Slashdot Mirror

← Back to Stories (view on slashdot.org)

DoS Assaults Underway Against Spam Blocklists

Posted by CmdrTaco on from the the-attacks-keep-coming dept.

Hiawatha writes "The same sort of denial of service attacks that drove spam blocklist Osirusoft off the Internet are battering many other blocklist services as well." Apparently spammers aren't going to sit by and let people try to ignore their unwanted pitches.

6 of 797 comments (clear)

  1. SoBig by ifreakshow · · Score: 5, Interesting

    Earlier this week when people talked about the writer of SoBig leasing his virus network for spamming many people said spammers wouldn't want to be involved with virii/attacks. I think the DOSing of black list sites pretty much shows that the people sending spam have little moral problem with invading your computer to break the law.

  2. who says its spammers? by tongue · · Score: 5, Interesting

    what makes you think its spammers? there a plenty of legitimate email users with a beef against these fascists--me, for one. i had a domain on a subnet that's entirely blocked despite the fact that i don't have open relays nor have i ever done any kind of spamming. several of my clients within larger corporate structures couldn't receive email from me because some PHB read in DildoCTO Quarterly that these lists can stop spam--never mind the fact that they can stop any kind of legitimate email use as well. There were a LOT of times i'd wished i had had the wherewithal to undertake something like this; spammers or not, i applaud the culprits.

  3. Client-side blocking by jtoker · · Score: 5, Interesting

    I'm not too disappointed to hear of these new attacks. Conspiracy theories and the like aside, I'd rather have the responsibility for SPAM-blocking placed on the client side.

    Damnit, if I want a larger penis, then I should be able to read SPAM directed towards that. That being said, I'd much prefer if these SPAM services were forced to be opt-in.

    Unfortunately, client-side filtering doesn't adequately address the massive amounts of bandwidth consumed by SPAM operations. Nonetheless, the idea that an autonymous corporation/whatever can decide what is valid e-mail for ME is just as offensive, in my opinion, as e-mail advertising product/scam/idea X.

    Peas,
    j

  4. Blacklists ARE useful by Gothmolly · · Score: 5, Interesting

    Because you can reject mail at the SMTP level. I typically get about 70 emails a day to my own server. About 40-50 get denied by a DNS based filter on qmail (rblsmtpd). Which means on average, only 25 get through to Spamassassin, where another 15-20 are deleted due to high spam thresholds. Then I get about 5-8 real emails, and maybe 1 or 2 spams that make it through (which Mozilla mail promptly eats as spam).
    If I had to burn CPU to Bayes-classify all mails, it would bog me down more than I am now (running on Linux on an old PC).
    DNS based BL is useful because it doesn't even let it in the door.

    --
    I want to delete my account but Slashdot doesn't allow it.
  5. Evolution of a blacklist architecture. by emil · · Score: 5, Interesting
    • Centralization of the blacklist is bad. Therefore, the lists should be p2p.
    • Each blacklist should be signed by the maintainer's private key. The public keys should be kept in several well-known locations.
    • An application, running on a mailserver, should have options to:
      1. Download blacklists from specified upstream sources, preferably by rsync protocol, although even gzip would be an improvement over what we've had.
      2. Apply some or all of the blacklists to inbound messages.
      3. Offer the blacklists for further download.
      4. Automatically announce new blacklists, the recall of canceled blacklists, or newer/faster/replacement upstream blacklist servers.
    • The blacklist application should work with all major MTAs, including sendmail and exchange. It should be platform-neutral, and we should do what is necessary to get MS to package it on the CD.

    I can easily see web content filtering going the same way eventually.

  6. Re:It's illegal by mabu · · Score: 5, Interesting

    A friend of mine who runs an ISP filed a case with the FBI. He had all the evidence, he had $100,000+ worth of damage he could prove. The case was meticulously documented. The FBI felt it was a rock solid case. They presented it to the DAs in multiple juridictions and they refused to prosecute or pursue the case. He even had the perps home address and telephone number and enough evidence to link him to credit card fraud, attacks on major corporations and much more, and the authorities blew the case off and didn't take action.