Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Ok, so I’m a little behind on my blog reading..

February 27th 2006 in Uncategorized

This article caught my eye a short while ago; Alun is a regular commentator in my blogs, and invariably has something interesting to say:

AOL, Yahoo introduce “pay to spam” service (5 February 2006)

I agree with Alun’s opinions on AOL and Yahoo’s idea – but one thing does occur to me.  About four years ago I walked in to a new job, only to discover that the mail server (they were running Novell and GroupWise) was set as an open relay – so much crap was being pumped through that server (the spammers were smart enough to send their wares outside of business hours), and the NDR load was so great, that the poor server was being brought to its knees every night.  This server was being actively cared for by an IT outsourcer… damned if I know why they didn’t spot what the hell was going on.

At the sort of volume I saw on that poor server, paying AOL and Yahoo could get expensive very quickly. 

The last time I looked into this sort of thing, popular opinion was that around 90% of all spam was being sent out via compromised home PCs… Mum and Dad or Grandma and Grandad’s PC with a broadband internet connection and no firewall, or firewall neutralised by malware infection.  The heavy duty spammers who use open mail relays and compromised home PCs won’t bother paying AOL and Yahoo 1/4 or 1 cent per mail when they can pump the stuff out for free.

One comment to...
“Ok, so I’m a little behind on my blog reading..”

Alun Jones

I’m in total agreement with you – AOL / Yahoo’s move won’t affect any of the ‘traditional’ spammers, who just blast their stuff away at everyone; AOL / Yahoo are already filtering that stuff close to as best they can.

Perhaps a more subtle result of the AOL / Yahoo paid service is that they can afford to ratchet up their filters a notch, with a higher degree of false positives – because then they can say to senders of bona-fide emails that don’t get through, “just pay to send your message to these users”.

I’m a cynic, so I view this as mostly an effort by AOL / Yahoo to make more money out of their users, and by having that money come from sources other than directly charging their users, nobody with any control over the situation can complain.

There’s no feedback within this system that is going to force it to be better-behaved over time.

…see, I don’t read the Microsoft Switzerland Security Blog just because I’m Swiss… they come up with gems that don’t appear on their US equivalent’s site…

Previous Entry

Ok, I’ve joined the dark side… been borgified… assimilated… absorbed… whatever you want to call it.
Put in an order today for a brand spanking new SBS server via a good friend, Wayne Small, SBS MVP.  Ahhhhh, some are so disappointed that I succumbed so easily to the siren-call that is SBS…. but I digress ;o)
BORING!!!!! say my […]

Next Entry