Mega-ISPs And Spam Support

WH writes: "Over at CNET there's an article about how PSINet and other huge ISPs have been secretly signing deals to provide spammers with internet connections." The other one I've seen is AT&T signing a contract with someone -- there were restrictions, but it's still troubling to see people's appetites for money overwhelming their ability to discern good vs. bad business practices.

Re:I've known this all along....

[kaip]

This means, the "individual" gets a gentle slap on the wrist (if that), and they go about their business. PSI, UUNet, and all the big ISPs don't give a rat's ass about spammers. That's why a *very* good percentage of spam you get has 38.x.x.x or 63.x.x.x in the headers. 38 being PSI, and 63 being UUNet. Try it sometime. It'll suprise you.

According to the SpamCop statistics the biggest sources of spam are currently:

1. UU.NET (78,521 complaints)
2. DIALSPRINT.NET (9,638 complaints)
3. USS.NET (8,708 complaints)
4. BELLSOUTH.NET (8,348 complaints)
5. BELLGLOBAL.COM (6,404 complaints)
6. PSI.COM (6,139 complaints)
7. POPSITE.NET (5,733 complaints)

UU.NET wins this contest easily... :(

Re:How do we fight this?

[Floyd+Turbo]

Subscribe to the MAPS RBL. Use their BGP feed to drop traffic. This way, the outage is coordinated with vast numbers of other RBL subscribers. As a result, it hits the spammers much harder and gets action taken much more rapidly.

This will still cost you legitimate traffic, but there's no way around that. You simply have to bite the bullet and suck up some short term costs for the long-term health of the net.
--

Re:Some People have no clue

[Alien54]

I'm beginning to lean towards the shoot them in the face solution.

I understand. the advantage is that the small fry cannot go over seas. and other countries may get into the act.

[insert visions of KGB agents hunting down russian spammers]

Well. there is always the following option, as posted on Segfault back in april 99:

Mafia Don Announces New Anti-Spam Venture

As the NSA and FBI fear, traditional crime organizations have been incorporating high-tech communication into their organizations. Although Janet Reno was quoted stating "This is law enforcement's worst nightmare.", techies around the world are sure to be pleased with one New York Syndicate's new venture.

It all started when Don Dominiqi signed onto his AOL account last Monday morning. His inbox was filled with "Make Money Fast", "Viagra On-Line", and "Teenybopper Web Sex" ads. Lost amidst the drivel was an important note detailing a non-taxed shipment of Marlboros, which were later confiscated by the BATF. Little did he know, as he shouted "Bring me the left hand of this f*cking gutterslime!" what would become of it all.

Later that same day, Billy "Run!" Brutekowski and Larry "My Eyes!" Plucker cornered the pasty-faced offender of the Family in a small cyber cafe in Grenich Village. "This was by far the creepiest place the Boss has ever sent us." stated Billy, who only spoke on condition of anonymity. "Everyone in this place looked pale and sickly, like they had already been 'spoken to'. We asked for this punk, and several people quickly pointed him out. Most of the scum we find in gin joints aren't so quick to finger one of their own," Billy continued.

"He must not watch much TV, because this sh*t didn't even flinch when we came to the corner he was hiding in," Larry proceeded to relate. "We dropped this sheet of paper the Boss had given us on his table and he says 'So you guys want to make money fast, eh?' He puts out his and says to give him $20. This scrawny little dirtball tells me to give him $20!" Larry was quite agitated at this part in his story, and his description of how Sammy Spammer's hand fell off was quite garbled.

Billy continued, "Up till now, this was a routine visit. We was just being playful. The weird sh*t began when we tried to leave." "This pimply faced kid blocks the door as we try to leave, and I'm thinking to myself 'Great, a f*cking Karate Kid hero. He just stand there, and then he hands me a $5 bill." Billy pulls out the $5, and holds it like it is his first quarter from his favorite grandmother. "They lined up after that, and we had $175 in 'tips' when we left the joint."

Later that day the Don himself visited the café, unwilling to believe the story. Although the details are unclear, sources at the café indicate that the Don has hired them to build and host a new Anti-Spam site. Through a SSL transaction system, the site will accept spam complaints and credit card donations towards 'solutions to problems'. Multiple complaints against the same spammer are added to the total until an acceptable solution has been found.

Larry tells us that a typical $250 solution is a broken hand, and for $2000 all anyone ever sees again of 'the problem' are his shoes.

The URL is to be announced next week, and the cyber café's phones have been jammed with requests for more information.

Even virgin accounts are spammed

[Shadow-Wing]

A hotmail acount I never used, is spammed by +- 30 emails a day. The account name is only 4 letters, thus I suppect that the spammers spam form A to ZZZZ.

Re:Even virgin accounts are spammed

[d00f]

I'd suggest much of the problem lies in the mail providers being unwilling to or unable to use measures to stop spam.

I own a small webmail company (fastworks.com) and we routinely get spammed. There are a number of methods people use and a number of ways to combat them.

Spammers will go out and get a dialup account, start spamming after the ISP's abuse department has gone home (usually a Friday night) and continue until someone finally pulls the plug.

These spammers will either send the spam by connecting directly to the victim's SMTP server or by using a 3rd party relay.

We combat this by subscribing to the RSS, RBL and DUP services at mail-abuse.net.

Mail sent via a dialup connection is often denied at the outset because many dialup connections are in the DUL. Open relays are often in RBL and RSS.

These two measures alone cut out more than 80% of our incoming spam.

Another popular way (among spammers) is to try the brute force method. They connect to a service with a few million subscribers and blast away with a dictionary-type attack. This usually causes the most problems on a network side because the victim mail server has to contend with 100,000 plus bounces in a few hours. This tends to fill mail queues quite fast.

Some of the most popular mail systems (which shall remain nameless) combat this problem by not bouncing after a threshold has been reached. This, although a simple method still allows the spam to get through.

I refuse to believe that I'm any smarter (maybe faster, but not smarter) than the folks running yahoomail and hotmail, but it makes a lot more sense to me to have the delivery agent blackhole (delete) this spam as it arrives based on the source IP, email address and even the content. It doesn't take much logic to detect a host that sends you 100,000 messages in an hour where 90% of them bounce.

This cuts out 99.9% of bruteforce spam. It saves us on disk space since the spam is never delivered, and it saves on CPU cycles since the SPAM lands in /dev/null as soon as it is received rather than bouncing all over kingdom come.

I believe a very effective way to stop spam is to regulate that each ISP must specify valid SMTP servers much in the same way there is a whois database with all the DNS servers listed. If we do this, then organisations can easily choose to deny all messages coming from dialup connections and it leaves spammers with only one method of sending spam. They would have to use their local ISP's SMTP relay to get their spam out. This would be trivial for the ISP to find and shut down. It would also bring stronger incentives to monitor and stop such activity if their own SMTP servers were being hit.

Now if only we can stop ICQ spam...

-Michael

MCI and Spammers

[Greyfox]

Back when I was working at MCI (Before the Worldcomm takeover) we had a very strict anti-spam policy. If we got enough complaints about spamming from your domain, we'd cut your ($1600+ a month) internet connection off. That was always something I respected about the company.

I've known this all along....

[Accipiter]

Oh please. Anyone who has ever forwarded a spam E-Mail to abuse@psi.net or abuse@uu.net knows this. You usually get a first reply stating:

Your e-mail has been received by [insert isp]'s abuse investigations. You have been assigned ticket number #SpammersAreCoolXorAndRot13. DO NOT REPLY TO THIS E-MAIL. It's automated. So shut up.

Then, almost like clockwork, a follow up letter arrives:

This is a follow-up letter from [insert isp]'s abuse team. Ticket number #SpammersAreCoolXorAndRot13 has been dealt with according to our AUP, and action has been taken against the individual.

This means, the "individual" gets a gentle slap on the wrist (if that), and they go about their business. PSI, UUNet, and all the big ISPs don't give a rat's ass about spammers. That's why a *very* good percentage of spam you get has 38.x.x.x or 63.x.x.x in the headers. 38 being PSI, and 63 being UUNet. Try it sometime. It'll suprise you.

As for this article, it comes as no suprise to me. UUNet and PSINet have been known to forward your abuse@ complaints to the spammers themselves, and are both well-known spam harbors.

DIE SPAMMERS, DIE. (Oh, and please take a few Spam-Friendly ISPs down with you. Okay?)

-- Give him Head? Be a Beacon?

Re:I've known this all along....

[JeffL]

Indeed, the majority of spam I get originates at a uu.net or psinet dialup (except the foreign stuff relayed through a Chinese or Korean government servers), and I get this same annoying response back each time.

If the institution of higher learning that I am at got some backbone they could probably finance their entire IT budget off the spammers, because it is illegal in this state.

Re:PSI I don't understand, but with AT&T...

[russ-smith]

You can sue them for the phone calls see

ATT Called.com

Potential for abuse... some assumptions

[Some+guy+named+Chris]

There are over 3,000,000 businesses in the USA which are members of the United States Chamber of Commerce (a href=http://www.uschamber.com/_About+Us/Who+We+Are /default.htm>source). Now, assume that spam becomes an accepted business practice, and 10% of these small businesses decide to send out 1 spam a month. Assume you are only on 10% of these companies spam lists (a generous estimate, since once you get on one, you tend to get on them all).

3,000,000 small businesses
* 10% spammers
---------
300,000 spamming small businesses
* 10% of lists you are on
---------
30,000 spams you get a month
30 days per month (avg)
---------
1,000 spams per day.

Now, if you received 1,000 spams per day because spam was legitimized, just how useful is email to you anymore? I'd say not very.

Re:How do we fight this?

[Starship+Titanic]

Yes, rejecting all traffic from ISPs of that size IS possible. Ever heard of the Usenet Death Penalty? Those were applied to a lot of major ISPs and backbone providers, inculding, as it appears, PSI. The same is possible for all net traffic. So how do we fight this? Talk to your ISP's/uplink's friendly sysadmin.

How to Stop Spam

[Greyfox]

If everyone rejected unencrypted messages by default, spammers would go away. If they were no longer able to send out 2 million spams with one shot to an E-Mail list, spamming would become economically unfeasible.

But Grey (I hear you cry) we still get junk mail despite the postage. True, but THEY actually have something to sell you. Spam alienates most of the target audience so only shifty companies advertise that way. If they can blast out 2 million E-Mail for free and have 10 or 15 people they can bilk respond, they've made a profit. Require bigger hardware for encryption, plus the time it takes to encrypt to 2 million public keys and all of a sudden, spam gets a lot less economical.

Re:How do we fight this?

[IO+ERROR]

Subscribe to the MAPS RBL.

Also subscribe to the MAPS RSS and DUL lists. Out of the spam that I get here, 99% of it gets blocked by RSS and DUL, and the other 1% by RBL. I've not received a single spam since installing these.

If you have sendmail 8.10 or later, do this in your sendmail.mc file:

FEATURE(dnsbl,`blackholes.mail-abuse.org',`Mail rejected, see http://www.mail-abuse.org/rbl/')dnl FEATURE(dnsbl,`relays.mail-abuse.org',`Open relay rejected, see http://www.mail-abuse.org/rss/')dnl FEATURE(dnsbl,`dialups.mail-abuse.org',`Dialup rejected, see http://www.mail-abuse.org/dul/')dnl FEATURE(`delay_checks')dnl

You won't see any more spam, and your log file will show the address they tried to send to (this is what delay_checks is for).
---

How do we fight this?

[petard]

There are two techniques I can think of for fighting this evil business practice:

1. Take your business elsewhere, and tell them why.
2. Refuse to carry their traffic.

(1) doesn't apply to me. I am not one of their customers, nor is my company. (2) is very difficult. Can anyone afford to reject all traffic from ISP's this size? I certainly can't. I get far too much legitimate traffic from them to do that without a sever degradation in my service. So how do we fight this one WITHOUT LEGISLATION? (I'm not 100% sure, but legislation sounds like a losing proposition to me!)

Re:Whats so bad about spam?

[Myddrin]

Because SPAM is much more intrusive
than a TV add.

Each message comes in and takes a small part
of your hard-drive space and time. It would
as each producer of each tv ad came into
your house and took a single grape and a single small slice of cheese.

While each grape or slice of cheese doesn't cost much, the collective mountain of foodstuffs
would be quite expensive.

I added up the sum of the cose of HD space and
time I wasted on spam once (took an average week and projected it out over a year). It came to
something like 1 day(deleting my junk folder repeatedly) and about $15,000(obviously the space was deleted and reused) in HD space.....

And I'm very careful who get's my home address. (I have about 3 different spam addresses though.)
---
RobK

PGP only accounts could help...

[pallex]

...have an isp set up an email system so it only accepts valid PGP encrypted emails. Spammers would then need not only an email address, but a valid key for each person, plus cpu time to encrypt the message for each person.

Or does someone already offer this service. Strictly PGP encrypted ONLY.

spamjammer - having fun on the jerk's nickel

[pjammer]

Like many of you, I seethe each time I open my mailbox and see FREE XXX/Make $10,000 per week from home/lost 3 inches guaranteed crap.

Hunting/identifying/shutting down spammers' freemail address and geocities/angelfire sites is not that satisfying - you know the jerks are just going to start another one.

Fight fire with fire!
I've been having fun saving the 800 numbers in my Palm V and calling them from public phones - and leaving the 800 number of other spammers in their voicemail. Call 800-555-1219: "Hi, this is Mark Miller, and I'd love to make $10,000 from home each week. My number is 800-555-4492. Look forward to hearing from you!"
Call 800-555-4492: "Hi, this is David Logan, I'd be very interested to talk! 800-555-1219"

Alternatively, I've left messages pointing to my home fax line. And I KNOW those thieving motherfuckers call back - there's always a few call-and-hangups after each phony voicemail I leave.

The idea of jamming up hopeful get-rich-quick idiots gives me warm fuzzies at night. Sure, it's a cheap thrill, but they are gratifying nonetheless. That 800-number "duck quack" meme cost the company over $10,000 in long distance charges per day. Don't just ignore spam - run up their telephone charges and drive them out of business. Your country is counting on you.


- The Mischief Commitee
(a wholly owned subsidiary of Project Mayhem. Member FDIC)
-------------------------------------------------

-- If the blues don't kill you, brother, they'll make you a mighty, might man.

Here's how to get them to leave a message...

[KlomDark]

Almost all telemarketing operations use a system called a 'predictive dialer'. What that means is a computer dials a list of numbers, but only at the rate that of the current average of the time it takes for the actual telemarketer to complete the call (Including both sales and hangups). It dials the number, listens to the way the phone is answered, then switches the call to a waiting telemarketer if it is determined to be a person on the line.

How does it do that? It listens for a pattern in the sound when answered. Typically, an answering machine has a message like "Hi, you've reached so & so, please leave a message" - basically a long, uninterrupted pattern of sound. When a person answers, they generally just say "Hello?" and wait for a reply - a quick pulse of sound, then nothing.

That's what the predictive dialer listens for - a quick pulse. If a long string, then it hangs up, so they don't waste their phone bill on an answering machine.

How do you take advantage of this? Instead of putting "Hi, you've reached so & so, please leave a message", instead put something like "Hi" "you've reached so & so, please leave a message"

This will fool the dialer into thinking it's a real person, and transfer the call to a telemarketer. Sure, the telemarketer will hang up, but you've just consumed an extra five or ten seconds of their time, and a few cents of connect time. This impeded the amount of time they can spend bothering other people, and when it happens in the thousands, it can actually have an effect.

Do it, try it!