|
![](/i/fill.gif) |
On 4/5/2012 6:58 PM, Darren New wrote:
> On 4/1/2012 8:43, Warp wrote:
>> (it broke the 50% mark of all email traversing
>> the internet long time ago)
>
> It broke the 90% mark a long time ago.
>
> > twharts any kind of comprehensive automatic
>> traffic analysis of email (or at least makes it impractical and
>> expensive).
>
> Classifying spam isn't difficult. It's just that ISPs don't want to
> carry 10x as much email data as they need to, and it's hard to track
> down the source.
>
They could go a long way by changing the protocol so you can't "fake"
the source, and the tracking, with respect to how it got there, is kept,
and correctly reported, so that, even if you changed the supposed start
point, somehow, it would be more obvious that the source, as it
traversed the network, wasn't the source being reported. Half the time
email systems consider this information "inconvenient" and actually make
it hard, or impossible, to even look at, never mind actually tell you
that there is a discrepancy of any kind.
If the thing comes from a proxy, its obviously not from where ever it
was sent from in reality. Might need some rules on whether its legal for
the proxy itself to misrepresent itself as a) not in the chain, or b) a
different source. But, once it leaves the proxy, there is still, in
principle, a way to trace back the address, to the server it claims to
come from, thereby finding that there is no way in hell the trace in the
email's own path could match with the claimed source (but, that would
require an automatic traceroute, and even doing that, from some
machines, won't work in cases like Windows, where generating the packets
needed in anything other than the control paths is **not allowed**, as a
possible detected exploit, and where your ISP, modem, or something else,
is denying those control commands).
But, yeah, its hardly "impossible" to at least figure out where the hell
it comes from, and probably easier to use something like that, to ferret
out new "bad" messages, than all the stupid assed, "Lets look at the
content, then panic when legit mail contains X formating, and Y list of
keywords!!!" Hotmail has flagged legit stuff on me, for example, once a
week, at times, as "possibly dangerous", yet, at almost as much of a
regular basis, it has failed to flag idiots trying to cell me viagra...
And, while they suggest to leave the bad emails in there, to better
handle new bad ones, if you have a good one end up in the trap, you can
miss it in "page after page" of invalid ones, simply because having one
good email, on the 50th page, or 800 actual spam messages... really
isn't a viable solution. Its almost better, if you have fairly low
volume, to turn the damn spam trap off, and just delete them yourself.
Post a reply to this message
|
![](/i/fill.gif) |