[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: forgeries increasing

From: Bob Proulx
Subject: Re: forgeries increasing
Date: Thu, 31 Jan 2008 17:11:18 -0700
User-agent: Mutt/1.5.13 (2006-08-11)

Karl Berry wrote:
>     I think spammers are ramping up their attacks.  
> I'm not actually sure it's much different than it's been; maybe we're
> just noticing more.

Spammers are now subscribing to post.  Spammers are now using bits of
recent postings as cover for their payload content.  Spammers are now
forging recent poster addresses.  Those are new (but expected) attacks
which have not previously been seen.

> I say that because these "advanced" attacks are apparently coming
> through Usenet.  Well, until perhaps a year ago, every Usenet post
> automatically sailed through mailman with zero moderation or
> anything else.

True.  I have never liked the news to mail gateway specifically
because of the potential for abuse.  But it was definitely worse by
letting it all through without any gate.

>     1. *ALL* mail would need to be moderated.  Currently subscriber email
> That's utterly untenable!

Agreed.  Now you know why I am making noise about this.  I am not
saying that the sky is falling.  I am saying that people need to
steele themselves to the possibility that the sky is not guarenteed to
remain where it has been and might fall.  The environment is changing.
People need to be thinking about alternatives.

> One thing that I do think would help is for mailman to show not just the
> sender and subject, but also the first couple of (non-quoted) lines of
> the message.  It's equally untenable to examine each and every held
> message.

Yes.  Many such improvements would be nice.

> Anyway, all kinds of things could be done, as you write, but are the
> mailman developers working on anything?  I hope so, but I don't know and
> don't have a good enough grasp on anything to bring it up with Barry et al.

Some months ago I was motivated to read through the mailman list
archive and it looked to me that all development on 2.x had been
frozen and new features were slated for the 3.x series.  However the
3.x series was going to be a radical new architecture and a complete
rewrite.  As such things were not in a condition to think about adding
new features to 3.x because it was in the vapor state and not yet
substantially implemented.  That is my memory of things and may be
completely incorrect so read with caution.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]