Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Spam Problem: Moving Beyond RBLs

Posted by CmdrTaco on from the dont-spam-on-me dept.

whirlycott writes "I just published a paper called The Spam Problem: Moving Beyond RBLs on my site. I comprehensively describe RBLs and list eight specific problems with them. I also get into ideas that next generation antispam system creators should read. I hope that this will be useful to anybody who is attending the Spam Conference at MIT on Jan 17th."

3 of 488 comments (clear)

  1. Whiner... by DaGoodBoy · · Score: 5, Interesting

    My company was collateral damage on SPEWS last month and I kicked the *^&^#$* out of our ISP for hosting Global Travel on our netblock. They got booted and we got cleaned off the list. Bada-bing bada boom.

    RBL's are like a fever. They tell you when something it wrong and only a dork blames the fever when the problem is the disease. Get your ISP to whack the spammer or change ISP's.

    http://groups.google.com/groups?threadm=Fc6K9.2625 2%24Db4.726975%40twister.tampabay.rr.com

    --
    My God! It's full of Voids!
  2. In Defense of RBLs by minas-beede · · Score: 5, Interesting

    I have been a very loud protestor about collateral damage in news.admin.net-abuse.email. I well understand the problem but I think you over-estimate it. SPEWS deliberately lists non-spam-source IPS - that's collateral damage, that's wrong and avoidable. Take that away and the remaining collateral damage is unfortunate but not severe.

    Many have changed how they use RBLs - instead of simply rejecting they send a reply asking for confirmation the sender is a real human. If that confirmation is made the original message is delivered. That seems to be simple, straightforward, and capable of reducing collateral damage to a very low level. It even has intelligence behind it.

    I advocate relay spam honeypots (and open proxy honeypots - move with the times, keep up with the spammers). The white paper doesn't even mention these. The WP has the section asking if open relays are necessary. Well, no, they probably aren't. Is there a point? For how many years has there been an effort to secure open relays? Has it succeeded? The fact is that they are there - asking if they are necessary may inform you but it doens't change the situation in any useful way.

    For all these years the spammers have been given free access to the relay level - there's a self-satisfying division into the secure systems run by the wise and the open relays run by inept administrators. that division allows the operator of a secure system to condemn the operator of an open relay with confidence - he can strut. Yipee. As a spam-fighting tool it's a close to a complete bust. Well, yeah, lots of open relays have been secured. BFD - there's still enough for the spammers, and RFC 2505 said it would be this way. Yo: RTFM (in this case RTFRFC.)

    You want to hurt the spammers? OK, hurt them. It's not like you have to go out of your way - accept and deliver one of their relay tests and the chances are excellent they'll send you spam that you can discard. That's still a secure system, but it has teeth instead of gums.

    There's all these people falling over themselves devising elaborate filters. If you simply open up a relay enough to accept the spam but not deliver it there's no filter needed - a non-mail-server system that receives relay email receives close to pure spam - you will never get a filter as selective as that. Accept and deliver the relay tests and you have screwed the spammer. I won't even enumerate all the ways he is or can be screwed but there's a bunch.

    If 5% of the Windows systems with network connections ran Jackpot then spam would be dealt a mortal blow:

    http://jackpot.uk.net/

    It isn't hard, and it does tremendous good. Check it out.

  3. Re:Easiest way to stop spam... by Frater+219 · · Score: 5, Interesting
    People spam because it WORKS. The only real way to stop it is to STOP BUYING SPAMMED PRODUCTS.

    Not exactly. Besides being a theft of end-user and mail-site resources, spamming is also a scam perpetrated upon businesses. If you got spam advertising Joe's Naked Kinky Web Site, that probably isn't because Joe thought up the idea of spamming you all on his own. Most likely, a career spammer (let's call him Alan) convinced Joe that spamming was:

    1. effective,
    2. legal, and
    3. everyone's doing it anyway, so why miss out?
    Joe then paid the career spammer to spam for his naked kinky Web site. Since all three of Alan's claims are false, and he knows it, this means that Alan has defrauded Joe. He exploited the fact that Joe is probably neither an Internet expert nor a lawyer, but he does feel competition from other naked kinky Web sites, to convince him to pay for spamming.

    (Yes, Alan the spammer told the news media that spamming is effective, too ... and they believed him. He was lying there, as well -- but it got him, and spamming, free advertisement in the news!)

    This scam does not rely on spamming actually being effective, so long as vendors still believe it might get them an edge over the competition. Thus, getting people to quit buying spamvertised products cannot (directly) affect it. Only when all vendors on the Internet -- yes, including naked kinky Web sites -- realize that spamming doesn't work, isn't legal, and that they can do just as well without it, will spamming go away.