still looking for that stuff?

Fred Cisin cisin at xenosoft.com
Wed Aug 10 19:41:35 CDT 2016


On Wed, 10 Aug 2016, jim stephens wrote:
> Also note the compromised account may not be actually compromised where it is 
> hosted and changing the passwords by the user on the list will do no good. 
> finding a new email provider will.

Not necessarily.

Consider:
System Z gets compromised.  Whether whole system, or just addressbook of a 
a user account.

>From that address book, the perp acquires addresses A,B,C,D, etc.

He then sends emails that purport to be from A, to B, C, D, and Z.

Everybody is yelling at A that his account has been compromised, when the 
only fault of A's account is that Z's addressbook  knew his email address.

If A changes his password, or email provider, or changes his email 
address, it will not have any effect on the volume of mail that purports 
to come from A's original address.

The only thing that would help would be to compare the FROM: email address 
to the machine(s) that it actually came from.  I doubt that even this 
mailing list server does any verification other than whether the FROM: 
address is on the list, not where it came from.

Blocking the sending of more than x messages per hour would almost work, 
except that it would need to set up exceptions for "legitimate" mass 
mailings, such as this list.   Blocking the transmission of mass mailings 
would cripple legitimate uses, such as this list.



Spam will not stop until the last spammer is dead.




More information about the cctalk mailing list