Slashdot Mirror
Ask ISP Owner Barry Shein About the Spam Wars
Spam sucks. But it's worse for ISPs than for the rest of us, because they get bounces and complaints and other behind-the-scenes spam-caused messes the rest of us don't see. AOL talks of spam as "public enemy number one." Barry Shein, who started (and still runs) the world's first full-service dialup ISP, likens spammers to organized criminals, and calls spam "an organized, vicious, sociopathic thing" in this article, which spurred an interesting Slashdot discussion. So what should we do about spam? Ask Barry. One question per post, please. We'll post his answers to 10 of the highest-moderated questions sometime in the next week or so.
If I was the president of the company that makes Viagra I'd be nervous.
Ah, here is the reference. Diplomat shot dead in Prague
Two words: Joe job.
Your figures are totally incorrect. You obviously don't run your own mail server (or if you do, spammers have never found you).
For a start, ISP's get hit every day with repeated dictionary attacks where a spammer tries thousands of common usernames for each domain the ISP hosts. The sending hosts (usually a number of raped proxies) pipelines the SMTP sessions and doesn't wait for a response. Every single one of those emails chews up CPU, memory and disk space. It's a non-stop attack on your mail server queues.
When they get a miss, sendmail bounces the email to the postmaster and tries to deliver a bounce message to the forged FROM address, so your queues and disk fill up for days with this crap.
When they get a hit, it's even more disk space chewed up until the user downloads them. Some spammers are embedding HTML and graphics in their spam as well, so they are getting larger and larger.
I don't know where you saw 2-5% spam content. Most ISP's are seeing ten times that, unless they employ agressive filters which may be ideal for people who run their own domains but can be problematic for ISP's.
spam works... that's the root of the problem.
do you think there is anything that can combat this?
simply telling people that nothing will add three inches may not work as well as we hope for... stupid people are gullible.
Runnin' On Empty
Sure - actual costs of disk space and such is pretty low. After all, you can get 120 GB for 100 bucks these days, and spam is pretty small in size. But how about having to upgrade a server because it's too busy handling spam? Or the time it takes me to sift through 500 spams for real mail in case I have a false-positive (as I do)? Or the cost of me having to set up all sorts of anti-spam filters to block it? How about the fact that I have to back up my server to tape, and a lot of those mail spools are spam. There's a lot more to the cost of SPAM than disk and network usage alone. It takes them an hour to set up the list, the content, and then the programs blast out spam. Cost to them: Minimal. Cost to me: enormous. Cost to my coworkers: enormous. I've got the order to stop spam, but not lose mail. Fun!
Ever sign up for a free account for something on a web site, and it said they'll send you a confirmation e-mail with a link you have to click on to verify your e-mail address? It's a very common technique that works very well.
Except that it won't work if I whitelist my mail. I'd have to add the site to my whitelist before they send me anything, and I don't know where the mail will be coming from. Since it's an automated system, a response from a whitelist system won't be seen by a real human.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I used to work at a small ISP, before it got taken over by a bigger clueless one.
We were using postfix ( http://www.postfix.org ) with PCRE support.
Incoming mail was first passed through a few DNSBLs (ordb, wirehub.nl and relays.osirusoft.com)
We had all mails checked through a simple regex body check, which looked for a few keywords like US1918 and phrases like "To unsubscribe please click". These were bounced (at that time Postfix didn't have the lovely discard keyword).
We used regular expressions from the postfix site to additionally capture spam.
We blocked outbound port 25/tcp to force dialup and cable users to relay through our servers (so that we had logs).We had no limits on how many iusers you sent mail to, but if you were complained about with proof as headers, then the logs got checked and the user terminated.
Also, you could use any identity you liked (we didn't have the from user@our.domain limitation).
Additionally, I had log parsers which watched for connections coming in from ips and notifying me when they would go above limits within certain time periods. This was mostly useful in catching virus infected machines.
Today, I would run amavisd-new with clamav (http://clamav.elektrapro.com) for this.
I had about 5-6 false positives with this for about 9000 users with about 20K mails/day.
Mail to postmaster@our.domain, abuse@our.domain was exempt from all checks.
Using blacklists saved about 5% of our bandwidth, which in USD would have been about 50000 USD.
It should be easy enough to write a Perl script to read your logs and throttle customers down to a maximum rate.
I can throw myself at the ground, and miss.
The IP addresses in email headers are valid, until you trace back past one that can't be trusted (it's malicious, or it's misconfigured, etc). Now, if this one can't be trusted to make sure it only forwards mail it's supposed to, why should it be trusted to correctly enforce any other new scheme?
It seems like what you actually want is some sort of end-to-end scheme where the sender and the recipient are sure of each other's identity. You can do this already, using software like PGP - the sender signs the message, and encrypts it using the recipients public key.