Charles Gregory wrote:
On Thu, 13 Aug 2009, Benny Pedersen wrote:
you belive that email sent from webmail is harder to spam scan then
submitted email from remote ?
No, my statement was that I believe spammers, like the rest of us,
follow the 20/80 rule, and hack the 80 percent of vulnerabilities that
require only 20 percent effort, and don't bother trying to customize
their software to fit every last system.
Agreed.
The argument is basically a
variation on the old 'security through obscurity' with all its pros and
cons....
- C
I disagree here that a cost/benefit decision is a variation
o security through obscurity. While in some cases it can
be, most of the time security through obscurity is just ignorant
people too lazy to spend the time learning how to do it right.
Spammers by their nature operate off cost/benefit, that is
where they are most vulnerable to attack.
It's important to keep in mind that spammers are not crackers.
They are criminals that use cracking techniques - but they
just don't do stuff that has no monetary profit in it.
Crackers by contrast are motivated by things other than money -
fame, publicity, ego, whatever. A cracker is thus far, far more
dangerous a criminal because they are completely unpredictable.
Spammers by contrast, like most criminals, are very predictable.
IMHO, because of this, the custom-written webmail interface is going to
be pretty secure against spammers, even though it may be full of
programming errors that make it trivial for a real cracker to exploit.
At least, that's been my own experience. YMMV.
Ted