Thomas Delrue on 21 Oct 2016 10:23:18 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] spamassassin help: create a rule to score by sender TLD


On 10/21/2016 12:43 PM, Keith C. Perry wrote:
> I run Zimbra for my company (and clients who want to run their own 
> server) but there are other solutions out there.  I think most
> people here do run their own servers are running Dovecot or Postfix.
> Also for you Thomas, since I think you were an MS guy, I would look
> at Zentyal too since it is a drop replacement for the hell that is 
> Exchange / Outlook.  Other folks might like how Zenytal as well but 
> for me, Zimbra's web client is much better and I would not want to 
> see MS looking objects for just a mail solution.
> 
> (apologies if you are not that Tom)

I am that guy, but I've also been rigorously deprogrammed over the last
couple of years and haven't touched an MS piece of software in years
now. :) And I am so much happier that way!

I guess I'll start looking into zimbra as well as dovecot & postfix. I
know that will be a steep learning curve but it does seem to be what
everyone is pointing me to.
About zimbra, does it do calendaring (and shared calendaring) as well?
Because if it does, that's extra points!

> "If anything *THIS* is the thing to do. When you get spammed on the 
> role account, just drop the account and stop using the site where
> you used that site (they either got compromised or they sold your
> data). In this day and age of address books and password managers
> (What a time to be alive!), do you really want to use 
> first.lastname@domain.tld instead of a random_characters@domain.tld 
> when signing up for whatever the latest shiny bauble-site is which, 
> for whatever dumb reason, requires your e-mail address (...and your 
> phone number 'for verification', and access to your FB account, and 
> your G+ account, and the name of your first-born pet, and when and 
> where you graduated, etc, etc...) If anything, just generate random 
> string e-mail address aliases; *never* use your real one (only give 
> that to folks you really want to talk to) and then put filters on 
> your mailbox which look for the X-Orig-To header to direct the 
> flow."
> 
> Need? no... you know how humans are though so, want, yes.

Since when do we classify marketeers as humans? (I am not joking!)

The point I was trying to make is that I don't agree that any site needs
this data. Not even for 2FA; authenticator apps are more than sufficient
for that. Even a password reset doesn't require e-mail if done properly.

I think that the main reason they ask things like your phone number is
because that's something they know will not likely change but also
doesn't have any requirements on storage the way an SSN (or CC) does.
It's become your unique identifier to tie all your different accounts
together. On top of it all, when you change your phone number, their
dumb apps that have access to everything on your phone because of
'reasons', will auto-magically send this info to these fuckers as well.
It's not a technical requirement, it's a marketeer's requirement!
I guess the second reason they ask for it is because of a
herd-mentality: "everyone else/google is doing it so we should do it
too" - which is a whole different level of brain-fart.

People are indeed creatures of habit, it's a surprise to me we haven't
wiped ourselves out yet based on some of the behavior exhibited by my
fellow beings...and myself. (Although I do hear promising sounds about
wiping ourselves out from the people dabbling in necromancy^W AI)

> The problem is spam doesn't necessarily come from the place you 
> subscribed to.  You could set up asdfasdf@thomas.xyz for use with 
> site A and get spam on that email from site B through Z.  The only 
> thing you can do in that case is do additional scrubbing on inbound 
> mail to asdfadsf BEFORE you forward to the real account or drop 
> asdfadsf and start using lkjhlkjh@thomas.xyz.

Agreed, but it does tell you which one of these bastards sell your data
so you can put them on your shit-list and stop patronizing them. (Or
alternatively, which one of them is incompetent as evidenced by getting
hacked).

Why people stick with entities that continually fuck them over is beyond
me... Vote with your wallet and move away from them instead of saying
"thank you" and "can I have another one, please"!

> If I had a $1 for every time someone clicked without looking
> first...
... I'd have a viable business?

;)

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug