Re: Earthlink and Swen

Mon, 08 Dec 2003 00:59:23 -0800 

on Thu, Dec 04, 2003 at 10:56:59PM -0800, Ross Boylan ([EMAIL PROTECTED]) wrote:
> On Thu, Dec 04, 2003 at 03:08:23PM -0500, Paul Morgan wrote:
> ...
> > I have all services locked down to localhost; my only connections to
> > the outside world are mail, news via nntpcached, web via squid... I run
> > Apache but it too is locked down to localhost.  My mail is run through my
> > ISP's (earthlink's) virus and spam filters before I get it (otherwise I'd
> > be getting like 10 Svens per day). I do see, from time to time, Apache
> > refusing connections attempts which are generally attacks by Windoze worms.
> 
> I had a long talk with earthlink a month or two ago in which they told
> me they were not filtering out swen (and they certainly weren't; I got
> a ton).  Soon after that, I did see some swen-like stuff in their spam
> filter for my account (but I also saw plenty still coming at me).
> 
> What's your basis for saying they are filtering out swen, rather than
> that you're just getting less swen?

Perhaps their recently introduced virus filtering service:

    http://www.earthlink.net/myaccount/help/virusblocker/


Synopsis: 

  If activated:
  - Infected legitimate mail is cleaned and delivered.
  - Infected virally distributed mail is blocked and deleted.
  - Legitimate mail which cannot be cleaned is quarantined.

  In emergency mode (mail storm), the system is activated automatically
  but only for the specific mail associated with the storm. 


My beefs:  

  - The system is unaccountable.  There's no reporting built in to
    indicate how much mail is being blocked.

  - The system appears to work after SMTP transaction.  This means
    that viral mail cannot be denied on delivery.  This is an issue
    because:

     - Such delivery errors tip off other sites that they've got a virus
       problem.

     - Any attempted notification after receipt cannot be made without
       a high likelihood of false notification to spoofed addresses (a
       "Joe-job" attack).
    
  - Mail which cannot be cleaned is quarantined.  I don't need crap mail
    sitting on my account.

  - There's no discussion of how "messages that others send you" are
    distinguished from viral "breed"ing mail.  Magick?

Nice try, but ultimately deficient.


However, it does exist.


Peace.

-- 
Karsten M. Self <[EMAIL PROTECTED]>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Reject EU Software Patents!                         http://swpat.ffii.org/

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to