#176142 - 21/08/2003 06:57
the death of e-mail?
|
carpal tunnel
Registered: 30/04/2000
Posts: 3810
|
A friend of mine who runs his own personal .com domain is currently exasperated by the spamming and virus issues. He's got spammers forging messages "from" his domain, generating huge amounts of back-scatter (bounced messages and the like). Add on the volume of crap generated by e-mail viruses, and he's seriously considering pulling the plug. As in "if you want to contact me, call me on the phone".
Are we truly doomed? Is there a hope? Will we be forced to go back to "closed" e-mail systems like Prodigy originally was, where the only way to contact somebody on the inside will be to be an insider yourself? Will DNSSEC, S/MIME and other crypto technologies come to the rescue? Can you imagine yourself configuring your mailer to reject all unsigned messages?
|
Top
|
|
|
|
#176143 - 21/08/2003 07:03
Re: the death of e-mail?
[Re: DWallach]
|
carpal tunnel
Registered: 30/10/2000
Posts: 4931
Loc: New Jersey, USA
|
As in "if you want to contact me, call me on the phone". It will take a lot more than Sobig to make me do that. However, becuase of sh it like this, I decided to outsource me and my office's webhosting a couple months ago. What a relief it is to not have to worry about servers getting hacked, spam relays, etc.
PS- I got infected with Sobig. Thankfully, nobody else in the office did.
_________________________
-Rob Riccardelli 80GB 16MB MK2 090000736
|
Top
|
|
|
|
#176144 - 21/08/2003 08:26
Re: the death of e-mail?
[Re: DWallach]
|
enthusiast
Registered: 20/08/2002
Posts: 340
Loc: Pittsburgh, PA
|
He's got spammers forging messages "from" his domain, generating huge amounts of back-scatter (bounced messages and the like).
Same here, the double bounces are annoying (3740 bounces over the past 12 days). But what really gets to me is the fact that my domain got blacklisted about three times already, even though the Received: headers clearly show that the spam emails did not originate from or were relayed by any of my machines.
The worst of all was the father of a 5 year old that started filling my inbox with hatemail after his daughter got porn spam with a faked from address that made it look like it was coming from my domain.
_________________________
40GB - serial #40104051 gpsapp
|
Top
|
|
|
|
#176145 - 21/08/2003 08:31
Re: the death of e-mail?
[Re: jaharkes]
|
carpal tunnel
Registered: 24/12/2001
Posts: 5528
|
What's a 5 year old doing unattended with her own email account anyway? Anybody who's used the internet for any period of time knows that you'll always get spam and 90% of it is porn.
|
Top
|
|
|
|
#176146 - 21/08/2003 08:40
Re: the death of e-mail?
[Re: tman]
|
pooh-bah
Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
|
Surely 5 year olds have a major requirement for Toner cartridges and viagra like the rest of us??
_________________________
Rory MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi MkII, 240Gb in Mark Lord dock MkII, 80Gb SSD in dock
|
Top
|
|
|
|
#176147 - 21/08/2003 08:48
Re: the death of e-mail?
[Re: DWallach]
|
Anonymous
Unregistered
|
text messaging is the wave of the future
|
Top
|
|
|
|
#176148 - 21/08/2003 08:59
Re: the death of e-mail?
[Re: frog51]
|
carpal tunnel
Registered: 24/12/2001
Posts: 5528
|
Yep. She must be trying to get her accredited diploma from a renown college as well!
|
Top
|
|
|
|
#176149 - 21/08/2003 09:01
Re: the death of e-mail?
[Re: frog51]
|
carpal tunnel
Registered: 24/01/2002
Posts: 3937
Loc: Providence, RI
|
When I was 5 I didn't need my hair back.
|
Top
|
|
|
|
#176150 - 21/08/2003 09:01
Re: the death of e-mail?
[Re: tman]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
|
She may have also accumulated a large amount of debt in those 5 years, and be looking for some way to reduce it.
_________________________
Matt
|
Top
|
|
|
|
#176151 - 21/08/2003 09:05
Re: the death of e-mail?
[Re: Dignan]
|
carpal tunnel
Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
|
It's never too early to start finding financial independence by working from home . . .
_________________________
-Jeff Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.
|
Top
|
|
|
|
#176152 - 21/08/2003 09:09
Re: the death of e-mail?
[Re: JeffS]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
|
Many young girls keep pen-pals. There are lots of people in Nigeria who would like to write to her.
_________________________
Matt
|
Top
|
|
|
|
#176153 - 21/08/2003 09:37
Re: the death of e-mail?
[Re: Dignan]
|
old hand
Registered: 31/12/2001
Posts: 1109
Loc: Petaluma, CA
|
messaging is the wave of the future
Nope I've already gotten span on my phone 4 times.
_________________________
----
Justin Larsen
|
Top
|
|
|
|
#176154 - 21/08/2003 09:44
Re: the death of e-mail?
[Re: justinlarsen]
|
carpal tunnel
Registered: 23/08/2000
Posts: 3826
Loc: SLC, UT, USA
|
Ditto on the SMS spam. I was f'n ANGRY when i got them too... i had believed my cell phone was the one last bastion of non-advertisement ladden communication. Nope.
I'm about to give up email myself. Even with spamcop and spamassassin i still get over 100 spams a day. Having the same email for close to 7 years will do that to ya. I just can't make myself change the address though... it'd be like letting them win.
|
Top
|
|
|
|
#176155 - 21/08/2003 09:51
Re: the death of e-mail?
[Re: justinlarsen]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
|
Hey, I didn't say that
_________________________
Matt
|
Top
|
|
|
|
#176156 - 21/08/2003 09:51
Re: the death of e-mail?
[Re: Dignan]
|
carpal tunnel
Registered: 23/08/2000
Posts: 3826
Loc: SLC, UT, USA
|
us flat mode viewers are always screwing up the threads =]
|
Top
|
|
|
|
#176157 - 21/08/2003 09:55
Re: the death of e-mail?
[Re: loren]
|
journeyman
Registered: 29/07/2003
Posts: 66
Loc: Minneapolis, Minnesota, USA
|
Yeah
I wish you could do the nested-mode that slashcode has. You can see all the posts in full, yet still have thread context.
_________________________
Hello, my name is Bingo. I like to climb on things. Can I have a banana? eek eek.
|
Top
|
|
|
|
#176158 - 21/08/2003 09:57
Re: the death of e-mail?
[Re: loren]
|
carpal tunnel
Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
|
the one last bastion of non-advertisement ladden communication. The Empeg bbs? (except for the VERY rare occurrence)
_________________________
-Jeff Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.
|
Top
|
|
|
|
#176159 - 21/08/2003 09:58
Re: the death of e-mail?
[Re: loren]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
|
I view in flat mode
_________________________
Matt
|
Top
|
|
|
|
#176160 - 21/08/2003 09:58
Re: the death of e-mail?
[Re: cmtempeg]
|
carpal tunnel
Registered: 23/08/2000
Posts: 3826
Loc: SLC, UT, USA
|
YES! THAT would be excellent. I wonder if UBBThreads has any plans for that...
|
Top
|
|
|
|
#176161 - 21/08/2003 11:51
Re: the death of e-mail?
[Re: loren]
|
carpal tunnel
Registered: 30/04/2000
Posts: 3810
|
I just can't make myself change the address though... it'd be like letting them win.
As I've moved from undergraduate to graduate school to my current job, I've left .forward files pointing on to my new address. About two years ago, I killed them because all I was getting through them was spam. Now if you e-mail an old address of mine you get an automatic message telling you to find my new address. That helped a lot, as I used to maintain an FAQ that was widely mirrored through the Usenet FAQ archives, and thus widely spidered by evil spammers.
My frustrated friend is particularly concerned about the brand value he built behind his domain name as a consulting organization. He's actually posted a US$1000 bounty for information leading to successful prosecution of the guy using his domain name. Heaven only knows, the guy may not be specifically picking on him, but might be doing this to everybody's domain names.
So, back to my original question. To all you sysadms out there, if you had a switch you could throw that would make your server reject all e-mail that did not contain a digital signature that correctly tied the e-mail message back to its source DNS domain (perhaps through the use of DNSSEC), and if a simple patch was available for your MTA of choice to sign its outgoing mail in such a fashion... would you be willing to throw the switch?
|
Top
|
|
|
|
#176162 - 21/08/2003 12:03
Re: the death of e-mail?
[Re: DWallach]
|
veteran
Registered: 01/10/2001
Posts: 1307
Loc: Amsterdam, The Netherlands
|
So, back to my original question. To all you sysadms out there, if you had a switch you could throw that would make your server reject all e-mail that did not contain a digital signature that correctly tied the e-mail message back to its source DNS domain (perhaps through the use of DNSSEC), and if a simple patch was available for your MTA of choice to sign its outgoing mail in such a fashion... would you be willing to throw the switch?
Absolutely. But a harder question is "Would you accept mail from AOL"?
|
Top
|
|
|
|
#176163 - 21/08/2003 12:15
Re: the death of e-mail?
[Re: DWallach]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
if you had a switch you could throw that would make your server reject all e-mail that did not contain a digital signature that correctly tied the e-mail message back to its source DNS domain (perhaps through the use of DNSSEC), and if a simple patch was available for your MTA of choice to sign its outgoing mail in such a fashion... would you be willing to throw the switch? No. Incoming mail is more important than outgoing mail, and we have to expect poor support from other users.
In other words, be strict in what you send and lenient in what you receive. (Or whatever words that was originally stated with.)
In addition, I might legitimately send mail from one domain via another domain's server. I, in fact, do that regularly right now, when sending mail from my personal domain address from work.
There are conceivably other options, though, even ones that involve crypto. I just don't think that that's the right solution.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#176164 - 21/08/2003 12:48
Re: the death of e-mail?
[Re: DWallach]
|
carpal tunnel
Registered: 24/12/2001
Posts: 5528
|
Nope. It would prevent a lot of email coming in. If everybody else out there installed the patches however then it would be fine to flick the switch.
At the moment most of the people out there aren't technical enough to care or even know about the problem and how to fix it.
|
Top
|
|
|
|
#176165 - 21/08/2003 13:17
Re: the death of e-mail?
[Re: tman]
|
carpal tunnel
Registered: 30/04/2000
Posts: 3810
|
If everybody else out there installed the patches however then it would be fine to flick the switch.
Okay, now how high a percentage would be enough that you'd stop accepting e-mail from unpatched systems? Keep in mind here that these hypothetical signatures would only amount to a guarantee that the domain in the "from" line was legit. You'd have no guarantee that the user within wasn't forged. However, if you did get spam from one of these things, you'd have some proof of who really sent the spam.
Somehow, the whole world rapidly dropped telnet and rsh and moved quickly to ssh / OpenSSH. As far as I can tell, the big difference is that, if our organization dropped telnet, it only realistically effected our own users. External people were never really counting on telnet to actually log in here. If we dropped traditional e-mail support, then you're breaking things for people who might have legitimately expected to be able to send you mail.
More food for thought: consider the ratio of legit e-mail to spam that you get, either in terms of bytes or number of messages. How low must the signal-to-noise ratio be where it's no longer cost-effective to find the signal among the noise?
|
Top
|
|
|
|
#176166 - 21/08/2003 13:30
Re: the death of e-mail?
[Re: DWallach]
|
carpal tunnel
Registered: 24/12/2001
Posts: 5528
|
Just knowing that the domain is legit is way better than what we've got now. If they're excessive then you can just block the entire domain and just have exceptions for people you want.
The switch over from telnet/rsh to ssh happened reasonably quickly and without incident because as you said it only affected your own users. If they wanted to connect then they would have to get a client or just not connect anymore. Also people that would be using telnet/rsh with your hosts would be authorised users and you'd know who was who and who should have access.
As to the ratio it depends really. For my personal email then an occasional blocked email isn't that important so about 80%-90% correctly delivered really. You could log attempts but you're still wasting time looking through the list to make sure you've not lost anything important.
The difference between personal where lost email isn't major against business where lost email could be lost income is the big point here. I know people that use Hotmail and have the exclusive option set in their spam filter which only allows addresses from the address book to be delivered.
It's an interesting point to make. How much lost email are you willing to put up with to ensure that your spam fighting works?
|
Top
|
|
|
|
#176167 - 21/08/2003 13:37
Re: the death of e-mail?
[Re: frog51]
|
pooh-bah
Registered: 16/06/2000
Posts: 1682
Loc: Greenhills, Ohio
|
I'm sure she also needs penis enlargement like I do
_________________________
Laura
MKI #017/90
whatever
|
Top
|
|
|
|
#176168 - 21/08/2003 13:40
Re: the death of e-mail?
[Re: Laura]
|
addict
Registered: 24/07/2003
Posts: 500
Loc: Colorado, N.A.
|
I think they're betting on wives being the decision-makers on that one.
Hey, we're getting into a pretty weird area here.
_________________________
-- DLF
|
Top
|
|
|
|
#176169 - 22/08/2003 01:36
Re: the death of e-mail?
[Re: tman]
|
carpal tunnel
Registered: 13/07/2000
Posts: 4180
Loc: Cambridge, England
|
The difference between personal where lost email isn't major against business where lost email could be lost income is the big point here. I'd tend to agree, but the other way round. Lost income is no biggie, a company goes down and people move on. And an unanswered business email is usually chased-up anyway. But I've got several valued friendships that narrowed in the past to a single email or snail-mail before expanding again.
It's an interesting point to make. How much lost email are you willing to put up with to ensure that your spam fighting works? Nil.
Peter
|
Top
|
|
|
|
#176170 - 22/08/2003 06:34
Re: the death of e-mail?
[Re: loren]
|
carpal tunnel
Registered: 19/05/1999
Posts: 3457
Loc: Palo Alto, CA
|
Spambayes. I used to use cloudmark (and even subscribed at $2/month) but it was still letting some through. After a week of training, I maybe get 2 a day which it doesn't filter out.
Yes, I still have to check the "possible spam" folder, but after the first week of training I've not found anything non-spam in there.
Strongly, strongly recommended. spambayes.sourceforge.net I think.
Hugo
|
Top
|
|
|
|
#176171 - 22/08/2003 07:57
Re: the death of e-mail?
[Re: altman]
|
carpal tunnel
Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
|
Thanks Hugo, I've been wanting to dump spamnet for a while now.
_________________________
~ John
|
Top
|
|
|
|
#176172 - 22/08/2003 08:27
Re: the death of e-mail?
[Re: altman]
|
journeyman
Registered: 29/07/2003
Posts: 66
Loc: Minneapolis, Minnesota, USA
|
I second using bayes! It works like a charm in most cases.
I host my mail on my personal mailserver and use spamassassin with bayes and network (rbl/checksum) lookups. I'm down to maybe 1 false negative per week.
I've set up exim to use rbls also, which returns a "user not here, go away" result code to the sending mail server that was found in the rbl. With rbl checks, 80% of the spam doesn't even make it to spamassassin. Another 19.9% is easily handled by heuristic checks, checksums and bayes.
I have, however, begun to see attempts to poison the bayes databases by including many random words that aren't typically associated with spam. This is where the heuristics come into play. Usually these emails are a bunch of random words (bayes doesn't think its spam), and a single image, which is an ad. Spamassassin detects most of these, especially when you have the distributed checksum tests like pyzor and dcc turned on.
_________________________
Hello, my name is Bingo. I like to climb on things. Can I have a banana? eek eek.
|
Top
|
|
|
|
|
|