« Aussie spam king raided | Main | Free Jeremy Jaynes! »
April 7, 2005
Safe from the spam flood?
Remember the dire warnings earlier this year that a new feature in the Send-Safe spamware program might cause a flood of new spam?
Well, turns out that Send-Safe's ProxyLock feature is seriously broken. As I detail in this new article for O'Reilly Network, CipherTrust researcher Dmitri Alperovitch has disassembled the latest version of Send-Safe, and he concludes that the dreaded ProxyLock feature contains a fatal design flaw that renders it essentially harmless.
In short, Send-Safe doesn't have a smart way to find the SMTP server affiliated with a proxy. As a result, it presents no big threat to existing blacklist systems.
While Dmitri was looking under the hood of Send-Safe, I spent the better part of an afternoon trying to get the ProxyLock feature to work. I'm happy to report that every test message went out via the Send-Safe-supplied proxies, and not via the mail server of the proxies' affiliated ISP. Even better, every one of the proxies was listed on the CBL.
Posted by brian at April 7, 2005 8:23 PM