Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Measured Effectiveness of Blocking Asian Spam

Posted by chrisd on from the spam-is-bad-mkay dept.

fadden writes: "I recently started blocking IP addresses in China and Korea that were sending me spam. Instead of a blanket ban, I only blocked the subnets from which spam was being sent. After my first week of scanning and banning, I wrote up a report on the effectiveness of the blocks." In related news, SSKennel adds that: "The U.S. Federal Trade Commission has discovered (prepare to be amazed!) that revealing your email address in chat rooms can get you spammed. It claims to have taken action against spammers who harvest email addresses and use them to send fraudulent spam." Shocker!

21 of 378 comments (clear)

  1. Fraudulent Spam? by Lukano · · Score: 2, Insightful

    Is there any other kind?

  2. sigh by 3-State+Bit · · Score: 3, Insightful

    I recently started blocking IP addresses in China
    That's okay. They're used to it.

  3. Re:Epiphany by RatBastard · · Score: 5, Insightful

    Quite a few people don't know this simple fact. And it's not because they're stupid, either.

    One person's "common sense" is another person's "mystery of the unknown."

    --
    Boobies never hurt anyone. - Sherry Glaser.
  4. Re:hooray by Anonymous Coward · · Score: 1, Insightful

    They (the Asians) can fucking well learn to administrate an SMTP server like the rest of the world, if they want to be "brought together" with us. As things stand, they seem to have some culturally-ingrained sense of irresponsibility that ends up hosing the rest of us.

  5. Re:Epiphany by Moonshadow · · Score: 5, Insightful
    The thing is, most average uses don't know this. To their knowledge, the only way a spammer could get your address is for you to put it into a webform somewhere.

    Most casual users probably don't even consider the possibility of their address being harvested from other places, such as chat rooms.

  6. Re:Blocking subnets? Use SPEWS. by EvilAlien · · Score: 5, Insightful

    And probably lots of legit mail too, unless you have a tiny mail server. SPEWS is an awful choice for large commercial services, they subscribe to the "throw the baby our with the bathwater" theory. They are ever more clumsy and heavyhanded than ORBS was.

    --
    perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
  7. Re:How I block Korean spam by Moonshadow · · Score: 5, Insightful

    The problem with this approach is that a lot of people on Windows platforms using Outlook/OE send HTML mail by default, even for a simple text message.

    A much more reliable appriach is the "pattern matching/scoring" technique a few pieces of software out there use. I've been using Spam Asassin for a while now, though (too lazy for a link :) ) and I have yet to see it a) tag a legit email as spam, or b) miss a spam message. If that sort of thing were installed on mail servers by default, then it may be possible to cut down spam drastically. Right now, my config just puts [SPAM] in the subject line - makes it easy enough to filter. Why can't ISPs do the same thing? I know that Spam Assassin is a bit resource hungry, and isn't practical for large scale operations, but surely something similar could be written that would accomplish the same thing with minimal resource drain.

  8. Re:Asian Pacific network by 1u3hr · · Score: 4, Insightful
    I started blocking off all Asian Pacific networks about 6 months ago

    So that's why American ISPs ignore me when I complain about the spam they send to me in Hong Kong.

  9. Re:Speaking of exposed email... by fermion · · Score: 2, Insightful
    of course this is why confirmed opt-in is the only ethical means of gathering addresses. This, along with completely genuine headers, is going to be the only way to stop spam. The spammers, unlik physical bulk mailers, have no incentive to insure lists are accurate.

    BTW, I thought it very funny that the WSJ, in an article mentioned earlier, allowed the spammer to say they never forged headers while, at the same time, they admitted they did forge the 'from' field.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  10. Just a note by djupedal · · Score: 4, Insightful

    ...does it help to suggest that the spam in question is perhaps not originating from Asia, and is more the result of lax relays?

    The spammers are outside of Asia, and simply target open relays where ever they find them.

    The stats by the submitter show that most of not all the mail is in English. That should tell something about the true origin of the spam.
    If the open relays were closed, the spammers would move to other hotbeds. Let's work to educate the admins in Asia, and force the spammers to back off using open relays.

    1. Re:Just a note by Jester998 · · Score: 3, Insightful

      For the most part, that is EXACTLY what is happening -- spammers are 'just' exploiting open relays in China and other asian countries, and working to educate the admins in Asia is a wonderful goal...

      Unfortunately, it's been tried and has failed, numerous times. Email sent to admins in Asia is usually ignored (or perhaps misinterpreted?), and mailing their ISPs has no effect. When the whole 'craze' of blocking Chinese IPs started, there was a large controversy over the practice; many felt it immoral to blackhole a whole country, opting instead for education, but it was the experience of many admins that trying to educate or inform the Asian admins was a waste of time... much like trying to teach a pig to sing (It doesn't work, and annoys the pig). Hence the popularity of blacklisting Asian IPs.

      Don't believe me? Try submitting some spam reports to Asian admins and their ISPs... let me know how it turns out... I warn you, however, that it's unpleasantly like bashing your head against a rough concrete wall.

    2. Re:Just a note by Skapare · · Score: 3, Insightful

      Most of the open relays in China are Exchange server. Documentation for Exchange server is available in Chinese (not sure which dialects), Korean, and Japanese. The problem is, most of the deployed servers in China (and probably Korea, too, but I didn't really check there) are versions prior to Exchange 5.5. And those older versions, while they do have some settings to supposedly turn off relaying, do not completely turn it off, and spammers know how to exploit the relay holes.

      The cause of the problem is that virtually all of these servers are running pirated copies of Exchange (and probably of Windows, too). It sure seems that, on average, the Chinese people are less concerned about theft (be it of your mail server bandwidth, or of commercial software) than westerners (Americans and Europeans) on average. Eastern European countries also have some of this problem. This seems to be a pattern that poorer countries are where it happens. Places like India, South American and Africa have less of it, but I think that is probably because there is virtually no internet connectivity outside of the big cities (this is changing quickly now in India and parts of South America), and so the deployment of mail servers and spammable bandwidth just isn't there yet. Expect new waves of spam from India over the next year or two, and from Africa after that (Much of the Nigerian money export scams really are originating from Europe and USA, not all from Nigeria, but this kind of thing doesn't need lots of bandwidth anyway, since it often uses Chinese and Korean open relays, anyway).

      This is actually a missed opportunity for the Linux community. Given there are distributions of Linux specifically designed for various Asian languages, we should work to further promote this deployment. Not only will it help the spam problem because of defaults that don't open relay and readily available native language documentation, but it also gets Linux installed in more places, in one form or another.

      --
      now we need to go OSS in diesel cars
  11. Large-scale SpamAssassin installations by dskoll · · Score: 4, Insightful

    I know that Spam Assassin is a bit resource hungry, and isn't practical for large scale operations

    Au contraire, if you're clever about it, SpamAssassin works great in large-scale operations. In conjunction with MIMEDefang, people use SpamAssassin to scan a lot of mail -- over 1 million messages/day in two sites I know of.

  12. Or, to put it another way...... by Ride-My-Rocket · · Score: 5, Insightful

    One person's "Duh!" is another person's "Huh?"/

  13. Re:Still no one has an answer, what do we do about by quantum+bit · · Score: 4, Insightful

    I also have a catchall so anytime I order something or fill out any other online form I use "the domain I'm browsing"@mydomain.com, that way if they give it out I can tell.

    I like to use the form me@"the domain I'm browsing".mydomain.com. That way if the address ever gets too inundated with spam, I can delete the DNS record for it and not even have to see the postmaster notifies for it. It also wastes a minumum of my bandwidth (1 DNS NACK packet vs. an entire SMTP conversation).

  14. Re:I'd say something by Latent+IT · · Score: 4, Insightful

    Number of Slashdotters who realise that SPAMMERs are not stupid and randomly try combinations of words and numbers (bob1@hotmail.com, bob2, bob3...)...Priceless

    Do you really think that if I register afsradoij294@hotmail.com that I won't get any spam? I'd bet you a large sum of money I'd get some in the first few days.

    I guess I'll find out.

  15. What about management? by Mustang+Matt · · Score: 4, Insightful

    So do you add another DNS record for every site you visit?

    Seems like a big hassle on the management end.

    --
    The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
  16. Re:Epiphany by zurab · · Score: 4, Insightful

    Most casual users probably don't even consider the possibility of their address being harvested from other places, such as chat rooms.

    I don't believe this. They have to know. Common sense should tell anyone that if you give someone else your information, they will be able to record that information; doesn't matter if it's credit card number, e-mail address, social security number, or mother's maiden name. If they do know enough not to give out their mailing address, SSN, and mother's maiden name to complete strangers online, then they should treat their e-mail addresses no differently.

    Now, you may say that giving out SSN is more dangerous than giving out e-mail, but mere knowledge of this fact by any user proves their awareness of their actions.

  17. Re:Blocking subnets? Use SPEWS. by Anonymous Coward · · Score: 1, Insightful

    Get real. Several VERY "large commercial services" use SPEWS - mail.com, excite.com, SBC; you think they would be using it if it rejected masses of legitimate email?

    Why do I hear the whine of a spammer, or poor peon who hosts on a spamhaus, in your rant?

  18. Re:How about access control lists? by Tim+C · · Score: 3, Insightful

    what about people who actually do need to hear from others in 3rd world countries?

    Asia? Third-world? You do realise that Taiwan, Japan and Hong Kong are Asian countries, don't you? You know, those little backwater places that make most of the cool high-tech toys in the world? Hell, chances are a lot of the stuff in your PC is Taiwanese in origin, and Japan has stuff that you won't see in Europe or the US for years.

    --
    It's official. Most of you are morons.
  19. Re:This works well for me by Anonymous Coward · · Score: 2, Insightful

    Kinda sucks when your DNS server goes down, and your SMTP server starts rejecting all email. This happened to me a couple of days ago. Lost 5 hours worth of email for all users.