I like to climb on things. Can I have a banana? eek eek.

Top
Page 1 of 2 1 2 >