[conspire] (forw) Re: Suggestions for a new email address

Rick Moen rick at linuxmafia.com
Sun Nov 22 00:49:12 PST 2015 

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Sun, 22 Nov 2015 00:48:01 -0800
From: Rick Moen <rick at linuxmafia.com>
To: Michael Siladi 
Subject: Re: Suggestions for a new email address
Organization: If you lived here, you'd be $HOME already.

Quoting Michael Siladi [address redacted]):

> P.S. Are you and Deirdre going to Loscon? If so, are you flying or
> driving? I ask as we could use assistance getting BayCon party bins
> to Loscon.

We are attending, we're driving, and we'd be glad to take some BayCon
party bins.

> I thought that I'd replace my "msiladi at ix" address on SMOFS,
> SMOFcon, and a few other mailing lists, in the hope that it might
> reduce the spam load.
> 
> Earthlink provides me the option of creating another email address,
> and I'm trying to figure out a reasonable name. Do you have any
> suggestions that might be compatible with good security practices?

Hmm, we might need to chat by telephone to gain the benefits of
interactive discussion.

If I read your query correctly, you're speculating either that (1) 
using a different username at Earthlink's netcom.com service to originate 
some mail might lower your risk of recipients receiving believably
forged mail purporting to be from you, or (2) using some combination of 
a different username and a different Earthlink commercial domain to
originate your mail might lower that risk.

tl;dr:  Speculation 1 IMO isn't really a credible plan.  Speculation 2
might be a credible plan, depending on what those other Earthlink
divisions are doing to make their outgoing mail better able to be
authenticated.


You're doubtless thinking of the recent forgery incidents where, on
different occasions, both your and Alison's sending addresses were
forged by entirely phony mail that was very accurately aimed at your
frequent correspondents.  Understandably, you would like to sidestep
this problem.

Let me start by giving my speculation about what happened to produce
those several recent forgeries:

For a couple of decades, one of the main aims of Microsoft Windows 
malware has involved abuse of compromised Windows machines for two
purposes:  

o  collecting e-mail addresses and social-graph aka traffic-analysis 
   data, i.e., who @ what address the person has corresponded with and 
   has in his/her address book.
o  covertly sending instructions to those compromised (called 'zombie') 
   Windows boxes to instruct them to originate outgoing spam or scam
   mail, part of what is called botnet functionality.

The very narrow targeting of the recent mail bouts impersonating you and
Alison, including the targeting of 'private' mailing lists that are 
not findable on the open Web, strongly suggests that one or more 
members of the Bay Area fannish/conrunning community, MS-Windows 
users who are on private conrunning mailing lists with you, fairly
recently (and perhaps still) had a malware infestation, because that 
is the only plausible way the bad guys could have arrived at such 
well-aimed To: and Cc: lists.

Moreover, it's my opinion that the botnet operators have recently made a
significant upgrade in the software intelligence generating the commands
they send to zombified Windows machines.  My guess is that they are now
using Bayesian classifier software on the huge datasets they build using
data harvested across the Internet from  malware-compromised Windows
machines (as noted above).  The purpose of that software, in this case,
would be to as accurately as possible simulate a To: / Cc: list the 
impersonated sender would _actually_ use.

This use of Bayesian classifiers is the same one the spook community has
been in love with for 14 years, supposedly able to accurately track
everyone an individual of interest associates with.   Industry has also
gone for this hat-trick in a major way, such as Palo Alto firm Palantir
Technologies.  https://en.wikipedia.org/wiki/Palantir_Technologies
(Notice how hilariously vague yet laudatory that article is.  Guess who
wrote it?)

It is of course a natural for other criminal enterprises other than
spooks and Beltway Bandits like Palantir to eventually adopt the same
techniques to, like them, do data mining.
https://en.wikipedia.org/wiki/Data_mining
My surmise is that one or more major botnet issuing major amounts of
spam has recently set loose a Bayesian classifier engine on a colossal
amount of misappropriated message-traffic data stolen from zombified
Windows machines, and is using it to generate _intelligent_ instructions
to zombie Windows machines, telling them not only to send out spam
impersonating someone, but also to credible recipients whom the 
impersonated sender _actually_ corresponds with.

You will have noticed that the body text remains not in any way a
credible impersonation.  Yet.


The reason I reviewed how these impersonations originate is to make the 
point that, as long as your social circle includes security-reckless
Windows users, these targeted impersonations will recur.  The problem
isn't really your ISP or your username.  The problem is who your friends
and fellow con-runners are.

As I mentioned before, there are several somewhat-adopted competing
technologies ISPs (and independent SMTP operators like me) can add onto
traditional Internet mail, to make it possible for SMTP recipients to
distinguish genuine mail from the sending domain from forgeries of that
domain and its users:  DomainKeys (obsolete but still used by, e.g.,
Earthlink's Netcom division), DKIM, DMARC, and SPF.  _If_ one or more of
those SMTP extensions were universally adopted by legitimate SMTP
senders and receivers, all receiving systems would be able to detect and
reject forgeries.

None of those technologies is yet widely and strictly implemented, 
for a number of reasons including collateral damage.  Many of the
methods have the accidental effect of making all mail sent via a mailing
list appear to be forged upon retransmission to subscribers, for
example.  This is a difficult problem, and it is only one of several.

Moreover, any of the proposed solutions works only if SMTP mail
receivers, and not just SMTP mail senders, care and take action
to implement and strongly enforce them, where by 'strongly' I mean take
a stand and reject ('hardfail') received mail that fails authenticity
tests.  That sort of commitment has been in short supply.  It's easier
to just be careless, accept nearly everything, and write off customer
dissatisfaction by bland statements that a certain amount of spam/scam
mail is inevitable.


You might well ask:  'OK, Rick, given what you know of this problem, 
what mail provider does a good job of sending out mail so it can be 
authenticated by receivers who bother to do so?'  That would be a good
question.  Unfortunately, I'm the wrong guy to answer it, as I've been 
handling all my own mail without a mail provider since the early 1990s.
Hence, I've not been anyone's customer; hence, I am short on news about
what commercial mail provider's good.

Deirdre might give you better advice in that area.  FWIW, I've long
considered Yahoo a bit derelict as a mail provider.  Netcom used to be
good, but then they were bought by Earthlink, and both Deirdre and I
consider Earthlink to lack the very clue that Netcom had before
acquisition.  In general, the ISP acquisitions from 1995 onwards took a
terrible toll on clued ISPs, as nearly all the good ones were bought by 
large companies top-heavy with MBAs who eviscerated the old companies'
good practices as inconvenient and left the remnants as mediocre husks 
run badly and with bare minimal staff deprived of decision authority.





Until recently, forged mail was never, in my experience, very
intelligently addressed.  The spam or scam appeal sent out under the
name of the impersonated user was just blasted out to many recipients, 
not necessarily credible ones at all.


----- End forwarded message -----

More information about the conspire mailing list