Blacklisted - removal?

Dan Mahoney, System Admin danm@prime.gushi.org
Wed Mar 1 21:32:43 UTC 2006


On Sun, 26 Feb 2006, Vernon Schryver wrote:

> http://www.fortinet.com/news/pr/2005/pr121305.html
> now says
>
> ]FortiMail 2.2 firmware adds the following to FortiMail systems:
> ]
> ]    * Enhanced Spam Detection: Includes the following email content
> ]     inspection features that bring antispam detection accuracy up
> ]     to 97 percent.
> ]	  o Checksum Blocklist: Integrates with Fortinet's FortiGuard
> ]	   Antispam Service, which inspects all content within an
> ]	   email, including attachments and graphics, and applies a
> ]	   checksum against the content to determine whether it is spam.
> ]	  o Greylist: Checks "reply to," "from" and "IP" headers
> ]	   for new email senders that FortiMail does not recognize
> ]	   and delays response to suspicious email servers to determine
> ]	   the legitimacy of the sender.
> ]	  o Heuristics: Includes more than 600 rules that are indexed
> ]	   by a heuristics filter to inspect and score all parts of
> ]	   an email for spam characteristics.
> ]	  o Spam URI Real-time Blocklist: Monitors Universal Resource
> ]	   Identifiers (URIs) that are embedded in emails as another
> ]	   content-based technique to detect spam.
>
> There are several ways to get those features, but only one I know
> involves streams of mostly valid but some malformed DCC/UDP/IP packets
> sent to the public DCC servers.

For some reason I find this shocking, but not surprising, if you can 
follow the difference.  After all, a goodly number of other firewalls have 
done little more than take advantage of several opensource products 
(Linux, Snort) -- so it's no surprise that what's above could be 
DCC/SpamAssassin/Razor/Pyzor at all to me.

The thing that confuses me, and I ask this only from an interest point of 
view, not debate -- is why would the software deliberately send malformed 
packets?  I.e. why make it more obvious they're bending the clearly stated 
rules?

Clearly these geniuses have read the license, and have decided 
somehow to circumvent it -- and my expectation is that if in fact you've 
done the PR-unfriendly thing and filed the appropriate cease and desists, 
you're not at liberty to discuss them anyway.

-Dan

--

"Your future hasn't been written yet; no one's has.  So make it a good
one!"

-"Doc" Emmet L. Browne, Back to the Future III

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.