Slashdot Mirror
MS and Sendmail work together on Spam Solution
fudgefactor7 writes "Powerhouse software vendor Microsoft and the venerable Sendmail, have formed an alliance to launch a sender authentication plug-in which is hoped will combat email fraud and spam. The plug-in lets organisations verify a message's source before accepting it by automatically checking to see if an email came from where it claims it did. Could this be a sign of the beginning of the end of spam?" Update: 02/26 08:01 GMT by S : Though Microsoft and Sendmail are both working on solutions, there's no official alliance in place between the companies.
"Powerhouse software vendor Microsoft and the venerable Sendmail, have formed an alliance to launch a sender authentication plug-in which is hoped will combat email fraud and spam. The plug-in lets organisations verify a message's source before accepting it by automatically checking to see if an email came from where it claims it did. Could this be a sign of the beginning of the end of spam?"
:-)
Wow......this really sounds like it was written by a marketing director. A Slashdotter could have just as easily interpreted this as "The 800 lb gorilla of the software industry, Microsoft has coerced the long suffering Sendmail to provide Microsoft with a software patch that fixes security holes inherent in Microsoft products that allow for email fraud and spam to run rampant. Another side benefit is that Microsoft can exert their market dominance to further entrench the Microsoft monopoly by refusing email not conforming to Microsoft "standards".
Laugh, it's intended to be funny.
Visit Jonesblog and say hello.
Gee this isn't biased: "Powerhouse software vendor Microsoft and the venerable Sendmail"
They were looking for something with more vulnerabilities than Windows! Seriously, who uses sendmail? I thought we all started using Qmail or other alternatives?
Isn't this one of the signs of the apocolypse?
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
First your cf syntax, now working with Microsoft?! What did we ever do to you?! Truly, a sysadmin's worst enemy.
Game... blouses.
Could this be a sign of the beginning of the end of spam?
Dunno... but it could be the beginning of the end of sendmail. Not that it would be a bad thing...
There's much better software out there.
Microsoft working with a Free Software group to produce a standard that will be freely available?
Sounds more like the end of the world than the end of spam to me!
Beep beep.
(after all, buyviagra@biggerpenis.org is most likely sending you spam).
Hey, that's *my* email address!
We don't have a state-run media we have a media-run state.
MS will make final shot in antispam wars... they are going to stop delivering outlook
/ss
MS put a signature in all emails from outlook, and sendmail blocks everything with that signature?
The two orgs with the worst security records teaming up. The blind leading the blind, for sure.
Looks like a lot of overtime for the Symantec & McAfee programmers
With the combined stellar security records of MS and sendmail, guess how secure the new software would be.
That screams safe and secure to me. Then, maybe we could set it up with BIND.. and the computer would be safe..
until you plug it in..
(Flamebait to induce conversation.. calm down)
and I've just written an email tracking program . . .
&& aemula C. ab stirpe interiit
Seriously now.. the two most insecure mail server providers are teaming up? I smell a debacle in the making. End of spam as we know it? Unlikely factor: 9.5
;)
And I'm sure DJB will be right on top of this.
As a public service I am providing my sendmail.cf file as a configuration example.
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
HDate:@@_$_$?sfrom^*$%#%!*(()^&^&*#$##
$%@$#%&&_%#__&^#$%_#$%%___*(__Y_JY_*_*(_#$%#_
#@$@@#sonofa@#$%@@#@#$#
I know it just looks like line noise but this is a working config!
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
What is this ...article you speak of?
And I thought it was just because I had decaf this morning........
Powerhouse software vendor Microsoft and the venerable Sendmail, have formed an alliance
You misspelled vulnerable... HTH, HANDOh, I thought this was a reference to the ident protocol, already supported by sendmail, which would solve the problem in exactly the same way if firewall admins were willing to open up their AUTH ports and run identd daemons.
Nah, this is an elaboration of the same thing but on the email port instead.
Slap a few new buzzwords on it as it goes through the door, of course... PKI! WMD! Cryptographic keys! 40% more trunk room! Compassionately Conservative (Less liberal than the leading brand)! Microsoft Windows Compatible!
Now it's sure to sell. Won't stink up the room as bad as old dead identd I hope.
Offers to join MSN and special pricing on Windows Operating systems are mysteriously appended to millions of emails accross the net there after...
Usually when MS forms an alliance with someone for any reason they want to put them out of business somehow, but not sure if that would happen in this case. Isn't sendmail GPL or BSD licensed?
Only 'flamers' flame!
Does slashdot hate my posts?
If Microsoft and Sendmail are working together on Spam Solution, then I guess we can all rest assured that whatever they build, it won't have any buffer overflow problems. I, for one, am looking forward to use 1.0.0 version on my production systems.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
While it's nice to see this type of work being done, the headline is misleading.
I think you're mistaken, slashdot would never attempt to mislead their readers into a frenzy of posts about something that the article never even confirms.
-matt
"You done taken a wrong turn."
-Bill McKinney, in Deliverance
90000 messages per month works out to approx 2 message per minute.
I'm thinking you can do two "advanced reverse lookups" every minute, especially when some portion of those lookups allow you to close the connection and avoid receiving the spam.
Then again, your server is already overwhelmed by one spam every 28.8 seconds, which if you assume an average spam message size of 8k works out to be a whopping average bandwidth of 277 bytes/sec, or 2.2 kbit/sec.
PJRC: Electronic Projects, 8051 Microcontroller Tools
"It looks like you are editing your sendmail.mc file. Would you like to add:
..."
1. define('confTRY_NULL_MX_LIST',true)
2. define('UUCP_MAILER_MAX','2000000')
3. define('confAUTH_MECHANISMS', 'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
4. FEATURE(`relay_based_on_MX')
5.
The neutrality of this sig is disputed.