email questions - Tilted Forum Project Discussion Community

7w17ch · 01-30-2005, 12:25 PM

hi all, its sunday and this has been nagging at me for a while...

so my school email is constantly bombarded with spam, and i mean a lot. i have the spamguard settings pretty high up, and a pretty extensive list of filters. i have managed to bring down the amount i actually see to a manageable level.
its mildly amusing seeing how they are trying to get past the spamguard.
things like morgage spelled in half "1337". or records spelled wrong. yeah, because when i see gross misspellings and writing like a 14yr. old i think nothing but fortune 500 baby.
yeah.
but as of recently i have been recieving emails with spoofed addresses. stuff like the to: feild is filled in with a different name than mine. so i have a two part question.
1) is it possible to make sure that the to feild says to me, otherwise the email gets deleted, like a filter but just to verify that the addresse is me.
2) how are they able to spoof that type of stuff? like the to and from feilds? is it an application that does it for them or do they have to manually set that info?

bendsley · 01-30-2005, 04:56 PM

How is your school currently filtering spam? What mail server (if known)? Is this district wide email system or something privy only to your school?

One of the things I'm thinking of is DomainKeys, by Yahoo!.

DomainKeys is an anti-spam software application in development at Yahoo that uses a form of public key cryptography to authenticate the sender's domain. Today, the sender of a spam message can spoof the originating address so that recipients will think it came from someone else and thus open it as legitimate mail. Yahoo's software would enable the receiving end of e-mail to easily filter out notes in which the sender's stated address could not be authenticated as the actual address. Yahoo plans to make its software freely available to open-source developers, hoping that it will be adopted, installed, and implemented throughout the Internet. In a Reuters interview Brad Garlinghouse, Yahoo's VP of communications products, described the scope of the DomainKeys initiative: "What we're proposing here is to re-engineer the way the Internet works with regard to the authentication of e-mail."

In the Yahoo anti-spam system, an e-mail message would have the originating domain's private key securely embedded in its header. When the message arrives at its destination, the key can be compared to the stated domain's public key in the domain name system (DNS) listings to verify that it actually comes from where it says it comes from. Messages that originate from known sources of spam or from domains other than the one they claim to be from could be rejected by the recipient's server.

The Internet community is divided on whether or not the Yahoo effort is likely to work. For one thing, the software would have to be widely accepted to be successful. Furthermore, some critics believe if DomainKeys was broadly implemented it would lead to an unacceptable slowing of transmission due to the extra handling of each message. Another concern is that spammers could carry out replay attacks, in which the attacker intercepts messages, steals legitimate digital signatures, and then forges messages using them. However, such problems are not insuperable. Proponents argue that Yahoo has a potential solution to the spam problem in DomainKeys and that, with the ever-increasing glut of spam on the Internet, we should give even possible solutions a good trial before dismissing them.

Currently, DomainKeys is implemented in current versions of Sendmail.

If you are not currently running Sendmail, and willing to update it, I would suggest putting an SMTP proxy in front of the mail server itself to weed out unwanted emails and viruses. Using amavisd, clamav, spamassassin, pyzor and razor, this is possible, and works damn well. Also, if you did something like this, you could have a script run every night to update ldap information (if you're using LDAP) and only accept mail to current accounts. This would be nice since every year the school unloads a class and gains a new one.

I have only setup this smtp proxy on debian sarge, so, there may be a few changes.
If you want a step by step guide, go to www.floabie.com/spam

rubicon · 01-31-2005, 04:18 PM

You can try out Spam Arrest. It front-ends all of your messages using a challenge/response system. You can add your "friendly" addresses so those people don't need to respond to the challenge. I doubt any spammer is going to read through the bounces to reply to the challenge. Besides, you still have the ability to deny them if someone should.

01-30-2005, 12:25 PM	#1 (permalink)
7w17ch Upright Location: 127.0.0.1	email questions hi all, its sunday and this has been nagging at me for a while... so my school email is constantly bombarded with spam, and i mean a lot. i have the spamguard settings pretty high up, and a pretty extensive list of filters. i have managed to bring down the amount i actually see to a manageable level. its mildly amusing seeing how they are trying to get past the spamguard. things like morgage spelled in half "1337". or records spelled wrong. yeah, because when i see gross misspellings and writing like a 14yr. old i think nothing but fortune 500 baby. yeah. but as of recently i have been recieving emails with spoofed addresses. stuff like the to: feild is filled in with a different name than mine. so i have a two part question. 1) is it possible to make sure that the to feild says to me, otherwise the email gets deleted, like a filter but just to verify that the addresse is me. 2) how are they able to spoof that type of stuff? like the to and from feilds? is it an application that does it for them or do they have to manually set that info?

01-30-2005, 04:56 PM	#2 (permalink)
bendsley Professional Loafer Location: texas	How is your school currently filtering spam? What mail server (if known)? Is this district wide email system or something privy only to your school? One of the things I'm thinking of is DomainKeys, by Yahoo!. DomainKeys is an anti-spam software application in development at Yahoo that uses a form of public key cryptography to authenticate the sender's domain. Today, the sender of a spam message can spoof the originating address so that recipients will think it came from someone else and thus open it as legitimate mail. Yahoo's software would enable the receiving end of e-mail to easily filter out notes in which the sender's stated address could not be authenticated as the actual address. Yahoo plans to make its software freely available to open-source developers, hoping that it will be adopted, installed, and implemented throughout the Internet. In a Reuters interview Brad Garlinghouse, Yahoo's VP of communications products, described the scope of the DomainKeys initiative: "What we're proposing here is to re-engineer the way the Internet works with regard to the authentication of e-mail." In the Yahoo anti-spam system, an e-mail message would have the originating domain's private key securely embedded in its header. When the message arrives at its destination, the key can be compared to the stated domain's public key in the domain name system (DNS) listings to verify that it actually comes from where it says it comes from. Messages that originate from known sources of spam or from domains other than the one they claim to be from could be rejected by the recipient's server. The Internet community is divided on whether or not the Yahoo effort is likely to work. For one thing, the software would have to be widely accepted to be successful. Furthermore, some critics believe if DomainKeys was broadly implemented it would lead to an unacceptable slowing of transmission due to the extra handling of each message. Another concern is that spammers could carry out replay attacks, in which the attacker intercepts messages, steals legitimate digital signatures, and then forges messages using them. However, such problems are not insuperable. Proponents argue that Yahoo has a potential solution to the spam problem in DomainKeys and that, with the ever-increasing glut of spam on the Internet, we should give even possible solutions a good trial before dismissing them. Currently, DomainKeys is implemented in current versions of Sendmail. If you are not currently running Sendmail, and willing to update it, I would suggest putting an SMTP proxy in front of the mail server itself to weed out unwanted emails and viruses. Using amavisd, clamav, spamassassin, pyzor and razor, this is possible, and works damn well. Also, if you did something like this, you could have a script run every night to update ldap information (if you're using LDAP) and only accept mail to current accounts. This would be nice since every year the school unloads a class and gains a new one. I have only setup this smtp proxy on debian sarge, so, there may be a few changes. If you want a step by step guide, go to www.floabie.com/spam __________________ "You hear the one about the fella who died, went to the pearly gates? St. Peter let him in. Sees a guy in a suit making a closing argument. Says, "Who's that?" St. Peter says, "Oh, that's God. Thinks he's Denny Crane."

01-31-2005, 04:18 PM	#3 (permalink)
rubicon Stop. Think. Question. Location: Redondo Beach, CA	You can try out Spam Arrest. It front-ends all of your messages using a challenge/response system. You can add your "friendly" addresses so those people don't need to respond to the challenge. I doubt any spammer is going to read through the bounces to reply to the challenge. Besides, you still have the ability to deny them if someone should. __________________ How you do anything is how you do everything.