Spam Slows AT&T Email

jonerik writes: "MSNBC has this article about AT&T's frustration with the increasing quantity and sophistication of spam traffic. As has been noted here already, much of it these days is originating from Asia and, according to the article, 'now represents 20 percent of all e-mail floating around the Internet.'"

War on Spam

[October_30th]

Spammers are mostly American, but they hijack Asian mail-relays that have been left open.

The War on Spam must be fought on several fronts, not just one. These evildoers can be defeated by striking them in American courts and fixing the open-relay problem in Asia.

Spam ...

[nosfucious]

This ongoing 'war on spam' will only really be dealt with when two things happen:

1 Sysadmins living in a 'clue fee zone' must be wised up. This means, amoung other things, more education for sysadmins, better products and documentation, better or more translations of documentation, etc. It should be easy to obtain documentation in your local language. Every HOWTO has to have an accurate, up to date translation readily available. As should documentation for proprietory products.

I don't like viruses nor encourage illegal break-and-enter of another person's computer, but a 'whitehat' virus that shuts down the relay component of an email server would be damn handy.

2 The economics of SPAM must be altered, literally turned on their head. It costs to receive bandwidth, but (generally) little, or none at all. (The obvious exception is when you have a bandwidth intensive site that requires nice fat outward pipes). It costs so little to send, just electricity, enough money for a bulk sender (off the shelf or home brewed) and a net connection. Pay the real cost of outgoing mail and watch the volume of spam decrease to an approximation of zero.

Don't know how this last one will be achieved except via a totally new version of 'the net' (or at least a new set of RFC's).

Any open relay honey traps?

[reemul]

I've seen code to trap the spiders the spammers use and fill up their databases with crap. What I haven't seen is a honeypot designed just for spammers - a box that *looks* like an open relay, but not only doesn't forward the spam messages, it logs and possibly automagically retailiates against the originator. The anti-spam groups have had good luck attracting spam with email addresses set aside for that purpose, but we need to take it to the next level and have some anti-spam servers. Maybe just a simple bot to start listening on port 25 and responding like known weak versions of sendmail when accessed would do. Any of the mighty code ghods here at /. want to see what they can come up with?

Re:Any open relay honey traps?

[gewalker]

I think this sounds like a great idea.

Then I thought about it for minute, and said to myself -- that just means the spammers will learn to test for honeypotness, and the technology based war just has another exchange, but the war is still ongoing.

My father was a businessman, and he first exposed to the Internetet email concept about 6 years ago when I explained it all to him. His first non-technical question was, "Who pays for the email?" I should have listened to him. Instead, I said that it was basically too cheap to meter, whereas he saw it as a potential for abusive business practices because he remembered history where the first postal service made the recipient of the mail pay for the delivery, but was changed to the sender fairly quicker because of the abuse.

The war on spam is the good war of our generation, but I'm afraid it may be the war of our kids generation too unless we get serious about nuking the spammers.

Spam Assassin, netblock ORBS

[Cally]

The most recent Need To Know has a good piece on Spam Assassin which uses a clever points-weighted rulebase and apparently has an excellent accuracy rate. What's more it comes with a ISP-friendly daemon mode. Presumably AOL would have some scalability issues, but I'm sure this is a fixable problem.

The other possibility is a net-block equivalent of ORBS. Some on the Sec-Focus Incidents list (and other fora, over the years) have bounced around the idea of blocking netoblocks who'#s POCs don't work, or who don't have or respond to mail to the RFC-mandated abuse@, security@, hostmaster@,.. standard mail accounts. I'm all in favour. Automate probes, the way ORBS did for anonymous relays. I think this would be a Good Thing. People do have a legitimate need to communicate between Asia, America and Europe: simply dropping everything from .kr is evil and wrong, IMHO.

Finally - y'all know that anonymous HTTP proxies are just as bad, if not worse, than traditional open mail relays? Just testing ;)

Optionally publish valid mail servers for domains

I often get email where the from domain claims to be yahoo.com, but it was sent via an as-yet un-rbl'd server. As it stands your smtp server will accept a mail from anywhere not in a block list, with no checking on whether the server sending you the mail is a legitimate server for that email's claimed from address.

In the same way that RBLs are published via DNS records, it could be useful to have a scheme whereby for your email domain you can advertise (via dns) what hosts are authorised to send email for that domain.

So a mail comes in from a yahoo.com address, you do a dns lookup on the incoming connections ip address appended to validservers.yahoo.com or whatever the convention decided upon is, and the result would tell you if it's valid. You'd also need a way to check that yahoo.com is actually advertising the valid mail servers (and if it isn't, you failsafe and accept the mail).

This scheme wouldn't be compulsory, and would probably be suited mainly to free email providers, large corporates. The downside of it is that if you have a yahoo.com address, but want to run your own smtp server to deliver your mails, then you'd fall foul of such a system. I don't think that's a biggy though - if you could run your own smtp server, you'd probably not use a yahoo.com address you'd have your own domain :).

While I'm rambling, another system which could be done is a protocol for verifying email addresses (you could also do this via dns too, I guess, but dns is getting cluttered enough as it is). For a given email domain it has an entry (in dns) for an email address verification server. When an email comes in, you check if there's a verification server for the source domain of the email, and if so try connect to it, and then submit the email address for verification. Depending on whether it says yay or nay, you accept or reject the mail. If they're not running a verification service, you just failsafe. I know SMTP vrfy exists, but sites often turn it off, or it doesn't do anything useful as the external server is just forwarding mail, etc etc.

These systems wouldn't be so useful until they got adopted by hotmail.com, yahoo.com, eudoramail.com, aol.com etc, and I'm sure people have toyed with these ideas before and maybe there are downsides which outweight the benefits or maybe someone knows of implementations of such a thing.

AT&T, other ISPs should take advantage of this

[Silas]

I hope that AT&T tells their customers exactly what happened: "your mail was delayed because of spam". This is just the kind of incident that would help educate the masses that spam is a very real problem that needs immediate attention.

I agree with the other posters who note that the economics of Spamming need to be reversed in order to stop it, but I think that, even before that, public opinion needs to be swayed such that it is perceived as a significant problem worth addressing all over the place, not just at one ISP or for one open relay. A lot of people have just gotten used to ignoring/deleting 5, 20, 100 spam messages per day. "It's just part of using the Internet, right?" This needs to change. When things like the AT&T congestion happen, they should be used to get the public a little more outraged.

Re:Spam from Asia?

[Arker]

Just goes to show the level of technical (in)comprehension among suits and reporters. Both groups seem to have a difficult time using simple words like "originate" properly.

Most of the spam I get comes *via* asia (with a rising amount coming from Spain and Portugal lately too) because there are a lot of abusable relays in those areas. But the actual *origin* for most of it seems to be some guy with a cable modem in Arizona.

Oh, btw, it's just as annoying getting spam for it when you are here in the USA, spam is just annoying period. The most annoying spam I think is when it's for something I might actually be interested in - because there is no way I'd buy ANYTHING that's spamvertised, so a spammer could actually cause me not to get something I want. That's pretty rare though. I think the last time that happened was probably when I got spammed by a BeOS distributor a year or more back.

Re:Spam from Asia?

I don't know why I get the stuff, as I don't speak any Asian languages.

Friend, are you having trouble reading your mail? Did you know that Chinese is spoken by over 1.3 billion people?! Take our quick and easy class today! Just call 800-555-1212 and start learning Chinese, Korean or other Asian languages.

This post is not spam! You received this because you joined the opt-in Slashdot and agreed to receive from other list members. This message is sent in compliance of the proposed bill SECTION 301, paragraph (a)(2)(C) of S. 1618. If you wish to be removed please click on the remove link below - Thank you again for giving permission for us to send you offers we believe will help you succeed. Click here if you no longer want to receive gifts or special offers: http://www.sendmemorespam.com

498731497

Re:Blocking port 25

[coyote-san]

I'm not sure how this is related to the prior comment....

Anyway, blocking outgoing port 25 is a stupid idea. Many of us work from home and have our own domains, and we legitimately want to have our outgoing mail show our own domains, not @attbi.com or @rr.com or whatever.

There are also some practical problems:

• Can we even connect to outgoing mail filters? Some ISPs are switching to web interfaces (think Hotmail or Yahoo mail) and don't accept outgoing SMTP traffic.
  
• If we can connect, do we get mandatory advertising copy inserted? Nothing makes a contract bid look professional like a footer encouraging the recipient to sign up for some cheap ISP. (Even if this isn't common, yet, there can be some weird stuff added or changed in the headers.)
  
• Some misguided sites are now cross-referencing header and DNS information, with the result that anyone using their own domain but their ISP's mail gateway will be blocked as spam. Direct connections stil get through.
  
• Finally, there's the basic concern that the ISP could be logging email sent through their system. Yes I know about encryption, but I also know how incredibly hard it is to get people to use it. With my own mail server I can set up my system to use STARTTLS, but with an ISP mail server I may not have encryption on either leg.
  

Re:Spam from Asia?

[_ph1ux_]

you're just jelous because in the US we have pills that can make your penis grow an inch a month GARAUNTEED!!! ACT NOW!
.