Slashdot Mirror
Internet Vigilante Justice, SPAM, and Copyrights
pdw writes "An interesting article about how vigilante justice on the Internet by anti-spam advocates can be just as threatening to the Internet as those proposed for copyright advocates."
← Back to Stories (view on slashdot.org)
How had it gained access to my mail server? Simple. It had forged the headers on its email to convince my mail server that the email it sent was from a permitted user.
One word: Authentification.
You see, my mail servers were set up to pass mail only from a domain name of which I am the only user. It blocks everything else. That's not an open relay. Unless you're a user in my domain, you can't use it.
Uh, it may not be a totally open relay in the literal sense of the word, but surely that still means it can be used to send spam, as long as the spammer figures out who to identify himself as - and if the Danes could do it, then it can't be that hard?
Any spam-block that relies entirely on the "from:" header is broken by design. What, spammers disguise their identities? Never!
If they make a mistake, you and your organization are screwed until they decide to admit their mistake and correct it -- if they ever do. They have cute, pat answers to explain away any responsibility for their behavior and generally refuse to communicate with those they block. I have had a nasty experience recently with "relays.osirusoft.com" where a client of our was using them as a part of their Postfix RBL configuration. Some Nazi^H^H^H^H German nominated our mail server as a spamhaus when we were not. Without being tested, our server was blacklisted -- I checked my logs and saw no check on the date we were listed. We received no notice, no automated robot checked out server or would anyone respond to my inquiries, just accusations that I was supporting SPAM--an absolute lie. If you are listed, you have to be an evil SPAM supporter with their mentality.
It took one month of constantly e-mailing their retest e-mail address. Daily checking of my mail logs and seeing that their robot was being rejected from relaying, yet, we were not taken off the RBL. Finally, after a month, we were removed. Nothing changed in our configuration, no notice was given as to why we were removed nor why we were added outside of the nomination origin. We were just lucky that "relays.osirusoft.com" decided to do what's right but was too cowardly to admit they were wrong. Hiding behind the anonymity of the Internet with no responsibility to the people they harm. We will never know how many e-mail messages were lost because of "relays.osirusoft.com"'s mistake.
Pathetic.
Strange women lying in ponds distributing swords is no basis for a system of government.
Your concern about failing to circulate blacklist removals is misplaced with regard to DNS based blacklists. The data expires in a finite amount of time from the cache, and removal processes are working pretty damned good. I've watched a number of notices posted on news.admin.net-abuse.email asking to be removed from the SPEWS list, and I check out whether they have fixed the problem or not. In most cases I find that the data had already been removed from SPEWS by the time I checked that (so now I check SPEWS first before checking to see if the problem is fixed).
Private blacklists are a problem because there's virtually no way to track them all down and get removed from everywhere (once you fix the problem). That's why we need central DNS based blacklists. But what we also need is to shield these central lists from stupid lawsuits from people who refuse to fix their problems or simply don't have a clue. Those who even so much as threaten to sue the list operators instantly get their IP addresses and domain names put in thousands of private blacklists where no one even looks to see if anything is ever fixed. And when they end up shutting down the central lists, they make things worse due to all the private lists. That's the primary reason SPEWS is so secret. Sure, it comes across to people who didn't know about it as a "Star Chamber" thing. And I didn't use it for several months until I verified it actually works to list what needs to be listed, and removes things when fixed.
now we need to go OSS in diesel cars
However, the reason to not do this is that it's insecure. A large percentage of the spam I receive claims to be from the domain that it's being sent to, so his system would happily relay it.
The second reason should trump the first reason, but obviously if you're a clue resistant lawyer with a chip on your shoulder, it doesn't.
For those who appreciate irony, consider this --
He's basically written this big diatribe, which to spammers says `hey! you can relay through my mail server!' ... so a spammer finds it, and forges their spam to allow it to go through it, and uses it to spam the world. Then somebody gets flooded with these spams, and sues our friend Bret. They can even use his article as evidence that his mail server was open and he knew it, but that he refuses to secure it.
telnet naam.pair.com 25
.
Trying 209.68.1.237...
Connected to naam.pair.com (209.68.1.237).
Escape character is '^]'.
220 naam.pair.com ESMTP
HELO test.lextext.com
250 naam.pair.com
mail from: randomuser@test.lextext.com
250 ok
rcpt to: bret@lextext.com
250 ok
DATA
354 go ahead
Hello Mr. Fausett,
your mail server is wide open. please fix it.
250 ok
quit
221 naam.pair.com
Connection closed by foreign host.
So it seems the article published in New Architect is wrong. It is defamatory and it is claiming that the guy is innocent while he's guilty as sin.
I guess that's what passes for lawyers nowadays...
Please DO NOT flood the poor guy with email. He's enough trouble already: He's a lawyer, he's been caught pants down after claiming he wore belts and suspenders, he's a lawyer, he's been blacklisted, and he's a lawyer.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/