begin quoting m ike as of Wed, May 18, 2005 at 05:37:47PM -0700: [snip] > from my understanding of what a white list is, it takes quite a bit > of never-ending user-administration.
Depends on how often people change their email address, or how often you need to add/remove people from your list. A lot of people have a pretty static set of friends and relatives that they can communicate via other means. It's the geeks who end up having relationships with people they never meet... > but continuing with the idea > anyway, one ought to pollute the address book as well so as not > to offer up pure list of valid addresses on a compromised box. When grandma finally gets a machine and is shown google, and by some fluke finds a webpage of yours with one of those fake email addresses, she'll wonder why you never ever respond to her. Not such a good solution. A few "don't send email to this address I mean it" can be caught by the harvesters without (hopefully) confusing grandma or a long-lost friend. > > Set the haystack on fire. Sift the ashes. Finding a needle in a haystack > > is no problem if you're willing to engage in a little destructive behavior; > > and spammers aren't afraid of matches. > > I don't see how to implement the metaphor. I can flood your system with spam to thousands of emails to fake email addresses in the hopes of hitting your real email address... if I use a zombie net, I can cripple your machine (or mail server) without really trying. In fact, the more fake addresses you have, the harder your machine would be hit. > > So content-based matching? Is the whole message kept, or just > > a checksum of some sort? (If the latter, only exact matches > > apply, and spammers have already figured out how to make spam > > "unique" for each user.) > > > 1) yes. > 2) I don't know > 3) no > one would need to keep recent spam - say a months volume times the > number of fictitious addresses. Got an estimate as to how big that is, and how long it would take to do the matching? [snip] > > Real email gets through -- although, with a four-hour delay the first > > time -- so once you have a relationship with someone, there's no > > problem. Strangers who are legitmately trying to contact you can > > still do so. Spammers often use tools that send in a fire-and-forget > > manner -- so they won't try back (no spam!) or they'll stay online > > long enough to be listed in an RBL (no spam!). > > cool, but it seems the RBLs are likely to get "polluted" with valid IPs, > no? (just trying to understand, not criticizing) I don't recall if RBLs expire IPs after a period of time (compromised IPs will re-add themselves to the list, presumably) or not, but the good ones have a process in place to resolve people trying to load up an RBL with "good" addresses. The thing about an RBL is that there doesn't have to be just one. You can pick and choose which RBLs you will trust. Ideally, I'd think that a local group (SDCS?) could set one up and feed it "for local use". It becomes small enough so that one can meet and have a reasonable level of trust for those running it. "There ought to be just one" is generally a sign that someone is trying to exercise control -- and rarely is that exercised in your favor. -Stewart "Manually creates his own RBL by watching log files" Stremler
pgpUD343gmqjn.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
