Dictionary Attack Help?

(PeteCresswell) wrote:
> Per Jeff:
>> Frankly I wish ISPs would do something about their mail policies. From
>> all the bandwidth it eats you'd think they'd have an incentive.
>
> Earthlink seems to have adopted a challenge-response system.
>
> All the people who seem to know say it's a very bad idea, but,
> unencumbered by any technical knowledge, I've got to wonder: if
> everybody did it, wouldn't spamming become a thing of the past,
> since the payoff would drop to zero?

As soon as enough ISP's institute such a system, someone will break it.

From what I understand, the images in some of the CAPTCHA systems have
already been broken.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex.DeleteThis@attglobal.net
==================
 >> Stay informed about: Dictionary Attack Help? 

On Sat, 27 Oct 2007 11:37:07 -0500, Ben C put finger to keyboard and
typed:

>On 2007-10-27, Beauregard T. Shagnasty <a.nony.mous.RemoveThis@example.invalid> wrote:
>[...]
>> When did spammers start removing emails from their lists?
>
>There is/was an anti-spam approach that consisted of refusing (whether
>it was a DENY or a bounce I don't know) _all_ emails the first time
>around. Apparently the spambots don't bother to resend, but proper
>email servers do. Once it has been resent then you whitelist it.
>Something like that anyway.

It's called greylisting. The way it works is that the first attempt is
neither accepted nor denied; instead, the receiving server returns a
"temporarily unavailable" response (exactly the same as it would do if
it was suffering some kind of fault or inability to accept mail, such
as a full disk). A correctly configured sender system will simply
store the mail it's trying to send and retry a bit later - typically,
it will wait an hour before a second attempt. On the second attempt,
the receiving system will recognise that it's a second attempt to send
the same mail and accept it this time round.

As a method of reducing spam it's very effective, because most spam
systems don't bother storing and resending mail if it doesn't get
through the first time. That's because the economics of sending spam
rely on sending very large quantities of email messages as quickly and
cheaply as possible without really caring what happens to them after
they're sent; if the spam senders had to use systems that can handle
transient errors then the costs of sending spam would rise
considerably. The downside of greylisting, though, is that it will not
only reduce spam but it also means you won't get mail from any
"normal" sending system that happens to not be correctly configured to
handle recipients with temporary errors. And there are, unfortunately,
quite a lot of those - even some large ISPs often can't configure
their mail systems correctly.

Mark
--
Blog: http://Mark.Goodge.co.uk Photos: http://www.goodge.co.uk
"Love is a precious thing, worth the pain and suffering"
 >> Stay informed about: Dictionary Attack Help? 

Scott Bryce wrote:
> (PeteCresswell) wrote:
>
>> Earthlink seems to have adopted a challenge-response system.
>>
>> All the people who seem to know say it's a very bad idea, but,
>> unencumbered by any technical knowledge, I've got to wonder: if
>> everybody did it, wouldn't spamming become a thing of the past,
>> since the payoff would drop to zero?
>
>
> Spamming may stop, but there would be other problems.
>
> I have an automated script that sends out about 20 emails each night.
> These emails are informing subscribers to my site that their
> subscriptions are about to expire.
>
> When I get emails from Earthlink asking me to identify myself as the
> sender of the emails, I don't know if the email in question is one of
> the emails sent out by my script, or a spam email with my return address
> spoofed in the headers.

Lovely.

Earthlink has consistently made SPAM someone else's problem. At first
they ignored it then they institute changes that cause others grief.

I suppose Eartlink doesn't bother to check if you have a SPF.

As long as there is no system to check for forged headers (and
retribution for those caught forging) SPAM will never be controlled.

I don't trust anything Earthlink does... (my ISP BTW, but not my POP).

Jeff
>
> I suppose if there was no spam, I would know that the emails were legit
> (or some spammer is counting on me coming to that conclusion) but I
> would still have to go the Earthlink's site and type in that string of
> illegible letters and numbers.
 >> Stay informed about: Dictionary Attack Help? 

Per Jeff:
>
> As long as there is no system to check for forged headers (and

What about some scheme for authenticating sender's addresses?

My understating is that it's not possible under Internet 1.0
today - but might authenticated addresses be some kind of option
under the next version of the IP protocol?
--
PeteCresswell
 >> Stay informed about: Dictionary Attack Help? 

(PeteCresswell) wrote:
> Per Jeff:
>> As long as there is no system to check for forged headers (and
>
> What about some scheme for authenticating sender's addresses?
>
> My understating is that it's not possible under Internet 1.0
> today - but might authenticated addresses be some kind of option
> under the next version of the IP protocol?

That would be great, and it's been proposed in the past. But the
problem is getting everyone to move to the new protocol.

It's hard enough getting people to move to ipv6!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex.RemoveThis@attglobal.net
==================
 >> Stay informed about: Dictionary Attack Help?