You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Gino Cerullo <gc...@pixelpointstudios.com> on 2006/08/25 21:43:58 UTC
Discourage broken configs (was: Discourage broken content (was: Broken images in mails)
On 25-Aug-06, at 3:20 PM, Kenneth Porter wrote:
> --On Friday, August 25, 2006 12:05 AM -0700 Plenz <paul@lenz-
> online.de> wrote:
>
>> I disagree. To check out what happens I converted a JPG picture
>> into a GIF
>> file
>> and sent it to myself. One time I converted it with IrfanView and the
>> second time with PaintShop Pro. Both GIF files had the result
>> "giftopnm: EOF or error reading data portion..." So I produced a
>> corrupt
>> (?) image, but it was not spam.
>
> I think we should discourage all broken content in email and on the
> web.
>
> At one time we could assume that broken content was an honest
> mistake and make an attempt at fixing it. But with the rise of
> malicious content attempting to exploit bugs in content handlers
> (like overruns in image libraries), we should simply reject
> anything that fails to pass validation, on the assumption that's it
> out to get us.
>
> This includes not just broken images but also broken HTML, which is
> so commonly used to conceal spam.
>
> We need to stop giving a free pass to broken content creation
> software just because it's popular. When someone sends you broken
> content, you should react the same way you would if they sent you
> documents on dirt-smeared paper. Stop letting your emperor walk
> around naked.
I would, and do, go even further and discourage broken Server/DNS
configurations.
I've downright had it with all this crap hitting my server.
I'm now doing checks right at the MTA and if the sending server fails
any hostname, HELO, domain name, SPF etc., checks they don't even get
to my content filters. The biggest thing we have in our favour is
that the spambots are mostly broken or running on machines that will
fail most of these checks.
For legitimate email, I send an message to the admins responsible for
the broken configs with my log entries explaining why their email was
blocked. It's up to them to fix it if they want to send email my way.
I know this isn't practical in an environment where you're
administering hundreds or thousands of accounts, and I feel your
pain, but I think it's time we encouraged proper and correct server
and DNS configurations so we can use all the tools at our disposal to
our advantage.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
416-247-7740
Re: Discourage broken configs (was: Discourage broken content (was: Broken images in mails)
Posted by "George R. Kasica" <ge...@netwrx1.com>.
>>> I think we should discourage all broken content in email and on the
>>> web.
>>>
>>> At one time we could assume that broken content was an honest
>>> mistake and make an attempt at fixing it. But with the rise of
>>> malicious content attempting to exploit bugs in content handlers
>>> (like overruns in image libraries), we should simply reject
>>> anything that fails to pass validation, on the assumption that's it
>>> out to get us.
>>>
>>> This includes not just broken images but also broken HTML, which is
>>> so commonly used to conceal spam.
>>>
>>> We need to stop giving a free pass to broken content creation
>>> software just because it's popular. When someone sends you broken
>>> content, you should react the same way you would if they sent you
>>> documents on dirt-smeared paper. Stop letting your emperor walk
>>> around naked.
>>
>> I would, and do, go even further and discourage broken Server/DNS
>> configurations.
>>
>> I've downright had it with all this crap hitting my server.
>>
>> I'm now doing checks right at the MTA and if the sending server fails
>> any hostname, HELO, domain name, SPF etc., checks they don't even get
>> to my content filters. The biggest thing we have in our favour is
>> that the spambots are mostly broken or running on machines that will
>> fail most of these checks.
>>
>> For legitimate email, I send an message to the admins responsible for
>> the broken configs with my log entries explaining why their email was
>> blocked. It's up to them to fix it if they want to send email my way.
>>
>> I know this isn't practical in an environment where you're
>> administering hundreds or thousands of accounts, and I feel your
>> pain, but I think it's time we encouraged proper and correct server
>> and DNS configurations so we can use all the tools at our disposal to
>> our advantage.
>
>I am with you right up until the moment my head says, "Who defines
>proper content?" Then I come back to "email format rwars" and say
>"Fahgeddit."
>
>One man's cilantro spice is another man's intolerable bitterness.
>Do we try to force the bitterness on the other man or do we try to
>accommodate? "Who gets to define how much we must tolerate?" It's
>purely an rwar issue when you apply this to formatting wars. It is
>best to do what YOU will and not get evangelistic about it. If you
>do characters like me get contrary.
>
>{^_^} Joanne, The Stubborn
A great and a wonderful idea until you have users paying you for
e-mail service and you start bouncing their mails because someone or
some program has a bug in it that they have no control over and they
lose that email from their employer, client or whatever and I can
assure you that they will find another provider right quick.
===[George R. Kasica]=== +1 262 677 0766
President +1 206 374 6482 FAX
Netwrx Consulting Inc. Jackson, WI USA
http://www.netwrx1.com
georgek@netwrx1.com
ICQ #12862186
Re: Discourage broken configs (was: Discourage broken content (was: Broken images in mails)
Posted by jdow <jd...@earthlink.net>.
From: "Gino Cerullo" <gc...@pixelpointstudios.com>
> On 25-Aug-06, at 3:20 PM, Kenneth Porter wrote:
>
>> --On Friday, August 25, 2006 12:05 AM -0700 Plenz <paul@lenz-
>> online.de> wrote:
>>
>>> I disagree. To check out what happens I converted a JPG picture
>>> into a GIF
>>> file
>>> and sent it to myself. One time I converted it with IrfanView and the
>>> second time with PaintShop Pro. Both GIF files had the result
>>> "giftopnm: EOF or error reading data portion..." So I produced a
>>> corrupt
>>> (?) image, but it was not spam.
>>
>> I think we should discourage all broken content in email and on the
>> web.
>>
>> At one time we could assume that broken content was an honest
>> mistake and make an attempt at fixing it. But with the rise of
>> malicious content attempting to exploit bugs in content handlers
>> (like overruns in image libraries), we should simply reject
>> anything that fails to pass validation, on the assumption that's it
>> out to get us.
>>
>> This includes not just broken images but also broken HTML, which is
>> so commonly used to conceal spam.
>>
>> We need to stop giving a free pass to broken content creation
>> software just because it's popular. When someone sends you broken
>> content, you should react the same way you would if they sent you
>> documents on dirt-smeared paper. Stop letting your emperor walk
>> around naked.
>
> I would, and do, go even further and discourage broken Server/DNS
> configurations.
>
> I've downright had it with all this crap hitting my server.
>
> I'm now doing checks right at the MTA and if the sending server fails
> any hostname, HELO, domain name, SPF etc., checks they don't even get
> to my content filters. The biggest thing we have in our favour is
> that the spambots are mostly broken or running on machines that will
> fail most of these checks.
>
> For legitimate email, I send an message to the admins responsible for
> the broken configs with my log entries explaining why their email was
> blocked. It's up to them to fix it if they want to send email my way.
>
> I know this isn't practical in an environment where you're
> administering hundreds or thousands of accounts, and I feel your
> pain, but I think it's time we encouraged proper and correct server
> and DNS configurations so we can use all the tools at our disposal to
> our advantage.
I am with you right up until the moment my head says, "Who defines
proper content?" Then I come back to "email format rwars" and say
"Fahgeddit."
One man's cilantro spice is another man's intolerable bitterness.
Do we try to force the bitterness on the other man or do we try to
accommodate? "Who gets to define how much we must tolerate?" It's
purely an rwar issue when you apply this to formatting wars. It is
best to do what YOU will and not get evangelistic about it. If you
do characters like me get contrary.
{^_^} Joanne, The Stubborn