Slashdot Mirror
Spam Blackhole Lists Redux
tsu doh nimh writes "Are spam blackhole lists good, bad or indifferent? That appears to be the question they're tackling in this Washington Post story. It has some interesting back and forth between supporters of the lists and those who claim they condone censorship."
J adds: Brad Templeton recently
offered some comments
on the most extreme pro-blacklist position.
By tossing spammers into blackholes...just a thought.
And they're not. They go against the spirit of the Internet. What makes it great is that everybody HAS a voice, and when we start talking about who should have a voice and who shouldn't we start to sound a lot like fascists. Doesn't matter that it's speech we don't agree with, because it's just a matter of time before the whole thing is so watered down that nobody in their right mind will bother to use it (like amateur radio nowadays...)
Why don't we just create a system where we all only accept mail that has been PGP encrypted with our public keys? That way spammers will have to burn through a whole lot of clock cycles to get their crap out and as an added benefit, we will get a bit more privacy.
I think black hole lists are a great thing, but I will admit, they are certainly censorship, and the customers of an ISP using such a list may disagree with some or all of it.
Perhaps the solution is to design a standard format for a black hole list, and add that functionality to email applications? If the end users had such access for themselves, then they could decide whether they wanted someone else to censor their mail (and whether they wanted to bypass that censorship for certain specific people or networks).
And yes, I know there is software that does this, but it's all proprietary. Is anyone interested in adding a generic functionality to, say, Mozilla? Perhaps the ability to import an XML list of bans from one or more specified URLs, run by volunteer blackhole list sponsors?
I'm wondering what the slashdot fans seem to lean towards. Is it viewed as better, or easier, to simply flip on a few RBLs and prevent the messages from ever touching your server...or would you rather use these alongside sorting technology to channel spam towards a designated folder?
Spamassassin and the like do a decent job of helping the spam problem, but my users still complain that their SPAM box has 80 messages a day...even if they get no false positives.
Personally, I'd rather have control over this than my ISP...as at least I can control how I choose to filter or not to filter. And I think the brute-force nature of an RBL often offers piece of mind but without adequate logging or reporting to guarantee you're only blocking what you intend. I'll settle for a full SPAM box any day...
-Barkeep, a draft of your most hazardous brew, for the world is slowly stepping into focus, and I don't like what I see.
What do you call 100 spammers, chained together, and tossed into the ocean to drown?
A start...
SPEWS' WHOIS record isn't really hiding anything when you ask the right server:Whether or not that address really exists, I don't know - but I doubt SPEWS is about to put obviously bogus information (e.g. not@available.org) in their WHOIS record. The spammers would just file a complaint with ICANN.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Comment removed based on user account deletion
Yes it is a form of censorship, but NO this is not about free speech - SPAM is not free in the cost sense. It costs money to move it around - if you don't believe me, then you have no idea how the internet works.
Sure, if you get SPAM at work, you personally don't absorb the cost... and sure, if you have uncapped internet access, sure you don't absorb the cost. BUT SOMEONE DOES. I don't get SPAM at work but do on some personal email addresses and I, like many other people outside the united states, DO NOT have unlimited download limits.
So those who want the right to speak freely about their latest porn sites, sex products, can pay, albeit a tiny amount of money, per email we receive.
Another thing about free speech, it doesn't mean you can talk as loudly as you want in the middle of the street at 3am - no, you WILL be approached by authorities for disturbing the peace - just try it. SPAM is not really all that much different - you don't have the option of not hearing it, the same way as you don't have the option of not hearing someone blaring music or screaming at 3am while trying to sleep. While the remedy might sound easier to delete a SPAM message than bother the local police for noise complaints, you don't have the noise every day, and hundreds of times.
Free speech might mean not being censored, but it doesn't mean you can do it at other people's expense of inconvenience.
I set my mail server to tag emails rather than block them (move to spam folder on workstation), so i see some interesting things...
When i first tried it 6 months ago, it magically worked, 99% of spam ended up in my spam folder.
Now the blocking ratio is down to about 10%... and here's why. There are 3 MX records for us:
A - linux server - MX = 10
B - msexchange server - MX = 20
C - isp's server - MX = 30
messages delivered to A are tagged (if spam) and forwarded to B. B exists in the MX records for redundancy. C is used because A and B are on the same site.
What i'm finding though, is that spammers send emails to B or C. When A receives the email, it has come from B or C, not the original spammer, so suddenly the blocking doesn't work anymore.
dammit.
It can only work if everyone in your MX record list does it, and my isp is the biggest in Australia so it's an awfully large machine to move.
I have tried adding in more dummy MX records, so that A is first, middle, and last. That seemed to work for a bit but not for long. I might have more success adding different ip addresses for A and peppering the MX list with those... but it's a bit messy.
Still, how effective can a blacklist, however well implemented & maintained, really be? Isn't this one of the easier types of blocks for spammers to get around?
If everyone would just stop trying to grow their penises, turn $5 into $5000, and visit XXChristyXX in her all-nude sorority, spam would wither and die. Lately, I've received some very helpful emails about how to stop spam and make money in the process, secrets I will be sharing with about 16 million fellow computer users very shortly.
--Michael"No live organism can continue for long to exist sanely under conditions of absolute reality;..."
Here's my response to Brad Templeton's post:
What if, at the end of Brad's list, we add:
h) trading child pornography
i) plotting terrorist attacks
j) promoting cannibalism
On his list, items a, f, and possibly g are potentially illegal - the others are clearly legal in the U.S., although they may violate service agreements with some ISPs. Nonetheless, even the possibly illegal actions are perceived as minor crimes, like speeding - if you found out your neighbor was doing these things, you wouldn't start looking for a new place to live. The three items I listed above are different - if any reasonable person even suspected that their neighbor was planning or committing one of those acts, they'd be calling 911 (or your local government's equivalent, unless you live in a country that supports terrorism / kiddie-porn / cannibalism) in a jiffy.
Spam is different from both of these. It's legal in most places, which distinguishes it from the three items I've mentioned, but it's looked upon with nearly equal horror as a violation of trust. If spam were made illegal (particularly porn spam), it could easily be lumped in with these other categories (okay, spam doesn't directly involve killing/torturing other people, but when you get spam that lists your full name and discusses rape, that's bordering on assault).
I think most people would consider it ethically responsible for their ISPs to report kiddie-porn traders, terrorists, and cannibals - at the very least, it would be irresponsible of the ISPs to not report such activities if they were aware of them. The difference, which Brad's post ignores, is that some activities (kiddie-porn, terrorism, spam) cause or can potentially cause DIRECT phsyical or emotional harm to other individuals (and before you argue this point with regard to spam, think carefully about how you would distinguish between soliciting children for sex and sending porn emails to children), while other activities (copyright infringement, NAT) don't.
To (hopefully) temper the debate, I'll add that I would oppose a "one strike and you're out" rule. It's easy to imagine someone being tricked into downloading unpleasant images, and it's easy to imagine someone sending out spam without knowing any better. But after being warned, the punishment the second time should be more severe.
On stereophonic equipment, the monaural sound obtained through multiple channels will enhance your listening pleasure.
Ever wonder why IM has taken off like it has, you don't get fucking spammed.
:-)
Blacklists suck, they don't work. Blacklist an ip address or range and a new guy gets it and can't send mail, real fucking smart and real fucking frustrating to be the admin, use the reverse domain name all you want, but don't involve the ip address.
Do you think ISPs want spammers, spammers are a pain in the ass to deal with, they are the squeeky wheel at an ISP and they rarely pay their bills after bitching about everything.
An extension to smtp and pop3 is needed, smtp stopped working years ago and people now ignore their email, often you need to call someone to check their email and search for you amongst all the spam in their box.
I'm an admin, not a programmer, but I would do it this way if I was a programmer.
mail is received, the host starts out with a zero rating and the user does as well.
A global bayesian filter then ranks this piece of email, the email is then delivered to a users box with the rating attached for the domain and the user.
The user may sort by this rating to filter out spam from non spam, it is optional at this point, but if the user is using software with the necessary extension, the user can then check if the email is spam or good and have the domain's rating adjusted slightly, and the user's rating fully in the negative or positive, if negative the sending user will not have mail accepted again unless someone uprates the user.
If enough complaints arrive from the sending domain, the domain is blackballed and cannot escape since multiple users have decided that this domain is sending inappropriate email according to the TOS of the receiving ISP.
So, to be more specific, sorry to make this so long, but maybe it will inspire someone.
Connection established with port 25, reverse checked for presence on blackball list, if present drop connection silently. No reverse also gets dropped.
Check for from line with specific user name, if user is on blackball list drop connection silently.
Receive email and grade with bayesian filter using global ruleset, this filter cannot blackball domain or user no matter how much it looks like spam, but can make it nearly so.
Deliver mail, if user confirms mail is spam, blackball user and downgrade domain further, this may actually blackball the domain if enough mail is sent and the filter grades it badly enough (based upon average grade).
Since Dialup and DSL connections do not control their own reverses, it would be trivial to add a simple filter that would refuse mail delivery from these sources, except from their own isp, and then the outgoing mail would be run through a filter, if the rating dropped for the user into negative territory as reported by receiving servers the user would lose their bulk smtp privledges and have thier outgoing mail throttled in a severe fashion with all mail containing bcc and cc mail rejected, and the number of emails per hour limited to stave off potential damage.
The SMTP extension comes into play with a network of these mail servers, blackballed domains would be automaticlly sent to a neighbour in p2p fashion, but ratings would only be accepted if the neighbour server had a valid key, that would be exchanged amongst admins and a network of trust would form.
If a domain becomes blackballed, a user/domain notification takes place alerting that site to the fact mail from their domain/user is not being accepted, at this point an admin could get involved, but my guess is that more often than not the domain will remain there.
Anyhow flame away, my asbestos suit is on
If you live in the USA, the Bill of Rights enumerates your right of free speech. That does not make it an absolute right. Try exercising your right to free speech on my property and I will have you arrested for trespassing.
Mea navis aericumbens anguillis abundat
Anyway, the point is, if you say something on your website (such as "niggers are great"), I do not have to read it. However, if you send me a nice big jpeg, with a smiling porch-monkey, that says "niggers are great", I end up having to deal with it. If I felt the need for a larger penis and an unaccredited degree, I'll bet Google could help me find places to get that... I don't need someone telling me shit I don't want to know.
You know, I've seen some really good posts from you that get undeserved hostile replies based solely on who you are and what your unpopular political positions represent. (I know you're only karma whoring to keep your score above 0, but that's sort of irrelevant, really.) You recently wrote this excellent post about calculating bolometric luminosity- and the discussion quickly degenerated into a brawl about racism, with people inappropriately screaming at the moderators for marking your post as Informative, followed by Anonymous Cowards putting in their own racist two cents. I even defended you once, and pointed out that a moderation applies to a post and not its author. (Thus whoring some karma for myself in the process, and making it onto your friends list- so if anyone looks at my fans list now, they'll see "I'm a racist" listed there.)
You're certainly a character- a racist with a degree in astrophysics- in fact you seem like you'd be an interesting person to know in real life. But if people start screaming "mod this racist down" this time, I cannot defend you. Your actual post was needlessly and purposefully offensive, which is sad because otherwise it does bring up a valuable and subtle point. You just had to spoil it.
Besides, I can't imagine getting an email saying "niggers are great". It simply makes no sense. Unless it's a white supremacist being sarcastic. And it doesn't fit this situation, since it's political speech. Spam is inherently commercial speech. For your analogy to work, the spam would have to be offering them for sale, not simply saying they were "great".
Kudos for simultaneously karma-whoring and slipping the words "nigger" and "porch monkey" into your post. I rarely see anyone pull that off.
Our small ISP hosts email and web sites for about 40 domains. Our mail servers send me a message every time they bounce a message, for ANY reason, with transcripts of the exchange and the error that caused the bounce. We use SpamCop, Blitzed, Monkeys and ORDB to suppliment our internal lists.
A typical day has 500-1000 messages reach the SMTP ports of our various servers. Lately, 80% or more of them (over 3000 in the last 4 days) are attempts by spammers to hit addresses that don't exist, usually arriving from open relays, proxies, and dial-up lines. And only 50% of those test positive against the RBLs... the rest are blocked by those internal lists.
Why is this? I suspect it's because the spammers are finding those open relays and proxies faster than the RBLs can catch up. And some open relays specifically block the test software from ORDB and others, trying to stay off the lists without actually fixing their problems.
Lately, though, it's the open proxies that have taken the lead. We added over 1800 NEW open proxies to our internal lists in the last week. Sometimes, one spammer will try dozens of proxies within hours to get through... Kind of makes it easy to spot them... B-)