Fighting email spam and anti-UBE pointers

Fighting email spam and anti-UBE pointers

am 07.03.2006 06:30:48 von unknown

Archive-name: mail/anti-ube-pointer
Posting-Frequency: 2 times a month
Maintainer: Jari Aalto A T cante net

Announcement: "Bounces, Challenge-response systems, MTA, Bayesian tools (article pointer)"

Availability

FAQ archive is at http://www.faqs.org/faqs/

This message is an excerpt from bigger from Procmail Module
Library project's README.html document titled "Procmail
strategies against spam." available at
http://pm-lib.sourceforge.net/

The key points discussed in the document:

- Auto-replying or bouncing is considered a bad tactic
- MTA rejects can be abused and system administrators should
check their setup at least in regard to viruses.
- Challenge-Response system is based on false assumption that sender's
address can be used for authentication. It cannot and thus any C-R
system will contribute nothing else by amplifying the spam problem.

See picture http://pm-lib.sourceforge.net/pic/cr-system-joe-job.png

What should be done then?

- Bayesian tools are non-intrusive, harm no third parties
(in contrast to C-R), are easy to use and provide a good shelter.
- Battery of bayesian tools give even better shield due to
each program using a slightly different algorithm.

Many clarifying pictures are included:

- How address harvesting works
- How viruses should not be treated (at MTA level)
- Challenge-Response based authentication (overview)
- Challenge-Response system causing "Joe-Job"
- How MTA level UBE prevention works
- Procmail with battery of statistical tools

Table of contents:

1.0 Thoughts about increasing spam annoyance
1.1 Bouncing messages do no good
1.2 Rule based systems are not the solution
1.3 Challenge-Response systems make matters worse
1.3.1 Challenge-Response is not a doorbell but a
gun shooting decoys
1.3.2 Questioning Challenge-Response systems implementations
1.3.3 Summary - What are the effects of Challenge-Response
systems
1.4 Spam appearing in your yard - a story

2.0 A lightweight UBE block system with pure procmail
2.1 Suitable for accounts which ...
2.2 Where to put "pure procmail" UBE checks?
2.3 Using Procmail Module Library to fight spam

3.0 A heavyweight UBE blocking system
3.1 Advice for Debian Exim 4 mail system administrator
3.2 Advice for the normal account
3.3 Configuring Bayesian programs
3.4 A heavyweight spam catch setup using procmail

Some terminology

._UBE_ = Unsolicited Bulk Email
._UCE_ = (subset of UBE) Unsolicited Commercial Email

_Spam_ = Spam describes a particular kind of Usenet posting (and
canned spiced ham), but is now often used to describe many kinds of
inappropriate activities, including some email-related events. It
is technically incorrect to use "spam" to describe email abuse,
although attempting to correct the practice would amount to tilting
at windmills.

_Spam_ = definition by Erik Beckjord. "Some people decide that Spam
is anything you decide you want to ban if you can't handle the
intellectual load on a list." Remember, not to be confused with
real spam, which is unwanted bulk mail.

People are nowadays seeking a cure which will stop
or handle UBE. That can be easily done with procmail (under your
control) and with sendmail (by your sysadm). In order to select the
right strategy against UBE messages, you should read this section
and then decide how you will be using your procmail to deal with it.

Re: Fighting email spam and anti-UBE pointers

am 07.03.2006 12:03:36 von Alan Connor

On comp.mail.misc, in , " (Jari Aalto+mail.procmail)" wrote:
> Path: newsspool2.news.pas.earthlink.net!stamper.news.pas.earthlink .net!elnk-nf2-pas!newsfeed.earthlink.net!newshub.sdsu.edu!ne ws.glorb.com!wn11feed!worldnet.att.net!209.244.4.230!newsfee d1.dallas1.level3.net!newsfeed2.dallas1.level3.net!news.leve l3.com!bloom-beacon.mit.edu!senator-bedfellow.mit.edu!dreade rd!not-for-mail
> Message-ID:
> Supersedes:
> Expires: 5 Apr 2006 05:30:29 GMT
> X-Last-Updated: 2004/11/05
> Organization: none
> From: (Jari Aalto+mail.procmail)
> Subject: Fighting email spam and anti-UBE pointers
> Newsgroups: comp.mail.misc,comp.answers,news.answers
> Approved: news-answers-request AT MIT.EDU
> Followup-To: poster
> Precedence: bulk
> Originator: faqserv@penguin-lust.mit.edu
> Date: 07 Mar 2006 05:30:48 GMT
> Lines: 90
> NNTP-Posting-Host: penguin-lust.mit.edu
> X-Trace: 1141709448 senator-bedfellow.mit.edu 577 18.181.0.29
> Xref: news.earthlink.net comp.mail.misc:76742 comp.answers:45838 news.answers:222174
> X-Received-Date: Mon, 06 Mar 2006 21:30:50 PST (newsspool2.news.pas.earthlink.net)




Newcomers should search the history of this frequent posting
at http://groups.google.com/advanced_group_search

This fellow is a spammer pretending to be a spamfighter. He
advocates the use of inferior filters and goes out of his
way to slam the only filters that actually do work.

The thing to keep in mind is that there are a LOT of people
with decent computer skills that want to make a living on
the Internet. But there are only so many positions available
as sysadmins and other related technical positions.

So what does that leave? Marketing. And that means spam. Most
Internet professionals do NOT want to end spam. They want to end
the OTHER guy's spam.

So they do not want you to use Challenge-Response filters.

They want you to use filters that they know very well and
can beat.

[Note: I don't read the articles of "Sam" or his numerous
sockpuppets or his 'friends', nor any responses to them.]

Alan

--
http://home.earthlink.net/~alanconnor/elrav1/cr.html
Other URLs of possible interest in my headers.

Re: Fighting email spam and anti-UBE pointers

am 07.03.2006 12:56:13 von Sam

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-9013-1141732572-0003
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Usenet Beavis writes:

> On comp.mail.misc, in , " (Jari Aalto+mail.procmail)" wrote:
>
>



BEAVIS!!! Where you've been the past couple of weeks, little buddy? Off
visiting Bigfoot?

Oh, I see -- you've been spanked out of alt.survival again.

> Newcomers should search the history of this frequent posting
> at http://groups.google.com/advanced_group_search

Then, they should check out http://groups.google.com/groups?q=usenet+beavis

> This fellow is a spammer pretending to be a spamfighter. He
> advocates the use of inferior filters and goes out of his
> way to slam the only filters that actually do work.

Sounds like you're talking about yourself again, Beavis.

That's our Beavis, all right.

> The thing to keep in mind is that there are a LOT of people
> with decent computer skills that want to make a living on
> the Internet. But there are only so many positions available
> as sysadmins and other related technical positions.

Too bad that you can't qualify for any of them.

> [Note: it's not my fault that I'm a complete dumbass. I was dropped on my
> head as a child. See http://www.pearlgates.net/nanae/kooks/ac/ for
> more information]
>
> Beavis



--=_mimegpg-commodore.email-scan.com-9013-1141732572-0003
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQBEDXTcx9p3GYHlUOIRAkI2AJ9X2U+hffMg2nRHTpNVOOIEkrMFbgCe Jkzd
Bcr5wcyCAcVQ6CjZyaRUG0g=
=FoCB
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-9013-1141732572-0003--