Home |
Search |
Today's Posts |
|
#1
|
|||
|
|||
"Robert Bonomi" bonomi@c-ns. wrote in message hlink.net... In article zJodb.2635$La.1152@fed1read02, Ed Price wrote: "Robert Bonomi" bonomi@c-ns. wrote in message hlink.net... In article YEcdb.2567$La.801@fed1read02, Ed Price wrote: "--exray--" wrote in message ... Chuck Harris wrote: Michael A. Terrell wrote: They should scan every received e-mail for virus or worms, and a That fails when the virus/worm/trojan is modified even slightly. Ask Norton, or McAfee why they have to update their virus scanners almost daily. valid FROM address. How are you going to determine the from address is valid? email the person at the address and ask them? What if the from address belongs to someone other than the actual sender? Infected e-mail should be deleted, and a message sent to the sender that it was infected. If you can determine who the sender really is. Sending email messages to the forged email addresses that exist in the sender field of the bad email just results in more needless email traffic. The current email protocol provides no reliable way of validating the sender's email address. It has needed upgrading for about 15 years now. Earthlink delivers E-mail with no FROM: information in the header. If an ISP can't do this much, they need to go out of business. Since no ISP can do what you are asking, I'd rather keep the current "flawed" ISPs around for now, thank you. Chuck, WA3UQV I'm not sure of the mechanics of how it is actually done but there are subscription services that ISPs can use to keep their mail services clean and updated if they choose not to do it themselves. Another "I'm not sure how it works" is with Mailwasher Pro...it will not bounce to invalid yahoo addresses. Apparently some 'trial' ping is at work, maybe in conjunction with Yahoo???. Point being that these things can be accomplished although we are at a early stage of seeing it actually happen. -Bill Exactly!! My company subscribes to a service like that; they get daily updates for their filter software just like they get updates for their AV file. At work, I am getting ZERO Swens. But at home, that's completely different. I have a cable connection through Cox, and I'm getting 75 to 100 Swens per day. (The first couple of days, I had over a hundred per day.) Sure, there's a few variations, but the 106 kB attachment is a real obvious sign. Evidently, Cox doesn't care, and doesn't filter at all. I don't leave my machine run 24/7, so the Swen IS a problem for me. Since Cox only allows a 10 MB mailbox, about 90 Swens fills it. Then, Cox graciously starts bouncing ALL my emails, since my box is now full. In effect, an email DOS fringe benefit for the Swen. My question is, why can't Cox afford a filter system for incoming email? And my next question is why don't all reputable ISP's have a filter on outgoing email? There's still a whole lot of the clueless who are yet to be infected, and Swen attachments will be flowing for quite a while to come. The answer to _any_ question that starts off "why don't they..." is *always* "money". How much more are _you_ willing to pay for your Internet access to cover scanning of _your_ outgoing mail for viruses? How much more are you willing to pay for virus-scanning of your incoming mail? The commercial filtering services get $3-5 per mailbox, per month, in 'whole- sale' quantities. And even the best of 'em don't catch everything. Since I'm already paying $40 per month for broadband access, would I pay an additional $5 for a fast reacting spam & virus & worm filter? Yes. And remember, a filter would work both ways. incoming & outgoing. Much of the problem is caused by clueless broadband users whose machines are taken over and used to propagate the attacks. An ISP should have the duty to suppress these sources of contagion. Actually, it *wouldn't*. filtering -outgoing- e-mail puts performance demands on _completely_ different hardware (to prohibit bypassing the 'outgoing filter' machoines) and requires separate server-side services as well, because outbound mail *is* handled differently than incoming. OTOH, how much would the ISP save in storage resources, system overhead, overloaded customer service reps? And what would be the market value in being able to claim a reasonably "protected" ISP service? If they have 'storage quotas' on the mailbox, a flood of viruses doesn't tax "storage" beyond what they've already planned for. 'full of garbage' is no different than 'full of useful stuff' from their vantage-point. There's some savings in 'system overhead', and other related resources, but it's comparatively minor. Not big enough to be a 'motivating factor', in general. The 'market value' you talk about is a two-edged sword. If they advertize that they have such protection, then they're at risk for complaints from customers who had stuff get through, because the protection was "less than perfect". *AND* for complaints when something gets blocked that the customer actually _wanted_. There's actually potential for _lawsuits_ here. Which is why the existant filtering serivces generally _don't_ actually trash- can *anything*. Instead, they re-direct the 'suspect' stuff to an alternate storage area. Where the end-user can 'inspect' to see if something that they _did_ want to get was mis-classified. What complicates life *greatly* is that differnt people have different standards of what is 'unwelcome' mail. some people actually _want_ to get *some* of the mail that others would consider 'spam'. And, of course, anybody doing analysis of, or developing counter-measures againt, viruses and worms, *must* be able to receive copies of them from other people. This kind of 'special case' handling, as opposed to a simple "one size fits all" approach, makes offering 'protection' a *difficult* proposition. It _can_ be done, but it requires =substantial= knowledge BY THE END-USER in order for it to work effectively. Unfortunately, the vast majority of end-users _do_not_have_ the required skill-set, and are not-interested in, and/or *incapable* of, learning them. Further, if a company has maybe 5000 mailboxes, might not an ISP with 250,000 mailboxes be able to talk a better deal? Not significantly, unffortunately. 'Economies of scale' don't apply, except to the "administrative overhead". Operational costs break down into two major components: First, there is checking inbound messages against the database of known 'unwelcome mail' (spam, viruses, etc.) This scales roughly linearly with the volume of incoming mail, *but* it also increases linearly with the number of 'identified' unwelcome mail 'signatures' that have to be checked. It does take 100 times as long to check that a particular mail doesn't match any of 1000 spam 'signatures' than it does to check that it doesn't match any of only ten such 'signatures'. Second, there is the identification/classification of "new" (i.e., 'previously undetected' spam, viruses, etc. This, unfortunately, is *NOT* a linear function. The costs related to this tend to escalate in proportion to the *square* of the _total_ number of messages handled. Not those for a single mailbox, or a single cutomer, but based on the _total_ number of messges that the service processes for _all_ customers. The more mailboxes they 'protect', the more expensive it is _per_mailbox_. Of course, the bigger the 'aggregate' message volume they see, the more effective they are at identifying cr*p, so the more valuable the service is -- justifying higher pricing charging higher prices, because of the increased 'efficiency' in catching problems. Bob: That was a marvelous and instructive romp through the woods. It's such a big job, and there's always a small mouse that's gonna bitch about anything you do. So, after all that, I still say that ISP's should be doing virus and spam filtering, both directions. And when somebody tries to send 1000 emails in a day (arbitrary, but a trusted user could negotiate higher limits), their account should get frozen for human intervention. For those incredibly few people who "study virii", I'm sure they can find a bareback ISP where they can continue to live dangerously. Ed |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Wizard Radio in Seven Corners, VA, to receive WHFS in Annapolis-followup | Antenna | |||
What Exactly is a Radio Wave? | Antenna | |||
How to connect external antenna to GE Super Radio III | Antenna | |||
Review: Amateur Radio Companion 3rd Edition | Antenna | |||
Vintage radio books for sale | Boatanchors |