[Dshield] Where should you start - I'll wrap it myself

Miles Stevenson miles at mstevenson.org
Wed Apr 7 21:20:41 GMT 2004


> If you are an Outlook/Outlook Express user, there is software available
> (free) which will auto-report spam for you to spamcop.   You just set it to
> monitor the folder in which your message rules tag as spam and deposit the
> incoming mail. Reporting helps maintain the block lists and multiple
> reports end the usefullness of a compromised machine is very short order.

I'm curious to know what software you are describing, as I highly recommend 
AGAINST using such software. 

Unfortunately, blacklists such as SpamCop have poor or sometimes non-existant 
checks for false positives when spam reports are submitted. The outcome is 
that anyone can blindly report domains and/or mail systems as "spammers" to 
SpamCop; they are automatically blacklisted and notified that they have been 
tagged as spammers. This can be quite a pain for legitimate mail domains to 
get blacklisted without just cause. Automated methods to "deduce" the 
legitimacy of email is nowhere near as accurate as it needs to be for such 
systems to work correctly. 

End users often mis-interpret legitimate email as spam. To think that 
thousands of end users are running an automated blacklist software plugged 
into Outlook makes my insides churn. 

I hope that any mail administrator would reconsider the use of SpamCop or 
similar blacklists that don't check for false-positives, as well as Outlook 
clients that send such reports automatically. The risk of DoS attacks on this 
kind of implementation are too great for this to be viable.

Miles Stevenson
miles at mstevenson.org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63

More information about the list mailing list