|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Feasability of E-Mail Laundering Service
From: Adrian von Bidder (avbidder
fortytwo.ch)
Date: Wed May 25 2005 - 02:09:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wednesday 25 May 2005 05.58, Lorrie Wood wrote:
> A friend of mine has an account with an ISP whose spam filtering isn't
> as good as mine. What I want to do (with her complete permission) is to
> run a mail laundering service: I pick up mail from her ISP, process it
> through my postfix et al, and deposit it into an account on my machine.
The big problem with spam filtering like this is: at the time where the
filtering occurs, you have already received the spam. So, your
alternatives are:
- tag it (and file it into a spam folder.) The only sane way, imnsho - but
obviously the big disadvantage is that the user still sees the spam and has
to look through it to make sure nothing non-spammy gets deleted because it
was tagged as spam for some reason.
- bounce it back to the sender. While some people unfortunately still do
this, this is the worst thing you can do. The sender address on spam mails
is almost always faked, so you're bouncing spam to innocent bystanders.
- delete it. While this apparently solves the problem, you occasionally
*will* have a non-spam message which gets deleted because it looked like
spam. For me, the possibility of deleting a non-spam mail is inacceptable
- email currently is a quite reliable tool, and I want to keep it that way.
Summary: the only reasonable thing you can offer your friend is to run the
mail through spamassassin/dspam/whatever and file the spam into a folder of
its own.
(NOTE: contrary to spam, trojans/viruses can be recognized with virtually no
false positives, given a decent scanner, so silently deleting trojans can
be reasonable - at least until the next malware pops up which attaches
itself to legit payload.)
cheers
-- vbi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
iKcEABECAGcFAkKUJLhgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw
NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6FhoAnjDcBpGI07CdvhN3bwLQYW1E
fbb1AJ9bBV4XpfqU3DdJjgWENbU3N18EAQ==
=JbwV
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]