Spam Slows AT&T Email

jonerik writes: "MSNBC has this article about AT&T's frustration with the increasing quantity and sophistication of spam traffic. As has been noted here already, much of it these days is originating from Asia and, according to the article, 'now represents 20 percent of all e-mail floating around the Internet.'"

Spam Assassin, netblock ORBS

[Cally]

The most recent Need To Know has a good piece on Spam Assassin which uses a clever points-weighted rulebase and apparently has an excellent accuracy rate. What's more it comes with a ISP-friendly daemon mode. Presumably AOL would have some scalability issues, but I'm sure this is a fixable problem.

The other possibility is a net-block equivalent of ORBS. Some on the Sec-Focus Incidents list (and other fora, over the years) have bounced around the idea of blocking netoblocks who'#s POCs don't work, or who don't have or respond to mail to the RFC-mandated abuse@, security@, hostmaster@,.. standard mail accounts. I'm all in favour. Automate probes, the way ORBS did for anonymous relays. I think this would be a Good Thing. People do have a legitimate need to communicate between Asia, America and Europe: simply dropping everything from .kr is evil and wrong, IMHO.

Finally - y'all know that anonymous HTTP proxies are just as bad, if not worse, than traditional open mail relays? Just testing ;)

Re:Any open relay honey traps?

[digitalsushi]

*shrug* maybe this will help, here

http://www.iks-jena.de/mitarb/lutz/usenet/teergrub e.en.html

Re:Spam from Asia?

[Teun]

I'm afraid I have to agree, it might have been sent from / through asian servers but the products advertised are near exclusively American. And for the largest part useless and/or unobtainable here in Europe.

What the rest of the world needs is legislation (not only!) in the US against those trying to sell via this irritating system.

AT&T, other ISPs should take advantage of this

[Silas]

I hope that AT&T tells their customers exactly what happened: "your mail was delayed because of spam". This is just the kind of incident that would help educate the masses that spam is a very real problem that needs immediate attention.

I agree with the other posters who note that the economics of Spamming need to be reversed in order to stop it, but I think that, even before that, public opinion needs to be swayed such that it is perceived as a significant problem worth addressing all over the place, not just at one ISP or for one open relay. A lot of people have just gotten used to ignoring/deleting 5, 20, 100 spam messages per day. "It's just part of using the Internet, right?" This needs to change. When things like the AT&T congestion happen, they should be used to get the public a little more outraged.

Korean Spam is the Worst

[Nova+Express]

I think, if anything, the article understates the Asian Spam Problem. Over half of the Spam I get is from Korea, and 90% of that is Korean language spam. I have complained literally hundreds of times to the various Korean Spam domains involved (kornet.net is the worst, but hananet.net, thrunet.com, and dreamx.net aren't far behind), to every "official" e-mail address I could find or think of (see below), all to no avail. In fact, the amount of spam actually increased. If any Slashdot readers actually speak Korean, you might send e-mail to the following addresses and let them know that their spam problem is so bad that rest of the Internet is in the process of blocking all e-mail from all of Korea in response to their sins.

Kornet.net (the biggest offender)

abuse@kornet.net, ip@ns.kornet.net, ip@ns.kornet21.net, domain@NS.KORNET.NET, donghk@soback.kornet.net, ever@kt.co.kr, jeonnam3@soback.kornet.net, jeon@kornet.net, jeonbuk3@kornet.net, koreatelecom@KORNET.NET, gfd5246@soback.kornet.net, gspark@kornet.net, help@KORNET.NET, helpdesk@KORNET.NET, haewha1@soback.kornet.net, heyeunmi@kornet.net, kmhno1@soback.kornet.net, hopewon3@soback.kornet.net, kgromc@soback.kornet21.net, kmhno1@soback.kornet.net, legal@KORNET.NET, network@kornet.net, packet@soback.kornet.net, postmaster@kornet.net, postmaster@soback.kornet.net, postmaster@ns.kornet.net, postmaster@soback.kornet.net, pusanpub@soback.kornet.net, root@soback.kornet.net, root@kt.co.kr, service@kornet.net, support@kornet.net, system@kornet.net, yjjeon61@kornet.net, abuse@ns.kornet21.net, domain@ns.kornet21.net, network@ns.kornet21.net, postmaster@ns.kornet21.net, resume@kornet.net, root@ns.kornet21.net, service@ns.kornet21.net, support@ns.kornet21.net, system@ns.kornet21.net, wong@kornet.net, abuse@ASADAL.NET, postmaster@ASADAL.NET,

Itnsoft.com (the #1 spamvertised Korean domain)

abuse@itnsoft.com, help@itnsoft.com, ip@ns.kornet.net, hostmaster@nic.or.kr, marom@itnsoft.com, postmaster@itnsoft.com, root@itnsoft.com, eglee@yesnic.com, info@yesnic.com, hostmaster@yesnic.com, postmaster@yesnic.com, eglee@whois.co.kr, postmaster@whois.co.kr, whois@whois.co.kr, brkim@INWANG.NOWCOM.CO.KR, domain@NOWNURI.NET, busisik@nownuri.net, kbr@nownuri.net, memory@nownuri.net, abuse@nownuri.net, postmaster@nownuri.net,

DreamX.net (Korean porn spam, mostly)

abuse@dreamx.net, abuse@cjdream.net, abuse@todream.net, admin@dreamx.net, admin@cjdream.net, administration@dreamx.net, administration@cjdream.net, billing@DREAMX.NET, billing@cjdream.net, brkim@cjdream.com, dns@dreamx.net, dns@cjdream.net, dnsadmin@dreamx.net, dnsadmin@cjdream.net, domain@DREAMX.NET, domain@todream.net, domains@DREAMX.NET, domain@todream.net, feedback@DREAMX.NET, feedback@cjdream.net, help@DREAMX.NET, help@cjdream.net, helpdesk@DREAMX.NET, helpdesk@cjdream.net, hostmaster@dreamx.net, hostmaster@cjdream.net, inhanna@cjdream.net, info@dreamx.net, info@cjdream.net, jyan@dreamx.net, jyan@cjdream.net, ley319@dreamx.net, loveabuse@dreamx.net, loveabuse@cjdream.net, mail@dreamx.net, mail@cjdream.net, mgr@cjdream.com, news@dreamx.net, news@cjdream.net, newsabuse@dreamx.net, newsabuse@cjdream.net, postmaster@dreamx.net, postmaster@todream.net, raven3@dreamx.net, raven3@empal.com, root@dreamx.net, root@cjdream.net, soip@cjdream.com, sales@dreamx.net, sales@cjdream.net, sbkim091@dreamx.net, sbkim091@cjdream.net, service@DREAMX.NET, service@cjdream.net, solhan@cjdream.net, spam@DREAMX.NET, spam@cjdream.net, support@cjdream.net, support@dreamx.net, sysop@DREAMX.NET, sysop@cjdream.net, sysop@todream.net, tech@dreamx.net, tech@cjdream.net, technical@dreamx.net, technical@cjdream.net, technicalsupport@dreamx.net, technicalsupport@cjdream.net, system@cjdream.net, system@dreamx.net, sysop@todream.net, ykshin@cjdream.net, ykshin@dreamx.net, eglee@yesnic.com, info@yesnic.com, hostmaster@yesnic.com, eglee@whois.co.kr, brkim@INWANG.NOWCOM.CO.KR, domain@NOWNURI.NET, kbr@nownuri.net, memory@nownuri.net, busisik@nownuri.net, abuse@nownuri.net, postmaster@nownuri.net, inhanna@sysone.co.kr,

Thrunet.com

abuse@thrunet.com, abuse@korea.com, admin@thrunet.com, admin@korea.com, administration@thrunet.com, dns@thrunet.com, dns@korea.com, dnsadmin@thrunet.com, domain@thrunet.com, feedback@thrunet.com, feedback@korea.com, help@thrunet.com, helpdesk@thrunet.com, hostmaster@thrunet.com, mail@thrunet.com, mail@korea.com, news@thrunet.com, news@korea.com, newsabuse@thrunet.com, postmaster@thrunet.com, postmaster@korea.com, root@thrunet.com, service@thrunet.com, support@thrunet.com, sysop@thrunet.com, tech@thrunet.com, tech@korea.com, technical@thrunet.com, technical@korea.com, technicalsupport@thrunet.com, youngkim@thrunet.com, youngkim@korea.com, hostmaster@nic.or.kr,

hananet.net

abuse@hananet.net, bluelinux@hananet.net, domain@hananet.net, domains@hananet.net, feedback@hananet.net, help@hananet.net, helpdesk@hananet.net, info@hananet.net, hostmaster@hananet.net, lee@hananet.net, linux@hananet.net, news@hananet.net, postmaster@hananet.net, root@hananet.net, service@hananet.net, spam@hananet.net, support@hananet.net, system@hananet.net, sysop@hananet.net, tech@hananet.net, technical@hananet.net, webmaster@hananet.net, WooJooLee@hananet.net, WJLee@hananet.net, ysjeon7@hananet.net, bspark@kci.co.kr, bluelinux@YAHOO.CO.KR, abuse@YAHOO.CO.KR, postmaster@YAHOO.CO.KR,

KIDC.NET

abuse@KIDC.NET, billing@KIDC.NET, dnsadm@KIDC.NET, domain@KIDC.NET, guard@kidc.net, helpdesk@KIDC.NET, hostmaster@KIDC.NET, hostmast@KIDC.NET, hjryu@kidc.net, ishan96@kidc.net, postmaster@KIDC.NET, root@KIDC.NET, security@kidc.net, support@KIDC.NET, abuse@BORA.NET, anti1473@bora.net, b4012391@users.bora.net, badmail@bora.net, billing@BORA.NET, dnsadm@BORA.NET, domain@BORA.NET, help@BORA.NET, ipadm@bora.net, ipadm@nic.bora.net, hostmast@BORA.NET, lyt082@bora.net, news@BORA.NET, postmaster@BORA.NET, root@BORA.NET, security@BORA.NET, sysop@BORA.NET, ysjeon7@bora.net, sexxkorea@hanmail.net, abuse@hanmail.net, postmaster@hanmail.net, hostmaster@hanmail.net, abuse@chollian.net, muscle73@chollian.net, zcedomain@chollian.net, znotice5@chollian.net, abuse@kr.iasiaworks.com, postmaster@kr.iasiaworks.com, webmaster@kr.iasiaworks.com, 1004@domain1004.com, I@i1004.com,

Re:Not a problem

[erroneus]

I beg to differ with you on many points:

FIRST! Filtering at the receiving end is not the answer... at least not the whole answer and doesn't address all the other problems. The filter does not prevent the use of bandwidth!! It merely prevents the packets from being processed beyond initial reception and inspection. So the badthwidth is still being eaten.

SECOND! As another reader/writer has commented, in order to own an internet domain, a valid email address MUST be supplied. This is completely unavoidable. And simply being 'vulnerable' is not an excuse or justification for someone else to unfairly exploit your resources!!!

I also use ATTBI but I don't use the email service they provide. I guess it means I don't get the updates, bulletins and other information but asside from having essential connectivity, I get my services from elsewhere. I'm very happy with that arrangement.