ICQ, Jabber, email and spam
Good afternoon, dear.
I'm not going to say the traditional nonsense like "ICQ spam and blondes, go to our Jabber, there is none of this." On the contrary, I am just for transplanting blondes to Jabber, but only without spam.
And why is he not there now? And what shall we do if it appears?
')
ICQ spam is based on registered accounts. In this case, theoretically, the actions of the administration and the black lists could help (I ate - ban). The problem is that the administration itself sometimes does not mind sleeping (12111 or whatever the number was), and the black lists are limited in size.
In addition, spam is often conducted not only from numbers specially registered for this case, but also from captured numbers of regular users of the system. Or, as in the case of lifetest spam, “not completely captured”.
A year and a half ago, I observed an interesting pattern. Then, at the call of my homeland, I was doing something in Vegas, respectively, I was overloaded to Windows, and there I used qip. Immediately, spamming and spamming contacts began to spill. It was worth returning to Ghent and kopete - all this immediately ceased. Back to Windows - it started again.
In short, I came to the conclusion that qip attracts spam. Perhaps the explanation for this is this: they often send links to Trojans, which are designed to rip out the account password from the qip profile, and therefore it is useless to send such spam to users of other clients.
But I have not been sitting in a pile for a long time, I have not checked this pattern.
Oh, this is a sore subject, it’s scary to touch it. I also manage a mail server with a dozen domains, I know about the problem on my own.
There is no “master”, administration, unlike ICQ.
The source of the problem is basically that there is no authentication. I can send mail from my address on behalf of absolutely any domain - at least gmail.com, even microsoft.com, and this is completely legal from the point of view of the SMTP protocol. Moreover, this feature is necessary for creating backup mail servers (backup mx) and transfer servers (relay).
At the same time, I repeat, there is no authentication. There are many attempts to solve this problem by introducing extensions into the system:
But without widespread adoption, all such technologies are useless. So what if I signed my message? If I start cutting all unsigned DKIM mail, or there it comes not from those allowed in the SPF domain, I will immediately stop receiving a completely legal mail from servers configured with curviline admins, and the administration will give me on the head. He, the authorities, it does not matter that there administrators Krivorukov, it is important to him that the mail went. Why did everything work yesterday? Did you change something? Well, and change back to work, and not mash on other admins.
In short, the problem stems from the flaws of the protocol and the impossibility of eliminating these flaws (due to its total implementation wherever possible).
Not yet. However, most spammers have not yet mastered this network, not even because there are few users (this is completely wrong), but because there is absolutely no target audience. Those people who are in Jabber, as a rule, are not kept on “super modern antiviruses of only 50kb in size, which catch absolutely everything,” they do not need “girls legs apart”, etc. ...
Jabber does not have a “master”, and the system as a whole resembles an email device from the outside.
For the domain, the DNS SRV record _tcp._xmpp is specified, which indicates which Jabber server serves this domain. This is, in essence, no different from MX records pointing to an smtp server.
Account names look like username @ domain, like email addresses.
Communication between servers is carried out as needed.
This, however, the similarities end. The fact is that the server that wants to send a message on behalf of the domain domain must be specified in the SRV record of this domain itself. Otherwise, the server to which he is trying to send a message will simply refuse to accept it. Those. there seems to be an SPF from the very beginning.
In addition, modern Jabber servers refuse to even work without configured SSL. This could further improve the situation - it is like DKIM - but, unfortunately, most of the servers use self-signed certificates, or certificates issued by “left-wing” organizations, i.e. almost no sense. If I stop trusting self-signed certificates on my server, half the subscribers will no longer work for me, and again they will nag me on the head.
Of course, the spammer could configure the domain and the correct Jabber server along with the domain, but it will lose its anonymity, since it will immediately become clear which domain it uses, and you can kick the registrar. If the registrar turns out to be too loyal to spammers, he can go after estdomains.
And, of course, there can be no talk here about botnets.
In general, it is possible to use blacklists here. Consider the volume is not limited - the technology is open, we add, if that. If, say, a spammer starts to change third-level spam domains, from one second-level domain - ban the second-level domain and forget the domain registrar. And change the domains of the second and first level spammer expensive.
Well, in general, the conclusion is: in the sense of spam, of course, the easiest way is to protect ICQ, if the administration needed it. Since she doesn’t need it, apparently, ICQ becomes somehow abandoned - she loses the advantage over Jabber.
Spam in Jabber remains from stolen accounts and from spammer domains. The first ones will be solved faster (a small admin server with 1000 users will undoubtedly take better care of their domain, so that it doesn’t get into any blacklist, than the ICQ administration. The stolen acca will be quickly killed).
In the second case - black lists and abuses to registrars. Jabber's blacklists are more functional.
For this reason, and also due to other technological advances of the Jabber protocol over ICQ, there should be less spam than ICQ, even if all ICQ users switch to Jabber, i.e. if spammers have a commercial interest in spamming into this network. This system is quite protected from spam.
I'm not going to say the traditional nonsense like "ICQ spam and blondes, go to our Jabber, there is none of this." On the contrary, I am just for transplanting blondes to Jabber, but only without spam.
And why is he not there now? And what shall we do if it appears?
')
ICQ spam
ICQ spam is based on registered accounts. In this case, theoretically, the actions of the administration and the black lists could help (I ate - ban). The problem is that the administration itself sometimes does not mind sleeping (12111 or whatever the number was), and the black lists are limited in size.
In addition, spam is often conducted not only from numbers specially registered for this case, but also from captured numbers of regular users of the system. Or, as in the case of lifetest spam, “not completely captured”.
qip attracts spam
A year and a half ago, I observed an interesting pattern. Then, at the call of my homeland, I was doing something in Vegas, respectively, I was overloaded to Windows, and there I used qip. Immediately, spamming and spamming contacts began to spill. It was worth returning to Ghent and kopete - all this immediately ceased. Back to Windows - it started again.
In short, I came to the conclusion that qip attracts spam. Perhaps the explanation for this is this: they often send links to Trojans, which are designed to rip out the account password from the qip profile, and therefore it is useless to send such spam to users of other clients.
But I have not been sitting in a pile for a long time, I have not checked this pattern.
spam email
Oh, this is a sore subject, it’s scary to touch it. I also manage a mail server with a dozen domains, I know about the problem on my own.
There is no “master”, administration, unlike ICQ.
The source of the problem is basically that there is no authentication. I can send mail from my address on behalf of absolutely any domain - at least gmail.com, even microsoft.com, and this is completely legal from the point of view of the SMTP protocol. Moreover, this feature is necessary for creating backup mail servers (backup mx) and transfer servers (relay).
At the same time, I repeat, there is no authentication. There are many attempts to solve this problem by introducing extensions into the system:
- DKIM is a digital signature of the server under the message that this server is responsible for the message and that it was he who sent this message, regardless of what other relay servers it went through (there is no information in principle without a signature, but it is not reliable). Used, for example, in Google - all of these google posts are signed;
- SPF - when we specify in the DNS domain, from which IP addresses it is allowed to send mail on behalf of this domain; there are fewer possibilities (the idea of ​​relay and backup mx is killed at the root, because spf can be checked only on the first server that received mail, and this is often not the final server, and we do not control it and cannot trust it). SPF records have mail.ru, microsoft.com and many more
But without widespread adoption, all such technologies are useless. So what if I signed my message? If I start cutting all unsigned DKIM mail, or there it comes not from those allowed in the SPF domain, I will immediately stop receiving a completely legal mail from servers configured with curviline admins, and the administration will give me on the head. He, the authorities, it does not matter that there administrators Krivorukov, it is important to him that the mail went. Why did everything work yesterday? Did you change something? Well, and change back to work, and not mash on other admins.
In short, the problem stems from the flaws of the protocol and the impossibility of eliminating these flaws (due to its total implementation wherever possible).
Spam in jabber
Not yet. However, most spammers have not yet mastered this network, not even because there are few users (this is completely wrong), but because there is absolutely no target audience. Those people who are in Jabber, as a rule, are not kept on “super modern antiviruses of only 50kb in size, which catch absolutely everything,” they do not need “girls legs apart”, etc. ...
Jabber does not have a “master”, and the system as a whole resembles an email device from the outside.
For the domain, the DNS SRV record _tcp._xmpp is specified, which indicates which Jabber server serves this domain. This is, in essence, no different from MX records pointing to an smtp server.
Account names look like username @ domain, like email addresses.
Communication between servers is carried out as needed.
This, however, the similarities end. The fact is that the server that wants to send a message on behalf of the domain domain must be specified in the SRV record of this domain itself. Otherwise, the server to which he is trying to send a message will simply refuse to accept it. Those. there seems to be an SPF from the very beginning.
In addition, modern Jabber servers refuse to even work without configured SSL. This could further improve the situation - it is like DKIM - but, unfortunately, most of the servers use self-signed certificates, or certificates issued by “left-wing” organizations, i.e. almost no sense. If I stop trusting self-signed certificates on my server, half the subscribers will no longer work for me, and again they will nag me on the head.
Of course, the spammer could configure the domain and the correct Jabber server along with the domain, but it will lose its anonymity, since it will immediately become clear which domain it uses, and you can kick the registrar. If the registrar turns out to be too loyal to spammers, he can go after estdomains.
And, of course, there can be no talk here about botnets.
In general, it is possible to use blacklists here. Consider the volume is not limited - the technology is open, we add, if that. If, say, a spammer starts to change third-level spam domains, from one second-level domain - ban the second-level domain and forget the domain registrar. And change the domains of the second and first level spammer expensive.
Summary
Well, in general, the conclusion is: in the sense of spam, of course, the easiest way is to protect ICQ, if the administration needed it. Since she doesn’t need it, apparently, ICQ becomes somehow abandoned - she loses the advantage over Jabber.
Spam in Jabber remains from stolen accounts and from spammer domains. The first ones will be solved faster (a small admin server with 1000 users will undoubtedly take better care of their domain, so that it doesn’t get into any blacklist, than the ICQ administration. The stolen acca will be quickly killed).
In the second case - black lists and abuses to registrars. Jabber's blacklists are more functional.
For this reason, and also due to other technological advances of the Jabber protocol over ICQ, there should be less spam than ICQ, even if all ICQ users switch to Jabber, i.e. if spammers have a commercial interest in spamming into this network. This system is quite protected from spam.
Source: https://habr.com/ru/post/47914/
All Articles