Posted by
michael
on from the unplug-the-ethernet-for-best-results dept.
Dru writes "Here's an article talking about the details
of implementing a network level spam defense
with Qmail. It also talks a little about a new site called
Trustic
which uses a trust system (like Advogato) for
nominating spammer/hostile IP's."
Re:Just like always...
by
Anonymous Coward
·
· Score: 0
What the hell does IPv6 have to do with spam?
Re:Just like always...
by
BoomerSooner
·
· Score: 4, Funny
Lol, it will give the spammers unlimited addresses by which to cover themselves, thereby eliminating the need to hijack others servers.
Or at least that is my interpretation of how IPv6 would affect spam.
Re:Just like always...
by
Anonymous Coward
·
· Score: 0
I really don't think that is an issue.
Re:Just like always...
by
Anonymous Coward
·
· Score: 0
An address is an adress is an address is an address.
Re:Just like always...
by
bajo77
·
· Score: 2, Insightful
What the hell does IPv6 have to do with spam?
Well it makes it much harder to scan for servers that are vulnerable, either for hijacking or open smtp services.
Re:Just like always...
by
Anonymous Coward
·
· Score: 0
Oh, well, hopefully IPv6 will help alleviate these problems.
sure. Most sw that spammers use does not "talk" IPV6.
OTOH: nor does qmail.:-]
Am I missing something here? Wouldn't a way to combat this matter is to punish those companies that benefit from the SPAM, namely the manufacturer of the pill or porn or software being shoved in our face?
The same technique could be used against large scale litter, when some service pays somebody to put leaflets on car winshields, etc.
I propose that, rather than changing content, proxies simply add the evil bit to packets from sources that they know to be evil. This can be treated by applications as simply a suggestion, like CSS. Here is how we can set the evil bit---at the proxy level! Mark banner ad transmissions as evil!
You know, I got two O'Reilly t-shirts at OSCon, and have worn them occasionally since then. Two different people have commented, and both assumed it was a reference to The O'Reilly Factor.
-- $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$]; $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I love qmail.
by
BoomerSooner
·
· Score: 4, Informative
I suggest buying the book if you plan on implementing it. The online version isn't enough (and covers about 1/3 what the printed version does).
Make sure you follow the relay-ctrl section very close. You could be a source of spam if you do it wrong!
Re:I love qmail.
by
Anonymous Coward
·
· Score: 0
I and several of my IT staff reviewed qmail, exim, and postfix extensively about a year ago.
postfix won hands down.
And nowadays, with some of the new postfix features (address verification), postfix wins feet down as well.
YMWV - you mileage WON'T vary.
Sounds neat, but PGP'ed network sounds better.
by
Creepy+Crawler
·
· Score: 4, Interesting
I though of this when it comes to SPAM:
Have a computer certified by another individual and create a public/private key for that computer. Do this step to create a network of ID's for the servers.
Now, have admins "Sign" a certain public text that allows servers to trust other servers.
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Of course, mail servers and clients would have to have different trust relationships ala ssh.
For them mail geeks: would this be feasible? I could see CPU load go rocket...
--
Mod parent up! by Anonymous Coward (Score:1) Thurs, Nov 31, @13:37
Re:Sounds neat, but PGP'ed network sounds better.
by
Mr.+Sketch
·
· Score: 4, Insightful
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Just curious, how is this different from a blacklist? It sounds like the same concept, just different technology.
Re:Sounds neat, but PGP'ed network sounds better.
by
Anonymous Coward
·
· Score: 0
Why bother with PGP? Using certificates with SMTP works right now. You can certify source & destination SMTP servers.
My company uses this right now (although for other reasons - encryption).
Re:Sounds neat, but PGP'ed network sounds better.
by
kaisyain
·
· Score: 2, Insightful
Who gets to write a revoke key?
Re:Sounds neat, but PGP'ed network sounds better.
by
arth1
·
· Score: 4, Insightful
Having to generate and spread keys and key revocations non-stop sounds like a very high maintenance system.
Well, at least that would give some techies back their jobs, although I'm not too sure they would like their new job...
Regards, -- *Art
Re:Sounds neat, but PGP'ed network sounds better.
by
Anonymous Coward
·
· Score: 0
Try this instead:
Person A has a hotmail account. They go to mail me. Their mail arrives with a source address of A@hotmail.com and is signed with some PGP key P.
My server connects to hotmail.com's "identity server" and asks if key P is allowed to send mail as A@hotmail.com. If they say yes, then I accept the mail. Otherwise I assume it's a forgery, since hotmail.com is forged so often.
This solves the biggest problem which is forgeries. Every domain would eventually implement something like this because it would greatly reduce the amount of forgeries in their name, assuming everyone else bothered to do the verification step.
Now that you have a reasonable assurance that a given address is who they say they are, you can use that data to decide whether you want to talk to them. If they're coming from a known spam domain, refuse the mail. See, it's easy once you can rely on the sender.
Note that this idea requires that everyone sign their mails with strong crypto, plus a client-server system that can be determined for arbitrary domains on the fly. I imagine that it would require something like a MX record to look up the appropriate "verify server" host(s).
Re:Sounds neat, but PGP'ed network sounds better.
by
gfody
·
· Score: 1
once you have key P and A@hotmail whats to keep YOU from sending as A@hotmail?
talk about pulling a solution out've your ass, gotta love slashdot
--
bite my glorious golden ass.
Re:Sounds neat, but PGP'ed network sounds better.
by
Anonymous Coward
·
· Score: 0
Ummm, and I'm supposed to sign the message with that key how? If you can sign arbitrary messages with arbitrary keys, then you are quite the 31337 hax0r, now aren't you?
This whole thing relies on the assumption that PGP is not about to be broken trivially.
Sit and spin, luser.
Re:Sounds neat, but PGP'ed network sounds better.
by
Creepy+Crawler
·
· Score: 1
Really, the ideal system is where EVERY message is signed by the system where the email first enters.
The starting system signs it, and other servers recognize it and see it as legit mail. It's passed until it hits the destination.
If there's a grevious problem, the recivers' admin can send a revoke to his local buddies/systems. If the choose to acknologe it, the bans' in effect on those servers.
The best analogy I can give is the way the Zoo works on slashdot. You know who you like, who you hate, but you'd be able to tell people who likes you too, and who hates you. Now, add crypto ala GPG/PGP.
The whole idea is that current mail xfer stinks. If we could have accountability in the system, along with the threat that you mails might be undeliverable du to spammers, we'd have a cleaner system.
Will it prevent anonymity? NO, as long as people who run anony-mail gateways scan for spam (baneysean-sp?, keywords, other spam-filters...).
And response to somebody about how "Horrible it will be", the propigation time would be probably the same as DNS. And nobody really complains about that, do they? Just means if you change your IP addy on the mail server, keep the old one on for a day.
--
Mod parent up! by Anonymous Coward (Score:1) Thurs, Nov 31, @13:37
Re:Sounds neat, but PGP'ed network sounds better.
by
Creepy+Crawler
·
· Score: 1
Anybody. However, you have to sign YOUR OWN KEY in order for servers to accept it as being from you. Be aware, that the servers you send it to do NOT have to accept it.
--
Mod parent up! by Anonymous Coward (Score:1) Thurs, Nov 31, @13:37
Re:Sounds neat, but PGP'ed network sounds better.
by
MourningBlade
·
· Score: 1
The idea would be that you could assign a special trust setting to either agencies or other admins that specifies that you trust them to make certain trust decisions for you (or, at least, that they'll weigh in on a trust decision).
The generating and spreading is not all that bad, and there is working art already (PGP keyservers).
Re:Sounds neat, but PGP'ed network sounds better.
by
MourningBlade
·
· Score: 1
Just curious, how is this different from a blacklist?
Blacklists are maintained by an authority, hence a hierarchial system. Web of trust (which this is based upon) can have a hierarchial system mapped on to it, but each user can act as its own blacklist/whitelist and share those properties either as a full weight or partial weight.
Essentially acts as the same thing...but not quite.
Re:Sounds neat, but PGP'ed network sounds better.
by
MSZ
·
· Score: 1
What about this:
- You get mail from A@welovetospam.com
- Identity server at welovetospam.com confirms that the key is valid (quite possibly it will confirm anything)
- Your server delivers the mail
- F*R*E*E**V*I*A*G*R*A back in your inbox...
What then?
-- The moon is not fully subjugated. I demand a second assault wave preceded by a massive nuclear bombardment.
Re:Sounds neat, but PGP'ed network sounds better.
by
Anonymous Coward
·
· Score: 0
Things would be so much easier if people would just read.
If they're coming from a known spam domain, refuse the mail. See, it's easy once you can rely on the sender.
As for how you determine that 'welovetospam.com' is a spam source, well, that's entirely up to you. The point is that you can't do ANYTHING that depends on the claimed sender unless you do something like this to verify it first.
My systems at home and at work are under an increasing load from bounces thanks to some ass pirate that's forging a bunch of domains. Their usual MO is to spew through an open proxy at some target, making up source addresses.
They're not too bright, since some of the e-mail addresses have usernames like "snd_pcm_set_vol". Obviously they put the whole mess of anything that looks like an e-mail address in a blender and started mixing and matching. Some of them don't even resolve.
If I could verify the sender, then my systems could make an intelligent decision about whether to actually bounce the mail or just eat it. Then at least I wouldn't be part of the bounce fest problem. Networks that send too many unverifiable mails will be deemed to have a security problem and will be banned. It's easy.
Re:Sounds neat, but PGP'ed network sounds better.
by
Lew+Payne
·
· Score: 1
You are a genius!!! Why didn't I think of that? If only you could spell "propagate."
Trusted IPs
by
Anonymous Coward
·
· Score: 1, Interesting
>for nominating spammer/hostile IP's
Also for nominating trusted IPs.
Hurrah for blacklists
by
Anonymous Coward
·
· Score: 5, Insightful
now all we need to ask is how long till this "community" service that they provide will take before they start charging $ for querying it just like every other blacklist, making blocking spam a privilidge for the rich (i believe MAPS is over a 1000$ a year)
Re:Hurrah for blacklists
by
Anonymous Coward
·
· Score: 1, Funny
As a spammer, I agree with you. I buy those lists to find the open relays, and they cutting into my bottom line.
Re:Hurrah for blacklists
by
qtp
·
· Score: 4, Informative
You're probably right, they will eventually want to charge money, and, IMHO, thier solution looks overly complicated and manipulable (spammers pay for "trusted" members to list them as "trusted").
It would be better if ISPs participated in services like the ORDB, SORBS and Monkeys that have simple network testable criteria for listing open relays. Spews, Spamhaus, and DSBL have reputable lists of usernames and addresses that send spam. If ISPs and admins would participate in projects like these, the spam problem would be greatly reduced. And it seems that these projects are mostly run by admins who are interested in blocking spam, not selling a service.
Distrustful of Network Level Censorship
by
werdna
·
· Score: 3, Insightful
No thanks.
Your spam may be my correspondence -- I may want to get mail from those whose conduct you find abhorrent. Today, a network may responsibly be censoring only unwanted and unsolicited commercial e-mail. Next week, the powers-that-be-in-the-networks start censoring geek news.
To protect our liberties, spam control should be decentralized -- as close to the last mile as possible. Yes, of course, this means that the supposed great harm of spam -- huge volume transmissions through the network -- will not be interdicted closer to the source. In my view, an effective end-point spam model is as likely to reduce volume as a network centered model: the idea is to reduce the INCENTIVE to spam -- that will reduce the volume.
Centralized technical measures simply invite the spam wars to continue, provide centralized points of failure, will not diminish spam, and will assure that powers-that-be have ample new abilities to censor speech.
Re:Distrustful of Network Level Censorship
by
kaisyain
·
· Score: 3, Insightful
To protect our liberties, spam control should be decentralized -- as close to the last mile as possible.
It is. I'm the one deciding whether or not to use this service.
Re:Distrustful of Network Level Censorship
by
RT+Alec
·
· Score: 4, Insightful
Spam control with RBLs is, in fact, decentralized. There are many RBLs to choose from, and any that are too severe will not be used for long if they generate too many false positives. As a system admin, I have my choice. I use 4 RBLs right now:
spamhaus.relays.osirusoft.com
(this is a mirror of the Spamhaus Block List) Well known spam operations, and is checked hourly.
dialups.relays.osiruSoft.com
(details at OsiruSoft) This list is of DHCP IP addresses of home users (DSL, cable, dial up).
rbl.restongeek.com
I maintain this one myself for anything I want all my servers, primary and backup MX, to block
And there are many more to choose from.
I am very happy with my results, it is a pleasure to see the reports of the mail that is blocked (see my/. journal for a sample report). If I start to think maybe one of these lists is a little too severe, or someone lets me know that there are problems with one or more of the lists, I will delete it and pick another. Or maybe not. It is my choice, I want to keep down the spam on my system, for my sake as well as my clients'.
Re:Distrustful of Network Level Censorship
by
gfody
·
· Score: 4, Insightful
problem is too many of you are deciding TO use it. AOL, Hotmail, MSN to name a few.. the 'want' to filter spam at the server level hurts legit email marketers, inconveniences recipients of legit email marketers, and to the parent's point - creates a target for spammers.
server side email filtering is BAD, BAD, BAD!
what if the US Post Office started throwing out your clearing house sweepstakes and credit card applications before you ever got them? problem is theres two kinds of people in the world.. those that say alright no more junk mail, and those that ask, how do you do that without getting a false positive once in a while?
--
bite my glorious golden ass.
Re:Distrustful of Network Level Censorship
by
Delta-9
·
· Score: 3, Interesting
"Your spam may be my correspondence"
Thats why I would recommend SpamAssassin. All spamassassin does is label the mail with a "spam level" it is then up to each individual user to filter out the spam at the user level, not at the server level.
A much better method for letting your 'correspondence' get through while other users spam doesn't.
Re:Distrustful of Network Level Censorship
by
i.r.id10t
·
· Score: 2, Insightful
So add something like the "evil bit" to a mail header, server side. Then if the end user wants, they can filter it out or not, based on that extra header info.
-- Don't blame me, I voted for Kodos
Re:Distrustful of Network Level Censorship
by
John+Hasler
·
· Score: 4, Interesting
> Your spam may be my correspondence -- I may want > to get mail from those whose conduct you find > abhorrent.
You _want_ to receive mail from the bastards that are forging my domain in their penis-enlargement ads and fake PayPal confirmation requests?
> Today, a network may responsibly be censoring > only unwanted and unsolicited commercial e-mail. > Next week, the powers-that-be-in-the-networks > start censoring geek news.
I'm the only power that is on my network.
> To protect our liberties, spam control should be > decentralized -- as close to the last mile as > possible.
Can't get any closer to the last mile then right here in my office.
> Yes, of course, this means that the supposed > great harm of spam -- huge volume transmissions > through the network
"Supposed"? More than half my email is spam. And that's on a shared dialup.
-- Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:Distrustful of Network Level Censorship
by
gfody
·
· Score: 2, Interesting
fact is, its impossible to determine if an email destined for your mail box is solicited or not. the server could tell you it just received 100,000 that look just like it.. but that doesn't change the fact that somebody sent you an email and you may or may not want to look at it.
unless you know for a fact that your not subscribed to any mailing lists so anything coming in bulk most definately isn't for you, then sure use the server's insight to filter those messages - but seriously there aren't many who fit in that category.
if you filter your email, you will get a false positive. its simply a matter of when.
--
bite my glorious golden ass.
Re:Distrustful of Network Level Censorship
by
Jahf
·
· Score: 5, Interesting
and SPAM is WORSE, WORSE, WORSE!
If you want to receive the junk, don't use one of those services, but I fail to see how someone else choosing -to- is a problem.
Your analogy is flawed. I have a choice to use AOL|Hotmail|MSN|spamassasin|etc and I pay for the connection to download, view, respond and delete my email (not to mention the time it takes out of my day). I don't have a choice whether or not to use the USPO and it takes FAR less of my time to sort out my real mail than it does email.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO analogy and would be throwing an utter FIT. But it isn't possible (is that a web page or a webmail, is that IMAP, is that secure IMAP, is that POP3, is that email tunnelled over SSH... no way).
Until there is legislation with -teeth- and a way for the little guy to prosecute you are not going to see many people agree with you about server side filtering.
-- It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
Re:Distrustful of Network Level Censorship
by
gfody
·
· Score: 1
you have a choice to use aol.. a million aol members using aol as an ISP do not have a choice who is hosting their @aol account, nor should they need to care.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO
exactly, its not possible.. but thats not stopping more and more companies from trying. and more and more people are starting to not get all their email, spam is bad but when I can't send my parents an email because they are on aol (or msn, or hotmail,...) then the threat of anti-spam is growing worse than spam itself
--
bite my glorious golden ass.
Re:Distrustful of Network Level Censorship
by
stewby18
·
· Score: 2, Insightful
You're describing a naive, trust-or-don't approach to the "evil bit" suggested, which is stupid. All a system like the bulk marker would do is add more information to use to improve an existing filtering system, with baysian analysis, whitelisting, etc.
Clearly, there are many people willing to risk false positives to filter out the crap, so why shouldn't a system which helps them at no risk to those who don't filter be implemented?
As someone pointed out... if this is voluntary, why should anyone upset about the idea of others choosing to filter their own mail?
Re:Distrustful of Network Level Censorship
by
gfody
·
· Score: 2, Interesting
the point is filtering is bad.
if your going to get a false positive why filter? as the hate for spam rises more people are saying fuck the false positive rate - which is a HUGE mistake.
why should I care of somebody is filtering THEIR email? because if im sending them a message, that is MY message.. if they don't see it then suddenly I have no voice.
spam is a real problem and filtering is not the solution.
--
bite my glorious golden ass.
Re:Distrustful of Network Level Censorship
by
John+Hasler
·
· Score: 3, Insightful
> if your going to get a false positive why filter?
My spam folder gets several hundred messages each day. It is _impossible_ for me to read every one of them to determine if it is really spam. I glance over the subject lines and read the occasional borderline one, but I _guarantee_ you that I am already getting false positives. If I dropped spamassassin and allowed the spam into my other folders I would get even more false positives as I impatiently deleted every other message as obvious spam.
-- Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:Distrustful of Network Level Censorship
by
aclarke
·
· Score: 1
Hear hear. I have a site (clarke.ca) on a shared host with webmasters.com. They are as "anti-spam" as the next hosting company, but for some reason my sister's little ISP on Vancouver Island blacklists them. I have my sister's email forwarded from the server to her email account on her local ISP. After a few months of not getting any email, she called me up and we found out that when mail was sent to her email address, my hosting provider's forwarding was sending it on to her ISP. Her ISP was sending a "you loser we don't want your mail" bounce back to my host, which was dumping it AND the original message and not sending a failure message back to the original sender.
Re:Distrustful of Network Level Censorship
by
gfody
·
· Score: 1
of course I would expect someone who knew enough to download and install the software to use it responsibly, but again this is not most people.
I'm not worried about myself or most people who know a few things being bothered by spam. Personally I dont get but a couple a week because I know how to prevent from getting it in the first place.
the problem is the public, ie family, friends, _customers_ who I want to communicate to via email. when my message shows up in the possible spam box instead of the inbox, or doesn't show up at all.. I get pissed. you should to.
no matter how much you say you check that possible spam box, its not as often as you check your inbox.. but it should be, because if theres a chance that important messages are going to show up in either than what is the point of having both?
--
bite my glorious golden ass.
Re:Distrustful of Network Level Censorship
by
stewby18
·
· Score: 2, Insightful
spam is a real problem and filtering is not the solution.
And what is a real solution? If you say legislation, I'll just laugh.
if your[sic] going to get a false positive why filter?
What do you recommend for people who's time is too costly to read everything at the insanely high noise/signal ration? Stop using email? You talk about false positives like they happen all the time... do you have any idea how low the false positive rate is for a good filtering system? You might as well say that no-one should use mail, because your letter might get lost en-route... that's probably a hell of a lot more likely than any normal user hitting real problems with a good filter.
Unless you routinely send emails with subjects like "GET VIAGRA CHEAP NOW!!!" to 1,000 of your closest friends, you probably have nothing to worry about. But even if you do: it's always the recipient's choice whether or not to accept communications. Do you tell all of your friends to read all spam snail-mail, on the off-chance you send them a letter that they might mistake for a credit-card offer? Do you tell them to listen to every telemarketer pitch, in case it's you calling but you are slow to notice that they picked up, and call them by their last name? If so, do they listen? Why should spam be any different?
Re:Distrustful of Network Level Censorship
by
gfody
·
· Score: 1
You might as well say that no-one should use mail, because your letter might get lost en-route
mail not reaching its destination is a lot different than taking a letter and throwing it away, or worse.. having a machine throw it away for you. btw, do you how often mail gets lost? its pretty damn rare, which brings me to my next point. theres a reason the us post office has a good reputation, its because when you send something, it goes where you sent it. would you have that assurance if devices were becoming common place that discarded what you sent?
email should be better than mail, it should be replacing mail as a communication portal.. but with filtering going mainstream I dont see this ever happening.
Unless you routinely send emails with subjects like "GET VIAGRA CHEAP NOW!!!"
everybody filters their inbound communications to some extent. screening phone calls, hanging up on telemarketers, fast forwarding commercials, not answering the door for those damn mormons.. but none of this is automated by a machine. the term false positive isn't even applicable in these situations (you were positive, thats why you made the decision)
spam is different because its driving people to automate what they throw away. this automation is causing a new problems.. its not a solution, and for many email marketers (not spammers) its a big one. I dont have a solution for spam, filtering imo is most definately not the answer.. hard to argue with people that are happy as clams NOT getting email, but hey what you dont know doesn't hurt you right?
--
bite my glorious golden ass.
Re:Distrustful of Network Level Censorship
by
waferbuster
·
· Score: 2, Insightful
Where do I sign up to have the post office throw out the clearing house sweepstakes and credit card applications before I get them? Along with all the other stuff sent out to >1000 people?
As far as I care, anything sent to "Resident" can go straight into the trash can.
-- I'm an individual! Just like everyone else!
Re:Distrustful of Network Level Censorship
by
Phroggy
·
· Score: 1
-- $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$]; $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Re:Distrustful of Network Level Censorship
by
Anonymous Coward
·
· Score: 0
You _want_ to receive mail from the bastards that are forging my domain in their penis-enlargement ads and fake PayPal confirmation requests?
Maybe, even if it's only to learn more about spammers. There are also many ambiguous cases: How would you tell a solicited newsletter from an unsolicited newsletter? In any case, whether I want a certain piece of email is my decision, not yours.
I'm the only power that is on my network.
That's right, but if this attitude becomes common among transit network operators, then we might just as well shut email down completely. It is unreliable enough as it is now. We don't need intermediate servers to mangle mails and throw some of them away. At the very least, come to a consensus before everybody goes on an isolated spam-hunting crusade. The internet works because the participants agree on certain protocols, not because many kings of petty estates do as they please.
>supposed great harm of spam -- huge volume transmissions through the network
"Supposed"? More than half my email is spam. And that's on a shared dialup.
The closer to the recipient the mail is filtered, the longer it has to be in the mail transport system, eating up bandwidth. Network filtering proponents sometimes argue that it is therefore best to filter as early as possible. The counterargument is that any effective filter, regardless of its position in the tranport system, will remove the incentive to spam and thus reduce the overall amount of spam sent. Consequently it is possible to shrink the spam volume without taking the control over filtering away from the recipient.
Re:Distrustful of Network Level Censorship
by
firewood
·
· Score: 1
No thanks.
Your spam may be my correspondence
But not mine. People who want anonymous and spam-like email should invent their own protocol, opt-in, and find a way to pay for the network bandwidth used by it. Maybe you can pay extra for email forwarding to an address with "spamMe" embedded in your user-name. The rest of us (probably 99% of all email users) should get the stuff filtered as close to the senders as possible to help unclog network traffic.
Re:Distrustful of Network Level Censorship
by
Ninja+Master+Gara
·
· Score: 1
I have had to change two of my best known addresses to explicitly allowed senders only. They get simply too much spam. Once I've allowed only certain senders, I made a new address for new people, with no filtering, and isn't linked or displayed anywhere. (A web form to a back end processor sends mail to the address, and of course I give it out to people who need it in person.)
So far the new address has gotten a single spam message, which I traced back to sender who got infected with a virus.
I'm not saying this is a good thing. It's terrible that I have to resort to explicit allow to have manageable email. I've had these addresses six or more years, I'm sure there are people who I have not added to the allow. It's unlikely they'll mail me, but if they do, they'll be rejected. Once I do hear from them I add them, and that's been ok, but spam is really starting to hammer on the usefulness of email.
--
--- When I grow up, I want to be a kid again.
Re:Distrustful of Network Level Censorship
by
Jahf
·
· Score: 1
And as you mention, there is a choice to use AOL. If your parents aren't getting your messages, call them and tell them to switch. If they want to get your messages more than they want the ease of AOL, they'll switch.
As far as I can see, nothing is stopping an AOL user from making use of one of the many webmail services. If none of the webmail services will pass messages from you, makes me wonder why.
Besides, you have choice, too. If everyone is filtering your messages then you can look into using a different place to send your mail from.
I don't know if you've ever had an AOL account (I got stuck with one for work for a long time) but the signal-to-noise there is so bad I'm amazed anyone can use it for email anymore. I would get 100 messages that were SPAM for every 1 that was useful.
-- It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
Re:Distrustful of Network Level Censorship
by
walt-sjc
·
· Score: 1
Have you thought to ask WHY webmasters.com was dropping the replys? Sounds like YOUR hosting company was doing something bad and wanted to hide it from you - like hosting a spammer. To block a bounce message from getting back to you takes Special configuration. Why would they do that if they had nothing to hide?
I have manually blacklisted MANY companies, netblocks, and even entire countries (china and korea come to mind) for bad behavior of various types. My bounce message is usually a little more informative than "you loser" though.
Spews is another list I use. It's INTENT is to punish ISP's that exhibit bad behavior (such as supporting spammers) by increasing the netblock size listed over time as they continue to harbor spammers. By DESIGN, this will piss off people like YOU that don't spam, as all of a sudden YOUR email is blocked and YOU didn't do anything wrong. This should prompt you to bitch at your ISP to find out why they are harboring spammers, and when they plan on getting spammers off their network. By using an ISP that harbors spammers, you are supporting spamming, although indirectly.
Spews is harsh. It intends to be. Listings only occur when ISPs fail to take action in getting rid of the spammers on their network, NOT when they are being proactive. Spam is ugly and needs harsh punishment if we are to do anything to curb it. ISPs need to be held accountable for the spam created on or supported by their network.
True, filtering on the receiving server is a bad solution. The filtering needs to take place at the point of origin!
the 'want' to filter spam at the server level hurts legit email marketers, inconveniences recipients of legit email marketers
"legit email marketers"? Isn't that a contradiction in terms?
-- Where is the wisdom we have lost in knowledge?
Where is the knowledge we have lost in information?
Re:Distrustful of Network Level Censorship
by
Anonymous Coward
·
· Score: 0
legit email marketers
OXYMORON
what if the US Post Office started throwing out your clearing house sweepstakes and credit card applications before you ever got them?
Honestly, I would probably send them a Christmas card every year. Of course this would have to be a service that they offer.
You miss the point that this is something you have to opt in for (UNLIKE email marketing as you call it, aka SPAM.) Also, it sounds like you are not in the same boat as people like me, who literally have hundreds of email accounts to administer which LITERALLY receive more than 50 spams each a day. When my CEO hauls me into his office looking for an explanation about why his email has a picture of some woman with a horse cock inside her mouth (NOT making that up btw) all he cares about is making it stop. If I can't make it stop he'll find someone who can.
If you're running a server and some of your clients/users/customers are generating false positives like those you speak of, then it should be up to THEM to change their ways. Why should a fraction of a percent of net users be able to exert influence over the vast majority?
SPAM is BAD, PERIOD. Its costs and the damage it does are REAL, PERIOD. If the best solution inconveniences a very small group of people, too fucking bad.
Re:my spam defense:
by
pigscanfly.ca
·
· Score: 2, Funny
I'm canadian . Will rifles work?:-) JK See : we have very restrictive hand gun control , but a minor can buy a shotgun/rifle if it is for "hunting" purposes . They never said hunting what....
Re:my spam defense:
by
Anonymous Coward
·
· Score: 0
Follow the link. It is a rifle. Also consider electing a government that actually cares about rule of law and represents you. Don't stop growing that good Vancouver pot to ship down here, though !
Another blacklist (with an appeals process). Run by a guy that made his millons selling eGroups to Yahoo!.
Dunno, this doesn't look too promising.
Here's my question.
by
fleppir
·
· Score: 4, Insightful
Any spam measure taken at a server level could induce false positives.
I manage paid-for e-mail e-zines which I mail using PHP and sendmail (read:forged headers until I'm big enough to run my own server).
Wouldn't most server-layer anti-spam measures catch my very suspicious HTML e-zines, even if paid for?
-- I am the Barber of Seville.
Re:Here's my question.
by
gfody
·
· Score: 2, Informative
have you considered using an asp marketing service? you could upload your templates/e-zines and your mailing list and schedule the deployment. depending on how much you send its probably cheaper than hosting your own server, plus you dont have to worry about being filtered or black listed. check out www.dynamicsdirect.com
plus you dont have to worry about being filtered or black listed.
Um, you do realize those types of services often get blacklisted as well, for a variety of possible reasons? Usually not for very long, but it certainly happens quite a bit. Of course, if you're outsourcing to them, you can just say it's their problem and not yours; meanwhile your mail isn't getting out.
-- $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$]; $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Even more annoying as SPAM...
by
Anonymous Coward
·
· Score: 0
Are these annoying newfangled systems for preventing it. Next story, please?
Must be a member to appeal?
by
liquid-groove
·
· Score: 2, Interesting
I have no interest in joining such a group. How long until they post $insanely_large_num of members as a way to try and prove the validity of their method? Bet they'll forget to mention how many members were dragged in kicking and screaming just to appeal placement on the list.
Not too impressed
by
augustz
·
· Score: 3, Informative
Please remember that the service is beta and will start charging for advanced features once it is out of beta. As usual, worth waiting to see if it goes totally commercial. Looks like they plan to charge to allow listing multiple "trusted" servers.
A fair number of the spams I submitted came from servers that had already been voted on as TRUSTED by other users. In other words, my credability went down by reporting them as spammers.
http://www.trustic.com/ip/219.94.114.6 for example and I've got a fair number of others. Folks are either polluting the space intentionally or being very very sloppy in reporting trusted servers.
Groups like spews have a very nice evidence file, and it gets reviewed by a person. I've generally been impressed with the real community blacklist sites.
Technically the site works great and is super fast. But wouldn't follow the O'Reilly recommendation and pick it as my primary blacklist just yet (even through the guy doing the site worked with the author of the article to make changes.)
My two cents.
Re:Not too impressed
by
Anonymous Coward
·
· Score: 0
Read the FAQ, he's not going to charge for us little people.. which is fine.
Why do n't the big players come together and come up with a better protocol instead of people trying these elaborate schemes?
Have a period where you have a parallel system going and then have a cut off time where SMTP servers die.
All it will take is the top ISP's in each country and large corporations to stop accepting SMTP mail and you'ill be sure that everyone else will then fall inline.
SMTP works for what it does. Why should I change ? I alrady can't send mail to AOL just because I have a residential cable modem account, what makes you think that not being able to send mail to hotmail or yahoo will slow me down ?
Spam doesn't come from my computer. Spam comes TO my computer. And everyone wants to change MY computer to fix THEIR spam. Whatever the details of what they do to my computer, it's not going to stop their spam because their spam comes from elsewhere.
your forgetting the 'last mile' so to speak. in other words, the actual email clients and end user's computers. not to mention countless hardware and embedded devices programmed to send email via smtp
Re:Just junk SMTP? Not Possible
by
johnraphone
·
· Score: 1
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
That depends upon their methodology.
by
Population
·
· Score: 3, Informative
I use SpamAssassin with Bayesian filtering.
Your forged headers are noted and factored in when determining whether you are spam or not. But by themselves they are not sufficient to mark you as spam.
Your e-zine will tend to have the same format and similar content from issue to issue. The Bayesian filter can detect this and let it through.
I'm running this setup at work for our offices and it works very well. The only real problems we've had is monster.com's resumes. But even that seems to be working now.
Sounds a bit like the/. comment moderation system!
Re:Just junk SMTP? Not Possible
by
msgmonkey
·
· Score: 2, Insightful
Why not? Is n't there a time where we envisage the whole 'net will be IPv6? And thats every machine, not just servers. Eventually IPv4 will die so I dont see how SMTP deing would be a big deal.
I know a local business that was hurt badly because the subnet that their ip addresses belonged to was added to a blackhole list. They only bought a few ip addresses and there happened to be a spammer on the same subnet. They never participated in sending spam and were never told that their ip address was blocked. Many of their emails simply did not arrive at their destinations, for no clear reason. They write and sell network security products, intended to help detect and identify hackers or even spammers looking for open relays so that they can be investigated and possibly prosecuted. This was a case where anti-spam technology hurt the near opposite of the kind of people it was meant to. I don't think they ever succeeded in getting their addresses removed from the list. All the time that went by before they knew they were on the blackhole list nearly led them to bankrupty.
Re:IP banning
by
Anonymous Coward
·
· Score: 0
If they were working in network security, i'd hope that their sysadmin would have had the clues to figure out where their mail was going and what their SMTP server was doing. Its not like its black magic or anything.
Re:IP banning
by
Anonymous Coward
·
· Score: 1, Interesting
Theyre not the only ones, a customer of mine had the same problem, fortunately we discovered it quickly and the RBL was very helpful. Apparently that RBL had blocked an entire dialup block that the provider (swbell) had reassigned to commercial entities.
It's a huge problem and RBL might do more harm than good.
Re:IP banning
by
Tehrasha
·
· Score: 2, Insightful
I find it hard to believe that there was no indication that they were being blocked. In my experience, most ISPs that use blacklists are more than happy to send bounces proclaiming quite clearly in no uncertain terms why the mail is being blocked. To simply drop the message in/dev/null without a bounce would do nothing to stop the flow of spam, as all email would appear to have gone through without trouble. ie: it was received, therefore keep spamming.
Spammers and the ISPs who facilitate them need to be held accountable.
Blocking spam on the receiving end via filters is always going to be a losing battle. Blocking at the server by IP is the next best solution, but far from ideal. Making spamming difficult and/or expensive at its source is the only real way to stem the pink tide.
Until ISPs begin to enforce the AUPs they claim to operate under will there be any real change. Even if that means having to be forced to do so.
Re:IP banning
by
NerveGas
·
· Score: 2, Informative
I've turned down some attractive deals with large, key providers for *years* precisely because they blatantly tolerated spammers.
As far as I'm concerned, if the netblock in question was blacklisted with the RBLS that are taken more seriously, it was precisely because the provider didn't take any sort of action to contain or prevent spamming. And if you sign up with a provider like that, well, don't come crying to me when you're affected, too.
All the time that went by before they knew they were on the blackhole list nearly led them to bankrupty.
It takes less than five minutes to see if you're on the major blacklists, and any administrator who doesn't do it on a regular basis simply isn't worth his pay. I certainly don't have any sympathy for them.
I also have a hard time believing that they simply went about their business for that long without realizing what was going on. How brain-dead do you have to be to realize that a particular person never responds to your email? How long does it take you to realize that SEVERAL people never respond to your email? And for the email problem to truly cause bankruptcy, you're talking about some very important email: The kind that you don't just send and forget. If my users think that someone isn't getting their email, you bet I'll hear about it. And you bet I'll track down the reason.
Really, your description of them makes them sound completely incompetent. For the sake of those involved (and the rest of the world), I hope that's not so.
-- Oh, you're not stuck, you're just unable to let go of the onion rings.
Well, IMHO IP banning is the best way of both filtering emails and for "educating" spam friendly ISPs.
Since IPs are a limited resource, as opposed to email-addresses, ISPs will need to guard this resource if they want to stay in business (that is, if everybody were to use blacklists such as SPEWS).
If all ISPs would start using lists such as SPEWS, it wouldn't take long before most spam friendly ISPs would either have to wisen up and remove spamming elements from their IP space, or go out of business.
1. If you purchase IP's (actually "lease") in this day and age, you better damned well check them first... SPEWS and most of the other DNSRBL's will let you do so easily.
2. The idea of listing all or part of a class of IP's is intended to pressure the provider to change their habits of hosting/supporting spammers. Your case is a good example of why they would want to do so.
When spammer friendly ISP's stop allowing spammers to jump from IP to IP within their netblock, and start being a bit responsive to abuse complaints, this type of situation will go away.
I had made some assumptions on the "didn't know" part. I know it plagued them for months. They have probably 4-5 employees, if you include the owner and his wife.
There are many problems with using RBLs to block connections. A very good description can be found here: I've found SpamAssassin a fairly good, rather than block messages from RBLs it analysis message content, adds points to messages in RBLs and checks known Spam databases such as Razor and Pyzor. Rules matches are given a score, and messages with a total aggregate score are tagged in the message headers, allowing users to filter these if they want to. A main advantage of this method is that no single rule can flag a message as spam, hence legitimate mail sourcing from the badly configured mail relay has a chance of getting through, and in my mind it's probably a particularly bad idea to block any email unless it's actually addressed to you.
Yeah, lots of drivel at that link, but it misses the point. Completely.
Don't get me wrong, I use spamassasin too, and it does work, but it also doesn't solve the problem. If an ISP harbors spammers, they have ZERO incentive to stop. None. Nada.
Spews RBL on the other hand INTENDS to be used to block mail outright. It will even block legit mail, again by intent. The idea is to piss off an ISP's legit customers who should be going back to their ISP and DEMAND that they get spammers off their network. If an ISP refuses (and therefor remains listed at spews) then anyone that continues to use that ISP is indirectly supporting spam.
You don't get listed in spews for an occasional spam - you get listed when you refuse to get rid of spammers.
Re:Just junk SMTP? Not Possible
by
Xerithane
·
· Score: 5, Interesting
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
Just like gopher with http? You can also add a plethora of validation ontop of SMTP. SMTP, as a protocol, isn't bad. It's possible to add validation, to only accept from SMTP servers that use some sort of valid key.
Then you get to keep SMTP, and slowly migrate servers. Setup a non-profit organization for distributing SMTP authentication keys that are unique to the mail server (think SSL) and if the mail comes from that server is spam, you just block that servers key. If the server doesn't have a key, put it into a validation list or send backa response saying they need to use a mail server that supports signed-SMTP.
Easy solution, not a complete overhaul of SMTP. The problem comes in with who signs the certificates, because then you have to trust the source that delivers them. Like Verisign, et al.
Or you could use a better mailer...
by
SuperBanana
·
· Score: 5, Informative
Here's an article talking about the details of implementing a network level spam defense with Qmail
Or, you could just use Postfix, which:
is almost entirely compatible with sendmail. It's pretty much drop-in-and-go.
adheres to RFCs(and there's a warning for any configuration option which would violate said RFCs)
has builtin anti-spam tools- you can turn on, individually, any of a dozen-plus different checks, such as making sure the claimed hostname in the HELO matches the IP the connection is coming from(you can do this several ways), or that the claimed hostname matches the mail-from user@hostname(ie, if you're coming from spammer.com, you're not gonna be able to claim to be joe@yahoo.com), etc. It's also one builtin command to check an RBL.
has a really sharp cookie of an author(the guy wrote tcpwrapper), who isn't widely regarded as an obnoxious twit
is completely free
Personally, I refuse to use any software written by DJB as a matter of principle. The guy flagrantly ignores RFCs because he simply feels like it and arrogantly thinks he knows better(and further that there is benefit to ignoring said RFCs).
Re:Or you could use a better mailer...
by
supersudssoaker
·
· Score: 1
adheres to RFCs(and there's a warning for any configuration option which would violate said RFCs)
What RFCs does qmail not comply with?
such as making sure the claimed hostname in the HELO matches the IP the connection is coming from
You're aware that rejecting mail based on HELO violates RFC 1123?
Re:Or you could use a better mailer...
by
NerveGas
·
· Score: 1
who isn't widely regarded as an obnoxious twit
I'm the first in line to point out that DJB has an ego the size of a larger continent, and has one of the most severe lack of personal skills I've ever had the displeasure to witness.
I've also dropped enough of my pride to look past that, and see that he has written some astoundingly fine code.
You can argue about his personal skills, egomania, and other deficiencies all you like but you just can't argue with the fact that qmail works, and works awfully well. I can't honestly say that I've never had the thought to use a different MTA just because of my disagreement with so much about Dan. But every time, when looking at the technical aspects, I've realized that I'd just be cutting off my nose to spite my face.
steve
-- Oh, you're not stuck, you're just unable to let go of the onion rings.
Re:Or you could use a better mailer...
by
grasshoppa
·
· Score: 1
Well, I'm not as principled as you. I use what works best for what I'm doing.
That would be qmail, as it turns out.
-- Mod me down with all of your hatred and your journey towards the dark side will be complete!
I run an SMTP server off my comcast cable connection... I've pretty much been learning as I go. Five weeks ago I began as a total novice, not knowing what an open relay was I spent 5 days with no authentication and as a result I was kind enough to forward some 22k messages offering investment advice.
As I've learned a little more about the process... I've found ORDB and MAPS to be pretty useful and successful when it comes to blocking open relays.
AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against.
There must be scope for a simple "Setting up your own mail server" FAQ.
AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against.
AOL certainly aren't the only ones. I do it. And I'll tell you why: Exactly because of people like you.
For ever *legitimate* email message that comes from a dial-up IP address, I (honestly) get 10,000 + that are spam.
As long as there are (a) Distribution-installed MTA's that are open relays by default, and (b) people that won't read the documentation, nothing's likely to change.
It's nothing personal, really. It's just that open relays on cable modems make up such an incredibly significant portion of the spam that I get, it's an obvious decision.
There must be scope for a simple "Setting up your own mail server" FAQ.
That's odd, I thought there were plenty of docs on how to set up your own mail server. I know that I've never had any trouble when I looked for them.
steve
-- Oh, you're not stuck, you're just unable to let go of the onion rings.
"For ever[y] *legitimate* email message that comes from a dial-up IP address, I (honestly) get 10,000 + that are spam."
I'm quite sure that this is true... however I feel that the "people like you" comment is a little unfair. I would have thought that the more people that go through the process that I have over the last few weeks the better.
I now understand a LOT more about SMTP, I understand a lot more about spam and I undestand a lot more about the tools that exist on the internet to help me combat the issue... I also understand how I can interpret the log files from my server and extract information that I can use to contribute to combating the issue.
In your position I would probably make the same decision... it would be great to have a "test me" site that I could run my server through though that would allow me to participate with the larger community.
While I accept that as a novice I made some mistakes... I regret seeing my ability interact with many hosts on the internet crippled because of the actions of others.
Re:Blackists
by
archbish99
·
· Score: 2, Informative
ORDB offers such a service, actually -- they run quite a variety of tests against servers to see if they fall for any of a number of forms of relaying tricks. I, thankfully, fell into the opposite hole -- I couldn't relay from anywhere when I set up qmail, so I had to go back and figure out how to enable relaying for localhost and the local network.;-) I ran the ORDB test set against my server once I thought it was up, and again a month or so ago when I had a scare which *looked* as if someone had sent a mail through my server. (Turned out it was a different mistake, and not a relay issue at all.)
however I feel that the "people like you" comment is a little unfair.
A little perhaps, and it's great that you're no longer causing a problem, but the fact remains that for a brief period of time, you were part of the problem. Spam came through your server. There are many others like you - good intentioned, but making an honest mistake once, quite by accident, and then fixing the problem and never doing it again - and these people collectively make up a very significant source of spam. That's why AOL blocks you.
That said, I'm glad you've learned enough about it now to be a responsible Internet citizen, and I certainly don't want to discourage you from continuing on that path. Something you may want to look into is forwarding all mail destined for @aol.com to your ISP's SMTP server; they should be able to relay it to AOL (and since you're using one of your ISP's IP addresses, they should allow relaying from you).
-- $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$]; $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Yeah, and I agree that this problem stinks. I have contact thus far with two ISPs who do this -- for them, and them only, I relay through my ISP's SMTP server. Meanwhile, I have also asked the people I was trying to contact to complain. No good thus far, but....
I would have thought that the more people that go through the process that I have over the last few weeks the better.
I'm not trying to be mean. Really. But that's not better. What's better is when more people search out and read the docs before they whip out the compiler and become part of the problem. It's really a great thing that you understand more about SMTP, but you could have gone about it in a much better way.
I don't think that the "people like you" was unfair. Harsh, but not unfair. I am glad for you, however, for being humble enough to admit and learn from your mistakes. It sounds like you'll do a much better job of things from now on.
steve
-- Oh, you're not stuck, you're just unable to let go of the onion rings.
Mod down (-1) Flamebait
by
Anonymous Coward
·
· Score: 0
Name a single (email related) RFC that qmail doesn't adhere to. qmail can answer yes to every single one of your bullet points. qmail is completely free and folks that claim it isn't are just trolls.
Why don't you try changing a single line of QMail source code and distributing your changes? Except you can't -- DJB explicitly prevents it. He's got a number of other weird clauses in there as well.
You clearly have a very different idea of free than most people. Thank goodness for Postfix!
Re:Mod down (-1) Flamebait
by
Anonymous Coward
·
· Score: 0
Re:Mod down (-1) Flamebait
by
ldspartan
·
· Score: 1
I'll grant that qmail isn't "really" free software.
But, what you're saying isn't true, according to my understanding of the license. You can change the source willy-nilly and distribute, you just can't call it 'qmail' anymore.
You can call it 'dozer-mail' or anything else as much as you like, DJB just maintains qmail as software he wrote.
Re:Mod down (-1) Flamebait
by
Anonymous Coward
·
· Score: 0
Re:Mod down (-1) Flamebait
by
Phroggy
·
· Score: 1
You clearly have a very different idea of free than most people.
Unfortunately no, he shares the same idea of "free" that most people have: no immediate monetary cost to them.
The other day I got modded down as flamebait for pointing out that Opera isn't Free Software, and a reply similar to this one, angrily stating that yes it's free, you just have to view ad banners.
-- $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$]; $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
When Spam attacks, defend yourself with a crane foot block. Then fight back with a monkey punch to its spine.
--
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Qmail is NOT FREE
by
SuperBanana
·
· Score: 4, Insightful
qmail is completely free and folks that claim it isn't are just trolls.
Qmail is NOT FREE. Last I looked it was distributed without a license; now apparently it has a license, but one with oddball restrictions. If you don't believe me, do a google search with the keywords "qmail debian legal" and spend 30 minutes or so going through the various discussions.
Re:Qmail is NOT FREE
by
Anonymous Coward
·
· Score: 0
other things that qmail (and other djb sw) lacks is:
- IPV6 support - cidr support - support for STANDARD system tools (i want logs in syslog not in some obscure djblogdaemon)
- support / r&d
Re:Qmail is NOT FREE
by
supersudssoaker
·
· Score: 2, Insightful
qmail is free, but the license is not GPL or on the list of licenses approved by the outfit that approves free licenses (OSI?).
You can download it without monetary exchange,
install it where you like, modify it, etc.
You cannot modify the source and distribute it. You can
distribute the unmodified source tarball with patches
that modify it, like an SRPM. You can distribute binary versions as long as the files are the same
as would be created by installing from an unmodified source tarball.
Re:Qmail is NOT FREE
by
Anonymous Coward
·
· Score: 0
Qmail is EXTENSIBLE you fucking retard
That means there are patches for all of this and a whole fuckload more
Take your head out of your ass and check your facts before posting you fucking dipshit
RFC violations
by
SuperBanana
·
· Score: 1, Informative
You're aware that rejecting mail based on HELO violates RFC 1123?
...which is why a)it's not turned on by default and b)the docs(including the docs in the config file) warn you as to such. The docs are very specific about WHICH of the checks violate the RFCs and which don't.
What RFCs does qmail not comply with?
Based on a very quick google search(so thus some of this might be outdated or simply wrong), pipelining, for one. RFC-2821 for another. RFC 2821 and RFC 1123 for two more.
The difference is that while Postfix CAN reject based on HELO etc...qmail seems to do so by DEFAULT.
Also, take a look at djbdns some time- it violates RFC's left and right.
Re:RFC violations
by
supersudssoaker
·
· Score: 2, Insightful
pipelining, for one
I googled and followed a thread, don't know if it's the one you are referring to, where Matti Aarnio (Zmailer author) says
Arnt Gulbrandsen wrote:
> Uhm. If so, that would necessitate speedy reconfiguration of my
> boxes... so I tested it too, and qmail appears to handle pipelining
> okay. I verified with tcpdump that the dozen-odd RCPT TO commands in
Yes, I agree. Without knowledge of the qmail source, I have no
RFC-2821 for another. RFC 2821 and RFC 1123 for two more
qmail predates RFC2821, but there is a patch to bring it up-to-date if an adminstrator so desires. What part of RFC1123 does it not comply with?
The difference is that while Postfix CAN reject based on HELO etc...qmail seems to do so by DEFAULT.
qmail does not reject based on HELO.
Re:RFC violations
by
Electrum
·
· Score: 2, Insightful
The difference is that while Postfix CAN reject based on HELO etc...qmail seems to do so by DEFAULT.
No, it does not. In fact, you don't even need a HELO with qmail.
Also, take a look at djbdns some time- it violates RFC's left and right.
Which ones and how?
Read Your TOS.
by
Electrawn
·
· Score: 3, Informative
5. Acceptable Use Policy; Prohibited Uses of the Service.
b. Prohibited Uses of the Service: Use of the Comcast Equipment or the Service for transmission or storage of any information, data or material in violation of any federal, state or local law or regulation is prohibited. In addition, unless you are subject to a Service plan that expressly permits otherwise, the Service is to be used, and you expressly agree to use it, solely in a private residence, living quarters in a hotel, hospital, dormitory, sorority or fraternity house, or boarding house, or the residential portion of a premises which is used for both business and residential purposes. Without limiting the generality of the foregoing, the Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise, or as an end-point on a non-Comcast local area network or wide area network.
I'll keep my toungue in cheek for any other comments.
Re:Read Your TOS.
by
Osrin
·
· Score: 2, Interesting
"for any business enterprise"
This is purely home use... only me an my wife using it for email. I'm within the bounds of my contract.
As for the other comments, I was expecting some, I openly admit that I threw the box up with little or no understanding of the technology.
Try setting up your mail server to only send to comcast's SMTP server instead of going directly to the wild net. Then AOL will see comcast's normal SMTP server instead of your dynamic server as the source.
IMarv. (Not that I know HOW this can be done, just that I've heard it can be done.)
You are misunderstanding the plethora of commas in that sentence. You are prohibited from doing each comma seperated action.
No e-mail server.
No ftp server.
No business enterprise.
Etc.
It's an or, not an and.
RBL's and Firewalling
by
Anonynmous+Cow
·
· Score: 2, Interesting
I wrote a tiny little perl script that tails the maillog and firewalls (kinda teergrubes really) hosts who get a "554 Service Unavailable" more than 3 times.
I'm not coder, so it doesn't expire entries... I'm looking for someone to help make this work even better. I love the thought of causing spammers pain - and this could do that.
Re:RBL's and Firewalling
by
Anonymous Coward
·
· Score: 0
Interesting script on your page.
You might want to look at poprelayd found at:
http://poprelay.sourceforge.net/poprelayd
It's approach is similiar to yours with slightly differrent goals. The bits for maintaining good/bad DB_FILE with time expirations would be the same, and they might even have a better mechanism than::Tail for file access. Good luck with it.
Other choice than Trustic - SPAMCOP
by
Swift+Gilmer
·
· Score: 2, Informative
I have been using SPAMCop for the past 5
months at my work. I am also using QMAIL as
my mail server and it took me about 10 minutes to get it hooked into the Spam
Cop Database. The best part it is free and it it blocks about %80 of SPAM that
gets delivered - I will just have to live with the other %20. Has anyone heard
of other Spam IP Databases that are available for public use?
Re:Other choice than Trustic - SPAMCOP
by
bobbozzo
·
· Score: 1
it blocks about %80 of SPAM that gets delivered - I will just have to live with the other %20.
FYI, you don't have to just live with the rest. I use Spamcop's RBL, AND I also use BogoFilter. Or, you could use SpamAssassin or many other filters on your server.
My BogoFilter setup correctly marks about 98% of the spam IT SEES, with NO false positives. (This is NOT counting whatever gets rejected by the RBL.)
I've been setting up Fetchmail, Procmail and Spamassassin along with an IMAP server on my computer for the last couple weeks. Man, what a HUGE improvement over using my hosting company's POP3 servers!
Fetchmail polls my POP3 servers and downloads my mail to the local account(s).
SpamAssassin marks my messages as spam or not spam, and even after a week or so it's already pretty accurate.
Procmail dumps my spam into an IMAP mailbox that I can ignore and only check once a month or so, thereby avoiding issues with server-side blacklists. I can also use rexexp-based filtering rules which totally rock over Outlook's filters.
With IMAP, I can check my email using Pine, Evolution, or whatever on my linux computer, and from Outlook on my windows computer and laptop. All my email is synced automatically on all my computers, which is a Godsend when I'm away from home on my laptop.
I've been using UNIX for about 12 years and Linux off-and-on since about 1997, although I don't consider myself much of an expert with either. This stuff wasn't very difficult to set up, and my productivity is so much greater. It's flexibility like this that is causing me to reformat my windows drive for Linux on my main workstation as soon as I get the time.
A cheap and simple solution for a SPAM defense.
by
Dolemite_the_Wiz
·
· Score: 1
Use more mustard. Gotta drown out that gnarly taste somehow.
Dolemite _____________________
-- Save the World! Use a Quote!
Using Trustic with SpamPal
by
NaDrew
·
· Score: 2, Informative
I use SpamPal with the Bayesian filter as my client-side spam filter on Win2K. It works well enough but I'm always looking to improve things, so this article gave me the impetus to see if SpamPal could be made to use Trustic's DNSBL in addition to its preconfigured lists. The answer, at least for SpamPal Beta 1.295, is yes--using the "Extra DNSBL Definitions" section of the Options dialog. Here are the steps I used to add Trustic to the DNSBLs used by SpamPal:
Once you've verified your registration, go to Trustic's DNS Query Information page for your account and note the second DNS query address.
In SpamPal, open the Options dialog and drill down to the "Extra DNSBL Definitions" section. Click the "Extra DNSBL Instructions" button for information on adding a DNSBL to SpamPal. Read this text and then close the file.
Click the "Extra DNSBL Definitions" button. This opens "extra_dnsbl.txt". Add a new DNSBL entry as follows:
LIST Trustic
NAME Trustic DNSBL
TYPE STANDARD
WEBSITE http://www.trustic.com/
ZONE queryaddress
DESCRIPTION Trustic is a community-based block list that prevents untrusted servers from sending spam. It is a new approach to the spam problem, and it is better than existing solutions.
Substitute the personalized query address you saw in step 2 above for queryaddress.
Save and close "extra_dnsbl.txt", then exit SpamPal and relaunch it.
Open SpamPal's Options dialog and drill down to Spam-Detection, Blacklists, Public Blacklists. Trustic should now appear on the list. Select it and click Apply, OK.
That's it--SpamPal should now be checking Trustic's DNSBL for your incoming mail. Trustic may require additional RESULT_CODE settings--I'm waiting for a response from Trustic and will follow up if needed.
I initially thought spews was completely over the top. My first encounter with them was due to a client's server getting blocked when he inherited some new ip's that had previously belonged to a spammer. I couldn't believe that these people had so much control over so many networks (almost zero mail got out) and that there was NO official or standardized removal procedure. But after reading the FAQ, joining the newsgroup and asking a few polite questions - my client was delisted within a day. Also, the evidence file on these ip's was truly damning.
Their heavy-handed approach seems to be the only way to make a dent in the spam onslaught. I watched employees of major ISP's post to the newsgroup humbly asking for removal only to be told "kick your spammers off and you will be delisted, when we feel like it. You took too long to respond to our notices" As the spews philosophy goes, these people will only pay attention to the problem when it hits their bottom line - i.e. floods of customer complaints and cancelled accounts because no one can send mail from their entire polluted network.
Back to the topic, I have a lot more faith in the hard-headed anti-spam warriors at spews than I do in some touchy-feely "trust network". It sounds far too vulnerable to manipulation and, based solely on some of the comments here, potential market pressure in the future.
Thanks for listening...
Here's my answer
by
Anonymous Coward
·
· Score: 0
You'd better be sending from a FQDN or it ain't gonna get past the mailserver I run. tcpserver lets me deny connections to IP addresses that don't have a valid reverse lookup, and I refuse connections from DSL/cable IP addresses. If that inconveniences you, tough shit - if you have paid subscriptions you should have the decency to send proper email.
Spam Arrest works pretty well for avoiding spam. It costs money (as much as $3.33/month) but it works well. When somebody sends you e-mail, it replies with a confirmation link. The user must click on the link and type in a simple computer-generated text code to be whitelisted. They only have to do this one since once they are whitelisted they can send as many e-mails as desired. Stops nearly all automatic mass mailers and spam from fake e-mail addresses. Not free and perhaps lacks in geek factor, but it's simple and effective.
Why would you use something like this when there are several existing software packages that do this for free? Hell, I did this kind of thing YEARS ago with a trivial procmail script.
There are many reasons why confirmation style whitelisting systems suck and are not workable in the REAL world that I could tell you about, but I find it much more entertaining watching people use such stupid systems, crow about how great they are, and then end up abandoning them a few months down the road when they figure it out for themselves.
A procmail script?! What percent of the computer-enabled can set up a procmail script? Give me a break, that solution is for geeks (and a good one), but most computer users aren't geeks.
First, you Clearly have a reading comprehention problem. Read my prior message again. Slowly. Maybe several times.
Second, procmail is fucking easy. It comes with lots of examples. Someone implementing a procmail script doesn't even need to fully understand procmail, just cut and paste an example tweeking a setting here or there. Procmail is a solution for anyone that is willing to spend 10 minutes figuring out how something works. Considering how much time people spend with email over a year, this is NOTHING.
Have you re-read my original message yet? Did you find the part where I said that these other applications were actually procmail scritps? No? Just the part where "I" did it with a procmail script? Huh. Maybe your getting better.
IP banning is bad
by
Animats
·
· Score: 4, Insightful
Unless you have some way to identify dynamically assigned IP addresses, IP banning hits innocent parties too often.
Every time Joe Sixpack, running Windows XP Home Edition on a DSL line, gets a virus that spams, the next few people to get a lease on that IP address have mail blocked.
There's got to be a better way.
Re:IP banning is bad
by
William+Tanksley
·
· Score: 2, Insightful
That specific example won't normally happen -- you have to repeatedly be the source of spam and do nothing about it to get on most RBLs. When you do get on it, it's more likely to be your entire ISP than just a single reassigned IP (because the ISP was a spamhaus).
HOWEVER, I dislike RBLs for the same reason you do, and I like Bayesian filtering because it prevents that problem. The problem is that the better filtering is at getting spam without killing valid use, the slower it gets. Bayesian filtering is relatively slow.
So... I've been working on defining a multi-layer client/server antispam solution. There are multiple layers of defence:
1. The blocklist: people who have been abusing the greylist system recently. Deny all communications from these IPs, but take them off the blocklist if their entries get stale (i.e. they haven't been abusing for a while). 2. The greylist: people who might be risky. This includes people with IPs on RBLs, people who sent something that a user tagged as spam, etc. Anything sent from these IPs goes into the greylist system Slashdot looked at earlier. 3. Filtering -- probably DSPAM (a very nice server-side Bayesian filter).
This is just a summary; I'm leaving out a lot of detail, like how you tell when to put someone on or take someone off of the blocklist. But I hope it gives the idea. Again, the purpose is to throw out heavy time-wasters as quickly as possible, while not wasting the time of legit users or putting their communications at risk.
-Billy
Re:IP banning is bad
by
Animats
·
· Score: 2, Informative
That specific example won't normally happen...
If only it were so. It happens to me about once every two months, when somebody using SBC DSL sends out spam and I get their IP address later. There are a a few ISPs that set temporary IP blocks within their own network, and these persist for a day or so. I then get mail bounces for a few people I really need to reach, which is a pain.
WARNING: Not the same SpamCop
by
Phroggy
·
· Score: 2, Informative
Be aware that SpamCop.com is not the same as SpamCop.net - I'm not sure who SpamCop.com is, but having worked in the abuse department at an ISP, as well as having been a paying subscriber for a couple of years now, I can say that SpamCop.net is absolutely wonderful. They're best known for automating spam reporting - you paste in your message with full headers, and they figure out where it came from and prepare an e-mail to be sent to the administrators of those networks. Upon your approval, the complaints are sent from a unique SpamCop.net e-mail address, so your own e-mail address is not revealed (in case the complaint is forwarded to the spammers), yet you still receive any replies (SpamCop forwards them back to you).
On top of that, they also offer a service for $3/month that includes just about everything you could look for in an e-mail provider - pop3, imap, webmail, the ability to retrieve mail from other POP3 (and recently AOL and Hotmail) accounts, e-mail forwarding, easier spam reporting, and of course, spam filtering using a variety of blacklists (including SpamCop's own automated RBL) and recently SpamAssassin. It's all fully configurable so you can use it however you'd like.
Again, I have no connection to them, but SpamCop's reporting really does great things towards reducing the total volume of spam going around (by informing network administrators of the problem in a clear and consistent format so it's easy to deal with). I've only seen a couple of abuse reports from SpamCop.com, compared to thousands from SpamCop.net.
-- $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$]; $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
A spam free world...
by
Digital+Dharma
·
· Score: 2, Insightful
Is but an attitude shift away. All you have to do is follow Hotmail's idea of an exclusive address list. Nothing comes through for any individual user except what's from addresses in that user's personal address list. Keep the filtering feature on the client side, so all the mail server does is essentially route mail traffic, like any router should. Keep the processing load on the client. If the users want an email from a certain source, they're going to have to add the address in manually. A little unique cert generation during the initial mail client configuration, and you keep the email shotguns at bay. If someone has to reinstall their Operating System and thus has to regenerate a cert, set up an easy way for the 2 parties to re-exchange certs. Maybe utilize a website for this feature. Like public PKI... There's no reason not to do it this way with most new desktops approaching the 3 Ghz range. The users are going to have to take a proactive stance to spam, bottom line. No matter what legislation you push through, spammers will always find a way around any defenses we put up. Those who are aware of the nature of TCP/IP and programming know that whatever you implement, someone else can break. It would be trivial to force the end user to take control of their lack of spam, and thus break that particularly annoying 'feature' of open standards.
-- End of Line.
Re: For A spam free world..Dump Windows first.
by
ratfynk
·
· Score: 1
That is a typical MS stupid solution! I e-mail Web sites for info about particular things. This idea cannot work for websites and those who use e-mail to develope ideas and share ideas. It is a typically Microsoft bone headed idea. The only way to eliminate spam and keep the net usefull is to knock the ISPs that make money from spammers off the net. It is very obvious that those that make bulk mailings from a single original source like spammers are easy to trace, because they are not legit businesses. And most importantly fix the spam viruses for f'in windows software once and for all by blocking scripts for user mail distribution functions. It is absolutely stupid that MS Windows is the only software out there that will alow unprivileged scripts to run without the input of a frigging user. It is absolutely the most rediculous thing about Windows.
The problem with the net is that legit business that use bulk mail out are getting very pissed at Microsoft and ISPs that alow spammers. In short it is the ISPs that do not try to keep track of their bulk mailers that is the problem, along with Microsoft mail software interfaces. Get rid of those two things and spam will go away.
-- OH THE SHAME I fell off the wagon and use sigs again!
Ive just signed up with Trustic after reading this article. Great service, plus its free. Im currently pushing all the spam SpamAssassin finds to my Trustic account with procmail, to register my negative recommendations.
This is certainly one way we can all help to fight spam.
I think your experience mirrors that of many around spews.
If an ISP ignores / cans complaints they can get the runaround trying to get off. Once an ISP's abuse dept has developed and ongoing working relationship with net-abuse and a timely response to complaints things usually go much more smoothly.
The folks at spews are agressive no question (I happen to be blacklisted currently through zero fault of my own, netblock block). And some of the folks reporting (not spews admins) can describe things with a bit too much hyperbole. But in terms of evidence to back up blocks, and a group that largely gets it right and which some folks voluntarily use, spews does a neat job, and the heavy handed approach is surprisingly effective.
I also happen to like ordb and friends which do realtime automated testing that stirs up less of the personal stuff.
Trustic I'm not sold on yet.
No, just overzealous idealists
by
RallyDriver
·
· Score: 1
Anyone who thinks SpamCop is useful has never run a real web or email service.
We get about 3-4 SpamCop complaints a week forwarded by our hosting provider; many of them are for email our customers didn't even originate (and I mean in the colloquial, not technical sense), but just because one of their URLs is in some third-party spam and someone clicked the "Spam" button SpamCop figures that it's a spam-vert.
The other category of SpamCop reports is people who think SpamCop is their universal unsubscribe tool for legitimate, non-spam lists which they did sign up for.
I have never yet received a complaint from SpamCop which was actually indicative of one of my customers or staff actually spamming. We have very strong anti-spam policies (we send 3m pieces of email a week, and can't afford to be blocked by the major ISPs) and nevertheless I've never seen a SpamCop complaint I needed to take action on.
SpamCop's weakness is that they apparently assume all their users are techies who understood what is and is not spam: it places too much reliance on Joe Blow's powers of descrimination. It also suffers from the patently stupid assumption that any URL in an email reported as spam must de facto belong to the spammer. With SpamCop going around, there's nothing to stop a spammer adding "hey check out http://slashdot.org/" to the bottom of every email and making his spam OSDN's problem.
Re:No, just overzealous idealists
by
Phroggy
·
· Score: 1
This is definitely a legitimate problem. The reason SpamCop sends reports based on URLs is, most spam includes a URL, and it may be the only link to the actual spammer (if the spam was sent through an open proxy, for example). So it is valuable to report these.
Of course, before the report is sent, SpamCop displays a list of each URL it found and th e-mail addresses that would be appropriate to send a complaint to; some are checked by default and some may not be. It's up to the user to double-check these before sending the report, and yeah, users are dumb. Occasionally I receive spam that contains the URL of my home page in the body, and I have to uncheck my own ISP.
The other category of SpamCop reports is people who think SpamCop is their universal unsubscribe tool for legitimate, non-spam lists which they did sign up for.
This seriously pisses me off. People do not understand the difference between spam (UCE or UBE) and anything they may not happen to want at the moment for any reason. If it came from someone you know, it's not spam! If it came from a company you've ever done business with, it's not spam! If it's something you (perhaps accidentally) signed up for at some point, it's not spam! It's really not that hard to tell the difference, and reporting non-spam as spam wastes everybody's time and makes it harder to deal with the real spam.
So, do you have any suggestions on how SpamCop's reporting service could be improved, aside from requiring all users to take a competency test before using it?
-- $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$]; $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Re:No, just overzealous idealists
by
RallyDriver
·
· Score: 1
Improving spamcop:
1. Default to no on the "this spam is spam-vertising the following URLs" though admittedly this may be rare; since our clients don't spam I only see false positives on spamverts.
2. Use some kind of collaborative filter - SpamCop must have enough users so that instead of acting on single reports, only escalate complaints if the same email is complained about by 20+ users.
I was just on the phone today witb AOLs postmaster team regarding our whitelist status, and the guy told me that only 1 in 2000 copies or so of our clients' emails delivered there gets tagged with a "this is spam!" button by a user which he regards as very low and very healthy. Bear in mind this is several hundred false spam reports per week.
An industry rule of thumb is that about 1% of people will attempt to unsubscribe something they legitimately opted-in for by reporting it as spam, either intentionally or misguidedly.
Re:No, just overzealous idealists
by
Phroggy
·
· Score: 1
1. Default to no on the "this spam is spam-vertising the following URLs" though admittedly this may be rare; since our clients don't spam I only see false positives on spamverts.
It is rare. Might not be a bad idea though.
2. Use some kind of collaborative filter - SpamCop must have enough users so that instead of acting on single reports, only escalate complaints if the same email is complained about by 20+ users.
It's almost never the "same". Spam software adds random words or code to the subject line and message body, as well as changing the From address, with each message that gets sent out. You could set some thresholds I guess, wiithholding complaints for a particular abuse@ address until you get enough of them, but for a large ISP that doesn't make much sense, since they'll be getting lots of unrelated reports.
By the way, SpamCop's automated DNSRBL (bl.spamcop.net, which they warn you NOT to use to block spam, only to flag possible spam, because it's automated and not necessarily accurate) does use thresholds like this, although it doesn't apply to spamvertized URLs.
One nice thing about SpamCop is, since all the abuse reports are sent in exactly the same format, you can filter them when you receive them. If you want to ignore complaints when there are fewer than 20 for the same web site, you should be able to automate that somehow on your end. Also, apparently you can tell them to quit sending you reports for spamvertized web sites.
-- $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$]; $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
No, it's a numbers and money game
by
RallyDriver
·
· Score: 2, Insightful
I am the CTO at a company that provides hosted internet services, including email. We send around 3m pieces of email a week to our customers (opt-in only) lists. Speaking from the legitimate provider's viewpoint, I have a couple of observations:
1. RBL's don't work - community RBL's are used by relatively few mail systems out there; perhaps 1% of email addresses at most have RBL filtering on them at server or personal level, and the audience of any one RBL is just too small for it to have any value. Yes, using an RBL may stop *you* from receiving (some) spam, and in the short term that's all you care about, but it doesn't stop spam from being of value to the spammer. Just like the drug war, we will only win by making it unporfitable to send spam.
The biggest impact we see from RBL's is fielding individual "false-positive" complaints; we don't allow customers to send spam, so we get very few, but there's always the occasional idiot who signs up for a list and forgets, and who is too proud to click on the unsubscribe link.
What matters for delivery of my cleints' legit mailing lists, and what also a spammer cares about for delivering his spam, is delivery to the big guys - AOL, Yahoo, Hotmail, Earthlink, etc. If you're trying to email Joe Public, those guys have 50%+ of the market. Any successful spammer will have his energies focused on end-running their filters and will give a fig if RBL'ed.
2. IP-based filtering for consumer connections *does* work - ISP's and universities need to block port 25 outbound from consumer connections and desktops / 802.11 respectively. Spammers need a network connection; cut off their main source. This would stop not only transient spammers, but those who hack cable modem users.
AOL's efforts here on behalf of their users are commendable, but blocking these IP's *at source* where the blocker is making an informed decision and has the data to keep the filters accurate, is the way to go; a grassroots effort to inform ISPs about the benefits of this would be valuable.
This would leave spammers who are using business-class connections (where the ISP thus delegates the responsibility to run mail servers) which are much, much fewer in number and thus much easier to police.
Before anyone who runs their own SMTP server on tehir home Linux box cries foul, I should point out thay I do to, and I just have sendmail push everything through my ISP's SMTP relay. Big deal.
3. Money - money is they key to this. Make it uneconomic to spam, and the problem goes away.
I have one solution which I think wouls work well; like RBL's or source-end IP filtering, it suffers from the problem that it requires a large critical mass, so I think legal is the best route: I am speaking in terms of the USA, but this would work in other countries.
- anyone sending (pick a number, say 50k) pieces of email a month or more must register with the national email registry - this will cost $10k per year (this kind of price is essential to keep the spammers out, and it covers the cost of operating it). ISPs and email distributors are required both by law and defacto to sign up to be in business, and to them it's a modest cost.
- the registry will maintain an anti-spam policy and audit registrants against their track record of enforcing it; policy would need to include things like each email having clear unsubscribe info, info on where the address came from, etc.
- there will be a national "do-not-send-opt-out-mailings" list against which email marketers must clean lists which they buy; many countries have had this kind of list for phone and snail mail for quite some time, e.g. UK
- ISPs can then use the registry as a whitelist, and simply block every other IP address. Any business / individual too small to need to register can just forward their email via their upstream provider, who is then on the hook to manage their email behaviour.
Yes, it takes away some freedom to operate ones own email service, but equally I don't ru
Automatic Reporting
by
Specialist2k
·
· Score: 2, Informative
Im currently pushing all the spam SpamAssassin finds to my Trustic account with procmail, to register my negative recommendations.
IMHO, automatic reporting is a bad idea. SpamAssassin isn't perfect and might flag legitimate mail as spam. It happens rarely, but it does happen. If you submit manually, you'll (hopefully) notice this, but automatic submission will report the IP of an innocent party as untrusted...
OS flaws make technical solutions difficult
by
heironymouscoward
·
· Score: 2, Insightful
Spam is not just about sending unwanted email from rogue servers. Even if the Internet email system consisted of a 100% controlled network that excluded spammers' systems, there would be a serious spam problem. Why? More and more spam is sent from systems infected by viruses and trojans, and as other avenues get closed, this most promising one will be used to the maximum. Let me race down the technology curve and predict some of the wonderful things that will happen in the war on spam:
- the majority of spam will originate from 'infected PCs'. - some smart person will cause email to be charged, and millions of innocent users will get incredible invoices for email they 'never sent' - as the number of infected PCs being remotely controlled by spammers increases, the volume sent from each PC will go random and low enough to be effectively undetectable. - spammers will start modifying real email to attach their own messages. - spammers will start modifying URLs in real email to point to their own websites. - spammers will find ways to infect MSIE to do the same thing. - anti-spam software will start to resemble anti-virus software, as spammers and virus writers hook-up into an organized (criminal) network. - anti-spam software will be the main thing targetted by new viruses.
and all this time, 80% of PC users will remain blisfully unaware that their PCs are sending shiploads of spam around the world.
The basic problem is that the (Windows) PC is simply too complex, too connected, and too vulnerable to use as a secure communications device.
There is an answer somewhere... but I don't believe it lies in technological solutions, nor does it lie in making email paid, nor does it lie in attacking the servers and networks used to send spam. It is rather to understand that simplicity and transparency is the key to security. In the case of PCs, this means arriving at a OS/application combination that is immune to trojans and viruses, not thanks to the latest anti-virus scanners, but thanks to an inherently uncrackable design.
--
Ceci n'est pas une signature
Re:OS flaws make technical solutions difficult
by
WuphonsReach
·
· Score: 1
One solution for the virus-infected PCs sending SPAM would be for the destination SMTP machines (receivers) to do a cross-match between the purported sender domain of the message with the IP address that is originating. The IP address of the sender would have to be one of the designated outbound mail servers for the sender's domain. (e.g. a "OX" record) Want to send e-mail for domain x@x.com? Then it needs to transmit from one of the IP addresses in x@x.com's DNS OX records.
It solves the issue of "forged" domain e-mail (which makes whitelists/blacklists more reliable), cuts down on infected PCs sending SPAM (unless they're an OX for the DNS). Plus, it's in the end-admin's hands whether or not to turn that check on.
Downside is that it requires a new DNS record, might increase load on the DNS servers, and might break some specialized cases where SMTP servers are chain-forwarding. (The last is a minor issue if the DNS records get patched.)
One scenario not handled is when a spammer finds an open relay they have to add that open relay's IP address to their DNS. Since this takes 24-72 hours to propogate, that slows them down and possibly gets the open relay closed before they get a chance to use it.
-- Wolde you bothe eate your cake, and have your cake?
My favorite solution is still TMDA, a free challenge-response auto-whitelist and complex filtering system for Linux. I realize you anti-challenege / response people won't hit the "R" key for me, but I consider that a useful filter...
Is this, like, protection for small tins of semi-edible goop?
"Please, no! Take the tinned tomatoes but don't hurt my Spam!"
-- --This isn't a man who is leaving with his head between his legs.
My favorite Spam subject line..
by
Anonymous Coward
·
· Score: 0
Kristen, this will make your dick bigger!
That ain't working, that's the way you do it ...
by
e_AltF4
·
· Score: 1
... Money for nothing and logs for free.
98% block rate: RBL + custom rules
80% effect - easy and low maintainance: - several RBL sources (dsbl.org, spamcop.net, spamhaus.org, etc.) - geographical information (china, korea, etc.) - listings of spammy providers (XO, RR, COMCAST, ATT, UUNET) and countries (CN, KR, etc) from blackholes.us - some netblocks semms to send spam only: 4/8 (genuity ), 12/8 (ATT), 218/8 and 61.156 (china), more to come whenever
20% maintainance required: - add/24 or/16 netblocks of persistent spam sources (thanks to postfix for the logs:-), dialups and proxy sources - block spammy domains (libero.it, daily-promotions.net, adelphia.net, etc.) - use some spambait addresses (nobody has any reason to sent mail to users who left years ago or to role accounts abandoned for a long time) and add any mail senders/24 block
enjoy the 5 or 10 spams coming through per week and complain to providers if local, otherwise add to block list.
Where you erred...
by
Anonymous Coward
·
· Score: 0
You obviously think it's cool running a half-assed mail server, but you're wrong. If you were really cool, you'd do it right with proper DNS entries etc. Expect to have most of your outbound mail blocked... most ISPs routinely block mail from DSL address blocks, since that's where 80% of spam comes from.
Oh puhleeze
by
Anonymous Coward
·
· Score: 0
If you redistribute Qmail, it has to retain the/var/qmail directory structure. You're not allowed to distribute qmail that ends up in weird places, and if that's a big deal to you, you're fucked in the head. Get over it already.
With all of these comments about how there will always be a back door for the spammers to send their mail out, doesn't it seem more feasible to go after the companies who send out the spam?
Re:That ain't working, that's the way you do it ..
by
Michael+Hunt
·
· Score: 1
Interesting that you comment on 218/8. APnic has assigned several largish blocks from this net as peering nets, which aren't meant to be advertised onto the net at large. Several other slices are assigned to china.
Definitely one to blackhole, as much of it shouldn't even appear on the net at large due to RIR policy
Re: For A spam free world..Dump Windows first.
by
argoff
·
· Score: 1
I don't think email by invitation is a MS only idea, and there are ways to implement it for guest/anon/and unregistered people by using a turing test for one time email access. (this would not eliminate spam, but taking a 20 second turing test to send an unsolicited email would make it much less pratical to send 10 million emails/day)
Still For A spam free world..Dump Windows first.
by
ratfynk
·
· Score: 1
Yes I see what you mean. It is something that could work. The problem with MS broadband zombies however is a different matter and could easily be addressed by changing the default behaviours of MS mail and core interfaces to block all non native scripts and exes. The average granny (like an Aunt of mine ) thinks that by simply running Norton AV she cannot be a target. So far I have deflected all sorts of crap coming from her. She just likes to be able to forward things to everyone with the click of a mouse. One piece of crap I got from here actually crashed my X server using Wine, it was funny when I saw what the MS VB script was! What I am trying to say is the spam problem is caused predominantly by the MS mail interface and system command software, and IPs that make money from spam companies!
-- OH THE SHAME I fell off the wagon and use sigs again!
It was spews which blocked my email. If you're interested, here's the report for my IP: http://www.spews.org/html/S333.html . I'm sure you know more about spews than I do, but there are reasons why an IP may be blocked unfairly. For instance, a spammer may have used an IP on my host for spam, been kicked off the host as per its terms of use, and still be listed on spews. Imagine if you are the sort of hosting company who takes a lot of these $9.99 sites on an automated basis. You could get a number of spammers using your service before your sysadmins kick them off and follow up with legal action or whatever. It would then be difficult to get off the spews blacklist.
It's also possible that spews could just plain make a mistake, although I don't know anything about the process by which it blacklists IP ranges.
Of course it's your prerogative to use spews, just as it's mine to continue to stay with my hosting provider. They have cheap prices, great uptime and are very responsive to questions. It is this responsiveness which leads me to believe (albeit possibly incorrectly) that they would also be responsive to misuse of their network.
Looking at recent NANAE activity, and came up with this and this.
Sounds like your ISP still has some work to do.
You don't get listed in spews if you respond to spam complaints and TOS spammers. You get listed when you ignore complaints on a regular basis, or allow them to continue to spamvertize or spew for long periods of time before you take action (the "I'm warning you, you only have 300,000,000 more chances to stop spamming or we will terminate your service" syndrome.)
You also remain listed in spews AFTER you clean up for as long as it took you to clean up. If it took you a year to get around to clean up spammers, you are going to get listed in spews for a year after they are gone. After all, many poorly behaving ISP's just let the spammers right back on after getting de-listed. There are also several levels of spews listings. It looked at one point as though they were delisted, and then re-listed.
Bottom line is that there are THOUSANDS of good hosting companies. If being listed in spews isn't a big deal to you, stay where you are. If it is, you have LOTS of options.
Re:That ain't working, that's the way you do it ..
by
Anonymous Coward
·
· Score: 0
George, the French called! They want their statue back. Well tell those chickenshit mutherfuckers to bend over and I'll ram that statue straight up their asses!!!!!
Q: Why are there so many tree-lined boulevards in Paris? A: Because Germans like to march in the shade.
Q: How many Frenchman does it take to defend Paris? A: Nobody knows, its never been tried.
Q: What do you call 100,000 men with their hands in the air? A: The French Army.
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Re:Moderators on crack again
by
Anonymous Coward
·
· Score: 0
everyone wants a way to make money on the net. so here it is:
take bandwidth hogs, i dont care if it is american express bankrolls, abercrombie and fitch retail catalogues, or spammers. make those that hog bandwidth pay fees comensurate with their usage and leave the little guys alone to surf.
its server side, its not limiting... it just costs money now.
Slashdot Mirror
...people don't follow the mail protocols, and then they wonder why they get buggered. Oh, well, hopefully IPv6 will help alleviate these problems.
Bash script for FP whores
and thereafter all packets from said IP's are market with the Evil Bit.
I never realized that ole Bill was such a tech expert!
I suggest buying the book if you plan on implementing it. The online version isn't enough (and covers about 1/3 what the printed version does).
Make sure you follow the relay-ctrl section very close. You could be a source of spam if you do it wrong!
I though of this when it comes to SPAM:
Have a computer certified by another individual and create a public/private key for that computer. Do this step to create a network of ID's for the servers.
Now, have admins "Sign" a certain public text that allows servers to trust other servers.
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Of course, mail servers and clients would have to have different trust relationships ala ssh.
For them mail geeks: would this be feasible? I could see CPU load go rocket...
>for nominating spammer/hostile IP's
Also for nominating trusted IPs.
now all we need to ask is how long till this "community" service that they provide will take before they start charging $ for querying it just like every other blacklist, making blocking spam a privilidge for the rich (i believe MAPS is over a 1000$ a year)
No thanks.
Your spam may be my correspondence -- I may want to get mail from those whose conduct you find abhorrent. Today, a network may responsibly be censoring only unwanted and unsolicited commercial e-mail. Next week, the powers-that-be-in-the-networks start censoring geek news.
To protect our liberties, spam control should be decentralized -- as close to the last mile as possible. Yes, of course, this means that the supposed great harm of spam -- huge volume transmissions through the network -- will not be interdicted closer to the source. In my view, an effective end-point spam model is as likely to reduce volume as a network centered model: the idea is to reduce the INCENTIVE to spam -- that will reduce the volume.
Centralized technical measures simply invite the spam wars to continue, provide centralized points of failure, will not diminish spam, and will assure that powers-that-be have ample new abilities to censor speech.
quite simple really:
Right here.
Another blacklist (with an appeals process). Run by a guy that made his millons selling eGroups to Yahoo!.
Dunno, this doesn't look too promising.
Any spam measure taken at a server level could induce false positives.
I manage paid-for e-mail e-zines which I mail using PHP and sendmail (read:forged headers until I'm big enough to run my own server).
Wouldn't most server-layer anti-spam measures catch my very suspicious HTML e-zines, even if paid for?
I am the Barber of Seville.
Are these annoying newfangled systems for preventing it. Next story, please?
I have no interest in joining such a group. How long until they post $insanely_large_num of members as a way to try and prove the validity of their method? Bet they'll forget to mention how many members were dragged in kicking and screaming just to appeal placement on the list.
Please remember that the service is beta and will start charging for advanced features once it is out of beta. As usual, worth waiting to see if it goes totally commercial. Looks like they plan to charge to allow listing multiple "trusted" servers.
A fair number of the spams I submitted came from servers that had already been voted on as TRUSTED by other users. In other words, my credability went down by reporting them as spammers.
http://www.trustic.com/ip/219.94.114.6 for example and I've got a fair number of others. Folks are either polluting the space intentionally or being very very sloppy in reporting trusted servers.
Groups like spews have a very nice evidence file, and it gets reviewed by a person. I've generally been impressed with the real community blacklist sites.
Technically the site works great and is super fast. But wouldn't follow the O'Reilly recommendation and pick it as my primary blacklist just yet (even through the guy doing the site worked with the author of the article to make changes.)
My two cents.
Why do n't the big players come together and come up with a better protocol instead of people trying these elaborate schemes?
Have a period where you have a parallel system going and then have a cut off time where SMTP servers die.
All it will take is the top ISP's in each country and large corporations to stop accepting SMTP mail and you'ill be sure that everyone else will then fall inline.
Or am I just being too radical?
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
Free Instant Site Inclusion
I use SpamAssassin with Bayesian filtering.
Your forged headers are noted and factored in when determining whether you are spam or not. But by themselves they are not sufficient to mark you as spam.
Your e-zine will tend to have the same format and similar content from issue to issue. The Bayesian filter can detect this and let it through.
I'm running this setup at work for our offices and it works very well. The only real problems we've had is monster.com's resumes. But even that seems to be working now.
Sounds a bit like the /. comment moderation system!
Why not? Is n't there a time where we envisage the whole 'net will be IPv6? And thats every machine, not just servers. Eventually IPv4 will die so I dont see how SMTP deing would be a big deal.
I know a local business that was hurt badly because the subnet that their ip addresses belonged to was added to a blackhole list. They only bought a few ip addresses and there happened to be a spammer on the same subnet. They never participated in sending spam and were never told that their ip address was blocked. Many of their emails simply did not arrive at their destinations, for no clear reason. They write and sell network security products, intended to help detect and identify hackers or even spammers looking for open relays so that they can be investigated and possibly prosecuted. This was a case where anti-spam technology hurt the near opposite of the kind of people it was meant to. I don't think they ever succeeded in getting their addresses removed from the list. All the time that went by before they knew they were on the blackhole list nearly led them to bankrupty.
There are many problems with using RBLs to block connections. A very good description can be found here:
I've found SpamAssassin a fairly good, rather than block messages from RBLs it analysis message content, adds points to messages in RBLs and checks known Spam databases such as Razor and Pyzor. Rules matches are given a score, and messages with a total aggregate score are tagged in the message headers, allowing users to filter these if they want to.
A main advantage of this method is that no single rule can flag a message as spam, hence legitimate mail sourcing from the badly configured mail relay has a chance of getting through, and in my mind it's probably a particularly bad idea to block any email unless it's actually addressed to you.
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
Just like gopher with http? You can also add a plethora of validation ontop of SMTP. SMTP, as a protocol, isn't bad. It's possible to add validation, to only accept from SMTP servers that use some sort of valid key.
Then you get to keep SMTP, and slowly migrate servers. Setup a non-profit organization for distributing SMTP authentication keys that are unique to the mail server (think SSL) and if the mail comes from that server is spam, you just block that servers key. If the server doesn't have a key, put it into a validation list or send backa response saying they need to use a mail server that supports signed-SMTP.
Easy solution, not a complete overhaul of SMTP. The problem comes in with who signs the certificates, because then you have to trust the source that delivers them. Like Verisign, et al.
Dacels Jewelers can't be trusted.
Or, you could just use Postfix, which:
Personally, I refuse to use any software written by DJB as a matter of principle. The guy flagrantly ignores RFCs because he simply feels like it and arrogantly thinks he knows better(and further that there is benefit to ignoring said RFCs).
Please help metamoderate.
drink drunk sunk. could have..
I run an SMTP server off my comcast cable connection... I've pretty much been learning as I go. Five weeks ago I began as a total novice, not knowing what an open relay was I spent 5 days with no authentication and as a result I was kind enough to forward some 22k messages offering investment advice. As I've learned a little more about the process... I've found ORDB and MAPS to be pretty useful and successful when it comes to blocking open relays. AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against. There must be scope for a simple "Setting up your own mail server" FAQ.
Name a single (email related) RFC that qmail doesn't adhere to. qmail can answer yes to every single one of your bullet points. qmail is completely free and folks that claim it isn't are just trolls.
When Spam attacks, defend yourself with a crane foot block. Then fight back with a monkey punch to its spine.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Qmail is NOT FREE. Last I looked it was distributed without a license; now apparently it has a license, but one with oddball restrictions. If you don't believe me, do a google search with the keywords "qmail debian legal" and spend 30 minutes or so going through the various discussions.
Please help metamoderate.
...which is why a)it's not turned on by default and b)the docs(including the docs in the config file) warn you as to such. The docs are very specific about WHICH of the checks violate the RFCs and which don't.
What RFCs does qmail not comply with?
Based on a very quick google search(so thus some of this might be outdated or simply wrong), pipelining, for one. RFC-2821 for another. RFC 2821 and RFC 1123 for two more.
The difference is that while Postfix CAN reject based on HELO etc...qmail seems to do so by DEFAULT.
Also, take a look at djbdns some time- it violates RFC's left and right.
Please help metamoderate.
5. Acceptable Use Policy; Prohibited Uses of the Service.
b. Prohibited Uses of the Service: Use of the Comcast Equipment or the Service for transmission or storage of any information, data or material in violation of any federal, state or local law or regulation is prohibited. In addition, unless you are subject to a Service plan that expressly permits otherwise, the Service is to be used, and you expressly agree to use it, solely in a private residence, living quarters in a hotel, hospital, dormitory, sorority or fraternity house, or boarding house, or the residential portion of a premises which is used for both business and residential purposes. Without limiting the generality of the foregoing, the Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise, or as an end-point on a non-Comcast local area network or wide area network.
I'll keep my toungue in cheek for any other comments.
I wrote a tiny little perl script that tails the maillog and firewalls (kinda teergrubes really) hosts who get a "554 Service Unavailable" more than 3 times.
I'm not coder, so it doesn't expire entries... I'm looking for someone to help make this work even better. I love the thought of causing spammers pain - and this could do that.
You can get the script from my webpage at http://www.jasonjordan.com.au
e3 :: blogging the wireless freenet
I have been using SPAMCop for the past 5 months at my work. I am also using QMAIL as my mail server and it took me about 10 minutes to get it hooked into the Spam Cop Database. The best part it is free and it it blocks about %80 of SPAM that gets delivered - I will just have to live with the other %20. Has anyone heard of other Spam IP Databases that are available for public use?
Fetchmail polls my POP3 servers and downloads my mail to the local account(s).
SpamAssassin marks my messages as spam or not spam, and even after a week or so it's already pretty accurate.
Procmail dumps my spam into an IMAP mailbox that I can ignore and only check once a month or so, thereby avoiding issues with server-side blacklists. I can also use rexexp-based filtering rules which totally rock over Outlook's filters.
With IMAP, I can check my email using Pine, Evolution, or whatever on my linux computer, and from Outlook on my windows computer and laptop. All my email is synced automatically on all my computers, which is a Godsend when I'm away from home on my laptop.
I've been using UNIX for about 12 years and Linux off-and-on since about 1997, although I don't consider myself much of an expert with either. This stuff wasn't very difficult to set up, and my productivity is so much greater. It's flexibility like this that is causing me to reformat my windows drive for Linux on my main workstation as soon as I get the time.
www.clarke.ca
Use more mustard. Gotta drown out that gnarly taste somehow.
Dolemite
_____________________
Save the World! Use a Quote!
- Create a Trustic account
- Once you've verified your registration, go to Trustic's DNS Query Information page for your account and note the second DNS query address.
- In SpamPal, open the Options dialog and drill down to the "Extra DNSBL Definitions" section. Click the "Extra DNSBL Instructions" button for information on adding a DNSBL to SpamPal. Read this text and then close the file.
- Click the "Extra DNSBL Definitions" button. This opens "extra_dnsbl.txt". Add a new DNSBL entry as follows:Substitute the personalized query address you saw in step 2 above for queryaddress.
- Save and close "extra_dnsbl.txt", then exit SpamPal and relaunch it.
- Open SpamPal's Options dialog and drill down to Spam-Detection, Blacklists, Public Blacklists. Trustic should now appear on the list. Select it and click Apply, OK.
That's it--SpamPal should now be checking Trustic's DNSBL for your incoming mail. Trustic may require additional RESULT_CODE settings--I'm waiting for a response from Trustic and will follow up if needed.Vista:XPSP2::ME:98SE
I initially thought spews was completely over the top. My first encounter with them was due to a client's server getting blocked when he inherited some new ip's that had previously belonged to a spammer. I couldn't believe that these people had so much control over so many networks (almost zero mail got out) and that there was NO official or standardized removal procedure. But after reading the FAQ, joining the newsgroup and asking a few polite questions - my client was delisted within a day. Also, the evidence file on these ip's was truly damning.
Their heavy-handed approach seems to be the only way to make a dent in the spam onslaught. I watched employees of major ISP's post to the newsgroup humbly asking for removal only to be told "kick your spammers off and you will be delisted, when we feel like it. You took too long to respond to our notices" As the spews philosophy goes, these people will only pay attention to the problem when it hits their bottom line - i.e. floods of customer complaints and cancelled accounts because no one can send mail from their entire polluted network.
Back to the topic, I have a lot more faith in the hard-headed anti-spam warriors at spews than I do in some touchy-feely "trust network". It sounds far too vulnerable to manipulation and, based solely on some of the comments here, potential market pressure in the future.
Thanks for listening...
You'd better be sending from a FQDN or it ain't gonna get past the mailserver I run. tcpserver lets me deny connections to IP addresses that don't have a valid reverse lookup, and I refuse connections from DSL/cable IP addresses. If that inconveniences you, tough shit - if you have paid subscriptions you should have the decency to send proper email.
Spam Arrest works pretty well for avoiding spam. It costs money (as much as $3.33/month) but it works well. When somebody sends you e-mail, it replies with a confirmation link. The user must click on the link and type in a simple computer-generated text code to be whitelisted. They only have to do this one since once they are whitelisted they can send as many e-mails as desired. Stops nearly all automatic mass mailers and spam from fake e-mail addresses. Not free and perhaps lacks in geek factor, but it's simple and effective.
There's got to be a better way.
Be aware that SpamCop.com is not the same as SpamCop.net - I'm not sure who SpamCop.com is, but having worked in the abuse department at an ISP, as well as having been a paying subscriber for a couple of years now, I can say that SpamCop.net is absolutely wonderful. They're best known for automating spam reporting - you paste in your message with full headers, and they figure out where it came from and prepare an e-mail to be sent to the administrators of those networks. Upon your approval, the complaints are sent from a unique SpamCop.net e-mail address, so your own e-mail address is not revealed (in case the complaint is forwarded to the spammers), yet you still receive any replies (SpamCop forwards them back to you).
On top of that, they also offer a service for $3/month that includes just about everything you could look for in an e-mail provider - pop3, imap, webmail, the ability to retrieve mail from other POP3 (and recently AOL and Hotmail) accounts, e-mail forwarding, easier spam reporting, and of course, spam filtering using a variety of blacklists (including SpamCop's own automated RBL) and recently SpamAssassin. It's all fully configurable so you can use it however you'd like.
Again, I have no connection to them, but SpamCop's reporting really does great things towards reducing the total volume of spam going around (by informing network administrators of the problem in a clear and consistent format so it's easy to deal with). I've only seen a couple of abuse reports from SpamCop.com, compared to thousands from SpamCop.net.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Is but an attitude shift away. All you have to do is follow Hotmail's idea of an exclusive address list. Nothing comes through for any individual user except what's from addresses in that user's personal address list. Keep the filtering feature on the client side, so all the mail server does is essentially route mail traffic, like any router should. Keep the processing load on the client. If the users want an email from a certain source, they're going to have to add the address in manually. A little unique cert generation during the initial mail client configuration, and you keep the email shotguns at bay. If someone has to reinstall their Operating System and thus has to regenerate a cert, set up an easy way for the 2 parties to re-exchange certs. Maybe utilize a website for this feature. Like public PKI... There's no reason not to do it this way with most new desktops approaching the 3 Ghz range. The users are going to have to take a proactive stance to spam, bottom line. No matter what legislation you push through, spammers will always find a way around any defenses we put up. Those who are aware of the nature of TCP/IP and programming know that whatever you implement, someone else can break. It would be trivial to force the end user to take control of their lack of spam, and thus break that particularly annoying 'feature' of open standards.
End of Line.
The problem with the net is that legit business that use bulk mail out are getting very pissed at Microsoft and ISPs that alow spammers. In short it is the ISPs that do not try to keep track of their bulk mailers that is the problem, along with Microsoft mail software interfaces. Get rid of those two things and spam will go away.
OH THE SHAME I fell off the wagon and use sigs again!
Ive just signed up with Trustic after reading this article. Great service, plus its free. Im currently pushing all the spam SpamAssassin finds to my Trustic account with procmail, to register my negative recommendations.
This is certainly one way we can all help to fight spam.
-- Guns dont kill people, postal workers do.
I think your experience mirrors that of many around spews.
If an ISP ignores / cans complaints they can get the runaround trying to get off. Once an ISP's abuse dept has developed and ongoing working relationship with net-abuse and a timely response to complaints things usually go much more smoothly.
The folks at spews are agressive no question (I happen to be blacklisted currently through zero fault of my own, netblock block). And some of the folks reporting (not spews admins) can describe things with a bit too much hyperbole. But in terms of evidence to back up blocks, and a group that largely gets it right and which some folks voluntarily use, spews does a neat job, and the heavy handed approach is surprisingly effective.
I also happen to like ordb and friends which do realtime automated testing that stirs up less of the personal stuff.
Trustic I'm not sold on yet.
Anyone who thinks SpamCop is useful has never run a real web or email service.
We get about 3-4 SpamCop complaints a week forwarded by our hosting provider; many of them are for email our customers didn't even originate (and I mean in the colloquial, not technical sense), but just because one of their URLs is in some third-party spam and someone clicked the "Spam" button SpamCop figures that it's a spam-vert.
The other category of SpamCop reports is people who think SpamCop is their universal unsubscribe tool for legitimate, non-spam lists which they did sign up for.
I have never yet received a complaint from SpamCop which was actually indicative of one of my customers or staff actually spamming. We have very strong anti-spam policies (we send 3m pieces of email a week, and can't afford to be blocked by the major ISPs) and nevertheless I've never seen a SpamCop complaint I needed to take action on.
SpamCop's weakness is that they apparently assume all their users are techies who understood what is and is not spam: it places too much reliance on Joe Blow's powers of descrimination. It also suffers from the patently stupid assumption that any URL in an email reported as spam must de facto belong to the spammer.
With SpamCop going around, there's nothing to stop a spammer adding "hey check out http://slashdot.org/" to the bottom of every email and making his spam OSDN's problem.
I am the CTO at a company that provides hosted internet services, including email. We send around 3m pieces of email a week to our customers (opt-in only) lists. Speaking from the legitimate provider's viewpoint, I have a couple of observations:
1. RBL's don't work - community RBL's are used by relatively few mail systems out there; perhaps 1% of email addresses at most have RBL filtering on them at server or personal level, and the audience of any one RBL is just too small for it to have any value. Yes, using an RBL may stop *you* from receiving (some) spam, and in the short term that's all you care about, but it doesn't stop spam from being of value to the spammer. Just like the drug war, we will only win by making it unporfitable to send spam.
The biggest impact we see from RBL's is fielding individual "false-positive" complaints; we don't allow customers to send spam, so we get very few, but there's always the occasional idiot who signs up for a list and forgets, and who is too proud to click on the unsubscribe link.
What matters for delivery of my cleints' legit mailing lists, and what also a spammer cares about for delivering his spam, is delivery to the big guys - AOL, Yahoo, Hotmail, Earthlink, etc. If you're trying to email Joe Public, those guys have 50%+ of the market. Any successful spammer will have his energies focused on end-running their filters and will give a fig if RBL'ed.
2. IP-based filtering for consumer connections *does* work - ISP's and universities need to block port 25 outbound from consumer connections and desktops / 802.11 respectively. Spammers need a network connection; cut off their main source. This would stop not only transient spammers, but those who hack cable modem users.
AOL's efforts here on behalf of their users are commendable, but blocking these IP's *at source* where the blocker is making an informed decision and has the data to keep the filters accurate, is the way to go; a grassroots effort to inform ISPs about the benefits of this would be valuable.
This would leave spammers who are using business-class connections (where the ISP thus delegates the responsibility to run mail servers) which are much, much fewer in number and thus much easier to police.
Before anyone who runs their own SMTP server on tehir home Linux box cries foul, I should point out thay I do to, and I just have sendmail push everything through my ISP's SMTP relay. Big deal.
3. Money - money is they key to this. Make it uneconomic to spam, and the problem goes away.
I have one solution which I think wouls work well; like RBL's or source-end IP filtering, it suffers from the problem that it requires a large critical mass, so I think legal is the best route: I am speaking in terms of the USA, but this would work in other countries.
- anyone sending (pick a number, say 50k) pieces of email a month or more must register with the national email registry - this will cost $10k per year (this kind of price is essential to keep the spammers out, and it covers the cost of operating it). ISPs and email distributors are required both by law and defacto to sign up to be in business, and to them it's a modest cost.
- the registry will maintain an anti-spam policy and audit registrants against their track record of enforcing it; policy would need to include things like each email having clear unsubscribe info, info on where the address came from, etc.
- there will be a national "do-not-send-opt-out-mailings" list against which email marketers must clean lists which they buy; many countries have had this kind of list for phone and snail mail for quite some time, e.g. UK
- ISPs can then use the registry as a whitelist, and simply block every other IP address. Any business / individual too small to need to register can just forward their email via their upstream provider, who is then on the hook to manage their email behaviour.
Yes, it takes away some freedom to operate ones own email service, but equally I don't ru
IMHO, automatic reporting is a bad idea. SpamAssassin isn't perfect and might flag legitimate mail as spam. It happens rarely, but it does happen. If you submit manually, you'll (hopefully) notice this, but automatic submission will report the IP of an innocent party as untrusted...
Spam is not just about sending unwanted email from rogue servers. Even if the Internet email system consisted of a 100% controlled network that excluded spammers' systems, there would be a serious spam problem. Why? More and more spam is sent from systems infected by viruses and trojans, and as other avenues get closed, this most promising one will be used to the maximum.
Let me race down the technology curve and predict some of the wonderful things that will happen in the war on spam:
- the majority of spam will originate from 'infected PCs'.
- some smart person will cause email to be charged, and millions of innocent users will get incredible invoices for email they 'never sent'
- as the number of infected PCs being remotely controlled by spammers increases, the volume sent from each PC will go random and low enough to be effectively undetectable.
- spammers will start modifying real email to attach their own messages.
- spammers will start modifying URLs in real email to point to their own websites.
- spammers will find ways to infect MSIE to do the same thing.
- anti-spam software will start to resemble anti-virus software, as spammers and virus writers hook-up into an organized (criminal) network.
- anti-spam software will be the main thing targetted by new viruses.
and all this time, 80% of PC users will remain blisfully unaware that their PCs are sending shiploads of spam around the world.
The basic problem is that the (Windows) PC is simply too complex, too connected, and too vulnerable to use as a secure communications device.
There is an answer somewhere... but I don't believe it lies in technological solutions, nor does it lie in making email paid, nor does it lie in attacking the servers and networks used to send spam. It is rather to understand that simplicity and transparency is the key to security. In the case of PCs, this means arriving at a OS/application combination that is immune to trojans and viruses, not thanks to the latest anti-virus scanners, but thanks to an inherently uncrackable design.
Ceci n'est pas une signature
My favorite solution is still TMDA, a free challenge-response auto-whitelist and complex filtering system for Linux. I realize you anti-challenege / response people won't hit the "R" key for me, but I consider that a useful filter...
Is this, like, protection for small tins of semi-edible goop? "Please, no! Take the tinned tomatoes but don't hurt my Spam!"
--This isn't a man who is leaving with his head between his legs.
Kristen, this will make your dick bigger!
... Money for nothing and logs for free.
/24 or /16 netblocks of persistent spam sources (thanks to postfix for the logs :-), dialups and proxy sources /24 block
98% block rate: RBL + custom rules
80% effect - easy and low maintainance:
- several RBL sources (dsbl.org, spamcop.net, spamhaus.org, etc.)
- geographical information (china, korea, etc.)
- listings of spammy providers (XO, RR, COMCAST, ATT, UUNET) and countries (CN, KR, etc) from blackholes.us
- some netblocks semms to send spam only: 4/8 (genuity ), 12/8 (ATT), 218/8 and 61.156 (china), more to come whenever
20% maintainance required:
- add
- block spammy domains (libero.it, daily-promotions.net, adelphia.net, etc.)
- use some spambait addresses (nobody has any reason to sent mail to users who left years ago or to role accounts abandoned for a long time) and add any mail senders
enjoy the 5 or 10 spams coming through per week and complain to providers if local, otherwise add to block list.
You obviously think it's cool running a half-assed mail server, but you're wrong. If you were really cool, you'd do it right with proper DNS entries etc. Expect to have most of your outbound mail blocked... most ISPs routinely block mail from DSL address blocks, since that's where 80% of spam comes from.
If you redistribute Qmail, it has to retain the /var/qmail directory structure. You're not allowed to distribute qmail that ends up in weird places, and if that's a big deal to you, you're fucked in the head. Get over it already.
With all of these comments about how there will always be a back door for the spammers to send their mail out, doesn't it seem more feasible to go after the companies who send out the spam?
Interesting that you comment on 218/8. APnic has assigned several largish blocks from this net as peering nets, which aren't meant to be advertised onto the net at large. Several other slices are assigned to china.
Definitely one to blackhole, as much of it shouldn't even appear on the net at large due to RIR policy
You're doing it wrong.
My penis didn't grow at all. De-trust this post.
I don't think email by invitation is a MS only idea, and there are ways to implement it for guest/anon/and unregistered people by using a turing test for one time email access. (this would not eliminate spam, but taking a 20 second turing test to send an unsolicited email would make it much less pratical to send 10 million emails/day)
Yes I see what you mean. It is something that could work. The problem with MS broadband zombies however is a different matter and could easily be addressed by changing the default behaviours of MS mail and core interfaces to block all non native scripts and exes. The average granny (like an Aunt of mine ) thinks that by simply running Norton AV she cannot be a target. So far I have deflected all sorts of crap coming from her. She just likes to be able to forward things to everyone with the click of a mouse. One piece of crap I got from here actually crashed my X server using Wine, it was funny when I saw what the MS VB script was! What I am trying to say is the spam problem is caused predominantly by the MS mail interface and system command software, and IPs that make money from spam companies!
OH THE SHAME I fell off the wagon and use sigs again!
It's also possible that spews could just plain make a mistake, although I don't know anything about the process by which it blacklists IP ranges.
Of course it's your prerogative to use spews, just as it's mine to continue to stay with my hosting provider. They have cheap prices, great uptime and are very responsive to questions. It is this responsiveness which leads me to believe (albeit possibly incorrectly) that they would also be responsive to misuse of their network.
www.clarke.ca
George, the French called! They want their statue back.
Well tell those chickenshit mutherfuckers to bend over and I'll ram that statue straight up their asses!!!!!
Q: Why are there so many tree-lined boulevards in Paris?
A: Because Germans like to march in the shade.
Q: How many Frenchman does it take to defend Paris?
A: Nobody knows, its never been tried.
Q: What do you call 100,000 men with their hands in the air?
A: The French Army.
FUCK FRANCE
----
George
Troll.
That's an empty set.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.