Slashdot Mirror
Fighting the Hydra -- A Spam Warrior's Tale
Selanit writes "Salon has an interesting article about the battle against spam from the viewpoint of Suresh Ramasubramanian, a sysadmin working in Hong Kong. His most interesting complaint concerns the fragmentation of anti-spam forces: not only does he have to deal with spammers, but also with anti-spammers who assume because his company is Chinese that he isn't doing anything about spam. Hmm ... decentralized opponents striking from the shadows against quarreling allies. Does this sound familiar to anyone else?"
From the article: expert spammers can also switch IP addresses as quickly as the blocks are applied.
A honeypot for spam - mentioned here previously, I think - would be one answer. It would recognize a spammer and, instead of disconnecting, it would accept all the spam - very sllloooowwwly, then discard it. It's not a trivial programming task, since the spam would have to be recognized, then treated differently from that point on from regular email. But it's feasible, I think and would help fight the large scale attack noted at the beginning of the linked article.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Peace has finally come from a package called Active Spam Killer [paganini.net], a package which works from a white list, and provides a convenient way for new correspondents to get themselves onto the whitelist.
You're adding an authentication layer to your specific mail account. Now, all we need to do is implement 4.1234E13 different mail account authentication systems. Each with it's own bugs, weirdo assumptions (HTML only, perhaps? Imagine how Mickysoft might do this...) and other deficiencies. Everyone you correspond with will have a different one. What fun!
Authentication is the only feasible solution to spam. If we could collectively decide on a method of implementing it in a standard fashion we could avoid the mess.
Don't hold your breath.
Maw! Fire up the karma burner!
Just the thought of this makes me sick.. Almost as sick as those who make spamming profitable.
Now that I've thought about it. How is spamming still profitable? Are there that many people out there that are into having sex with farm animals? Or believe their are pills that increase life span? Who the hell are these people?
Now, some people may feel it's my own fault for taking advantage of the part of RFC 2821 which states that if a mailserver defers checking to see if it can relay or deliver the mail then "These servers SHOULD treat a failure for one or more recipients as a "subsequent failure" and return a mail message as discussed in section 6.".
But, I guess they feel that everyone runs sendmail, so every time they test my mailserver, I end up with another batch of relay rejected messages intended for them sitting in my postmaster mailbox.
There are two parts of this that bug me:
<link rel="DoNotEmail" href="mailto:aa0u@kjernsmo.net" />
(yeah, that's a real, living trollbox, spambots, do your worst! :-) ) Very few users will ever see this, but the spambots will harvest it. It is clear that many of them do.
The other thing you mention, I think that is what is meant by a Teergrube. Marc Merlin has some good stuff on using Exim and SpamAssassin to reject messages or making spammers stick in a teergrube. He has some debs too.
Unfortunately, I haven't had time and I haven't been feeling adventurous enough to try all this, but clearly, it works well.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
I don't see how anyone is going to trust the USA in an international treaty any time soon. The USA will simply opt out of any regulation as soon as it hampers their economic well-being.
First.
Get off the USA bashing kick, all countries look after their own economic needs. (aka, sweat shops are illegal in the USA, but the WTO says that in 3rd world countries as its the only work available, they are legal...)
Second.
The USA (aka Federal Government) has nothing to do with Spam guidelines unless its a Federal Law. (Which could be considered a violation of Interstate Commerce, thats part of the reason no laws are passed at the Federal level... btw, IANAL...) This is also why we are trying to pass State level laws for Spam.
But, if ISPs who want to deal with SPAM can join blacklists, whitelists, coalition, etc. Nothing is stopping them. But on the Other side, there is money to be made in Spam, and companies willing to make a buck will do it. (All around the world, not just the USA or Hong Kong.)
Shuresh is also a regular poster in the newsgroup news.admin.net-abuse.email, a discussion forum about e-mail abuse.
Check his postings from the Google Groups archive.
How do people feel about scripts to fill website logs with crap? Here's mine, quick and dirty, written in about 30 seconds because I was pissed off:
#!/bin/bashCOUNT=0
while [ $COUNT -lt 10000 ]; do
lynx -dump http://www.resumeagencies.com/recruiterspage.asp?
sleep 1
let COUNT=COUNT+1
echo $COUNT
done
Note the fact that I'm calling what I hope is a dynamic page, so with luck, I'm wasting their server's processor time. The script is otherwise, as you can see, completely unrefined.
Legality, anyone? Other problems (despite the obvious fact that I have to waste my bandwidth to fuck with spammers)? Obviously, it's a DoS attack of sorts, but then again, so is an unsolicited e-mail. If they want to challenge me legally on that point, then I will do the same to them. My website very clearly points to the policies which apply to all e-mails sent to my domain.
Fire and Meat. Yummy.
>According to the article, this guy is having to >block off a flood of mail from spammers to his >system. The way I read the article, this flood >is not for Outblaze users, but just for >relaying. Why the bleep does his mail server >even accept this mail? Any modern sensible set >up mail server should follow a ruleset like:
Don't put words in Suresh's mouth. He said he was trying to deal with a flood of BOUNCES to his system because the spammers FORGED addresses serviced by Outblaze.
>
>if (sender is one of my users)
> accept
>else if (recepient is one of my users)
> accept
>else
> bugger off spammer
>endif
Twit. Anybody who runs his server like this is bound to be abused by spammers because ANYBODY can FORGE the sender. Any modern sensible setup will NEVER use rules like this. All modern sensible setups use these rules:
1) for ISPs who have dialup/broadband users:
if email is from ISP network ips = RELAY
if connection authenticates via POP-B4-SMTP or SMTP-Auth = RELAY
if not, if recipient is ours = ACCEPT
else DENY
2) ISPs who do not have a bunch of ips to relay for:
if connection authenticates via POP-B4-SMTP or SMTP-Auth = RELAY
if recipient is ours ACCEPT
else DENY
>Having received spams relayed by Outblaze >servers, I don't think that's what is happening. >I think they are running open mail servers, and >trying to keep the spammers from using them.
I think you are lying and not very good at it. 1) Post headers with proof that they are 'open mail servers'. 2) There are plenty of spammers out there who would love to make use of the delivery capacity of a system that can deliver 15 million emails daily and there are more who are anti-spammers who would immediately recommend Outblaze servers be listed on SPEWS, ORB, SPAMCOP and other RBLs but for some reason they haven't.
>I could be wrong, but that's how I read the >article.
Looks like you need to go back to school and take comprehension tests and I doubt that will help since the post you made shows an obvious attempt to badmouth Outblaze. Not much a school can do when the problem is not in the mind.