Re: Earthlink and Swen

To: debian-user@lists.debian.org
Cc: Ross Boylan <RossBoylan@stanfordalumni.org>
Subject: Re: Earthlink and Swen
From: Ross Boylan <RossBoylan@stanfordalumni.org>
Date: Thu, 11 Dec 2003 20:56:48 -0800
Message-id: <[🔎] 20031212045648.GU1511@wheat.boylan.org>
Mail-followup-to: debian-user@lists.debian.org, Ross Boylan <RossBoylan@stanfordalumni.org>
In-reply-to: <[🔎] 20031207001545.GP9275@ix.netcom.com>
References: <[🔎] pan.2003.12.04.20.08.21.407271@earthlink.net> <[🔎] 20031205065659.GD2098@wheat.boylan.org> <[🔎] 20031207001545.GP9275@ix.netcom.com>

On Sat, Dec 06, 2003 at 04:15:45PM -0800, Karsten M. Self wrote:
...
> 
> Earthlink have implemented virus and spam filtering within the past
> month or so, early November, if time serves.

That explains some of the confusion.  It's good they are trying to be
responsive.  Too bad they aren't doing it better.

As an aside to the comment that earthlink said they couldn't scan for
viruses because that would be an invasion of privacy: one support
person I spoke to hinted that the real issue was that scanning the
entire body of email messages takes more resources than scanning the
headers.  They may have resisted doing anything because of a shortage
of CPU power (yes, I know, viruses consume CPU, bandwidth, disk space
even if ignored...).  They also claimed that they weren't getting that
many swens over their subscriber base.  This is perhaps true if it was
harvesting off usenet postings.

> 
> It's more than slightly flawed in several regards:
> 
>   - There's no SMTP-time blocking -- the only way to reliably inform a
>     sender that their message wasn't delivered, without joe-job risks.
joe-job = ?

> 
>   - Viruses are filtered to a "quarantine" folder, which you still have
>     to check and clear periodically.  Whether and how this counts to you
>     10 MiB mail buffer quota isn't clear.  Filter is based on Brightmail
>     IIRC.  This is *not* enabled by default, but must be selected by the
>     subscriber.
> 
Their junk mail folder, according to their webmail interface, does not
count against your quota, but may get periodically cleared out.  I'll
have to check what the relation of this is to the new stuff, but
probably it will work on the same principle.

>   - In "virus storms", virus filtering is enabled automatically.  There
>     is no way for the subscriber to control this behavior.

If the filters worked that would be fine.  But they don't.

> 
>   - Spam filtering is largely limited to "known spam" checks, analagous
>     to Vipul's Razor.  This is the same useless crap that was previously
>     marketed as "SpamBlocker".  Which didn't....
> 
>   - There is a "known senders" mail filtering system, based on
>     challenge-response (itself an evil concept) which again quarantines
>     mail not delivered, again, counting against your mail buffer.
> 
>       http://kmself.home.netcom.com/Rants/challenge-response.html
> 
>   - There is no reporting to the user of what mail was blocked, sender,
>     subject, or reason for blocking.  There is no option for user
>     training of filters.
> 
> Upshot:  I've not enabled any of the filtering.  I want to know what is
> blocked.  I want blocking at SMTP level.  And I want context-sensitive
> spam filters (e.g.:  Bayesian filters).  I can apply this through my own
> rules after downloading mail.  Current mail loads are sufficiently small
> that I can do this effectively.  I've also found that reporting received
> Swen tends to keep counts down (~60-65 per day, vs. 250+ if not
> reported).  I've created a few scripts for this (some assembly required):
> 
Thanks for doing the reports.  It's a public service, as well as
helping you.

>     http://kmself.home.netcom.com/Download/reportSwen
>     http://kmself.home.netcom.com/Download/fqdn2domain
> 
> 
> Peace.
> 

Although filtering should "obviously" be done by service providers, it
seems they have a lot of trouble getting it right.  Mail to me goes
through two service providers (one of them is just a forwarder, and I
only recently found out they were attempting to remove spam).  In both
cases, I see non-trivial numbers of legitimate messages classified as
spam and never delivered to me.  As you point out, they never even
report anything about what's going on.   (The irascible gentleman
whose post started this thread apparently believes individual viruses
are being sanitized by earthlink and delivered to him, but no one else
has suggested they are doing that.)

Did earthlink send a notice of this change, or did they just do it?  I
didn't know about it.  But then, I usually don't read their
newsletters, where I suppose they might have mentioned it.  I used
their webmail interface quite recently, and didn't see anything
suggesting their filtering options had changed.

Reply to:

Follow-Ups:
- Re: Earthlink and Swen
  - From: "Karsten M. Self" <kmself@ix.netcom.com>
- Re: Earthlink and Swen
  - From: Kevin Mark <kmark+debian-user@pipeline.com>
- Re: Earthlink and Swen
  - From: Paul Morgan <paulswm@earthlink.net>

References:
- Re: Debian Investigation Report after Server Compromises
  - From: Paul Morgan <paulswm@earthlink.net>
- Earthlink and Swen
  - From: Ross Boylan <RossBoylan@stanfordalumni.org>
- Re: Earthlink and Swen
  - From: "Karsten M. Self" <kmself@ix.netcom.com>

Prev by Date: gift horse Re: Linux is not for consumers!
Next by Date: Re: Can we tag [T]echnical posts?
Previous by thread: Re: Earthlink and Swen
Next by thread: Re: Earthlink and Swen
Index(es):
- Date
- Thread