Re: OT: Paradise.net shooting itself in the foot
Well, for what it's worth, it is used, by some - I got really pissed off at some 419er back in 2003, and attempted to spoof the email header so the 419er wouldn't get the idea that my email was active; I put myself somewhere in Argentina. It got bounced, with a comment that the alleged header and the actual address didn't match. So it's apparently possible; but if so, it would be greatly appreciated if it was one more obstacle for spam-phishers ... Wesley Parish On Wednesday 21 November 2007 10:07, Steve Holdoway wrote: On Wed, 21 Nov 2007 09:53:52 +1300 Jim Cheetham [EMAIL PROTECTED] wrote: On Nov 20, 2007 10:52 PM, Steve Holdoway [EMAIL PROTECTED] wrote: All headers bar the last one can be extremely simply faked, so they are pretty useless to use to identify the email's provenance. Because of this, some ISPs are clamping down on this. The Sender Policy Framework ( eg http://www.openspf.org/ ) is an attempt to cut down on spam. This defines where an email has to be sent from to be treated as valid. Surely SPF doesn't cut down on spam, it merely cuts down on address spoofing? Admittedly a lot of spam uses spoofed addresses at the moment ... but there's not a direct relationship _per se_ between an address-spoofed message and a spam message ... -jim OK, call it a beneficial side effect if you want. In real world terms it does help. Steve -- Clinersterton beademung, with all of love - RIP James Blish - Gaul is quartered into three halves. Things which are impossible are equal to each other. Guerrilla warfare means up to their monkey tricks. Extracts from Schoolboy Howlers - the collective wisdom of the foolish. - Mau e ki, he aha te mea nui? You ask, what is the most important thing? Maku e ki, he tangata, he tangata, he tangata. I reply, it is people, it is people, it is people.
Re: OT: Paradise.net shooting itself in the foot
I think you misunderstand email. Why shouldn't I be able to send an email with my paradise return address from a server in timbuctoo? I can. And I should be able to. On Tue, November 20, 2007 8:34 pm, Wesley Parish wrote: What I'm expecting them to have is some filter that looks at the purported address of the sender and at the actual history of the email, and dumps it if they are incompatible; I expect them to protect their own identity and thus their reputation even more than some other poor sod's, because their business lives or dies by their reputation. By not doing this, they are in fact permitting infringement of what is called goodwill, and goodwill isn't something to lightly throw away.. Wesley Parish On Tuesday 20 November 2007 00:36, Volker Kuhlmann wrote: On Mon 19 Nov 2007 20:57:52 NZDT +1300, Wesley Parish wrote: This isn't the first day I've received an email purporting to be from Paradise.net requiring me to verify my webmail/email details to prevent said account from being closed down. Yeah, I've been getting that hogwash too. The text isn't even a laugh ... just enter your username and password here. Yawn. And Telstraclear have a big warning up someplace. I wish they'd get their act together. Permitting this sort of infringement makes them look very, very bad. Why do you assume they permit it? The one I looked at came from optusnet in Oz. They could make an effort to have that account shut down, but more likely they wouldn't be able to keep up. The only thing they could do is train their filters better. Other than that, it's easy to impersonate someone, spammers have been doing it for years. Volker -- Clinersterton beademung, with all of love - RIP James Blish - Gaul is quartered into three halves. Things which are impossible are equal to each other. Guerrilla warfare means up to their monkey tricks. Extracts from Schoolboy Howlers - the collective wisdom of the foolish. - Mau e ki, he aha te mea nui? You ask, what is the most important thing? Maku e ki, he tangata, he tangata, he tangata. I reply, it is people, it is people, it is people. -- Nick Rout
Re: OT: Paradise.net shooting itself in the foot
On Tue, 20 Nov 2007 22:31:09 +1300 (NZDT) Nick Rout [EMAIL PROTECTED] wrote: I think you misunderstand email. Why shouldn't I be able to send an email with my paradise return address from a server in timbuctoo? I can. And I should be able to. All headers bar the last one can be extremely simply faked, so they are pretty useless to use to identify the email's provenance. Because of this, some ISPs are clamping down on this. The Sender Policy Framework ( eg http://www.openspf.org/ ) is an attempt to cut down on spam. This defines where an email has to be sent from to be treated as valid. For example I've set up the corporate mail as follows: [EMAIL PROTECTED]:~# dig txt firetrust.com ; DiG 9.4.1-P1 txt firetrust.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23367 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;firetrust.com. IN TXT ;; ANSWER SECTION: firetrust.com. 3600IN TXT v=spf1 a mx ~all says that all valid mail from firetrust.com must originate from our mail server ( the dns a or mx record - same in this case), so all of us send out our mail via that server, authenticating via tls ( the alternative open relay was vetoed for some reason (: ). This is about the best you, as the sender of email, can do, if you have access to manipulate dns in this way. It's well flawed, and not that difficult to beat, but it slows down the spammer a bit. It's just a case of attempting to identify you that bit better, as currently 95% of all mail is spam. Used wisely, it can help ( for example, when out in the field, you can state that your emails can use google mail, or yahoo, etc... ). Others are providing similar ideas, but spf seems to be the most popular atm. Just my $0.02, Steve -- Steve Holdoway [EMAIL PROTECTED]
Re: OT: Paradise.net shooting itself in the foot
On Tue 20 Nov 2007 22:31:09 NZDT +1300, Nick Rout wrote: I think you misunderstand email. Why shouldn't I be able to send an email with my paradise return address from a server in timbuctoo? I can. And I should be able to. True. But Paradise ISP has no good excuse doing so, or it'd be time to find a better ISP. However anything can be forged, incl From:, so the filtering problem is as hard as with any other spam. Which means Paradise is doing about as well as can be hoped. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
Re: OT: Paradise.net shooting itself in the foot
On Nov 20, 2007 10:52 PM, Steve Holdoway [EMAIL PROTECTED] wrote: All headers bar the last one can be extremely simply faked, so they are pretty useless to use to identify the email's provenance. Because of this, some ISPs are clamping down on this. The Sender Policy Framework ( eg http://www.openspf.org/ ) is an attempt to cut down on spam. This defines where an email has to be sent from to be treated as valid. Surely SPF doesn't cut down on spam, it merely cuts down on address spoofing? Admittedly a lot of spam uses spoofed addresses at the moment ... but there's not a direct relationship _per se_ between an address-spoofed message and a spam message ... -jim
Re: OT: Paradise.net shooting itself in the foot
On Wed, 21 Nov 2007 09:53:52 +1300 Jim Cheetham [EMAIL PROTECTED] wrote: On Nov 20, 2007 10:52 PM, Steve Holdoway [EMAIL PROTECTED] wrote: All headers bar the last one can be extremely simply faked, so they are pretty useless to use to identify the email's provenance. Because of this, some ISPs are clamping down on this. The Sender Policy Framework ( eg http://www.openspf.org/ ) is an attempt to cut down on spam. This defines where an email has to be sent from to be treated as valid. Surely SPF doesn't cut down on spam, it merely cuts down on address spoofing? Admittedly a lot of spam uses spoofed addresses at the moment ... but there's not a direct relationship _per se_ between an address-spoofed message and a spam message ... -jim OK, call it a beneficial side effect if you want. In real world terms it does help. Steve pgpJTbXGSO7OU.pgp Description: PGP signature
Re: OT: Paradise.net shooting itself in the foot
On Wed, November 21, 2007 9:53 am, Jim Cheetham wrote: On Nov 20, 2007 10:52 PM, Steve Holdoway [EMAIL PROTECTED] wrote: All headers bar the last one can be extremely simply faked, so they are pretty useless to use to identify the email's provenance. Because of this, some ISPs are clamping down on this. The Sender Policy Framework ( eg http://www.openspf.org/ ) is an attempt to cut down on spam. This defines where an email has to be sent from to be treated as valid. Surely SPF doesn't cut down on spam, it merely cuts down on address spoofing? Admittedly a lot of spam uses spoofed addresses at the moment ... but there's not a direct relationship _per se_ between an address-spoofed message and a spam message ... -jim If I am overseas or just connected to a different ISP I still want to be able to use my regular ISP based (eg paradise) email address, even though I am restricted to using the foreign ISP's smtp server. In that case I am neither spamming nor address spoofing, merely using email as the RFC intends me to be able to. -- Nick Rout
Re: OT: Paradise.net shooting itself in the foot
On Wed, 21 Nov 2007 10:11:43 +1300 (NZDT) Nick Rout [EMAIL PROTECTED] wrote: On Wed, November 21, 2007 9:53 am, Jim Cheetham wrote: On Nov 20, 2007 10:52 PM, Steve Holdoway [EMAIL PROTECTED] wrote: All headers bar the last one can be extremely simply faked, so they are pretty useless to use to identify the email's provenance. Because of this, some ISPs are clamping down on this. The Sender Policy Framework ( eg http://www.openspf.org/ ) is an attempt to cut down on spam. This defines where an email has to be sent from to be treated as valid. Surely SPF doesn't cut down on spam, it merely cuts down on address spoofing? Admittedly a lot of spam uses spoofed addresses at the moment ... but there's not a direct relationship _per se_ between an address-spoofed message and a spam message ... -jim If I am overseas or just connected to a different ISP I still want to be able to use my regular ISP based (eg paradise) email address, even though I am restricted to using the foreign ISP's smtp server. In that case I am neither spamming nor address spoofing, merely using email as the RFC intends me to be able to. -- Nick Rout But you're not restricted as above. The simpler alternative, which I'm sure paradise offer, is to use a web based email solution which, in effect, puts you back into their domain for both sending and receiving mail, and the problem goes away. Lets be honest, there aren't many of us sad people who carry a computer that would require this service, unless their company provided for this eventuality - road warrior vpn or something similar- and you user their corporate servers. Note that I'm trying to be practical, not correct here. The world was a far more niaive place when those rfcs were written, and spam wasn't a problem. Steve pgpZvZQEwUv8O.pgp Description: PGP signature
OT: Paradise.net shooting itself in the foot
This isn't the first day I've received an email purporting to be from Paradise.net requiring me to verify my webmail/email details to prevent said account from being closed down. I wish they'd get their act together. Permitting this sort of infringement makes them look very, very bad. Wesley Parish -- Clinersterton beademung, with all of love - RIP James Blish - Gaul is quartered into three halves. Things which are impossible are equal to each other. Guerrilla warfare means up to their monkey tricks. Extracts from Schoolboy Howlers - the collective wisdom of the foolish. - Mau e ki, he aha te mea nui? You ask, what is the most important thing? Maku e ki, he tangata, he tangata, he tangata. I reply, it is people, it is people, it is people.
Re: OT: Paradise.net shooting itself in the foot
On 11/19/07, Wesley Parish [EMAIL PROTECTED] wrote: This isn't the first day I've received an email purporting to be from Paradise.net requiring me to verify my webmail/email details to prevent said account from being closed down. I wish they'd get their act together. Permitting this sort of infringement makes them look very, very bad. You have sent the offending email, complete with headers, to [EMAIL PROTECTED] havn't you? They can't do much unless you show them the evidence. Interestingly I have yet to see anything like that referring to my account. -- Sincerely etc. Christopher Sawtell
Re: OT: Paradise.net shooting itself in the foot
On Mon 19 Nov 2007 20:57:52 NZDT +1300, Wesley Parish wrote: This isn't the first day I've received an email purporting to be from Paradise.net requiring me to verify my webmail/email details to prevent said account from being closed down. Yeah, I've been getting that hogwash too. The text isn't even a laugh ... just enter your username and password here. Yawn. And Telstraclear have a big warning up someplace. I wish they'd get their act together. Permitting this sort of infringement makes them look very, very bad. Why do you assume they permit it? The one I looked at came from optusnet in Oz. They could make an effort to have that account shut down, but more likely they wouldn't be able to keep up. The only thing they could do is train their filters better. Other than that, it's easy to impersonate someone, spammers have been doing it for years. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
Re: OT: Paradise.net shooting itself in the foot
What I'm expecting them to have is some filter that looks at the purported address of the sender and at the actual history of the email, and dumps it if they are incompatible; I expect them to protect their own identity and thus their reputation even more than some other poor sod's, because their business lives or dies by their reputation. By not doing this, they are in fact permitting infringement of what is called goodwill, and goodwill isn't something to lightly throw away. Wesley Parish On Tuesday 20 November 2007 00:36, Volker Kuhlmann wrote: On Mon 19 Nov 2007 20:57:52 NZDT +1300, Wesley Parish wrote: This isn't the first day I've received an email purporting to be from Paradise.net requiring me to verify my webmail/email details to prevent said account from being closed down. Yeah, I've been getting that hogwash too. The text isn't even a laugh ... just enter your username and password here. Yawn. And Telstraclear have a big warning up someplace. I wish they'd get their act together. Permitting this sort of infringement makes them look very, very bad. Why do you assume they permit it? The one I looked at came from optusnet in Oz. They could make an effort to have that account shut down, but more likely they wouldn't be able to keep up. The only thing they could do is train their filters better. Other than that, it's easy to impersonate someone, spammers have been doing it for years. Volker -- Clinersterton beademung, with all of love - RIP James Blish - Gaul is quartered into three halves. Things which are impossible are equal to each other. Guerrilla warfare means up to their monkey tricks. Extracts from Schoolboy Howlers - the collective wisdom of the foolish. - Mau e ki, he aha te mea nui? You ask, what is the most important thing? Maku e ki, he tangata, he tangata, he tangata. I reply, it is people, it is people, it is people.