Slashdot Mirror

This is a real time graphs of attacks and mails to our Barracuda Gateway to give you an idea:

** You can see countries from where attacks are coming and a little snapshot of mail volume **.

http://prntscr.com/cmc1wx

When the mail does hit our MTA, running sendmail; we run it through SA -- which also updates itself automatically (via cron) **sa-update **.

Some imporant notes:

1) You DO need clamav or else spam will the last of your worries....(Also note that clamav is a memory beast). You can also use Symatec but I have completely moved from them to ESET (Desktop) and ClamAV + Barracuda for rest.

2) RBLS: we use these:

FEATURE(dnsbl,`blackholes.mail-abuse.org', ` Mail from $&{client_addr} rejected; see http://mail-abuse.org/cgi-bin/... {client_addr}')dnl FEATURE(dnsbl,`dialups.mail-abuse.org', ` Mail from dial-up rejected; see http://mail-abuse.org/dul/endu... FEATURE(dnsbl,`zen.spamhaus.org', ` Mail from zen rejected; see https://www.spamhaus.org/zen/'...

3) Also note, that we dont listen on IPv6 even though we serve content on http. The reason (as being discussed in postfix-users (a mailing list for one the more popular mail servers) is exactly this problem. The increase of IoT devices and proliferation of IPv6 makes is next to impossible to now scan from IPv6 hosts. So as such, we dont. Although Google, Microsoft internall uses IPv6 to route emails.

4) I do not work for Barracuda.

5) Dyn's transactional email delivery option is really good. And so is Office 365 relay via their MTA (which also adds dkim signatures) and mostly would mean your mail would be delivered.

Please leave a message here if you want me to look at it.

This is a real time graphs of attacks and mails to our Barracuda Gateway to give you an idea:

** You can see countries from where attacks are coming and a little snapshot of mail volume **.

http://prntscr.com/cmc1wx

When the mail does hit our MTA, running sendmail; we run it through SA -- which also updates itself automatically (via cron) **sa-update **.

Some imporant notes:

1) You DO need clamav or else spam will the last of your worries....(Also note that clamav is a memory beast). You can also use Symatec but I have completely moved from them to ESET (Desktop) and ClamAV + Barracuda for rest.

2) RBLS: we use these:

FEATURE(dnsbl,`blackholes.mail-abuse.org', ` Mail from $&{client_addr} rejected; see http://mail-abuse.org/cgi-bin/... {client_addr}')dnl FEATURE(dnsbl,`dialups.mail-abuse.org', ` Mail from dial-up rejected; see http://mail-abuse.org/dul/endu... FEATURE(dnsbl,`zen.spamhaus.org', ` Mail from zen rejected; see https://www.spamhaus.org/zen/'...

3) Also note, that we dont listen on IPv6 even though we serve content on http. The reason (as being discussed in postfix-users (a mailing list for one the more popular mail servers) is exactly this problem. The increase of IoT devices and proliferation of IPv6 makes is next to impossible to now scan from IPv6 hosts. So as such, we dont. Although Google, Microsoft internall uses IPv6 to route emails.

4) I do not work for Barracuda.

5) Dyn's transactional email delivery option is really good. And so is Office 365 relay via their MTA (which also adds dkim signatures) and mostly would mean your mail would be delivered.

Please leave a message here if you want me to look at it.

Uh...

Isn't this what a subscription to the MAPS RBL via multihop BGP used to do back in '98? I used to use it before they started charging an arm and a leg, and it worked well. Protected the whole organization too, not just the mail servers configured for it.

Uh...

Isn't this what a subscription to the MAPS RBL via multihop BGP used to do back in '98? I used to use it before they started charging an arm and a leg, and it worked well. Protected the whole organization too, not just the mail servers configured for it.

I even emailed Carl Hutzler, Director of Anti-spam at AOL, and he hasn't returned my emails or my calls. The same goes for the hundreds of thousands of spams we get from *.verizon.net, comcast.net, voyager.net, compaq.com, and others. Clearly people inside the business infrastructure have infected systems propagating spam on the weekends, using the corporate bandwidth to do it.

At this point, this is what I do:

1. Sendmail as my MTA, blocks a significant amount of spam, before receiving it, with some custom antispam rulesets I've cooked up.
2. I also have triple-RBL set up in the MTA (ordb.org, mail-abuse.org, and so on).
3. blackholes.us is set to block known-spammers from Argentina, Brazil, China, HongKong, Japan, Korea, Russia and Taiwan.
4. virtusertable in the MTA chain blocks attempts at some common internal system accounts.
5. SpamAssassin is tuned down to 3.5, and catches a significant portion of the emails that make it past the above measures.
6. AV is done through procmailrc, with some custom heuristics in the recipes (contact me if you want these)
7. Anything that SA catches, is tagged and put into /var/spool/mail/SPAM
   1. I manually go through that SPAM folder, and report every entry there to the 'abuse@address' for the resolved provider (not the forged provider in the From: line, of course)
   2. For hosts that do not resolve, they are permanently blocked at the firewall.
   3. For providers that do not support the 'abuse@address' address, they are permanently blocked at the firewall.
8. I then go through the mail logs themselves, and catch the brute-force attempts at sending mail to the dozen-or-so domains I host, and block them at the firewall.

So far, the more I block, the faster the spam comes in, and the more I block, ad nauseum.

Here is today's counts. At 5:30am, this was 164 hosts, and now it is 109 more than that.

iptables-save | grep "dport 25" | wc -l
273

Spam is definately getting worse, as more and more machines are hijacked for the purposes of propagating it, with these trojans.

The more I block, the more incoming spam we get.

Quoting from the MAPS RBL website, with some emphasis added:

In transfer mode, you copy the entire MAPS RBLSM to some host of yours, using a network protocol such as DNS or BGP which allows you to be updated instantly whenever changes (and most importantly, deletions) occur. Because of the risk of damage to parties who are listed in the MAPS RBLSM, we require that you sign and return a simple indemnification agreement before we will allow your host(s) to transfer the entire MAPS RBLSM. This agreement also contains a license whose only terms are that you not transfer the MAPS RBLSM to a third party who has not signed and returned (to us) a copy of the same agreement, and that you never subject any user to the effects of the MAPS RBLSM unless they have asked you to do so (either explicitly, or implicitly by purchasing internet related services from you).

I don't see how a p2p network will work.

While this isn't the overall solution, a list of known non-spam servers could be a very important part of a spam filtering system.

That's a great idea. Why hasn't anyone done that??

Because technology has yet to come up with a solution maybe?

Technology is great, but abused technology doesn't seem to be able to fight for itself. How many people in the world actually like spam? The rest of us have been complaining for years about it. Spamblockers kind of work, but they don't completely solve the problem.

Spam is a pretty specific term. From Mail-Abuse An electronic message is "spam" IF: (1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent; AND (3) the transmission and reception of the message appears to the recipient to give a disproportionate benefit to the sender.

How would this let the state control what goes in your inbox? Only unwanted messages. If something unsolicited yet important did make it to my inbox, I would probably treat it like the rest of the messages I get from unknown sources.. delete it. And I think most people do just the same.

The bottom line is technology by itself seems to be helpless against it. Maybe laws will thwart some of the 120+ spam e-mails I get every day, allowing me to be more productive in my work.

Now, regarding the loonies that think it should be a jailable offense...

If you suspect you are relaying, the MAPS Transport Security Initiative has information for over 70 mail servers. I didn't even know there were that many.

If you suspect you are relaying, the MAPS Transport Security Initiative has information for over 70 mail servers. I didn't even know there were that many.

Uppage there are a few of the expected calls for government regulation of email that we see every time there is a story about spam, and there are the obligitory anecdotes about the hundreds of spam emails that some poor souls find every day in thier inbox.

So here is my usual post about how asking the government to regulate everything is a bad idea, and how I have little sympathy for the poor saps who are getting flooded with thousands of spam emails a day that makes it difficult for them to see the one or two legitimate emails that thier friends might send them each year.

First law. Bad idea because it won't work. As long as there are different countries with seperate governments that have differing attitudes towards the internet, commerce, and law it will be impossible to legislate spam out of existance. That is not to say that I am supporting the idea of one government rulling all peoples or that I am advocating any sort if international treaty on regulating email and the internet.

Far from it.

What I am saying is there are good methods of reducing the flow of spam to your in-box to a trickle, possibly blocking the spam flow completely.

Use a provider that is as concerned about stopping the spam as you are. That means no AOL, no MSN, no Hotmail, etc. These companies are notorious for not only allowing you to get spam flooded, but for allowing thier customers to send spam and not discontiuing accounts that are being used as fake "reply to" and "from" addresses. There are other companies that are just as irresponsible as the ones I mentioned, so you should not think that I am saying that these companies are the only ones that should be avoided.

If you like using the same email and access provider (I've been hijacking friends access accounts for years now), then you should know that smaller access providers often are more responsive to user's (knowlegable and legitimate) complaints than large companies. As an added bonus, thier access rates tend to be low, and they are as if not more reliable than thier corporate competitors.

If you like using a separate provider for email, ask around, do some searches, and choose one that has effective filtering/blocking of spam included in thier basic package.

You can filter the mail yourself with one of the many spam blocking services or filters that are readily available on the internet. Here are some links to some of the blacklists and filters that I know about:

ORDB

MAPS

junkfilter

Bogofilter

SpamCop

SpamBouncer

There are others, some services are free, some charge money. If you are going to use a filter on your own machine that is not part of a service, I highly reccomend that you stick with Free Software so you can learn something about how it works.

You should learn as much about the problem and potential solutions as possible by reading articles about spam that may be not quite as sensational as the currently popular "spammer hunting" genre, but are a little richer in detail and technique. Here is a good primer including some good links, and there's lots of good info on dealing with spam around the web.

You should attempt to encourage your provider to take an active role in helping users avoid spam troubles, either by providing information on how users can filter spam on thier own machines, by providing spam blocking/filtering service, or by allowing users to install thier own .procmailrc in thier shell account (if they provide thier subscribers with a shell acc

You're probably right, they will eventually want to charge money, and, IMHO, thier solution looks overly complicated and manipulable (spammers pay for "trusted" members to list them as "trusted").

It would be better if ISPs participated in services like the ORDB, SORBS and Monkeys that have simple network testable criteria for listing open relays. Spews, Spamhaus, and DSBL have reputable lists of usernames and addresses that send spam. If ISPs and admins would participate in projects like these, the spam problem would be greatly reduced. And it seems that these projects are mostly run by admins who are interested in blocking spam, not selling a service.

By the way, MAPS is currently free for individual use (look at the bottom of the page).

You're probably right, they will eventually want to charge money, and, IMHO, thier solution looks overly complicated and manipulable (spammers pay for "trusted" members to list them as "trusted").

It would be better if ISPs participated in services like the ORDB, SORBS and Monkeys that have simple network testable criteria for listing open relays. Spews, Spamhaus, and DSBL have reputable lists of usernames and addresses that send spam. If ISPs and admins would participate in projects like these, the spam problem would be greatly reduced. And it seems that these projects are mostly run by admins who are interested in blocking spam, not selling a service.

By the way, MAPS is currently free for individual use (look at the bottom of the page).

Spam is a social problem, just like any other type of fraud.

Yes, often the goods and/or services promoted through spam are fraud, but spam itself is not fraud. It is advertising.

As for the problem, I see it as a technical problem, as in "Why can't my damn service provider reject email with forged headers, from unsecured servers, from ISP's that are notorious for hosting spamers, and is obviously and easily recognised as spam by even the most half-assed filters? I guess I'll have to get my service somewhere else or check and filter it myself."

I haven't been "on the 'net" all that long (about seven years), but I still wonder when it happened that my fellow "netizens" started begging to be regulated. If you have a spam problem, do something about it. Learn something about the problems with open relays, irresponsible ISPs and how touse procmail to filter spam.

Help others learn by pointing them in the right direction.

Encourage your provider to take proper measures to stop spam from entering or exiting thier domain, and put pressure on other providers to do the same.

Don't use services that encourage spammers (Hotmail, AOL, MSN, Mail.com, etc)

Stop asking lawmakers who don't understand the problem to do something about it.

It's not just dial-up ISPs with transient IP addressing blocking SMTP, it's DSL and cable modem ISPs with stable IPs also. Then they and the DUL both claim to have no control over this.

We used to run a few game servers at work for our internet subscribers (actually were available for anyone on the net). There were quite a few problems with cheating. Players would notify us and we/they would ban.

I've been out of running servers for quite a while, but how about implementing a RBL same as is used to fight spam: Mail Abuse. Of course that brings up DHCP problems when users change IP addresses. But it may be doable. Hell, even combine the SPAM RBL and the 'GAMES RBL'. Cheaters wouldn't be able to send email, and spammers couldn't play games online!

As stated, I've been out the mix a long time and there may already be something out there like this.

all this time thinking its just horrible admins who dont know how to do their job, or are to lazy to do it right

65.59.224.128/25 could be blacklisted [by SPEWS], but I happen to know that they have quite a few hosting customers, most of who know nothing about the other customers.. Legitimately blacklisted?? - -

ORDB has my ex-girlfriend's mail server listed. She develops and hosts sites. No spamming at all.

Servers are added to ORDB (FAQ) after they have been tested to be open mail relays.

So most probably your girlfriend's server was an open mail relay. Since open relays are exactly what ORDB claims to list, the listing was most probably correct.

An open relay is incorrectly configured mail server. Rather than to complain about the ORDB listing you should be grateful that they pointed out the flaw in your configuration before it was exploited by a spammer (or was it?).

It is also important to understand that ORDB only provides information of open relays. The owners of the recipients' mail servers decide whether they want to filter out mail originating from open relays.

The same applies to other blocking lists, such as SPEWS. The listing criteria are clearly stated on the SPEWS web page. They explicitly state that they escalate listings, i.e. they may also list non-spamming client's of the spammers spammers ISP (see Q16 of the SPEWS FAQ). Given this information, it is up to the owner of the recipients' mail server to decide whether to filter mail using SPEWS.

Trying 66.35.250.206...
Connected to mail.sf.net.
Escape character is '^]'.
220 sc8-sf-list1.sourceforge.net ESMTP Exim 3.31-VA-mm2 #1 Mon, 28 Apr 2003 11:28:25 -0700 - SF sc8-list1 mm5
mail from: ktims@gotroot.ca
250 is syntactically correct
rcpt to: galeon-users@lists.sourceforge.net
550-Host ani456f1y17wg.ab.hsia.telus.net [142.59.210.30] is not permitted to send mail to or through
550-sc8-sf-list1.sourceforge.net.
550-Di alup connections are not permitted to directly use this mail server.
550-Please use your ISP's mail server instead
550-("See http://mail-abuse.org/dul/")
550 mail from 142.59.210.30 rejected: administrative prohibition (host is blacklisted)

I'm on a business class ADSL connection in my area. I could very easily be a business running an internal SMTP server. It's obviously some sort of dialup-pool RBL, but these are too strict imo. Confirmed sources only...

Even though it is RFC ignorant, etc etc, is it that important to use your DSL/cable modem as the sending MTA over just using the mail gateway that all sevice providers ? I had to do this a while back when a client of mine had MAPS installed and DUL blocking enabled - why don't you go after MAPS and say how lame they are if this story is legitimate as well..? ~z3d

Best place to start is the Open Relay Database FAQ or How Can I Fix the Problem. Poke around those sites and you'll find other sources as well.

Of course, most ISPs will be aware of this and have their own mail servers set up correctly. The problem is that most don't enforce it on their customers.

You can see our mail stats here.

Shake your Google :)

RSS as a news syndication method (sometimes expanded to "RDF Site Summary"):
http://www.voidstar.com/node.php?id=140

RSS when used to discuss anti-spam:
http://work-rss.mail-abuse.org/rss/

I must admit to having less of a problem with DNSBLs than other types of RBL such as the open relays

It is not clear to me what you mean by this. "DNSBL" is the generic term for any DNS-based Blackhole List. "RBL" is a trademark of MAPS, Inc., for a particular DNSBL which they operate. Different DNSBLs have different criteria for what they list.

For instance, some list only open relays, e.g. ORDB. Some list only open proxies, e.g. Blitzed OPM. Some list IP addresses which have sent spam to particular detectors. Some list IP addresses which belong to repeat spammers, e.g. SBL. Some list IP addresses allocated to particular countries or ISPs, such as the blackholes.us lists.

There's as great a diversity of DNSBLs as there is of opinions as to how to run a DNSBL.

You semiaddress the issue of accountability but not of secrecy. It's a fact that most services keep their lists secret until affectively revealed by dropped emails.

I'm not sure what you are claiming here. Do you mean that most mail sites do not tell their users which DNSBLs (if any) they are using? Or do you mean that DNSBLs do not disclose what IP addresses they list?

If the former, I agree that this can be a problem, particularly if the mail sites in question are ISPs. ISPs should disclose their mail filtration policies to their users; it's also nice (but by no means ethically necessary) if they give their users choice as to which filters apply to their individual mail. For other mail sites, such as corporations or research institutions (my workplace is one of the latter) it may be unnecessary given the site policies.

If you mean that DNSBLs don't disclose which addresses they list -- well, this is certainly the case for some DNSBLs, and certainly isn't for others. SPEWS, for instance, publishes their entire list in a text file (warning: long!). Many others do likewise. Some permit DNS zone transfers, so your nameserver can automatically download a full copy of the list and you don't have to query them constantly.

Any of the DNSBLs which I would recommend have clearly stated policies as to how addresses get on the list, and how they can get off. It is certainly the case that some mail operators use DNSBLs that I would not recommend. (Nobody, I say nobody, claims that your mail site should use every DNSBL out there, or that you should use them indiscriminately.) That is, I fear, their problem.

As an aside, I have personal experience of spending months trying to get a false entry in the DUL corrected.

Yes, there are badly operated DNSBLs. Yes, it's unfortunate that some sites use badly operated DNSBLs. That is a problem with the badly operated DNSBLs and not with DNSBLs in general. Please do not tar Steve Linford (operator of Spamhaus SBL) with the Paul Vixie brush.

Yahoo are saying they operate an Internet email system, but when I tried sending stuff to my own account on Yahoo from my static IP Earthlink DSL connection, my computer spent 3 days trying to send it before giving up because the MX host was unreachable. That means that, for these purposes, that service they claimed to be providing didn't exist. And it didn't exist because someone between me and Yahoo - maybe Yahoo, maybe Earthlink - had blocked an email.

I'm a little bit confused here. The issue at hand is DNSBLs, but the usual use of DNSBLs cannot yield a "host unreachable" -- it yields an SMTP error message and possibly a bounced mail. It sounds to me more like your own ISP, Earthlink, was filtering outbound port-25 connections from client addresses, to keep its dialup and DSL users from being used as spammable open proxies or relays. A ham-handed policy, indeed, but a policy decision that it's Earthlink's to make -- and nothing to do with DNSBLs or other sites' spam filtering.

Oh, but ok, I could have gotten it through if, at that moment, I'd used Earthlink's SMTP relay, but (a) WHY?

Presumably, if they're filtering port 25, because that is how Earthlink has chosen to run their network. That is undoubtedly cheaper and easier for them, than it would be to chase down every damn user on their system with an open proxy, open relay, backdoor trojan, or other piece of crapware and kick them off.

Sure, they could do that. But your fees would be triple, and they would go out of business -- so you'd have to find a new ISP anyway.

The end result of this is that legit email is blocked, spam (very clearly) still gets through (I already know how to enlarge my penis thank you very much), and so it's fair for me to say that the measures sysadmins are taking to block spam are not working, that they're interfering with legitimate use, that they're not actually ever going to be effective anyway, that they interfere with the communication of unconnected third parties.

It strikes me as foolish to say that DNSBLs as a category don't work, when anyone who runs a professional mail site and uses them can tell that using the right DNSBLs does make a difference in spam load. My site, with ~1000 users, blocks 2000-3000 spam per day using DNSBLs, local IP blocklists, and some content filters for obvious spam signatures (e.g. "S.1618") and viruses. We also get maybe one false positive a month reported by our users, which we whitelist; we also give users the choice of opting-out of spam filtering entirely for their accounts. (The demand for this? A few Chinese researchers whose home institutions operate open relays.)

It is mail users, it's not mail administrators, and this seems to be a distinction many in the pro-block camp fail to understand.

Thing is, from what you've said, you aren't an ordinary mail user, so you don't get to make that call for the entire mail-using public. You're a network hobbyist, who's choosing to operate his own mail site on a network that has chosen not to support that kind of operation -- namely, an end-user ISP. If your ISP doesn't allow port 25 outbound, or tells other sites not to accept mail from its client addresses (which is what a DUL listing indicates), that doesn't mean you have a problem with other sites' spam filtering ... it means you have a problem with your ISP and its choices for how to minimize problems on its own network.

If you, a hobbyist, want business grade connectivity rather than end-user connectivity which is filtered to minimize abuse, then you need to go to an ISP and get a contract for that kind of connectivity. It will cost more. That you assumed that an end-user ISP would support your hobby -- at the expense of being unable to clamp down on abuse of their own systems -- indicates to me that you might need to think your plans through a bit more.

Spews is exactly the same.

1. They disturb legitimate users: I run a business hosting an email customer support application (Neotonic.com). It is very important for us to get email support replies thorough to customers. Numerous times our IP addresses have ended up on the Spews blocklist because of some unsolicited mail sender in the same 256 address subnet. At most colocation facilities, ten or more companies share the same subnet, and it is not easy to change your IP addresses.
2. There is no way to track them down: Organizations like MAPS are judicious about how they block IP addresses. They do NOT block entire subnets unless there is cause, and they have an organized appeals process to take care of their oversights. Spews has no such facilities. In fact, the only centralized item in spews is the spews.org website.
3. You can't get them to stop: They block entire ISPs, and their FAQ says that I'm a victim of "rare inadvertant blocking". The trouble is, we followed their advice, we moved to a new colocation, with an entirely new bandwidth provider, and our new IPs are also spews blocked. There is no organization to appeal to, there is no way to get this fixed.

Spews is worse than the spammers, because at least I can ignore the spammers.

The "spam queen" was on NPR this morning (this link works but the audio's not available yet as I write this, and NPR might prefer you go thru npr.org, "audio archives" link).

She seems to be on a public relations campaign for spammers in general. She's not identifying a sponsor -- perhaps the the Direct Marketing Association (more here) -- but I doubt she'd deliberately attract so much attention without some reward. Maybe she's just drumming up more business this way. She made her usual claims that she never sends sex-related spam (i.e. porn or herbal viagra), never emails anyone without their permission, and advises listeners if they receive unwanted commercial email they can simply click the opt-out link included in each message. How very helpful.

Anyway, she reports there are more lawsuits in progress against anti-spam organizations, presumably including voluntary blackhole services. She identifies SpamCop as an unethical services because they allow anonymous reporting, and she argues she has the right to confront her accuser -- the interviewer, naive and non-confrontational, doesn't ask how she thought this right applied outside of a court trial, in a voluntary system (not to mention if "joe-jobs" are protected by the constitution). Actually he missed a lot of questions that would be obvious to the average /.-er.

Spammers are an organized, moneyed interest that is lobbying Congress in the US, and will presumably do the same in other countries where it serves them to do so. Spamming may be getting harder, but counteracting spam is also getting harder. ISP's in financial distress will tend to make business decisions to aid spammers in whatever way is still legal.

Email as we know it could become unworkable, and a new protocol may be necessary. As Aunt Tilly gets hooked by more email fraud, and receives more animated .GIF's of women having sex with farm animals, I think the incentive for most users to abandon traditional email will be there when the technology becomes available.

I've determined the best thing you can do to fight spam is to get "open relays" (which allow spammers to anonymously send mail through their computer) to fix their security problems, and if all else fails, send a report to the Mail Abuse Prevention System (MAPS) and get them put on the Realtime Blackhole List (RBL), basically a widely used realtime updated list that networks use to block spammers. Visit their web site, and to see steps you should take to get in touch with and educate an owner of an open relay on how to make it secure.

To an extent, I agree with you. Forging e-mail addresses is wrong, and may potentially be illegal in some jurisdictions, although I have my doubts, particularly if the message clearly identified its true sender elsewhere (which I suspect it would have done -- the operators of the blacklist have no interest in trying to mislead you).

Your legal argument against them for preventing you from sending mail seems tenous in the extreme. They did not prevent you from sending e-mail. They published true and accurate information about the technical characteristics of your e-mail system, and someone else decided, based on this information, that they didn't wish to accept mail from you system. High profile US-based blacklist operators such as MAPS frequently defend themselves against such cases.

But to get to the point about vigilantism...

Misusing other people's mail servers to send spam for you is also wrong, and it seems to me that it would be illegal in many jurisdictions. For instance, it would be interesting to try and bring a case in the UK for an offense against the Computer Misuse Act 1990. I'm sure their is similar anti-hacking legislation in the US and elsewhere.

But this never happens. The reasons that people are taking are being forced to take steps to combat this illegal activity is that no-one else is. I don't really accept the analogy with vigilantes, but to the extent that the is a comparison, I'd say this: in a world without law or law enforcement, the existence of vigilantes is not only inevitable, but arguably beneficial.

As for the breaking the end-to-end nature of the Internet, I'm afraid that this is inevitable. If it's not done by blacklists, it will be done by filtering software in e-mail clients that just throws e-mail away. This is really insidious. You won't even get a bounce. You'll just find, one day, that a message you send to your father never arrives, because he has installed an off-the-shelf spam-protection package that spuriously decided to delete your message from his inbox because it's (rather rudimentory) pattern matching decided that your message contained particular combinations of words that are common in spam.

This is happening now. People who receive dozens of spam messages a day (and I'm not exagerating -- I do) are installing systems that throw the baby out with the bathwater.

E-mail doesn't work anymore as a reliable means of communication, at least to old-timers who've had their e-mail address for many years. Even if people delete the spam by hand, they're increasingly likely to delete legitimate mail by accident. And the situation is getting worse.

It's also clear that unless I have a clear enforceable right to prevent people sending me unwanted rubbish (and there's no reason to believe it's not going to be hundreds of messages a day in five years time), I'm going to have to stop accepting e-mail from most people. At which point e-mail becomes rather pointless, really.

So while I agree with a lot of what you say, I do think you're missing the point.

I would like to suggest that your ISP enter into negotiations with this "Information Wave" ISP about creating a Realtime Blackhole List, similar to the one run by MAPS, of hosts that will be denied access to the networks of those ISPs supporting the blackhole list.

If such a list became widespread enough, then hopefully the immense problems and bog-down that frequent RIAA DOSes would cause to routers worldwide (which would effect, of course, everyone, even those who are not on the same network as P2Pers but happen to share a router somewhere with an ISP which does have p2pers) could be mitigated somewhat.

Have you seen the licensing agreements for MAPS ? It sure as hell isn't cheap. I'm so sick of this "more legislation is NOT the answer" argument bull$hit - some things simply should be illegal. It's just idiotic to think that the ability to forge e-mail headers is somehow a 'god-given' or 'constitutionally protected' right... that's such crap!?

I'm sure they'd like a peek.

The Hartford Courant has released additional articles today (Monday, July 1) that follow up the Sunday's Bayou article.

I've only had a chance this morning to read a little bit of For The Anti-Spammers, It's All-Out E-War which is an interview with Martin Roth of SWAT. Once again, this story has too much focus on a particular person and not enough coverage of the basic issues of the problems involved.

PostmasterGeneral/Mindshare supposedly has two prominent ex-MAPS people working in their "abuse department" to "clean up" their spam problem. The only problem is that these people of previously sterling reputation in the anti-spam community have been there since last summer or fall (at least) and PMG is still spamming. Last I read the only thing these ex-MAPS people have authority to do is listwash -- they couldn't even manage to remove addresses that were bouncing with 5xx errors!

Try doing a news.admin.net-abuse.email search on PostmasterGeneral, PMG and/or Mindshare "Subject:" headers. There you'll find all the sordid facts and all the high drama (including people breathlessly proclaiming undying loyalty to these obvious anti-spam turncoats).

If you run a mail server you can blackhole PMG with this list of their IP blocks and domains:

pm0.net
mg00.net
ms00.net
mb00.net
64.225.154
128.121.122
128.121.212
128.121.214
128.121.21 5
130.94.149
161.58.135
161.58.160
161.58.202
161.58.239
192.41.14
192.41.38
198.104.179
19 9.236.1
199.236.2
199.236.3
199.236.4
199.236. 5
199.236.6
199.236.7
199.236.8
199.236.9
199 .236.10
199.236.11
199.236.12
199.236.13
199.2 36.14
199.236.15
207.33.16
209.133.65
209.133. 67

Not only that, but MAPS (mail abuse prevention system) is all about anti-spam...

They should have to show in some way that you have opted in in the e-mail itself. Some sort of unique number that you gave them (or even an IP address, but this wouldn't be good enough). They would then have to have an e-mail AND some number to match up. There must also be a huge fine to back this up. This way, any business that sends an e-mail that says you opted in, can be automatically fined.

As a general principle, the burden of proof of the existence of consent rests on the side that claims the existence of the consent. In other words, you cannot be required to prove that you have not given your consent. (E.g. if somebody claims that you owe him 100 euros, and you disagree, it is up to him to prove his claim.)

This applies also to commercial email. If the advertiser can't prove that you have given her permission to send you commercial email, then she has broken the law that forbids sending unsolicited commercial email. Therefore, ID number that you suggest is not really necessary (although it would help the advertiser to prove the existence of consent).

Btw, the opt-in legislation means in practice that the advertisers must use verified opt-in. If anybody can subscribe commercial emails using your email address then the advertiser obviously cannot prove that it was you (and not e.g. your friend) who gave them permission to send you email advertisements.

But what is the DUL. And for that matter, what is MAPS- what do they do?

Did you try clicking the link on "MAPS, LLC"? It's in the story. The linked page also has a link to the DUL.

MAPS = Mail Abuse Prevention System

DUL = Dial-up User List

Come the revolution, they'll be the first up against the wall -- someday Denial of Service will be illegal, and then they'll get theirs.

Come the revolution, they'll be the first up against the wall -- someday Denial of Service will be illegal, and then they'll get theirs.

Mail Abuse Prevention System

Tracks open relays, dial up netblocks, etc. Works with sendmail, postfix, etc..
Does require paid subscription, but free for personal/hobbyist usage.

see http://mail-abuse.org/rbl/relay.html for details

I think we discussed this enough in the prior story Are SPAM Blacklists Unreasonable?

But, some information just bears repeating. First, there is a very good test system put in place by The Open Relay Database. Anyone running a mail server on their system should use this service (I do).

There is also a very good site that runs down how to close holes in different servers at mail-abuse.org.

Regardless of why this system is being exploited, it is certainly the system administrators fault...

That means, hopefully, that the system is working: People get spam, people forward spam to abuse@sourcedomain, admin shuts down the spammer with extreme prejudice, spammer doesn't make any money.

I love spam. I really do. I love the malicious thrill I get from digging through the headers to find the magic Received-by: line that will be the target of my ire. I love the sudden urgency it brings to my day ("Gotta get this bastard before he makes a sale..."). More than anything I love to get that email back from the admin desk saying, "This account has been terminated. If you have any further comments blah blah blah..." When that happens, I do a little dance, because it means some pig bastard just lost money because of me. Someday, I'm sure I'll get bored and cynical and just starting using MAPS, but I don't think it'll be soon.

Most MTA vendors don't go out of their way to provide up-front relay-control instructions in English, much less in a selection of languages.

Though I don't buy the language barrier excuse from chronic spammers (china telecom, e.g.), the open-relay db services could help smaller ones by translating their own instructions for fixing an open relay into the languages spoken in problem areas. Though in Wanadoo's particular case, that language would probably need to be the language of stuffing their MTA manual down their throat sideways.

Dorkslayers , who don't run an open-relay database per se, do come right out and say "If your IP address is in the APNIC CIDR Block or APNIC CIDR Block2 (for instance) and it's running a SMTP service that has been demonstrated to allow third-party email relay ... well ... you may be a dork. Nothing personal. It's just business."

vascogate.vasco.com[209.140.121.226]
I am PERPETUALLY (every 15 seconds!) being hit by attempts from this address to use my mail server. They are far worse than any site in Asia. and worst of all, vasco.com is a security related site
VASCO secures the enterprise from the mainframe to the Internet with infrastructure solutions that enable secure e-business and e-commerce, protect sensitive information, and safeguard the identity of users.

Am I the only one being abused by these people? My log files are almost useless because of their entries.
I have sent repeated requests to any address I could think of, and never even received the courtesy of a response.
They are blacklisted on RSS.

So, there's the ROKSO list of spammers, plus the usual MAPS and so on. Of course, there's also hieristic software such as Spam Assassin...

However, does anyone know of any web hosting providers that actually use these tools? I'm particularly interested in any that use SpamAssassin, as that appears to be very effective.

With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay

• abuse.net 's web form
  
• mail-abuse.org has a description of a number of tools (the tried and true telnet relay-test.mail-abuse.org and a good FAQ
  
• linux-sec.net
  has a list and lots of info
  

What all of this rambling means is that you can filter out a great deal of spam with the right DNS blacklists. I only use DNSbl's that allow zone transfers because I don't want network latency to slow down mail delivery. It really is a worthwhile thing to do.

Finally the best thing that you can do for your users is educate them. Give them very clear examples of how doing simple things like giving your personal email to a credit card company, entering it in a guestbook, using it in USENET, using it on any public discussion board, and many more can increase their spam intake many fold. Explain that to them. Show them the proof. It's not hard to generate spam. Hell create a dummy account and make a few posts in the newsgroups. Never give the address to anyone else and don't use it yourself. Give it a week. Then show the results to your users as proof of USENET address harvesting.

Finally, don't be part of the problem (this is to the parent of the article). Be proactive in fighting spam. Sitting back and bitching about it doesn't help anyone. If you put up a server that's an open relay then you fucked up. It's your responsibility as an administrator to make sure you do your job right. Putting up and open relay isn't doing your job right (are you listening all of you damned Exchange admins?! 90% of the open relays I find and report are running Exchange!!!). When you get spam, report it (called LARTing). Drop a copy to uce@ftc.gov. Reporting stock spam to the SEC. Report bogus drug scams (loose 100lbs tonight while you sleep!) to the FDA. Report Nigerian Monet scams to the Secret Service. Report the spamertised sites to their providers and ask that they investigate (don't accuse in case it's a Joe Job). Parse through the headers and learn to identify relayed spam, BS headers, and other tricks of the trade. Submit open relays for listing in all the open relay blacklists. Report it to the owner of the IP as well. DO YOU PART! If you're not going to do you part to fight spam or ensure that you're servers are properly configured, THEN GET YOU SERVERS AND YOUR ASS OFF THE 'NET BECAUSE YOU DON"T BELONG IN THIS COMMUNITY!! Don't be part of the problem.

What all of this rambling means is that you can filter out a great deal of spam with the right DNS blacklists. I only use DNSbl's that allow zone transfers because I don't want network latency to slow down mail delivery. It really is a worthwhile thing to do.

Finally the best thing that you can do for your users is educate them. Give them very clear examples of how doing simple things like giving your personal email to a credit card company, entering it in a guestbook, using it in USENET, using it on any public discussion board, and many more can increase their spam intake many fold. Explain that to them. Show them the proof. It's not hard to generate spam. Hell create a dummy account and make a few posts in the newsgroups. Never give the address to anyone else and don't use it yourself. Give it a week. Then show the results to your users as proof of USENET address harvesting.

Finally, don't be part of the problem (this is to the parent of the article). Be proactive in fighting spam. Sitting back and bitching about it doesn't help anyone. If you put up a server that's an open relay then you fucked up. It's your responsibility as an administrator to make sure you do your job right. Putting up and open relay isn't doing your job right (are you listening all of you damned Exchange admins?! 90% of the open relays I find and report are running Exchange!!!). When you get spam, report it (called LARTing). Drop a copy to uce@ftc.gov. Reporting stock spam to the SEC. Report bogus drug scams (loose 100lbs tonight while you sleep!) to the FDA. Report Nigerian Monet scams to the Secret Service. Report the spamertised sites to their providers and ask that they investigate (don't accuse in case it's a Joe Job). Parse through the headers and learn to identify relayed spam, BS headers, and other tricks of the trade. Submit open relays for listing in all the open relay blacklists. Report it to the owner of the IP as well. DO YOU PART! If you're not going to do you part to fight spam or ensure that you're servers are properly configured, THEN GET YOU SERVERS AND YOUR ASS OFF THE 'NET BECAUSE YOU DON"T BELONG IN THIS COMMUNITY!! Don't be part of the problem.

What all of this rambling means is that you can filter out a great deal of spam with the right DNS blacklists. I only use DNSbl's that allow zone transfers because I don't want network latency to slow down mail delivery. It really is a worthwhile thing to do.

Finally the best thing that you can do for your users is educate them. Give them very clear examples of how doing simple things like giving your personal email to a credit card company, entering it in a guestbook, using it in USENET, using it on any public discussion board, and many more can increase their spam intake many fold. Explain that to them. Show them the proof. It's not hard to generate spam. Hell create a dummy account and make a few posts in the newsgroups. Never give the address to anyone else and don't use it yourself. Give it a week. Then show the results to your users as proof of USENET address harvesting.

Finally, don't be part of the problem (this is to the parent of the article). Be proactive in fighting spam. Sitting back and bitching about it doesn't help anyone. If you put up a server that's an open relay then you fucked up. It's your responsibility as an administrator to make sure you do your job right. Putting up and open relay isn't doing your job right (are you listening all of you damned Exchange admins?! 90% of the open relays I find and report are running Exchange!!!). When you get spam, report it (called LARTing). Drop a copy to uce@ftc.gov. Reporting stock spam to the SEC. Report bogus drug scams (loose 100lbs tonight while you sleep!) to the FDA. Report Nigerian Monet scams to the Secret Service. Report the spamertised sites to their providers and ask that they investigate (don't accuse in case it's a Joe Job). Parse through the headers and learn to identify relayed spam, BS headers, and other tricks of the trade. Submit open relays for listing in all the open relay blacklists. Report it to the owner of the IP as well. DO YOU PART! If you're not going to do you part to fight spam or ensure that you're servers are properly configured, THEN GET YOU SERVERS AND YOUR ASS OFF THE 'NET BECAUSE YOU DON"T BELONG IN THIS COMMUNITY!! Don't be part of the problem.

1. Until I ask to be added -- don't contact me.
2. When I ask -- presume it was not me and e-mail me a confirmation request.
3. Only, when such a request comes back affirmative can you add me.