Re: Earthlink and Swen

To: debian-user@lists.debian.org
Subject: Re: Earthlink and Swen
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Sun, 7 Dec 2003 23:55:57 -0800
Message-id: <[🔎] 20031208075557.GC9275@ix.netcom.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20031205065659.GD2098@wheat.boylan.org>
References: <[🔎] pan.2003.12.04.20.08.21.407271@earthlink.net> <[🔎] 20031205065659.GD2098@wheat.boylan.org>

on Thu, Dec 04, 2003 at 10:56:59PM -0800, Ross Boylan (RossBoylan@stanfordalumni.org) wrote:
> On Thu, Dec 04, 2003 at 03:08:23PM -0500, Paul Morgan wrote:
> ...
> > I have all services locked down to localhost; my only connections to
> > the outside world are mail, news via nntpcached, web via squid... I run
> > Apache but it too is locked down to localhost.  My mail is run through my
> > ISP's (earthlink's) virus and spam filters before I get it (otherwise I'd
> > be getting like 10 Svens per day). I do see, from time to time, Apache
> > refusing connections attempts which are generally attacks by Windoze worms.
> 
> I had a long talk with earthlink a month or two ago in which they told
> me they were not filtering out swen (and they certainly weren't; I got
> a ton).  Soon after that, I did see some swen-like stuff in their spam
> filter for my account (but I also saw plenty still coming at me).
> 
> What's your basis for saying they are filtering out swen, rather than
> that you're just getting less swen?

Perhaps their recently introduced virus filtering service:

    http://www.earthlink.net/myaccount/help/virusblocker/


Synopsis: 

  If activated:
  - Infected legitimate mail is cleaned and delivered.
  - Infected virally distributed mail is blocked and deleted.
  - Legitimate mail which cannot be cleaned is quarantined.

  In emergency mode (mail storm), the system is activated automatically
  but only for the specific mail associated with the storm. 


My beefs:  

  - The system is unaccountable.  There's no reporting built in to
    indicate how much mail is being blocked.

  - The system appears to work after SMTP transaction.  This means
    that viral mail cannot be denied on delivery.  This is an issue
    because:

     - Such delivery errors tip off other sites that they've got a virus
       problem.

     - Any attempted notification after receipt cannot be made without
       a high likelihood of false notification to spoofed addresses (a
       "Joe-job" attack).
    
  - Mail which cannot be cleaned is quarantined.  I don't need crap mail
    sitting on my account.

  - There's no discussion of how "messages that others send you" are
    distinguished from viral "breed"ing mail.  Magick?

Nice try, but ultimately deficient.


However, it does exist.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Reject EU Software Patents!                         http://swpat.ffii.org/

Attachment: pgptFiZqpsrl0.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Earthlink and Swen
  - From: Kevin Mark <kmark+debian-user@pipeline.com>

References:
- Re: Debian Investigation Report after Server Compromises
  - From: Paul Morgan <paulswm@earthlink.net>
- Earthlink and Swen
  - From: Ross Boylan <RossBoylan@stanfordalumni.org>

Prev by Date: Re: chaning root prompt PS1 question
Next by Date: Xterm font debian-user-200011/msg05124.h
Previous by thread: Re: Earthlink and Swen
Next by thread: Re: Earthlink and Swen
Index(es):
- Date
- Thread