Spam Slows AT&T Email

jonerik writes: "MSNBC has this article about AT&T's frustration with the increasing quantity and sophistication of spam traffic. As has been noted here already, much of it these days is originating from Asia and, according to the article, 'now represents 20 percent of all e-mail floating around the Internet.'"

War on Spam

[October_30th]

Spammers are mostly American, but they hijack Asian mail-relays that have been left open.

The War on Spam must be fought on several fronts, not just one. These evildoers can be defeated by striking them in American courts and fixing the open-relay problem in Asia.

Re:Spam from Asia?

[Khalid]

I am in Europe and 99,99% percent of the SPAM I get is from US !

Re:Designated email deliverer.

If email weren't open it would never reached the success it has.

Spam ...

[nosfucious]

This ongoing 'war on spam' will only really be dealt with when two things happen:

1 Sysadmins living in a 'clue fee zone' must be wised up. This means, amoung other things, more education for sysadmins, better products and documentation, better or more translations of documentation, etc. It should be easy to obtain documentation in your local language. Every HOWTO has to have an accurate, up to date translation readily available. As should documentation for proprietory products.

I don't like viruses nor encourage illegal break-and-enter of another person's computer, but a 'whitehat' virus that shuts down the relay component of an email server would be damn handy.

2 The economics of SPAM must be altered, literally turned on their head. It costs to receive bandwidth, but (generally) little, or none at all. (The obvious exception is when you have a bandwidth intensive site that requires nice fat outward pipes). It costs so little to send, just electricity, enough money for a bulk sender (off the shelf or home brewed) and a net connection. Pay the real cost of outgoing mail and watch the volume of spam decrease to an approximation of zero.

Don't know how this last one will be achieved except via a totally new version of 'the net' (or at least a new set of RFC's).

Re:Spam ...

[stesch]

Sysadmins who can't read english documentation can't read english spam complaints either.

Any open relay honey traps?

[reemul]

I've seen code to trap the spiders the spammers use and fill up their databases with crap. What I haven't seen is a honeypot designed just for spammers - a box that *looks* like an open relay, but not only doesn't forward the spam messages, it logs and possibly automagically retailiates against the originator. The anti-spam groups have had good luck attracting spam with email addresses set aside for that purpose, but we need to take it to the next level and have some anti-spam servers. Maybe just a simple bot to start listening on port 25 and responding like known weak versions of sendmail when accessed would do. Any of the mighty code ghods here at /. want to see what they can come up with?

Re:Any open relay honey traps?

[gewalker]

I think this sounds like a great idea.

Then I thought about it for minute, and said to myself -- that just means the spammers will learn to test for honeypotness, and the technology based war just has another exchange, but the war is still ongoing.

My father was a businessman, and he first exposed to the Internetet email concept about 6 years ago when I explained it all to him. His first non-technical question was, "Who pays for the email?" I should have listened to him. Instead, I said that it was basically too cheap to meter, whereas he saw it as a potential for abusive business practices because he remembered history where the first postal service made the recipient of the mail pay for the delivery, but was changed to the sender fairly quicker because of the abuse.

The war on spam is the good war of our generation, but I'm afraid it may be the war of our kids generation too unless we get serious about nuking the spammers.

Re:Any open relay honey traps?

[lar3ry]

This is a nice idea in theory, but there are some reasons why it won't work:

• Running any open relay, even a honey pot, is probably against most ISP's AUP. Breaking the rules to get to the others that are doing bad things is never a good idea: two wrongs don't make a right.
  
• Some ISPs use some standard tools to check their customers to see if they are running open relays. If those tools hit a honey pot, the customer who is actually attemping to fight SPAM, will actually receive a notice that they are running an open relay against the AUP, or may even get disconnected without notice.
  
• As mentioned before, it is simple to check if an open relay is actually a honey pot: have the relay send email to a known location. If the email doesn't get delivered, the spammer will know that something different is happening with this apparent relay, and will just move on to the next one.

Interesting thought, anyway.

Re:duh, challenge response!

[digitalsushi]

I am a netadmin for an ISP, and I can agree, spam is really just a horrible thing. I get about 70 spams per day per box. When I look at all the things we need to combat on a continuing basis, I feel sad.

Then I think to myself, "this isn't working. there needs to be a fundamental change to how we receive email."

And the first thing that pops into my mind, is white list email. Well, there goes 100% of the spam problem, unless you have sleazy friends.

What happens when someone not on your list sends you an email that you actually need to get? *sigh* It then falls back to us fighting the loosing battle.

Re:Spam from Asia?

[Eggplant62]

They blame it on Asia due to the high number of open relays and unsecured (socks|http) proxies that spammers have found in that area. I personally have quite lengthy .procmailrc and iptables files that include huge chunks of China, Taiwan, Japan, Korea, the Netherlands, France, Costa Rica, Argentina *and* the US, because these areas are either too ignorant to run a mailserver properly (as evidenced by the huge number of ancient sendmail configs; I'd imagine they're having a terrible time grokkin' the sendmail docs).

Add to that the number of purely malicious individuals taking their spammy little affairs to servers outside the US to keep bulletproof status, and of course they're going to blame Asia!

He who does nothing to aid us is our enemy, or I think President Shrub said something like that.

Re:Spam from Asia?

[Arker]

Just goes to show the level of technical (in)comprehension among suits and reporters. Both groups seem to have a difficult time using simple words like "originate" properly.

Most of the spam I get comes *via* asia (with a rising amount coming from Spain and Portugal lately too) because there are a lot of abusable relays in those areas. But the actual *origin* for most of it seems to be some guy with a cable modem in Arizona.

Oh, btw, it's just as annoying getting spam for it when you are here in the USA, spam is just annoying period. The most annoying spam I think is when it's for something I might actually be interested in - because there is no way I'd buy ANYTHING that's spamvertised, so a spammer could actually cause me not to get something I want. That's pretty rare though. I think the last time that happened was probably when I got spammed by a BeOS distributor a year or more back.

Re:You were speaking as a dullard.

[fmaxwell]

One is regulation (which would be cumbersome and probably ineffective, given the global nature of the Internet)

I must disagree. Most spammers are not multi-national corporations trying to attract customers from all over the world. Most spammers have P.O. boxes, toll-free phone numbers, and web sites. Give law enforcement the ability to track these people down, freeze their assets, confiscate their computers, and press charges against them and the spam problem will largely go away. Junk faxes, once a scourge threatening to become as pervasive as spam, has been effectively curtailed with Title 47, Section 227. While there are the occasional junk faxes, the number of them is inconsequential compared to what it was and what it was headed towards.

Technical solutions are being actively developed and some of them are damned effective when installed at a mail server. But such tools, without legislation to address the problem, are analogous to having a bullet-proof vest in a society where it is legal to shoot peopls. Advanced filtering products should be used as an adjunct to tough anti-spam laws, not instead of them.

Re:Blocking port 25

[coyote-san]

I'm not sure how this is related to the prior comment....

Anyway, blocking outgoing port 25 is a stupid idea. Many of us work from home and have our own domains, and we legitimately want to have our outgoing mail show our own domains, not @attbi.com or @rr.com or whatever.

There are also some practical problems:

• Can we even connect to outgoing mail filters? Some ISPs are switching to web interfaces (think Hotmail or Yahoo mail) and don't accept outgoing SMTP traffic.
  
• If we can connect, do we get mandatory advertising copy inserted? Nothing makes a contract bid look professional like a footer encouraging the recipient to sign up for some cheap ISP. (Even if this isn't common, yet, there can be some weird stuff added or changed in the headers.)
  
• Some misguided sites are now cross-referencing header and DNS information, with the result that anyone using their own domain but their ISP's mail gateway will be blocked as spam. Direct connections stil get through.
  
• Finally, there's the basic concern that the ISP could be logging email sent through their system. Yes I know about encryption, but I also know how incredibly hard it is to get people to use it. With my own mail server I can set up my system to use STARTTLS, but with an ISP mail server I may not have encryption on either leg.
  

Problematic for many users

[Corgha]

The downside of it is that if you have a yahoo.com address, but want to run your own smtp server to deliver your mails, then you'd fall foul of such a system. I don't think that's a biggy though - if you could run your own smtp server, you'd probably not use a yahoo.com address you'd have your own domain :).

Actually, this is a pretty big downside for many users. Every once in a while, someone proposes a similar scheme that makes it hard or impossible to "forge" From addresses. This is not exactly that, but it's close enough. The problem is that this is a perfectly legitimate and necessary use of email, and is, in fact, discussed in RFC 822.

The basic problem is that many of us wear quite a few different hats, each of which has one or more email addresses. Suppose I want to send an email using my personal address while I'm at work, or my work address while I'm at home. Suppose I need to reply to some email sent to an official address using that official address as the header From, and that I also want bounces to go to that address so that others at that address can see if my reply was not sufficient (requiring a change in the envelope From). Maybe I do run my own smtp server and domain, but I want to use my spam-trapping yahoo address to reply to yahoo mail (for privacy reasons), and I want to use mutt instead of some stupid web interface. Maybe I'm a sysadmin who wants to set up a number of forwarding addresses (perhaps official addresses for some project on some domain). Now my one-way service has to be a two-way service; instead of just editing the aliases file, I have to set up an account for each of the people who needs to send mail. These are just some of the things that I happen to do on a daily basis and that adoption of your system might make impossible or more of a pain.

Sure, a lot of times this can be solved by some sort of remote access or SMTP auth, but it would certainly be less convenient (especially because some sites are difficult to access remotely). The bigger problems are social: many of the users I know who do these sorts of things aren't the most technically-savvy; many domains are unlikely to introduce the features necessary for full remote access (so then it becomes less of an inconvenience and more of a loss of service).

The good thing about your proposal is that it's opt-in for the sender's domain (whereas most others are opt-in for the recipient's domain), and it therefore gives a domain more control over its email addresses (as opposed to less with other schemes). It allows example.com to say "we want mail from addresses in our domain sent out via only our servers." Presently, anti-relaying provisions in servers make it possible to say "we want only mail from addresses in our domain sent out via our servers." This just completes things.

I guess it depends on your perspective. As a sysadmin, I'd be happy to have the power to turn this on for my domain (though I probably wouldn't, and other domains might not use it -- look at how terrible people are with MX records). As a user, I'd be unhappy if one of my sysadmins turned it on, but happy if some of the domains spammers use and I don't use turned it on. I guess it might be sort of a "not in my backyard" issue, which might limit its adoption. Another problem might be sysadmins that block domains which don't have these records, thus taking the power away from the sender's domain again.

While I'm rambling
While I'm ramblingly replying:

When an email comes in, you check if there's a verification server for the source domain of the email, and if so try connect to it, and then submit the email address for verification. [...] I know SMTP vrfy exists, but sites often turn it off

They turn it off because it can be abused by spammers looking for valid addresses or is in some other way a privacy concern. What you propose is functionally equivalent to VRFY (except that it can run on a different server), so I doubt it would be turned on either. However, it might not be a bad thing for servers to *try* to VRFY an address, and only block if VRFY returns "no such user" (not "permission denied"). If a separate protocol and server is desirable, there is always good old finger (though it's maybe a little too free-form), but VRFY makes more sense, as the primary mail servers should know to whom they can deliver mail.

Unidentified Internet marketer

[dreamquick]

Quote:

"According to Brightmail spokesperson Francois Lavaste, an unidentified Internet marketer overwhelmed Brightmail's filtering system with messages, slowing down all e-mail delivery."

Why not name and shame them?

If they used their own servers then you know who they are, and if they didnt (although the sheer volume means it is very unlikely they could have used an open-relay unnoticed) then trace them back and make an example of them.

They are clearly a professional operation so bad press is going to make them look really bad in front of their existing clients, and if you tried hard enough you could have great fun suing them for all they were worth...

Urgent need!

Dear Mr. Silas,

I am in urgent need of your assistance. Based on your /. post, I feel I can trust you with a proposition that is not fully legal but that you will find to be potentially advantageous. My name is Mbutu Rasavi. I am the son of the under-secretary of human disposal in Nigeria. Due to political instability in my country, my family and I will soon be forced to leave. We have $47,563,083 in discreet funds that we must quickly transfer to a foreign account. If you would be willing to proxy this transaction through your own account, we will reward you with 10% of the funds.

You are my only hope.

If you are interested in this proposition, please save time by putting $10,000 in a brown paper bag, along with your own severed head, and ship it to the following address:

1337 Llama Dr.
IKantBLevHowDumbPplR, Nigeria

Hurry.

-Mbutu