[Top] [All Lists]

Re: GTUBE/Re: Quizzic: Spam equivalent to EICAR test virus proposal.

2003-07-03 10:56:18

Kjetil Torgrim Homme wrote:

[Matthew Elvey (FM)]:
 Matt Sergeant of SpamAssassin posted very relevantly to the ASRG about
 GTUBE in March:

Correction: (take off the +gtube - the URL stopped working with that)

There were a couple replies that are meritless from Vernon
 Schryver and Kee Hinckley.  A valid complaint was what about
 antispam systems that aren't content filters?

that's a bit harsh on Vernon Schryver, his idea of setting up an
auto-responder from a fixed IP-address is exactly what you propose.

Great. I haven't seen him propose that. I guess I missed it. He's got lots of good ideas, just not on that thread, as far as I saw. Tact and collegiality were missing. My intent was to make others' reading of the thread go quicker by echoing what's said at - he seemed to have misunderstood the purpose.

 Enhancement to my scheme to more fully address it: A pseudo-open
 relay could be established (run by who?)

probably someone academic, for stability topologywise, and also for
IPv6 support.  the problem is that willfully getting your host listed
in RBL is scary.  you never know what people will jump to conclusions
and blacklist your entire B-net.  (perhaps MIT could run it in its own
B-net ;-)

ICANN ISOC IESG IETF IANA... so many I*s but none with this falling within their charter AFAIK.

 that would (attempt to) relay only Quizzic-compliant messages.

might as well leave SMTP out of it.  connect to a port, enter a
recipient address,
Whatever is easier to implement and use.  A web form would work too.

But I think SMTP is probably best. For example, say you want to test a system that scans for spam on the way OUT. You'd set your client's (outoging) smtp server to or whatever. If there's an SMTP proxy run by your system or ISP, this gives it a chance to be shown to work. I also think it's simplest to implement with existing software.

and the server will connect to the MX of the source
IP. (make sure the reverse and forward lookup match.)
Can you explain this more? I'm not clear on what you're trying to do here or why. Is this test something that would make Quizzic hard for joe user to use? I guess if we're sticking with SMTP, if joe user's SMTP server doesn't have matching lookups, tough-a lot of servers are rejecting his mail; (this is the least of his problems, and the shortcoming might help joe user become aware of it), but if he's suposed to telnet from his windoze PC, expecting matching lookups is a bit unreasonable.

the message
will be fixed, and therefore not attractive to abuse by spammers.

I'm trying to allow flexibility that may be useful while still not making it attractive to spammers. At least, I'd like to have the email address of the (purported) sender be available. The source IP would be in the mail header; SpamCop and workalikes would be configured to trust the system and consider the source IP as the source of spam, and, by default at least, not report Quizzic reports as spam at all.

rate limiting per source IP (no more than 10 messages a day?) will
stop the people trying to use it to DOS.
Rate limiting makes sense.

 Sounds like the effort is still needed and  the need is there.

it seems to me that asrg is the proper forum, though.

The noise is deafening and the (admittedly oft-ignored) charter - doesn't seem to admit this topic, so I'm reluctant to go there.
Anyone else want/not want the discussion here?

<Prev in Thread] Current Thread [Next in Thread>