[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] spam

To: Paul Koning <pkoning@equallogic.com>
Subject: Re: [Ipsec] spam
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 07 Jun 2004 11:38:40 -0400
Cc: ipsec@lists.tislabs.com, ynir@netvision.net.il
In-reply-to: <16580.30484.622649.604495@gargle.gargle.HOWL> (Paul Koning'smessage of "Mon, 7 Jun 2004 10:09:24 -0400")
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <87pt8fysjy.fsf@snark.piermont.com><6B5C5093-B7DF-11D8-8E09-000393AD410A@netvision.net.il><877juknh3b.fsf@snark.piermont.com><16580.30484.622649.604495@gargle.gargle.HOWL>
Sender: ipsec-bounces@ietf.org
User-agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (berkeley-unix)


Paul Koning <pkoning@equallogic.com> writes:
>  Perry> However, those of us who run mailing lists find that although
>  Perry> anyone "can" forge a list member's address, it is almost
>  Perry> unheard of that it actually happens. Restricting my lists to
>  Perry> subscribers only has eliminated 100% of the spam going to
>  Perry> them.
>
> That certainly would not be true for the IPsec list -- I've looked
> over enough IPsec message headers to say that.  FOr IPsec, the
> percentage of forged addresses is clearly quite large.

Not if you exclude viruses. The amount of spam from forged addresses
is nil -- the virus activity is separate.

However, the viruses are trivially blocked with a rule matching a
regular expression like this:

/^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat|chm|cmd|com|cpl|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|rar|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh|zip)/

My machines block all email matching that regexps and as a result I
see no viruses at all.

-- 
Perry E. Metzger		perry@piermont.com

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- Re: [Ipsec] spam
  - From: Chris Trobridge <chris.trobridge@aepsystems.com>

References:
- [Ipsec] spam
  - From: "Perry E. Metzger" <perry@piermont.com>
- Re: [Ipsec] spam
  - From: Yoav Nir <ynir@netvision.net.il>
- Re: [Ipsec] spam
  - From: "Perry E. Metzger" <perry@piermont.com>
- Re: [Ipsec] spam
  - From: Paul Koning <pkoning@equallogic.com>

Prev by Date: [Ipsec] Re: Document
Next by Date: Re: [Ipsec] Qos issue related to rfc2401bis
Previous by thread: Re: [Ipsec] spam
Next by thread: Re: [Ipsec] spam
Index(es):
- Date
- Thread