Slashdot Mirror
Postfix's Creator Outlines Spam Solution
SATAN writes "Wietse Venema started out as a physicist, but became interested in the security of the programs he wrote to control his physics experiments. He went on to create several well-known network and security tools, including the Security Administrator's Tool for Analyzing Networks (SATAN) and The Coroner's Toolkit with Dan Farmer. He is also the creator of the popular MTA Postfix and TCP Wrapper.
SecurityFocus chatted up Venema to talk about software security, how to improve the code quality, what solutions we might have to fight spam successfully, the principle of least privilege, and the philosophy behind the design of Postfix. Venema is currently a researcher at IBM's T.J. Watson Research Center."
Just get everyone to sign their mail including companies that send you receipts and opted in spam.
I would be happy if I could reject any mail that is not digitally signed and then manage the signed mail by signature.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Your post advocates a
(x) technical (x) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
(x) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
(x) Microsoft will not put up with it
(x) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(x) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
(x) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
(x) Whitelists suck
(x) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
The dangers of knowledge trigger emotional distress in human beings.
Sounds like a mail server I used to use.
Is it some rival to JavaFX?
I always said if you had poorly-written code or spam clogging up your inbox, you would need a Venema.
He who knows best knows how little he knows. - Thomas Jefferson
...once I started reading his replies on the postfix-user mailing list. He's extremely blunt. While many are VERY helpful and detailed, a number are a sentence or two long that, paraphrased, consist of "you're an idiot."
However, he's nothing compared to Victor Duchovni (who works for Morgan Stanley, and is a major poster on the postfix-users list). His signature, and I'm not making this up:
Yeah, you read that right. 11 lines long...and this asshole thinks he's so fucking important, he lectures you about how to thank him so he can delete your acknowledgment/thank you as quickly as possible. He's often more willing to insult than help, and on numerous occasions, comes to the wrong conclusion. Worse still, he often presents his solution with complete authority and confidence, putting the helpless user on a primrose path.
Please help metamoderate.
Not that Spelling Nazi's are prevalent here or anything, but shouldn't that title read "Postfix's Creator" and not "Postifix's Creator"?
Last night I played a blank tape at full volume. The mime next door went nuts.
Postifix, Postifx or Postfix? Make your mind up !
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I dunno what google do, but I get about 1 spam per 3 days on an account that receives about 50 messages a day.
My work MS exchange address with the latest anti-spam stuff gets about 10 spams per day with the same legitimate email rate.
Without anti-spam I get about 200 spams a day at work.
I didn't know Satan had an interest in the goings on of Postfix.
From TFA:
I use Exim4 as a pre-processor for a GroupWise system.
This allows me to reject messages during the SMTP connection (no receive and then bounce back) and I have customized the rejection messages to include my phone number. As long as YOUR email admin handles error messages in any sane way, you'll get a phone number to call and talk to the guy who set up the system that rejected your email. I get a call about every other month now.
The real problem is not "aggressive anti-spam/virus measures".
It is that 80%+ of the inbound connections are spam-related. So just about ANY action taken will reduce the amount of spam. But the email admins still need to continually evaluate their processes.
We wouldn't have fewer people interested in it, we would just have a million times more bugs or one millionth the number of programs available.
Just because it is more difficult doesn't mean the people attempting it are going to do a better job at it. Flying men into outer space is difficult, just because flying men to Jupiter is a million times more difficult doesn't mean the approach we create will be more successful at it.
If anything, programming needs to be easier, so more people would do it then we could have more solutions to choose from. A parallel brute force approach with selection can produce better solutions for everybody.
...why not send your thanks to Victor.Duchovni@MorganStanley.com and perhaps tell him a bit about your day.
Spam Assassin.
No, not the program of the same name, an actual assassin that kills spammers, CEOs of companies that use SPAM etc.
And if he has some extra time, assassinate some of the Wall Street Pirates responsible for the mess we're in.
I suggest 1 Trillion Dollars as a bounty, since the Government is handing money out like candy.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I wish the Linux platform had a "one solution" product for these services. The services pegged to Postfix that I am talking about include: -
Mailman/Mailing Lists, Autoresponders, Greylisting, POP3/IMAP, unlimited domains, Sender Policy Framework (SPF), per-user filtering, per-domain policy rules, ClamAV virus, Filtering and Spamassassin Spam Filtering.
Getting these to flawlessly get set-up from scratch is a feat in itself. Why don't we have such a product? I am no coder so I cannot do much except reporting problems.
I imagine a single script a user can run then have all those services running within parameters to be supplied. Linux folks are capable of a lot more so this should not be that difficult.
Just forgot! Add a calendering application [of your choice] to the above line up.
My solution: Nuke China.
...or title should spell Postfix?
greylistd is an option, though I haven't tested it thoroughly. For those not familiar with it, greylistd works alongside your MTA and rejects ALL incoming e-mails on their first attempt. On the second attempt after some time has passed*, it accepts the email and whitelists that IP/sender for a user-specified amount of time (defaults to 60 days I believe?).
The idea is that spambots do not attempt to redeliver rejected emails, whereas regular "legit" mail servers do. When an email is greylisted, the MTA sends back a special response similar to a rejection, though it does indicate that it's a greylist response. I can see that spambots will eventually get around this by attempting redelivery, I would think. So I don't see greylisting as a long-term solution, but I'd welcome any comments on this.
By the way, if anyone knows a sure-fire way to get spam mail sent to a particular email address, please reply to this comment and let me know. I need a real-world test.
*I noticed most servers attempt to send again within 15-20 minutes; that is also rejected as I suppose the greylist server thinks that's too soon...?
Well how about this solution: http://slashdot.org/~agbinfo/journal/208701
the giver
You can throw your mail in the trash or send it back.
Because that's not the Linux/Unix way.
And because everything eventually touches mail so that means everything would have to be integrated into "one solution".
Seriously, do they?
I find it hard to believe that people still have serious problems with spam.
There is a perfectly workable spam solution that my grandmother wouldn't have a problem implementing.
I have a GMail account to which all my other e-mail accounts are forwarded. I access this account through IMAP with Thunderbird. I use Thunderbird's built in learning spam filter.
When I first signed up for GMail/started using Tunderbird, I had almost more spam than e-mails and I get at least 20-30 real e-mails a day. So I just flagged all the spam I got as spam in both Thunderbird and GMail.
Now, I get maybe, and I stress *maybe*, a single spam message that shows up in my Thunderbird inbox per week.
I go through my Thunderbird Junk folder and my GMail spam folder about once a month to look for false positives, but they are few and far between, less than one a month.
Seeing as how this solution is simple, automatic, easy and pretty much ubiquitous (who doesn't have access to Thunderbird and GMail?) I don't see why anyone needs to suffer from spam at all anymore. I sure don't.
Other than ideological reasons (i.e. problems with either Google or Mozilla) I see no reason not to use this solution.
Getting these to flawlessly get set-up from scratch is a feat in itself. Why don't we have such a product? I am no coder so I cannot do much except reporting problems.
I imagine a single script a user can run then have all those services running within parameters to be supplied. Linux folks are capable of a lot more so this should not be that difficult.
... because mail IS complicated, and each of these products has its own quirks and gotchas.
Someone who cannot be bothered to read the teeny fraction of relevant documentation necessary to properly set up this software probably has no business administering it (especially on a production network). Since a poorly configured mail server really has the potential to piss thousands of people off around the planet, I'm actually content with the current state of affairs...
P.S. you are looking for a product called Microsoft Exchange. It has nice big buttons you can point and click on. Luckily the costs involved and the presence of an official certification program serve as an effective barrier to entry for most amateur admins.
You can't have the system automatically reply to all spam like that. Go ahead and try it to see what happens. Your mail server will be buried with undeliverable forged headers *and* you'll be sending out envelope-reversed spam.
He says currently most of the cost of email is on the recipients. He thinks the structure of email should change from push to pull so the cost is more on the sender side - e.g. instead of checking your or your ISP's mail server for messages, you should poll the sender's server... You would know to poll these servers based still on small pushed email - though each with digital certificates and signatures you trust, notifying you of awaiting mail on their system. Sounds interesting... He believes that integrating Spam/AV into the MTA is not as good as separating this - and compares it with an analogy to the benefits of human specialization... sounds ok.
Also talks about Postfix internals which was kind of interesting.
...And because everything eventually touches mail so that means everything would have to be integrated into "one solution"...
Who said that? OK...why not provide such a product for those that want it? Why? Not every body does things on Unix/Linux "the Unix/Linux way." Do you still install your Linux software from source? Gentoo and Slackware had one of their feet on this route. Have you heard of Gobo Linux? They do their stuff another way...and it's exciting.
Ok, let me ask: What would be the problem with a product being put together like I suggested, with this product working exactly as advertised?
Please provide me an answer...What exactly is "the Linux way?"
I have a feeling that it's folks like you that have made Linux not that popular among the Joe Six Packs of today, because you insist on Linux doing things "the Linux way", even when this way does not produce results that one can be proud of in terms of penetration and wide appeal.
It's sad indeed.
There's a nice little article all about what makes some software secure, where other application disintegrate under exposure to the "internet elements" over at Three Sixty Information Security. It features TCP Wrappers, Postfix, and several others, and asks the question "what makes this software so uncommonly good?".
AG
At my company, Microsoft Exchange is quite stable. It processes about 1100 emails per hour. Our admin says that it is admins who do not know what they are doing that give Exchange a bad name. I am sure this applies to the Linux crowd too.
Cool!
I believe the author of Sendmail once said "Sendmail is complex because the world is complex." Now, it probably doesn't have to be as complex as Sendmail, but there will never be a one size fits all solution.
Give me Classic Slashdot or give me death!
You don't need to be a coder to set those things up, but you do need some level of competence in general systems administration and mail administration in particular, and there's not really any way around that. Sure, some Linux distros make setting those things up relatively easy (Debian and its derivatives are perhaps the best for that), but you still need some idea of what you're doing?
Why? Because email is really complex. So complex that the "Simple" in SMTP could be taken as some kind of inside joke, although it was actually relatively simple back when SMTP was born. Email routing and filtering is many respects the most complex thing done on the Internet. A single script to get all that stuff set up and working would be quite complex and almost certain to not work for everyone. Moreover, getting it set up wouldn't remove the need for ongoing competent administration.
I work for an email security company, and one of the reasons there is so much money in this is because it takes a lot of specialization to be really good at it, and for many businesses it makes the most sense to outsource it to specialists, even when they have top-notch mail admins (many of our customers are Global 2000 companies, and they have really good sysadmins in those kinds of places), email security is something we can do better than they can in most cases, and always more economically.
I've seen a few folks advocate the pull model for email and say that the burden then rests more on the sender than the receiver. I just don't see it.
I'm a spammer sending as much email to as many folks as possible. What would I rather do: send the message itself (let's say it's 2K), or send tiny receipts for a message (let's say 1/2K or less)? Then when the receivers pull their message I send the 2K message. And if I start to get flooded I dynamically reduce the size to 1K or even less? And if I'm slow, I increase the size to 5K or more (pretty pictures, etc).
I don't have to store the content - I can just generate it dynamically. And I can even send a bunch of receipts and change the spam content over time depending on who is paying me and how effective some spam solution is at any given time.
So, seriously, how does the pull method help? It seems to me that it's worse than push.
I recently abandoned a domain I've had for years because I was getting a spam email every few seconds. I could go to bed with an empty inbox, and wake up to have dozens of spam emails, even after filtering.
Without spam filtering, email would be useless to me, I would give up on it entirely. Spam filtering is not destroying the email infrastructure, it is an absolute necessity, forced upon us by spammers, that unfortunately causes a modest amount of collateral damage. To point at that collateral damage and say that it must be the filtering causing the problems is... well... totally out of touch.
And for that matter, why is the Postfix website in such shambles? Go find me the changelog. Is it in the announcements section? No. Is it in the umpteen unorganised links in the documentation section? No. You have to select "Download", pick a mirror, and then it gives you the changelog. Why is it so impossible to find anything on the Postfix website?
You can't have the system automatically reply to all spam like that. Go ahead and try it to see what happens. Your mail server will be buried with undeliverable forged headers
If you get enough SPAM that replying to them is that big a problem, shouldn't that be a bigger incentive to reducing the SPAM issue once and for all. Undeliverable is not an issue since it doesn't end up in someone's email box; Just delete it. A mechanism to stop circular replies would be needed though.
*and* you'll be sending out envelope-reversed spam.
The envelope-reversed spam may be an issue. But this is the type of issue that has other technical solutions. An authentication scheme could easily be implemented to reduce this. For example, email coming from example.com could be signed with a hash. Simply connecting to the an example.com SMTP server could provide enough information to validate the hash. On the other hand, validation replies would be relatively easy to detect so mail server that are receiving those could try to match the recipients with sent email addresses. This would make it possible to simply delete inappropriate requests.
I admit I haven't thought of every possible issue but I think it could be a good starting point.
This man is a God-Damned genius:
"...The technical arms race will continue unless politicians and law enforcement join the battle with effective measures that work across national borders.
This observation has led me to conclude that the spammers aren't destroying the email infrastructure, it's the well-meaning people with their countermeasures."
Yes! Yes! Yes!
As a system administrator, I can't tell you how many times a failure to receive a customer's e-mail was due to a poorly-configured junk scanner on the customer's network.
And fighting spam is indeed a two-pronged approach. Sysadmins AND politicians need to be proactive about fighting spam. Spam is an issue that affects communications, especially business communications, with unacceptable severity. It's time for politicians to do their fair share.
A lot of things went into the Postfix mail system. Some were already discussed in this interview. It would take a lot of time and space to discuss everything, so I will just mention a few.
Freenet uses similar techniques against spam on the Freenet Messaging System (FMS).
Two things are mentioned in the article: many eyeballs, and moving to a pull technology from a push one.
FMS uses a web of trust, similar to PGP's to rate the trustworthiness of users, and this makes it simple to do collaborative filtering of spammmers (many eyeballs).
It also uses a pull technology, where each user has their own message queue, and you poll the queues of people you trust. There are tricks to make this scale up, so you don't have to be polling millions of people all of the time.
Initial entry to the web of trust is done mainly through a captcha system, although it can be done through any out-of-band method. Even if the captchas are defeated, which they will be regularly since this is an arms race, the first two steps should mitigate the damage done, by rapidly spreading bad trust values for the spammer to other users before they get to downloading their messages.
It works well in practice on a small scale, but obviously there are neither the numbers nor the dedicated spammers to test it out properly.
If anyone wants a challenge, please come on Freenet and try to spam the Freenet Messaging System!
One email every 3 seconds is not a difficult task, unless you work for a lawfirm that likes to email around PDF attachments running in excess of 100 MB. Then we'll talk.
-l
Help cure AIDS, cancer, and more. Donate your unused computer time to worldcommunitygrid.org. Join Team Slashdot!
What stops a spammer from grabbing the signing keys and using them to their heart's content? Remember, most spam comes from botnets and they're not exactly technological idiots.
Spam will be a problem as long as it is so cheap for them to send you their crap. Maybe with a new email protocol parallel to SMTP where you have to pay a fee for each email you send (this fee could be set on a sender by sender basis).
What I am talking here is a new email protocol with new server software and mailboxes. The big ones (google, hotmail, yahoo, aol, etc) could allow you to sign-up for these new mailboxes where you could even GET PAID a percentage of the fee for each email you receive.
This would not stop spam but how does it sound getting $0.02 for each spam you receive?
HTML is obsolete. It's time for a new, simpler and richer markup language.
Most mail servers (all the good ones) already detect mail loops at least as a configurable option. That's not the problem.
If you're hash-validating mail to fix the problems of envelope-reversed spam, why not just hash-validate mail in the first place?
If I want to spam you, I can just send spam to someone using your proposed envelope reversal as you. The way to stop that is to require validated senders, but the server admin on the sending server gets to decide who's a valid sender. A spammer can afford a Linux box running an MTA, so unless you can force others to swear in court or something that their authenticated and authorized senders aren't sending spam, then you're still SOL.
Simple, Email as it stands is flawed.
A botnet can just take over random computers and they can throw out emails everywhere with whatever message they want and make it look like it is from wherever. Change email to be pull instead of push. Now the email client has to connect to the sever to download any messages mean for it. Unless each botnet client has that URL pointing to it it is now impossible or at least very hard for them to work as a spam device. You can then white or blacklist servers rather than email addresses (Bit harder to setup servers for spamming purposes unless the server itself is botted) and you can use encryption and security certificates to verify the server's identity.
Of course actually changing something that has become so ingrained is nearly immpossible.
Just make it clear to politicians that terrorists can hide their communications in the spam flow (to defeat traffic analysis), and you'll wonder how fast governments will scramble to not only outlaw spam, but also to target and prosecute spammers. It could be much more effective than any other technical solution. But is the benefit of catching the top-100 ROKSO spammers and sending them to Guantanamo worth the increased surveillance and governments' grip on the Internet?
cpghost at Cordula's Web.
1. Send bogus spam
2. When someone responds, cut their Internet access for a week
3. Profitable spam responses decline and the spammers give up.
Certainly where programming is more difficult, those doing the programming can make more mistakes. But this rise in mistakes is not in proportion to increase in difficulty for the top programmers that would remain. The real serious impact of increased difficulty is that less programming would get done. The difficulty referred to is more about the entry barrier to programming, rather than the work itself. But anything that would slow down the programmer and make them think about what they were doing is a good thing in general.
We might well have a lot fewer programs. But that would be a good thing considering some of the junk out there.
I did some contract work for a company over the Y2k transition evaluating the bugs that happened leading up to, and following, the big year changeover. Only one such bug was found in a program in C, and it was found months ahead in some testing. Of about 50 bugs found, the vast majority were in "quicky" programs done in languages like Perl and shell scripts. Programmers used shortcuts that were easy to do in these languages (concatenating "19" to converted values of years since 1900, more often getting "19100" instead of "1900").
Good programmers were doing things the right way with respect to Y2k years before the transition. Of those bugs I could determine when they were coded, I ranked them by date and found that the median was in late 1998. That means half of the bugs were coded within less than 2 years of 2000. Programmers were simply not paying attention to what they were doing and how they were doing it.
now we need to go OSS in diesel cars
although if you want to call yours an inbox....
The best theoretic solution is to change the email distribution model, but this may never happen. Right now, email is a "push" technology where the sender has most of the control, and where the receiver bears most of the cost. The alternative is to use a "pull" model, where the sender keeps the email message on their own server until the receiver downloads it. For example, when my bank wants to send me email, they would send a short message with an URL to view their mail, and my email software would download the message for me. This assumes of course that my email software recognizes my bank's email digital signature and their Web site's SSL certificate, otherwise we would have a phishing problem. Legacy mail software would tell the user that they have email at their bank, and leave it up to the user to download their email.
The "pull" model would change the economics of email. It would move the bulk of the cost from the receivers where it is now, to the senders where it belongs. No-one would read email if its sender doesn't provide a service where recipients can download it from.
We could go ahead and establish a standard for this pull model. We don't have to suddenly change everything over to the pull model all at once since the asynchronous notification of a message being available would be sent via email. But with such a standard in place, this allows more legitimate senders to start using it, as well as mail agent/client to recognize it. It can be a gradual migration. The notifications would just look like an enclosed URL to an email agent/client that doesn't implement the detection of the notification.
Of course, spammers will use this method. But it forces them to have a server running somewhere to accomplish this. This issue would be addressed by performing certain validations on the notification that would normally not be doable on just any URL included in a message. Among the validations is that the URL must have a relationship to the server sending the notification (if it's the very same machine, that's a quick positive, but at the very least it might need to be the same domain name). Mere IP addresses as URL hosts would be rejected. And a specific port number might be specified by the standard for the pull server (notifications with a different port can be rejected). These validations would, among other things, make sure that botnet machines are not accessed to pull messages.
My point is, we can start doing this "now" (as soon as a standard is established). The transition can be a gradual process. And it can be one where we verify the correctness and make changes to the standard if necessary on a smaller scale.
Still, I have some concerns about the pull model. It does give the sender more information about the recipient (for example, what time of day that read mail). Some of that can be avoided with auto-pulling. And spammers can still cut their costs by not actually having duplicate messages on the pull servers, even though the URLs to access them would all be different (to avoid notifications being detected as duplications).
now we need to go OSS in diesel cars
Quite rightly the importance of legal measures regarding the spam are most important. But that will not happen unless public awareness steps the stage. Both legislation-wise and privacy-wise. By privacy I mean the fact that most people don't care about their private data being left on discussion boards, lists, etc.
One simple step to prevent spam is to handle your data carefully and in cases in which you need to display your data, at least obfuscate it. There are many tools to do it, e.g. obfuscatr, a Dashboard widget for Mac OS X users. It provides JavaScript or just plain hexadecimal encoding of your email. See the details at obfuscatr 1.1.0 release announcement.
Of course, there are loads of online tools that perform similarly.
You could use something like Zimbra which takes care of most of your list of requirements... it's a little lacking in the mailing lists side of things (e.g. self administrating lists: list admins) but it should be easy enough to link to Sympa via SOAP. Otherwise it does mailing lists fine. SPF is flawed IMHO, instead look at BATV.
Ideally you'd run your own custom rolled Postfix MTA with greylisting, BATV and whatever else you please, then a Zimbra mailhost behind that. This way you retain all the standard control at the edge, and the Zimbra gooey goodness is available internally. The alternative is to run Zimbra standalone, though you give up some flexibility - or you have to get hacking to get it to do particular things. The trade offs/balance is up to you
If you're hash-validating mail to fix the problems of envelope-reversed spam, why not just hash-validate mail in the first place?
Because I don't want to impose any additional technical requirements. I want the SMTP protocol to work as is.
If I get a spammer that sends me email, his spam won't make it to my inbox. If it's a mailing list I didn't subscribe to, I don't care about it. If it's a legitimate unsolicited email and the sender hasn't been white listed yet then he probably won't mind having to respond to one time CAPTCHA.
On the other, if my mail server starts receiving a lot of requests for authentication then I can provide a way to easily filter spam. Since this type of email always comes from servers that provide authentication, I can safely let the mail through.
If I want to spam you, I can just send spam to someone using your proposed envelope reversal as you.
You can't spam me. You could spam someone else if the mail server of the forged "FROM" address doesn't check for the signature but what would be the point. The only message you'd spam with is a message with some text such as "I believe I have received an email from you. You address has not been white listed. To prove that this is not spam, please click here..."
The way to stop that is to require validated senders, but the server admin on the sending server gets to decide who's a valid sender. A spammer can afford a Linux box running an MTA, so unless you can force others to swear in court or something that their authenticated and authorized senders aren't sending spam, then you're still SOL.
If an authenticated server is sending spam, then that server will get a lot of reverse mail to ask for mail validation. That authentication only says that some mail came from that server. That mail is not trusted. It's considered spam until the sender is approved.
Here's a scenario:
The worst that can happen is that some human recipient that got spammed is white listed because he chose to respond to the CAPTCHA or my mail server gets black listed on that particular server. If Google Mail or any other big source of email starts using this system, this would be very unlikely.
I am inclined white list and then require a Proof of Work to bring any message not on the white list to my attention without error prone automated spam checking. When possible, reject at the smtp level of course to avoid relying on the easily forged headers and provide immediate feedback.
Unfortunately, no Proof of Work authentication systems are available yet.
In spite of your tone, I'm drawn to this discussion.
Personally, I would *love* to run my own mail server, but I *know* I'm bound to make a lousy job of it because, as you say, it's complicated as all-getout and only knowledgeable folk should be allowed to operate such machinery. Let Joe User do it and he'll flood the Internet with yet more spam.
The thing is though, this used to be the case, too, for media streaming file servers, setting up X on a BSD box, and so on -- but eventually, solutions cropped up that met people's needs in an easy way. Samba, SWAT, I know you know what I mean.
The gods know that I've read and read and read documentation, but frankly, I want to have better things to look back upon when my life eventually flashes before my eyes. Right now, I'm Joe, so it would be futile to try. Which leaves me without a mail server.
This being *nix, and mail applications being composed of many tiny pieces, it *should* (in nice, convenient theory) be possible to give people an easy way to install and configure a mail system piecemeal.
I guess the reason the situation is still as it is, is because traditionally the task of handling mail has been deferred to ISPs and big players; and only lately are people getting smart enough to question whether that really is in their best interest.
"Good news, everyone!"
"Postgrey is a program which implements greylisting and is
designed to work with the Postfix MTA."
WWW: http://postgrey.schweikert.ch/
Available for FreeBSD at freshports ... see, it's not that weird a thought? We just need to make it a more common one.
"Good news, everyone!"
Yes, people really still have problems with spam.
Yes, some people even don't want to use GMail, now isn't that crazy? It's a very, very nice AJAX email 'client', and it really does do wonders for (that is, against) spam. All you have to put up with is to let a huge and insanely powerful foreign corporation read your email, but that can't be so bad, now, can it?
Yes, it can.
"Good news, everyone!"
If anything, programming needs to be easier, so more people would do it then we could have more solutions to choose from. A parallel brute force approach with selection can produce better solutions for everybody.
We already have that in a wide range -- VB, shell, etc., on up to C.
If you want easy, it's there. But then you just shift the bugs and "features" out of your code into someone else's. I'm not saying one is necessarily better, since requirements differ. But I don't think the number of bugs has been reduced. You just can't get any easier than some of the "languages" that are offered, so that's not the problem.
People being prone to error is the problem.
It seems despite past tensions between Wietse Venema and Daniel J. Bernstein (the author of qmail), they agree on the approach to solving spam. Bernstein proposed a similar system called Internet Mail 2000 (Wikipedia entry).
Anyone know of any projects that make this easier to do?
Firefox + Gmail + http://getfiregpg.org/ = An excellent, private email service.
Get your own free personal location tracker
Apparently, being helpful is not appreciated if you aren't also willing to stroke the egos of the people you're trying to help.
One of my favorite people on the net is Howard Chu. Howard frequently answers people's questions either with a link and no explanatory text or with a specific reference to a page in a book.
Sometimes people jump salty "How dare you tell me to RTFM you inconsiderate rude bastiche!" and get roundly flamed (usually not by Howard, incidentally, but by people like me who appreciate the clarity and brevity of his replies).
It depends on how the pull model is implemented. For example, an RSS feed can't get spammed, because it's polling based - you know where it's coming from and you decide when to get something. It could be extended to add email functionality. For example, getting email from someone you don't know could be supported by allowing a notification message to be propagated through an intermediary known by both, or several intermediaries, all of who are essentially "vouching" for the trustworthiness of the sender.
Spam wouldn't be absolutely impossible in a system like that, but each instance would get shut down so fast (e.g. if someone's machine is infected, you can stop polling their feed, yet you can still send email to them telling them their machine is a bot now because they could still poll you), and the spread would be so limited, that spam would probably not be worthwhile anymore.
Err, no. Google's still got your mail.
"Good news, everyone!"
That used to be 60MHz Pentium territory with just about any mail transfer program you can think of. Of course MS Exchange does a lot of other stuff because it is rather dismal as an email program. Throw enough hardware at it (never in just a single machine unless you want trouble) and it works however - and with recent versions backups are now possible!
The very bad name came from the early versions. Stupid mistakes like being configured as an open relay by default and having to shut the entire steaming mass down to do backups gave MS Exchange the reputation it has today. I had the misfortune of dealing with three MS Exchange Version 5.5 production machines and a fourth used for disaster recovery drills - the mail kept coming through but with a vast amount of stuffing about. IMHO it wasn't good enough to be released as version one - it was really a hobby system you pay a huge amount for supported by an ecosystem of third party software just to keep it alive. Give me configuration files instead of registry hacks any day.
Email is now assumed to be close to instant communication. Greylisting breaks this badly and the spammers moved on long ago.
That's what I meant. You got it, thanks. What we need is a script to grab Postfix and all the necessary addons to create a robust solution.
But I tell you...to get a Linux server running with all pertinent services in today's complex world is a feat in itself.
When one of the components gets an upgrade, chaos can reign. This should not be the case. What I was suggesting would take care of all this and many other issues.
The certification program is not a barrier to entry -- no certificate is required to become an Exchange admin.
I think the BlueSecurity people did it right; the only problem was that their infrastructure couldn't handle the war they created.
Okopippi has died.
Oh vell...
It's a very, very nice AJAX email 'client', and it really does do wonders for (that is, against) spam.
Sure, but you are not required to use their client. As I pointed out, you can use your own client (like Thunderbird).
All you have to put up with is to let a huge and insanely powerful foreign corporation read your email
You see now, that just sounds paranoid to me. I highly doubt that Google has the people power to actually have a human read every piece of mail that comes through their servers. Now having a computer scan my e-mail, and create content hashes etc... for the purposes of providing a better service and blocking 20-30 spam messages a day, I have no problem with, and am perfectly happy to consent to. Who cares if a computer inputs your e-mail content into an algorithm somewhere? It all just gets turned into a series of innocuous numbers, there's no actual person snooping through your mail.
Of course, Google has access to the stored content and could provide said data were they subpoenaed, but this is no different than any other ISP/e-mail provider. If you have e-mail, the people you pay for the service most likely have copies of all your e-mail on disk somewhere. Big deal. Google is no different in this respect than any other e-mail service provider. In this day an age, it is highly unlikely that you will find much effective difference between the terms of service of one e-mail provider to another. They're all pretty much the same (yes I am sure there must be some "high-end" premium services available that cost much more for more user-friendly terms of service - but this is a digression, I'm talking about e-mail service for regular users).
So what? Who cares if Google has access to my e-mail content? E-mail has never been guaranteed to be secure in the first place, and a lot of it is flying around the internet in a perfectly readable form to anyone capable of intercepting the data packets. You have to assume your e-mail is publicly readable by default anyway! If I do have something sensitive to say to someone, that I don't want anyone else to be able to read ever, I will encrypt it. It's hardly the job of my e-mail provider to guarantee my e-mail privacy when messages are being packet-switched across a public network.