|
Grex > Coop13 > #376: The problems with Grex, e-mail and spam | |
|
| Author |
Message |
| 25 new of 480 responses total. |
ball
|
|
response 43 of 480:
| 
Nov 15 09:14 UTC 2006 |
Does "!/bin/sh" work from the menu prompt?
|
remmers
|
|
response 44 of 480:
|
Nov 15 12:21 UTC 2006 |
Yes.
|
ball
|
|
response 45 of 480:
|
Nov 15 15:42 UTC 2006 |
Tidy :-)
|
denise
|
|
response 46 of 480:
|
Nov 16 08:37 UTC 2006 |
Would all this spam mail go away if one was to get a new account [and never
using email to begin with]?
|
keesan
|
|
response 47 of 480:
|
Nov 16 16:07 UTC 2006 |
If you got a new account and were a paying member, and never gave anyone
except trusted friends your email address, you could send mail to them, and
probably also receive mail without getting spam. If you are not a paying
member you would be a new user and could not send mail except locally from
a new account. And your old account would continue to receive spam for at
least three months until it got deleted. But sometimes worms get hold of your
email address in other people's address books - can spammers find you that
way?
|
ball
|
|
response 48 of 480:
|
Nov 16 17:43 UTC 2006 |
Yes they can, not least because worms can report back to
spammers and other criminals. It may help a little to create
a username that is not an ordinary English word, since
spammers are likely to try {dictionary}@cyberspace.org
|
rcurl
|
|
response 49 of 480:
|
Nov 16 20:57 UTC 2006 |
I have seen e-mail systems where recipients of e-mail must authorize accepting
e-mail from all correspondents. This is, of course, only a filter on from
addresses, but it should drastically cut down spam from major lists. Is this
implementable here?
|
blaise
|
|
response 50 of 480:
|
Nov 16 21:13 UTC 2006 |
Challenge-response systems are a bad idea; they produce what is known as
"outscatter". (A spammer sends an email posing as a user of a large
system; the c/r system sends a challenge to that user. That challenge
is unsolicited bulk email being sent to that innocent user whose email
address has been fraudulently used without his/her knowledge.)
|
tod
|
|
response 51 of 480:
|
Nov 16 21:35 UTC 2006 |
re #47
Direct Harvest Attacks can guess email addresses through mailserver responses.
|
rcurl
|
|
response 52 of 480:
|
Nov 16 21:38 UTC 2006 |
True. But first, but what fraction of spam is spoofed e-mail? If it is a small
fraction, then the net result would be a significant reduction in spam
(so long as the recipent's system automatically rejects denied source
addresses).
Then spoofed e-mail would indeed be redirected to an innocent user, but that
e-mail would be from him/her self, which could be flagged for automatic
rejection. Would not being able to send yourself e-mail be a major hardship?
|
rcurl
|
|
response 53 of 480:
|
Nov 16 21:39 UTC 2006 |
#51 slipped in. #52 responds to #50.
|
blaise
|
|
response 54 of 480:
|
Nov 16 22:02 UTC 2006 |
Rane, the email would not be from him/herself but from the intended
recipient of the spam. You couldn't block the receipt of challenges
without preventing yourself from being able to send to people who use
c/r systems, but unless you do you open yourself to being the recipient
of floods of challenges when a spammer happens to use your email address
as the alleged sender of a spam.
|
ball
|
|
response 55 of 480:
|
Nov 17 01:03 UTC 2006 |
It seems to me that the vast majority of spam and UCE has a
spoofed from: address. Not being able to send to myself
would be an inconvenience because I have a poor memory and
frequently email myself notes.
|
glenda
|
|
response 56 of 480:
|
Nov 17 01:13 UTC 2006 |
To some being unable to send email to themself would be a hardship. I often
do homework at a work or school computer and email it to myself as a backup.
This has often proven to be a lifesaver when I either couldn't use or lost
the media it was saved on, i.e. one time I spent quite a bit of time on an
assignment at work but didn't have time to print it. I saved it to a zip
drive, the work computer didn't have a floppy drive. I went into the lab at
school to print it out (I got there about 10 min before class started) to
discover that not only were the computer science lab computers still using
Win98 (WCC was using WinXP by then), but they had not zip drives. I just
grabbed the copy I sent myself from email, printed it and still had time to
grab a cup of coffee before class started.
|
rcurl
|
|
response 57 of 480:
|
Nov 17 02:23 UTC 2006 |
Don't your e-mail programs have a "sent mail" file? Certainly the programs
could have a "save copy" option that does not "send" the e-mail. Mine has
a postpone command, which saves the unfinished copy until I retrieve it.
I'm talking here about changing e-mail systems to suppress spam. How they
currently work is not an argument against modifying the systems.
Re #55: I would think that spoofed e-mail is the minority, but I may be
wrong. Do you have data to show it is the majority?
Re #54: Let's keep it straight who is on first and who is on second....
Say, I am "A" and a spoofer sends me mail apparently from "B", who is in
my OK file. I will receive it, recognize it as spam, and write to B to
tell them they have been spoofed and to change their e-mail address and
let me know so I can update my file. Since they have a similar file, they
can inform everyone on it that they have changed their e-mail address.
It would be desirable to have a convenient way to automate this. E-mail
addresses would have to be easily changed.
If B is not in my OK file, they will get a c/r message, and have to jump
through the hoops to contact me and ask me to put them in my OK file.
In any case - there should be more effective and easily employed
strategies invented to halt spam. The current situation appears to be one
where people have given up. I'm only making suggestions, perhaps feeble
ones, because the current situation is untenable.
|
keesan
|
|
response 58 of 480:
|
Nov 17 03:29 UTC 2006 |
Spamassassin is getting most of my spam, but I have been adding a new filter
every day for stock spam, which mutates a lot.
|
rcurl
|
|
response 59 of 480:
|
Nov 17 06:28 UTC 2006 |
You should not have to fight spam on a daily basis. There should be a
universal solution - like the idea to charge a small fee for every e-mail
sent, say $0.001, or whatever will make untargeted advertising unprofitable.
|
ball
|
|
response 60 of 480:
|
Nov 17 07:24 UTC 2006 |
Re #57: I use (and very much like) the Berkeley mail program,
which doesn't have a sent mail folder. Any messages that I
want to keep a copy of, I simply cc to myself. I spend time
every day deleting plenty of UCE with spoofed from: headers.
If you like, I can certainly forward some to you. Spam-
Assassin has helped a lot, but as keesan suggests, the
volume just keeps going up. I may tweak my score setting.
|
cmcgee
|
|
response 61 of 480:
|
Nov 17 13:01 UTC 2006 |
Yikes! Changing your email address every time you get a spoofed email!
I'd go crazy trying to keep business cards and stationery up to date, to say
nothing of notifying friends. How would people I gave my email address to
last week get in touch with me? That's like saying I should change my phone
number every time I get a marketing call.
And, no I do not want to pay google, or ATT or anyone else to send emails!
Perhaps someone could offer a spam-free premium email service, that people
like Rane and Sindi could subcribe to and pay for. For me, prudent use of
my email on the net keeps most of my emails clean.
As for the rest, the delete key works. It takes just a few seconds.
|
blaise
|
|
response 62 of 480:
|
Nov 17 14:11 UTC 2006 |
Rane, the problem is that when you receive a message spoofed to appear
to be from C (who is not in your OK file), you will send C a challenge.
If 100 messages were sent purporting to be from C, C receives 100
challenges (from 100 different users). That is the huge flaw with
challenge/response systems.
|
krj
|
|
response 63 of 480:
|
Nov 17 16:58 UTC 2006 |
Rane in #57:
> Re #55: I would think that spoofed e-mail is the minority, but I may be
> wrong. Do you have data to show it is the majority?
I don't have data, but I handle spam complaints as part of my job,
and my experience is that the amount of spam with spoofed "From:"
addresses is, for a first cut approximation, 100%. Forging the
"From:" address is trivial, if you know SMTP (Simple Mail Transfer
Protocol). The protocol has no requirement that the FROM: field
have any relationship to the actual sender of the message.
Spammers stopped using their own From: addresses
long ago, as soon as pushback from the spam recipients started
coming back at them.
|
keesan
|
|
response 64 of 480:
|
Nov 17 17:23 UTC 2006 |
Most mail providers use a spam filter by default. Some (AOL?) use continuous
feedback from users to tune the filter. Grex and sdf are exceptions.
Today no spam slipped through my filter.
|
rcurl
|
|
response 65 of 480:
|
Nov 17 18:58 UTC 2006 |
This situation, and the responses here opposed to apparently all "cures" for
spam reminds me of the acceptance of the 40,000 annual deaths in auto
accidents, because of the inconveniences that would result from any attempt
to decrease the number of deaths.
I'm guilty of this too. I find it "cheap" to just delete the spam - so far.
But I don't argue, as others seem to here, against all proposals to eliminate
spam, without coming up with workable alternatives. If you don't like my
(probably partial) solutions, what are yours? (Ask the same about auto
accident deaths.)
There occurs interesting evolutions in the nature of spam. The Nigerian frauds
are way down and now it is investments - which, incidentally, don't seem to
provide any way to respond even if you wanted to. They don't even ask you to
do anything.
|
mcnally
|
|
response 66 of 480:
|
Nov 17 19:42 UTC 2006 |
re #65: The thing is, that smarter people than you, ones who actually know
how e-mail works, understand the issues, and aren't making wildly incorrect
guesses about the nature and quantity of spam, have been trying for years
to solve this problem. It's a hard problem: it combines technological,
economic, and sociological challenges, and that's just for starters.
If some of us seem a little jaded and unenthusiastic about your suggestions
it's not because we're not open to the idea of a solution -- for some of us
whose work involves combatting the problem very little could please us more.
It's because we've long ago considered and rejected as flawed all the easy
solutions and some which are not so easy. The countermeasures we've tried
to adopt have worked, to varying degrees, for limited times, until the
adversaries in the spam-sending world figured out ways to circumvent them.
You're an accomplished expert in your own field. Most of us recognize that.
Give us a little benefit of the doubt, too, and don't assume that a half our
of uninformed theorizing on your part is going to revolutionize the fight
against spam..
|
rcurl
|
|
response 67 of 480:
|
Nov 17 19:51 UTC 2006 |
I agree, I'm a e-mail system dummy. But it is still my duty as a citizen
to raise the issue in any way I can, even by offering unworkable
solutions. It is better to be part of the outcry against spam than to just
sit back and suffer from it. Nothing I do will *revolutionize* the fight
against spam, but it might raise more advocacy against it. The
"professionals" at least appear to be too complacent. Maybe we need to get
a better crop of "professionals" that better appreciate the waste of time
and other resources engendered by spam.
|