Posted by
michael
on from the unplug-the-ethernet-for-best-results dept.
Dru writes "Here's an article talking about the details
of implementing a network level spam defense
with Qmail. It also talks a little about a new site called
Trustic
which uses a trust system (like Advogato) for
nominating spammer/hostile IP's."
Sounds neat, but PGP'ed network sounds better.
by
Creepy+Crawler
·
· Score: 4, Interesting
I though of this when it comes to SPAM:
Have a computer certified by another individual and create a public/private key for that computer. Do this step to create a network of ID's for the servers.
Now, have admins "Sign" a certain public text that allows servers to trust other servers.
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Of course, mail servers and clients would have to have different trust relationships ala ssh.
For them mail geeks: would this be feasible? I could see CPU load go rocket...
--
Mod parent up! by Anonymous Coward (Score:1) Thurs, Nov 31, @13:37
Trusted IPs
by
Anonymous Coward
·
· Score: 1, Interesting
Another blacklist (with an appeals process). Run by a guy that made his millons selling eGroups to Yahoo!.
Dunno, this doesn't look too promising.
Must be a member to appeal?
by
liquid-groove
·
· Score: 2, Interesting
I have no interest in joining such a group. How long until they post $insanely_large_num of members as a way to try and prove the validity of their method? Bet they'll forget to mention how many members were dragged in kicking and screaming just to appeal placement on the list.
I know a local business that was hurt badly because the subnet that their ip addresses belonged to was added to a blackhole list. They only bought a few ip addresses and there happened to be a spammer on the same subnet. They never participated in sending spam and were never told that their ip address was blocked. Many of their emails simply did not arrive at their destinations, for no clear reason. They write and sell network security products, intended to help detect and identify hackers or even spammers looking for open relays so that they can be investigated and possibly prosecuted. This was a case where anti-spam technology hurt the near opposite of the kind of people it was meant to. I don't think they ever succeeded in getting their addresses removed from the list. All the time that went by before they knew they were on the blackhole list nearly led them to bankrupty.
Re:IP banning
by
Anonymous Coward
·
· Score: 1, Interesting
Theyre not the only ones, a customer of mine had the same problem, fortunately we discovered it quickly and the RBL was very helpful. Apparently that RBL had blocked an entire dialup block that the provider (swbell) had reassigned to commercial entities.
It's a huge problem and RBL might do more harm than good.
Re:Distrustful of Network Level Censorship
by
Delta-9
·
· Score: 3, Interesting
"Your spam may be my correspondence"
Thats why I would recommend SpamAssassin. All spamassassin does is label the mail with a "spam level" it is then up to each individual user to filter out the spam at the user level, not at the server level.
A much better method for letting your 'correspondence' get through while other users spam doesn't.
Re:Just junk SMTP? Not Possible
by
Xerithane
·
· Score: 5, Interesting
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
Just like gopher with http? You can also add a plethora of validation ontop of SMTP. SMTP, as a protocol, isn't bad. It's possible to add validation, to only accept from SMTP servers that use some sort of valid key.
Then you get to keep SMTP, and slowly migrate servers. Setup a non-profit organization for distributing SMTP authentication keys that are unique to the mail server (think SSL) and if the mail comes from that server is spam, you just block that servers key. If the server doesn't have a key, put it into a validation list or send backa response saying they need to use a mail server that supports signed-SMTP.
Easy solution, not a complete overhaul of SMTP. The problem comes in with who signs the certificates, because then you have to trust the source that delivers them. Like Verisign, et al.
Re:Distrustful of Network Level Censorship
by
John+Hasler
·
· Score: 4, Interesting
> Your spam may be my correspondence -- I may want > to get mail from those whose conduct you find > abhorrent.
You _want_ to receive mail from the bastards that are forging my domain in their penis-enlargement ads and fake PayPal confirmation requests?
> Today, a network may responsibly be censoring > only unwanted and unsolicited commercial e-mail. > Next week, the powers-that-be-in-the-networks > start censoring geek news.
I'm the only power that is on my network.
> To protect our liberties, spam control should be > decentralized -- as close to the last mile as > possible.
Can't get any closer to the last mile then right here in my office.
> Yes, of course, this means that the supposed > great harm of spam -- huge volume transmissions > through the network
"Supposed"? More than half my email is spam. And that's on a shared dialup.
-- Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:Distrustful of Network Level Censorship
by
gfody
·
· Score: 2, Interesting
fact is, its impossible to determine if an email destined for your mail box is solicited or not. the server could tell you it just received 100,000 that look just like it.. but that doesn't change the fact that somebody sent you an email and you may or may not want to look at it.
unless you know for a fact that your not subscribed to any mailing lists so anything coming in bulk most definately isn't for you, then sure use the server's insight to filter those messages - but seriously there aren't many who fit in that category.
if you filter your email, you will get a false positive. its simply a matter of when.
--
bite my glorious golden ass.
Re:Distrustful of Network Level Censorship
by
Jahf
·
· Score: 5, Interesting
and SPAM is WORSE, WORSE, WORSE!
If you want to receive the junk, don't use one of those services, but I fail to see how someone else choosing -to- is a problem.
Your analogy is flawed. I have a choice to use AOL|Hotmail|MSN|spamassasin|etc and I pay for the connection to download, view, respond and delete my email (not to mention the time it takes out of my day). I don't have a choice whether or not to use the USPO and it takes FAR less of my time to sort out my real mail than it does email.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO analogy and would be throwing an utter FIT. But it isn't possible (is that a web page or a webmail, is that IMAP, is that secure IMAP, is that POP3, is that email tunnelled over SSH... no way).
Until there is legislation with -teeth- and a way for the little guy to prosecute you are not going to see many people agree with you about server side filtering.
-- It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
I run an SMTP server off my comcast cable connection... I've pretty much been learning as I go. Five weeks ago I began as a total novice, not knowing what an open relay was I spent 5 days with no authentication and as a result I was kind enough to forward some 22k messages offering investment advice.
As I've learned a little more about the process... I've found ORDB and MAPS to be pretty useful and successful when it comes to blocking open relays.
AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against.
There must be scope for a simple "Setting up your own mail server" FAQ.
"For ever[y] *legitimate* email message that comes from a dial-up IP address, I (honestly) get 10,000 + that are spam."
I'm quite sure that this is true... however I feel that the "people like you" comment is a little unfair. I would have thought that the more people that go through the process that I have over the last few weeks the better.
I now understand a LOT more about SMTP, I understand a lot more about spam and I undestand a lot more about the tools that exist on the internet to help me combat the issue... I also understand how I can interpret the log files from my server and extract information that I can use to contribute to combating the issue.
In your position I would probably make the same decision... it would be great to have a "test me" site that I could run my server through though that would allow me to participate with the larger community.
While I accept that as a novice I made some mistakes... I regret seeing my ability interact with many hosts on the internet crippled because of the actions of others.
Re:Distrustful of Network Level Censorship
by
gfody
·
· Score: 2, Interesting
the point is filtering is bad.
if your going to get a false positive why filter? as the hate for spam rises more people are saying fuck the false positive rate - which is a HUGE mistake.
why should I care of somebody is filtering THEIR email? because if im sending them a message, that is MY message.. if they don't see it then suddenly I have no voice.
spam is a real problem and filtering is not the solution.
--
bite my glorious golden ass.
Re:Read Your TOS.
by
Osrin
·
· Score: 2, Interesting
"for any business enterprise"
This is purely home use... only me an my wife using it for email. I'm within the bounds of my contract.
As for the other comments, I was expecting some, I openly admit that I threw the box up with little or no understanding of the technology.
RBL's and Firewalling
by
Anonynmous+Cow
·
· Score: 2, Interesting
I wrote a tiny little perl script that tails the maillog and firewalls (kinda teergrubes really) hosts who get a "554 Service Unavailable" more than 3 times.
I'm not coder, so it doesn't expire entries... I'm looking for someone to help make this work even better. I love the thought of causing spammers pain - and this could do that.
I think your experience mirrors that of many around spews.
If an ISP ignores / cans complaints they can get the runaround trying to get off. Once an ISP's abuse dept has developed and ongoing working relationship with net-abuse and a timely response to complaints things usually go much more smoothly.
The folks at spews are agressive no question (I happen to be blacklisted currently through zero fault of my own, netblock block). And some of the folks reporting (not spews admins) can describe things with a bit too much hyperbole. But in terms of evidence to back up blocks, and a group that largely gets it right and which some folks voluntarily use, spews does a neat job, and the heavy handed approach is surprisingly effective.
I also happen to like ordb and friends which do realtime automated testing that stirs up less of the personal stuff.
Slashdot Mirror
I though of this when it comes to SPAM:
Have a computer certified by another individual and create a public/private key for that computer. Do this step to create a network of ID's for the servers.
Now, have admins "Sign" a certain public text that allows servers to trust other servers.
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Of course, mail servers and clients would have to have different trust relationships ala ssh.
For them mail geeks: would this be feasible? I could see CPU load go rocket...
>for nominating spammer/hostile IP's
Also for nominating trusted IPs.
Another blacklist (with an appeals process). Run by a guy that made his millons selling eGroups to Yahoo!.
Dunno, this doesn't look too promising.
I have no interest in joining such a group. How long until they post $insanely_large_num of members as a way to try and prove the validity of their method? Bet they'll forget to mention how many members were dragged in kicking and screaming just to appeal placement on the list.
I know a local business that was hurt badly because the subnet that their ip addresses belonged to was added to a blackhole list. They only bought a few ip addresses and there happened to be a spammer on the same subnet. They never participated in sending spam and were never told that their ip address was blocked. Many of their emails simply did not arrive at their destinations, for no clear reason. They write and sell network security products, intended to help detect and identify hackers or even spammers looking for open relays so that they can be investigated and possibly prosecuted. This was a case where anti-spam technology hurt the near opposite of the kind of people it was meant to. I don't think they ever succeeded in getting their addresses removed from the list. All the time that went by before they knew they were on the blackhole list nearly led them to bankrupty.
"Your spam may be my correspondence"
Thats why I would recommend SpamAssassin. All spamassassin does is label the mail with a "spam level" it is then up to each individual user to filter out the spam at the user level, not at the server level.
A much better method for letting your 'correspondence' get through while other users spam doesn't.
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
Just like gopher with http? You can also add a plethora of validation ontop of SMTP. SMTP, as a protocol, isn't bad. It's possible to add validation, to only accept from SMTP servers that use some sort of valid key.
Then you get to keep SMTP, and slowly migrate servers. Setup a non-profit organization for distributing SMTP authentication keys that are unique to the mail server (think SSL) and if the mail comes from that server is spam, you just block that servers key. If the server doesn't have a key, put it into a validation list or send backa response saying they need to use a mail server that supports signed-SMTP.
Easy solution, not a complete overhaul of SMTP. The problem comes in with who signs the certificates, because then you have to trust the source that delivers them. Like Verisign, et al.
Dacels Jewelers can't be trusted.
> Your spam may be my correspondence -- I may want
> to get mail from those whose conduct you find
> abhorrent.
You _want_ to receive mail from the bastards that are forging my domain in their penis-enlargement ads and fake PayPal confirmation requests?
> Today, a network may responsibly be censoring
> only unwanted and unsolicited commercial e-mail.
> Next week, the powers-that-be-in-the-networks
> start censoring geek news.
I'm the only power that is on my network.
> To protect our liberties, spam control should be
> decentralized -- as close to the last mile as
> possible.
Can't get any closer to the last mile then right here in my office.
> Yes, of course, this means that the supposed
> great harm of spam -- huge volume transmissions
> through the network
"Supposed"? More than half my email is spam. And that's on a shared dialup.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
fact is, its impossible to determine if an email destined for your mail box is solicited or not. the server could tell you it just received 100,000 that look just like it.. but that doesn't change the fact that somebody sent you an email and you may or may not want to look at it.
unless you know for a fact that your not subscribed to any mailing lists so anything coming in bulk most definately isn't for you, then sure use the server's insight to filter those messages - but seriously there aren't many who fit in that category.
if you filter your email, you will get a false positive. its simply a matter of when.
bite my glorious golden ass.
and SPAM is WORSE, WORSE, WORSE!
... no way).
If you want to receive the junk, don't use one of those services, but I fail to see how someone else choosing -to- is a problem.
Your analogy is flawed. I have a choice to use AOL|Hotmail|MSN|spamassasin|etc and I pay for the connection to download, view, respond and delete my email (not to mention the time it takes out of my day). I don't have a choice whether or not to use the USPO and it takes FAR less of my time to sort out my real mail than it does email.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO analogy and would be throwing an utter FIT. But it isn't possible (is that a web page or a webmail, is that IMAP, is that secure IMAP, is that POP3, is that email tunnelled over SSH
Until there is legislation with -teeth- and a way for the little guy to prosecute you are not going to see many people agree with you about server side filtering.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
I run an SMTP server off my comcast cable connection... I've pretty much been learning as I go. Five weeks ago I began as a total novice, not knowing what an open relay was I spent 5 days with no authentication and as a result I was kind enough to forward some 22k messages offering investment advice. As I've learned a little more about the process... I've found ORDB and MAPS to be pretty useful and successful when it comes to blocking open relays. AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against. There must be scope for a simple "Setting up your own mail server" FAQ.
the point is filtering is bad.
if your going to get a false positive why filter?
as the hate for spam rises more people are saying fuck the false positive rate - which is a HUGE mistake.
why should I care of somebody is filtering THEIR email? because if im sending them a message, that is MY message.. if they don't see it then suddenly I have no voice.
spam is a real problem and filtering is not the solution.
bite my glorious golden ass.
"for any business enterprise" This is purely home use... only me an my wife using it for email. I'm within the bounds of my contract. As for the other comments, I was expecting some, I openly admit that I threw the box up with little or no understanding of the technology.
I wrote a tiny little perl script that tails the maillog and firewalls (kinda teergrubes really) hosts who get a "554 Service Unavailable" more than 3 times.
I'm not coder, so it doesn't expire entries... I'm looking for someone to help make this work even better. I love the thought of causing spammers pain - and this could do that.
You can get the script from my webpage at http://www.jasonjordan.com.au
e3 :: blogging the wireless freenet
I think your experience mirrors that of many around spews.
If an ISP ignores / cans complaints they can get the runaround trying to get off. Once an ISP's abuse dept has developed and ongoing working relationship with net-abuse and a timely response to complaints things usually go much more smoothly.
The folks at spews are agressive no question (I happen to be blacklisted currently through zero fault of my own, netblock block). And some of the folks reporting (not spews admins) can describe things with a bit too much hyperbole. But in terms of evidence to back up blocks, and a group that largely gets it right and which some folks voluntarily use, spews does a neat job, and the heavy handed approach is surprisingly effective.
I also happen to like ordb and friends which do realtime automated testing that stirs up less of the personal stuff.
Trustic I'm not sold on yet.