On Sat, 2003-11-15 at 19:37, Kristian Hermansen wrote: > There should be a way to stop the email spamming. You could use their > weaknesses as a way to prevent spam. The fact is that most SPAM is sent in > MASS quantities all at one time, or a very short interval. If servers could > somehow have a "global awareness" of the activity of spammers this could be > prevented. Take for instance Hotmail. Millions of users have accounts > here. Hotmail could "sense" a massive flood of "identical" content to > multiple users of their service and automatically label it as SPAM. Of > course, the downside is legitimate mass mailings that are sent out everyday > from places like PC Magazine, Security Focus, and other opt-in mailing lists > would be flagged as well. Unless, in a new email security protocol, they > implemented user specified WHITELISTS on email servers to allow legitimate > bulk emails (that otherwise would be flagged) to be let through. A sort of > "Guilty until proven innocent" approach. Just a thought... > > > Kristian Hermansen > CEO - H&T Technology Solutions > [EMAIL PROTECTED]
This is the basis of razor/pyzor/dcc - finding fingerprints within the content of messages and comparing a new email to a public database of fingerprints of reported emails. SpamAssassin will use those as factors, it adds in scores from various realtime blackhole lists, sitewide or user-specific bayesian scoring, plus assigning points based on characteristics like colored backgrounds and lines of all yelling. And it supports user and site-wide whitelists and blacklists. And it will weight your new score based on previous emails you sent - so regular business contacts can get questionable emails through if they have a history of good scoring email. And spammers just dig themselves a deeper hole. With all the features available, so grows the effort to tune it the way you want. And admins who only know their way around a GUI will quickly get lost, as there is no GUI. Of course, anyone requiring that probably shouldn't be allowed in the server room in the first place without an escort. -- Scott Taylor - <[EMAIL PROTECTED]> BOFH Excuse #389: /dev/clue was linked to /dev/null _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
