still looking for that stuff?
Fred Cisin
cisin at xenosoft.com
Wed Aug 10 19:41:35 CDT 2016
On Wed, 10 Aug 2016, jim stephens wrote:
> Also note the compromised account may not be actually compromised where it is
> hosted and changing the passwords by the user on the list will do no good.
> finding a new email provider will.
Not necessarily.
Consider:
System Z gets compromised. Whether whole system, or just addressbook of a
a user account.
>From that address book, the perp acquires addresses A,B,C,D, etc.
He then sends emails that purport to be from A, to B, C, D, and Z.
Everybody is yelling at A that his account has been compromised, when the
only fault of A's account is that Z's addressbook knew his email address.
If A changes his password, or email provider, or changes his email
address, it will not have any effect on the volume of mail that purports
to come from A's original address.
The only thing that would help would be to compare the FROM: email address
to the machine(s) that it actually came from. I doubt that even this
mailing list server does any verification other than whether the FROM:
address is on the list, not where it came from.
Blocking the sending of more than x messages per hour would almost work,
except that it would need to set up exceptions for "legitimate" mass
mailings, such as this list. Blocking the transmission of mass mailings
would cripple legitimate uses, such as this list.
Spam will not stop until the last spammer is dead.
More information about the cctalk
mailing list