EMBARRASSING TO THE LIST: Re: *WARNING* Your EmailAccount Will Be Closed

[Kern, Tom]

I'm subscribed to the postfix and spamassassin mailing lists and they are closed.
I think those 2 lists have a lot to do with email.

This is the only list i'm on that got hit by that german spam bot..

maybe you shouldn't discount every option to filter spam as "not worth the effort" or "they can get around it somehow".

you'd be surprised at how far just basic checks and filters can go..




Marco Colombo wrote:
> On Tue, 2005-05-31 at 09:59 -0400, Joseph Brennan wrote:
>> 
>> --On Tuesday, May 31, 2005 11:47 AM +0200 Marco Colombo
>> <marco at esi.it> wrote: 
>> 
>>> Server-side global content-based filtering is silly, unless of
>>> course it's your (private) server. Users are expected to do their
>>> own filtering, otherwise they're exposed anyway. Server-side
>>> filtering (on public servers) is just false sense of security.
>> 
>> I strongly disagree.  Users just want spam to go away.  They do not
>> want to configure filters.  They're not very good at it either: they
>> usually just add the sender address to a blacklist, and that does
>> almost nothing for them.  It's not a security issue.  It's annoyance
>> reduction. 
> 
> Configure? Manual blacklisting? What are you referring to?
> 
> I've being using both Evolution and Thunderbird, and both filter SPAM
> (and thus most viruses of course) like a charm, and I've configured
> nothing. All I have to do is to hit 'Junk' instead of 'Delete' (like I
> used do to before having any filter) on spam. Once in a while, I
> quickly look at the Junk folder, and very rarely recover a false
> positive. No configuration needed at all.
> 
> Anyway it seems we have a different meaning for 'users'. If you mean
> employees of a company, well for sure they'll get filters on their
> (company) server. If you mean customers of an ISP, they may get
> filtering as well (but I'd prefer marking, or storing to a special
> folder, instead of silently dropping).
> 
> My point being: the purpose of the mailing list software is not to
> provide a safe email service to 'customers' or 'employees'. That's
> someone else's job. The software might place restrictions (on message
> size, attachments, and so on) but it's only to enforce _list_
> policies, not end-user security (or comfort). For example, a list
> with 100,000 subscribers may sensibly avoid forwarding 10MB in a
> single message. But that's another matter.
> 
>> If this list could possibly restrict posting to subscribers that
>> would go a long way.  That is pretty routine for lists.
> 
> And pretty useless. Address forging can be easily automated. More than
> 1/2 of the spam I see on our servers already forges the sender
> domain. A nice fraction of it learned how to forge our staff's
> address already, so I got some forged messeges telling me that _I_
> have locked my own account down, for example.
> 
> As for it being 'routine', I'm currently subscribed to about 20 lists,
> and only 2 of them are subscribers-only. Not surprisingly, both have
> nothing to do with e-mail software.
> 
> IMHO, any list that aims at random users (info, bug reports, and so
> on), should minimize the annoyance of posting a single message. It
> may be different for -devel or SIGs lists, tho.
> 
> .TM.


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html