Slashdot Mirror

← Back to Stories (view on slashdot.org)

ISPs That Actively Combat SPAM?

Posted by Cliff on from the I-miss-my-inbox dept.

The Llama King asks: "Like a good netizen, I do my part to report spam. But most Internet providers merely respond with a canned e-mail and it's hard to tell whether action was taken - or when. I know a lot of abuse desks are overwhelmed and spammers can get a free ride if they pick their targets carefully. Occasionally I'll get a personalized response, and even notification that a spammer's access and/or Web site has been nuked - but that's rare, and seems to be getting rarer. What ISPs are best at responding to spam complaints in a timely fashion, both in terms of killing e-mail accounts and shutting down sites that have been spamvertised?"

8 of 45 comments (clear)

  1. AOL by alpert · · Score: 3, Funny

    Why, AOL of course!

  2. two of the biggest hosters/isps in germany do by collin.m · · Score: 4, Informative

    Schlund+Partner AG and 1&1 Internet AG, they have build a nice testing system and operate a hugh blacklist (sadly non public) here is the link

  3. Ironic by fateswarm · · Score: 3, Interesting

    The failure rate of spam filters is still 1 to 5%. This is a fairly large ammount of email if you count how many of these are transfered each day. I don't want any of my personal emails being blocked as spam because that friend of mine used a phrase like "I got that job which pays me really good".

    What we need is

    - better laws concerning internet privacy
    - shutting down of spamming machines
    - getting these spammers understand somehow how much we appreciate their spam and at what extent we read it. That will make them less interested in spam.

  4. Admins seem to be lazy (slightly OT) by Deagol · · Score: 3, Informative
    I recently installed postfix for our domains and started rejecting IPs without a hostname (reject_unknown_client). Spam getting through dropped to a trickle, the reject-to-accept ratio being about 3:1, or about 1000 rejects a day. Unfortunately, there are many mis-configured sites out there, so some legit email was being denied.

    One would think that the remote sender would complain to their mail admin first and they would get it fixed (distributed debugging, if you will). But no, they bitched to the person on my end (even though postfix's default boune messages are pretty self-evident) and then I'd end up adding an exception.

    Initially, I would email {post,host}master@ the offending domain. While some were thankful for the notice, most either ignored me or flat out refused to add a rDNS entry for the mail server. Granted, it's not required by RFC, but in my opinion legit hosts should have DNS entries.

    (And no, I can't just ignore the problem. When the person who writes your paycheck looses email, you're fighting a loosing battle.)

    Actually, I gave up using reject_unknown_client today, except for large domains which are configured correctly (MSN, Hotmail, Microsoft, etc.) and a handful of Asian netblocks.

    So back to the OP... I wouldn't hold out for admins to take care of the spam for you, especially if they're with a company you don't actually work for.

    --
    Method of processing duck feet
  5. My own observations by dacarr · · Score: 3, Informative
    At one time, all of the now big ones - Compu$serve, Earthlink, Netcom - were very active in doing this. Mindspring was also, and I think I have a couple "we killed 'em" messages sitting around. Not anymore though - you're right, it's only canned replies as far as the eye can see.

    These days if I get a response it's from Hotmail. Small ISP's also have the time for this, but small ISP's are small ISP's and tend to not require the manpower of the likes of Speakeasy, Earthlink, etc. for their basic operations - so accordingly when the occasional spammer buys usage on a small ISP, and they disuser him, they can respond to the complaints en masse and say "we got 'im, sorry 'bout that".

    I think the biggest reason for this is owing to the fact that dealing with spam is unto itself a laborious task. I suppose you can set up a filter for the local abuse address to bounce around email pertaining to a specific case, but first you have to identify the case - a filter won't drop in place by itself. Then, when the problem is pinpointed to the user, you have to (in no particular order) eliminate the account (easy enough), kill the user's dialup session if necessary (why get the DSL or the T1 if you know it's going to be killed the second you start spamming?), and block his port 25 access so he can't send mail. Maybe send a little courtesy message saying "All your base are belong to us" to the spammer as you nuke his account, or set his account to download mail precisely once, and he promptly loses his connection after that. After all that's done, then you have to draft up a reply or send a canned message to the complainers.

    In short, you can't win, and it sucks royally.

    --
    This sig no verb.
  6. Don't take it personally. by FreeLinux · · Score: 3, Insightful

    The fact that you didn't get a response from an ISP when reporting a spammer shouldn't be taken as an afront. Any ISP with a large subscriber base is almost certainly deluged with spam reports and some/many of them are false reports from clueless users. Think of the reports that flood in when the Outlook worm du jor starts filling peoples mailboxes with crap. Think of all the complaints that flood in about real spam, penis enlargement, earn cash now, Nigerian needs help.

    The ISP staff is not capable of answering each message individually. At best they will scan through the reports that they get and act on the ones that they think are legit. But, they have another hundred thousand to process after that so, don't expect a personalized response and, if you're looking for some kind of credit or pat on the back for reporting it, just forget it!

    Most large ISPs today subscribe to inbound RBLs as well as possibly doing some local filtering with the likes of SPAM Assassin. But, they can't be too restrictive in their policies as there are actually people who subscribe to lists and expect mail that any normal person would regard as pure spam. A growing number of ISPs are actually implementing user configurable spam blocking lists so you can set your own rules.

    These same large ISPs usually don't hesitate to act if the spammer is one of their own subscribers. The accounts *are* terminated. But, because of the scope of the problem, it is a thankless and never-ending battle that they trudge through with resentment.

    If you have a *serious* spam problem and *must* get the ISP to act on it, the best way is going to be via telephone but, you will have to work to get past level one tech support.

  7. Well... by Saint+Aardvark · · Score: 3, Interesting
    I work for a a small ISP. I took over abuse duties about a year and a half ago.

    It hasn't happened in a while, but any time I got a complaint about a customer spamming that checked out, I cut off the account immediately. This was happening about once a month for a while -- people signing up for throwaway accounts and spamming the hell out of them until they were cut off. One morning I checked my email and found spam that was sent from one of these accounts. I was able to log in, lock the account and kick 'em off our modems. That made me feel good.

    As for responses to complaints: we'd get a lot of complaints when one of these episodes happened (usually through the good offices of SpamCop, who Truly Rock), and it was impossible to reply individually to each one. I took the initiative and installed Linux (had been W98) so that I could use Mutt, with all the automation that implied, to send canned responses to let people know that someone's listening.

    There are two big reasons for any ISP to respond aggressively to complaints about spam:

    First, it's death to end up on a blacklist. The number of complaints would be astronomical, and if you're not lucky enough to be dealing w/a blacklist with defined ways of getting off it, you're stuck either waiting for people to decide you're honest/have suffered enough, or living with random chunks of email bouncing. Have a look in news.admin.net-abuse.email (I think that's the right group -- check Google) sometime and read the complaints from people who have been blacklisted. There is no sympathy (or at least very little) in that group for anyone who is blacklisted (whether there should be sympathy is another question).

    Second, and arguably more importantly, spam is just plain wrong. There were the comments of the head of an old ISP -- The Well, maybe? -- a while back; he said that for any other entity on the Internet, a DDOS on the scale of spam would be Big News and would result in action. But email, for some reason, just doesn't rate a damn. People are drowning in the stuff, but so are mail servers, and the ISPs that run them, and the admins who take care of them. Check out my journal -- we had to spend $ on getting a new server, plus my time to set it up, just to keep our customer-facing mail server from falling over from the sheer volume of the stuff. That's fucking insane, and the idea of contributing in any degree to someone else's version of that story should make anyone sick to their stomach. It is such a waste of so many resources.

    So for me at least, the moral and economic incentives to take action on spam are huge, but the volume of complaints for any episode usually prevents me from replying personally. I can only imagine what it would be like for someone at AOL or Sprint or what have you. YMMV.

    --
    Carousel is a lie!
  8. Gotta take the George Bush approach to spam by anthony_dipierro · · Score: 3, Funny

    We must make no distinction between the spammers who spam us and the ISPs who harbor them. Preemptive strikes must be made upon any ISP responding to spam with a canned e-mail.