Slashdot Mirror
FTC vs. Open SMTP Relays
HighOrbit writes "Cnet reports on news.com.com that The U.S. Federal Trade Commission, several state Attorneys General, and Australia, Canada and Japan are sending this letter (pdf) to operators of open relay mail servers to educate them on the dangers of open relays and how they help spread spam. Although the letter does not threaten direct law enforcement action, it does let open relayers know that they have been noticed and warned. The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"
How am I supposed to find out about herbal viagra, hot co-eds, batteryless flashlights or stainless steel if this succeeds?
I'm going to write my Member of Parliament about this.
Trolling is a art,
I remember (fondly) a few years ago when open SMTP relays were still considered a standard setup and not a major security risk. The FTC is definitely doing the right thing in alerting admins to the risks they are taking and helping them to learn how to better protect their infrastructure, as well as the burden it inevitably places on the rest of the internet community when a spammer eventually finds their open relay and shares it with others. Kudos...
... alot of IBM AIX customers are going to get this letter:
0 03 -05-13/2003-05-19/0
http://www.securityfocus.com/archive/1/321307/2
[Got Hosting?]
just out of curosity, why would any mail admin want to have an open relay? it must cost the isp time and money as well as make them look bad to the community in general. even those who do support spammers for profit, even they must have some sort of authentication?
all this time thinking its just horrible admins who dont know how to do their job, or are to lazy to do it right
Maybe I'm the only one that had this train of thought, but I'll put it here anyways. I, personally, run a home-based server that runs many services (web, ftp, SMTP and POP3 are some of them).
The threat of being blacklisted would make me change my ways, as I have nothing to gain and everything to lose should that happen. I would presume the same is true for most sys admins out there, who run *honest* servers.
Now let's say that the few "Open Relay" servers that are left are threatened, but they don't take action. Pardon my conspiracy theory, but it may very well be that these "innocent" open relays are in fact sponsored by spam clearinghouses, in which case server admins have monetary incentive to NOT close their relays.
I'd imagine the few open relays that are left are supported by spammers in some way, as they are key in spreading spam, and most people don't want spam passing through their systems anyway, so any anti-spam person would probably close their relays as soon as they are first notified.
So to relate this to the article, I'd say that a letter from the FTC that doesn't threaten *legal* action will provide no more incentive to these system administrators to close the relays; thus the letters become little more than a waste of paper...
Just my thoughts on the matter.
I think this letter is a good way to let ISPs know that big-bro is watching. The letter did not threaten, it only offered advice. But the casual use of "law enforcement" does give the letter just enough bite to be worry some.
:)
Good job (i don't say that too often about my gov...
"Those who make peaceful revolution impossible, make violent revolution inevitable" - JFK
Maybe if the threat hasn't worked then they should actually be blacklisted?
My next sig will be ready soon, but subscribers can beat the rush
I'm really glad to see the Texas seal on this document. It's really disturbed me to see Texas just standing by and ignoring the spam problem. I personally think any spammers caught in-state should be roped and dragged to the middle town to let the people decide what to do with them. We're already proud to be #1 in executions, cowboy justice would just up our position.
The preceding post was not a Slashvertisement.
Rumor has it that there's a whole bunch of open relays out there which are owned by the spamhausen. (I'd love to see some evidence to the contrary, but that's asking proof of a negative, so I won't hold my breath.) If we accept that rumor as fact for the sake of argument, all the FTC letter is going to do is tell said spamhausen that their crap is getting to the target audiences, and they'll happily redouble their efforts.
It's been said before, but it's worth repeating. The best way to eliminate spam is not to go after the machines (and coincidentally the people in charge of the care and feeding of them). Go after the people and companies hiring the spamhausen...the ones pushing their "herbal Viagara" (sic), pr0n, better mortgage rates, and so forth down the wire and into our overloaded mail accounts. Take away the revenue stream, and all those open relays will go idle until someone puts them to better use (for example, Quake 3 servers).
Just my two cents' worth...save up the change for a root beer or something.
All the world's an analog stage, and digital circuits play only bit parts.
Signed by (among others) the attorneys general of Texas, Louisiana, Oklahoma, Arkansas, and New Mexico. Where are the states that are sterotypically tech-savvy? Where's Washington? Where's California? Why are southern states taking the lead on this? I'd think it was just a regional US thing if it weren't for the international signatures on there. Is it easier to get international agreement than interstate agreement? Seriously, what gives here?
The threat of being blacklisted has not worked yet, so will this finally convince mail server admins to shut down those open relays?"
I seriously doubt it. The one time that I informed a sysadmin that he had an open relay I got back a long e-mail on how "this is the way the internet works", that may have been true in times past but it certainly was no longer true in 1996, and it even seemed a bit snotty.
Now these guys are going to get a letter from the 'lowley' government? LOL, unless it comes from Bill Gates, in most cases, or Linus in others, they will blow it off or try to have a stupid flamewar.
Eve Fairbanks says I drive a hybrid!LOL
Imagine my utter surprise when I returned from running to the PO and Baja Fresh, during lunch, hit [Get Msgs] and Nothing was there to download!!!
I've been getting from 120-180 Ralsky-grams a day and nothing in the space of 45 minutes is downright unbelievable. I zipped over to the news to see if his house had been raided or he'd been kill by an irate sysadmin. Nothing on the news about it, maybe something is happening? If so, he and his animal food trough wiper friends will probably take a little while to shift over to some other sites and get caught up.
A feeling of having made the same mistake before: Deja Foobar
Right now, 70% of all the mail that arrives at our domains is spam. Perhaps half of that gets filtered, but that still leaves an uncomfortably large amount.
RedHat did a good thing by disabling sendmail receive/sending on default installs of 8.0 and forward. Now if they would only turn off portmapper and a few other things...
Newsfollow.com
The real problem? Wierd foreign programmers who don't understand How Things Work and moreover don't care, and executives that just want a working system and to hell with being a good netizen.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
I value anonymity as much as the next guy, but I spent 6 hours of my work day today trying to sort through nearly 30,000 received by my company. I'm creating a DB for Spam/Ham so with a little script, I can show my bosses how effective a bayesian filter can be and I can get on with my life.
...) for a lot of things. My work email is for just that: work. My home email is for friends and family. My hotmail is for everything else. You can still have anonymity and be regulated. I heard a rumor recently that Hotmail put limits on the number of mails you can send a day (I think it was 100) and the number of TO:, CC:, and BCC:s you can have (again, i think 100). This still allows us Joe Users to send what mail we need to anonymously, but still makes spamming from them difficult (but not impossible).
I prefer to use anonymous mail (hotmail, yahoo, etc
-Ab
Nothing fails quite like prayer.
What you're seeing is many people here who usually complain about the "evil gubmint" saying they finally got something right. This is a rare moment when the gubmint didn't jump in and write tons of outragious legislation. What us "slashdotters" (I hate that word) are saying is "Yeah, you guys usually screw up, but by sending just an informative letter you've finally done something right. Let's hope you keep up the good work." Intelligent people make up their minds on a case-by-case basis. Yes, many here think the government is often bad, but at least many also recognize when something's done right.
Developers: We can use your help.
Watch, for their next letter, they're going to warn about the dangers of using Microsoft products!
I hate to say it, but the series premiere of the short lived "Lone Gunmen" series stated it best. I will paraphrase here:
The government is not a single, unified entity with thousands of members acting towards the same goals. It is a collection of institutions each with their own goals and agendas, often operating at cross purposes.
To move beyond the point above, the FTC is as splintered as the rest of the government. It's starting to use the existing laws to go after SPAM, which is good. However, the portions of the FTC responsible for the whole High Definition Television mess is doing a less than spectacular job. The odds are good that the people involved in one project are not the same people involved with the other. Hell, each "Project" as I described above most likely consists of dozens of smaller units, no doubt mired in the same political issues as the organization as a whole.
Some people in the government are doing good things, others are doing bad things, most are just doing their functionary but morally neutral jobs.
The US Government is not "Evil" or "Good," and trying to paint it as one or the other is short sighted, childish and smacks of blind zealotry.
Please stop trying to see the world as black and white / good and evil. The real world is far more complex than that, as are the institutions that function within it.
One last example: Sony. Go through the Slashdot archives, and you'll find stories where they're the her, and stories where they're the villain. This is a reflection on the way actions of specific groups within the company were perceived, not on the "Evil" or "Good" nature of the company as a whole. Slashdot is not failing to "Make up its mind" but is reflecting the fact that sometimes a company does good things, and sometimes it does bad things.
And by the way, contrary to popular belief, Slashdot does not have one "Mind" to make up on any issue. It too, is a collection of individuals with their own agendas, views and opinions. If you are expecting any kind of unity of Slashdot users on any one topic, then you are insulting the intelligence of said users. We are individuals. This site has readers who love the Government and never question it's actions, and people who hat it with every fiber of their being. The site also has people at every level between the extremes.
"Love your country unconditionally. Love your government only when it deserves it." -- Mark Twain
"Live Free or Die." Don't like it? Then keep out of the USA
Geez, Sparky, lay off the sendmail.cf - that's for masochists. Everyone else uses m4. 6 lines of simple macros with human-readable names is easier to maintain, too.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Here are some articles covering proxy abuse and the Sobig virus/Spam connection which detail some of the current techniques of spammers and how to fight them.
Who is this collective "you" that you're talking about? Do you realize that you're in a big room, eavesdropping on a thousand conversations, and you really don't know exactly who is expressing each individual opinion that you hear?
If I say that I like to eat a good steak, and someone else says that "meat is murder", neither of us is guilty of hypocrisy just because we were both in the same room when we uttered our opinions.
That's the way it works in the real world, and it's the way it works in "virtual rooms" like slashdot. I'm sorry, but you are going to have to stop thinking of online forums as one large group of clones with identical programming.
Unless you can specifically find a fixed individual who has uttered incongruous statements, you have no grounds for your complaint. And even when you do, your complaint is only valid with respect to that individual...not everybody else who happens to be there at the time.
The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...
"Come on, you don't mean that. If somebody sneaks into your house while you're not looking, "borrows" your gun, goes out an kills somebody, you're responsible? You could be accused of negligence but you're not really responsible for the killing"
Here in Calif. unless you lock it up, with an approved security device or trigger guard YES you are and can be held responsible for gross negligence and possible homicide...no one has taken the homicide charge yet buty there have been cases of negligence enforced I believe...
I agree with you on the Key issue regarding email though...
errr....umm...*whooosh* *whoosh* Is this thing on ?