Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

trusted mailing list subscriber spam

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


jidanni at jidanni

May 8, 2008, 10:19 AM

Post #1 of 12 (226 views)
Permalink
trusted mailing list subscriber spam
Odd how mailing lists that don't obfuscate addresses don't see more
trusted mailing list subscriber spam.

All a spam program would have to do is say "bob[at]example.com posts lots
to that list. His address must be a trusted subscriber. Well, here's
one more post from him, muhahaha."

OK, I suppose that would be caught by SPF rules etc., if bob likes SPF.


me at junc

May 8, 2008, 1:37 PM

Post #2 of 12 (218 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
On Thu, May 8, 2008 19:19, jidanni[at]jidanni.org wrote:

> OK, I suppose that would be caught by SPF rules etc., if bob likes SPF.

what are you talking about ?, to score email addresses found on maillist a bit
negative since it looks like none spammy human ?


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098


iaccounts at ibctech

May 9, 2008, 5:52 AM

Post #3 of 12 (208 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
> All a spam program would have to do is say "bob[at]example.com posts lots
> to that list. His address must be a trusted subscriber. Well, here's
> one more post from him, muhahaha."

If "Bob" posts a lot to a list(s) and is respected within said list(s),
then the other subs of that list will immediately recognize by the tone
and the writing style of a fake message that it wasn't Bob that sent it.

> OK, I suppose that would be caught by SPF rules etc., if bob likes SPF.

Not all mail systems actually block upon SPF breakage...

Steve


jidanni at jidanni

May 10, 2008, 6:07 PM

Post #4 of 12 (197 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
>> All a spam program would have to do is say "bob[at]example.com posts lots
>> to that list. His address must be a trusted subscriber. Well, here's
>> one more post from him, muhahaha."

SB> If "Bob" posts a lot to a list(s) and is respected within said
SB> list(s), then the other subs of that list will immediately recognize
SB> by the tone and the writing style of a fake message that it wasn't Bob
SB> that sent it.

Yes, but I'm talking about having spamassassin do the recognizing before
it reaches the humans. OK, that means some training for what each
trusted subscriber's message usually looks like. I have an idea: let's
discuss this complicated question at some other time.

>> OK, I suppose that would be caught by SPF rules etc., if bob likes SPF.

SB> Not all mail systems actually block upon SPF breakage...

BP> what are you talking about ?, to score email addresses found on maillist a bit
BP> negative since it looks like none spammy human ?

All I know is that I don't use SPF anymore for my domain as there are
just too many problems... e.g., forwarded messages.


me at junc

May 10, 2008, 11:12 PM

Post #5 of 12 (193 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
On Sun, May 11, 2008 03:07, jidanni[at]jidanni.org wrote:

> All I know is that I don't use SPF anymore for my domain as there are
> just too many problems... e.g., forwarded messages.

and you usely dont know where you forwards going from, :/(

come on, please :-)


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098


mouss at netoyen

May 11, 2008, 1:39 PM

Post #6 of 12 (191 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
Benny Pedersen wrote:
> On Sun, May 11, 2008 03:07, jidanni[at]jidanni.org wrote:
>
>
>> All I know is that I don't use SPF anymore for my domain as there are
>> just too many problems... e.g., forwarded messages.
>>
>
> and you usely dont know where you forwards going from, :/(
>

unless you receive spam from his domain, you have nothing to say. if you
have a problem with forwarding, contact the IETF. In the mean time,
please stop your SPF crusade.
> come on, please :-)
>

$ host -t txt junc.org
junc.org descriptive text "v=spf1 ip4:80.166.47.252/30
ip4:80.166.75.16/29 ip4:77.232.64.0/19 +all"


a +all and you are annoying us about forwarding and SPF?


me at junc

May 12, 2008, 2:07 PM

Post #7 of 12 (185 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
On Sun, May 11, 2008 22:39, mouss wrote:

> a +all and you are annoying us about forwarding and SPF?

he, i have +all and forward nothing :)

stop annoying me that spf cant be used


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098


uhlar at fantomas

May 13, 2008, 6:19 AM

Post #8 of 12 (176 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
> On Sun, May 11, 2008 22:39, mouss wrote:
>
> > a +all and you are annoying us about forwarding and SPF?

On 12.05.08 23:07, Benny Pedersen wrote:
> he, i have +all and forward nothing :)

it's not about what do you forward, it's about others forwarding your
e-mail (without rewriting mail from: which is a bad thing).

> stop annoying me that spf cant be used

Don't wonder if anyone will reject or flag your e-mail because havinr "+all"
in SPF

--
Matus UHLAR - fantomas, uhlar[at]fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them


mouss at netoyen

May 13, 2008, 12:14 PM

Post #9 of 12 (175 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
Matus UHLAR - fantomas wrote:
>> On Sun, May 11, 2008 22:39, mouss wrote:
>>
>>
>>> a +all and you are annoying us about forwarding and SPF?
>>>
>
> On 12.05.08 23:07, Benny Pedersen wrote:
>
>> he, i have +all and forward nothing :)
>>
>
> it's not about what do you forward, it's about others forwarding your
> e-mail (without rewriting mail from: which is a bad thing).
>

and more importantly: about others being able to reject mail claiming to
be from his domain but coming out of faraway clients.
>
>> stop annoying me that spf cant be used
>>
>
> Don't wonder if anyone will reject or flag your e-mail because havinr "+all"
> in SPF
>
>

exactly.


me at junc

May 13, 2008, 12:29 PM

Post #10 of 12 (175 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
On Tue, May 13, 2008 15:19, Matus UHLAR - fantomas wrote:

> Don't wonder if anyone will reject or flag your e-mail because havinr "+all"
> in SPF

yes i need to implement srs to fix it better ?

come on, srs and +all it imho the same seen to the recipient

diff is that i dont use srs installed anywhere

fact:
v=spf1 +all < this is bad !
v=spf1 mx +all < this is not

if admins see them as equal, blame them


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098


uhlar at fantomas

May 13, 2008, 2:09 PM

Post #11 of 12 (175 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
> On Tue, May 13, 2008 15:19, Matus UHLAR - fantomas wrote:
>
> > Don't wonder if anyone will reject or flag your e-mail because havinr "+all"
> > in SPF

On 13.05.08 21:29, Benny Pedersen wrote:
> yes i need to implement srs to fix it better ?

no, forwarders need to.

> come on, srs and +all it imho the same seen to the recipient

it's not, they are much different.

> diff is that i dont use srs installed anywhere
>
> fact:
> v=spf1 +all < this is bad !
> v=spf1 mx +all < this is not
>
> if admins see them as equal, blame them

spammers will use whatever they'll see people don't catch.
you just told all spammers to use "mx +all" in SPF records for their domains
to be able to use them for world-wide spamming
--
Matus UHLAR - fantomas, uhlar[at]fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...


me at junc

May 13, 2008, 2:21 PM

Post #12 of 12 (175 views)
Permalink
Re: trusted mailing list subscriber spam [In reply to]
On Tue, May 13, 2008 23:09, Matus UHLAR - fantomas wrote:

> spammers will use whatever they'll see people don't catch.
> you just told all spammers to use "mx +all" in SPF records for their domains
> to be able to use them for world-wide spamming

basic score in spf is olso very low pr default, one still have to
whitelist_from_spf if recipient agre this domain does not send spam


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.