Spam Slows AT&T Email

jonerik writes: "MSNBC has this article about AT&T's frustration with the increasing quantity and sophistication of spam traffic. As has been noted here already, much of it these days is originating from Asia and, according to the article, 'now represents 20 percent of all e-mail floating around the Internet.'"

Designated email deliverer.

[satanami69]

The only reason that spam is a problem is because everyone has access to email you at your email address. It's the same problem with your phone. Anyone can punch in your number from their phone and dail you directly.

Your P.O box, however, can only be given mail from the actual Post Office. (I'm making an open-relay analogy) Nobody can walk in from the street and legally place mail into your mailbox. Although using a Post Office type deliverer for mail won't filter any spam, it will keep messages that are sent from outside the "post office" deliverer.

So, we need to decide that email doesn't work for private internet messages and come up with a different tool for getting personal messages online, otherwise we will continue to get spam.

Re:duh, challenge response!

[DrSkwid]

That way the route of email is from your ISP to their ISP

So I should shut my mailserver off because YOU get too much spam, I think not.

and oh, my ISP made the mistake of having the web server release the /etc/passwd file through an shtml include and now EVERYONE from that ISP is being regularly spammed. Worse bit is I told them about the vulnerability 3 years ago!!

IPs that try to connect more than N times in L seconds.
gosh I'm sure the spammers will never notice that one

I cant get to the hash cash but if it's the old "generate a hash key for each email" it's equally flawed. Spammers have plenty of time

TMDA is one way, to prevent you from seeing spam

Optionally publish valid mail servers for domains

I often get email where the from domain claims to be yahoo.com, but it was sent via an as-yet un-rbl'd server. As it stands your smtp server will accept a mail from anywhere not in a block list, with no checking on whether the server sending you the mail is a legitimate server for that email's claimed from address.

In the same way that RBLs are published via DNS records, it could be useful to have a scheme whereby for your email domain you can advertise (via dns) what hosts are authorised to send email for that domain.

So a mail comes in from a yahoo.com address, you do a dns lookup on the incoming connections ip address appended to validservers.yahoo.com or whatever the convention decided upon is, and the result would tell you if it's valid. You'd also need a way to check that yahoo.com is actually advertising the valid mail servers (and if it isn't, you failsafe and accept the mail).

This scheme wouldn't be compulsory, and would probably be suited mainly to free email providers, large corporates. The downside of it is that if you have a yahoo.com address, but want to run your own smtp server to deliver your mails, then you'd fall foul of such a system. I don't think that's a biggy though - if you could run your own smtp server, you'd probably not use a yahoo.com address you'd have your own domain :).

While I'm rambling, another system which could be done is a protocol for verifying email addresses (you could also do this via dns too, I guess, but dns is getting cluttered enough as it is). For a given email domain it has an entry (in dns) for an email address verification server. When an email comes in, you check if there's a verification server for the source domain of the email, and if so try connect to it, and then submit the email address for verification. Depending on whether it says yay or nay, you accept or reject the mail. If they're not running a verification service, you just failsafe. I know SMTP vrfy exists, but sites often turn it off, or it doesn't do anything useful as the external server is just forwarding mail, etc etc.

These systems wouldn't be so useful until they got adopted by hotmail.com, yahoo.com, eudoramail.com, aol.com etc, and I'm sure people have toyed with these ideas before and maybe there are downsides which outweight the benefits or maybe someone knows of implementations of such a thing.

20% of all emails...

[tcc]

See? this is where I think the Gov. is failing. We got something that we all commonly HATE: SPAM.

We have a common target on which we'd love to see some LEGISTLATION against it, for once.

And what is the Gov. doing? Passing laws left and right to protect big corporation, to reduce your rights as consumers, to be a complete pain in the ass and give themselves the right to sue the planet, but what is being done for the VOTERS, the USERS, the people paying the tax dollars?

Well this is one case of an EASY win of public opinion, heck, they could even pass a few bad things without people noticing it because we'd be so impressed that our elected people actually did something for the PEOPLE.

Ok this sounds like I am frustrated against the system but you get the idea... of course a global spam law and action will be taken one day... when all the big corporations will be really pissed. Or major ISP be fed up paying bandwidth for SPAM, Look now AT&T is starting the run, shouldn't take long now before we get something out of this.

I think blocking ASIA would be a good thing, a pain in the start, obviously, but for a good cause, when they'll see they can't conduct buisness properly, they'll move and close those open relays and hey, screw human rights on spammer, you can KILL the biggest of them and I don't see anyone here who'll be really upset, for once :).

Spam is doing 20% of the global traffic, the numbers are about right with what I see in my mailbox, as for my hotmail mailbox though, it's more like 95%.