Fighting the Hydra -- A Spam Warrior's Tale

Selanit writes "Salon has an interesting article about the battle against spam from the viewpoint of Suresh Ramasubramanian, a sysadmin working in Hong Kong. His most interesting complaint concerns the fragmentation of anti-spam forces: not only does he have to deal with spammers, but also with anti-spammers who assume because his company is Chinese that he isn't doing anything about spam. Hmm ... decentralized opponents striking from the shadows against quarreling allies. Does this sound familiar to anyone else?"

Fight the good fight

[rf0]

I think this article does bring up a good point that people do tar Asia with the same brush in that you can just block them and have no problems. Its nice to see someone doing a decent job. For more fun on fighting spam see NANA

rus

Re:Fight the good fight

[Reziac]

Way back when, I used to get a ton of spam from one particular IP address in Taiwan. One day I took the trouble to whois it and noted that it belonged to a university. I forwarded one of the spams to the admin contact... and never got another spam from that server.

Another point that brings up -- just because someone doesn't KNOW their system is being used for spamming doesn't mean they don't CARE. It pays to notify before you condemn.

Welcome to the life of a helpdesk worker.

[millwall]

No matter what he does, he can't please everyone. According to Tiffiany Mork, senior abuse engineer at Allegiance Internet, a very thick skin is a requirement for an abuse-desk worker. Her typical day includes verbal harassment, screaming, threats, and "all manner of nasty things."

Like that is different from working in any other kind of helpdesk!

Re:Welcome to the life of a helpdesk worker.

[eatdave13]

Hell yeah. Only problem is, one bad user can ruin a tech for everyone else.

One user didn't like it when I told her that I couldn't send her a Win98 CD, so she called up Customer Service and told them I insulted her and made her cry and demanded that I be fired on the spot. The call wasn't recorded, and my company's policy is to belive the customer before the employee, so when I came into work the next day all my stuff was packed up in a box. Only after poking holes in her lies with other evidence, timestamps, previous calls, etc., AND treatening legal action against the company did I save my job. I wanted to punch each and every user I talked to in the face for the next month.

This kind of thing happens on a daily basis. Well, maybe not to that level, but enough to keep our supervisors busy anyway. Half of the people that come on leave of their own free will within a couple weeks to go back to a job that pays half of what this one pays. Then again, I work for a shitty ISP whose main userbase is the scum of the earth from every backwoods trailer park in the US that other ISPs won't touch. This allows us to provide terrible service that customers continue to pay for because there isn't any other choice.

I've gotten over that, but I've also gotten over thinking of the people I talk to as human beings, because they certainly don't think of me as one. I couldn't give less of a fuck what someone calls me over the phone. I also couldn't give less of a fuck when someone wishes me a nice day, because I know the second I tell them something they don't want to hear they're either going to turn hostile or try to get me to feel sorry for them. I smile a little when some retard deletes something important, but I'm careful not to let it show in my voice.

It's all monotone now.

Whitelisting is the answer

[heretic108]

This whole spammers versus spamblockers has proven to be a destructive arms race.

Many legitimate machines and users - even whole ISPs - unfairly end up on blacklists, while the spammers just find another way through.

The spamblocker tools and their heuristics get smarter, but don't forget that spammers keep up with these tools and constantly find new ways around them.

I was using Razor and SpamAssassin for months. Formidable combination - networked blocklists plus pattern matching. Gave me a bit of peace. Very few false negatives. But in the last month, I've seen a whole new generation of spam coming through that the filters don't even touch.

Peace has finally come from a package called Active Spam Killer, a package which works from a white list, and provides a convenient way for new correspondents to get themselves onto the whitelist.

There are other whitelist-based packages, such as TMDA, but ASK is simple and painless to set up.

Result?
Spams to my mailbox have gone from 40 a day to zero.

Re:Whitelisting is the answer

[gujo-odori]

Many legitimate machines and users - even whole ISPs - unfairly end up on blacklists, while the spammers just find another way through.

I spent five years working for ISPs, and during that time the only case of blocking I can think of that you could even possibly argue is unfair is the case of a certain major telco in the western United States which was (and AFAIK still is):

* Lumping its business DSL customers and home DSL customers together in the same pool;
* Not provding reverse DNS services to its business customers (their forward lookup might say mail.example.com, but the reverse still said host-aaa.bbb.ccc.ddd-spammydsl.sometelco.net)
* Doing, as far as we could tell, nothing at all about spammers in their DSL pool, which was a major source of spam;
* Doing, as far as we could tell, nothing about open relays & open proxies in their DSL pool.

This led to the situation of us blocking their entire DSL pool based on reverse DNS.

You could make the argument that it was unfair to said telco's business DSL customers to have their legitimate mail blocked, but I would then ask you, "Who was it that was being unfair to them? My employer, when we had no way to distinguish legitimate from illegitimate mail in that DSL pool from which most mail was illegitimate, or said telco, which was not providing proper service to its business DSL customers, who were paying a large premium over what residential DSL customers were paying and apparently getting little in exchange for their money?" My answer, of course, would be "Not my (then) employer."

Please note that we did not consider blocking of residential DSL customers to be unfair in any way, ditto for ordinary dial pool customers. It is normal for ISPs (and the telco in question did so) to provide outbound SMTP hosts for use by their customers. All those affected, including the business DSL customers, could make use of them either directly or as a smarthost. It is not unfair to tell a residential customer "Use your provider's outbound SMTP hosts. That's what they are their for." I'm not convinced that it's unfair to say that to a business DSL customer either, although I understand how they would like to be able to send mail directly instead of smarthosting through their provider. However, if the telco's position is essentially that a DSL line, because it doesn't cost like a leased line, does not include the normal services that come with a leased line (such as reverse DNS service), that is an issue to be settled between the telco and the customer.

I also question whether or not it is "unfair" to anyone to refuse their mail, on the grounds that delivering mail to any domain is a privilege, not a right. It is, of course, customary to extend that privilege to anyone who has not violated it or is not a member of a group of IP addresses where violation of that privilege is the norm (as in the case above), but no domain can be ordered to accept mail from any other domain. Refusing mail may have consequences for the refuser, of course, but that is their choice to make.

75 million?

[Lynn+Benfield]

Every day, 80 percent of all incoming mail to Outblaze is rejected as spam and filtered out before Ramasubramanian and his team have to deal with it. Out of the remaining 15 million messages per day that do pass through Outblaze servers

So if 15 million messages is 20% of what they get, they receive 75 million individual messages a day? That seems a little high...

Simple solution

[azav]

Time for all responsible ISPs to assign their own anti spam reps, reach out, get a list of ALL isps, contact their anti spam reps and take action.

Get organized and form a plan but first, get organized on a global level.

Then kick some ass and pool for legal action against the thieves. :]