On Sat, 2004-08-28 at 13:18, christopher(_at_)pobox(_dot_)com wrote:
I think hashcash is a dead end as an anti-spam system. Spammers have
armies of zombies that can do the calculations for them, so it will
XPservicePack 2 very effectively stomps on zombies. Everything that
want to accept incoming Internet connections, or establish new
outgoing ones, requires the user to manually accept this behavior - by
default. There must be lots of unhappy hackers this week, as they
watch their hard-earned zombie armies as they're cut down like flies
:-))
I wouldn't be too sure about that. The reason that there are so many
zombies out there in the first place is that the people who (think that
they) own them can't be bothered installing the security updates. Given
the humongous list of applications that "experience a loss of
functionality" with SP2
(http://support.microsoft.com/default.aspx?kbid=884130,
http://support.microsoft.com/default.aspx?kbid=842242&product=windowsxpsp2), I
expect many of these people would be even less keen to apply SP2 than many of
its predecessors.
A> If I was Microsoft I would be stupid not to leverage their
A> majority marketshare in clients, and minimize the leverage of
A> internet-wide (non local network) servers where they are minority.
Yep - they're not stupid - with Pack 2 they've just said "fuck you" to
the entire "email metrics" market, as well as anyone serving enhanced
and/or dynamic email content - by upgrading Outlook and Outlook
express to block all external content.
Not before time too. People have been clamouring for this (which blocks
web bugs and a wide variety of security issues) for years.
The really stupid thing is
that this was unnecessary - some 3rd party company selling email
firewall software ran a campaign of bogus press releases trying to
convince everyone that spammers track emails using web-bugs, and MS
didn't bother to check any facts - they just blocked everyone out.
Of course, legitimate markers can still send "rich" mail by embedding
the images into the mail. All they're losing out on is the information
they were receiving from the web bugs.
Spammers blast millions of emails to anyplace that accepts them: they
don't set up expensive servers that would get shut down quickly, and
would lead to the spammers risking capture, just to see who might be
opening their crap.
Agreed. Spammers don't use web bugs but lots of other mailers do.
Paul.
--
Paul Howarth <paul(_at_)city-fan(_dot_)org>