Chronology Current Month Current Thread Current Date
[Year List] [Month List (current year)] [Date Index] [Thread Index] [Thread Prev] [Thread Next] [Date Prev] [Date Next]

[Phys-L] Re: spam blocking programs



Matt Coia wrote:
Sorry to anyone who gets a message from me to verify their existence as
real humans and not spam agents. Unfortunately, this new blocker doesn't
let me verify everyone from the list at once or the list in general.

That's your problem, not mine.

Once you are verified, then it trusts you from then on.

... all you need to do is hit reply and send...done.

That's remarkably silly. That's almost as unhelpful and unwise as some
of the stuff the TSA does.

Almost by definition, a criterion for a good security system is that
it impose a large burden on the bad guys and a small burden on the good
guys. The system described above fails this criterion.

Tell me, what is the conditional probability that a bad guy can figure
out how to automatically hit "reply" ... conditioned on the fact that
in order to subscribe to the list they have already replied to the
list-subscription message?

If anyone has any less
obtrusive suggestions, I'd be happy to hear them.

1) Let's suppose your mailhost is a windows box. Then there are two
possibilities:

1a) You have figured out how to make windows secure. In that case you
are so very much smarter than me that you could not possibly learn
anything from me.

1b) You don't know how to make it secure, yet you are hooking it onto
the internet anyway. In that case you are part of the problem. If
we didn't have people hooking insecure machines onto the internet,
we wouldn't have spam. (Surely you don't think spammers paid for
the machines they're using, do you?) In this case you are so
clueless that I'm not going to waste my time talking to you.

2) Let's suppose you have a clue, and have a BSD or Linux box you are
using as mailhost. Then install spamassassin and clamav. This can
be done in less time than it takes to tell about it. Together, they
provide a very good ROC (receiver operating characteristic), i.e.
very few false negatives and virtually no false negatives.

If you can't figure out how to do that, you reeeeally shouldn't be
running your own mailhost. Shut down your mailhost and start
getting your mail through gmail or some such.
_______________________________________________
Phys-L mailing list
Phys-L@electron.physics.buffalo.edu
https://www.physics.buffalo.edu/mailman/listinfo/phys-l