Stefano Demiliani WeBlog

Is this the right Antispam direction?

I these days I've seen a lot of guys that are trying some "futuristic" and "extremely innovative and sophisticated" anti-spam filter...

The first people is Shawn Hogan, that has a brilliant idea... Gmail has a wonderful antispam filter so, why not use it to filter my email?

Simply, he has forwarded all his emails to Gmail and then access his Gmail mailbox to retrieve them via POP3. Result? Gmail has filtered all the spam and now he can read all his emails without problem. Congratulation Shawn, undoubtely for you the Antispam Survival Award!

The second people is Anurag Jain... he observed that during the Exchange mail server upgrade (the server was down for approximately 2 days) all the mails sent to his mail account were of course bouncing and, between the time when the system was shut down and the time when the system came back online, something miraculous had happened: his spam traffic was reduced considerably. Seems that the spammer dudes are dropping the bounced mail ID and he assumed that after the two-day shut-down/start-up of mail server, his spam traffic would have become zero.

Anurag, your thinking are right, but I don't think that spam bots are dropped your ID. You say that "a two-day shutdown resulted in 97.5% decrease in spam traffic!"... ok, but this will be only for the moment. This is not the right direction... maybe shutting down your server permanently will result in a 100% reduction of spam traffic. However, for you the "Antispam Fantasy Award"!

Ok, be serious now... guys, this posting is written with humour and I hope you undertand this. Spam is one of the biggest problems of the Internet now and to reduce it, most serious and sophisticated action must be done. All ISP and users must understand the problem and take action, such as serious antispam filter, black lists etc. Many ISP don't take too much attention to the problem and demand the filtering to the users... this is not correct, spam must be reduced to the source.

For users, the first recommendation (only the same) is: not leave your mail address clearly shared to the world and posted on search engines. Remember that search engines cache pages, so if you today post your mail adress in clear on a newsgroup for example, it will remain freely available for month and month to spam bots. Make attention!

Inside SharpDevelop Ebook on PDF

Wow, a great idea from the SharpDevelop team... the book "Dissecting a C# Application: Inside SharpDevelop" published some times ago by Wrox, is now free to download on PDF format from HERE.

The developers who created SharpDevelop give you an inside track on application development with a guided tour of the source code for SharpDevelop. They will show you the most important code features and explain how you can use these techniques in your own projects. You will gain valuable experience of building an application on this scale, learning from the decisions, mistakes, problems and solutions that lead to the current version on SharpDevelop.

An interesting download... thanks guys! The problem now is finding some times for reading...

Multiple Browsers Vulnerabilities

Secunia has reported yesterday about a new Windows Injection vulnerability which affects all browsers out, from Internet Explorer to Mozilla Firefox, Opera, Konqueror, Safari, Netscape.

This vulnerability allows a malicious website to inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
Here is a demonstration of the vulnerability built by Secunia for testing...solution? For the moment nothing on the air, only recommendation: do not browse untrusted sites while browsing trusted sites.