Slashdot Mirror
ISPs That Actively Combat SPAM?
The Llama King asks: "Like a good netizen, I do my part to report spam. But most Internet providers merely respond with a canned e-mail and it's hard to tell whether action was taken - or when. I know a lot of abuse desks are overwhelmed and spammers can get a free ride if they pick their targets carefully. Occasionally I'll get a personalized response, and even notification that a spammer's access and/or Web site has been nuked - but that's rare, and seems to be getting rarer. What ISPs are best at responding to spam complaints in a timely fashion, both in terms of killing e-mail accounts and shutting down sites that have been spamvertised?"
Why, AOL of course!
Schlund+Partner AG and 1&1 Internet AG, they have build a nice testing system and operate a hugh blacklist (sadly non public) here is the link
But complaining about spam is like pissing on a forest fire. I've accepted reality and now I just filter it with Spam Probe. The only way spam will stop is with a law and hefty fines.
If tits were wings it'd be flying around.
The failure rate of spam filters is still 1 to 5%. This is a fairly large ammount of email if you count how many of these are transfered each day. I don't want any of my personal emails being blocked as spam because that friend of mine used a phrase like "I got that job which pays me really good".
What we need is
- better laws concerning internet privacy
- shutting down of spamming machines
- getting these spammers understand somehow how much we appreciate their spam and at what extent we read it. That will make them less interested in spam.
One would think that the remote sender would complain to their mail admin first and they would get it fixed (distributed debugging, if you will). But no, they bitched to the person on my end (even though postfix's default boune messages are pretty self-evident) and then I'd end up adding an exception.
Initially, I would email {post,host}master@ the offending domain. While some were thankful for the notice, most either ignored me or flat out refused to add a rDNS entry for the mail server. Granted, it's not required by RFC, but in my opinion legit hosts should have DNS entries.
(And no, I can't just ignore the problem. When the person who writes your paycheck looses email, you're fighting a loosing battle.)
Actually, I gave up using reject_unknown_client today, except for large domains which are configured correctly (MSN, Hotmail, Microsoft, etc.) and a handful of Asian netblocks.
So back to the OP... I wouldn't hold out for admins to take care of the spam for you, especially if they're with a company you don't actually work for.
Method of processing duck feet
These days if I get a response it's from Hotmail. Small ISP's also have the time for this, but small ISP's are small ISP's and tend to not require the manpower of the likes of Speakeasy, Earthlink, etc. for their basic operations - so accordingly when the occasional spammer buys usage on a small ISP, and they disuser him, they can respond to the complaints en masse and say "we got 'im, sorry 'bout that".
I think the biggest reason for this is owing to the fact that dealing with spam is unto itself a laborious task. I suppose you can set up a filter for the local abuse address to bounce around email pertaining to a specific case, but first you have to identify the case - a filter won't drop in place by itself. Then, when the problem is pinpointed to the user, you have to (in no particular order) eliminate the account (easy enough), kill the user's dialup session if necessary (why get the DSL or the T1 if you know it's going to be killed the second you start spamming?), and block his port 25 access so he can't send mail. Maybe send a little courtesy message saying "All your base are belong to us" to the spammer as you nuke his account, or set his account to download mail precisely once, and he promptly loses his connection after that. After all that's done, then you have to draft up a reply or send a canned message to the complainers.
In short, you can't win, and it sucks royally.
This sig no verb.
The fact that you didn't get a response from an ISP when reporting a spammer shouldn't be taken as an afront. Any ISP with a large subscriber base is almost certainly deluged with spam reports and some/many of them are false reports from clueless users. Think of the reports that flood in when the Outlook worm du jor starts filling peoples mailboxes with crap. Think of all the complaints that flood in about real spam, penis enlargement, earn cash now, Nigerian needs help.
The ISP staff is not capable of answering each message individually. At best they will scan through the reports that they get and act on the ones that they think are legit. But, they have another hundred thousand to process after that so, don't expect a personalized response and, if you're looking for some kind of credit or pat on the back for reporting it, just forget it!
Most large ISPs today subscribe to inbound RBLs as well as possibly doing some local filtering with the likes of SPAM Assassin. But, they can't be too restrictive in their policies as there are actually people who subscribe to lists and expect mail that any normal person would regard as pure spam. A growing number of ISPs are actually implementing user configurable spam blocking lists so you can set your own rules.
These same large ISPs usually don't hesitate to act if the spammer is one of their own subscribers. The accounts *are* terminated. But, because of the scope of the problem, it is a thankless and never-ending battle that they trudge through with resentment.
If you have a *serious* spam problem and *must* get the ISP to act on it, the best way is going to be via telephone but, you will have to work to get past level one tech support.
My personal experience is that IOCom is one of the best in responding to/nuking abusive accounts. They are also very heavy into protecting a customer's privacy (so be prepared to prove abuse, not just random accusations). I have been with them for about 7 years now. I was with them when they were still a BBS that offerred internet access. For a good read into WHY they protect customer's privacy read here.
"...we dont care about the economics; we just want to be able to hack great stuff."
Where I work I do my best to handle every spam complaint properly but due to volume of abuse email at times it can be kind of hard. Most complaints i get end up being miss configured servers. Personally I just run all my spam througha filter that a friend of mine wrote that works great.
I noticed about a week ago that more than 90% of my incoming spam was originating with rackspace.com customers. That was more than enough to grab my interest. I complained using spamcop.net, as always, but that didn't do anything. So I personally emailed the appropriate people at rackspace.com. They ignored this. Eventually, I found a 'live chat' function on rackspace's web site and used that to talk to someone. They claimed they'd 'look into it' but my deluge of spam continued. I complained over the next several days and eventually, just blocked all IPs controlled by rackspace.com. I understand it was only a couple of their customers but seeing as they were providing access to known spammers and they simply couldn't be bothered to help me out even a little bit, I didn't feel bad banning all their IP addresses.
Oceania has always been at war with Eastasia.
It hasn't happened in a while, but any time I got a complaint about a customer spamming that checked out, I cut off the account immediately. This was happening about once a month for a while -- people signing up for throwaway accounts and spamming the hell out of them until they were cut off. One morning I checked my email and found spam that was sent from one of these accounts. I was able to log in, lock the account and kick 'em off our modems. That made me feel good.
As for responses to complaints: we'd get a lot of complaints when one of these episodes happened (usually through the good offices of SpamCop, who Truly Rock), and it was impossible to reply individually to each one. I took the initiative and installed Linux (had been W98) so that I could use Mutt, with all the automation that implied, to send canned responses to let people know that someone's listening.
There are two big reasons for any ISP to respond aggressively to complaints about spam:
First, it's death to end up on a blacklist. The number of complaints would be astronomical, and if you're not lucky enough to be dealing w/a blacklist with defined ways of getting off it, you're stuck either waiting for people to decide you're honest/have suffered enough, or living with random chunks of email bouncing. Have a look in news.admin.net-abuse.email (I think that's the right group -- check Google) sometime and read the complaints from people who have been blacklisted. There is no sympathy (or at least very little) in that group for anyone who is blacklisted (whether there should be sympathy is another question).
Second, and arguably more importantly, spam is just plain wrong. There were the comments of the head of an old ISP -- The Well, maybe? -- a while back; he said that for any other entity on the Internet, a DDOS on the scale of spam would be Big News and would result in action. But email, for some reason, just doesn't rate a damn. People are drowning in the stuff, but so are mail servers, and the ISPs that run them, and the admins who take care of them. Check out my journal -- we had to spend $ on getting a new server, plus my time to set it up, just to keep our customer-facing mail server from falling over from the sheer volume of the stuff. That's fucking insane, and the idea of contributing in any degree to someone else's version of that story should make anyone sick to their stomach. It is such a waste of so many resources.
So for me at least, the moral and economic incentives to take action on spam are huge, but the volume of complaints for any episode usually prevents me from replying personally. I can only imagine what it would be like for someone at AOL or Sprint or what have you. YMMV.
Carousel is a lie!
Are those ISPs vegetarians?
SPAM is canned meat, while spam is aka UCE.
I suffer from attention surplus disorder.
1. No open relays....
2. Stop accepting unverified free accounts on things like yahoo, and hotmail.
Let me expand on this, in my vision the account would be able to accept all the mail it wants, and it would be able to respond to mail it received. However inorder to send cold mails, some verification of the users real existance would need to occur(real world address or something like that). Of course it also wouldn't hurt if sending more than a few address at a time from such accounts were disallowed.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
my Aunt that forwards me every damn joke she gets. Yes, of course she uses AOL.
*sigh*
We must make no distinction between the spammers who spam us and the ISPs who harbor them. Preemptive strikes must be made upon any ISP responding to spam with a canned e-mail.
Why not start off with whitelisting? Add some extension to SMTP that would sign outgoing mail with a domain certificate. Old, noncompliant software could ignore the extension. Newer versions could verify the signature and bypass the spam (message content) filters, but check the domain name against a domain blacklist. Once a domain was found to be a source of spam, it could be added to a domain blacklist (or better yet, request that they get put on the CRL!). Eventually, you'd get to the point where you (the mail server admin) would feel comfortable requiring all domains to sign their mail to you.
How about it, guys? (I looked, and this was the closest thing I could find.)
The best response I got after complaining about a spammer (from rcn.net):
:)
The account is now free to extrapolate on the finer points of my
wastebasket. It was cancelled as of 4/21/00. Have a nice day
Cheers,
Torquemada
If only all complaints received this kind of attention.
demon
-----
Nothing is ever a total loss; it can always serve as a bad example.
Hate DNS.
One of the unpleasant aftereffects of 9/11 is the flood of computer security consultants on the market. To less-than-competent security folks, reverse DNS is considered to be some sort of security hole.
I'd expect to run into this at larger corps and government more than in small or midsize companies.
Conformity is the jailer of freedom and enemy of growth. -JFK
both allow you to turn on their spam elimitaion software. I use it it does help, but its not enough IMHO. I like yahoo's block user setup.
Only 'flamers' flame!
I run a mail setup that actively scans for viruses and spam for about 30k users. about 60% of our incoming mail is blocked by using spamcop.net, spamhaus.org, and ordb.org.
I also do the abuse mail box, and we get about 40-50 complaints a day. most of these are clueless grandmas that have no idea what they are doing. some are automated messages about viruses on their corporate lan sent from our network. About once or twice a week, I get an actual problem that I can do something about.
I can imagine if i had 10x as much work, i would probably not respond to any of it.
Why read the article when I can just make up a snap judgement?
I don't know much about them except that they're in Ohio, and that's just from going to their site a second ago. But my mailserver received spam from a mailserver on one of their IPs shortly after noon yesterday.
I fired off a forwarded copy to their "abuse" address at 12:22pm. I received an auto-reply instantaneously, and then at 1:59pm the same day I received the following message from them:
"We have traced the originator of this spam and have taken action according to bright.net policy. If you should experience further problems, please don't hesitate to let us know."
Needless to say, I was pretty impressed, both with the blazing fast turnaround, and the fact that I actually got something other than an autoreply from them-- with the big boys, you never feel like anyone is reading your spam reports. It was very nice to hear that my report actually had an impact, and some asshole spammer has been smacked down because of it.
~Philly
My ISP labels my spam quite accurately by inserting **** SPAM **** in the subject line of all offending messages. It has never marked anything I actually wanted, and what it misses, Mail marks as spam for me (under OS X...). I just set my filter on Mail to delete messages with the *** SPAM *** thingy inserted, so i recieve nearly no spam.
Second notice offending ISPs include:
I generally block China attacks without sending a notice (because there's no whois information for who to complain to - and abuse@ often bounces). This has proven to kill a LOT of SPAM. The spam houses that proxy off of Chinese servers can't scan my site for addresses, and the SPAM mail servers won't get through. I don't even bother filtering mail on that server as blocking formmail scanners' domains pretty much kills 90% of them.
The only time an ISP will really truly care is if an existing paying customer complains that there are spammers on the network they are hosting from.
This is a very valid complaint. Someone above mentioned they just blacklisted rackspace.com. I wish every rackspace.com would call their account rep. and give them a lot of trouble.
In fact, I highly recommend that every corporate customer using some sort of ISP for bandwidth or hosting should do some research on spamcop and/or other dnsbl lists and find out what complaints are in the queue. If there are a lot, call up your account rep and threaten to take your business elsewhere because those spammers are hurting your business by potentially getting you blacklisted.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
I get my email through Cyberus. I used to get about 10 SPAMs a day through them. I know that's technically not that many compared to many other people, but still, it's a hassle.
A few months ago, they implemented an in-house filtering system they call Clearmail. Anyways, it's pretty slick. I get about 1 SPAM per month that somehow slips by. As an added benefit, they send me one email per week with a list of all the SPAM they think they caught, so I can skim it to make sure no real ones got through. So far, it hasn't caught a single real email, but a couple hundred SPAMs. They also include a Criteria chart for each message so you can see why they thought it was SPAM.
Anyways, this seems like an ad, but i just think its pretty slick. . . I wish my other email accounts had similar services.
Karma: Not Particularly Funny.
I'm currently working for a certain 3-letter ISP (no, not that one. The one that's owned by that one company that we all love to hate) and my supervisor took a great amount of pleasure in having some person's account shut down for "commercial use." I don't know for sure that they were spamming, but the account was shut down after we saw it on a TV commercial that was running here. That was some money well spent for the people running the ad and just having the account shut down as a result...
The one that's owned by that one company that we all love to hate
Is such company "AOL Time Warner" for the Bono Act and the DMCA, or is it "Microsoft" for predatory Windows OS licensing practices?
Will I retire or break 10K?
(Not really an anonymous coward, just a lazy person who doesn't want to set up for a single comment.)
... and so far, nobody seems to have acted against them even though many people seem to concur that they are one of the worst.
Two really great ISPs in dealing with SPAM are Easystreet -- which unfortunately only serves in the Portland OR area -- and 1coms. I know very little about 1coms except that they responded, on a holiday, VERY quickly and effectively when one of their users was spamming me (and, of course, a few zillion other people). I gather they might be small, but I let them know that I appreciated their attention to it.
Unfortunately, my domain provider only allows me 50 domain blocks, which is hardly adequate for the level of junk I get even though I've never ever "opted in" nor signed up for anything on-line -- it's mostly due to posts to tech support newsgroups -- and even with SPAM assassin, the junk still piles up at a rate of about 50 msg/day in my catchall mailbox.
The worst scum are "Investor Insights", but after blocking 6 different domains they send from, they keep coming up with new ones
What about customers who need to use other SMTP servers? I run several Web sites and have my primary personal e-mail account with a service that is not my personal ISP. I use those SMTP servers all the time, and my own ISP's SMTP server sometimes. If all of my SMTP traffic was forced through my ISP's server, I'd be very upset. When I'm sending mail as "webmaster of example.com," I want to send it through smtp.example.com, not smtp.myisp.net. Just like I wouldn't expect the president of Doohickeys, Inc. to send it through hisisp.net instead of doohickeys.com.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."