22C3 - 2.2

22nd Chaos Communication Congress
Private Investigations

Referenten
Peter Eisentraut
Programm
Tag 2
Raum Saal 2
Beginn 12:00
Dauer 01:00
Info
ID 505
Veranstaltungstyp Vortrag
Track Hacking
Sprache englisch
Feedback

Collateral Damage

Consequences of Spam and Virus Filtering for the E-Mail System

This lecture takes a critical look at the impact that contemporary spam and virus filter techniques have on the stability, performance, and usability of the e-mail system.

Spam and virus filtering techniques have been discussed numerous times at this congress and other ones. What is rarely considered are the consequences that these measures have for the overall stability, performance, and usability of the e-mail system.

Many spam filtering techniques play tricks with the e-mail protocols, which carries the risk of shutting out systems that use stricter or alternative implementations of these protocols. Filter systems that create bounce messages have become a plague of their own on the Internet. Alternatively, filter systems discard messages without notification, with the result that there is currently no longer a guarantee that any message will arrive anywhere. Large ISPs are regularly listed on DNS block lists, and many users are indiscriminate in their application of these lists, creating more communication barriers. New purported sender idenfication techniques such as SPF do nothing to fight spam but instead discriminate users of certain ISPs and lock in users to their e-mail service providers.

Besides these technical issues, spam filtering when applied without careful consideration also creates privacy and legal problems. Massive gathering and analysis of e-mail traffic cannot only be used to fight spam but also to harvest information about e-mail users. Many providers and administrators may not even be aware that most of their e-mail filtering activities are likely to toe the line to illegality.

This lecture will take a critical look at these issues, looking at examples, experiences, and current developments in the fight against e-mail abuse, with the goal of raising awareness among users and administrators.