Posted by
michael
on from the unplug-the-ethernet-for-best-results dept.
Dru writes "Here's an article talking about the details
of implementing a network level spam defense
with Qmail. It also talks a little about a new site called
Trustic
which uses a trust system (like Advogato) for
nominating spammer/hostile IP's."
Sounds neat, but PGP'ed network sounds better.
by
Creepy+Crawler
·
· Score: 4, Interesting
I though of this when it comes to SPAM:
Have a computer certified by another individual and create a public/private key for that computer. Do this step to create a network of ID's for the servers.
Now, have admins "Sign" a certain public text that allows servers to trust other servers.
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Of course, mail servers and clients would have to have different trust relationships ala ssh.
For them mail geeks: would this be feasible? I could see CPU load go rocket...
--
Mod parent up! by Anonymous Coward (Score:1) Thurs, Nov 31, @13:37
I know a local business that was hurt badly because the subnet that their ip addresses belonged to was added to a blackhole list. They only bought a few ip addresses and there happened to be a spammer on the same subnet. They never participated in sending spam and were never told that their ip address was blocked. Many of their emails simply did not arrive at their destinations, for no clear reason. They write and sell network security products, intended to help detect and identify hackers or even spammers looking for open relays so that they can be investigated and possibly prosecuted. This was a case where anti-spam technology hurt the near opposite of the kind of people it was meant to. I don't think they ever succeeded in getting their addresses removed from the list. All the time that went by before they knew they were on the blackhole list nearly led them to bankrupty.
Re:Distrustful of Network Level Censorship
by
Delta-9
·
· Score: 3, Interesting
"Your spam may be my correspondence"
Thats why I would recommend SpamAssassin. All spamassassin does is label the mail with a "spam level" it is then up to each individual user to filter out the spam at the user level, not at the server level.
A much better method for letting your 'correspondence' get through while other users spam doesn't.
Re:Just junk SMTP? Not Possible
by
Xerithane
·
· Score: 5, Interesting
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
Just like gopher with http? You can also add a plethora of validation ontop of SMTP. SMTP, as a protocol, isn't bad. It's possible to add validation, to only accept from SMTP servers that use some sort of valid key.
Then you get to keep SMTP, and slowly migrate servers. Setup a non-profit organization for distributing SMTP authentication keys that are unique to the mail server (think SSL) and if the mail comes from that server is spam, you just block that servers key. If the server doesn't have a key, put it into a validation list or send backa response saying they need to use a mail server that supports signed-SMTP.
Easy solution, not a complete overhaul of SMTP. The problem comes in with who signs the certificates, because then you have to trust the source that delivers them. Like Verisign, et al.
Re:Distrustful of Network Level Censorship
by
John+Hasler
·
· Score: 4, Interesting
> Your spam may be my correspondence -- I may want > to get mail from those whose conduct you find > abhorrent.
You _want_ to receive mail from the bastards that are forging my domain in their penis-enlargement ads and fake PayPal confirmation requests?
> Today, a network may responsibly be censoring > only unwanted and unsolicited commercial e-mail. > Next week, the powers-that-be-in-the-networks > start censoring geek news.
I'm the only power that is on my network.
> To protect our liberties, spam control should be > decentralized -- as close to the last mile as > possible.
Can't get any closer to the last mile then right here in my office.
> Yes, of course, this means that the supposed > great harm of spam -- huge volume transmissions > through the network
"Supposed"? More than half my email is spam. And that's on a shared dialup.
-- Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:Distrustful of Network Level Censorship
by
Jahf
·
· Score: 5, Interesting
and SPAM is WORSE, WORSE, WORSE!
If you want to receive the junk, don't use one of those services, but I fail to see how someone else choosing -to- is a problem.
Your analogy is flawed. I have a choice to use AOL|Hotmail|MSN|spamassasin|etc and I pay for the connection to download, view, respond and delete my email (not to mention the time it takes out of my day). I don't have a choice whether or not to use the USPO and it takes FAR less of my time to sort out my real mail than it does email.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO analogy and would be throwing an utter FIT. But it isn't possible (is that a web page or a webmail, is that IMAP, is that secure IMAP, is that POP3, is that email tunnelled over SSH... no way).
Until there is legislation with -teeth- and a way for the little guy to prosecute you are not going to see many people agree with you about server side filtering.
-- It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
I run an SMTP server off my comcast cable connection... I've pretty much been learning as I go. Five weeks ago I began as a total novice, not knowing what an open relay was I spent 5 days with no authentication and as a result I was kind enough to forward some 22k messages offering investment advice.
As I've learned a little more about the process... I've found ORDB and MAPS to be pretty useful and successful when it comes to blocking open relays.
AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against.
There must be scope for a simple "Setting up your own mail server" FAQ.
Slashdot Mirror
I though of this when it comes to SPAM:
Have a computer certified by another individual and create a public/private key for that computer. Do this step to create a network of ID's for the servers.
Now, have admins "Sign" a certain public text that allows servers to trust other servers.
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Of course, mail servers and clients would have to have different trust relationships ala ssh.
For them mail geeks: would this be feasible? I could see CPU load go rocket...
Another blacklist (with an appeals process). Run by a guy that made his millons selling eGroups to Yahoo!.
Dunno, this doesn't look too promising.
I know a local business that was hurt badly because the subnet that their ip addresses belonged to was added to a blackhole list. They only bought a few ip addresses and there happened to be a spammer on the same subnet. They never participated in sending spam and were never told that their ip address was blocked. Many of their emails simply did not arrive at their destinations, for no clear reason. They write and sell network security products, intended to help detect and identify hackers or even spammers looking for open relays so that they can be investigated and possibly prosecuted. This was a case where anti-spam technology hurt the near opposite of the kind of people it was meant to. I don't think they ever succeeded in getting their addresses removed from the list. All the time that went by before they knew they were on the blackhole list nearly led them to bankrupty.
"Your spam may be my correspondence"
Thats why I would recommend SpamAssassin. All spamassassin does is label the mail with a "spam level" it is then up to each individual user to filter out the spam at the user level, not at the server level.
A much better method for letting your 'correspondence' get through while other users spam doesn't.
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
Just like gopher with http? You can also add a plethora of validation ontop of SMTP. SMTP, as a protocol, isn't bad. It's possible to add validation, to only accept from SMTP servers that use some sort of valid key.
Then you get to keep SMTP, and slowly migrate servers. Setup a non-profit organization for distributing SMTP authentication keys that are unique to the mail server (think SSL) and if the mail comes from that server is spam, you just block that servers key. If the server doesn't have a key, put it into a validation list or send backa response saying they need to use a mail server that supports signed-SMTP.
Easy solution, not a complete overhaul of SMTP. The problem comes in with who signs the certificates, because then you have to trust the source that delivers them. Like Verisign, et al.
Dacels Jewelers can't be trusted.
> Your spam may be my correspondence -- I may want
> to get mail from those whose conduct you find
> abhorrent.
You _want_ to receive mail from the bastards that are forging my domain in their penis-enlargement ads and fake PayPal confirmation requests?
> Today, a network may responsibly be censoring
> only unwanted and unsolicited commercial e-mail.
> Next week, the powers-that-be-in-the-networks
> start censoring geek news.
I'm the only power that is on my network.
> To protect our liberties, spam control should be
> decentralized -- as close to the last mile as
> possible.
Can't get any closer to the last mile then right here in my office.
> Yes, of course, this means that the supposed
> great harm of spam -- huge volume transmissions
> through the network
"Supposed"? More than half my email is spam. And that's on a shared dialup.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
and SPAM is WORSE, WORSE, WORSE!
... no way).
If you want to receive the junk, don't use one of those services, but I fail to see how someone else choosing -to- is a problem.
Your analogy is flawed. I have a choice to use AOL|Hotmail|MSN|spamassasin|etc and I pay for the connection to download, view, respond and delete my email (not to mention the time it takes out of my day). I don't have a choice whether or not to use the USPO and it takes FAR less of my time to sort out my real mail than it does email.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO analogy and would be throwing an utter FIT. But it isn't possible (is that a web page or a webmail, is that IMAP, is that secure IMAP, is that POP3, is that email tunnelled over SSH
Until there is legislation with -teeth- and a way for the little guy to prosecute you are not going to see many people agree with you about server side filtering.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
I run an SMTP server off my comcast cable connection... I've pretty much been learning as I go. Five weeks ago I began as a total novice, not knowing what an open relay was I spent 5 days with no authentication and as a result I was kind enough to forward some 22k messages offering investment advice. As I've learned a little more about the process... I've found ORDB and MAPS to be pretty useful and successful when it comes to blocking open relays. AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against. There must be scope for a simple "Setting up your own mail server" FAQ.