[unisog] Phishing targeting University Admissions

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Jun 17 17:31:16 GMT 2004


On Wed, 16 Jun 2004 20:20:54 CDT, Eric Pancer <epancer at security.depaul.edu>  said:

> Check out the Internet Mail 2000 project page. The project seems
> rather defunct, but it addresses the requirements that folks have
> been discussing in this thread, and isn't all too bad (given the
> direction we are going with filters filtering so much mail, etc).
> 
> <http://cr.yp.to/im2000.html>

Umm.. I already mentioned that one (or that class of solutions. ;)

You end up with *all* your mail being reduced to a body that looks like:

---
You got new mail, go to http://....../long-random-url to pick it up.
---

mm.. doesn't that look just so spammy?? ;)

So, in the morning, instead of picking up all the mail from MY server, I get to
download 500 tiny notification files. - and then contact the server for each
note.

1) Timeouts - If the remote server was on the net when it sent the
notification, it could have sent the whole note *then*.  This means that for
*every* piece of mail that's on a server that's down *now*, I end up with a
basically useless note that I have to retry later to find out what, if
anything, it was about.

2) Instead of being able to do all the virus and spam scanning in the
background at our central mail server, that now has to happen at download time
(because not enough info is available in the notification).

3) This does *zero* for spam, worm, and viruses - If there's enough info in the
notification to bounce the spam, there was enough info in the MAIL FROM/ RCPT
TO to bounce the spam, so we're not making any gain there.  Anything further,
you still have to download it and examine it.  The only thing you've done is
moved that closer to the actual read time.

4) It has the usual "Sure, this *might* be nice, but it doesn't do any good
until a majority of sites are using it, and nobody will deploy it if nobody's
using it". Never underestimate the problems of bootstrapping a new service to
usable levels....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040617/2ad8bc37/attachment-0004.bin


More information about the unisog mailing list