Slashdot Mirror
FTC vs. Open SMTP Relays
HighOrbit writes "Cnet reports on news.com.com that The U.S. Federal Trade Commission, several state Attorneys General, and Australia, Canada and Japan are sending this letter (pdf) to operators of open relay mail servers to educate them on the dangers of open relays and how they help spread spam. Although the letter does not threaten direct law enforcement action, it does let open relayers know that they have been noticed and warned. The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"
How am I supposed to find out about herbal viagra, hot co-eds, batteryless flashlights or stainless steel if this succeeds?
I'm going to write my Member of Parliament about this.
Trolling is a art,
haha , some idiot modded this up. Its fucking off topic. Read fucking mod.
I remember (fondly) a few years ago when open SMTP relays were still considered a standard setup and not a major security risk. The FTC is definitely doing the right thing in alerting admins to the risks they are taking and helping them to learn how to better protect their infrastructure, as well as the burden it inevitably places on the rest of the internet community when a spammer eventually finds their open relay and shares it with others. Kudos...
... alot of IBM AIX customers are going to get this letter:
0 03 -05-13/2003-05-19/0
http://www.securityfocus.com/archive/1/321307/2
[Got Hosting?]
Don't people check the links before moderating? It's not an SMTP protocol discussion. It's a troll about Iraq. -1, Offtopic.
There is no sig, there is only Zuul.
Let open relays suffer the consequences for the spam that they inadvertantly relay. They should be open to lawsuits.
As in Superfluous Meaningless Thread Posting?
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
just out of curosity, why would any mail admin want to have an open relay? it must cost the isp time and money as well as make them look bad to the community in general. even those who do support spammers for profit, even they must have some sort of authentication?
all this time thinking its just horrible admins who dont know how to do their job, or are to lazy to do it right
'diplomatic' team over that we sent to iraq!
Ahh, yes. Yet another follower of Kibo.
The link goes to a thread regarding Iraqi oil, not anything remotely 'Net related.
I'm thinking most of these letters will be filed in the round bin.
50% of the people recieving the letter will be the wrong person and not have a clue what it is.
10% will read it and panic, but ultimately it won't get to the sysadmin and nothing will change
20% will have some obscure reasons for using open relays
and 20% of all statistics are made up as they are typed.
Gibble: Descriptive of an emotional state in which one's mind is scrabbling for some purchase on reality
Maybe I'm the only one that had this train of thought, but I'll put it here anyways. I, personally, run a home-based server that runs many services (web, ftp, SMTP and POP3 are some of them).
The threat of being blacklisted would make me change my ways, as I have nothing to gain and everything to lose should that happen. I would presume the same is true for most sys admins out there, who run *honest* servers.
Now let's say that the few "Open Relay" servers that are left are threatened, but they don't take action. Pardon my conspiracy theory, but it may very well be that these "innocent" open relays are in fact sponsored by spam clearinghouses, in which case server admins have monetary incentive to NOT close their relays.
I'd imagine the few open relays that are left are supported by spammers in some way, as they are key in spreading spam, and most people don't want spam passing through their systems anyway, so any anti-spam person would probably close their relays as soon as they are first notified.
So to relate this to the article, I'd say that a letter from the FTC that doesn't threaten *legal* action will provide no more incentive to these system administrators to close the relays; thus the letters become little more than a waste of paper...
Just my thoughts on the matter.
I think this letter is a good way to let ISPs know that big-bro is watching. The letter did not threaten, it only offered advice. But the casual use of "law enforcement" does give the letter just enough bite to be worry some.
:)
Good job (i don't say that too often about my gov...
"Those who make peaceful revolution impossible, make violent revolution inevitable" - JFK
Maybe if the threat hasn't worked then they should actually be blacklisted?
My next sig will be ready soon, but subscribers can beat the rush
Smart businesses relay email only between SMTP servers within their company's domain. Email from outside the domain can be deposited in your mailbox. But email from outside the domain, that is not addressed to a mailbox within the domain, is bounced back to the originating domain with a Nondelivery Receipt (NDR).
Unfortunately, there are many incompetent system administrators that have configured their SMTP servers to relay email for everyone, not just those in the local domain. Spammers use these open relays on the Internet to send millions of unsolicited messages.
Stopping SPAM is not difficult. If every system administrator configured their SMTP servers routing restrictions to not relay email for everyone, spammers would not be able to steal server resources that we all pay for. These inept system administrators should learn how to specify which domains they will allow to relay messages through their servers.
I'm really glad to see the Texas seal on this document. It's really disturbed me to see Texas just standing by and ignoring the spam problem. I personally think any spammers caught in-state should be roped and dragged to the middle town to let the people decide what to do with them. We're already proud to be #1 in executions, cowboy justice would just up our position.
The preceding post was not a Slashvertisement.
I am heartened to see that people in government are taking spam seriously as the destructive thing it is (for me, it has made email substantially less useful than it once was). That said, this measure does not seem like it's going to make a big difference by itself. There are just too many open relays, and too many users who don't have the knowledge, time or ability to properly fix things.
It seems things have degenerated to the point that a more drastic solution will be required (such as the email tax we've heard about).
(I am considering rotating my true email address weekly so that email to be gets a bounce message to request it be re-sent to the properly weekly destination. Horrible but maybe better than getting all that crap.)
Rumor has it that there's a whole bunch of open relays out there which are owned by the spamhausen. (I'd love to see some evidence to the contrary, but that's asking proof of a negative, so I won't hold my breath.) If we accept that rumor as fact for the sake of argument, all the FTC letter is going to do is tell said spamhausen that their crap is getting to the target audiences, and they'll happily redouble their efforts.
It's been said before, but it's worth repeating. The best way to eliminate spam is not to go after the machines (and coincidentally the people in charge of the care and feeding of them). Go after the people and companies hiring the spamhausen...the ones pushing their "herbal Viagara" (sic), pr0n, better mortgage rates, and so forth down the wire and into our overloaded mail accounts. Take away the revenue stream, and all those open relays will go idle until someone puts them to better use (for example, Quake 3 servers).
Just my two cents' worth...save up the change for a root beer or something.
All the world's an analog stage, and digital circuits play only bit parts.
Signed by (among others) the attorneys general of Texas, Louisiana, Oklahoma, Arkansas, and New Mexico. Where are the states that are sterotypically tech-savvy? Where's Washington? Where's California? Why are southern states taking the lead on this? I'd think it was just a regional US thing if it weren't for the international signatures on there. Is it easier to get international agreement than interstate agreement? Seriously, what gives here?
AC coz i'm not Karma Whoring
Various public databases suggest that the following IP address, [insert number], may be an
open relay mail server. If that is the case, this letter contains important information for you that
may affect your organization's email server and online presence.
Open relays are computers (e-mail servers) that allow any other computer in the world to
"bounce" or route e-mail through them to other Internet mail addresses. Open relays often are
exploited by people who flood the Internet with unsolicited commercial email, or spam. This
creates problems for consumers worldwide, for law enforcement and for your organization. For
example, it may appear to recipients of the spam that the spam is coming from your system;
your mail server and Internet service resources may be utilized by unknown third parties; your
network connections may become clogged with traffic; your administrative costs may increase;
or your Internet Service Provider may shut down your Internet service. Fixing your open relay
mail server will help you protect your system from being misused.
The Federal Trade Commission is the U.S. government agency charged with protecting
consumers against unfair, deceptive or fraudulent practices. The Commission, along with its
partners, is sending you this advisory explaining the problems associated with open relay mail
servers and how you can prevent these problems from affecting you or your organization. We
are joined in this effort by our domestic partners, the Attorneys General of Arkansas, Louisiana,
New Mexico, Oklahoma and Texas; the Office of the U.S. Attorney for the District of New
Mexico; the U.S. Postal Inspection Service; the Securities and Exchange Commission's Ft.
Worth Office; and the Richardson, Texas Police Department.
From the international
community, we are joined by the Australian Competition and Consumer Commission; Industry
Canada; Servicio Nacional del Consumidor (SERNAC); and the Japanese Delegation to OECD
Committee on Consumer Policy.
For more information about open relays please review our Business Alert located at
http://www.ftc.gov/openrelay. If your server is an open relay, and you are interested in closing
it, please follow the step-by-step instructions on remedying the problem.
How about an actual technical solution?
He who knows not and knows he knows not is a wise man. He who knows not and knows not he knows not is a fool.
The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"
I seriously doubt it. The one time that I informed a sysadmin that he had an open relay I got back a long e-mail on how "this is the way the internet works", that may have been true in times past but it certainly was no longer true in 1996, and it even seemed a bit snotty.
Now these guys are going to get a letter from the 'lowley' government? LOL, unless it comes from Bill Gates, in most cases, or Linus in others, they will blow it off or try to have a stupid flamewar.
Eve Fairbanks says I drive a hybrid!LOL
Only outlaws will have huge penises and be debt free.
The open relays that are most commonly abused are overseas. Hong Kong, South Korea, China, India.
What's the FTC going to do to them, lock them up in Guantamino bay??
Press any key to continue, any other key to quit.
Actually it is good that they are doing this. If this is the US telling the world that they are right, well good for them. They are right.
I noticed that Canada is supporting them on this. This makes up for us not supporting the war, right? (looks sheepishly south across the border...)
Imagine my utter surprise when I returned from running to the PO and Baja Fresh, during lunch, hit [Get Msgs] and Nothing was there to download!!!
I've been getting from 120-180 Ralsky-grams a day and nothing in the space of 45 minutes is downright unbelievable. I zipped over to the news to see if his house had been raided or he'd been kill by an irate sysadmin. Nothing on the news about it, maybe something is happening? If so, he and his animal food trough wiper friends will probably take a little while to shift over to some other sites and get caught up.
A feeling of having made the same mistake before: Deja Foobar
You guys want your cake and eat it too. You piss and moan everyday about the "evil gubmint" and their excessive involvement in everything. Then you get your own pork project on the governments radar, in this case spam, and you are overjoyed.
Now the government is starting to look at the spam problem and, if they address it at all, they will deal with it in the typical screwed up clueless and heavy handed fashion that you so love to bitch about.
Make up your minds. If the government is so bad and should keep its hands off the internet then it should keep out of all aspects of the internet. You can't expect to use the government for your own bidding while at the same time keeping them out of your business. After all, that's what everybody else does and you've been bitching about it for years.
Does the FTC(or ICANN) have the power to suspend domain names? .. Say im running an open relay accidentally on a legitimate business mail server. I get notified, but i'm too lazy to fix it. Could they use domain suspension as a penalty?
Right now, 70% of all the mail that arrives at our domains is spam. Perhaps half of that gets filtered, but that still leaves an uncomfortably large amount.
RedHat did a good thing by disabling sendmail receive/sending on default installs of 8.0 and forward. Now if they would only turn off portmapper and a few other things...
Newsfollow.com
Government threats for internet users.
Just what we all want!
Hip hip hooray
I don't need no instructions to know how to rock!!!!
"Our message is clear and simple: close your relays,"
It seems like the U.S. government will stop at nothing until no communication is anonymous. Sure it might stop spammers a little, but it seems like a good cover story to stop people from doing as they please.
I support the intent of this letter, but do we really want the government to start going after third party mail server operators? It seems like a real slippery slope of government regulation and intervention. Better get that sendmail.cf file perfect the first time or Big Brother will come knocking to straighten you out!
I would prefer if the FTC spent their time going after the spammers, which are the real problem.
That was beautiful! It made me actually want to go to their wedding!
You think that I'm crazy, you should see this guy!
How, exactly, is the parent off-topic. Redundant perhaps, but not off-topic.
Anyway, I'm glad to hear this. In the last 12 months or so, my e-mail has gone from at most 4 or 5 spam messages a day to at least 25 each day, without my changing my online habits (w/ regard to who gets my e-mail address) in any significant way.
my pet machine
Of course you know the Federalist Papers were published anonymously. Anonymity is no less important today than then. It has become increasingly important over the past couple years with increased governmental survellience, control of the media, and intolerance of dissenting opinion. The FBI can even view our library record without a warrent! If you ask me, spam is the least of our problems.
Give me Classic Slashdot or give me death!
The very first thing I did in Linux was set up a Postfix server for our small company, having only ever been a pc user and having no tech training. I had a book and a few cd's of software when I started. Our lan had internal only ip's and a firewall connecting us to the 'net. When I told postfix to accept mail for relay only from the ip range in my lan, I figured I would be safe. Wrong. Since an attempt to relay mail from a website script that was on the net to test such things reported back that relay was not possible, I had to go back and re-read the logs for clues. Somebody was able to initiate a port 25 telnet session pointing at our external ip for the mail server on the firewall, which mapped it to the mail server, and then they could ehlo and send mail as the ip of the internal side of the firewall, which of course was part of that trusted network. I had to re-figure the ip addresses for "My Network" in Postfix to eliminate this one ip in order to stop it. The firewall was controlled by another tech, and he refused to help me or do anything to the firewall, so that was the quickest fix I could figure out. Let this be a lesson to all who point at "open relays"... An exploit is not the same as an open relay, even though it may look like one.
Flash is the Herpes of the Internet.
your.opinion >
Why warn? What kind of people are being warned? People who are either incompetent or ignorant? Is that who we are willing to allow administrate part of the Internet?
Not me. Close 'em down. Period. Now.
--Richard
The real problem? Wierd foreign programmers who don't understand How Things Work and moreover don't care, and executives that just want a working system and to hell with being a good netizen.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
The owner of the machine has at least some resources that could be attached by legal action. The spammer and the marketeer may not (at least not in proportion to the spam they sent).
Note that the Buffalo spammer just arrested got about $360 for millions of spam messages (and 36 suckers reeled it). There must be a reason he couldn't post the $20,000 bail.
Ok, I know that this is completely off topic, and not news (no pun intended), but WTF is up with News.com's URL? Is this some cheap attempt to be like GNU's recursive name ("GNU's not unix not unix not unix..."?)
Does anyone know?
Although the letter does not threaten direct law enforcement action, it does let open relayers know that they have been noticed and warned.
I guess I should put OBVIOUS tags around this comment, I'm pretty sure no one will care. Most of my open-relay spam comes from China, Korea, Russia, and so forth. I doubt admins in those countries care about what a US organization has to say.
Their open relays have been reported, almost definitely, by someone. The relays are still open. They don't care. They make it onto open-relay blacklists. The relays are still open. They don't care.
They get a letter? They care? The FTC expects something different to happen. Ha. I know every little bit helps, but if even one admin closes his open relay, I'll be surprised.
[/OBVIOUS]
"so will this finally convince mail server admins to shut down those open relays"
I've been convinced for a while... I just haven't figured out the sendmail config syntax yet
R$* . $| $* $: $1 $| $2
R$*.dialup.$* $| DIALUP $@ DIALUP
Rdialup.$* $| DIALUP $@ DIALUP
R$* $| $* $: $(Spam $1 $:NOMATCH $| $1 $) $| $2
RNOMATCH $| $+ . $* $| $* $: $>lookat_domain $2 $| $3
R$* $| $* $@ $>comp_value $1 $| $2
"R$". What The ????
She's pretty cute.
I get spam from a lot of places. I read several I18N/L10N mailing lists as well. I can't even read many of the languages I get spammed in. (For the record, I like the Korean spam the best. So far, it appears to have been for kitchen products. It is nicely formatted. I presume it would be readable if I read Korean.) But my point is, spam is coming from places outside their jurisdiction.
The net will not be what we demand, but what we make it. Build it well.
It's a protocol problem. SMTP is never going to be good enough. For example, I run qmail, courier, horde/imp. To keep it from being an open relay I use relay-ctrl. However in my testing (to make sure it wasn't open) I found a few very interesting things. On 99% of email servers if you know how to properly input the mail headers you can send anyone an email on that server.
... in conjunction with the OSS community) it would (theoretically) solve a growing problem.
;^)
Granted this isn't an open relay but if you have a list of everyone at intel (or not just figure out their email addresses via a web search). You could easily email all of them anything you wanted (as the spammer) only using their own mail server. I havent tried this on a lot of servers but I have a very high success rate (I only try it with my friends accounts on different servers and I let them know ahead of time so they aren't confused).
This just helps make my point. Non authenticated SMTP is killing the internet. If the big whigs would come out with a new OPEN protocol (AOL, MSN, Earthlink,
It would be good for the software makers of email clients/servers as well because they could sell an entirely new set of software.
I guess I'm just idealistic. I think it can be done.
Then again, if one more damn tornado gets within 2 miles of me I may move to Colorado (like all the Californians! lol
Now if they could just get this in Chinese, Korean, and Russian, maybe we'd have something here.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
I can remember when www.whitehouse.gov supported an open relay. It was freaky to send people e-mail from president@whitehouse.gov with www.whitehouse.gov in the headers. www.pentagon.mil and such government agencies as www.usda.gov used to be open too.
Shutting down OpenRelays will have a negligable effect on Spam, since any Internet connected computer can send tens of thousands of spams before anyone would even notice.
Also, there may be legitimate reasons to have OpenRelays. Much like there are legitimate reasons to have DVD copying software. Maybe only a few good reasons, but enough that they should not be banned outright.
The only legal action that these legal folks should be taking is against those spammers using deceptive practices, which is about all of them these days. For instance the false sender information and the innability to be removed from the list. Life was okay when you could get removed from a mailing list and you really wouldn't get any more spam from them, but now they just use it as a confirmation that the email is active and to send more email.
Open SMTP relays are not the problem any more than Open Routers are. Find the individuals that are sending these things and you will stop the problem.
What you're seeing is many people here who usually complain about the "evil gubmint" saying they finally got something right. This is a rare moment when the gubmint didn't jump in and write tons of outragious legislation. What us "slashdotters" (I hate that word) are saying is "Yeah, you guys usually screw up, but by sending just an informative letter you've finally done something right. Let's hope you keep up the good work." Intelligent people make up their minds on a case-by-case basis. Yes, many here think the government is often bad, but at least many also recognize when something's done right.
Developers: We can use your help.
This is actually a good idea ... although occuring at government expense, its certainly better than "the threat of blacklisting". Honestly, most people that unknowingly leave open SMTP relays are ignorant to blacklists anyway, thus "blacklisting" isn't much of a threat.
Skiers and Riders -- http://www.snowjournal.com
For those of you interested I posted more code for the honeymail project.
honeymail
Which is an anti-spam opensource forked SMTP server.
anime+manga together at last.. in real time.
Wonder what the law enforcement officials in Oklahoma thought when they saw a drove of Texas Highway Patrol officers storm one of their hotels?
The preceding post was not a Slashvertisement.
The FTC should send their PDF letter to postmaster@<open-relay-host>. However, it may get lost with all the spam flowing through there, so the FTC should send many copies over and over and over and over again to that host. Now, the FTC may not have the resources to send all that email, so that's where you, Joe Netizen, can help out. Send copies of the FTC PDF to the open-relay server. It doesn't matter if your emails bounce; just manipulate the sender address to bounce it back to the open-relay server.
Seems to me, this is a simple problem that can be solved very easily. The open relay is a free resource. Good netizens don't use them, so there's just more resources available to the spammer. If the open relay's resources are all tied up receiving and bouncing the FTC PDF, there's just that much less left to the spammer.
Eventually, the owner of the open-relay will get tired of having his machine wedged and will be forced to close it. Problem solved.
Watch, for their next letter, they're going to warn about the dangers of using Microsoft products!
I think a large percentage of blacklisted relays are simply off of the radar of the administrators responsible for them, and this is even more true for the growing problem of open proxies. It is no longer my experience that many people will deliberately choose to leave open relays after being clued in.
Blacklisting has proved to be an effective clue-stick for admins who have production email running on the servers in question. I think we currently have a big problem with inadvertent open relays or open proxies on networks with no human beings reading email for the usual suspects - abuse, postmaster, noc, and so on. Language barriers may be an issue too. I doubt I would be very responsive to someone telling me to close my open relay if they wrote me in Chinese.
I think these letters from government agencies may have a positive effect if enough real human beings read them and previously clueless admins suddenly wake up to what is going on with their network. The overall problem is not going to go away any time soon though, and if we don't get a handle on it we are going to have to go to whitelists across the board, which is a serious drag.
In the meantime, I feel very strongly about not exchanging email with servers known to be open relays or open proxies. I don't think it is too much to expect people to play nice, and refuse to play with them if they choose not to.
Cheers.
Did anyone else laugh when they saw Lic. Alberto Undurraga's signature? (bottom right corner of PDF). It looks like something a three year old drew!
Server "holes" of the type you describe is normal operation - It can't be shut down without neutering the ability to receive mail.
That said - Spamming people that way takes a lot more effort. The spammmer has to open SMTP connections himself to every mail server he wants to spam people on. This takes a lot more resources than putting 1000 addresses on a BCC list and firing the message off to an open relay that does all the hard work.
retrorocket.o not found, launch anyway?
Then, we can sell them these great ideas on how to double their manhood, get back a full head of hair, and info on how to fix their credit!
This is my digital signature. 10011011001
I hate to say it, but the series premiere of the short lived "Lone Gunmen" series stated it best. I will paraphrase here:
The government is not a single, unified entity with thousands of members acting towards the same goals. It is a collection of institutions each with their own goals and agendas, often operating at cross purposes.
To move beyond the point above, the FTC is as splintered as the rest of the government. It's starting to use the existing laws to go after SPAM, which is good. However, the portions of the FTC responsible for the whole High Definition Television mess is doing a less than spectacular job. The odds are good that the people involved in one project are not the same people involved with the other. Hell, each "Project" as I described above most likely consists of dozens of smaller units, no doubt mired in the same political issues as the organization as a whole.
Some people in the government are doing good things, others are doing bad things, most are just doing their functionary but morally neutral jobs.
The US Government is not "Evil" or "Good," and trying to paint it as one or the other is short sighted, childish and smacks of blind zealotry.
Please stop trying to see the world as black and white / good and evil. The real world is far more complex than that, as are the institutions that function within it.
One last example: Sony. Go through the Slashdot archives, and you'll find stories where they're the her, and stories where they're the villain. This is a reflection on the way actions of specific groups within the company were perceived, not on the "Evil" or "Good" nature of the company as a whole. Slashdot is not failing to "Make up its mind" but is reflecting the fact that sometimes a company does good things, and sometimes it does bad things.
And by the way, contrary to popular belief, Slashdot does not have one "Mind" to make up on any issue. It too, is a collection of individuals with their own agendas, views and opinions. If you are expecting any kind of unity of Slashdot users on any one topic, then you are insulting the intelligence of said users. We are individuals. This site has readers who love the Government and never question it's actions, and people who hat it with every fiber of their being. The site also has people at every level between the extremes.
"Love your country unconditionally. Love your government only when it deserves it." -- Mark Twain
"Live Free or Die." Don't like it? Then keep out of the USA
That's just sic man. What kind of pervert are you anyway?
I used to think the GoatSE.CX and TubGirl.com people were perverted but you take the cake.
PS: I'm still moping up my lunch.
--= Isn't it surprising how badly I spell ?
"Hey, THAT's where the free doughnuts are!"
Please stop trolling.
Taking one step forward will have a negligable effect on my hike, therefore I will not take that step to begin my hike.
Right. Every little bit counts. Take a look at your mail server logs sometime, there ARE relay raping bots out there, and they DO find open relays, and they DO find spam.
Closing the open relays will help some. RBL the ones that do not get closed, that will help some too. Go after the guys paying the spammers, that will help some. Track down, arrest, and jail guys that release SMTP Trojans, that will help some. Sue and harrass the spammers until they cry, that will help some too. Block all traffic from countries you don't deal with... WTF do I care of some jerk-off in Korea can email me or not, I do not speak the language and know nobody there.
It's ALL necessary, and it all should be done. Saying "this one step won't do it all, therefore I will not do this step" is just stupid logic and assures that the problem continues.
Note, do what you want with your mail server, but don't expect to be able to email mine if you got an open relay, appear on a list, or come from someplace I do not do business with.
The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?
Well for Fred's sake, if the threat of being blacklisted hasn't worked, then how the hell "attempting to educate them" will?
Then it would cut down on the unintentional blocking of innocent emails. It is a sad fact that when an open relay gets blacklisted, innoncent users of said relay are suddenly unable to send email. I understand why people use blacklists, and in some ways I agree with it. If your ISP got blacklisted because of an open relay, would you call and complain/take your business elsewhere? Blacklists hurt the companies where it hurts, the bottom line. By sending out those letters, I think that it would bring admins to attention. It always astounds me the number of clueless admins out there, and I'm sure that some of those open relays are accidental. That letter might cause them to wake up and do their job the way their supposed too. There will always be some open relays, but more and more of those will just get blacklisted at an ever increasing rate as their numbers shrink. Worst comes to worst, we can always send in the Marines and take them over.
Now, if that makes sense to anyone, could you please explain it to me? I think I've confused myself.
Instead of RBLing open relays, there should be a whitelist of SMTP servers. Ultimately mail servers would allow email only from whitelisted servers. During the transition, mail messages from non-whitelisted servers would be delivered but a warning message would be sent to the sender automatically.
The central SMTP server whitelist could be administered similarly to the top-level domains. To get on a whitelist one need only submit a WWW form to one of the administrators for a small fee. The application would be approved only (1) for IP addresses that host the DNS server of a domain owned by the applicant or (2) for IP addresses owned by the applicant.
Here are some articles covering proxy abuse and the Sobig virus/Spam connection which detail some of the current techniques of spammers and how to fight them.
Either your with us or your against us.
Slightly OT-but has anyone used DBMail? What were there experiences with it?
Also anyone know any "good" sources on properly setting up OpenLDAPv2.0?
Maybe the documentation for their mail server is only in English and they only know some other language(s) so they can't find out about how to properly use the server. Supposedly this is part of the problem with open relays in Asia.
This is like saying "the documentation for the AK47 was only in Russian and that's why I accidentally shot my neighbor."
A mail server configured as an open relay could cost countless hundreds of thousands (maybe millions) of people time and money. If you can't read the English documentation that accompanies the mail server, then get a mail server with docs you can read. If you can't find one, then don't run a mail server.
Ho Lee Phuc's inability to read English does not mean that everyone else on the Internet should suffer the consequences.
WHAT? A 16 HOUR LATE FAILURE?
I don't think the Federal Trade Commission has anything to do with High Definition television. You are probably thinking of the Federal Communications Commission (FCC), a den of corruption.
I mean how is "Joe", some guy somewhere else than in the US, will care about what the FTC will do ? The FTC have no legal power on server outside the US, as long as the server are in compliance with local law. For those server the only way to go is black listing, and it doesn't seem to be that great a threat...
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
I beg your pardon! Over the last year it's been consistently explained to us by our leaders that the world consists of good people (us) and evil people (them). These evil-doers who hate freedom (actual quote, no less) and those who harbour them must be destroyed, because they are evil (presumably, once that happens, everything will be good), and we are good.
I don't know where you get your information from, but that is the official stance of this country, and I for one will not be one to go against the majority.
sic transit gloria mundi
The question isn't who can send mail to local users, the question is which address ranges are allowed to send mail to anyone. Obviously, trusted users (those on a trusted network) are allowed to send mail to any domain; spam is caused in large part by ALL IP RANGES being allowed to send mail off a given server to anyone they want.
This is an open relay, and this is what needs to be stopped.
dmiessler.com -- grep understanding knowledge
"Come on, you don't mean that. If somebody sneaks into your house while you're not looking, "borrows" your gun, goes out an kills somebody, you're responsible? You could be accused of negligence but you're not really responsible for the killing"
Here in Calif. unless you lock it up, with an approved security device or trigger guard YES you are and can be held responsible for gross negligence and possible homicide...no one has taken the homicide charge yet buty there have been cases of negligence enforced I believe...
I agree with you on the Key issue regarding email though...
errr....umm...*whooosh* *whoosh* Is this thing on ?
I don't know if Wirehub is representative, but in this RBL, open proxies clearly outnumber open relays.
there is legitamate reasons for open relays, but it is not necessary for it to be open. It can be closed off in a reasonable manner, ie auth necessary. it will accomplish the same thing, but not allow abuse.
it is not like the DVD case, there is no reasonable use that cannot be accomplished with a small amount of effort. having a totally open relay is not a legit thing. if it is totally open, there could still be limits to prevent abuse. (you cannot send 4.5 million emails a day?)
The way to deal with spammers and open relay is to revoke their IP address.
this is good that the FCC is taking this step. i wasn't aware that my boss had left our exchange server open until a group of tawainese spammers were already using our open relay for a few hours. once i had them blocked at the firewall, i went to investigate. i found the relay open to mail and locked it as well. it's funny b/c i really would have thought that he would have done a better job at securing the server, but it must have been overlooked. nonetheless, a simple reminder would be nice to folks in situations similar to ours.
There are at least a couple of worms out there that install an open relay or an open proxy (that can be exploited for sending mail) on any infected PC. So now your Joe Homeuser is actively running an open relay. Because the application is a socks5 server or something similar his antivirus won't notice it, even if it removed the original worm. These are popping up everywhere and with always on broadband internet they're great for relaying spam...
Trying to crack down on open relays is futile, IMHO. The various open relay databases are already doing a good job of tracking open relays and it ain't working. Crack down on the individuals abusing resources they do not own or have any right to use.
I think that the open relay problem requires a multi-facited approach. IMHO, the open relays break down into several categories that require different solutions.
1. Legitimate mail servers that are open because of old software installs that haven't been updated, perhaps because that's a low priority. Here, education is a good first step, but threatening to blacklist them and actually following through if necessary will do the trick.
2. Legitimate mail servers that are open because they're running very old software that's difficult to patch because of its age. Here, the admin may know that there's a problem, but he or she doesn't have the time to dig around for hard-to-find fixes, and retiring the old machine might not be an immediate option. MAPS has a good idea with its list of patches for various MTAs. I tended to get more successful communications with admins when I told them that MAPS had these resources for them to use. FYI, here's the link.
http://www.mail-abuse.org/tsi/ar-fix.html
3. Machines that are running MTAs but aren't an organization's real mail servers. These would be around because someone did an OS install that didn't really need a mail server, but they put it in anyway, then promptly forgot about it. They may not even know what they did. In this case, blacklisting that server doesn't mean much. Whoever administers the official mail servers could care less because that isn't a machine that is their official server, so why should they care? This could be a problem in a large organization, where you may have a bunch of uninformed bozos setting these things up faster than you can blacklist them. In this case, the only way to get results is to just blacklist the organization's entire IP space. Yes, I know that this would impact the real mail servers, which may be secure, but it'd also get the admins to take note and apply a clue-stick to the ones throwing insecure machines onto the network.
4. Servers with admins who don't speak English. Having informative material available in different languages would be a good thing. The Chinese admin you e-mail might actually care about the problem if he could understand the issue a little better. If nothing else, having the info in various languages negates the argument that these admins don't have resources to fall back on.
5. Servers on networks where the admins just don't give a damn. We've discussed this on Slashdot before, especially regarding Korean and Chinese networks that are getting blanket-blacklisted. I hate to see siginifican't chunks of the Internet being walled off, but if that's what it takes, then so be it. These brain-dead admins will either have to eventually clean up their networks or have no one else who'll receive their mail. In either case, the problem will take care of itself.
for providing the single american answer to every problem: sue the bastards. /sarcasm
simon
home page
He would have been begging to help you in about 15 minutes. :-)
I'm a spammer.
I want to avoid being caught/traced.
As a software developer I can do these things with the list of email addresses I have:
1) setup a server, spam, get blacklisted
2) look for open relays, spam, move on (by far the easiest, which is why we need a different protocol).
3) create a program that forges tcp packets for connecting to a mail server for X number of addresses, sends all the desired info from an email address to it's own email address.
Voila, spam that is very difficult to trace and trivial to program. Hell I may just become a spammer for a proof of concept (joking).
Why is this not a concern if #1 and #2 are stopped somehow (I don't think #2 will ever be stopped by the way).
If you forward this PDF explaining open relays to all your friends, Bill Gates will give you a dollar for every closed relay the PDF goes through.
----
All of whose base are belong to the what-now?
You make a valid point regarding the US government.
However, I remain convinced that M$ is a monolithic evil entity that exists for the sole purpose of making my life hell, and nothing you say will convince me otherwise.
(thankyou) Aaand the only form of advertisement that is banned/bannable in America today iiiis.....
laser stencilled logos on aborted foetuses !
Come up here aborted foetuses and take a bow, you are the most important person in America (after Bill Gates' esophagus and Jack Welch's large intestine, and Jennifer Lopez's anus).
Finally! a step in the *right* direction ...
now just BAN ALL OPEN SMTP RELAY SERVERS!
There is NO-REASON they should exist.
Laziness dosen't count.
Did someone over at FTC suddenly take a 101 in how the net works or something?
Because this is an anti-spam move that actually makes some sense!
People *SHOULD* be held responsible for the damage there open smtp-relay server causes.
That might knock some sense in to em!
Oh, and don't forget ALL the slightly older Exchange customers.
Oh shucks, did I forget to mention the older Novell installations? Must have slipped my mind.
Whoops! I almost forgot the Lotus customers. Now that was a pain in the ass.
Let me summarize it this way. If you are a system's administrator of ANY kind then you WILL NOT be running an open relay. If you are then you truly are incompentent and have absolutely no business running any system. I can think of more than a few people from over the years that meet this criteria. Incompetence doesn't appear to be a dieing disease.
flood the crap out of all found open relay servers. someone wanna make a script for that?
.. it'll eventually overload and be rendered unusuable.
..
if the scanned/found open relay is flooded to death itself
someone please create a script to do this!
sending that PDF would be one sure fire way of killing it off
What an awesome idea! U rock!
Just start having open relays do DOS attacks on each other, sending 2 MB files back and forth all day.
Oh, and I forgot to mention AppelShareIP. It's an open relay by default. I know many a school district that didn't hire a compotent person to set up their AppleShareIP installations and were then blacklisted from running an open relay.
It should have had words like these:
"In addition, please keep in mind that excessive bandwidth costs from an open relay are not a business expense and can not be used as a TAX DEDUCTION. We have sent your company details to the IRS so they are aware of this problem."
Most small clueless compaines have no idea who the FTC is but they all know about the IRS.
Not sure what you mean by "Open Routers" but if ISPs did Ingress and Egress filtering* at their edges, [D]DoS attacks with spoofed source addresses wouldn't be possible. You'd always know from what ISP a packet came from.
If you always knew that a packet came from a legitimate ISP, you'd shutdown BGP-enabled spammers. If all ISPs did proper BGP filtering, large spammers who suddenly start announcing a netblock not in use (and not owned by them), spam, and then stop announcing it (thus making it impossible to track them down), those spammers couldn't operate either (the huge ones that get T1+ connections to do dedicated spamming).
The problem is that this takes more RAM in routers, and it also adds some latency (although most core routers can do wire-speed layer 3 ip filtering).
*
Ingress filtering is dropping all packets that are supposedly sourced from my networks address, but coming from an external source AS (Autonomous System)
Egress filtering is dropping all packets originating from my network being routed to another AS that don't in fact belong to my network. In other word, someone is using bogus address space that will never be routed back to me.
The "edges" are both at NAPs/MAEs talking to other AS (ISPs, mostly), but also my customer edges. If I've assigned a netblock to a given customer, I shouldn't ever receive IPs sourced from another netblock.
I know of course that BGP multi-homed customers can have netblocks from other ISPs, but again, I should know about all of those in advance as I should be filtering what BGP routes I'll accept, which can easily be used to filter what netblock as valid for souced traffic.
That's the hardest thing about tracking down many forms of abuse ([D]DoS from a single source, spam, etc.) is when it's done with a spoofed or very temporary address (in the case of a BGP-enabled spammer)... unless I have cooperation from all the ISPs backwards to the abuser, in real-time, I cannot source it and have it dealt with.
However, I remain convinced that M$ is a monolithic evil entity that exists for the sole purpose of making my life hell, and nothing you say will convince me otherwise.
Microsoft Natural Keyboard Pro (The one with the normal position for Insert, Home, Del and so on))
Microsoft Intellimouse Optical
And with that I'm out of arguments.
"Live Free or Die." Don't like it? Then keep out of the USA
My Bad.
However, the general point stands. Both are part of the same government, one part doing something good (At the moment), the other screwing up big time.
"Live Free or Die." Don't like it? Then keep out of the USA
Instead of getting the person who is doing wrong, they are coming near to threatening people doing nothing wrong (other than being ignorant).
I should be able to put a server on the net with weak passwords, and open relay and an anonymous ftp without worrying about hackers, spammers and leechers. (Well...again, that would be dumb, but I'm not doing anything wrong.)
What's next with this kinda legislation??? You are warned that you can be held responsiable if you walk down the wrong street and get mugged? You don't have your wallet on a chain in a zipped pocket - well, it's your own damn fault you got pickpocketed. Telemarketter calls and you're on a don't call list, well, it's your fault for being at home and having the ringer on.
Society sucks.
That sounds pretty absurd, but when I came back from a day trip I made to New Glasgow, I checked my e-mail, as I tend to do. Instead of the 56 or so wastes of my time that I just mass-delete, there were 8. This is odd.
--Dan
Well, Saddam should have been taken out during the first Bush lead Gulf War, but political pressure forced the US to stop.
That said, the present administration is using September 11 as an excuse for a whole slew of nasty things. Patriot Act = BAD.
We won't know how well Bush did until the present 20 somethings are old and gray. If Iraq, Afghanistan, Sudan, India, North Korea and any other nations we attack are properly reconstructed and rebuilt, they'll be islands of stability in the Middle East.
Of course, The Shrub is more likely to take control of the oil and lead us into a morass that will make Vietnam look like a Sunday School Picnic.
Only time will tell.
"Live Free or Die." Don't like it? Then keep out of the USA
After over 5 years of blackhole lists publicizing the problems with open mail relays, this won't change one thing. The only thing that will stop it is for George Bush to declare open mail relays part of the Spam Axis of Evil and threaten to send in the marines on preventive strikes against open relay server rooms wherever they may be in the world. Even then I'm not sure :-)
Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
Due to some HUGE oversight, for a long time, the main Mail server for UCLA students staff and faculty was open, until it suddenly (at some point last year) got blacklisted. It caused some real waves when 40,000 people's emails started bouncing because their recipient's ISPs used the blacklist that UCLA mail servers were placed on. Some email still went through, but enough People In High Places were bouncing emails that I'm sure some heads rolled behind the scenes in the CTS and MIS departments.
It ended up getting resolved pretty quickly.. it took about a week or two for things to go back to normal once they got the authentication system working on the SMTP host.
Blacklisting a mail server can sometimes be a VERY effective way to endeavor change...
I don't think that's a real letter. I mean, come one, have you seen the signature in the bottom right hand corner? I've seen clouds make more sense.
In the course of helping a small non-profit tighten up its mail server and web server, we inadvertently enabled open relaying on the mail server... the damn thing was relaying spam within minutes. Seriously, in the time it took to go to the bathroom and come back, the server was completely saturated with messages. The spammers found the open relay within a 10 minute period - and this isn't the first time I've seen/heard of this happening. Is the spammer software just too good now? Will FTC mailing to notoriously permanent open relays even help?
Everyone will start to cheer when you put on your sailin' shoes.
There was something in the news about scammers being rounded up. I see the spam load is back, as of this hour. Perhaps those not busted returned home after finding they weren't on today's list of criminals to be incarcerated.
A feeling of having made the same mistake before: Deja Foobar
Anyone else think 'Star Motion Trek Picture' when reading SMTP?
---- The above post was generated by the Turing Institute. Maybe.
Who is going to check every header in every email?
.01% response rat is concidered wildly sucsessfull by SPAMMERS.
obviously nobody is going to even try, but a yahoo, aol, msn, Earthlink, or hotmail are going to have hundreds of smtp machines load balanced off one IP address, set up ten out of a hundred to check headers throughly and it'll stop a lot of spam.
I know that your thinking that this would be like the dutch-boy with his finger in the dike, here why I think it would be effective
1. a spam campain that generate a
2. if you block the one email out of ten thousand that generates revenue, then the spammer has to send an additional 10K Emails to make up the shortfall.
the cost to the ISP rise linearly, the cost to the SPAMMER rise exponetily; and the ISP have deeper pockets to begin with. Add in the blacklists and the big time spammers are done.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Yes, my spam count is way down too for the last 2 days or so. The Feds coralled about 135 crooks according to CNN. So, instead of the usual 150 spams a day, I only got about 50 yesterday, but today it is up a little again.
Oh well, what the hell...
yeah, but in reality that is virtually impossible.
this is next best thing...
If you are on the Internet, you should be held responsible for what your workstation / server / network, with the only defense being a demonstration that you followed "best practices".
Expecting someone to defend successfully against a zero-day exploit is not reasonab.le.
If you own a car and don't have any experience behind the wheel and decide to go out and get some and plow into a bus stop full of children, are you saying that you should not be penalized?
A few high-profile prosecutions of admins and/or end users of cablemodems or DSLs running open relays and the rest of the population will either get a clue or get the hell off the Net. Either would suit me.
Tech Public Policy stuff
This is what I sent the FTC about this to the comment e-mail in the PDF:
Date: Fri, 16 May 2003 20:30:46 -0700
To: relay@ftc.gov
From: "A.Lizard"
Subject: re: open relay letter
The letter lacks teeth and it's far too polite.
This is *really* too bad because decent threats in a letter with the number of undersigned law enforcement authorities *would* intimidate the people who need to be intimidated most. People who enable spam must be held accountable with the spammers.
Perhaps a new offence called "Accessory to Spam" should be created in conjunction with anti-spam legislation under debate in Congress.
You might see if you can get the Director of the FBI to sign onto the *next* version of the letter as well.
If your server is an open relay, and you are interested in closing it,
Yes, that's an actual quote from the e-mail.
What the idiots who run open relays need to hear is:
"shut down your open relay or we'll think of a way to shut you down permanently and get you massively fined and/or sent to jail. We are researching Federal law to see if we already have the authority to do this, and we will be requesting legislation for this purpose if we don't.
Clean up your act or the next communication you may be getting from us is a summons, a warrant, or a notice from your bank that your bank accounts have been forfeited to the government."
There may be methods of enforcing threats of this sort within the existing body of law.
Even to a foriegn Internet provider, suggestions about "forfeiture of bank accounts within the USA" might get a certain amount of attention.
A.Lizard
Tech Public Policy stuff
Thinking about this, perhaps the FTC can prosecute open relay operators on the grounds of "being an accessory to fraud" after sending them ONE warning that they are running open relays used for that purpose.
I just sent the FTC comment address in the letter a copy of the above paragraph.
Tech Public Policy stuff
on doing something about it yourself (Ralsky's address can be found by searching slashdot) don't whine.
Tech Public Policy stuff
While a South Korean individual broadband user doesn't have a US bank account and probably isn't interested in sending mail to the US unless he has relatives there, I'm sure Korean Telecom does have US bank accounts and does want to be able have its users send mail to the US.
Tech Public Policy stuff
The two most common things in the universe are hydrogen and dumbness. Neither of them can be dealt with by legal action or "education". How do you want to deal with clueless PC users who hang off a dynamic IP infrastructure and have no administrator's e-mail address? Duh.
The FTC should rather have a word with Microsoft and dynamic IP ISPs.
With great power comes great electricity bills.
I don't know where you get your information from, but that is the official stance of this country, and I for one will not be one to go against the majority.
I'm afraid you seriously mean that don't you.
What democracy do you get when every opinion is that of the majority?
Your quotes were on the mark though.. the 'axis of evil' has never been more aware of the fact that a new cold war is to be upon them. I wonder if the US is aware they are not only refueling their own but also Russia's and China's war-economies. Thank you Mr. Wolfovitz. If I ever meet you I won't hesitate.
With great power comes great electricity bills.
First off, there seems to be the mention of Law Enforcement and the offical look of a letter that could be taken as threatening. While many would argue, and be right in most cases, that a open mail relay is bad design/admin of a mail system I currently don't know of any section of federal or state code which make it illegal. If there is such a code could someone provide us with the # and contents or link to the contents of such a law. Assuming an open relay is not illegal why is the government worrying about it? I understand the "good" they feel they may be doing. But, then the arguement can be made concerning the purpose of governments and the "good" they should or should not be purposing in my life.
The second item I thought of is can't an arguement be made that an open mail relay is a method of communication that is protected under the First Ammendment? Just as you get the snail mail in your box addressed to Resident and frequently containing information you care to not read --- so does spam. The difference? Snail Mail the sender pays Email the receiver pays. However, the methods used and freedom of us of those methods aren't beholden to the payee but the First Ammendment. I agree we all hate spam and that 90-99% of it is worthless. There's lots of waste and worthlessness of various things within our society but it's one of those freedoms that we all enjoy so much.
Go here for more info.
I have discovered a truly remarkable sig which this 120 chars is too small to contain.
Wouldn't it be better to make all SMTP Servers give the illusion that they are an open relay and just drop bogus relayed messages into /dev/null
I mean right now it's easy to detect open relays, we need to make determining if a reley is open or not more difficult.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
Of the Federal Government poking its nose into someone else's business.
I receive a LOT of spam and I have NEVER received any political spam. The nearest to political are the pleadings of poor widows in Nigeria with money trapped by corrupt governments or wicked rebels. Nobody is using open relays to forward a political agenda or publish their unpopular opinion...they're selling crap!
There are plenty of ways to post anonymously without resorting to using open relays.
PS - I do agree with you that the Patriot Act is a more serious problem than Spam.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
An entity providing open relay access can be enabling fraud-by-wire. An entity warned of this who doesn't stop providing this access can be considered an accessory to fraud, even if the entity has no ostensible connection to the spammer. All it takes to prove it is a header with an unforged IP pointing at the open relay operator, perhaps backed by ISP records at both ends coupled to proof that the entity was warned.
This is a hell of a lot more just than, for instance drug forfeiture is.
You were saying something about "no leg to stand on"?
This surprises me a bit, but it appears that existing law can be used to clean up the problem. And there is no "slippery slope" here, committing fraud is illegal. Helping someone, even if only knowingly providing the facilities for this commit fraud is illegal. Why should the law on this be different in meatspace v the Net?
Usual disclaimer: IANAL. Look up legal definitions for "accessory" if you disagree.
Tech Public Policy stuff
But it takes extra CPU on the spammer's end, and *MUCH* more importantly, it takes a lot more bandwidth.
As another poster said, any mail server program will already provide the functionality you describe. But it moves the CPU usage and the bulk of the bandwidth to the spammer and not the open relay he/she is abusing.
retrorocket.o not found, launch anyway?
One two birthday, three four birth ... yeaaaarrrrrghhh!
But THINK, please.
First of all this scapegoating of open relay operators hasn't worked to stop spam (the real goal) in all the years it's been practiced by the private sector (MAPS and successors/imitators.) Shouldn't the FTC read and understand RFC 2505, just like anyone else should? It says the relay rules won't work to stop spam, remember? Most open relays have been because the operator ran the software as shipped. I at one time managed Unix systems from 4 vendors, all with sendmail configured open. I can't recall a message from any of those vendors, ever, telling me they'd shipped a badly-configured sendmail. I got no feedback or warning from anyone until after I'd already taken my own action - and that feedback was wrong.
Second, all the attention on open relays has caused a partial shift of the spammers to use of open proxies. If the FTC were serious about this shouldn't they also draft a letter to send to open proxy operators?
Third, you can't ever expect the FTC to recognize this but an open relay operator is ideally placed to cause a spammer serious harm. Here's where it really pays to think. Many of the open relays are just Unix/Linux boxes with trivial or non-existent email tasks but that are running an MTA because it's the default. It's easy and worthwhile to secure these the "standard" way but it's even better to convert them to honeypots. The longer the spammer has abused them the better that would be. Secure it the "550 we do not relay" way and the spammer spends microseconds longer on that system - it costs the spammer nearly nothing to stop sending spam to it. Configure it to accept but then discard (or simply archive) the spam and the spammer can waste a lot of effort and resources sending it spam. Finally the spammer will recognize it doesn't relay. How will the spammer know when the change occurred? And the operator then has all that spam to examine. If the operator can trace the spam back to its origin (which may be hard - many spammers go to the open relay through an open proxy) he can send a very powerful complaint ot the ISP.
To me it makes far more sense to point out ot the open relay (and open proxy) operator the things he can do to cause spammers harm. Instead the common knowledge sems to require that the open whatever operator do as little as possible that harms the spammer - it's almost as though the spammers are giving false advice to make their jobs easier.
Of course you don't have to just do this with existing open relays. Most people with even rudimentary alertness understand that the spammers constantly test systems for vulnerability. That is opportunity knocking - pay attention. If you have a spare IP and a spare (even if really old) computer you can set up a honeypot. The spammers will very soon discover it, you can be in operation quite soon.
The FTC is part of the government. Which of the three most popular lies is the one about "I'm from the government - I'm doing this for your own good"?
Windows users: see jackpot.uk.net