Slashdot Mirror
Postfix's Creator Outlines Spam Solution
SATAN writes "Wietse Venema started out as a physicist, but became interested in the security of the programs he wrote to control his physics experiments. He went on to create several well-known network and security tools, including the Security Administrator's Tool for Analyzing Networks (SATAN) and The Coroner's Toolkit with Dan Farmer. He is also the creator of the popular MTA Postfix and TCP Wrapper.
SecurityFocus chatted up Venema to talk about software security, how to improve the code quality, what solutions we might have to fight spam successfully, the principle of least privilege, and the philosophy behind the design of Postfix. Venema is currently a researcher at IBM's T.J. Watson Research Center."
...once I started reading his replies on the postfix-user mailing list. He's extremely blunt. While many are VERY helpful and detailed, a number are a sentence or two long that, paraphrased, consist of "you're an idiot."
However, he's nothing compared to Victor Duchovni (who works for Morgan Stanley, and is a major poster on the postfix-users list). His signature, and I'm not making this up:
Yeah, you read that right. 11 lines long...and this asshole thinks he's so fucking important, he lectures you about how to thank him so he can delete your acknowledgment/thank you as quickly as possible. He's often more willing to insult than help, and on numerous occasions, comes to the wrong conclusion. Worse still, he often presents his solution with complete authority and confidence, putting the helpless user on a primrose path.
Please help metamoderate.
As a big fan of signed e-mail, I see something like this:
Anything signed by someone I trust, arrives in my inbox. Anything signed but not by someone I trust, goes into a holding box from which I can fish e-mails I want. Anything not signed, or with a corrupted signature is rejected as unacceptable at the MTA level.
Now, anything arriving in my inbox can only be spam if someone I know has a hacked system, which should be rare AND I can contact them to tell them to fix it, because I know who it is from the signature (unlike e-mail viruses that could be practically anyone I know). This means that I know when I get e-mail in my inbox, it's worth me looking at.
Unexpected e-mails are still an issue, and may get lost, but frankly that happens anyway (I get somewhere over 200 spam per day, only a couple of dozen of which make it through enough filters for me to even glance at the subject line).
Filtering could be multi-stage, too; regular inbox for trusted people, a secondary inbox for people who I have been introduced to (for example, by a mailing list), then signed but unrecognised, and then everything else.
From TFA:
I use Exim4 as a pre-processor for a GroupWise system.
This allows me to reject messages during the SMTP connection (no receive and then bounce back) and I have customized the rejection messages to include my phone number. As long as YOUR email admin handles error messages in any sane way, you'll get a phone number to call and talk to the guy who set up the system that rejected your email. I get a call about every other month now.
The real problem is not "aggressive anti-spam/virus measures".
It is that 80%+ of the inbound connections are spam-related. So just about ANY action taken will reduce the amount of spam. But the email admins still need to continually evaluate their processes.
We wouldn't have fewer people interested in it, we would just have a million times more bugs or one millionth the number of programs available.
Just because it is more difficult doesn't mean the people attempting it are going to do a better job at it. Flying men into outer space is difficult, just because flying men to Jupiter is a million times more difficult doesn't mean the approach we create will be more successful at it.
If anything, programming needs to be easier, so more people would do it then we could have more solutions to choose from. A parallel brute force approach with selection can produce better solutions for everybody.
I've seen a few folks advocate the pull model for email and say that the burden then rests more on the sender than the receiver. I just don't see it.
I'm a spammer sending as much email to as many folks as possible. What would I rather do: send the message itself (let's say it's 2K), or send tiny receipts for a message (let's say 1/2K or less)? Then when the receivers pull their message I send the 2K message. And if I start to get flooded I dynamically reduce the size to 1K or even less? And if I'm slow, I increase the size to 5K or more (pretty pictures, etc).
I don't have to store the content - I can just generate it dynamically. And I can even send a bunch of receipts and change the spam content over time depending on who is paying me and how effective some spam solution is at any given time.
So, seriously, how does the pull method help? It seems to me that it's worse than push.
That used to be true. postgrey worked great for about 6 months, it no longer does much as the spammers adapted.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
That doesn't help. You still have to sort through the spam. When you waste that time isn't the issue.
The PGP web of trust or a hierarchical PKI solves the spam problem. People will revoke their trust in a key used for spamming, and be much less likely to trust a key from the same person again, and Verisign and other companies will stop issuing certificates to entities that send spam.
Obviously some spam will be generated because it's always necessary for new people to enter the trust network, but ultimately there will form a core group of trust or certificates that never send any spam because they're trusted by people who don't like spam. Getting into that group will require the trust of enough other trusted people as to make spam almost nonexistent.
The problem with the idea is getting enough people into the trusted group to make it effective at both preventing spam and incorporating new legitimate users into the trust group quickly and effectively so they can communicate.
I am inclined white list and then require a Proof of Work to bring any message not on the white list to my attention without error prone automated spam checking. When possible, reject at the smtp level of course to avoid relying on the easily forged headers and provide immediate feedback.
Unfortunately, no Proof of Work authentication systems are available yet.
False, there are multiple standards for signing email. Certificate signatures are only one method, GPG is also used.
A larger concern is that once someone's computer is infected with a spambot you get their key.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
I just implemented on my home email system and it cut spam remarkably. For me, this means somewhere around 10 a week, where I was seeing somewhere around 25 a day.
That's not exactly a solution to the problem. I think we all agree that doing customer support through a web form sucks.
The details are trivial and useless; The reasons, as always, purely human ones.
Let's not forget that using firefox with FireGPG you can sign anything, including a forum post (although the lameness filter will, of course, filter it out so it doesn't work so you'll have to use a site less lame than slashdot if you want to sign your comments. It also has gmail integration, which works very nicely thank you.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"