Slashdot Mirror
ISPs That Actively Combat SPAM?
The Llama King asks: "Like a good netizen, I do my part to report spam. But most Internet providers merely respond with a canned e-mail and it's hard to tell whether action was taken - or when. I know a lot of abuse desks are overwhelmed and spammers can get a free ride if they pick their targets carefully. Occasionally I'll get a personalized response, and even notification that a spammer's access and/or Web site has been nuked - but that's rare, and seems to be getting rarer. What ISPs are best at responding to spam complaints in a timely fashion, both in terms of killing e-mail accounts and shutting down sites that have been spamvertised?"
Why, AOL of course!
Schlund+Partner AG and 1&1 Internet AG, they have build a nice testing system and operate a hugh blacklist (sadly non public) here is the link
But complaining about spam is like pissing on a forest fire. I've accepted reality and now I just filter it with Spam Probe. The only way spam will stop is with a law and hefty fines.
If tits were wings it'd be flying around.
The failure rate of spam filters is still 1 to 5%. This is a fairly large ammount of email if you count how many of these are transfered each day. I don't want any of my personal emails being blocked as spam because that friend of mine used a phrase like "I got that job which pays me really good".
What we need is
- better laws concerning internet privacy
- shutting down of spamming machines
- getting these spammers understand somehow how much we appreciate their spam and at what extent we read it. That will make them less interested in spam.
One would think that the remote sender would complain to their mail admin first and they would get it fixed (distributed debugging, if you will). But no, they bitched to the person on my end (even though postfix's default boune messages are pretty self-evident) and then I'd end up adding an exception.
Initially, I would email {post,host}master@ the offending domain. While some were thankful for the notice, most either ignored me or flat out refused to add a rDNS entry for the mail server. Granted, it's not required by RFC, but in my opinion legit hosts should have DNS entries.
(And no, I can't just ignore the problem. When the person who writes your paycheck looses email, you're fighting a loosing battle.)
Actually, I gave up using reject_unknown_client today, except for large domains which are configured correctly (MSN, Hotmail, Microsoft, etc.) and a handful of Asian netblocks.
So back to the OP... I wouldn't hold out for admins to take care of the spam for you, especially if they're with a company you don't actually work for.
Method of processing duck feet
These days if I get a response it's from Hotmail. Small ISP's also have the time for this, but small ISP's are small ISP's and tend to not require the manpower of the likes of Speakeasy, Earthlink, etc. for their basic operations - so accordingly when the occasional spammer buys usage on a small ISP, and they disuser him, they can respond to the complaints en masse and say "we got 'im, sorry 'bout that".
I think the biggest reason for this is owing to the fact that dealing with spam is unto itself a laborious task. I suppose you can set up a filter for the local abuse address to bounce around email pertaining to a specific case, but first you have to identify the case - a filter won't drop in place by itself. Then, when the problem is pinpointed to the user, you have to (in no particular order) eliminate the account (easy enough), kill the user's dialup session if necessary (why get the DSL or the T1 if you know it's going to be killed the second you start spamming?), and block his port 25 access so he can't send mail. Maybe send a little courtesy message saying "All your base are belong to us" to the spammer as you nuke his account, or set his account to download mail precisely once, and he promptly loses his connection after that. After all that's done, then you have to draft up a reply or send a canned message to the complainers.
In short, you can't win, and it sucks royally.
This sig no verb.
The fact that you didn't get a response from an ISP when reporting a spammer shouldn't be taken as an afront. Any ISP with a large subscriber base is almost certainly deluged with spam reports and some/many of them are false reports from clueless users. Think of the reports that flood in when the Outlook worm du jor starts filling peoples mailboxes with crap. Think of all the complaints that flood in about real spam, penis enlargement, earn cash now, Nigerian needs help.
The ISP staff is not capable of answering each message individually. At best they will scan through the reports that they get and act on the ones that they think are legit. But, they have another hundred thousand to process after that so, don't expect a personalized response and, if you're looking for some kind of credit or pat on the back for reporting it, just forget it!
Most large ISPs today subscribe to inbound RBLs as well as possibly doing some local filtering with the likes of SPAM Assassin. But, they can't be too restrictive in their policies as there are actually people who subscribe to lists and expect mail that any normal person would regard as pure spam. A growing number of ISPs are actually implementing user configurable spam blocking lists so you can set your own rules.
These same large ISPs usually don't hesitate to act if the spammer is one of their own subscribers. The accounts *are* terminated. But, because of the scope of the problem, it is a thankless and never-ending battle that they trudge through with resentment.
If you have a *serious* spam problem and *must* get the ISP to act on it, the best way is going to be via telephone but, you will have to work to get past level one tech support.
My personal experience is that IOCom is one of the best in responding to/nuking abusive accounts. They are also very heavy into protecting a customer's privacy (so be prepared to prove abuse, not just random accusations). I have been with them for about 7 years now. I was with them when they were still a BBS that offerred internet access. For a good read into WHY they protect customer's privacy read here.
"...we dont care about the economics; we just want to be able to hack great stuff."
Where I work I do my best to handle every spam complaint properly but due to volume of abuse email at times it can be kind of hard. Most complaints i get end up being miss configured servers. Personally I just run all my spam througha filter that a friend of mine wrote that works great.
I noticed about a week ago that more than 90% of my incoming spam was originating with rackspace.com customers. That was more than enough to grab my interest. I complained using spamcop.net, as always, but that didn't do anything. So I personally emailed the appropriate people at rackspace.com. They ignored this. Eventually, I found a 'live chat' function on rackspace's web site and used that to talk to someone. They claimed they'd 'look into it' but my deluge of spam continued. I complained over the next several days and eventually, just blocked all IPs controlled by rackspace.com. I understand it was only a couple of their customers but seeing as they were providing access to known spammers and they simply couldn't be bothered to help me out even a little bit, I didn't feel bad banning all their IP addresses.
Oceania has always been at war with Eastasia.
It hasn't happened in a while, but any time I got a complaint about a customer spamming that checked out, I cut off the account immediately. This was happening about once a month for a while -- people signing up for throwaway accounts and spamming the hell out of them until they were cut off. One morning I checked my email and found spam that was sent from one of these accounts. I was able to log in, lock the account and kick 'em off our modems. That made me feel good.
As for responses to complaints: we'd get a lot of complaints when one of these episodes happened (usually through the good offices of SpamCop, who Truly Rock), and it was impossible to reply individually to each one. I took the initiative and installed Linux (had been W98) so that I could use Mutt, with all the automation that implied, to send canned responses to let people know that someone's listening.
There are two big reasons for any ISP to respond aggressively to complaints about spam:
First, it's death to end up on a blacklist. The number of complaints would be astronomical, and if you're not lucky enough to be dealing w/a blacklist with defined ways of getting off it, you're stuck either waiting for people to decide you're honest/have suffered enough, or living with random chunks of email bouncing. Have a look in news.admin.net-abuse.email (I think that's the right group -- check Google) sometime and read the complaints from people who have been blacklisted. There is no sympathy (or at least very little) in that group for anyone who is blacklisted (whether there should be sympathy is another question).
Second, and arguably more importantly, spam is just plain wrong. There were the comments of the head of an old ISP -- The Well, maybe? -- a while back; he said that for any other entity on the Internet, a DDOS on the scale of spam would be Big News and would result in action. But email, for some reason, just doesn't rate a damn. People are drowning in the stuff, but so are mail servers, and the ISPs that run them, and the admins who take care of them. Check out my journal -- we had to spend $ on getting a new server, plus my time to set it up, just to keep our customer-facing mail server from falling over from the sheer volume of the stuff. That's fucking insane, and the idea of contributing in any degree to someone else's version of that story should make anyone sick to their stomach. It is such a waste of so many resources.
So for me at least, the moral and economic incentives to take action on spam are huge, but the volume of complaints for any episode usually prevents me from replying personally. I can only imagine what it would be like for someone at AOL or Sprint or what have you. YMMV.
Carousel is a lie!
We must make no distinction between the spammers who spam us and the ISPs who harbor them. Preemptive strikes must be made upon any ISP responding to spam with a canned e-mail.
Why not start off with whitelisting? Add some extension to SMTP that would sign outgoing mail with a domain certificate. Old, noncompliant software could ignore the extension. Newer versions could verify the signature and bypass the spam (message content) filters, but check the domain name against a domain blacklist. Once a domain was found to be a source of spam, it could be added to a domain blacklist (or better yet, request that they get put on the CRL!). Eventually, you'd get to the point where you (the mail server admin) would feel comfortable requiring all domains to sign their mail to you.
How about it, guys? (I looked, and this was the closest thing I could find.)
both allow you to turn on their spam elimitaion software. I use it it does help, but its not enough IMHO. I like yahoo's block user setup.
Only 'flamers' flame!
Second notice offending ISPs include:
I generally block China attacks without sending a notice (because there's no whois information for who to complain to - and abuse@ often bounces). This has proven to kill a LOT of SPAM. The spam houses that proxy off of Chinese servers can't scan my site for addresses, and the SPAM mail servers won't get through. I don't even bother filtering mail on that server as blocking formmail scanners' domains pretty much kills 90% of them.