Slashdot Mirror
The Spam Problem: Moving Beyond RBLs
whirlycott writes "I just published a paper called The Spam Problem: Moving Beyond RBLs on my site. I comprehensively describe RBLs and list eight specific problems with them. I also get into ideas that next generation antispam system creators should read. I hope that this will be useful to anybody who is attending the Spam Conference at MIT on Jan 17th."
(refering to the intro in the article)
I mean, you can compare it to having your entire town roped off because one person was a fraud... completely destroying said town, but you still live in it.
Wasting an entire netblock by blacklisting it is not good....
--- Ãther SPOON!
Tell EVERYONE you know never to click on any spam links, or buy spamvertised products. People spam because it WORKS. The only real way to stop it is to STOP BUYING SPAMMED PRODUCTS.
on getting his site /.'d into a little ball of slag?
Seriously, I'll try and review the paper...
It's Christmas everyday with BitTorrent.
You'll notice that he listed and then did not address the "Common Arguments and Justifications" for running and/or using a RBL. Just couldn't come up with a reason why privately owned servers have to accept mail from any particular person or group if they don't want to.
1. Don't let a spammer verify your email address
2. Don't post your email address on the internet
3. Secure your email client
4. Avoid common email traps
5. Fight back
Let me know if these can be improved.
Read my sig if you like, but I'll never see yours, thanks to Discussions, Viewing, Disable sigs...
My spamassassin-tagged mail usually scores between 1 and 1.5 ( a 5 is needed for a **SPAM** tag) - which in the grand scheme of things seems to be enough of a weigh for the value of an RBL. Don't absolutely trust it's value, but don't ignore it completely either.
I don't really see why anyone would use RBLs just by themselves. Personally, I have spamassassin catching the "big spams", you know the ones with webbugs, html-only, forged headers, etc. etc. I occasionally tag those as junk in my Mozilla Mail, while tagging my normal mail as not-junk. The Bayesian filter takes care of the occasionally sneaky spam. Once trained it's an awesome combination.
Quite a bit, actually. This reads like a topical treatment by someone who really doesn't know the subject. For example he mentions whitelisting, but in the solutions section, completely ignoring the fact that there are already solutions, both commercial and open source, that use whitelisting, blacklisting, and greylisting. In fact, I wrote one about 6 months ago for a client, and they are quite happy about it, it affords them complete spam protection.
-- Ed Carp, N7EKG erc@pobox.com PGP KeyID: 0x0BD32C9B What I'm up to: http://intuitives.mine.nu
Is this "published" just because he put it up on his website and told people about it, or will it actually be published in a journal somewhere?
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
My company was collateral damage on SPEWS last month and I kicked the *^&^#$* out of our ISP for hosting Global Travel on our netblock. They got booted and we got cleaned off the list. Bada-bing bada boom.
5 2%24Db4.726975%40twister.tampabay.rr.com
RBL's are like a fever. They tell you when something it wrong and only a dork blames the fever when the problem is the disease. Get your ISP to whack the spammer or change ISP's.
http://groups.google.com/groups?threadm=Fc6K9.262
My God! It's full of Voids!
Stupid job ads, weird spam, occasional insight at
The section on open relays I find rather odd. An 'open' relay is a relay that accepts mail from anyone to anyone, something which is an extremely bad habit. This guy starts arguing it's necessary to have open relays to deliver mail for some unspecified reason. It's not. You relay mail to legitimate adresses behind your mail relay, and you relay mail from legitimate adresses behind your mail relay and you dont relay to anyone else. Then you dont have an open relay. There is no way there's any technical reason to relay from anyone on the outside to anyone else on the outside, ever.
Has he completely missed that point?
Oh, well. If I'm to replace RBL type filtering with another anti-spam mechanism, there's only one I'd consider. That one is going complete pre-mail opt-in, in which case he's far more screwed than he is today. Live with the trouble of RBL's and get your ISP to do the right thing, or get a far, far more draconian solution.
There is a simple web based front-end that allows users to add and modify rules for accepting or rejecting mail based on a variety of factors - all saved in the datbase. Things like checking the subject, to, from, or the body of an incoming email for the presense (or lack) certain strings is a simple example.
All of this is done is Perl using Mail::Audit of course. I know there's Spam Assassin, but this was a little more fun (and customizable) for us.
The final check is the Realtime Blackhole List. When we first implemented this solution, we noticed in the logs that almost everything was on the RBL (even mail from yahoo.com). In fact, our own server was on the RBL. We'd never sent spam before, but I'm sure our relay was open at one time or another.
Since the system is configured to look for "accept mail" rules first, the solution came down to adding "accept" rules for pretty much everyone we knew, so that mail from known parties would be accepted even if on the RBL.
So now I get no spam at all - ever. I get very little mail at all in fact. It's really analogous to having an unlisted phone number. It's not the perfect solution by any means, but I'll take it any day over slogging through literally hundreds of spam mails every day ...
1. If SPAM wasn't so bad or annoying, or system resource draining the USE of RBL's would not only decline it would likely stop.
_NOTE_ IOHE RBL's in on a single mailserver rejected over 70% of all incoming requests. It took more than 90 days before we had our first complaint from using that RBL. Think of all the mail that didn't get delivered and the saved disk space, system resources et al.
2. Any RBL used is the choice of **insert org here** and not on the people sending mail.
_NOTE_
Very often the people charged with running **insert org here**'s mail server have been told "you must reduce the amount of spam I recieve". For many RBL's are an affective way of doing just that.
3. If the authors point about the legality of relay testing can in fact be upheld in a court, then ALL SPAM is illegal. Since this has not been found to be the case in US courts, then relay testing must be legal. (i.e. 18 USC Sec. 1030 (a) 2 (c))
4. If the Sherman anti-trust act can be applied here then it would also apply for spammers. SPAM is more in violation of the anti-trust act than RBL lists. (Why? because it prevents the delivery of legitimate e-mail, thus purposely causing delays and interfering with commerce)
Other solutions mentioned are worth merit, but it should be pointed out that these solutions are most often used and are most effective when used in conjunction with RBLs. A better solution would be to fundamentally change the way e-mail delivery works. DJB (http://cr.yp.to) had an idea some time ago where the cost of e-mail sent is born by the sender, not the reciever. That system may be the best bet. The ability to then block senders becomes a lot easier and your ISP doesn't have to do the very much "heavy lifting". The spammers get to do it. I like that idea better.
cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Having briefly looked at the paper, it seems like the usual complaining about RBLs as being too broad you see all the time in NANAE (news:news.admin.net-abuse.email).
Summary: someone tries to send email and finds that they're listed on SPEWS. They complain because "we're not an open relay", without figuring out just why they're on that list. Almost invariably, they're on the list because their ISP persistently ignores spam complaints and prefers spammer money to honest customer money. I think there's been about two or three actual mistakes in the SPEWS listings in the year or so I've been following NANAE. Otherwise, it's all been a legitimate extension of the block because the ISP knowingly ignores complaints and supports spammers.
Spam is theft. Theft of Bandwidth, theft of service and theft of time. It's that simple. Spammers are thieves. ISPs which support spammers are thieves. Soon, they'll be blocked from the public internet for anti-social behaviour. After all, if your local bargain supermarket ignored the thieves stealing 20% from every transaction you make with them, will you go back?
Many South American and Asian ISPs are blacklisted because they were quite happy to spam everyone when they could steal bandwidth and service from other ISPs. Now that they're blacklisted, they're whinging and moaning about 'freadom of speach', interference with interstate commerce, and other such bullshit.
It's about none of these things. Blacklists are about protecting your network from a Denial of Service attack by spammers.
People who complaing about RBLs (OR DNSBLs, to be more accurate) are missing the point. They should be complaining about spammers who think it's acceptable to steal my bandwidth and your bandwidth to advertise their product..
dave "the only good spammer is a rotting corpse, dangling from the noose"
and
Scalable (resources)
Aren't mutually exclusive?
Clever message on the open relay. How about this one?
220 mail.XXXXX.com: By connecting to this host
220 you agree to be open relay tested by
220 njabl.org. You also agree
220 to only send traffic that complies with our
220 AUP and our providers AUP. ESMTP
Seeing that your server must connect to mine first, I wonder which contract will be upheld in court?
cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I suggest you read the mail. Go to the site. Use the resubmit for testing function, and hopefully if your secure. You will be off it in a few days.
Well, I have mod points but I have to reply.
So, this guy has a problem: his mail server is blacklisted because it is part of the same netblock as a spammer.
So, rather than switching to a responsible ISP that doesn't allow spammers on its network, he writes a long winded whine about how to solve the "problem" of RBLs (although, mind you, he doesn't give a solution, just what he thinks should be part of the solution).
What he doesn't seem to understand is that the blacklisting of entire netblocks is only done as a last resort when ISPs refuse to get rid of spammers on their networks. It is a punitive measure to try to force the ISP to act.
While I applaud this guy for doing his research, I think he is misguided and even narrow minded. If you are part of the 'collateral damage' because your ISP allows spammers on its network, do the right thing and take your business elsewhere.
I did not read the article in whole (I am at work right now) but it is a big deception to see that the author, in the section about other anti-spam measure, wrote only a single paragraph on user education. It's a big deception because this is the root of the problem. Sysadmin can fiddle all their time with Spamassassin and Vipul's Razor but as long as some moron will buy pensu enlargement cream from spammer, spam will continue to be profitable.
The only way to reliably and permanentely stop spam is to to make it unprofitable. Since spamming have near-zero cost, anti-spam measure must attack the revenu stream of spammer. The revenu stream is people buying into spam. Thus having less people buy into spam is the only effective anti-spam prevention measure. All the rest is just Band-Aid in a loosing battle.
BTW, this is the same thing with tele-marketing, junk fax, etc.
:wq
Maybe you SHOULD take the time to read articles. Any. I can understand the arguments against spam for taking up system resources, but there is no way in hell that it is an intrusion on your privacy. It's your responsibility to keep your email address private if you want it that way. It is a public vector of communication, if you make it public you have no right to complain about recieving communication through it. Complain all you want about it being irritating, wasting time, costing money (especially if you're on dialup), but a privacy issue, I think not.
I'm the big fish in the big pond bitch.
(1) You (and I) get too much spam.
(2) Your e-mail system administrator (and mine) need to keep beefing up the servers because the sheer volume of e-mail is growing so quickly.
To a first approximations, filters solve (1) but not (2), and black hole lists solve (2).
whirlycott summarizes the problem with (2) in two words: "collateral damage." How much of the e-mail network do we need to destroy in order to save it?
We need to move past first approximations. We need systems that work at the server level, but that somehow address the problems of collateral damage and false positives.
This is only the tip of the iceberg. Any network messaging medium is vulnerable to abuse by spammers. The problem started with Netnews, it continued with e-mail, it's happening now with instant messaging. We need at least high level solution that helps solve the problem regardless of prototcol.
I wish I had one.
Stupid job ads, weird spam, occasional insight at
The problem, as I've said here before, is SMTP itself.
The RFC pretty much states that to be compliant, you have to accept the mail as it is presented. Can't achieve accurate or trusted reverse name lookup information on the sending system? Well, that's tough, take the mail (read this for yourself).
This problem stems from when systems on the Internet were inherrently trusted. That's not the case any longer, and it's time for a new mail transmission standard.
For starters, it should allow system administrators the ability to give priority to systems that can present some form of credentials. SSL or keyed encryption, whatever the standard is, it will permit systems to give totally trusted access to systems that meet the specific security and trust guidelines of the receiving system, not the RFC (times have changed, tough).
Those systems that do not meet minimum trust levels will either have to clean up their act or take the time to contact the remote system to figure out the issue.
It won't stop spam, but it will go a long way to slowing it down and possibly providing some secure method of mail transport in the process.
It's important to realize the point of RBL blocking. It isn't to make end-users happy, it's designed to lower traffic on the mail servers. So a proposed solution needs to be something that the ISP can execute without having to analyze the email. RBLs monitor a single variable, IP, to determine whether it should be accepted or not. If someone could come up with an idea that processed emails based on another single variable, then we'd have ourselves a good spam filter.
One proviso: if anyone complains, I will look at it.
RFCs require that one accepts mail for postmaster@domain.com and from the empty envelope sender. Since I do this, I believe I am fully RFC compliant.
So stop whining about DNSBL. The problem is wider than that, and will not be solved by getting rid of DNSBL. The system isn't perfect, but that is not the issue.
Conversion Rate Optimisation French / English consultant
So . . . only ultra-l337 "information technology" "professionals" like yourself deserve spam protection? And as long as the "information technology" types can avoid it, there's not a problem?
I have been a very loud protestor about collateral damage in news.admin.net-abuse.email. I well understand the problem but I think you over-estimate it. SPEWS deliberately lists non-spam-source IPS - that's collateral damage, that's wrong and avoidable. Take that away and the remaining collateral damage is unfortunate but not severe.
Many have changed how they use RBLs - instead of simply rejecting they send a reply asking for confirmation the sender is a real human. If that confirmation is made the original message is delivered. That seems to be simple, straightforward, and capable of reducing collateral damage to a very low level. It even has intelligence behind it.
I advocate relay spam honeypots (and open proxy honeypots - move with the times, keep up with the spammers). The white paper doesn't even mention these. The WP has the section asking if open relays are necessary. Well, no, they probably aren't. Is there a point? For how many years has there been an effort to secure open relays? Has it succeeded? The fact is that they are there - asking if they are necessary may inform you but it doens't change the situation in any useful way.
For all these years the spammers have been given free access to the relay level - there's a self-satisfying division into the secure systems run by the wise and the open relays run by inept administrators. that division allows the operator of a secure system to condemn the operator of an open relay with confidence - he can strut. Yipee. As a spam-fighting tool it's a close to a complete bust. Well, yeah, lots of open relays have been secured. BFD - there's still enough for the spammers, and RFC 2505 said it would be this way. Yo: RTFM (in this case RTFRFC.)
You want to hurt the spammers? OK, hurt them. It's not like you have to go out of your way - accept and deliver one of their relay tests and the chances are excellent they'll send you spam that you can discard. That's still a secure system, but it has teeth instead of gums.
There's all these people falling over themselves devising elaborate filters. If you simply open up a relay enough to accept the spam but not deliver it there's no filter needed - a non-mail-server system that receives relay email receives close to pure spam - you will never get a filter as selective as that. Accept and deliver the relay tests and you have screwed the spammer. I won't even enumerate all the ways he is or can be screwed but there's a bunch.
If 5% of the Windows systems with network connections ran Jackpot then spam would be dealt a mortal blow:
http://jackpot.uk.net/
It isn't hard, and it does tremendous good. Check it out.
You (ISPs) just need to modify your IP allocation policies such that you put all known spammers in the "ghetto" address range. Said range gets blocked by RBL, none of your more legitamate users notice. The spammers can't complain because they are breaking your AUP (you have a well-defined AUP, don't you?).
People spam because it's dirt-cheap. If spammers had to pay 10 an email, you'd better believe they'd be a heck of a lot more cautious about who they send to.
And a "Stop Buying Spam Products" is doomed to fail, anyway, because it's a numbers game. If 1 person out of every 100 people spammed buys something, then it's probably an outrageously successful campaign.
The fact is, you may be throwing out 50 spam emails a day, but if you see a subject line that speaks to an immediate need, you're probably going to stop, read it, and consider a purchase.
So what you are saying is that we can get Ralsky put in jail, which will become his new company H.Q.
However, if he makes enough money spamming, we could use the money to make bigger jails so that we can imprision the other spammers
HallmarkOrnaments.Com
I'm no programmer, but surely someone could come up with an automated way to handle this. Maybe an evolving-type automated response letter with variables defined as %n for spammer's name or return email address, %p for product they're peddling, etc.
Cruising the internet on my TI-99/4A @ a whopping 300 baud!
... see http://cr.yp.to/im2000.html
Isn't this how a blacklist is supposed to work? I thought the idea was precisely to annoy the honest users, such that they complain to the ISP. If the users know that they are blacklisted because of a spammer, they are likely to either leave the ISP or pressure it to turn the spammer off. It's not nice, but the intent is to get results.
I assert ownership of all trademarks and copyrights on this page.
Instead of running your mail server on a PC running Linux or a low - mid range Sun/IBM/HP/whatever box you have to run it on a Beowulf cluster of E10,000/s390/V-Class/Indian Supercomputers. Perfectly scalable, it's just that your hardware and support costs have gone up by several orders of magnitude.
Stephen
"Don't write down to your readers, the only people less intelligent than you can't read" - Sign on Newspaper Office Wall
A huge amount of spam is being sent through unsecured relays in Asia and South America. Consequently, an overwhelmingly large percentage of the hosts listed on RBLs are in fact based in these countries (see Wired article: Not All Asian E-Mail Is Spam). This amounts to nothing less than discrimination and isolationism that is being used to slowly cut off countries that have a critical importance in global matters
Obviously, if a huge amount of spam is coming from a huge amount of servers in a country, a huge amount of servers in that country are going to get blocked.
How about we drop the sensationalism here?
It's not some conspiracy to block all mail from Asia.
Look, maybe some people need to get mail from Asia, but I don't have any reason to. I'm not obligated to let anyone on the internet contact me at will. I can pick and choose who to block/accept at will. If people in don't want their servers to get blocked, maybe they should deal with their spam problem. I don't have time to fix it for them.
Look at it this way:
The internet is this huge shared network. It has a finite amount of bandwidth and it works because everyone carries data to its destination.
The question here should not be if any nodes should ever get blocked. The question should be: How much junk traffic should a single node on the network have to generate before it happens?
At some point you have to start blocking people. If I start DOSing an email server (almost what spam is), I can expect to have my traffic blocked at some point. Maybe I have to send a million junk messages, maybe a billion, but at some point it's costing too much to carry and process my traffic. Yes, bandwidth costs money. That's just the way a system like the internet has to work. There have to be mechanisms in block to handle the case were a node starts misbehaving. One of those mechanisms has to be dropping traffic from that node.
Carrying junk traffic costs money. Filtering costs money. At some amount of traffic, the cost becomes too high, and you have to block the traffic. Think of it as a signal to noise ratio. There always needs to be some number, at which you pull the plug, because the data isn't worth dealing with anymore.(And filtering it is too expensive)
Any time you share something you're going to need the ability to do this. If I start driving in the middle of a two lane highway, I can expectect to get pulled over and have my license revoked (eventually). It should be. I'm messing up things for everone else and the sensible way to fix it is to remove me.
Life is too short to proofread.
Flood them with responses. A volunteer organization which floods them with answers. Not the answers they want, but answers they nevertheless have to take time to deal with. The trick is not to make spam impossible, but to make it unprofitable.
.001 percent. That's right, .001 PERCENT. Our anti-spam measures actually help her target the gullible. But what if she had a response rate of 1 percent? She sends out millions of spams per day. Say she got 10,000 replies (or her customers did.) Not buying their dreck, but instead asking for more info or some such. Would they be able to find the legitimate responses in the deluge?
and a potential solution. Recently, I read an interview with a spammer. She said that she could make a profit with a response rate of
It couldn't have been easier.
SMTP already has a good way of authenticating who you are receiving email from. It is called the IP address of the machine that is contacting you and the IP sequence numbers of the packets that have to travel between you. All you need is a list of the IP addresses of the people who you want to receive email from and a list of ones you don't.
But, of course, this is what the current blacklists do!
Any email authentication system is going to run into most, if not all, of the same problems that DNSBLs run into. They are also going to have the problem of trying to get the entire world to change.
SPF support for most open source mail servers can be found at libspf2.
--well, wish I knew what I was talking about here, but I'll try anyway, perhaps someone will recognize what I'm trying for. It might even exist for all I know.
I see spam as being an email protocol problem as much as anything else. Too easy, too easy for bots to get addresses now or guess them. The spammers are like drunk drivers on their 15th DUI, lost their license long ago, but are still on the roads. the deal is, we don't really have any road control, there's no traffic cops (and don't want them thankew). So, we need "new roads" that people can use to send "electronic mail" to each other that ISN'T something in common use yet. It needs to be setup so that only people that are trusted by anyone "you" can use. It's this name@someplace.com. See that @ symbol? How about a replacement, and some sort of new way to start "electronic mail" from scratch and build trusted private networks for correspondence, and something that didn't use that @ symbol?
Yes I know this is probably naieve, don't know how to describe this better though. Is there such a critter in existence? If I was living in a floodplain, and had to constantly add to the sandbag piles to keep the water out, and it still leaked all the time, well, I'd just move someplace better. I see the email problem now to be just that, never ending war with spam, anti spam, anti anti spam, anti anti anti spam, etc. I'd rather scrap the whole email thing as it stands and start over with something "better", move OUT of the floodplain. So, I'm asking, where's the "high ground" to move to?
May I be rejecting legitimate e-mail if I block China.com? Absolutely. As a matter of fact I hope I do, I hope I block a whole bunch of them. Further, I'll tell them why.
"The network you're using sends an unacceptable amount of SPAM, there is a plethora of open relays and nothing is being done about it."
China.com admins may not give a rat's ass if I bitch and complain. But if their customer base goes ballistic because their service is unusable for this reason, then something may happen. The best solution? No, the best solution is to drag out and kill:
- Spammers
- Every idiot who's purchased herbal penis enlargement and HGH
IMHOComputer Science is Applied Philosophy
Ralsky. He says, in a Detroit Free Press interview, that he has 50 spam servers in Dallas.
2 .h tm
http://www.freep.com/money/tech/mwend22_2002112
Just try to get the ISPs in Dallas to act with integrity, seek out the spam servers (they should leap out in any traffic analysis) and shut them down. The DNSBL's are close to useless here, it seems. Ralsky spams from Dallas using asymmetric IP routing: he spoofs the IPs of dialup systems from the servers. If anything gets nuked its the dialup account, not the high-speed-linked system that actually sends the spam (the dialups only receive the return packets from the systems that receive the spam.)
(Maybe Ralsky spams from Dallas differently - earlier this year he surely was using the asymmetric IP approach. Ralsky did lose throwaway accounts on three different ISPs because of the actions of one honeypot operator: Michael Tokarev in Moscow. Unfortunately Michael shut the honeypot down in July:
http://www.corpit.ru/cgi-bin/h0n5yp0t )
Getting Ralsky in jail wuld be nice, and he deserves it. Before that it would be effective to so disrupt his spam operation that he experiences a negative cash flow. Honeypots are the way:
http://jackpot.uk.net/
Setting up the honeypots is the first step. Once enough are intercepting Ralsky spam notify the spam advertisers that huge amounts (don't tell them the actual amount) of their spam is being intercepted. Get them in billing disputes with Ralsky. If they also see sales going down (as they should) they may have a flash of intuition that tells them spam doesn't work any longer, and the interceptions are the reason.
But don't stop doing what works for you, of course - add in the honeypot for its effect on the spammers beyond your own system.
For this reason, my email is configured not to download HTML and is blocked from accessing any ports aside from POP3 and SMTP by my firewall just in case...
'SPEWS is bad, so DNSBLs are bad!'
Wrong. I use DNSBLs to block 10,000+ spams/week aimed at my users. I was using static relay REJECTs via the sendmail access file, but could not keep up with the torrent and increasing user complaints.
Aside from the obvious potential waste of time and bandwidth those 10,000 spams represent, much of it is obscene and sent by criminals.
I also track rejected mail and whitelist relays when necessary. This system works very well.
I chose not to use SPEWS due to collateral damage concerns. It's my call. If you are a postmaster, it's your call as well. One size does not fit all. DNSBLs are an invaluable tool.
You are not alone. This is not normal. None of this is normal.
I am admin/postmaster for a small college. Several months ago a new hack was developed that got through my version of sendmail. This was kind of ok because the spammers didn't know I was vulnerable.
Along comes one of the RBL's and test my site. So far so good. But instead of sending an email to postmaster@the-blocked-site they post my IP and a sample of how to use my system to forward spam.
Several days later, on a weekend of course, the spammers started using me. The spammers aren't stupid either. They use the RBL's to find new relays.
I have fixed the problem. However, one small email notification would have prevented several hundred thousand spams. I wonder how many sites have been used this way?
The whole of his argument is "there might be collateral damage". Well duh! Choose an DNSBL (Note: RBL is the name of a specific DNS Blocking List) that has a policy against collateral damage. Some do, some don't. He's complaining that collateral damage hurts innocent parties. Well, he's just done the same thing he's complaining about by damaging the reputation of DNSBL's that don't do collateral damage.
-russ
Don't piss off The Angry Economist
My ass
Once your ISP allows people to test then maybe you'll get off the list of IPs that block open relay testing.
RBL results : 127.0.0.4, Test blockers: Null routed all access
So, exactly why is you, or your ISP afraid to be tested? Oh I see, your stance may be relay testing may well be illegal. Well tough. If someone turns up at your turn and asks for entry you would ask for identification. Your IPs stance in banning relay check connections is equivilant to not producing identification, but demanding entry anyway.
Until you can prove that you're not a spammer then don't expect your RBL status to change, and for those people that block on that status, you won't get through.
I can sympathize with paying the bill and the slow connection, there are solutions though. Building blacklists and te vigilantism that goes with them is nothing more and digital road rage.
That's a consequence of the medium. The openess, lauded one second by techies, is cursed the next. If you don't like the way it works, either change it on your end as you did, or don't use it.
I'm the big fish in the big pond bitch.
Hmm, maybe your analogy isn't sound. For years techies have screamed bloody murder when RL metaphors are used to decide what laws to apply to computer crimes. So don't fault my logic based on your inability to draw a strong analog. No one is breaking into anything. The internet, email in particular is an open, public medium. If you don't like it don't use it, it's that simple.
I'm the big fish in the big pond bitch.
In short, nobody would slow down the spammers and our inboxes would be flooded by spam, even if the filters were 99% effective.
The only way to reduce the amount of spam you receive is by reducing the amount of spam being sent.
Personally I use the SBL and DSBL lists to block mail from known spammers, their supporters and open relays and open proxies.
Spammers have a right to free speech, but they have no right to free speech on my property. If they want to advertise, let them setup a website I can view when I want to. Free speech is about speech in public areas and is not relevant when it comes to private property. Free speech does not trump private property rights. If you think free speech does apply to private property, send me your address and I'll organise an industrial and hardrock concert in your garden.Having said that, I think it would be good if every user could choose for him/herself the filters used on his/her mailbox. If only because the users are likely to choose much more agressive filtering than ISPs could ever setup by default.
It only blocks LEGITIMATE e-mail from servers that may, at some time in the future possibly, be used by spammers as a relay. It does block from machines that have sent spam, but also those that have never done it, just the potential is there. It does not, however, block spam! At least, not effectively.
And, that's where the problems lie. Administrators are putting these things in, assuming they'll stop spam, and then getting pissy when you tell them legitimate mail isn't getting through.
I used to be the e-mail admin for my company. We somehow ended up on the worst of these lists, osirusoft. This, despite the fact that we used SMTP AUTH; YOU COULDN'T SEND MAIL WITHOUT A PASSWORD! And, once you get on one of the lists, you're on them all.
So, I spent the better part of a couple of days going through them all and having to prove I wasn't an open relay. They all but one removed us within a week, but that was a week we couldn't send mail to a few customers.
And, the one that didn't remove us in a week...osirusoft...they took over a month. Every day I went to their site and ran the "autotest". Every day I watched it say, "Relaying Denied, deleting from list". Every day, I watched another "proof" of our spamminess posted onto their list.
And, the idiot admins of the ISPs? "Well, you're obviously an open relay. I see dozens of spams being sent from your site on the osirusoft list!"
BTW, the osirusoft rbl is run by some loser in his basement. Great plan, basing your company's e-mail on some unemployed idiot with a chip on his shoulder.
Look at your spam, where does the majority come from? That's right, AOL & Hotmail. But, your company would NEVER allow you to block from them, they'd lose too many customers. Install an active filter, you'll see better results and less spam.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
I run a spam filtering service which uses DNSBLs along with other measures to reduce the spam that my customers receive. The customers who sign up for this service typically are completely swamped by unwanted email, in fact - one customer has a hit rate of over 60%. Yes, 60%. They had reached the point where their email was becoming useless, so they had to do something about it.
DNSBLs are a valuable tool when combined with other technologies and have a very low 'collateral damage' rate. For example, the customer mentioned above has never called to complain that valid email was blocked even though I remove over half of their mail before they get it.
As for someone's right to run an open relay, I guess they do have the right to run their server however they choose, but that right ends at my door. My server, my T1, my customers asking for help. I explain the risk of collateral damage to potential new customers, and explain they must trust me to make decisions on what is blocked and what is not. I try very hard not to be overzealous and it has served me well because no customer has ever left the service once they signed up.
I'm very sorry if the author of this article was inconvenienced by being blacklisted. But the needs of the many outweigh the needs of the few... or the one. (TM)
You seem to be upset that some groups have demanded that the smaller ISP's and less technological countries do the main work in solving the Spam problem. THEY ARE THE ONES RESPONSIBLE FOR IT IN THE FIRST PLACE. Yes, they may not personally be the people doing it, but they are part of a group that IS doing it. I think Blocking is TOTALLY appropriate Punishment to the Asian Countries for their failure to police their ISP's and fight the evil of Spam. Note, I personally have had my email to a friend blocked because of the RBLs. He gave me a new email address, (at another small ISP) and the problem was solved. If you have that problem, SOLVE it by moving AWAY from the SPAMMERS, instead of supporting them by your lazyness.
excitingthingstodo.blogspot.com
Here's the part that really pisses me off:
"You are receiving this email because you opted in to receive special offers from (xyz.com) through one of our marketing partners...."
Exactly. I might have done business with one of your "marketing partners" in the past. That doesn't mean I'm interested in doing it with you, or any of the other "marketing partners". Usually, I can find what I'm looking for without any marketing assistance, thank you.
C|N>K
It performs a very similar function to Razor, but is a lot more open. You can run your own servers and participate in the global database, or run your own database independently.
http://www.rhyolite.com/anti-spam/dcc
It's easy to do the following: View->Message Body As->Plain Text.
Violla, problem solved. Try that in Outlook, Hotmail, or Yahoo?
If using hotmail or yahoo on your browser, turn off images and javascript in email. This stops the client from acting on any URLs in the mail (i.e. 1x1 images), hence your address doesn't get verified.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Summary: someone tries to send email and finds that they're listed on SPEWS. They complain because "we're not an open relay", without figuring out just why they're on that list. Almost invariably, they're on the list because their ISP persistently ignores spam complaints and prefers spammer money to honest customer money. I think there's been about two or three actual mistakes in the SPEWS listings in the year or so I've been following NANAE. Otherwise, it's all been a legitimate extension of the block because the ISP knowingly ignores complaints and supports spammers.
Wait wait wait, let me quote that again. "it's a legitimate extension of the block because the ISP knowingly blah blah blah." My SMTP server is sitting on an IP block that is being "punished" by SPEWS. My ISP is not UUNet, but another ISP which is a customer of UUNet. SPEWS intention of punishing UUNet by blocking MY IP block is not "legitimate" by any definition of the word. I am not a spammer, and my ISP is not tolerant of spammers. But our upstream provider is. So screw us, we're paying the price for the spam jihad.
Open Relay RBLs, hell yes. That is fair and legitimate. But when you take the power given to you through the trust of those who use your service, and use it to beat down on the innocent in order to further your cause, that is unacceptable. I could spend weeks on the phone with UUNet. Do you think I could somehow convince them to stop supporting spammers? Give me a break. You think I can just switch ISPs? My company does telecommunications with voice lines over a DS3 with a contract with our provider for voice and data service. There is no chance of going to another ISP. So, if in the end I am forced to subscribe to ANOTHER T1, from a different provider, just so that our small company can do business, what purpose does that serve? How does that advance the cause? I am willing to make sacrifices for the anti-spam movement, but I don't see exactly what purpose blocking completely secured SMTP-AUTH non-spamming servers does. I followed the rules. I setup my servers responsibly. I still got fucked over. You tell me that's "legitimate."
Now listen to me very carefully. I HATE spam. I employ several spam filtering systems. I even use open relay black hole lists. I have even gone as far as to write my OWN anti-spam content filter system. I use SpamAssassin, but of course I had to comment out the rule for Osirusoft because Osirusoft uses SPEWS, and otherwise SPAM ASSASSIN ENDS UP BLOCKING MY OWN FRICKIN EMAIL. Here I stand, a supporter of the anti-spam cause, blocked with no recourse by people who refuse to talk to me about why I'm being punished. Whose ideas of legitimate include punishing so many of the innocent that the outcry is supposedly supposed to affect the guilty. (Read that sentence again, Mr. Bollocks) Blackhole lists are fair and legitimate as long as you aren't punishing one man for the action of another, and as long as you provide a method for clear and easy removal once terms have been complied with.
Miles "the only good anti-spammer, is the one who will take you off his damned list when you jump through the hoops"
The following is a list of the innocent businesses around my IP range which are punished for the actions of that worthless bastard Eric Reinertsen.
United Promotions, Inc 65.244.178.0 - 65.244.178.63
Affordable Computer Supply 65.244.178.64 - 65.244.178.95
Enpro Services Co, INC. 65.244.178.96 - 65.244.178.127
Verestar/Atlanta-GA 65.244.178.128 - 65.244.178.143
No More Forms, Inc. 65.244.178.144 - 65.244.178.159
Component Distributors, Inc. 65.244.178.160 - 65.244.178.191
Broadband Wireless Communications 65.244.179.0 - 65.244.179.255
Cemtec USA 65.244.184.0 - 65.244.184.31
ALLSTATE INSURANCE/PAUL BONOMO 65.244.184.32 - 65.244.184.39
CPH Engineers Inc 65.244.184.40 - 65.244.184.47
Conrad Yelvington Dist, Inc. 65.244.184.64 - 65.244.184.79
Optimum Nutrition, Inc 65.244.184.80 - 65.244.184.87
Teckn-O-Laser 65.244.184.96 - 65.244.184.111
Badcock Home Furniture & More 65.244.184.112 - 65.244.184.127
The Thornestone Group 65.244.184.128 - 65.244.184.143
Talk Visual, Inc. 65.244.184.160 - 65.244.184.191
College Park Campus Partners 65.244.184.192 - 65.244.184.255
Florida Family Mutual Insurance Company 65.244.185.0 - 65.244.185.255
PEPSICO 65.244.186.0 - 65.244.186.255
YOUR INFO INC 65.244.188.0 - 65.244.188.255
Orex Technologies 65.244.189.0 - 65.244.189.63
NDS INC. 65.244.189.64 - 65.244.189.95
Intermedia / Fightertown USA 65.244.189.96 - 65.244.189.127
Delphax Technologioes Inc 65.244.189.192 - 65.244.189.207
ALLSTATE INSURANCE/KAYODE OKEWUSI 65.244.189.208 - 65.244.189.215
ALLSTATE INSURANCE/PAUL SMITH 65.244.189.216 - 65.244.189.223
ALLSTATE INSURANCE/NEIL DOBBS 65.244.189.232 - 65.244.189.239
Intermedia / Haynes Brothers Furniture 65.244.189.240 - 65.244.189.247
ALLSTATE INSURANCE/JERRY HAIRSTON 65.244.189.248 - 65.244.189.255
FIDELITY NETWORKS INC. 65.244.191.0 - 65.244.191.127
ALLSTATE INSURANCE/JEFFREY STERN 65.244.191.128 - 65.244.191.135
Radiology Group / East Ridge Hospital 65.244.191.136 - 65.244.191.143
Trimeris, Inc. 65.244.191.144 - 65.244.191.159
ALLSTATE INSURANCE/DEANE LONG 65.244.191.160 - 65.244.191.167
custardinsurance 65.244.191.168 - 65.244.191.175
ALLSTATE INSURANCE/ANGELA RAGAN 65.244.191.184 - 65.244.191.191
ALLSTATE INSURANCE/ DERRICK MADDOX 65.244.191.192 - 65.244.191.199
ALLSTATE INSURANCE/TIM BOYCE 65.244.191.200 - 65.244.191.207
ALLSTATE INSURANCE/PAUL STOVALL 65.244.191.208 - 65.244.191.215
Hamilton Risk Management 65.244.191.216 - 65.244.191.223
ALLSTATE INSURANCE/JIMMIE BROWN 65.244.191.224 - 65.244.191.231
navigant 65.244.191.232 - 65.244.191.239
ALLSTATE INSURANCE/RONALD BARNES 65.244.191.240 - 65.244.191.247
ALLSTATE INSURANCE/THOMAS FITZPATRICK 65.244.191.248 - 65.244.191.255
Money Line Direct 65.244.193.0 - 65.244.193.255
KELLEY DRYE & WARREN L.L.P. 65.244.194.0 - 65.244.194.7
Senn Palumbo, Meulmans 65.244.194.64 - 65.244.194.127
Systrends, Inc. 65.244.195.0 - 65.244.195.127
Skytell 65.244.195.128 - 65.244.195.143
BMR Neurotech 65.244.199.48 - 65.244.199.63
Metro Republic Commercial Services 65.244.199.64 - 65.244.199.95
Call Catchers 65.244.199.128 - 65.244.199.159
The author of the article is yet another person who misunderstands the problem. The problem is not how to prevent the delivery of spam; that has already been solved. The problem is how to get the ISPs hosting the spammers that continue to eat up our bandwidth to disconnect them from the network. Decent ISPs will just do that upon the discovery they have spammers. And it is acceptable to slap their hand once or even twice, but three spams and you're out. The problem is many ISPs are not decent at all, and will only act upon a financial incentive. Blocking the whole ISP is what is required. DNSBLs such as SPEWS are doing that incrementally with the intent to minimize the number of others affected for long enough to show to the ISP that they had better get rid of the spammers. At this point most ISPs will realize they will lose customers in the future, and will get rid of the spammers. A few will be stubborn, and will eventually have their entire address space listed. Not only do we not want mail from spammers, we don't want mail from anyone who supports spammers. And if you are paying money to an ISP who runs in turn is providing services to a spammer, then you are indirectly supporting spammers through financial benefits, such as the ISP offering the spammers lower rates through economy of scale. And do not forget that if you are doing this, that you and your ISP are benefitting off the costs incurred by others. All this article is, is a reflection of frustration by an individual who just doesn't get it, that he needs to either turn his ISP around to be a decent member of the internet community, or he needs to switch to another ISP. It looks like a lot of work went into it, but the premise being all wrong, the article is worthless and offers no solutions.
now we need to go OSS in diesel cars
I suggest you grow up.
DNSBLs function to block spam, not to punish.
As to who is responsible, an intelligent analysis would reveal that those who herd-like joined the "secure all open relays" crusade without even bothering to read the RFC (2505) that said that was a failed approach are more to blame - they pissed away years that could have been spent in an effective battle against spam (which would have been long gone if that had been done.) Now the herds follow SPEWS - more years of ineffectuality are being risked.
It is smaller ISPs and less technological countries that are to blame? Let me just mention a few entities that stand in stark contradiction to your claim: the United States, Worldcomm (uu.net), Broadwing, Sprint, Verio, Starnet, Rackspace. You gonna tell me that the 50 spam servers Ralsky uses in Dallas are on a smaller ISP? OK, name it - let's start telling them to act. I don't care if it's big or small - name it. I'd like to know.
Still, I agree that the case made against DNSBLs by the web page is weak - too weak to heed. I loudly oppose collateral damage but I see no evidence that it is rampant.
How was SpamCop missed in the "research" ?
By the stated definition (Technology, 1) there is only the act of theft but no such a thing as a thief ?
For the writing to be taken seriously it somehow needs to add some value to an intelligent discussion. Just stating that RBLs are not perfect is like stating that operations and amputations have drawbacks.
I have been using DNSRBLs for a while now. I can say for a fact that in the past 5 months our mail server (75 users) has had 0 legit emails blocked. There were 2 emails blocked by two of our corporate customers because they were running open relays. I count those as legit because clue sticks were applied very fast.
Let's assume that those 2 emails were totally legit. That leaves me with 2 emails that were blocked out of approx 15,000 emails that have gone through this server.
I'm sorry if this guy is dealing with users who are using ISPs/working for companies where the mail admin's obvious job qualification was "I have a computer at home", but I am not going to subject my users to crap email any more than I have to, nor am I going to waste my bandwidth processing messages from con artists.
If this guy does not like it, tough. It is my mail server. I am in charge of it. My users all appreciate not walkin in the office Monday morning and having to sort through 300 emails trying to sell them fake viagra.
Oh-oh. "Double opt-in" is usually spammer-speak.
One line blog. I hear that they're called Twitters now.
Whether you regard this as an abuse of the system or a clever twist on it is your opinion, but I believe that most people are not aware of this usage and would object if they did.
Given most people's relative ignorance of network issues, "fixing it" by firewall configuration is not an ideal solution for the masses - and not using email at all is a little unrealistic for most. Having email clients that do not downloading HTML links for remote servers *by default* would be a good start, but without a widespread education programme (an Internet driving test?) most users are going to fall prey to further tactics of this nature.
Thinking about this (and having visited your website), I'd be really interested in seeing you spell out your logic. You say that you permanently block people who threaten to sue. Presumably those are people who are spamming? In that case, I can believe that you are within your rights not to receive their mail. For that matter, I can believe you within your rights not to receive anyone's mail.
If I was going to sue anyone (which looks unlikely, since we have only had one very short-lived SPEWS-related problem in over a year), it would not be for refusing to receive my mail, it would be for sending rejection notices that tell people that I am a spammer, which I am not. Exactly what is your problem with that? Has any innocent party ever tried litigation on that basis? If companies can be sued for the content of their websites, I really can't see how spreading damaging lies by automated email can be an acceptable activity.
Of course in this case, you are blocking my domain because I dared to express a point of view (which the moderators don't seem to dislike too much) in a discussion forum, despite the fact that our company has never sent a single spam, and I have never actually threatened you or any other company with any form of litigation. Have you seen Minority Report? If so, you appear to have been cheering for the wrong guys :-) This is the sort of orwellian behaviour that would normally result in a shock-horror article for YRO...
Virtually serving coffee
Blackhole lists right now focus on the open relays. Why not focus on the original spammers themselves? Becuase the SMTP protocol doesn't allow for it. The fact is, you can put whatever addresses you want into the From: and Reply To: fields. There is no accountablity to assure that the return addresses are owned by the person who sent the message, or even that such addresses even exist. If mail servers were required to "stand behind" the messages that they sent, receiving server can call back the sending server, basically to ask "Did you really send that?" If the server denies sending the message, or the server doesn't exist in the first place, the message gets canceled and is never delivered to the named user. This would end the cloak of invisiblity for the spammers. They'd have to either use a traceable user account at their ISP, or spam only from their own domain. No traceroute required, an autheticated username and domain show up in the From: line. This would cut down the collateral damage, because instead of blocking by IP address or netblock, the block would be by username and/or domain. What's more, really reputable ISPs could kill most of the spam in the time delay between the sending and the reading, as it would simply be able to refuse to authenticate the messages after being told they were spam. If the ISP doesn't, a retroactive black hole can lock out offending user accounts without having to lock out whole domains, unless it is determined that the domain belongs not to a multi-user ISP but a single-user spammer.
I have a serious spam problem on my server. I have a couple of users who are amazingly profligate with how and where they share their e-mail address, and it has turned my server into an interesting anti-spam lab.
I tried the RBLs, but in my experience, they only work if you are reasonably careful with your address. Once you get on enough opt-in lists, you get so much spam from legitimate servers that RBLs don't work anymore.
The final answer has been to use a Bayesian filter which tags messaages for filtering on the client. I'm using bogofilter, trained with a message corpus of about 10,000. This has been the only thing which has really worked, and the client side filter provides a safety valve against false positives. (Although, to date, I've had no false positives).
Zero legitimate email, but those Russian babes did seem pretty hot. :^)
One line blog. I hear that they're called Twitters now.
Even if only implemented at a server level (verification of host/sender) this could remove a good deal of spam - and could do that on a per host basis.
For the most part its not hard to do either.
It will be hard to get done. At an individual level everyone needs to get the right software and keys. This won't be easy. Nor will it be easy to get governments - filled with politicians who are more likely to label any cryptographic services as helping terrorism or anti-government activities (and who may well have sold their souls to the spammers) to agree. And I can easily see the spammers suing people to try to prevent them from using this (more a problem at the server level - the idea of spammers filing a million or so suits against individuals just makes me grin - Spam Lawsuits).
Then too, if cryptographic services are available many people might just encrypt their email - and the folks in power would like that even less.
Key distribution is also a problem in the case that you might want to add someone to your accept list - you need to verify their identity somehow.
So its a great solution. It would probably work. And its unlikely to occur.
How would you know troll? You don't get spam.
One line blog. I hear that they're called Twitters now.
Yes, DCC looks very promising. My university uses it and I have never seen it mark a message as spam when it wasn't (this is very good).
It often misses spams, but as more people run DCC servers the detection will improve. Detection also improves as spammers target more recipients at once - in a way, they're announcing their presence to the system.
Keep an eye on this one! See the dcc FAQ.No, your email isn't blocked. Were it blocked, it'd never leave your mail client. Here's what REALLY happens. Your email leaves your mail client, and goes to your ISPs mailserver. You have a contract with them, so they accept it. Then THEY try to send it to us. Now, at this point you're dealing ENTIRELY on OUR hardware, OUR bandwidth, and OUR good graces. Those of us who are SICK AND FUCKING TIRED of having 100x more spam then real mail have quit accepting mail from well-known spammers.
As long as you DIRECTLY support spammers by continuing to use a spam-friendly ISP, your mail will be blocked. Period. You subsudize the rape and pillage of my mailserver and the mindless wasting of my time. And you really have no choice but to move. Wah. Because the alternative is for EVERYONE ELSE ON THE FUCKING INTERNET TO CHANGE THEIR EMAIL ADDRESS EVERY MONTH SO IT'S NOT ON THE SPAMMERS LISTS. DO YOU UNDERSTAND THE COST SHIFTING INVOLVED HERE? IS THIS LOUD ENOUGH TO GET THROUGH?
YOU are DIRECTLY responsible for sending me "Young horny teens get f**ked by a horse with a 31 inch c**k!" (Yes, really *'d out in the message)
Spamassassin is useless. Spammers tune their spams to be under the 3.0... you can't really filter harsher then that without blocking legit mail. The fact that it's open source only makes about a 1 week difference anyway. (Closed filters like hotmail/AOL/earthlink get bypassed in about that long)
The 'bayesian' solution is cute, but dosn't really work beyond an individual level, which means that everyone gets to spend hours sorting through spam (and it still slips through). It also fails because it's looking at single-words. If a friend sends me a mail that includes just 15 poorly chosen words, it gets blocked. If someone implements a two-word version, it may work better.
Add to the fact that a single legit email blocked means you have to read through EVERY spam-marked message looking for more.
So far, the only solution that's made my email workable is whitelisting. And THAT is a lot fucking worse then the RBL. If you're not on my whitelist, you don't talk to me. Period. No Chineese. No Koreans. No Brazilians. No Dutch. No AOL users. Nobody from a small ISP. You're ALL off the net as far as I'm concerned. Nothing that's not a reply to an email I sent. My email is useless for you, but it works for me.
(That's actually an overstatement. I do read the discard folder. Once a week. With the 'd' key. So if you don't invite me to see your webcam, I may read your email.)
People who email me for the first time will get a "please confirm" message to get their email address into the whitelist. This request is sent automatically and the response is processed automatically, so it requires none of my time.
The bandwidth cost is the biggest thing. Every spam I get creates an outgoing "subscription request" message, and usually a "no such user" bounce because spammers almost always use bogus From and Reply-to addresses. The impact is pretty trivial for me on my DSL-hosted SMTP server. I'm not sure how it would scale for an ISP. But, if it cost a dollar per user per month... it works well enough that I'd pay that if I had to. Heck, it's half the reason I'm paying an extra $20/month for static IP address.
An PKI-based authentication with support at the transport level would be even better. In the meantime, this approach works for me, and it works really, really well. I get about a hundred messages a day, and about one spam per week.
Build stuff. Stuff that walks, stuff that rolls, whatever.
he spoofs the IPs of dialup systems from the servers.
Bzzzt! Thanks for playing, but you cannot send SPAM (or any other kind of email) using a spoofed IP address. SMTP rides over TCP, which requires a handshake prior to establishment of a session. And this requires a real IP address, because the initiator must reply to the reply, before any higher layer data can be sent. Nice try, though.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Ummm, its not that hard in Outlook Express either
Tools->Options->Read tab
[x] Read all messages in plain text
What's a sig?
To become so widely blocked your ISP had to ignore complaints. Acting slowly is most definitely their fault. If the spamming customer paid his bills first so they were "forced" to allow him to continue spamming it is still their fault for not having a proper acceptable use policy. There is no reason why their policies can't give them the leeway to kick off any customer found to be spamming at any time without a refund. Some ISPs even charge a cleanup fee.
Some experienced sysadmins do not endorse SPEWS' wholesale blacklisting of entire netblock neighborhoods. Those admins choose not to use SPEWS RBL, but may choose to use RBLs that cause less collateral damage. Some experienced sysadmins use SPEWS RBL because they do endorse SPEWS' clearly documented process which bears many similarities to economic extortion.
Many inexperienced sysadmins use osirusoft (e.g via SpamAssassin) without knowing the difference between SPEWS and other RBLs aggregated by osirusoft. Without knowing that difference, these inexperienced sysadmins unknowingly endorse SPEWS' clearly documented process which bears many similarities to economic extortion.
One answer is a SPEWS whitelist + reciprocal blacklisting. Create a whitelist of SPEWS-blacklisted-but-collateral-damage IPs which have *never* been accused by SPEWS (or other RBL) of spamming. When an ISP causes collateral damage by enforcing the SPEWS RBL against a presumed-guilty-but-never-accused IP that exists in the SPEWS whitelist, ask the individual sysadmin to use the SPEWS-collateral-damage whitelist.
If an individual sysadmin uses the SPEWS RBL but chooses not to use the SPEWS-collateral-damage whitelist, they would be endorsing SPEWS clearly documented process which bears many similarities to economic extortion. Such explicit endorsement will earn such individual sysadmins membership in an IP blacklist of "sysadmins who support SPEWS' clearly documented process which bears many similarities to economic extortion". This blacklist would then be enforced by sysadmins whose IPs are SPEWS-blacklisted-without-spam-accusation .
This unbundling mechanism provides a technical means for individual sysadmins to endorse SPEWS valuable spam-fighting contributions without endorsing SPEWS' clearly documented process which bears many similarities to economic extortion.
Long-term, the solution is pseudonymnous, non-profit TLS certificates for SMTP servers with social (not economic or calendar) seniority (c.f. Apache Incubator). The economic variety exists at bondedsender.org, along with whitelist patches for popular open-source MTAs.
Instead of a single global list, would you rather your upstream's IP holdings be placed in the filters of thousands of individual ISPs? That way, when your upstream cleans up its act rather than being delisted from a single source, they'll have to be delisted from thousands of different sources (many of whom won't bother to fix their lists).
STOP MISUSING APOSTROPHES, YOU MORONS!!!
The problem is not you making a personal decision to create false positives for yourself. The problem is other people making decisions for you which block mail which is not spam without your knowledge.
The problem is some ISP between you and your friends/family/coworkers deciding that your friends'/family's/coworkers' mail is spam without you having any say in it.
The idea is that YOU should decide what false positives to deal with, not a government or an unaccountable entity like an ISP.
The legitimate part of the email list industry responded with "double opt-in" to indicate that the listbot sends the recipient a message saying "you or somebody pretending to be you asked to subscribe you to the list, click here or reply if you really want to be on the list" and doesn't add the user to the list if they don't confirm. Most legitimate mailing lists bots do that, though some don't bother. Spammers occasionally claim to be double opt-in, but that's just because they're liars.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If you're an individual user, a computation-intensive spamassassin approach can do a really good job of blocking most spam and blocking very little non-spam. But if you're an ISP or Mail Service Provider, having a conservative RBL can save you a lot of resources, including bandwidth and computation, by throwing away the high-volume relay-abuse spams with as little work as possible, saving the more complex work for mail that's less likely to be spam. (By conservative, I mean "trying to only block actual relays and other known spammer systems", as opposed to "broad-spectrum insecticides and lists that do collateral damage to pressure ISPs or harass their competition.") That might be a 25-50% reduction in total email that the ISP needs to handle, but from an instantaneous-resources standpoint, it's probably higher than that, because spam tends to come in high-volume blasts, while real email is mostly Poisson arrivals. And if an ISP's failure responses are the "Temporarily inaccessible, try again later" type as opposed to permanent rejections, real email systems are much more likely to try again later than spammers are (though of course open relays may still try again later, because they're just mal-administered, not necessarily broken.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I don't know quite how many people use AOL, but it's about 30 million, plus or minus 50-200%. That's about 200 times as large as XS4ALL. Most of the other big US ISPs have somewhere between 1 and 10 million dialup users. I don't know how many people Hotmail and Yahoo provide email for, but most of those accounts are disposable and low-use. On the other hand, the ISP I use for my email and web page has somewhere around 1000 users, maybe a bit more, so XS4ALL is about 100 times as big :-)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
A number of the Unix email systems let you get a similar effect by tagging addresses - myusername+tag1@example.net, myusername+tag2@example.net, etc., though sometimes the separator is a "-" or a "+" or something else, and sometimes web forms choke on the separators, and mail forwarding systems don't explicitly support them, and too many humans aren't good at copying them correctly (which has been the real limitation, unfortunately.) You have to discard the abused addresses in your mail client or procmail instead of rejecting it from sendmail or pointing the mailbox to /dev/null, but it otherwise works the same way as the domain solution. Also, if anybody sends mail to myusername@example.net, without the tag, you'll probably get it, and spammers can figure that one out.
Fastmail.fm has a nice intermediate solution, using third-level domains. If your account is username@fastmail.fm, you can use username+tag@fastmail.fm, or you can also use tag@username.fastmail.fm, which works well in web forms and people seem to be able to copy accurately. (They also seem to be much more generally clueful than most webmail systems I've seen.) Their system runs on some kind of Unix system - I think *BSD rather than Linux, but it's at least a flexible and stable enough environment for them to build mail handling tools.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Read the above post more carefully. The spammer was successful in spoofing the IP address of a TCP session, because he controlled both the dialup account and the high-speed account.
SYN from the dialup account.
SYN+ACK from the helpless email server back to the dialup account. Dialup account now has observed both sequence numbers.
ACK from the dialup account, and the SMTP transaction begins.
As sending mail consists mostly of uploading, upload packets to the server are forged from the high-speed account to the server. The dialup account only needs to receive the ACK for the sent data, and the SMTP responses from the server. The spammer uses both the dialup and the high-speed accounts in tandem to keep the connection alive, in effect intentionally hijacking his own TCP connection.
Very clever! The spammer must have had some help in setting up a scheme like this. I don't think he'd be smart enough to write the software on his own.
Dr. Demento On The 'Net!
There are a lot of ISP's that only allow their own email adresses to pass. I think OP is hinting on this.
If there are a lot, then you won't mind listing some of them, right?
Links, please.
If there were any decent ways to block spam without resorting to the netblock method, We would gladly use it
Cut off their income by billing people who respond to spam. Last time I suggested this, everyone said it couldn't be done, so please forgive the detail. All you need to do is build a database of spam messages (which already exist), extract the 'click here' addresses (about 3 lines of perl), scan the http log of the gateway your customers use (another 3 lines of perl), pick up the dynamic IP address of the machine requesting that page, find out which user it was and bill them.
I would start with three warnings followed by a bill of $5 a spam reply. For paying accounts, you debit their card. For free accounts, you close them after 3 violations. The point is that 99% of people will get the message after one warning, and certainly after one bill. Spam revenue plummets, game over.
Of course ISPs might not want to do this in case it upset their customers. It's much better upsetting my customers. But, as you appear to have conceded, this isn't about Joe Internet user, it's about reducing bandwidth for ISPs.
BTW, if RBLs are such a staggeringly great idea, you would expect ISPs that use them to be 2 to 3 times cheaper than those that don't, because their overheads are so much lower. Is this the case?
Virtually serving coffee
Ok, this guy is seems to be a particularly motivated victim of collateral damage. His paper was pretty much accurate though.
RBLs are primarily a reactionary measure. Sure spammers would keep sending spam from the same server if it were allowed, but they keep getting many accounts all over the world to send from. RBLs are like killing fleas with a hammer. You can't hit them fast enough to keep up, and what about the dog?
Users should not have to deal with being collateral damage, or having their mail arbitrarily filtered before it ever gets to them. Rural internet users may only have one ISP to choose from that's not long distance.
The only real solution to the spam problem is going to be in SMTP itself.
Given then the AGIS netblocks are effectively black holes now, which ISP do I avoid in order to not get assigned one of these cured IPs?
Yeah, I missed that little detail in the parenthetical.
Has anyone ever killed a spammer and claimed self-defense or justifiable homicide? Sure wqould be nice if Ralsky and other swine like him moved on to the next plane of existence.
I'm planning on putting up TMDA and some DNSRBL support on my server at home.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
I know for sure that European cable ISP Chello does.
No link? (I went to www.chello.se, but I'm english-only.)
How do you know? Do you have a chello.se account?
So (at best) that's one unconfirmed.
Last time I checked, "lots" generally meant more than (at least) one.