On Mon, 15 May 2017 18:52:18 +0100 Gareth Llewellyn <gareth@networksaremadeofstring.co.uk> wrote:
On Mon, May 15, 2017 at 2:08 PM, peter h <peter@hk.ipsec.se> wrote:
The main route of attack is by SPAM. Why is noone doing something effective against SPAM ?
To date there has been no evidence that email was the vector.
exactly. WannaCry: Advice to consumers should place a lot more focus on Web Browsers (than on email - although email transports links, sometimes the payload, etc as well - this is well known...- What is not known is that the consumers favorite PORN website also installs 'monitor ware'...) Regarding Spam: Spam is becoming much more professional. Spammers now have; * registered companies, * advanced "policies" (claims of opt-in marketing only) * far greater technical focus on compliance ("standards" which they set and enforce themselves * "professional organizations" and associations/bodies providing "legitimacy" and group harassment of victims (or spamtraps or block lists) * when applying for removal from block lists, always claims shared hosting and issues have been resolved, over and over and over. * the sending of bulk (UBE) from the same IP number as legit user emails or allowing hosting users to send bulk (like mailchannels.com) * and a lot more... ********************************************************************************** Spammers have DKIM and SPF and in fact advanced email headers, so much so that legit email is not even as legit as SPAM! (in a technical sense) ********************************************************************************** The simple and salient fact is that email is a communications tool and not a marketing tool. Yes, email can be used for communicating marketing but not for marketing communication. Until that becomes firmly entrenched there will always be a spam problem. On a side note: Since the focus on sender reputation and not on spam itself, actual spam levels and user complaints are much lower. But, using a single source for reputation is still a unicorn, closest is SORBS, if you are listed on SORBS it means that you have sent spam and you are non responsive to complaints and/or are a habitual spammer sender. Simple. some thoughts... Andre