Sign in / up

back to article Boffins pen 'Guide to better spamming'

Ignoring the manual and keeping your 'bot nimble are some of the tips a quartet of security researchers have recommended to help spam reach inboxes more effectively. The recommendations were some of the findings in studies by a research group into the relationships between email harvesters, botmasters and spammers and the …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. jai

    But...

    other researchers will take the insights provided in our paper and develop tools to win the battle against spamming

    did it not occur to him that perhaps spammers will take the insights provided in their paper to improve their tools and botnets and allow them to win the battle against the anti-spam systems?

    Or is the assumption that spammers are too lazy to read a research paper - that would seem a little like the security-through-obscurity view

    0 2
  2. Novex

    The problem I have with the paper (which I haven't read by the way, so I accept liability if what I'm about to say is wrong) is that the article and their comment suggests that they haven't come up with any ideas for mitigation of the 'improvements' for spamming they have proposed, which if they were decent folk, they would have at least tried to do.

    1 1
    1. BlueGreen
      Reply Icon

      > The problem I have with the paper (which I haven't read by the way

      I don't think you even read the article. Try again.

      2 0
  3. vagabondo
    Flame

    The real weak link

    with e-mail is the refusal of major commercial smtp players to strictly implement the RFCs and best practice. If everyone configured their DNS records (A and PTR), HELO respnses, etc correctly and rejected rather than bouncing (to fraudulent From:/Reply to:), then it would be trivial to block botnets without getting grief for rejecting messages from Messagelabs/Symantec, Gmail/Postini, Microsoft/Hotmail, Schlund/1&1, and all those numpties that place a default/LAN configured MS Exchange server on the Internet.

    The reason for the connivance of major players is probably that there is money to be made in spam filters.

    0 2
  4. Mage Silver badge

    Fraudulent Source?

    How do you decide that?

    I have ONE SMTP server access, my ISP.

    I have 20 or so email addresses on different domains.

    I select appropriate source and reply to, which is hardly ever the domain of my ISP, when sending.

    0 2
    1. PyLETS
      Reply Icon
      Boffin

      Re: Fraudulent Source?

      "How do you decide that?"

      Look up the IP address of the SMTP client sending to your SMTP server, or the last SMTP server in the Received: header chain you trust. If the reverse DNS PTR record indicates it's a dynamic host, reject it. If you're its ISP providing a smarthost for it, rate limit it. If its address is in zen.spamhaus.org reject it. That will get rid of about 95% of spam.

      You can then get rid of another 4% or so using more complex measures such as maintaining your own DNSBL, using Spamassassin, ClamAV, SPF, URLBLs.

      1 0
  5. NoneSuch Silver badge

    The only defense against spammers is the same as any other security threat. Layered protections utilized by an educated user base.

    The educated user is rarer than a unicorn, but every now and then I do meet one.

    0 1
  6. F0rdPrefect

    Luckily the mail lists

    sold at the first stage are, if the stuff that ends up in my spam traps is anything to go by, not so much harvested as made up.

    Very little spam arrives to my domains actually addressed to me, but lots to names that have never been anything to do with my domains.

    So it looks like the list compilers are conning those buying from them.

    Isn't it a pity that there are so many crooks out there?

    0 0
This topic is closed for new posts.

Other stories you might like