Walling off Asian E-mail to Prevent Spam

SomeoneYouDontKnow writes: "Seems there's been lots of spam news lately. This piece from Wired describes how frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world. As anyone who's ever reported spam to Asian ISPs can attest, getting a response of any kind is almost impossible, so some ISPs are simply giving up on receiving any mail from them. Setting up barriers like this is regrettable, but when the originating ISPs refuse to take responsibility for the actions of their users or close their open mail servers, there would seem to be no other choice. Has anyone ever had any kind of constructive conversation with one of these ISPs to see why they are unable or unwilling to do anything?"

I can't disagree more

[MicroBerto]

As the Ex-AbuseDesk admin at a local ISP, I must say that I wanted to do that VERY badly, but wasn't allowed to. There's simply no way to get a response from them. I have absolutely no qualms about cutting communication off from them. It's just so frustrating for EVERYONE.

On the other end, if many of those domains are in the Orbz or other blacklists, maybe just using those would be better.

Filtering email

[johnburton]

Well blocking whole areas is a start, but not an ideal solution. I'm going to start filtering my email so that unless it meets one of the following conditions it gets rejected and sent back to the sender :- 1. The mail claims to be From someone I have pre-approved. 2. It's from a mailing list I've registered with. 3. It's sent To: a special purpose address within a couple of days of creating that address. (So I can post to newsgroups with addresses like jb10202 which will be valid for a couple of days for replies only) 4. The email contains a special approval code to bypass the checking. The purpose of 4) is that when I get an email that is rejected it will send it back to the sender with an apology and a 4 digit random code which is valid only for a single mail from that address and only for 48 hours. They can simply forward the mail back to me and it will contain the code and get through. I get *so* much spam, and 99% of my real email is from the same few address that I need to block the junk, and I think this scheme will annoy relativly few people, and not too much but should cut ALL the spam. I've not implemented this yet, but it shouldn't be too hard to write.

An interesting counter point...

[Amarok.Org]

I run a small mail server, mostly providing mailing lists to the automotive community. While my lists weren't affected (I have reasonable anti-spam rules in place), a server in Taiwan was spamming every address it could find in my domain with dozens of unique spam per day.

The usual ip tracing ensued and I tracked it back to a small ISP. Hoping that I would reach someone who spoke (or wrote) English, I sent a copy of my logs and an explanation to "postmaster@", "abuse@", "webmaster@", and any other address I could think of. Amazingly enough, after about 12 hours, I received a reply (in somewhat broken English) asking for more logs, and a confirmation of the time zone I was using in my logs (UTC, for what it's worth). After I replied, I received an appology that one of their "clients" had bothered me and assured me it would be taken care of.

To this date, I have not received another piece of spam that I have attributed to that ISP. I realize that this is the exception and not the rule, but I thought it was worth noting that there really are reasonable sysadmins "over there".

Remember UUNet's "Death Sentence"

[biomech]

The first parallel that came to mind was the "death sentence" proposed against UUNet a few years ago for their fostering spamming activity.

The action represented the response of a group of responsible internet members that had finally tired of both the activity and the lack of response from a greedy company who seemed to have no respect for bandwidth and privacy issues.

It seemed to work then and maybe it's just what's needed now.

It's about time that some of these ISP's discover what happens when the fecal matter hits the oscillator.

Constructive dialogs

[buss_error]

I turned in a complaint to hinet.cn, I think it was, about a system with Code Red banging away at one of my web servers. I included a snip of the web server log, along with a note that my servers are NTP sync'ed.

The response was "without full e-mail headers, we can't do anything."

Hmmm. It's not e-mail.
I am discussing with my employer the option of blocking all 202/8 203/8 210/8 211/8, all of Road Runner but the MX'es, *.cn, *.tw, *.ru, *.pl, and *.mx domains too. I don't know the ip range assigned to the domains, so if you do, post a follow up! (I have Road Runner netblocks, there are just too many to put them here.)

Screw Asia... I blocked Hotmail

[ellem]

in fact for a few months I blocked:

Hotmail
Yahoo
MSN
USA.net

When those folks learn how to close their relays and strip a virus then we can deal with the Asians....

I like this quote:

[mESSDan]

While some spam being transmitted by Asian servers appears to be sent by the locals, Western spammers are exploiting Asian mail servers and using them to relay mail.Many Asian systems often run old software or software that hasn't been configured securely or patched properly, experts say.

Well, if people can exploit the problem and get a response from the sysadmins saying "I can't do anything about it", maybe instead of us blocking their servers (quite easy to do), someone should put on a blackhat and go patch some of those holes. (This came up and was heavily discussed during the Code Red and Nimda attacks.)

I dunno, but I think a moral hacker would find it quite rewarding to screw up a spam creaters cash cow.

my ISP just did this

[option8]

the place where i colo is just now doing this after tracing the bulk of the spam coming into their own network from chinese ISPs and most especially china.com

rather than refusing email from the offending ISPs, they are going to the rather extreme measure of refusing connections entirely (at the router, i guess, though i'm not certain how the network is set up...) from the entire IP ranges of a number of the offenders.

so, now all my domains (and all those colo'd at my ISP) will basically be inaccessible to anyone in china. big deal. all the traffic i get from china is either spam or nimda requests. woo friggin hoo.

it has yet to go into effect, but i expect it will make a big difference in my monthly bills, as i pay for bandwidth, even if it's spam sent to people on my mail server.

as some folks are bound to say, it's more than a bit presumptuous to basically say "play by my rules or get off the field" where "my rules" are typically those of the mostly american, english speaking internet population, but in this case it's more a case of "play nice or go home"

Re:Sadly, this is the only way to go

[jedrek]

Like actually bothering to translate your contact messages into various non-English languages. After all, when was the last time You, as a sysadmin, responded to an informative message to postmaster@your.org that was written in an Asian language??

The international language of snail mail is French. That's why air mail is par avion. It's like that all around the world and no one really complains. If the admin knows enough to postmaster@ he knows it should be in english. English is *the* offical language of email. Just look at the headers, I don't see a 'Od: instead of 'From:' or 'Temat:' instead of 'Subject:'.

Admins speak english, you can't really be a good admin if you can't communicate with your computer and 90% of software - even software created in non english speaking nations - is in english.

jedrek