[Mailman-Users] How do the spammers do it?

Brad Knowles brad at stop.mail-abuse.org
Mon May 16 16:20:21 CEST 2005 

At 2:37 PM +0200 2005-05-16, Christophe Meessen wrote:

>>      If the signature is automatically generated by the MUA, then the
>>  trojans/spybots can make use of this and still get through.  The only
>>  way you can make this work is if you require actual human intervention
>>  on the part of the sender,
>
>  That's true and is also the normal working model for signed messages.

	Not with the plug-ins I've seen.  They work to make cryptographic 
signatures as simple and easy to use as possible, which means that 
there must be absolutely no additional user involvement required.

>>  and that would probably also require human intervention on the part
>>  of the mailing list administrator -- for each and every message.
>
>  That's not true. A mail signature is basically a hash value encrypted
>  with a secret key.

	I am quite well acquainted with the nature of public key 
encryption.  I've been using PGP since before the 2.6 days, I donated 
money to Phil for his defense, and I personally know Mike Elkins (the 
guy who wrote the PGP/MIME RFC, as well as the principal author of 
mutt, the premier PGP/MIME MUA).

	I don't use PGP today because it's too much of a pain to 
integrate with my MUA of choice on my platform of choice, although I 
am always close to being pushed over the edge to moving all ten-plus 
GB of my mail archives over to mutt, because I've been forced to futz 
around with this damn program one too many times.


	The problem is that if the crypto signature on the client side 
does not forcibly require the user to manually intervene and sign 
each and every message, then in order to achieve the result you're 
looking for you will instead force the list moderator to manually 
intervene and personally check and approve each and every message.

>  Whenever this user sends a signed mail to the list you use his public
>  key to decode the hash value and check the mail integrity. If it's
>  valid you may forward it to the list. The signature can be removed if
>  desired. This would protect the list from forged mails.

	But it wouldn't protect us at all against Sober.Q or whatever the 
latest variant is, since they already have complete control over the 
users MUA and they can send out millions of messages as being "from" 
that user, including all necessary cryptographic signatures.

>  For lists that don't require subscription, there is no way to make
>  a difference with spammers and normal users.

	The problem is far more complex (and worse) than that.  Even for 
lists that do require subscriptions, there is no way you can reliably 
tell the difference between a legitimate mail message and spam, 
regardless of whether or not it was spoofed.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Users mailing list