Slashdot Mirror
Another Side-Effect of Spam
ghostie writes: "According to this article on news.com.au Telstra (Australias largest Telco) is having some problems with email blacklist operators. They claim that large (previously unused) portions of it's IP range have been black-listed even though they have never been used before. It seems the direct-action approach to stopping spam is having a detrimental effect as well. When will it all stop?"
These days, the web takes up far more of people's time. Email is used primarily for mailing lists (which could be replaced by webboards), chain letters, and virus propogation (neither of which should be replaced by anything!).
But email's time has come. It just doesn't scale. Personally, I never use email. IM clients are much faster, and everything else can be done through the web.
Email just wasn't designed to be used outside of a single system with mere dozens of users. Its presence in the modern Internet is due to inertia, not good design.
We will always remember email fondly, but with the knowledge that it is an archaic technology better left behind.
Just my $0.02.
Karma: Good (despite my invention of the Karma: sig)
Spam will not stop until the current SMTP system is replaced. The main reason the current SMTP system can't be eliminated is all the current registration systems which send an email confirmation. Admittedly, my own site is part of the problem in this regard.
A system like passport would go a long way toward stopping spam. But I honestly don't see how to convince both consumers and content providers to join in on that system.
Given the lack of technical details in the article, it's a bit difficult to see who's in the wrong. The customer in question was a DSL customer, which is essentially a glorified "always-on" dial-up account, not a leased line equivalent, and as such it's quite possible that the IP space was on a DUL blocklist, rather than an open relay blocklist. So, putting two and two together, if Telsta has designated a series of class C IP blocks for use with DSL with ARIN, it's quite likely that these would find their way into a DUL list before they are assigned to an actual user. Of course, that might just be a "2+2=5" scenario.
UNIX? They're not even circumcised! Savages!
Writing to Telstra would get you an auto-ignore saying that the spam didn't originate from Telstra, and thus they would do nothing. If they still operate this way, they have it coming, and it serves them right.
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
Not that they're unwelcome. Just feels out of place. :)
For many years, Telstra allowed Email and News spamming from within their address space, because they would only take action on abuse originating from their own machines.
You could set up a news spew on one of their ISDN links, or misconfigure Exchange and leave it accepting external connections, and Telstra would shrug and say "Not our problem"
Telstra has been listed by ORBS and MAPS in the a few times in the past, so I'm not the least bit suprised at a little bit of pre-emptive defense.
SPAM will stop when SPAMMERS are jailed and bankrupted!
If you track down a few spammers, get large judgments against them, and take their houses, they may realize spamming is not cheap.
Fight Spammers!
Spam is a social problem - not a technical problem.
You can implement all the technical measures you want and it won't stop spam. Granted there are some technical measures that exist that will help such as eliminating open relays, but spammers just change their methods to get spam through.
A good analogy would be to tell a woman that she can expect to get raped and have no legal recourse. She can wear a chastity belt, but that's just a weak technical measure that a determined rapist will get around. So shall we require all our women to wear titanium suits to protect themselves and go through all the pain and hassles that go along with it? Doesn't this sound stupid as hell?
You need to educate that it's morally wrong to cost shift advertizing onto others, and have legal means to go after those who spam. An international "known spam offender" database can help ISP's stop selling access to those who flaunt the law.
Back to the main topic, Telstra is probably having problems because people block 211.*.*.* which is mostly asian / china. A small part is allocated to Australia. This MAY be what is going on...
I use email at work, I use it to replace faxes, memos and phone calls. There are systems out there where faxes go to department "inboxes" and even voicemail from your phone can go into your inbox. It is really quite nice, a single place for all messages
Everything is documented, and files can be easily transmitted.
It also works well for international teams (ie Europe/NA/Asia) we are all in different time zones.
IM tends to have message size limits, not everyone uses it. The clients suck for messaging 20 or 30 people the same thing.
Web boards don't work as well when you have many restricted discussions, where email you just send it to who you want to read it.
It mith be stupid, but here it is...
My idea is that emails protocols should not be replaced, they shoul be enhanced to support identification of the sender.
When someone knocks on your door, you look at who it is before letting them enter your house, no?
So a standard could be put in place which would enable you to filter the sender at the relay level instead of in your mail box. Well known address from you would be allowed to enter your mail box freely, while other one would have to identified themself well before being allowed. Just like when a rep of some phone company ring at my door, they have to identify themself well, and then, only then, if I'm interested in what they have to say, I let them enter. (Which is never the case hehe). So email protocols would need to be added a very complete identification section. There is no obligation to fill it for sure, but if you don't, people can always filter you out at the source. Once this ID is filtered out, it is put on your "black list". Then, when you connect to your mail server, it would send you the ID's of all the mail they have for you, and you would send them back a list of the emails you want to reject. This way, you get only what you want, and you save bandwith on unwanted spam. Am I crazy, or is it possible anytime?
I'd rather be sailing...
Stupid Penis Agumentation Mailings
I am currently trying to get a couple of my mail servers off of the SPEWS list. My ISP terminated an offending spammer customer of theirs at least 6 weeks ago. 4 weeks ago a HUGE address block of their space (including my servers) was placed on the SPEWS list due to this spammer. My ISP has been trying to get the block (and me) delisted for a MONTH with no success.
The only thing they have been able to do is offer to move me to another IP range on their network. Or I could find a new ISP. At any rate, it has cost me quite a lot of $$/time to try and remedy the situation- it should not be this difficult.
How long does it usually take to get off the SPEWS list? Especially if you were put there wrongly in the first place.
If it's not a technical problem, it's damned close.
A good analogy would be to tell a woman that she can expect to get raped and have no legal recourse.
Actually, that's a terrible analogy.
But you know what. I've changed my opinion. I hope they do pass a spam law. Just so everyone can see that it won't do a single bit to stop spam. And then I can say "I told you so".
The spammers get 1 minute for each spam that they send (up to 2 weeks).
Then people can purchase rotten produce to throw at them. This provides punishment, entertainment, and a source of funds for the cities.
Fight Spammers!
Glad you explained WHY it's a bad analogy. Kinda like the "because I said so" response.
It's rape because you are violated. Nobody want's spam. It's forced upon you. It frequently offends you. You are forced to pay for it either directly or indirectly in higher ISP prices, lower email server performance, your time dealing with it, etc.
The chastity belt is akin to block lists / filtering software. They are a pain where legit email can get blocked and some spam still gets through. It's something YOU have to deal with because of the lack of morals of someone else.
Since there is no law, we have no recourse. I want recourse. I KNOW it won't stop all spam, but at the current rate that it is increasing, email will be unusable in 2 years. In the past 6 months I've logged a 10 times increase in spam.
There are those that think that we should just change the email protocol. When should we do this? How long of grace period do we let old email work? 2 years? Look how fast IPv6 is being implemented...
To suggest that we can implement a new secure email protocol in less than several years shows a major lack of understanding of business, economics, IT infrastructure, etc.
Glad you explained WHY it's a bad analogy.
It's not worth wasting my time explaining why. Being raped and receiving spam are two completely different things.
Spam is the internet's version of rape. It's an ANALOGY, and a DAMN good one which is why you can't come up with a rebutal to it. Of COURSE "rape" and "spam" are different. They also share similar characteristics which I have explained in detail.
The fixable social problem is that we all have an expectation that if you send me an email, and I don't know you, you shouldn't have to verify to me that you're a real person.
All we really have to do is change that expectation. If I don't know you, then when you send me an email, you should expect to get a challenge like "tell me the sum of three and four, and I'll read your email." It takes you a couple seconds the first time you send email to a stranger, and eliminates spam completely.
Right now, though, there are lots of people locked into our old expectations, who get pissed off by challenge emails like this. Those people are out of date. The old social model worked fine fifteen years ago, but it doesn't work anymore.
Reading your replies is the internet's version of rape. Nobody wants your replies. They're forced upon us. They frequently offend us. We are forced to pay for it either directly or indirectly in higher slashdot subscription, bigger fucking ads, lower slashdot performance, your time dealing with it, etc.
The chastity belt is akin to slashdot's karma system. It is a pain where legit posts can get blocked and some shit like what you post still gets through. It's something WE have to deal with because of the lack of morals of YOU.
Since there is no law, we have no recourse. I want recourse. I KNOW it won't stop all stupid idiotic posts, but at the current rate that it is increasing, slashdot will be unusable in 2 years. In the past 6 months I've logged a 10 times increase in idiot posts.
There are those that think that we should just improve the karma system. When should we do this? How long of grace period do we let the old karma system work? 2 years? Look how fast IPv6 is being implemented...
To suggest that we can implement a new secure karma system in less than several years shows a major lack of understanding of business, economics, IT infrastructure, etc.
When you can't come up with a logical argument to support your view, you resort to personal attacks and regurgitate my post with search and replace.
Grow up, troll.
When you can't come up with a logical argument to support your view, you resort to personal attacks and regurgitate my post with search and replace.
That was a logical argument. If spam is like rape, then so are your posts.
Now you and your ISP can live with bouncing e-mail, until such time as you and your ISP have proven that you have changed your ways and deserve to be part of the civilized world.
If you run a sendmail server, you can block anyone / anything you want, and you can use some pretty strong authentication methods - strong enough to be sure you know who you're talking to.
Unfortunately, that's not the whole solution to the problem; while it works fine for businesses, it doesn't scale to large ISPs that have the moral fiber of two-dollar whores. Telestra is not alone in being willing to do anything for a couple bucks, and how would an ISP know who you want (or don't want) to talk to anyway?
Telstra is a blackhat and some DNS blacklists will list every Telstra netblock until they get their shit together. I personally don't wait for a large DNS blacklist to list spam-supporting ISPs. I blacklist them on my MTAs myself. Broadwing is my favorite example of this in action. I've blacklisted every single IP they own. I blacklisted /19s or bigger at a time and didn't hesitate doing it. If my experiences with Telstra become similar, I'll do the same to them. I choose not to communicate with spam-supporters. Sometimes listing an entire provider is the only way to make them extract their heads from their asses (which happen to be so far up there that the lumps in their throats are their noses). Pressure from their customers is the only way to affect them.
- Have a government sponsored nospam server that will keep a list of emails to opt out of any sort of advertising campaign.
- When a company wishes to send out a mass email campaign, it first sends a secure authorization to this nospam server.
- The user enters in the emails in which it is sending the agreement. If any of the emails match the nospam list, it therefore does not send email to the person on the list.
- Opt-In email: If the user chooses to opt in for a particular service/email. A sample of the person's DNA will be taken. The md5sum of the sequences will be compared to the md5sum stored on file at a secret government location, where other human tissue samples are stored. If the md5sum on file is a match, the company is then allowed to send the person and email.
Issues- What if the company obtains the md5sum from someone other than you? That's easy. All you have to do is change your genetic sequencing and submit a new copy of your DNA to the government! This way, when the government tries to clone you, they will be cloning a correct copy of you as well.
- What if you don't want to be on the company's mailing list anymore? In that case, you download the source to the database that they're using (mysql or postgres). Find a security hole, and log in as root to the database. Delete your record from the database. Do other people a favor and wipe out their records.
- What if the spammer is from a country outside the jursidiction of the nospam policy? That's easy too.
:)
Conclusion My bill is currently being argued in front of the Senate by the remaining members of Monty Python, who in a high pitched voice complain to the congressmen that they "don't like spam".Alternate Plan: Get 20 of your friends and hire Kevin Mitnick to wipe out the database for you.
- Go onto Yahoo Games.
- Go into the chess spot
- Go into room #defcon
- Say that you would rather play Global Thermonuclear War.
- Spoof nuclear missles launching from the country of your choice.
- Repeat spoofing of missles from countries where other spam messages you receive originate from.
You could also form a world government specifically for the purpose of stopping spam, but then that's kind of like going through the horse's ass to reach its mouth.Whether it passes the Senate after seeing 5 men dressed as either Vikings or Women is anyone's guess.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Let's keep the hyperbole down to something reasonable, shall we?