Slashdot Mirror
Walling off Asian E-mail to Prevent Spam
SomeoneYouDontKnow writes: "Seems there's been lots of spam news lately. This piece from Wired describes how frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world. As anyone who's ever reported spam to Asian ISPs can attest, getting a response of any kind is almost impossible, so some ISPs are simply giving up on receiving any mail from them. Setting up barriers like this is regrettable, but when the originating ISPs refuse to take responsibility for the actions of their users or close their open mail servers, there would seem to be no other choice. Has anyone ever had any kind of constructive conversation with one of these ISPs to see why they are unable or unwilling to do anything?"
I feel bad for the legitimate Asian users of e-mail trying to communicate with their comrades in the West, but it has been proven that this is the only way that ISPs will finally own up to the task of stopping spammers abusing the networks. Look what just the mere threat of the Usenet Death Penalty did to @Home--they have cleaned up their act significantly.
Strange as it is to say, this 'denial of service' is one that I think may actually have some future positive effect. The way the world seems to work is that no one will bother to do anything unless you threaten them with the loss of their service, and then they take action. Sad, but true.
Karma: Excellent Birds (mostly as a result of listening to Laurie Anderson)
is one thing. Not getting any cooperation when your own e-mail address is used as a false sender in the header of "enlarge your {certain male bodyparts}"-spam mails is a another thing. Ask me, it happened to me two weeks ago. I didn't even get a mail back from the provider.
Line 9: Argument of type SIGNATURE expected.
What about getting laws that say that unsolicitated mail is illegal? Shouldn't that do the trick? Anybody got some good reason for why laws like this shouldn't come true?
--
\ Christian A Strømmen
"It's not under our control." to any message you send to China Telecom. Hmmm, if nothing is under their control and they're a Chinese government controlled organiation........
May you be touched by His Noodly Appendage. RAmen.
...you basically are letting the spammers win when you close off one of the biggest open communications medium known to human kind. Perhaps I'm overly sentimental about it and goodness knows I'd love to prevent about 80% of the spam I see (that seems to be about the ratio in terms of TLDs involving Asian netblocks) - still, I cannot really bring myself to doing it yet.
--rc
I get tons of Asian language spam - it wouldn't break my heart to block them all.
I'm actually looking forward to my @home email address dying at the end of this month because that's where nearly all of them come to. Hopefully they won't be smart enough to simply replace @home.com with @comcast.net.
Los Angeles took action to prevent automobile accidents by closing all incoming roads.
Obviously, nothing useful comes from Asia, huh?
Even in its simplest form=Those cheap DVD players will never get sold to Best Buy when the Asian maker can't reply back to the buyer. Geeks everwhere revolt...
---"What did I say that sounded like 'Tell me about your day?'"---
Setting up barriers like this is regrettable, but when the originating ISPs refuse to take responsibility for the actions of their users or close their open mail servers, there would seem to be no other choice.
A good thing when you're trying to stop spam, a bad thing when the MPAA is trying to stop piracy. Depends on what you do for a living, I guess.
Spam, while annoying, is not the end of the world. If it really gets on your nerves, use a program like Vipul's Razor, and help add spammers to its database.
Just because I don't like getting junk mail credit card offers, doesn't mean I refuse all mail from Delaware to teach them a lesson. Here's a tip--throw it away. I get nowhere near enough spam in my inbox to interfere with legitimate mail (although I don't doubt there are exceptions that do....) and I don't even use a filter!
In November 2000 I spent 1 month in Hong Kong sorting out the Spam problems one of the largest ISPs was having, in my job as security consultant.
.net addresses, but were rapidly losing face amongst their peers for continuing to ignore the problems. *sigh*
The situation was dreadfull, with no abuse department and no way of detecting/stopping abusing customers, or even stopping customers being abused.
I killed 99% of the Spam by warning all customers we were testing for open relays, and offering to actually help them if they didn't know.
I then spent 2 weeks trying to configure about 30 different mail servers I had never even heard of, and one which didn't even return 1 result on Google!!
We got there in the end, especially once we firewalled port 25 for those customers who didn't want to listed.
The next step was to write belt-and-braces Terms of Service for the client and ensure the abuse@isp address was checked and actioned on a daily basis by a full-time member of staff. If abuse went unchecked, then we pulled the plug on the customer and banned them from coming back, or we'd prosecute (sometimes tricky in HK)
I *always* check who sends me spam, and I'm pleased to say none has originated from that ISP since I did my work there.
We tried to re-sell the solution to all other ISPs in the region, but they didn't bite due to a) expensive consultant fees, and b) not really caring.
I pointed out they were large ISPs who fully deserved their
But what else can be done to solve this problem with China and other Asian countries?
/benfit analysis might prove otherwise if the volumn is extream!) but has anyone offered to train someone from Asia on this side of the globe?
I agree that the 'no response' from many of these places is frustrating, but has anyone offered to train[1] some of these people in setup and configuration of their servers?
Has anyone who is bilingual offered to translate the user manuals into Japanese, Chinese, or Korean?
Has anyone taken the time to explain to them that by lax secuitry / improper setup on the EMail server usually points to more problems with in their network?
Education is the answer to this problem, and we need to take the lead.
[1] Okay, it might be impractial to fly halfway around the world to train someone in server configurations just to stop spam, (although a cost
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
Some good things CAN come out of Asia. I have 2 Asian friends I ICQ. They're pretty cool and good c coders but hate where they live. Won't argue with you on France thou. Banning them is just plain common sense.
I don't generate unique reply addresses per news post, but change addresses a few times a year. I have a bunch of old addresses that mostly get spam, so my filters dump incoming mail to them into a mailbox file that I look in every now and then. That's much less annoying than seeing the spam as it arrives, but still, it's better to keep the volume down.
I think I'll completely stop putting replyable email addresses on news posts. I'll just have a URL for my web site where people can leave me messages through a CGI. That lets me make another political statement too, since my web site runs SSL so any incoming messages I get from the CGI will be encrypted while in transit. We tell people to use ssh instead of telnet--we should also try to avoid sending email in the clear without a reason.
At one time I was spending a couple hours a week configuring filters and deleting spam. Now I have a list of known addresses I accept mail from. Everything else goes into the spam folder. I check that once a week, takes about half an hour to go through it and move real messages to the appropriate places. Then I delete the rest.
Best Slashdot Co
The article says:
Some Chinese and Korean systems administrators said documentation for the software they use is often available only in English, which complicates securing their systems.
This is an honest problem, because it's not the the ISP's fault that they can't get native-language documentation for the software. But if they're running the software at all, it becomes their problem. Why would any responsible system administrator install software when he can't read the documentation? Educated English speakers aren't such a minority in the far East. It's the ISP's responsibility to hire them, or else get software documented in their own language.
Cultural issues also contribute to the problem. Many spammers in Asia say they do not understand why spam is a problem. "It's a sign of respect that someone sends you an electric business card. It means he wants you as a customer."
This is just willful naivete on their part. If they think that sending an electronic business card is a "sign of respect", that's fine. But they need to understand that in the West, unsolicited advertising is an overwhelming inconvenience and is not welcome by the vast majority. Cultural relativism swings both ways.
Piracy is free and open and common in the far East, which irritates Western corporations and makes poor Western college students and hackers giggle with glee. It's rampant and unpoliced because the notion of information ownership and copyright just don't exist over there. But here's the flip side to that coin: unrestricted dataflow from the West into the East also means unrestricted dataflow from the East to the West. As music, movies and software comes in, spam goes out. Like it or not, they're both travelling through the same door.
If the Chinese ISPs want to provide their people a gateway to the free world, then it's their responsibility to cooperate with how the free world works and act responsibly within that setting. If they don't, then they get blacklisted like this and lose their right to be a gateway.
Education is the answer to this problem, and we need to take the lead.
Education is the answer to ignorance. Are we sure ignorance is the problem? With so many reports of mails to abuse@ going ignored, so many open relays reported and yet remaining open, I have to wonder whether it's not often an attitude problem (not that Far Eastern ISPs have a monopoly on those), and that's much harder to know what to do about.
GROGGS: alive and well and living in
I've read a few of the opinions here about why they're uneasy about blocking off entire domains like this, but I still can't see this as anything but a Good Thing(tm).
There are those who are uneasy about blocking off access to a free and open medium. But if the medium is truly free, then you should also be free to block traffic that you don't want. Seriously, if you carry that point of view to its logical conlusion you shouldn't be trying to avoid spam to begin with and reading it should be compulsory. Just because everybody has a voice doesn't mean you have to listen.
Should ISPs be held accountable for the actions of their users? No. But they should be held accountable for their own actions, and one of their actions is aiding and abetting known spamers. They've received the warnings and complaints, they've seen their own mail server traffic and have access to their own logs, and their decision to do nothing implicates them. If a bartender can be held accountable for letting a known drunk drive home and if a gun store owner can be held accountable for selling a gun to a known felon, why shouldn't ISP's be held accountable for selling service to a known spammer?
And as for the legitimate mails that may get blocked by firewalling off Korea or whatever, why should we be held accountable for the foolish choices made by these customers? If anything, blocking their e-mails should be seen as a benefit, allowing the user to learn first-hand the despicable pro-spam tactics of their ISP and make an informed decision. If they don't jump ship after that they deserve what they get.
They're our routers, our mail servers, as long as our actions don't abuse other peoples' resources (like spammers) why shouldn't we do whatever we damn well please with them?
Oh, I'll remember that for my next trip to Asia and have my new business card printed with the message "ask me how to increase the length of your penis" on its back. Must be common courtesy there.
------------------
You may like my a cappella music
I had a similar experience. I got tons of spam from a particular IP block, all pretty much alike and all supposedly from a bogus .tw domain. When I finally looked up the IP, I found the block was owned by some university in Taiwan. The contact email was dated 1996, but I forwarded one of the spams to it anyway and asked the person in charge to investigate and stop the spammer.
No direct response, but the spam stopped immediately, and I've never received another from that source.
~REZ~ #43301. Who'd fake being me anyway?
I think that the way to shut them down once for all is to educate people about what spam is and why it should be reported, and above all, not responded to. This way, the market that spammers will target will dry up and then they will stop sending their UCE out.
A vast majority of spam might *originate* in the US, and then a substantial chunk of that *relays* through boxes in Asia and is delivered back in the US.
The core issue is that Asian admins won't close their open relays. (This is both incompetance and in some cases intentionally aiding and abetting the spammers.)
Although my Yahoo spamtrap account does get lots of mail with subject lines like "ôô¦æ¾PWűâ"
most of my spam come with forged email headers supposedly from yahoo setting up a filter in my email ap to block anyincoming mail from yahoo would block 90% of my spam but unfortunately I get legitimate email from yahoo email users :-(
http://Lenny.com
4 great justice!