Conversation

Notices

1. Embed this notice
   Bill (sempf@infosec.exchange)'s status on Saturday, 18-Jan-2025 18:20:53 JST Bill

   • Royce Williams
   • cR0w :cascadia:
   • Ryan Castellucci :nonbinary_flag:

   @cR0w @ryanc @tychotithonus @drscriptt Exactly this.

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 18-Jan-2025 11:24:19 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Royce Williams

     @tychotithonus @drscriptt @Sempf I think we can agree this is a case of choosing amongst bad options, but don't think either of us are going to change our mind about which is worse.

     Besides, I'm the one who patched their mail server to allow for customized fake rejects.

   • Embed this notice
     Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 18-Jan-2025 11:24:20 JST Royce Williams

     • Ryan Castellucci :nonbinary_flag:

     @drscriptt

     I'm interested in minimizing ecosystem harm / impact, even if I'm not the direct / attributable source. In the worst case, if I know that an upstream hop is going to generate backscatter if I reject in my DATA phase, and I know with high confidence that the content is spam, and I know that that upstream hop is not likely to change their ways any time soon ... it's a net lessening of ecosystem harm if I silently discard, rather than indirectly "trigger" predictable backscatter.

     Yes, I know this is idealistic. :D

     @ryanc @Sempf

   • Embed this notice
     Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 18-Jan-2025 12:19:23 JST Royce Williams

     in reply to

     • Ryan Castellucci :nonbinary_flag:

     @ryanc
     I think we agree more than we disagree! Especially when it it is probably better, but the ecosystem for the systems causing harm to be the explicit source of that harm, so that the ecosystem will start to respond to it appropriately. So I'm basically arguing myself out of silent discard even in my idealistic case!
     @drscriptt @Sempf

   • Embed this notice
     Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 18-Jan-2025 18:20:52 JST Royce Williams

     in reply to

     • cR0w :cascadia:
     • Ryan Castellucci :nonbinary_flag:

     @Sempf @cR0w @ryanc @drscriptt

     I mean, my experience is outdated, but at its height I was the sole sysadmin and abuse admin for a platform that served about 60,000 users, accepting or rejecting about a million SMTP delivery attempts a day. I was a very early implementer of things like graylisting and SpamAssassin, before you could even buy an appliance to do them, let alone a cloud service. But the landscape was very different then -- spammers were smaller scale and not big business then. The scars are old, but deep. Count yourself lucky. 😅

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 18-Jan-2025 18:20:52 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Royce Williams
     • cR0w :cascadia:

     @tychotithonus @Sempf @cR0w @drscriptt remember when people were implementing ocr plugins for detecting image base spam, and then the spammers started sending ads for black market viagra that looked like CAPTCHAs?

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Saturday, 18-Jan-2025 18:27:41 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Royce Williams
     • cR0w :cascadia:

     @tychotithonus @Sempf @cR0w @drscriptt I haven't been responsible for other people's email infrastructure since 2009, and I still get twitchy thinking about it.

     Email was a warzone.