From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,103b407e8b68350b X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-01-07 10:49:58 PST Path: archiver1.google.com!news1.google.com!sn-xit-02!sn-xit-06!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: [off-topic] spam-filters Date: Tue, 7 Jan 2003 12:49:47 -0600 Organization: Posted via Supernews, http://www.supernews.com Message-ID: References: <3E147D79.2070703@cogeco.ca> <4519e058.0301031434.51a0c880@posting.google.com> <81NR9.112823$Y86.60750@news2.central.cox.net> <1ciS9.217$Z74.1099@dfw-service2.ext.raytheon.com> X-Newsreader: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3719.2500 X-Complaints-To: abuse@supernews.com Xref: archiver1.google.com comp.lang.ada:32692 Date: 2003-01-07T12:49:47-06:00 List-Id: Ted Dennison wrote in message ... >Randy Brukardt wrote: >> Actually, most spam these days are short HTML messages with little or no >> text. There isn't much load on the server from them. Simply blocking >> HTML graphics gets rid of many of them. > >That's right. So are many of the newer email viruses. One nasty thing >about the HTML messages is that they often contain 1 pixel images, whose >only purpose is to serve as a trojan to get your email tool to hit their >website, so that they know they've got a good address. Another really >nice thing about the Mozilla mail tool is that it lets you disable >picture references in email, along with Java and Javascript (all of >which I've done). Better still is to block all HTML out-of-mail references at the server. Then stuff like the Outlook preview pane can be used safely. I block all mail with scripts, images, frames, applets, and the like at the server. It goes into a quantine folder, which I periodically forward the occassional message I have to see. The folder is browsed by a text-only tool, so it's safe to look at the messages. >If you want, you can also set the browser to not fetch pictures from >separate servers, or from your own blacklist of servers, which can get >rid of a lot of banner adds. I don't do that (my favorite websites have >to pay the bills, after all), but some folk do. The option's yours. Yes, that would be helpful sometimes. I'd really like to be able to block Flash and crap like that at the browser. However, I'm purposely sticking to an old browser in order to be able to compatibility test pages we create. So changing the browser is not an option. >> Also, a lot of spam is now >> encoded in various ways so that simple text filters can't find them. >A baesean filter would almost certianly catch such things, unless its >somehow worded to look exactly like your normal correspondence (in which >case, *you'd* have trouble noticing the difference too). However, >because of the need for personal guidance, it isn't really appropriate >for server-side filtering like you were talking about (unless you have a >1 person server, or don't mind someone reading everyone else's mail). >See http://www.paulgraham.com/spam.html for details on how it works. A baesean filter wouldn't even see the mail, unless it knows how to decode the messages. Blocking all encoded mail also would block all e-mail attachments, which would be going too far. In any case, I know how baesean filters work; I've been collecting spam mail specifically to use to initialize such a filter for our server. I just haven't had time to write it. You're right that it wouldn't be appropriate for every server, but it could be used on the sort of small mail servers that I run. First of all, e-mail is like a postcard, and you have to assume that other people are reading it. Sysops can and sometimes have to look at the mail going through their server. Similarly, it is much easier (and cheaper) to insure that virii are trapped at the server rather than trying to insure that no desktop machine ever reads a dangerous message. In my case, I have to prevent the public mailing lists I manage from ever sending out a virus or spam. Since those are automated, and a virus is likely to come from a trusted sender, aggresive scanning at the server is the only answer. In any case, multiple layers of defense are the only option. And the more of those layers that are written in Ada or other reliable programming languages, the more likely that they actually will work and not cause additional problems. Randy Brukardt.