Spam Slows AT&T Email

jonerik writes: "MSNBC has this article about AT&T's frustration with the increasing quantity and sophistication of spam traffic. As has been noted here already, much of it these days is originating from Asia and, according to the article, 'now represents 20 percent of all e-mail floating around the Internet.'"

Designated email deliverer.

[satanami69]

The only reason that spam is a problem is because everyone has access to email you at your email address. It's the same problem with your phone. Anyone can punch in your number from their phone and dail you directly.

Your P.O box, however, can only be given mail from the actual Post Office. (I'm making an open-relay analogy) Nobody can walk in from the street and legally place mail into your mailbox. Although using a Post Office type deliverer for mail won't filter any spam, it will keep messages that are sent from outside the "post office" deliverer.

So, we need to decide that email doesn't work for private internet messages and come up with a different tool for getting personal messages online, otherwise we will continue to get spam.

Re:duh, challenge response!

[DrSkwid]

That way the route of email is from your ISP to their ISP

So I should shut my mailserver off because YOU get too much spam, I think not.

and oh, my ISP made the mistake of having the web server release the /etc/passwd file through an shtml include and now EVERYONE from that ISP is being regularly spammed. Worse bit is I told them about the vulnerability 3 years ago!!

IPs that try to connect more than N times in L seconds.
gosh I'm sure the spammers will never notice that one

I cant get to the hash cash but if it's the old "generate a hash key for each email" it's equally flawed. Spammers have plenty of time

TMDA is one way, to prevent you from seeing spam

Optionally publish valid mail servers for domains

I often get email where the from domain claims to be yahoo.com, but it was sent via an as-yet un-rbl'd server. As it stands your smtp server will accept a mail from anywhere not in a block list, with no checking on whether the server sending you the mail is a legitimate server for that email's claimed from address.

In the same way that RBLs are published via DNS records, it could be useful to have a scheme whereby for your email domain you can advertise (via dns) what hosts are authorised to send email for that domain.

So a mail comes in from a yahoo.com address, you do a dns lookup on the incoming connections ip address appended to validservers.yahoo.com or whatever the convention decided upon is, and the result would tell you if it's valid. You'd also need a way to check that yahoo.com is actually advertising the valid mail servers (and if it isn't, you failsafe and accept the mail).

This scheme wouldn't be compulsory, and would probably be suited mainly to free email providers, large corporates. The downside of it is that if you have a yahoo.com address, but want to run your own smtp server to deliver your mails, then you'd fall foul of such a system. I don't think that's a biggy though - if you could run your own smtp server, you'd probably not use a yahoo.com address you'd have your own domain :).

While I'm rambling, another system which could be done is a protocol for verifying email addresses (you could also do this via dns too, I guess, but dns is getting cluttered enough as it is). For a given email domain it has an entry (in dns) for an email address verification server. When an email comes in, you check if there's a verification server for the source domain of the email, and if so try connect to it, and then submit the email address for verification. Depending on whether it says yay or nay, you accept or reject the mail. If they're not running a verification service, you just failsafe. I know SMTP vrfy exists, but sites often turn it off, or it doesn't do anything useful as the external server is just forwarding mail, etc etc.

These systems wouldn't be so useful until they got adopted by hotmail.com, yahoo.com, eudoramail.com, aol.com etc, and I'm sure people have toyed with these ideas before and maybe there are downsides which outweight the benefits or maybe someone knows of implementations of such a thing.

AT&T reaps what is sows.

When I've e-mail AT&T about people using their dial-ups to then contact open relays, the reaction of AT&T is:

Not from our network. Problem closed.

So, I have little compassion for AT&T.

20 percent...?

--- BEGIN PARANOID RANT ---
So I guess since they know what 20% of Internet e-mail traffic is... they must be monitoring 100% of it... Hey AT&T, can you give us a pie chart that categorizes all e-mail sent throughout the Internet...? I'd like to see the data points; and even more interestingly, how you got them.
--- END PARANOID RANT ---

Re:Spam from Asia?

[SkewlD00d]

The DMA is hard at work, mail-bombing the world.

Can we classify spammers as terrorists? How about the Church of $cientology?

email for the DMA: mailto:wboell@dma.net sign them up for some porn ads. =P

Re:duh, challenge response!

[tomstdenis]

Use a point system. For each unique IP that hits you they have a score. Starting at 0 [neutral] which can be reset every L seconds [say every day] then when you get abuse reduce the score and when you get good packets increase the score.

Then you can setup some form of payment scheme based on the scheme. Like if an IP has a score of -5 they must do the equivalent of 5 seconds of work [say find a 24-bit hash collision given a challenge from the server] before the email is even processed. That way if a server keeps abusing your server they will not get much through quickly. You can even perform one sided signatures to verify they didn't make up the challenges.

For example,

your server has a random key [fixed] say 128-bits call it K

When I want to send a message you send me a timestamp T, a challenge string R and the result of V = hash(T || R || K) where || means concatenation.

I then have to find a k-bit collision for hash(T || R) which I send back with V, T and R. The server can then verify that the packet is legit since it can check that hash(T || R || K) == V [these are the values sent back except K which only the server knows]. The server can then check that the collision is valid.

Some basic rules for scoring [e.g. demerits]

1. Sent from any type of relay
2. Sender matches a known abuser [i.e ORBS list or something]
3. reply-to does not point to the address of the sender [e.g. fake reply address] or otherwise invalid return path.
4. message matches some known heuristics [e.g. virus, worm, spam]
5. Sender has tried to open a port L times in the past N seconds.

[etc]

That won't stop people from openning a zillion connections but it will stop spam from reaching the end consumer as quickly [not entirely] as before.

This is also less user oriented. This system is intended to punish the ISP not the end users. So an ISP which has low ratings will have to clean up their act on their own [e.g. its in their own interest].

You're thinking "so you want my server todo work?" here's the beauty of the scheme though. If you have a >= 0 rating then the other server will not make you do any work. So as long as your system is clean there is no pain.

Tom

The enemy is obvious.

[Erris]

As the wired article points out, email itself is under attack here. Yesterday, I got a stupid snail mail advert from Earthlink with much the same stuff in it as I'm reading here. While promissing "raw unfiltered internet" they also claimed to be blocking more "spam"(70%) than other ISPs, AOL (40%), MSN(40%), ATT(40%). As you can see, spam is a marketing tool. Should we be supprised when compainies with the morals of M$ abuse open relays to send messages like "fck me like a slut"? Would it be supprising if a large country trying to halt communications between it's people and other countries also abused email? The abusers all have the same goal, to destroy email. The more you block, the happier they are.

Re:duh, challenge response!

A white list system would solve most of the spam problem, but the users' security would be seriously compromised. If such a "friends list" existed for any user, it could and probably would be accessed by government or others for nefarious purposes.

Why not have all MTA software identify itself as an open or closed relay? For each MTA that does not identify itself as closed, Helpful administrators elsewhere could then have a message automatically sent to the relay's administrator. The message could include an attached patch or other means to stop the relaying.

An MTA that identifies itself as closed to relaying, but which relays anyway, would provide enough reason to be blocked.

20% of all emails...

[tcc]

See? this is where I think the Gov. is failing. We got something that we all commonly HATE: SPAM.

We have a common target on which we'd love to see some LEGISTLATION against it, for once.

And what is the Gov. doing? Passing laws left and right to protect big corporation, to reduce your rights as consumers, to be a complete pain in the ass and give themselves the right to sue the planet, but what is being done for the VOTERS, the USERS, the people paying the tax dollars?

Well this is one case of an EASY win of public opinion, heck, they could even pass a few bad things without people noticing it because we'd be so impressed that our elected people actually did something for the PEOPLE.

Ok this sounds like I am frustrated against the system but you get the idea... of course a global spam law and action will be taken one day... when all the big corporations will be really pissed. Or major ISP be fed up paying bandwidth for SPAM, Look now AT&T is starting the run, shouldn't take long now before we get something out of this.

I think blocking ASIA would be a good thing, a pain in the start, obviously, but for a good cause, when they'll see they can't conduct buisness properly, they'll move and close those open relays and hey, screw human rights on spammer, you can KILL the biggest of them and I don't see anyone here who'll be really upset, for once :).

Spam is doing 20% of the global traffic, the numbers are about right with what I see in my mailbox, as for my hotmail mailbox though, it's more like 95%.