Slashdot Mirror
Ask ISP Owner Barry Shein About the Spam Wars
Spam sucks. But it's worse for ISPs than for the rest of us, because they get bounces and complaints and other behind-the-scenes spam-caused messes the rest of us don't see. AOL talks of spam as "public enemy number one." Barry Shein, who started (and still runs) the world's first full-service dialup ISP, likens spammers to organized criminals, and calls spam "an organized, vicious, sociopathic thing" in this article, which spurred an interesting Slashdot discussion. So what should we do about spam? Ask Barry. One question per post, please. We'll post his answers to 10 of the highest-moderated questions sometime in the next week or so.
Collateral damage to an ISP's other customers is probably the only way to pressure wayward ISP's into enforcing their AUP's.
If an ISP is willing to sell bandwidth to a known spammer and ignore complaints for months on end, then a network owner such as myself is perfectly free to regard that ISP as rogue and block all traffic from that ISP's network.
If that inconveniences other customers of that ISP, then either (a) they convince their ISP to change their ways or (b) they find another ISP.
This is exactly what SPEWS does, and it's remarkably effective. The analogy is much the same as having a crack house open in your neighbourhood. You either take action on the crack dealers or move out...
I would just have a blanket, three strikes you are out policy. If someone complains about the content of your email three times, no matter the circumstances, you are outta there.
So if your best friend is infected with klez (or the latest variant) and sending messages that appear to be from you, if three people call to complain that you are sending them junk, you are outta there? Those are three complaints about the content of your email, and your policy says no matter the circumstances.
What if I don't like your political views that you've espoused on a political discussions mailing list and I call up your isp and tell them that your opinions about certain PICKWHATEVERPARTYYOUHATE Senators constitute a terrorist threat. After 3 of those complaints, you get dropped.
I wouldn't use an isp that didn't have some intelligence behind its decisions or didn't have an appeals process if I feel I was mistreated.
You completely miss the point of Shein's tirade.
By the time it gets to your inbox, it has already cost your ISP money (time/effort/bandwidth) to deliver it. You just see what leaks through your ISP's filters, despite their best efforts.
I don't know where you saw 2-5% spam content
The 2-5% he guesstimated was total usage of bandwidth by SMTP. I say guesstimate because I've searched for bandwidth usages by protocol and haven't been able to find (recent) data. Unless we can have reasonably accurate numbers from backbone segments it's going to be difficult to estimate just how much Spam really does cost.
I mean, if the OP is correct and SMTP only chews up 2-5% of the backbone, then it's not nearly as big of a problem as if it's chewing up 20% or more.
Even so, if SMTP only takes up 5% of the bandwidth and 80% of that usage is Spam, consider just how much cost savings could be realized from dropping SMTP from 5% to 1%.
I'd argue this collateral damage has destroyed the usefulness of email even more than spam has. It's simply an unreliable medium these days -- you never know if your mail got there or not, because it could have been silently dropped with no bounce message sent. Thus whenever I send reasonably-important emails now, I use either the phone or AIM to confirm it was received.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
While in the short term I concur, in the long term I must cry au contraire.
If Baysean filtering makes its way to the general public -- or is introduced at an ISP level, then it will reduce the amount of spam that gets through to potential customers, and hence make each spamming less profitable.
The least profitable of the spam messages will dissapear, thereby reducing the loads on our mailboxes and on the ISP as a whole. Therefore, perhaps a better question is:
Support a few technologists in Washington.
My friends and I are often responsible for small sites - our own colocated servers, small businesses, and the like.
What are your technical recommendations for us, to make your life easier?
For instance, I usually argue to require valid FQDNs in the HELO and MAIL FROM command, and reject anything claiming to come from myself or one of the RFC1918 reserved IP addresses. This is entirely content-neutral - I just see no point in accepting any message from somebody who can't be contacted in turn if there's a problem delivering the message.
But I generally don't bother with RBLs, and am philosophically opposed to IP redlining since it could easily lead to a world where a few corporations act as gatekeepers.
I know what impact this has on my sites, but does this cause problems for the large sites? Or does it help you as well?
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
There seems to be a lot of disagreement between spammers and their victims on what exactly is "spam". Lots of spammers claim that it's not spam as long as [it's not commercial | it's not porn | I bought an opt-in list | etc]. Some users don't mind diet pill ads but hate herbal viagra.
What do you consider spam? Is it unsolicited commercial email? Unsolicited bulk email? What about chain letters forwarded to you by your Aunt Ethel? Any successful legal solution will depend on a good definition.