From owner-freebsd-doc@FreeBSD.ORG Thu Oct 16 11:30:49 2003 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2452B16A4B3; Thu, 16 Oct 2003 11:30:49 -0700 (PDT) Received: from firecrest.mail.pas.earthlink.net (firecrest.mail.pas.earthlink.net [207.217.121.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id 895BC43FDD; Thu, 16 Oct 2003 11:30:45 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfl3s.dialup.mindspring.com ([165.247.212.124] helo=mindspring.com) by firecrest.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 1AACt9-0007lE-00; Thu, 16 Oct 2003 11:30:20 -0700 Message-ID: <3F8EE390.47F355D3@mindspring.com> Date: Thu, 16 Oct 2003 11:29:36 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Steve O'Hara-Smith References: <20031015112920.GA36404@nagual.pp.ru> <20031015132551.GA94612@freebie.xs4all.nl> <20031016124938.354fe903.steve@sohara.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a429cc99f05e01c6de9bcaef0aaf81e9a5350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c cc: ache@nagual.pp.ru cc: freebsd-current-owner@freebsd.org cc: doc@freebsd.org cc: current@freebsd.org cc: Peter Schultz Subject: Re: hiding e-mail adresses needed badly X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 18:30:49 -0000 Steve O'Hara-Smith wrote: > Peter Schultz wrote: > > However, since that fateful > > e-mail I have been viciously attacked by spammers posing as Microsoft > > security updaters. These spams include attachments making them all > > around 150KB in size. Maybe others of you have seen them? > > Certainly have - they're not spammers it's a worm, called Swen. > It targets an amazing variety of things, including every email address > it can get hold of. One of my accounts gets about a hundred a day of > these *still*. If you get infected it filters your inbox and removes > attempts to reinfect you so that you don't see it at all. But you still get to pay to download them. I got so pissed off, I wrote a program to proactively delete them out of my mailbox at intervals, without downloading them. Earthlink often sucks in terms of customer service. If they would just designate a couple of common markers as "known SPAM", the problem would have gone away for me, and a couple million other people forced to use Earthlink ("forced", because no matter where I go, Earthlink buys up my damn ISP -- no one talks about *that* monocoluture being a threat). Another pain in the ass is that people without direct Internet connections *somewhere* are stuck with POP3 maildrops going over quota because of these damn things, which is a denial of service attack (all messages to you bounce as "over quota", and most of the mailing list software in the world will auto-unsubscribe you when that happens). This is probably the biggest threat to the Internet yet, since communication in general, and email in particular, is still *the* killer application for the Internet. This is an inherent flaw in a store-with-quota+pickup-transiently model, which is what any POP3/IMAP4 forces their users into, and that means *any* ISP, even ones that give you full time connections, when they refuse to let you run your own mail server, either by explicitly disallowing it, or by not providing you a static IP. A non-quotaed maildrop would fix it. The ISP mail server admins growing a clue and not transiting executable attachments would fix it. And ASMTP would fix it (as long as there wasn't a queue quota). Again, Earthlink is no help, since they transit these damn things to the maildrop, against their customer's will, and, for most of their customers, this means propagating the damn things further. Can you imagine if someone wrote one of these things to *actively* target an ISP with a stupid network topology like Earthlink? You could drive the company out of business by chasing all their subscribers away by denying them the ability to receive communications from almost anyone else on the Internet. I'm really surprised these idiots are unwilling to do anything about saving their business model from extinction. In any case, my suggestion is that you write a program to delete off files with certain sizes from a "list" and/or certain content from a "head", and find a kind soul you trust to not abuse your password, which would have to be cleartext somewhere (command line or compiled in), and have the worms deleted out before they become an issue for you. -- Terry