Slashdot Mirror
Walling off Asian E-mail to Prevent Spam
SomeoneYouDontKnow writes: "Seems there's been lots of spam news lately. This piece from Wired describes how frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world. As anyone who's ever reported spam to Asian ISPs can attest, getting a response of any kind is almost impossible, so some ISPs are simply giving up on receiving any mail from them. Setting up barriers like this is regrettable, but when the originating ISPs refuse to take responsibility for the actions of their users or close their open mail servers, there would seem to be no other choice. Has anyone ever had any kind of constructive conversation with one of these ISPs to see why they are unable or unwilling to do anything?"
Sure, why not. Heck, I blocked France on principle!
46. The Hobo smiles, his eyes glaze over, and he burps. "Beware the man who has lived longer than the Wasteland."
On the other end, if many of those domains are in the Orbz or other blacklists, maybe just using those would be better.
Berto
I feel bad for the legitimate Asian users of e-mail trying to communicate with their comrades in the West, but it has been proven that this is the only way that ISPs will finally own up to the task of stopping spammers abusing the networks. Look what just the mere threat of the Usenet Death Penalty did to @Home--they have cleaned up their act significantly.
Strange as it is to say, this 'denial of service' is one that I think may actually have some future positive effect. The way the world seems to work is that no one will bother to do anything unless you threaten them with the loss of their service, and then they take action. Sad, but true.
Karma: Excellent Birds (mostly as a result of listening to Laurie Anderson)
is one thing. Not getting any cooperation when your own e-mail address is used as a false sender in the header of "enlarge your {certain male bodyparts}"-spam mails is a another thing. Ask me, it happened to me two weeks ago. I didn't even get a mail back from the provider.
Line 9: Argument of type SIGNATURE expected.
...you basically are letting the spammers win when you close off one of the biggest open communications medium known to human kind. Perhaps I'm overly sentimental about it and goodness knows I'd love to prevent about 80% of the spam I see (that seems to be about the ratio in terms of TLDs involving Asian netblocks) - still, I cannot really bring myself to doing it yet.
--rc
Well blocking whole areas is a start, but not an ideal solution. I'm going to start filtering my email so that unless it meets one of the following conditions it gets rejected and sent back to the sender :-
1. The mail claims to be From someone I have pre-approved.
2. It's from a mailing list I've registered with.
3. It's sent To: a special purpose address within a couple of days of creating that address. (So I can post to newsgroups with addresses like jb10202 which will be valid for a couple of days for replies only)
4. The email contains a special approval code to bypass the checking.
The purpose of 4) is that when I get an email that is rejected it will send it back to the sender with an apology and a 4 digit random code which is valid only for a single mail from that address and only for 48 hours. They can simply forward the mail back to me and it will contain the code and get through.
I get *so* much spam, and 99% of my real email is from the same few address that I need to block the junk, and I think this scheme will annoy relativly few people, and not too much but should cut ALL the spam.
I've not implemented this yet, but it shouldn't be too hard to write.
Sig is taking a break!
I run a small mail server, mostly providing mailing lists to the automotive community. While my lists weren't affected (I have reasonable anti-spam rules in place), a server in Taiwan was spamming every address it could find in my domain with dozens of unique spam per day.
The usual ip tracing ensued and I tracked it back to a small ISP. Hoping that I would reach someone who spoke (or wrote) English, I sent a copy of my logs and an explanation to "postmaster@", "abuse@", "webmaster@", and any other address I could think of. Amazingly enough, after about 12 hours, I received a reply (in somewhat broken English) asking for more logs, and a confirmation of the time zone I was using in my logs (UTC, for what it's worth). After I replied, I received an appology that one of their "clients" had bothered me and assured me it would be taken care of.
To this date, I have not received another piece of spam that I have attributed to that ISP. I realize that this is the exception and not the rule, but I thought it was worth noting that there really are reasonable sysadmins "over there".
-- "Other than that, how was the play Mrs. Lincoln?"
The first parallel that came to mind was the "death sentence" proposed against UUNet a few years ago for their fostering spamming activity.
The action represented the response of a group of responsible internet members that had finally tired of both the activity and the lack of response from a greedy company who seemed to have no respect for bandwidth and privacy issues.
It seemed to work then and maybe it's just what's needed now.
It's about time that some of these ISP's discover what happens when the fecal matter hits the oscillator.
We have met the enemy and he is us - Pogo (Walt Kelly)
Los Angeles took action to prevent automobile accidents by closing all incoming roads.
Obviously, nothing useful comes from Asia, huh?
Even in its simplest form=Those cheap DVD players will never get sold to Best Buy when the Asian maker can't reply back to the buyer. Geeks everwhere revolt...
---"What did I say that sounded like 'Tell me about your day?'"---
The response was "without full e-mail headers, we can't do anything."
Hmmm. It's not e-mail.
I am discussing with my employer the option of blocking all 202/8 203/8 210/8 211/8, all of Road Runner but the MX'es, *.cn, *.tw, *.ru, *.pl, and *.mx domains too. I don't know the ip range assigned to the domains, so if you do, post a follow up! (I have Road Runner netblocks, there are just too many to put them here.)
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
No it's not a huge setback. Eventually the various Asian admins that are causing this will get the clue and fix their mail systems.
I get roughly 100 messages or so of SPAM a day on my Hotmail account -- I can't give an accurate number because I keep blocking entire domains (some jackhole, and I think I know who, decided to add me to various coupon and ad sites, which becomes a deluge as they share mailing lists). Of the 150 or so blocked domains, about 10% of them are Asian (surf to xyzzy.net and note that entire webpage is in a font I don't have installed).
Make a law? Sure. In which country? Or do you mean you want to outlaw SPAM in the US, and then somehow think you're going to be able to prosecute a company located entirely in North Korea under US Law? Things just aren't that easy. I'd like to see a reasonable way to legislate SPAM to be illegal, even if it only did affect the US, but I'm yet to see anything that has teeth AND makes logical sense.
Is this why my mail order bride isn't writing back to me?
in fact for a few months I blocked:
Hotmail
Yahoo
MSN
USA.net
When those folks learn how to close their relays and strip a virus then we can deal with the Asians....
This
I dunno, but I think a moral hacker would find it quite rewarding to screw up a spam creaters cash cow.
-- Dan
In November 2000 I spent 1 month in Hong Kong sorting out the Spam problems one of the largest ISPs was having, in my job as security consultant.
.net addresses, but were rapidly losing face amongst their peers for continuing to ignore the problems. *sigh*
The situation was dreadfull, with no abuse department and no way of detecting/stopping abusing customers, or even stopping customers being abused.
I killed 99% of the Spam by warning all customers we were testing for open relays, and offering to actually help them if they didn't know.
I then spent 2 weeks trying to configure about 30 different mail servers I had never even heard of, and one which didn't even return 1 result on Google!!
We got there in the end, especially once we firewalled port 25 for those customers who didn't want to listed.
The next step was to write belt-and-braces Terms of Service for the client and ensure the abuse@isp address was checked and actioned on a daily basis by a full-time member of staff. If abuse went unchecked, then we pulled the plug on the customer and banned them from coming back, or we'd prosecute (sometimes tricky in HK)
I *always* check who sends me spam, and I'm pleased to say none has originated from that ISP since I did my work there.
We tried to re-sell the solution to all other ISPs in the region, but they didn't bite due to a) expensive consultant fees, and b) not really caring.
I pointed out they were large ISPs who fully deserved their
But what else can be done to solve this problem with China and other Asian countries?
/benfit analysis might prove otherwise if the volumn is extream!) but has anyone offered to train someone from Asia on this side of the globe?
I agree that the 'no response' from many of these places is frustrating, but has anyone offered to train[1] some of these people in setup and configuration of their servers?
Has anyone who is bilingual offered to translate the user manuals into Japanese, Chinese, or Korean?
Has anyone taken the time to explain to them that by lax secuitry / improper setup on the EMail server usually points to more problems with in their network?
Education is the answer to this problem, and we need to take the lead.
[1] Okay, it might be impractial to fly halfway around the world to train someone in server configurations just to stop spam, (although a cost
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
How much time do you expect a Chinese bureaucrat to spend prosecuting a fellow countryman because he made 1000 foreigners delete a bothersome message?
I hate spam, but the last thing I want is a bureaucratic solution. The free market will find a way grasshopper....
Slashdot: Liberal News for Nerds. Liberal Stuff that Matters.
I don't generate unique reply addresses per news post, but change addresses a few times a year. I have a bunch of old addresses that mostly get spam, so my filters dump incoming mail to them into a mailbox file that I look in every now and then. That's much less annoying than seeing the spam as it arrives, but still, it's better to keep the volume down.
I think I'll completely stop putting replyable email addresses on news posts. I'll just have a URL for my web site where people can leave me messages through a CGI. That lets me make another political statement too, since my web site runs SSL so any incoming messages I get from the CGI will be encrypted while in transit. We tell people to use ssh instead of telnet--we should also try to avoid sending email in the clear without a reason.
At one time I was spending a couple hours a week configuring filters and deleting spam. Now I have a list of known addresses I accept mail from. Everything else goes into the spam folder. I check that once a week, takes about half an hour to go through it and move real messages to the appropriate places. Then I delete the rest.
Best Slashdot Co
legitimate use of a DDoS attack. I know it is wrong on so many levels and immoral and all that, but doesn't it just make sense on a primitive level that if they are unwilling to shut down their open relays, someone else should shut them down for them? 24 hours notice, then hit them until they promise to shut it off. Make there be direct consequences for them not playing nice on the net.
Like I said, I know this is inherently flawed, but it is nice to dream. Mmmmmm, vigelante justice on the net...
And while we're at it, we should make it illegal to respond sarcastically to extremely simplistic solutions to complex problems! Yeah!
--
Damn the Emperor!
the place where i colo is just now doing this after tracing the bulk of the spam coming into their own network from chinese ISPs and most especially china.com
rather than refusing email from the offending ISPs, they are going to the rather extreme measure of refusing connections entirely (at the router, i guess, though i'm not certain how the network is set up...) from the entire IP ranges of a number of the offenders.
so, now all my domains (and all those colo'd at my ISP) will basically be inaccessible to anyone in china. big deal. all the traffic i get from china is either spam or nimda requests. woo friggin hoo.
it has yet to go into effect, but i expect it will make a big difference in my monthly bills, as i pay for bandwidth, even if it's spam sent to people on my mail server.
as some folks are bound to say, it's more than a bit presumptuous to basically say "play by my rules or get off the field" where "my rules" are typically those of the mostly american, english speaking internet population, but in this case it's more a case of "play nice or go home"
- Entertaining Bits from the Ancient Kernel Tree
The article says:
Some Chinese and Korean systems administrators said documentation for the software they use is often available only in English, which complicates securing their systems.
This is an honest problem, because it's not the the ISP's fault that they can't get native-language documentation for the software. But if they're running the software at all, it becomes their problem. Why would any responsible system administrator install software when he can't read the documentation? Educated English speakers aren't such a minority in the far East. It's the ISP's responsibility to hire them, or else get software documented in their own language.
Cultural issues also contribute to the problem. Many spammers in Asia say they do not understand why spam is a problem. "It's a sign of respect that someone sends you an electric business card. It means he wants you as a customer."
This is just willful naivete on their part. If they think that sending an electronic business card is a "sign of respect", that's fine. But they need to understand that in the West, unsolicited advertising is an overwhelming inconvenience and is not welcome by the vast majority. Cultural relativism swings both ways.
Piracy is free and open and common in the far East, which irritates Western corporations and makes poor Western college students and hackers giggle with glee. It's rampant and unpoliced because the notion of information ownership and copyright just don't exist over there. But here's the flip side to that coin: unrestricted dataflow from the West into the East also means unrestricted dataflow from the East to the West. As music, movies and software comes in, spam goes out. Like it or not, they're both travelling through the same door.
If the Chinese ISPs want to provide their people a gateway to the free world, then it's their responsibility to cooperate with how the free world works and act responsibly within that setting. If they don't, then they get blacklisted like this and lose their right to be a gateway.
Why not use a domain hitlist? Get more than a couple of spams from a domain, bounce everything from the domain[1]. It's less arbitrary than closing off everything from Asia on the basis of a few spammer ISPs.
[1] Bye bye Yahoo, AOL, Hotmail for a start.
Government of the people, by corporate executives, for corporate profits.
The Asian nations would not be in this situation if they understood the proper way to run a mailserver and dropped the insane cultural notion that obnoxiously shoving a business card in someone's face is courteous and expected. I worked in Asia during the early 90s (mainly Singapore, Hong Kong and Taiwan) and from my experience of working with Asian businesses, this problem will not go away. Unless it's not hurting their bottom line, it doesn't matter if its hurting ours.
Strange women lying in ponds distributing swords is no basis for a system of government.
- frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world [says Slashdot]
Anti-spam activists confirm that a growing number of beleaguered systems administrators are now blocking all e-mail originating from Asia from their systems [says the article]Bollocks, says anyone reading it with a critical eye. There are no references or sources for this sweeping "all Asian email" statement. The single reference is to Spamhaus which implements selective listing of domains that persistently generate or carry spam and decline to respond to spam reports. Most of their listed ISP's are currently US based. There is specific mention of two Chinese ISP's, and none from any other Asian nation.
To make a story out of this, you have to cite metrics. The fact that Spamhaus are currently blacklisting China Telecomm no more proves that "the west" is blocking "the east" than a story about anyone temporarily blacklisting AOL (again) proves that there is some mass move to block "the west".
Without giving metrics, you're just providing anecdotes. Persuasive anecdotes, sure, that probably appeal to our personal experiences, but those are the most dangerous kind, because they stop you looking for the real story and asking the real questions.
The real question here isn't "Why do Spamhaus currently blacklist China Telecomm?" but "Why don't Spamhaus currently blacklist Roadrunner?" or any of another half dozen ignorant ISP's that deny that they are injecting spam even in the face of unequivocable header evidence. Perhaps we in the "west" (sweeping-generalisations-r-us) could go about cleaning up our own house before we go gunning for those coming late to the party.
If you were blocking sigs, you wouldn't have to read this.
Education is the answer to this problem, and we need to take the lead.
Education is the answer to ignorance. Are we sure ignorance is the problem? With so many reports of mails to abuse@ going ignored, so many open relays reported and yet remaining open, I have to wonder whether it's not often an attitude problem (not that Far Eastern ISPs have a monopoly on those), and that's much harder to know what to do about.
GROGGS: alive and well and living in
A few months ago my email address ended up on a Korean spam list. I've been using the following procmail rule since:
:0:
* (^From:.*\.kr |\
^.*ks_c_5601)
SPAM
It catches about 95% of the spam from Korea. It's sad that I've had to resort to filtering email from an entire country.
What has amazed me about the whole thing is the spam I receive from there is usually written in the ks_c_5601-1987 character set. Since Korean is not a really popular language throughout the world, the chances of someone understanding the spam is very slim (I haven't been about to find a good Korean to English translator that actaully works). IMHO, the spammers are just wasting their time.
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
Simply report them to the police - identity theft and fraud are considered real crimes even by clueless law enforcement offices that usually don't do anything about spammers. (Yes, I've done it before).
This message is provided under the terms outlined at http://www.bero.org/terms.html
Spam, while annoying, is not the end of the world.
Maybe for you. But read the article. There are mail admins who receive more than a hundred spam requests per second from chinese ip addresses. That adds up to REAL money, really quickly. Adding the addresses to this database still costs bandwidth, since you have to receive all the headers before you can run your spam check.
Global blocking of the connecting IP range means you can do it from the first SYN packet.
Zapman
As most /.ers should know by now, the Chinese government just ordered all ISPs in China to start monitoring
. ,It is glad , :
email for subversive phrases and the like, so just reply to
Chinese spam with little replies of the form at the end of this spam.
Might be a useful tactic on companies who think that unsolicited
email is "just regular advertising".
Bill
"Jack(export manager)" wrote:
>
> Dear Sir
> How are you
>
> We are a lighting factory in China
> to introduce ourselves to you:
>
> I am XUBIN (Jack) , XUBIN is my chinese name , you can just
> call me Jack !! , I am export manager of [deleted]
> China, our group have four factory
[snipped]
>
> Here is our company profile
>
[Rest of sales talk snipped]
(And now, the reply)
Thank you for your coded order. The weapons and ammunition
will ship by way of the usual route in ten days, and you
already know our secret Swiss bank account number to
wire the payment to.
It is a pleasure doing business with you for so long,
and I hope your cause will prevail. I am new to this
particular computer, so I hope the encryption is
working and the monitoring authorities cannot read
what I am sending you.
Long live the Falun Gong! Free Tibet!
Best regards,
Your arms supplier
There's 10 types of people in this world, those who understand binary and those who don't.
I've read a few of the opinions here about why they're uneasy about blocking off entire domains like this, but I still can't see this as anything but a Good Thing(tm).
There are those who are uneasy about blocking off access to a free and open medium. But if the medium is truly free, then you should also be free to block traffic that you don't want. Seriously, if you carry that point of view to its logical conlusion you shouldn't be trying to avoid spam to begin with and reading it should be compulsory. Just because everybody has a voice doesn't mean you have to listen.
Should ISPs be held accountable for the actions of their users? No. But they should be held accountable for their own actions, and one of their actions is aiding and abetting known spamers. They've received the warnings and complaints, they've seen their own mail server traffic and have access to their own logs, and their decision to do nothing implicates them. If a bartender can be held accountable for letting a known drunk drive home and if a gun store owner can be held accountable for selling a gun to a known felon, why shouldn't ISP's be held accountable for selling service to a known spammer?
And as for the legitimate mails that may get blocked by firewalling off Korea or whatever, why should we be held accountable for the foolish choices made by these customers? If anything, blocking their e-mails should be seen as a benefit, allowing the user to learn first-hand the despicable pro-spam tactics of their ISP and make an informed decision. If they don't jump ship after that they deserve what they get.
They're our routers, our mail servers, as long as our actions don't abuse other peoples' resources (like spammers) why shouldn't we do whatever we damn well please with them?
they usually surrender right away ;)
Cultural homogeny is one of the most fascinating aspects of the internet. Sure, in much of Asia, it's traditionally a sign of respect to give an individual a hard copy of your business card. But that in itself is just the most recent evolution of a long tradition of formalised introductions and determining of relative position, and there's no reason to believe that spam will continue to be tolerated by users there (assuming this claim is true) once the novelty value wears off.
I'll go out on a limb to suggest that while UCE within Asia is perhaps currently viewed as synonymous with a business card, given time, when it is viewed in its own light (rather than as just being considered analogous to a traditional activity), it will be viewed with the same contempt and hatred that the rest of the world already has for it.
I'll draw a parallel with email in general in the US and Europe. For those coming late to the party, many early (80's and early 90's, and by the way, I was a Prestel user in the 80's, using my ZX Spectrum and breeze block modem) home and business users of email initially tended to treat it as a letter, starting with "Dear Bob", and taking care with spelling and punctuation. (Don't confuse this with academic users or l33t h4x0rz coming to the medium with a fair idea of what it was and why they wanted it). It took a while to evolve in popular consciousness into more of a informal and disposable post-it note or phone call analog, although really it's in a category all of its own.
So while it's easy for us to scoff in disbelief at the naievete of Asian users now, let's not forget those Dear Bob days. Global consensus will take a while to arrive. And lest we get too high and mighty, it might very well involve a shift in our perceptions as well.
You see, the thing that really bugs me about spam is that it's so moronic and illiterate. "!!!MAKE $$$ FAST!!!" it shrieks, and "you have, nothign to loose!". Call me strange, but if I were (ever, in theory) to receive a small, literate and polite spam that didn't lie about remove options or oversell itself, it just advertised a product, then I'd be far less inclined to spamcop it. The idea of a "business card" type spam is far less loathesome to me than yet another two hundred line "THIS IS NOT A PIRIMID SKAM!!!!!" monstrosity.
If you were blocking sigs, you wouldn't have to read this.
Oh, I'll remember that for my next trip to Asia and have my new business card printed with the message "ask me how to increase the length of your penis" on its back. Must be common courtesy there.
------------------
You may like my a cappella music
The idea goes like this:
Why not have a sort of "Name" tag in email. This tag could be an MD5 Hash of anything you want. If the people who sent you the email knew your name, or any valid name tag that you gave them (Multiple Name tags would be simple, just sort them into folders) You could just supply the "Name" with your email address, something like "Yeah, email me at prudan@example.com, name tag (prudan)" Anything that doesn't have your name tag would be sorted into a spam / unknown folder, or you could even bounce it back saying that the name was invalid.
Some pros and cons to the idea:
Pros:
It will require more processing power for spammers to send out lots and lots of spam. Each message would need its own checksum if they are guessing at a valid name tag.
This would really make it so that you have different email addresses, without all the aliasing. You want to use a business address? Make one of your name tags "Business", and assign that nametag to a folder just for that.
Adding this to email clients would be a trivial task.
Done at the client level, so it adds no server processing overhead.
Cons:
Spammers will start trading name tags too, so changing your MAIN name tag every so often would probably be necessary.
Getting this to be accepted everywhere would be quite a chore.
Maybe this won't work. I don't know.
-- Dan
I hope this has answered your questions.
No replies made to AC posts. Please log in.
To the "Axis of Evil?"
I think that the way to shut them down once for all is to educate people about what spam is and why it should be reported, and above all, not responded to. This way, the market that spammers will target will dry up and then they will stop sending their UCE out.
I've had the fortune (misfortune) to deal with some of this first hand.
About 1.5 years ago I was working for iPlanet as a backline support person. The summer of 2000 we had a rash of Asian telecos running our e-mail server and crashing and burning.
So I got sent to Asia to try and figure out what was going on at our three largest telcos there, Unitel and Hanaro Telecom in Korea and Jiangsu Telecom (can't find their homepage at the moment) in China.
What I found in both cases was frightening. Pro-Serv had done a good job of implementing a mail system that would handle a normal user load just fine. But, in both cases the load was 5 times what was planned for. So the servers we're dying under the load.
After very little investigation it found out that several of the subscribers were spamming via their ISP. When I first pointed this out to the powers that be there I got a blank reply along the lines fo "So?".
As management and I delved into it the opinion that the ISP was forming was that these are customers, we can't just cut them off, they will leave and we will lose money.
I tried the normal counters like, "The abusers are bringing down the service for your normal subscribers. The normal subscribers are getting mad (some even started anti Unitel sites) and they're going to leave in droves if this keeps up. And then all you're going to be left with is a few subscribers who are costing you more in the long run. Bandwidth costs associated with the spamming, hardware upkeep for a few users, etc.
The sysadmins and techs got all this but management was so scared of losing a customer and that customers money that they would not dare do a thing about it.
I ended up leaving both sites having accomplished stabilizing the systems as much as I could but not solving the actual problem, getting the ISP to come up with and enforce some terms of service.
So to me what it comes down to is capitalism run amok, espically in Korea. Management is so blinded by "making it big" they fail to see the real disaster looming on the horizon.
Don't blame uncaring techs, blame the top level for driving this thing into the ground.
At least I can say I had a great time visiting those countries and taking in the other parts of their real culture. But, July in Seoul is miserable.
-- This space intentionally left blank.
we can all fight spammers use spamcop.net
http://Lenny.com
4 great justice!