<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: automated spam detection


On Wed, 17 Feb 1999, Xlink Abuse Task Force wrote:

> Ragnar Lonn wrote:
> > > The point about legitimate mailing lists is still a problem though...
> > > 
> > 
> > Mailing lists, and other forms of approved bulk-mailing, would have
> > to be specifically excluded. They are a problem but might not be a big
> > problem. 
> > 
> >   /Ragnar
> 
> Just try and stop spammers from using faked headers. Then there really is
> no big problem. There is no difficulty in faking some From: an To: lines.
> 

No I know. But you can configure your filter to accept e.g. mail
that has "" *and* that was received from
"postman.ripe.net". That would at least make it slightly more difficult
for a spammer to fake that they are a mailing list.

> Even if we say that legal mailing-lists should have some kind of 
> 'authoritative mailserver' to originate from, spammers won't have any 
> problem to fake a receipt-from: line and inject their spam via a poorly
> configured mailserver :-(
> 

You shouldn't look at Received headers but at what host delivered
the mail to you. Most list servers deliver messages directly to the
recipients (e.g. LISTSERV with LSMTP) or through a single mail host
on their system. It shouldn't be too hard to associate most list servers
with a single SMTP server that delivers the messages to the list
members.

Also, one could lobby listserver-programmers to implement digital
signatures in outgoing mailing list messages so it'd be easy to
confirm that a certain mailing list server actually originated a
certain message.

  /Ragnar





<<< Chronological >>> Author    Subject <<< Threads >>>