Re: automated spam detection
- Date: Wed, 17 Feb 1999 18:25:11 +0100 (MET)
On Wed, 17 Feb 1999, Xlink Abuse Task Force wrote:
> Ragnar Lonn wrote:
> > > The point about legitimate mailing lists is still a problem though...
> > >
> >
> > Mailing lists, and other forms of approved bulk-mailing, would have
> > to be specifically excluded. They are a problem but might not be a big
> > problem.
> >
> > /Ragnar
>
> Just try and stop spammers from using faked headers. Then there really is
> no big problem. There is no difficulty in faking some From: an To: lines.
>
No I know. But you can configure your filter to accept e.g. mail
that has "" *and* that was received from
"postman.ripe.net". That would at least make it slightly more difficult
for a spammer to fake that they are a mailing list.
> Even if we say that legal mailing-lists should have some kind of
> 'authoritative mailserver' to originate from, spammers won't have any
> problem to fake a receipt-from: line and inject their spam via a poorly
> configured mailserver :-(
>
You shouldn't look at Received headers but at what host delivered
the mail to you. Most list servers deliver messages directly to the
recipients (e.g. LISTSERV with LSMTP) or through a single mail host
on their system. It shouldn't be too hard to associate most list servers
with a single SMTP server that delivers the messages to the list
members.
Also, one could lobby listserver-programmers to implement digital
signatures in outgoing mailing list messages so it'd be easy to
confirm that a certain mailing list server actually originated a
certain message.
/Ragnar
