Re: Anti-Spam ideas for usenet/list harvested email addresses
Kirk Strauser said:
> At 2003-09-23T21:16:02Z, Ray <ray.list@powerweb.net> writes:
>
>> perhaps if someone wrote the "don't f*&$ open me"[1] virus and had it go
>> through a little tutorial about why not to open unknow attachments have
>> message go something like "I was foolish enough to open the attachment,
>> and since you are at risk of getting a message from me with a virus,
>> this
>> attachment has forwarded itsself to you"
>
> Indeed. You know, we're going through a lot of effort and hypothesizing
> do
> to exactly one problem: Outlook* makes it easy for uneducated users to do
> stupidly dangerous things.
Outlook2002 will tell you "bla bla bla unsafe bla bla bla outlook users
might not be able to open this" because without being hooked to an
exchange server w/ a policy to allow unsafe attachments, outlook blocks
your access to those attachments.
OE will let you send it w/o a peep, but the default is to block access to
it on the recieving side. You just have to uncheck a little box to get the
attachment.
>That's it - the whole problem. You don't get
> junk from Macs or Mozilla users, and those are nice, easy-to-use GUI
> clients. We're having this entire conversation simply because Microsoft
> refuses to make it more difficult to execute an attached file than
> clicking
> on an attachment icon.
As much as I agree to some degree or another to the spirit of what you're
saying, I started this thread because Swen was swamping me.
If thousands of people were personally emailing me virus laiden emails,
that's one thing, but that's not the case here. I'm getting thousands of
emails from copies of a virus that isn't opening O* to send it's mail. I
am getting those emails because 1) Win users were either not updated with
security patches or gullible and 2) I have posted to this list using my
valid email address.
Since I don't have much faith in fixing #1 any time soon beyond some pep
talks to friends, I am focusing on how to avoid the easy target #2 left me
open to be. Normally when I get viruses it's only from people I've sent
email to. This time it was from anyone who was infected/unprotected and
who's computer found my email from the mailing list.
I would also like to avoid UCE/UCB Spam that harvested my email from
usenet as well. That isn't a virus or email client specific issue.
>
> Out of curiosity, are there *any* legitimate reasons at all why you'd want
> to mail an uncompressed executable to someone?
I'm sure someone could pipe up about how it's hard to walk their
grandma/client through installing *zip, which unfortunatly is a valid
point. :(
Lets say all viruses start mailing zipped copies of themselves. They only
have to zip themselves once on the host machine then mail that copy. Now
we have to watch for a zip archive in mime data and unzip all mail to scan
it, or reject zipped files as well. :(
I'm all for p2p file sharing or some server based file store and only
sending p2p invite keys/urls in your email. If email were only text, load
could sure drop, but I don't think it will happen. Its too convenient. I
know I use it even when I don't _have_ to.
Right now, if my grandma tries to email me some christmas windows screen
saver (possibly a virus in disguise as something neat), she get's a '550
We do not accept executable attachments' and I can deal with any flack
telling her "I'm sorry, but I don't want to get a virus." If someone else
sends me the same file but claims to be her, they get the 550 unless an
open relay was involved. I don't post-delivery bounce.
--
Jacob
Trying out SquirrelMail
Reply to: