Mods to Fuz2 seem to make it less effective

Brandon Long blong@fiction.net
Fri Mar 7 23:40:17 UTC 2003


On 03/07/03 Vernon Schryver uttered the following other thing:
> > From: Brandon Long <blong@fiction.net>
> 
> > There is a decided difference from the default code allowing -t many, or
> > -t for any number greater than 1 (I guess maybe there is a reason for
> > more than one, but it could be capped at 10 then). 
> 
> (You couln't cap it at 10 for SMTP servers at big ISPs receiving
> mail from big mailing lists.)

Ah, I knew there had to be an actual need to specify more than one.
 
> According to my textbooks, you make security decisions based whether
> attacks are the common case.

But what is the attack?  That some random message might be marked as
spam?  -t many encourages a certain behavior, whereas its lack would
discourage that behavior, but its existence doesn't prevent any attacks.

> > since if someone uses a former account as a spam trap to mark all
> > messages with -t many, and some friend of mine mails that account and
> > me, boom.  So, in effect, the count doesn't matter, it could instead
> > just be "seen already" and the limit case becomes "bulk is anything
> > greater than 1."
> >
> > And yes, the answer to that is whitelists, but in reality DCC's
> > whitelist mechanism is extremely limited, and I don't want to have to
> > whitelist everyone I ever correspond or expect to correspond with.
> 
> Why would you need to whitelist anyone who doesn't send bulk mail?
> How many times have your friends first mailed to an old account of
> yours that has been rewired as a spam trap, received the bounce, and
> then sent a substantially identical copy of the message to you?  If
> that unlikely combination of events has happened, has your friend not
> sent a completely different message asking what's going on?

No, that case hasn't happened.  What has happened is someone on a small
cc list (10 people) marked a message as many by accident.  What has
happened is mail that isn't quite bulk gets marked as such
(notifications, auto-responses, yahoo e-cards, mailman subscribe
confirmation mail).  These things are often
impossible to white-list as a group with DCC, so I resort to procmail.

> > That said, given that I understand this, I chose to use it anyways, but
> > I have to use procmail to actually whitelist things, and I have to
> > periodically check my spam boxes to see if there's anything new I have
> > to add to my whitelist.
> 
> That last sounds necessary no matter what "many" might mean.

True.

Brandon
-- 
 "Of all the things I've lost, I miss my mind the most." -- Ozzy Osbourne
                                           http://www.fiction.net/blong/



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.