As the Spam Turns

Anonymous writes "The SBL has added Verio's corporate mail servers to its blocklist which protects nearly 100 million mailboxes, because of the number of spam gangs on the Verio network. Verio also provides connectivity to AS26212, a collection of 9 of the most notorious spammers netblocks. AS26212 - the new spambone? - is also connected to he.net and bbnplanet.net."

Oh no!

[Yoda2]

Now how will I know the best way to enlarge my penis or get that degree from a fine, unaccredited institution?!

Re:Oh no!

[NotAnotherReboot]

Well, those were once in a lifetime opportunities anyways so I'm sure you'll never get an offer like that ever again.

Spam comes from unlikely places...

[GreyWolf3000]

I got a Nigerian money scam today with a yahoo address in the header.

I replied with a cheap goatse.cx link. It went something like "Sure, I'll do it--but can you please check my [a href="http://goatse.cx"]website[/a] tomorrow--I will post a picture of an open door to indicate that you have been granted the go-ahead. If not, it will mean I need another day for my paperwork to be prepared. I have been having troubles with my bank lately, and they might be looking into me, but fortunately I have the right friends. I think email is much too insecure for this." I guess trolls do provide something useful for the community.

Re:Spam comes from unlikely places...

[Jucius+Maximus]

" I got a Nigerian money scam today with a yahoo address in the header. I replied with a cheap goatse.cx link. It went something like "Sure, I'll do it--but can you please check my [a href="http://goatse.cx"]website[/a] tomorrow--I will post a picture of an open door to indicate that you have been granted the go-ahead. If not, it will mean I need another day for my paperwork to be prepared. I have been having troubles with my bank lately, and they might be looking into me, but fortunately I have the right friends. I think email is much too insecure for this." I guess trolls do provide something useful for the community."

Haha, that is good, but I can one-up you on that... I've told this story recently in another slashdot thread but I'll actually post the guy's response this time.

Here is my response to the original spam:

Hello, Mr. Abu, it is wonderful to be doing business with you!
My name is James Kirk with phone#202-406-5850 and fax#202-406-5031. [these are the phone and fax number for the US Secret service electronic crimes bureau]
Company: Utopia Planetia Fleet Yards
Company Address: 33601 Lyon Street, San Francisco CA 94123
I look forward to receiving this money!
-James [yes, the james kirk name was inspired by the haxial.org thing]

The guy e-mailed me back and asked me to phone him on his private line. I looked up the phone exchange and it indeed was in Nigeria.

Then I got another e-mail from him an hour later:

Subject: WHY?????

Dear Kirk,

If you were not interested in assisting us, you sholud have kindly told us so
that we can look for another foreign partner who might be interested in
assisting us, instead of agreeing to assist, and giving the number of your
secret service for us to contact.
Why could'nt you be man enough to tell us that you are not interested.

Well, I wish all the best, as we continue our search for a reliable person
that will be genuinely intersted in assisting us.

He actually called it. I got some of the other scammers to fax their documents to the fax number. One guy e-mailed me back and said that the lady on the line didn't know of any James Kirk there. Teehee...

Re:Great, more censorship

[Uma+Thurman]

Nobody's stopping you from getting spam if you want it. Calling this censorship is completely and utterly misunderstanding what censorship is, and what a blocklist is.

Spam to spammers

[razmaspaz]

Do you think the people who send out all this spam get annoyed at all the spam in their mailbox or are they proud of the work they do?

Re:Spam to spammers

[scott1853]

If a Sprint telemarketer gets a call at home from an on-duty Sprint telemarketer, does he tell them to go fuck off? That's another one for the Zen Buddists to think about.

Hrm, isn't that John Gilmore's ISP?

[autopr0n]

IE the founder of the EEF and the guy who refuses to close is open mail relay?

Re:Hrm, isn't that John Gilmore's ISP?

[billstewart]

Actually, you've hit a major irony, because Verio refuses to continue selling John Gilmore internet access. John was one of the members of The Little Garden internet access co-op (back before ISPs were common), which was businessified, then bought by Best, which was bought by Verio, which was bought by NTT.

But they will sell to spammers.

Only the corporate site was blocked

[d2ksla]

but I'd rather see every spammer run rampant then restrict even one innocent party nobody cares about.

In the comment from Spamhaus it is clearly stated that only the Verio corporate mailserver is blocked in order to protect their ISP users.

Viro when did you lose your way?

[red5]

A while ago I worked for a now defunct dot-com that dealt in e-mail marketing through opt-ins. When we moved to hosting through verio. They threatened to cut us off even though our mailings were opt-in, and sent from a different (non-verio) location.

Their anti-spam policies were so draconian that we had to move to exodus. When did they become pro-spam?

Why content filtering is not enough

[Frater+219]

The technology is out there, in the form of Bayesian filters, and is nearly perfect.

Bayesian filters, SpamAssassin, and other client-side content filters can indeed reduce the amount of spam that you see. As such, they can reduce some major costs of spam for the average Internet user, small site, or business: costs such as annoyance, offense, wasted time, and harm to productivity thereby caused -- that is to say, the end-user costs of spam.

However, they have no effect on the cost of the bandwidth and other resource costs of spam, which are substantial for large ISPs and large businesses -- and for the Internet as a whole. In order to perform content filtration on a piece of mail, you must receive it and store it first, which has its costs. (Consider that large ISPs regularly report that anywhere from one-third to two-thirds of their mail is spam.)

Only forms of spam filtration which do not permit the spammer to send the spam to your mail server can reduce the bandwidth cost of spam. In practicality, that means filters which apply to one or more of the following (in increasing order of cost):

1. The sending host's IP address;
2. The sending host's DNS name or other IP metadata; or
3. The contents of the SMTP envelope, that is, the arguments to the MAIL FROM and RCPT TO commands, or other sender behavior prior to the DATA command.

(Note the SMTP envelope is not the same as the mail headers, which are part of the SMTP DATA. An SMTP server is permitted to reject mail before DATA, but is not allowed to drop the connection in mid-DATA. If you do not understand this, read RFC 2821.)

DNSBLs -- such as SBL, MAPS RBL, and SPEWS -- all apply to the IP address of the sending system. Domain-based rejection lists (which are not commonly published) apply to the DNS name of the sending system. RHSBLs, and relay checking, apply to the SMTP envelope.

Keep also in mind that one function of some (but not all) DNSBLs is not merely to filter out spam, but to discourage it from being attempted in the first place. By rejecting mail from networks which have proven themselves to tolerate spammers, we tell network operators that if they wish to be able to send us mail, they must kick off their spammers. It's their choice which they do; they just have to choose which is worth more to them: being able to send mail to sites that don't like spam, or being able to host network-abusers with impunity.

(Incidentally, you will find precious little sympathy for calling spam filtering "censorship". Censorship, as those who have experienced it understand, happens when some party uses violent force to stop a view or expression from being published by its advocates (at their cost). Spammers aren't trying to publish their views at their own cost and being violently restrained from doing so: they're trying to steal the use of others' equipment to publish their stuff.)

Re:Why content filtering is not enough

[CoolVibe]

Content filtering helps. The more users use content filtering, the less of the spammers' messages gets seen by the users, and it will make mass-mailed advertising scams profitless, and if that's successful, spam dies.

Sure, DNSBLs and other blacklists help. They should be used. The content filtering is just perfect for covering that last mile (if spam passes all the blacklisting mechanism). It _might_ deterr spammers from spamming, but I doubt it. Spammer notices that his last mailing bounced, and he uses another open relay.

If a spammer knows that Bayesian filters and Spamassassin/Razor type content filtering are widely deployed, it will act as a quite effective deterrant for sending spam. Maybe.

What really needs to be done is EDUCATE isps that an open relay can get you in a whole heap of trouble. Of course many have closed their relays, but a lot still have open ones. Especially administrators in the Middle East and Asia need to be LARTed badly, since that's where 90% of my spam is relayed from. Once all open relays are killed, the spammer has only 2 alternatives, either set up his own SMTP, or use the one his ISP allocated to him. Both are easy to track and put an end to. The spammer would have to register for a new account and the more often that happens, the sooner his/her name will be blacklisted. Heck, if anti-spam laws are legislated, the spammer could end up in jail. Jail is the ultimate deterrent. There's nothing like the prospect of being assraped by Bubba to deterr spammers.

With respect to the "filtering spam is censorship" comments, well... Content filtering is my way of plugging my ears with my fingers because I do not want to know what you are trying to sell me/scam me into. The DNSBLs are a LART to teach the admins not to run an open relay.

Re:Why content filtering is not enough

[Frater+219]

What really needs to be done is EDUCATE isps that an open relay can get you in a whole heap of trouble. Of course many have closed their relays, but a lot still have open ones.

"If we close the open relays, spam will go away" is actually what a lot of spamfighters thought five years ago. A common opinion then was that spam was basically a technical problem, like a security hole or smurfing, and that applying the appropriate technical fix to mail servers would prevent it.

Unfortunately, that hasn't worked. First off, open relays are not the only technical problem that makes spamming easier. Open proxies are just as common today -- and worse, since they hide the tracks of spammers. (They're also used by all sorts of other abusers.) Moreover, open proxies are harder to get people to close down, since blocking access from them to mail servers doesn't usually affect their legitimate users -- and thus doesn't draw their attention.

Second, it has been increasingly realized by most spamfighters that spam is a social problem, not merely a technical one. The problem isn't just that there are abusable resources, but that there are people who are willing to abuse them for profit, and other people who are willing to aid and abet those abusers in order to reap a share of that profit.

As a parallel, consider burglary. Sure, it is good to employ technical means such as deadbolt locks and alarms to block or deter burglars -- but nobody thinks that burglaries are solely technical problems, and that we should pursue only better locks rather than the arrest of burglars. Burglary is a social problem; specifically, a problem caused by some people's willingness to violate others' rights. We call those kind of problems "crimes".

Spam is a particularly frustrating crime since anyone who considers the proprieties of the situation can recognize it as lawless, but few legislatures have chosen to formalize its criminality in statute. It's lawless because it defies the property rights of mail server owners, alienating their resources for the spammer's use without permission. That's often covered by statutes regarding theft of service, computer crimes, or various sorts of tort, and there have been a number of cases wherein spamming was recognized by judges and juries as such. However, in many jurisdictions there's no statute to point to that says "spamming is a crime".

Third, there's also an social-technical problem. There's a small number of crooks who can profit themselves greatly by finding means of sending spam. Each of them has a much greater incentive to locate these means than any individual spamfighter does. This is a social problem in a different sense: insofar as spamfighting relies on discovering paths for spam propagation and getting them shut down (e.g. closing open relays) the crooks are always going to be several steps ahead.

By targeting organizations and persons known to be sources of spam, rather than the victims they exploit to send that spam, we can get around that problem. The number of large-scale spammers is actually rather few. Steve Linford's ROKSO (Registry Of Known Spam Operations; same guy as the SBL) lists around 100 organizations which have been thrown off of ISPs three or more times for spamming.

Fundamentally, I agree with you that the problem is one of education. However, it is not merely the education of ISP technical staff that must take place. It's the education of everyone involved -- technical staff, their managers, mail software authors, spammers, the legal system, spam recipients, and businesses that might consider spamming. Everyone needs to wise up about spam.

There ought to be a law...

[cperciva]

We really need a law which requires Internet service providers to publicly disclose their terms of service -- that is, publicly disclose what terms of service they actually enforce.

After all, it's really just a consumer protection issue: Verio claims to have an active abuse department, and is thereby misleading people who assume that spammers on Verio's network will be shut down.

Re:Good

[Frater+219]

I would not be suprised to see Spamhaus served a cease-and-desist before Verio does the Right Thing and starts punting luser spammers.

Luckily, the spamfighting community has a great deal of experience with such misbehavior. The slang expression among spamfighters for a sender of baseless legal threats is "cartooney", as in cartoon + attorney. Spammers send these out by the boatloads when their delusions suggest it will get people to stop trying to block their thefts.

Steve Linford, the operator of the SBL and ROKSO (and known in China as Stiff Linefeed) is a long-time anti-spam veteran, and has a great deal of support from others such. If Verio tries to harangue, hassle, or hornswoggle him into falsely removing them from SBL, he will have dozens of clued and supportive people on his side. If Verio files suit, Mr. Linford will have a substantial legal defense fund faster than you can say "Canter & Siegel".

Re:Great, more censorship

[p3d0]

That's only half the picture. It also must let every non-spam email get through. It can't just discard important emails. Otherwise, I could provide you with a simple filter that blocks 100% of spam...

(I'd like to point out that the link you provided claimed "0 false positives" which is exactly what I'm talking about.)

Spammers

[Ninja+Master+Gara]

I've had to shut down two mail accounts because of the enormous volume of spam they get. Enough to make even using spam filters a bandwidth problem on my dial up. They were unfortunate enough to be linked with mailto: on a medium traffic site before the harvesting craze began and within a couple weeks were effectively unusable.

ISPs need to realise that if they're not going to do anything about it, they'll be blocked. This happened to us years ago when the ORDB started, and we fixed the problem immediately. We didn't think they were being nasty to us, we realised we had a problem, and we set about fixing it. When ISPs get globally klined from IRC networks, their customers want to know why, and put pressure on the ISP. They listen and respond.

This is no different. If yer gonna be a spammy host, prepare to be blacklisted. Reponsible, rigid, no nonsense, targetted policies are the only thing that will have ANY effect, and even they won't STOP all spam. But it sure helps.

Re:Good

[Frater+219]

The goal of most spam blockers is to eliminate commercial use of the Internet.

Actually, most "spam blockers" work for organizations which commercially use the Internet. They are mail administrators for ISPs or other companies, which have directed them to reduce the impact of spam on their businesses -- to cut costs or to improve service to customers.

Spam isn't commercial use. It's criminal use.

Re:Good

[Frater+219]

You define commercial use as providing services for not-for-profit indivduals web surfing. Fine.

No, I don't. I define it as the use of the Internet for commerce, which is to say economic activity between consenting traders and investors -- what my left-wing friends would call "capitalism". I don't consider your sending of unsolicited advertisements to "an unconfirmed email address" (how many was it really?) to be commerce. I consider it to be spamming.

I define commercial use as trying to sell a product on the Internet and communicate with customers. You send one single email to an unconfirmed email address and you can be blocked for days. Do that enough and you are out of business.

You admit sending commercial email to an unconfirmed email address (how many addresses?), which turned out to belong to someone who had not solicited your message. By the usual definition of spamming as "unsolicited commercial email", that means that you admit to having spammed.

The techniques for operating confirmed mailing lists are not new. Mailing list software to operate confirmed lists has existed since well before the "e-commerce" boom. Thousands of businesses use such software. They operate confirmed, solicited commercial mailing lists ... and they don't get listed as spammers.

It sounds to me, from your description of the situation, like you failed to do due diligence, failed to take advantage of the information resources available to you -- and as a result, you spammed. In that case, the folks who listed you as a source of spam were telling the truth, weren't they?

Don't bother saying it doesn't work that way - we just got unblocked from that happening.

Hey, I'm just working with what you give me. If you'd like to point to a published record of your exchange with the list operators, please do so. A Google search link into NANAE, if that's where the exchange took place, would be more than adequate.

How many addresses did you spam, again?

Re:Great, more censorship

[kgasso]

Exactly. We get users bitching and moaning about spam, and what are we going to do -- ignore them and let them take their business elsewhere? We are taking the route of designing a crap filter the users can configure, and select which BL's to use -- all based around procmail and SpamAssassin. User doesn't want any filtering? Okay, easy enough for them to disable it completely.

I don't want to sound like a callous jerk, but it doesn't sound like the original poster knows what it's like having thousands of users screaming for some sort of server-side spam filtering. For their $18 or whatever a month, the majority of them want their ISP to do something about the viagra/pr0n/MMF spam in their mailbox. ISP's just need to make the right decision in letting the users decide if they want filtering or not. Users can always go elsewhere if the ISP wants to enforce filters the user doesn't like.

My $.02 USD.

Re:Good

[odaiwai]

The goal of the blockers is to eliminate commercial use of the Internet.

This is absolutely untrue. The goal of the blockers is to stop spam and abuse of the network and reclaim it from those who think that merely having and email address is an invitation to get spam.

dave

Obligatory pitch

[pongo000]

TMDA offers those who want it the ability to filter e-mail through a confirmation process (or, you can generate "keyword" or "dated" addresses for temporary use in newsgroups and other high-harvester areas). My spam went from several tens of spam messages a day to zero after spending a couple of hours with TMDA.

This solution doesn't do anything about bandwidth (since you will still get the same amount of spam traffic at your mail port), but it's a fuzzy-warm feeling to be in control of your own mailbox for once.

Re:Good

[Jay+L]

You send one single email to an unconfirmed email address

Actually, having just tried a demo of CD-R Diagnostic (an excellent program, btw), I'd like to point out that you send FOUR. Two in quick succession when the demo is downloaded, one three days later, and one five days after that.

The last e-mail says that you delete all evaluation e-mail addresses after 14 days, but the others give no indication of when it will end, there are no remove instructions, there is no explanation of how you got my address, etc. If I got this because someone typed in my e-mail address, I'd probably report you too. You should read up on the Ten Rules for Permission-Based Marketing.

One solution for spam in your inbox

[PhantomHarlock]

Ok, here's one way to eliminate spam in your inbox. No, this doesn't eliminate the cause, only the symptom, but it will stop the bandwidth at your server if you so have the power.

This works best if you own your own domain name and can create multiple pop boxes. It's still doable using regular email accounts, however.

Step 1: Change your email address to a previously unused address at your domain. Test it for a day, verify no spam is coming in to that address.

Step 2: Email all your trusted friends, relatives and business contacts your new email address.

Step 3: Remove your old email address links from your website and replace them with a feedback form that emails an unrevealed throwaway secondary address using your favorite web -> email gateway scripts.

Step 4: Create a bounce message at your old address, with a link to the feedback form, for all the people you forgot to email about your new address, and for people who want to contact you through your old address as they have found it on google searches or other archived postings, or your old business cards, etc.

Step 5: Receive both the new email address and the feedback form submissions on to your local mail reader. Filter them in to seperate directories. Give out your real, private address to feedback form users once they've verified themselves as being legit. If not, have a throwaway identity you can talk to them through. (the email account that the feedback form mails to) If you start getting spam at that address, simply change it.

Step 6: When you make public postings, post the feedback form URL instead of your email address. When you have to give your address away to commercial websites to sign up or download things, give them the throwaway address, or create a third address for legitimate online companies and filter that into a third folder for "commercial website email" If that get compromised by an unscrupulous business, change it. Still doesn't affect your primary private address.

You can receive the two or three addresses all at once with any modern mail reader, and filter them into folders. I personally use Eudora.

This is a really easy thing to do if you can stand changing your email address. I've had the same address since 1995, so I get about 150 spams per day. I have a filter that gets rid of most of those, but that's local and I still take the bandwidth hit, and about 20% of them get to my inbox still. Rather than try to over-filter and get a false positive, I think the above solution is a worry free and clean way to make a break from spam.

---Mike