Slashdot Mirror
DoS Assaults Underway Against Spam Blocklists
Hiawatha writes "The same sort of denial of service attacks that drove spam blocklist Osirusoft off the Internet are battering many other blocklist services as well." Apparently spammers aren't going to sit by and let people try to ignore their unwanted pitches.
Apparently spammers aren't going to sit by...
Has anyone stopped to think that maybe it's not spammers who are doing this? I hate spam with a passion, but words cannot describe my pleasure in seeing these blacklists, especially SPEWS, shut down. They are pure evil in their methods, and largely ineffective against spam while causing massive inconvenience for ISPs and legitimate users of the network.
All of these centralized blacklists have made so many enemies in their history that any finger pointing is simply laughable. They have made powerful enemies, including the large ISPs who happen to be the only ones that in a position to stem these attacks. This is not your normal DDOS: it is not only the originators of the DDOS, but the very network itself that wants them destroyed!
I'm not condoning this DDoS, but the perpetrator is probably just some sysadmin running a legitimate, secure server that found its way onto some blacklists and got frustrated by all the red tape getting off the lists. This may be his last hope to get off their list.
I wonder how many people really rely on blacklists anymore. I've tried using them before only to find out that over half of my legitimate email was being filtered and a significant amount of spam was still getting through.
Bayesian is the only affective method I've seen for significant spam reduction.
So when do we get to launch our DDoS against the spammers again?
ELOI, ELOI, LAMA SABACHTHANI!?
Would someone please remind the federal government that DOS attacks are illegal? Anyone want to encourage them to take action against these people? Can they stop playing golf long enough to do their job?
Althought he presents a valid arguement, WE DONT WANT TO HEAR THAT!
It may be easier to just go to white-listing or have some people go to a pay per e-mail thing (or spend computational time on protein-folding, as suggested earlier).
Apparently spammers aren't going to sit by and let people try to ignore their unwanted pitches.Too bad my users and I are behind a trained spamassassin, then, eh?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Of course it probably is spammers, but it wouldn't suprise me if some people who've had themselves blacklisted unfairly would like to ddos some blacklist servers into the beyond.
Personally I don't believe blacklists are the way to go, I think simply intelligent filtering should be installed wherever possible, and eventually spam will die out. I know spammers are smart and work their way around all sorts of blocks, but so are we, and there's a lot more of us than there are of them.
ObDisc:Don't bother flaming me about "collateral damage" or any of that crap, since I'm not the one ddosing the servers, and I've yet to find myself blacklisted, so I'm not interested.
Send lawyers, guns, and money!
Earlier this week when people talked about the writer of SoBig leasing his virus network for spamming many people said spammers wouldn't want to be involved with virii/attacks. I think the DOSing of black list sites pretty much shows that the people sending spam have little moral problem with invading your computer to break the law.
Why don't we just offer all the main spammers a free seminar on some small island in the south pacific or somewhere where no one will care, then when they all get there..
:)
NUKE IT!!!
Problem solved
K Man
I wonder... Is it the people who are paying for the SPAM also paying for these attacks? I can imagine a campaign among these sleazeballs drumming up support for a DDOS of the spam blacklists...
Just my act-now-to-get-a-six-foot-penis worth...
RickTheWizKid
what makes you think its spammers? there a plenty of legitimate email users with a beef against these fascists--me, for one. i had a domain on a subnet that's entirely blocked despite the fact that i don't have open relays nor have i ever done any kind of spamming. several of my clients within larger corporate structures couldn't receive email from me because some PHB read in DildoCTO Quarterly that these lists can stop spam--never mind the fact that they can stop any kind of legitimate email use as well. There were a LOT of times i'd wished i had had the wherewithal to undertake something like this; spammers or not, i applaud the culprits.
Bad for them. The main reason for creating centralized blocklists was so people who reformed, or who kicked spammers off their blocks, could have their IPs relisted without having to worry that random admins had hardcoded filters into their routers. One central source for listing, one central source for delisting.
If they succeed in negating the value of centralized blocklists, guess what - admins will go back to blacklisting blocks manually. Those IP blocks will become useless once enough people add them to their blocklists, and there won't be any easy way of redeeming them.
Anyone who wants to get internet access better get a clause in their contract guaranteeing that the IPs they get weren't abused by someone in the past, or else they might be getting a useless connection.
This is an act of desparation on the part of spammers that proves the anti-spammers are winning the battle. Fortunately, the next phase of the "war" is moving away from blacklists and focusing on technologies that are user-based and user-specific, such as Bayesian filtering. There is no level of DDoS attack that can stop that battle.
"Spam, spam, spam, spam. Lovely spam, wonderful... Ow! Ow! Stop that! Bad spam! Ow! That hurts!"
In Soviet Russia, Jesus asks: "What Would You Do?"
Impressive.
Hopefully there isn't a slashdot story linking to them any time soon!
Why are there only 19 people folding@home for slashdot?
Spammers HAVE to have a weaknes. .
I find most people, when a hammer is liberally applied to the head, find their weakness to be blunt objects.
They tend to dislike them.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Might need to move these block lists onto a distributed network. If lists were sent out via a Gnutella- or BitTorrent-like system, using digital signatures to verify authenticity, it'd be impossible to DoS.
Anyone else have a wilder guess?
Sunspots
Finkployd
Yeah only the mob has such sophisticated tools at their disposal, and obviously employ the most fiendishly clever hackers on the planet.
As others have pointed out, there are a lot of people who hate these little censor lists, their arbitrary and often politically motivated "blacklisting".
With these folks, the cure is often worse than the disease. Now instead of your company "losing revenue" due to spam, you lose clients due to their inability to contact you.
I don't need no instructions to know how to rock!!!!
Everyone appears to want to direct mod power today, so why not?
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
So, these services figured out how to non-effectively block spam, now they should release something that non-effectively blocks DoS attacks.
What is slashdot?
blacklists might not be the best defense we have. .they sure aren't perfect. .but ddos'ing them is childish.
The fundamental problem is that SPAM WORKS.
What we need is soem silly grass-roots movement/boycott to get people to STOP doing business with companies that adverstise with UBE.
If spam didn't work, they wouldn't send it.
I'm not too disappointed to hear of these new attacks. Conspiracy theories and the like aside, I'd rather have the responsibility for SPAM-blocking placed on the client side.
Damnit, if I want a larger penis, then I should be able to read SPAM directed towards that. That being said, I'd much prefer if these SPAM services were forced to be opt-in.
Unfortunately, client-side filtering doesn't adequately address the massive amounts of bandwidth consumed by SPAM operations. Nonetheless, the idea that an autonymous corporation/whatever can decide what is valid e-mail for ME is just as offensive, in my opinion, as e-mail advertising product/scam/idea X.
Peas,
j
[sarcasm]
Well, spammers has varies "online marketing association" that owns the ears of some politicians in the capital. And the anti-spammers has...?
[/sarcasm]
Attack against anti-spammers is a vigilanti action. Attack against spammers is a federal felony.
ELOI, ELOI, LAMA SABACHTHANI!?
Just Mod the damn thing.
Because you can reject mail at the SMTP level. I typically get about 70 emails a day to my own server. About 40-50 get denied by a DNS based filter on qmail (rblsmtpd). Which means on average, only 25 get through to Spamassassin, where another 15-20 are deleted due to high spam thresholds. Then I get about 5-8 real emails, and maybe 1 or 2 spams that make it through (which Mozilla mail promptly eats as spam).
If I had to burn CPU to Bayes-classify all mails, it would bog me down more than I am now (running on Linux on an old PC).
DNS based BL is useful because it doesn't even let it in the door.
I want to delete my account but Slashdot doesn't allow it.
How can he be whoring for karma if he posted AC?
From the article: In a technique called a "distributed denial of service attack," vandals exploit security flaws to plant programs, called "Trojan arses," on thousands of Internet-connected computers. They then order the Trojan arse programs to spew useless data at a targeted machine.
The mental image of a bunch of Greek soldiers pouring from the sphincter of a huge, wooden butt is just too funny for words.
~Philly
The FBI ought to make this a priority. Instead they're probably busy investigating some company's claims to have lost $100k to an intrusion. That kind of damage figure is a gross overestimation 99% of the time... e.g. the IT people weren't going to be overly productive doing something else (rather than investigate the attack) anyways. Instead, here you have tens of thousands of people losing real value. The economic definition of value lost to a nuisance is the maximum amount of money you'd be willing to pay to get rid of the nuisance. I'd personally be willing to pay up to $500 a year to get rid of spam permanently (to anyone but the spammer of course.) Assuming that the average RBL user's a little less sensitive than I am, say, at $100 a year, that's still $1 million for just 10,000 RBL users, and I'm sure there are at least that many mail server operators that use the lists, let alone spam-sensitive users on those servers.
Organized crime? hardly. Maybe it's just another group of bored script kiddies...
ELOI, ELOI, LAMA SABACHTHANI!?
The FBI (who have jurisdiction) don't investigate crimes with less than $25,000 provable damages. Well, that or $25,000 in campaign contributions. Either way, the blocklist maintainers (who all work pro bono publico) can't prove the damages, so the law effectively doesn't apply.
Lacking <sarcasm> tags,
He would know. He already has links with Organized Crime
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
It's the equivalent of having 100,000 people pound the same ass hole, over and over, at the same time. Such attacks can knock a computer offline simply by swamping it with more data than it can handle.
Hahaha! Too bad that was not in the real article.
--fatboy
I bet its Kevin!
My user number is prime. Is yours?
Good riddance, I say. I sure won't miss them.
Go to nana-e, and they'll tell you that robots from space run SPEWS, and there's no way to get a hold of them. They start with Class C's, then progress to banning class A's. Some of the crazies who post on nana-e even have the whole country of Brazil banned on their private lists. SPEWS had information too on DNS blackholing (i.e. preventing your users from going to internet sites) and on HTTP blocking. If it was anyone else (the government) who was advocating this, people would be outraged.
the internet has become self-aware.. these aren't trojans and virii that we see.. (well, they are, but) we're seeing the Internot wake up. It's practicing by attacking blacklists.. since they prevent full unfettered emailing. Network Packets have become the flowing nuerons of it's killer Internett brain.. all these random SoBigs and Slammer.Dongs are multiplying to the point where sentient behaviour must emerge!!!!
HAAHAHAHAHAHAHAHAAHAHAHA@@@@#!!  ; you beloNG TO THE INTERRRNOTT@@!!
Maybe this is the SoBig.F zombies at work. They have awakened from their "sleeper cells". There was a rummor that they were going to be used by spammers -- but not in this way.
"Mod up, not down" in action...
I pulled up the original article, and it looks like the karmawhore who posted the text may have had a little fun with it.
Even if you happen to like the blocklists and agree with their methods, it's clearly irresponsible to assume they're being attacked by spammers -- there are a lot of non-spammers who would love to take them out.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
I know it sounds heartless, but as a group, blacklists are becoming less-useful by the minute.
If they were all to disappear today, it would only speed the adoption of much more valuable tools against spam, namely bayesian-type filters that are far more effective.
This is the silliest thing I ever expected to read in a spam story...
pamcop's Haight theorizes that the increasingly sophisticated attacks suggest a link with organized crime, but admits he hasn't a shred of evidence.
Anyone else have a wilder guess?
Yes. It's Aliens launching a denial of service attack in advance of their assimilation of the human race. This is clear and obvious to the most casual observer, although I don't have a shred of evidence to support this notion.
The Future of Human Evolution: Autonomy
Theory: aliens
Evidence: Insider information.
-- taking over the world, we are.
.. cryptographically sign or hash the blacklist databases, and let mail admins p2p/rsync them..
Still, the only workable solution is cryptographically-secure signatures, probably with a SSL/TLS set of root certs.
Hell, sounds like a job for the post office! Keep it relevant in the age of email..
Actually there could be some credibility to this, as much of the spam is porn-related and organized crime is involved in the net porn industry. Apparently its a good way to launder money.
Mod it down?
:)
Hell, this is the funniest thing I've seen all week!
Out of order? Fuck! Even in the future nothing works! - Dark Helmet (Rick Moranis) "Spaceballs"
And depending on just Bayesian filtering is putting all of your eggs in one basket, IMHO (though it is a pretty darn good basket). There are many spammers out there trying to poison Bayes databases by adding random dictonary words to their HTML based emails.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
At least such attacks are more easily prosecutable.
(8-DCS)
Just in case I was missing some new nomenclature, I checked Google. 'Spam Blacklist' yields 63,700 results and a category (Computers > Internet > Abuse > Spam > Blacklists) whereas 'Spam blocklist' yields 3,9600 results. Oddly, it is used at least a little: there's a blocklist.com, for example.
just turn it into a survival-type tv show, where each contestant has to fight over the use of ONE computer terminal.
and don't forget to place a lot of weapons caches all around the island.
the best solutions we currently have.
Blacklists by their very design have a HIGH false-positive ratio. How is that a "best solution"? I don't even think it's a "so-so solution." I'd call it a "horrible solution." On top of that, they are easily avoided.
Content filters are the next level of spam protection. It doesn't matter where the email came from, if you're trying to sell me a 12" dong I won't accept it. This is the only thing that will save us from a large P2P spam network.
Or, like in some short story read years ago (Arthur C. Clarke maybe?) the network has developed consciousness and is doing its own thing.
Nah, its the Spam company ...
Don't go to a brothel if you want to buy broth
-1 REDUNDANT IT IS NOT GETTING SLASHDOTTED
So we should wait until a site is completely overloaded before anyone tries to post the content? You do like DoS attacks, don't you?
Has there ever been studies on who responds to spam, and why?
I can easily see web content filtering going the same way eventually.
If people would only take a few minutes out of their day to READ spam rather than just trying to block it en mass, spammers wouldn't have to resort to this!
1) Your analysis is based on bad assumptions so your result is way off. 2) You're a sick bastard for fucking a horse.
People need to understand two reasons why they get spam and DDOS attacks:
1. The backbone providers make money based on bandwidth consumption. They don't care whether the traffic is legitimate or not. It's in their financial interest to not take action against DOS/DDOS attacks and they don't. Many top-level providers will not even intervene unless a lower-level ISP's pipes are completely saturated, even if they complain about a DOS attack.
It would be so easy for the backbone providers to implement temporary blocking of DDOS attacks. These types of attacks are identifiable and the whole procedure could be automated and authenticated, but the top-level ISPs make money off spam and illegal DOS/DDOS activity. People need to petition the backbones to start taking responsibility and implmenting measures to shut down networks that have rogue systems consuming illegitimate bandwidth.
2. The local and federal governments do not effectively (if at all) enforce the plethora of existing computer tampering/break in/attack laws that are already on the books. These attacks CAN be tracked. The law enforcement agencies are either ignorant, unmotivated or unwilling to take action.
No new laws are needed. There are plenty of existing laws on the books right now to justify criminal prosecution of these attackers, which don't merely attack relay blacklists, but every other network along the way, making everyone suffer, including systems that don't use blacklists.
We need to hold the proper people accountable for not using the existing legal system to stop this; we need to hold the top-level providers responsible for allowing a majority of the traffic they bill their clients for to be unauthorized and illegitimate.
Imagine if 70% of the time you picked up your telephone someone else was using it? This is what's happening with Internet bandwidth.
There's no connection proven yet between the ddos and spammers. That's like the fact that no WMDs being found proves they're there and hidden.
Where did you learn to draw conclusions, from the president?;)
Bill
Upon seeing the box was too small, Schrodinger's Elephant breathed a sigh of relief.
Maybe they did ;)
--
Out of order? Fuck! Even in the future nothing works! - Dark Helmet (Rick Moranis) "Spaceballs"
employ the most fiendishly clever hackers on the planet
Everybody knows that's the Chinese military. Duh.
====
Crudely Drawn Games
Also has a major downfall -- it prevents people from contacting you for the first time. So yes, it blocks all spam - but also all legit traffic from people you've never heard from before.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
Finally this is our chance to make Congress liken spammers to cyber-terrorists, and for a reason politicians fear and know well enough to do something about it: "Now some of the spammers are even building a network of worm-ridden computers, possibly at the fingertips of a madman who is willing to do anything for money, and may only be waiting to turn them into Weapons of Mass Disruption, wreaking havoc to the Nation, the Internet, and e-mail as we know it..." (spooky, huh? ;-))
Outlaw spammers, put an end to spam. Sometimes it's as simple as that. (And it works: Haven't seen much fax spam for years...)
Just be "Mr. Concerned Citizen" for once and send articles like this to your congresscritter now. Let them know what spammers have already done "to your kids" (rather omit the "to your p...s" part even if you've ordered their pills and pumps) "and to your computers".
...SomethingAwful claims VICTORY!
War was beginning...
Nothing quite so enjoyable as flogging an expired equine mammal on a quiet Thursday afternoon...
ehintz
You can't really poison a Bayesian database this way.
As the anti spam officer in a Major ISP in India, I have no problems with blocklists as such. But the people who maintain the blacklists also has a responsibility to correct their mistakes immediatly. They must listen to people who maintain networks and if a machine is wrongly listed they must remove it. The procedure for taking out a machine from blacklists must be documented and verifiable.
We have a large cable network, and there are 3 4 trouble making customers. We do allow people to run their own mail servers. But that also means that some customers misuse it to send spam. It takes us a day or 2 to shut down the spammer, and by then the C bloc will be listed in some black holes.
Now de listing it becomes a major pain if the black holes are not responsive. If the procedures are well documented life of ISPs become much easir.
and no we have not considered denying the freedom of our customers to run their own outgoing mail servers. one or two random spammers cannot force us to deny that freedom to majority of legitimate users in our network.
raj
Sarovar.org Hosting for open source projects in Indi
Spam does not bother me half as much as the fact that the true sender of said spam is easily able to disguise the origin of said spam by forging headers and spoofing, bouncing, relaying. (I.E. -- taking advantage of a bad set of protoccols that should not be in use anymore.) The first step to fixing the spam problem should be a mass adoption of protocols that make it imbossible to determine the origin and owner of the offending piece of data.
Let the spam battles of the future be fought in open view, collesium style rather than a thief in the night shooting you in the back.
(+1 Funny) only if I laugh out loud.
The farther you let junk travel into the system, the worst your problem is. Bayesian is hard to apply at the network level, you must leave it to the individual users, causing a twofold problem: you keep letting the scum of Earth parasite your network (if you are an ISP) and you expand the processing needs of the end user (ever saw Mozilla Mail "think" for a couple of minutes after you mark one or two email as junk?). This is undesirable.
Lists work pretty well. They ocasionally piss people off, but the cost-benefit ratio is still largely on their side.
I'm getting a bit tired of people applauding DOS attacks on blocklists. Many of us run small mail servers for ourselves and/or small companies where EVERYONE who recieves email is in agreement that blocking spam is the right thing to do. When everyone chooses to do this, it's not censorship. Seriously -- the volume of spam is overwhelming, and in a small business there is no one delegate managing email to, and it's consuming precious bandwidth. Spam is the problem, not block lists. No spam, no blocklists, simple as that.
My server has seen as many as 500 spams a day directed at it -- for just two email accounts releated to my business. I had little choice but to elect to use drastic measures and escalate them until the spam became manageable -- and the best defense due to bandwidth issues (we run on just 128K because that's all that's available to us) is blocklists. The problem has been so bad that I maintain an internal block list that uses iptables to simply not route packets from IP blocks (/24) for any email that gets through the first layer of blocklists that sendmail checks.
Osirusoft in particular was very, very useful to me, because they maintained a number of DNS mirrors of other blocklists, so you could pick and choose how drastic you wished your blocking to be. I will miss their service greatly -- and can already notice it as my spam has doubled since it was removed from my sendmail config.
Without blocklists, email for my small business at least would be useless. I know that I've lost business using them, but I'd lose more business/time/money without -- there's no friggin' way I'm going to search through (and accept the bandwidth hit from) five hundred messages to find the few legitimate ones and still have time to get real work done.
Blocklists are vigilante defense, if not vigilante justice. Vigilante justice is justice meted out by self-appointed individuals or groups. Blocklists aren't, for the most part, trying to punish/mete out justice to spammers. They're just trying to block the flow of spam.
But they are self-appointed and work according to a set of informal rules that they adhere to voluntarily. That sounds like vigilante to me.
I'm not saying this as criticism, but simply as a description of what is going on. I maintain a procmail-based spam filter with a fair number of users, and it supports various blocklists. I'm not anti-blocklist, to put it mildly.
At the same time, I think most anti-spammers would like to see a less chaotic means of fighting back against spam. Most of us are just trying to hang on until various governments wake up and realize what spam is doing to the Internet, and start taking it seriously as a conversion of resources that the spammers do not own. Theft, in other words. :/
Catherine
As the blocklist lists more sites/providers, then it stands to reason those sites will follow the trail back to the blocklist, such as Osirusoft or SPEWS, in order to get information regarding their inclusion in that list, and how to get delisted. (Reference: The "Slashdot Effect).
I noticed that Joe Jared mentions his other site as a collateral casualty of the DDoS. Now where did I hear the term "collateral damage" before? As a provider of SPEWS blocklists, that would in effect make him as accountable as SPEWS, to use their own twisted logic of "a customer of an ISP is as guilty of spamming as the spammer themselves".
We do not condone any DDoS attack, nor do we condone the actions of SPEWS. The demise of Osirusoft demonstrates that unaccountable "vigilantism" does nothing to stem the tide of unwanted commercial emails and as stated in previous posts regarding spam, more rational discussion should be forthcoming, with real solutions, rather than the tactics used by the blocklists that would hack down the forest to fell one tree.
Pete Carr Owner Chatmag.com
Invade all ISP's, and hunt down WOMDs (Weapons of Mass DenialofService). If we don't find any, we'll blame it on faulty intelligence overseas.
I would bet in the Al Quaeda, the aliens from planet Zoron or the government of Sb0rnia
how long until
This is WAR. Spammers will stoop to any level to get their crap into people's mailboxes, and now the blacklists are giving into their guerilla tactics - I say keep fighting, eventually they will figure out where the attack is coming from, and shut the damn thing down. We must never give up fighting spam, at any cost.
Since an article here yesterday pointed out that viruses are actually good for us, I suppose we must now conclude that spamming is good for us too, because it helps strengthen our anti-spamming ability.
Now I feel much better.
I personally HAVE been blacklisted (by ordb.org) and once I cleared up the problem (some ability to relay) I was let out. This took 2 hours total, so I feel comfortable USING ordb.org myself, now that I am responsible for protecting a large network from spam. I also use spamassassin, quarantining and a number of other methods to prevent false positives, and we do notify once you get past spamassassin.
If I did not use SOME rbl though, I would be sending out 6000 spam blocking notification messages a day mostly to people who aren't there or are not the real sender. Since I block things prior to getting through postfix, I am able to send them back a clear informative message on the blockage, DURING the transmission.
In any case, I have heard of lots of bad stuff about SPEWS and all but my experience with spamhaus and ordb are that both help block alot of mail, and are responsible with their efforts.
In any case, it is my business (and my company's business of course) how we handle our incoming stream. If we choose to use a blacklist that is our right. As it waspointed out, we could always create our own (It is pretty easy to create a dnsbased one even to share with a few friends or whatnot)...
No one is going to be able to stop ALL blacklists, but by attacking the large centralized ones, it does not IMPROVE the ability to get taken off an RBL. It just makes it harder really.
If you will present me with your name, address and phone number, I will find you and we can settle this whole spam problem mano a mano. Any takers? ;) I suggest that the rest of the Slashdot community follow my lead.
Un-news
This morning around 6:30AM MST, the spam levels on our work server dropped from ~800 spam/hr to ~35/hr. They'd been hovering at the 800 level for more than a week (most are not actualy spam, but "bounces" from SoBig.F faking our domain as the From address). It's staying right around 35 still about 7 hours later..
Not complaining, but very strange nonetheless!
Yes I was going for funny. Of course I don't approve of the mass murder of people, I was mearly making a joke.
K Man
Perhaps it's Something Awful that's doing it?
Fark seems to think so.
(Ever feel like you're writing for memepool or Everything2? I sure do!)
A quote of an earlier comment:
" Go to nana-e, and they'll tell you that robots from space run SPEWS, and there's no way to get a hold of them. They start with Class C's, then progress to banning class A's. Some of the crazies who post on nana-e even have the whole country of Brazil banned on their private lists. SPEWS had information too on DNS blackholing (i.e. preventing your users from going to internet sites) and on HTTP blocking. If it was anyone else (the government) who was advocating this, people would be outraged."
i.e. no matter how hard one tries, there is still a great chance of getting screwed by these vigilantes.
retrorocket.o not found, launch anyway?
Not that I disagree with them.
0 5
http://www.somethingawful.com/articles.php?a=16
Very funny.
Vanuatu.
You know what?
on that.
http://www.baarbd.org - bay area adventure racing
I took over an SMTP server that was an open relay. Spam had been relayed, so the server was blacklisted. I secured the server, contacted the various blacklists, and the server was removed from the blacklists. I had no problem with any of the blacklists, and had no problem getting the server removed. Of course I was polite, and I went through the appropriate channels...
The volume of spam is sufficient without removing the blacklists.
You got me into this! You were the ideologue! I'm only a poor assassin! - Twenty evocations, Bruce Sterling
Stop trying to enlarge your penis, spy on your neighbors, or accept business advice from a Nigerian!
Personally im just really sick of spam as Im getting it shoved down my throat in exceedingly excessive volume everyday.. There should be vigilanty action against spammers, just like what they (or someone on theyre behalf) is doing to us.
Put it this way, if the blocklists were properly funded, I'd bet they could pay people to actually check each business out, and respond quickly. Therefore, it would seem to me that the following methods should be available:
(1) Pay $$$ to get reviewed immediately. That money shouldn't be small either. As an ISP, you pass this on to the customer, by making him post bond if he wants his own email server. That bond equals the money it costs to get you removed quickly.
(2) Don't pay $$$, and get reviewed at leisure.
If you suggested that, I'm pretty sure the blocklists would respond.
That said, I strongly suspect that this is the spammers, and they are going to win this round. They won't win long term; nor will those who sell them spam facilities.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
The mods are expressed in percentages to obfuscate editor modbombing. The post of doom showed hundreds of moderations that made it obvious that unlimited points were being used--and the editors learned their lesson.
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
We use Spam Assasin on Sendmail. We have Sendmail configured so that when a message is positively identified as spam, we automatically update our local access file to blacklist the entire class C of the relay host.
I have been watching this closely for several weeks. Originally, I thought there would be trouble -- surely we would nail some legitimate networks and have to unblock them. But NOOOOO! Every day we reject more and more via the local blacklist and it's always the evildoers. I don't think anyone needs a DNS-based blacklist, all you have to do is harvest the power of the spam data you already have.
How about new new virus that replies to all the spam in your inbox and asks the spammers if they want to add inches to their penis? SoBig.P?
---
Lousy rotten karmic retribution.
If you are retrieving a blacklist from a site that is that is down, remove it ASAP. When I first started as net admin here I was getting a lot of complaints about people not being able to receive email from other companies. After learning how our mail server worked I realized that the smtp daemon was getting blacklists from a big list of servers. What I didn't realize was that more than half of those servers where down. This was making the smtp daemon take forever to respond, which caused a lot companies mail servers to timeout when they connected to us. Removing the servers that were down fixed the problem.
"The Internet is a fad."
A clever person solves a problem. A wise person avoids it. -- Einstein
I was polite about it in (the beginning) as well. When this whole ordeal began I was a fan of blacklists and thought that they were great. However, the problem is that in 6 months, I have not received a single communication from them. For all that I know, the e-mail link on their page is broken. I followed the instuctions on their site exactly and still nothing. Perhaps it is just this Blacklist that is the problem, but it has been a nightmare for me. YMMV. Anyway, my opinion of black ists has shifted dramatically. They just are not the answer to the problem.
The Tools Of Ignorance wanna be a tool?
What are these classes you speak off?
OH. You mean those things we used back before CIDR was implemented in the mid-nineties?
I hate spam with a passion, but I feel equally about any mail admin that looks to blacklists to do all their work for them. If you happen to run your own mail server, and you are the only one expecting mail through it, then do whatever you want. But if there are people at the end of your mail server that are expecting mail to pass through and you are blocking it "on their behalf", then I hope you lose your job.
Don't expect people to pat you on the back when you have to tell them that the mail they're expecting isn't coming through because you happen to be blocking IPs in a particular range.
Good riddance, I say.
"The market alone cannot provide sufficient constraints on corporation's penchant to cause harm." -- Joel Bakan
A malfunctioning IP blacklist will give a message more points, but only a fraction necessary to send the message to dev/null
Thought of in another way is that the decision of whether the message is spam or not is distributed among lots of "decision makers" The weight of those decision makers is determined by the number of points they are allowed to assign to a given message.
We also use Spam Sleuth Enterprise to protect our server from SoBig.F. We just look for the text "X-MailScanner: Found to be clean" and set it to enough points to delete the message. It takes the load off of our internal servers.
Hope this helps somebody.
... against our mail servers.
They are eating up resources that we, or our customers / users, should be rightly using.
How do you stop a DoS attack? You block the offending IP's.
That's what the block lists allow mail server operators to do.
Whenever you receive spam promoting a web site, just (automatically) hit that web site, downloading the home page, all graphics, follow a link, repeat ad bandwium. Maybe some kind of distributed system can be set up so that when many people detect spam for a certain web site, it's automatically "visited" by everybody. Distributed slashdotting!
You know, the one about the customer list of a business selling stuff via spam?
Scary stuff, and it just indicates how bad the problem is - all kinds of people actually do click on those links in the spam e-mails and actually do buy stuff. Scary. There's no way to prevent dangerously insane gullibility, although that would be a good first step towards fixing the spam problem.
Unfortunately, spammers are like bad apples - when they find a spam-friendly ISP, they tend to conglomerate. Second, you don't think that individual SysAdmins will do worse? At least with centralized blocklists, you can be removed. Try that with a ton of individual admins.
-Looking for a job as a materials chemist or multivariat
I think the solution is to make e-mail more expensive. A simple way to do this is to have the remote host work a difficult problem and respond with the correct response. A difficult problem could take the form of a brute force attack against a secret that has been encrypted using a small key. For example when the remote host connects to my machine I would respond with something like
220: sdiofuowqihr8o23nisdfhoqwienroqwerinqweo
Then I would wait for something like
SCRT this was the secret
My server would know the secret it sent over, the remote machine would require a reasonable amount of resources to decrypt the secret, making such transactions undesirable to spammers. I could even have a "white list" of sorts where I use a shorter key for IP address I trust and a longer key for IP addresses that are new to me. Just my $.02
This is the web. Publicize it and draw attention to the problem. Advocate not using that particular blocklist.
Without spamming, of course.
posted his personal info on slashdot. The last few times I've seen it happen it's gotten some amusing results.
Give us the home mailing address of the spammer, our response will be "in the mail" in no time!!
Including names and addresses. The list claims that these 200 spammers create 90% of the world's spam.
Have fun.
Tech Public Policy stuff
Here's an interesting problem. The spammers spam because in a billion e-mails one or two people give a positive response... that's enough to justify trillions of e-mails. The blocking of a paltry billion or so e-mails is enough to justify trillions of packets in a DDoS attack.
So one positive response in a trillion negative or null responses is enough to justify the wrath of a trillion DDoS packets on hundreds of servers.
How do you remove the desire to perform such a futile and repugnant act as spamming when such small positive reinforcement causes such profound tenacity for spewing forth volumes of wretched bile on innocent masses merely seeking to expunge said bile?
The crux of the problem is that communication is now so cheap that it is easy to waste. If communication were more valuable people would spend more time on it. If you had to pay for each e-mail in some way you wouldn't recklessly waste them.
I propose we start charging the sender for each e-mail... but not money. I propose we charge each sender for each e-mail they send a percentage of their soul.
Each e-mail you send would slowly drain away your soul until you were nothing but a dried out husk. Sort of like Slashdot.
[signature]
Yes, many have the entirety of Brazil blocked. And for good reason, too. Doing so cuts out a huge chunk of spam and reduces the costs on the receiving mail servers and networks noticeably. It works.
The problem is that most of Brazil is served by one big telco monopoly that is operated entirely incompetently. That doesn't necessarily mean each person in that company is incompetent, but those that are not are surely aware of their inability to do the right thing and stop the spam.
Some people even blocked all of 200/8.
Now I don't actually agree with the actions those people did. What I did was scan those networks for patterns and figured out specific domains to block. I'm getting most of the effectiveness without the false positives. I do have almost all the cable modem and dynamic DSL lines blocked as best as I can.
But the real goal is to get spammers disconnected so they can't even send a SYN packet, much less make an SMTP connection. You have a better idea that meets those goals that what is being done now? If so, post it.
now we need to go OSS in diesel cars
We have been using Roaring Penguin's commercial Mimedefang & Spamassassin combination, called "CanIt" for around a month now. ( Interestingly enough, Roaring Penguin seems unreachable at the moment. Hmmmmmm... )
:)
It's incredibly effective. You can set up custom rules for identifying spam ( regex supported ), and the whole thing has a nice PHP-based interface. It was pretty easy to convince management that we needed it - typically management get the most spam anyway. And it's good to support a company pushing open source software
Previously I was using blacklists and my own ip-address list with iptables, but it just became too much, and this has dropped our spam from ridiculous levels to basically nothing.
Well worth a look...
I know that we all do not like spammers, but this guy is advocating the mass murder of hundreds, perhaps thousands, of people.
Spammers != "people"
STOP MISUSING APOSTROPHES, YOU MORONS!!!
will put a stop to this shit.
No repeat offenders. Public hangings, broadcast on ALL television stations. Cable, OTA, satellite, whatever else there is. Mandatory viewing. Interrupt ALL programming, including little childrens cartoons, porno movies, PPV's, everything. FORCE everyone to view these executions and I assure you that less than a dozen will have to be executed before all spamming comes to a dead halt.
Also, vigilante justice should be the rule of the day. Catch a spammer (and hackerz) in person, terminate him (or her) right there.
The public executions will be reserved for those spammers that the official law enforcement agencies catch.
Law abiding citizens should carry handguns and should SHOOT TO KILL lawbreakers as the need arises.
Quit crying about crime, arm yourselves and fight back..
What happens then?
Individual systems and networks administrators block spammy networks.
This unfortunately means duplication of efforts, of course... but if it's what has to be done, it will be done.
And then, when Joe ISP's customers complain that their mail is bouncing or being blackholed, instead of having to do the legwork to get off a few large, well-known blacklists... Joe can go around to thousands or millions of individual sites that have his network blocked.
Frying pan, fire, etc. I pity the ISP's.
Personally, I don't care what steps they take to stop SPAM. If people took the time to inform spammers to just add a mandatory remove list to each spam (THAT WORKED!) I would say SPEWS are unnecessary. However, with the amount of junk I receive and have to filter everyday, I think SPEWs are doing what is necessary to wake spammers up. The fact that they bulk with fake accounts and are genreally sending you unwanted adsthem no sympathy from me. They didn't ask me if I wanted their bullshit... so why would I care if SPEWs persecute them on the highest level.
Spam really brings out the worst in everyone - both those who recieve it, those who fight it, and those who send it.
/. belong to this group, but I would include myself.
But there are some mature Internet users who do not believe the way to solving things is running a DDoS against a party or blocking subnets carelessly. I do not know how many are on
There is no panacea for spam. Sorry.
It is very unresponsible of any maintainer of a blacklist to target large IP blocks. There is no possible way to maintain such a list accurately without targeting innocent parties. Collateral damage is understandable, but it should also be looked down upon and avoided at great cost, not accepted. Imagine IPv6 blacklists.
Admins need to take the responsibility to make use of blacklists which are strict in the conservative sense (i.e. very specific). We can all understand this is not as effective as blacklisting the entire Internet.
This is really ridiculous and childish, except with adult repercussions. On the one hand, we have virtual fascism with blacklists. On the other, we have DDoS attacks to end them. And what does this do for the users? Nothing. More bandwidth wasted, more time diverted from the real issue, and disruptive communications.
The Internet is not a playground anymore. Some people actually use it for business, important communication, etc. We need to get serious, not extreme.
From a spammers point of view, these blacklists are just another form of DDOS aimed directly at them.
DDOS = Distributed Denial of Service.
Distributed as in there are multiple computers involved, all coordinated by some central host. Denial of Service in that it inteferes with a desired activity.
If you are a spammer, any distributed sytem that blocks your ability to send email is a denial of service that should be dealt with using whatever resources are at your disposal. This DDOS is best dealt with by decapitating the central host (blacklist server) instead of by trying to deal with all the zombies (mail servers) involved.
The resources available to a spammer are limited. They don't have the ability to get a court order to force the blacklist server offline, they can't have Network Solutions yank the blacklist server out of DNS space, but they can launch a retributional DDOS attack back at the blacklist server.
Adapt or die, no? These blacklist servers are interfering with the ability of spammers to conduct their business. Any solution that stops this interference is going to be worth considering.
...but good luck touching my Bayesian filters.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
I think this is cool. An epic battle between good and evil rages on the Internet. It's sort of like a Lord of the Rings for geeks. Oh wait, Lord of the Rings is for geeks.
I used to use dnsbls. When it was clear that blacklists weren't sufficient, I used them in conjunction with filtering. Then I had trouble with false positives of various dnsbls to the point where I'm now only using the filters. Of course, simply filtering doesn't solve the network and computing resources problem. So I had hatched Yet Another Plan for Spam a while back (had mucked around a bit with implementing it but got distracted).
The plan is essentially to use bayesian analysis of incoming mail to detect "open relays" and maintaining a personalized dnsbl. Initially every piece of incoming mail is analyzed. Upon being tagged spam, the connecting IP is added to the dnsbl preventing additional relaying of messages.
Pros:
1. No external testing/probing is required. All blacklisted IP's have been known to be an originator/relay point of spam.
2. A copy of the spam message can be retained in case of any dispute.
3. It's a personalized dnsbl so that it is generally immune to becoming a target by spammers (either ddosed or litigation).
4. A false positive does not impact systems not directly under your control.
5. Corrections to the dnsbl can be made as urgently as your time would allow.
6. Saves network and cpu resources due to rejection of additional messages from blacklisted IPs.
Cons:
1. Bayesian filter requires training and maintenance.
2. Personal dnsbl also means personal attention. More time and resources required to manage.
3. Not immune to false positives (actually amplifies the effect).
I'm sure I've missed some points on both the pros and cons, but it's a start.
Additional details of the plan had included a web interface for the blacklisted IP's delist the IP. The scheme works on a token system. Each IP is given a configured number of tokens per a configured period. Each delisting requires a token and is subtracted. Hopefully, this will minimize manual effort as it's trivially easy to get delisted (only requiring the blacklisted admin to visit a page and click on a button). However, if the problem is not fixed and the same IP continues to get listed and runs out of tokens, then my plan was to have the blacklisted party to purchase more tokens (something like the same webpage generating a tracking number linked to a paypal account). That way, there would also be financial incentives for the admin to fix their open relays.
My intention with the personal dnsbl was to reject future SMTP relay attempts based on IPs that have been known to relay spam. It doesn't exist to identify every open relay or proxy, but simply to deny those hosts the opportunity to send me more spam. I could careless if someone is running an open relay as long as it doesn't send me spam. So my plan is to only reject mail from people that have actually spammed me, and not in theory of being capable of spamming me. And the reason to use the connecting IP instead of any content in the email is to prevent junk data (too easily spoofed).
Anyhow, that was my YAPS. If enough people used such a system, it would probably put a decent dent in spam and open relays.
Any volunteers?
good!!! hate'em, hate'em all.... as a matter of fact, i hope they all....
OOH, shiny thing....
Damn I wish I could mod you up. By far the most insightful post on this article.
I run a mail system for a regional isp and in the last week or so I have seen my average mail load rais exponentially. Right now I am processing more mail in a 24 hour period than I had previously been in over a month. There are alot of people that are using these blocklists that didn't have the good sense to set up their own and mirror that data. So if every incoming message represents a query to the dns serving the data and the mail load on a typical isp server has increased literally by 10,000% it stands to reason that sobiga-f certainly did create most of this problem.
Mass murder, while obviously wrong, can sometimes be less wrong than the alternatives. Considering that spammers are thieves (of bandwidth, CPU, disk, time and other resources), and considering that the appropriate punishment for thieves is death, and considering that we might as well get a laugh out of their demise, nuking an island full of spammers is a perfectly fine idea. It's certainly better than letting the bastards live.
Why can't the Justice Department just brand these guys, SPAMmers, and the like cyber terrorists? Then (based on what they seem to be doing to other terrorists) they can lock them up, throw away key, and civil rights be damned.
"Love is a familiar; Love is a devil: there is no evil angel but Love." --William Shakespeare ('Love's Labors Lost')
Having a system that works 99% of the time will still lead to that unlucky 1% being the victims of the system. Blacklists have to be accurate in what they list or some bystander is gonna get caught...
I'm actually a little surprised they managed to pull this off. Good for them :P
And don't give me this "I should be able to decided who I receive mail from". You should, but that's not what this is about. This is about power-tripping admins deciding to prevent people under their power from receiving mail that could be more effectively filtered by things like Bayesian filters and the like.
autopr0n is like, down and stuff.
But it gets ridiculous when people in charge of large ISPs start blocking whole countries or other large blocks of the net from their customers because they 'just don't like' those sections.
There was an article on salon a while ago about a woman who's email was basically made worthless because a lot of the people she was working with had been blocked by her ISP (roadrunner)
Lots of people do get screwed over by this. And a lot of people don't run their own mailservers.
autopr0n is like, down and stuff.
It sure is. Except most people would have written "instructions". You're right about not being pedantic unless you're 100% sure of yourself. Otherwise it can bite you in the ass.
Personally, I currently use TMDA to protect some of my accounts. It's a challenge/response system that uses whitelist/blacklist technology and sends a challenge to the unknown senders. This is quite effective at combatting spam since the challenge to a spam message usually ends up bouncing anyways.
The only problem with TMDA is that some people consider the challenge/response method to be quite rude (click here and do a search for "gunfighter" to read the responses to my comment(s) about TMDA). TMDA, and similar technologies, definitely place the responsibility for ensuring message delivery in the hands of the sender and receiver. In addition, there are other considerations such as the additional overhead of the extra messages. There are even cases where people who haven't properly configured such technologies end up getting into confirmation loops and screw up by sending a challenge to a legitimate mailing list.
To overcome these problems I've actually concocted, in cooperation with a fellow developer, an automated means of verifying the authenticity of an email message. While this may not stop spam cold in its tracks from the get-go, it will definitely be a step in the right direction. Instead of blocking entire IP blocks (or even individual IP addresses), companies, ISPs, and individuals will soon be able to compare against blacklists of individual users.
By using this technology in cooperation with a challenge/response-type filter, only individual senders flagged as potential spammers will be a) blocked or b) flagged as possible spam or c) receive a challenge/response. This will completely obsolete any and all current methods of dns or IP based blacklist(s).
Time-to-market is up in the air right now, but hopefully we'll have a prototype ready here in the next month or two. Hope to see you then.
-- Gun-- Stu
/. ID under 2,000. I feel old now.
Someone has got to mod that up :P
autopr0n is like, down and stuff.
Like the way curfew works in The west bank and gaza. If there's a terror attack, people in certan cities are put under '24 hour curfew'. Often times hundreds of thousands of people just to get at a few.
autopr0n is like, down and stuff.
We are the Borg.
You will be assimilated.
Resistance is futile.
Your cam whores and enormous penises will be added to our own.
Your credit cards will adapt to service ours.
Your inbox, as it has been, is over.
From this time forward your hot teens will service us.
.sig Realistic fines for copyright in
I was a 'Collateral Victim' once. It wasn't fun, but I changed ISPs and have had no problem since. To say there was nothing you could do about it when you had problems is silly.
Read about a project here [puremagic.com] to implement a grey list at the MTA level.
It basically involes inspecting the sending ip, sender envelope, and recipient envelope. If the receiving MTA has never seen this particular combination of the three before, it does not accept delivery of the mail piece with a temporary failure message. The vast majority of spam would then be ultimately rejected because it is often sent through open MXs and not a valid MTA with valid sender and recipient envelope information.
It is designed to be a compliment to other anti-spam measures without being as inflexible and cumbersome as black/white lists.
Along those same lines, you could also do a quick reverse check to verify reply-to addresses at the MTA level.
The battle against spam is not totally lost, and we shouldn't cut off our nose to spite our face the way blacklists do.
I don't want to sell anything, buy anything, or process anything. I don't want to sell anything bought or processed...
Very likely, this person is trying to send email to people who are his customers, or his friends, or whatever. And they arn't able to get it because someone with power over their connection is censoring their incomming mail. If the only people using these filters were the spam nazi's themselves, it wouldn't be an issue. But they are making decisions for lots of unsuspecting people who probably care more about getting mail from people they know then punishing people for doing bussness with people who do bussness with people who once ran an open relay.
autopr0n is like, down and stuff.
But rather than one powerful figure and his buddies compiling secret blacklists, it's known people giving methods for their lists [both to add and remove].
Nobody's forcing you to use the blacklists. Nobody's not forcing you to use the blacklists.
Those of us who use blacklists accept that there may occasionally be collateral damage. Too bad. If it keeps one porno spam out of my daughter's mailbox, then I am one happy father.
"You might as well get your son a ticket to hell as give him a five string banjo." -unknown minister
To keep out hundereds of spam e-mails a day, I'm quite willing to resort to 'Draconian' measures. I use several blacklists. I didn't use SPEWS because it was too restrictive for me. I suspect for many, however, it was appropriate for their situation and so they used it. What I am hearing in this thread on the opposing side - anti-SPEWS folks - is they think they have a right to send me e-mail and that I must accept that e-mail. I quite disagree.
So yes, let's block the entire nation of Brazil. Those people in Brazil who want websites will just have to use another ISP... you know, the one that doesn't exist. Hell, if they don't want to support the spammers they should all move to another country! Plus, it's not like ISPs have vastly different capabilities. It should be increadibly easy for sites that upload terabytes of information to find another ISP that blocks spammers the nano-second they are informed. Also, those same sites obviously have no long term contracts with their ISP, so their shouldn't be any severe monetary, let alone logistical or legal, penalties for them to switch.
It seems to me that, in fact, it is YOU who just doesn't get it. Not to put this on the same level or anything, but the exact same attitude was used to justify 9/11.
common sense: noun
What those who are ignorant of the subject matter think; usually wrong.
If you do all that stuff, you will not be removed from the list unless the people who run the list KNOW you've done it. If you can't contact them, how will they know? They won't. You'll still be on the list.
And sometimes you end up in situations where you just have a similar IP number even though you have no actual relationship.
autopr0n is like, down and stuff.
Maybe this is NOT even a DDoS attack at all. The SoBig.F virus includes its own SMTP engine, and so, is bypassing the smart host mail server at each of the various ISPs the infected machines are served by. It is now making SMTP connections to various MX hosts all over the network directly from that access IP address which probably never was used that way in the past by most people. DNSBLs are, or were, scalable because the queries done by the receiving MX servers to verify each sending IP address would be cached by the DNS server there for usually at least a day or two. That caching is effective when the number of connecting SMTP clients (the sending role) is small. What SoBig.F did was greatly increase the number of different IP addresses being SMTP clients. This could be immensely greater, many times the number originally seen. That would mean the resolving DNS server at the MX server site would be missing its cache much more often, both due to the more diverse queries being done, as well as the increased volume of mail. My theory is that this alone, if the increase factor is high enough, could overwhelm the authoritative DNS servers for the DNSBL zones and appear like a DDoS attack.
DNSBLs might have also be configured in more servers as a result of the SoBig.F virus going around, too, to help block it.
How to verify this would be to examine the range of source addresses hitting the authoritative servers. If the range is about the same as before, or generally represents the resolving DNS servers those MX servers are using, then I could be right. Still, it is possible for a real DDoS attack to fake exactly that so as to look like this theory holds.
If the attack has source addresses that are not functioning as resolving DNS servers, then the theory would be wrong. But resolving servers, when run separate from authoritative servers, are usually blocked from outside usage. So simple testing would be inadequate to show that they are not real DNS servers.
now we need to go OSS in diesel cars
Sign up for e-mail with another service provider.
As usual (for a pro-SPEWS poster), you've twisted the parent post to fit your facist world view. If you read carefully and without bias, you will find out that Fastmail.fm actually is extremely aggressive in killing spammers, often within seconds. Does some spam get through? Yes, up to 100 spams per account. Why? Becasue Spammers don't set the Evil Bit when they sign up for an account. So the spammers have to do something that identifies themselves as spammers. As soon as that happens, bammo! This is what I would call a zero-tolerance for spam. The statistics about valid:spam emails aren't to justify the spam that does get through. As you should have seen, Fastmail.fm kicks spam in the ass. They statistic is supposed to show the harm that the reactionary blocking lists are causing.
It makes one wonder when someone's *only* way to communicate with a university administration is through e-mail. No telephone, eh?
Did you email them from an IP in your blocked class C? Maybe they are using their own block list and never recieved your email.
Now that would be some mighty fine irony.
If the spammers can't take the hint (WE DON'T WANT YOUR SHIT IN OUR MAILBOXES, HINT, HINT), then I think they will have little choice *but* to take the hint when someone shoots up Boca Raton. No, seriously. These people aren't going to take a subtle hint like massive blacklists. It will take either someone sniping them one by one, or a massive lynching mob converging on Boca Raton.
But the best case scenario doesn't usually happen. So we're left with either A) Requiring that all E-Mail be authenticated (meaning a massive violation of the anonymity it offers), B) Draconian spam filters that drop anything not found in a dictionary, or C) Requiring that you take a TEST before being allowed to use a computer.
Personally, I vote for the test. What keeps this human trash in business is Complete *ucking Morons (CFMs) who probably also genuinely believes everything Miss Cleo says, and take the horoscope quite seriously. These CFMs are the ones who will believe anything you say, and are destined to recieve either a Darwin Award or the Dogbert Gullibility award in the future.
If you can't recognise spam, or don't know the difference between a hard drive and floppy drive, then I honestly don't think you should have your own computer, which no doubt will end up with every known virus and worm on it, along with a hidden directory set up by crackers to serve child porn over your unfirewalled internet connection, along with several spybots and spambots that feed everything you do to a spammer.
Ever notice that you start seeing all these problems on a large scale when computers became idiot-friendly enough for idiots to get to the internet?
The network the nerds built was an excellent one. It's the MBA morons and spammers that came along and ruined it.
now we need to go OSS in diesel cars
... and walked onto OSU's campus, closed my eyes, and started spraying bullets around everywhere, because hey, some of them were the rioters we've all heard so much about. Yeah, I killed a few non-rioters, but, hey, it'll just make the famlies of the students I killed ask for harsher punishments of the rioters. And I didn't decide to kill anyone, ballistic physics did!
Obviously, that example is WAY over the top, but the idea is the same. Black lists are a form of informational terrorism, no more, no less. The DDoS attacks aginst the lists are a form of informational terrorism, no more, no less. Both sides of this conflict are using the same tactics to achieve the same goal (obliteration of the opposing viewpoint). Both the DDoSers and the listers are trying to sensor someone, and the people who get hurt are the people who can't do a damn thing about it and never wanted to be bothered by it in the first place.
If I don't know anyone in Brazil and don't expect to, why should I not block Brazil when all I get from Brazil is spam?
Actually, the system that I just described bears far more similarity to NNTP than a Napster or Kazaa protocol.
NNTP predates most p2p by a long time, and seems to have been resilient in maintaining basic connectivity.
Do you have a better idea?
considering that we might as well get a laugh out of their demise, nuking an island full of spammers is a perfectly fine idea
Plus, we'd get to see that really cool looking mushroom cloud.
There are only 10 kinds of people in this world... those who understand binary and those who don't
So the obvious solution is a distributed RBL. Just how to do that is a whole different story. A lot of persnickity problems to work out. Looks like a lot of fun. If you're interested, drop me a line. Add my username to the domain in my URL above for my e-mail address...
*Condense fact from the vapor of nuance*
Since the latest virii do DDoS attacks against the MS update sites and anti-spam sites, the really good virus writers would DDoS the anti-virus companies sites so that people couldn't get new definition files. Just imagine... if all the anti-spam sites were DDoS'd off the net and the next virus did the same to the update sites for MS and Symantic, McAfee, AVG, Skywalker, etc... the only choice would be to just turn off all the infected machines. Who knows how long it would take to get updates.
I don't have a problem with people keeping a list of IP-ranges that has spammers. What I don't like is having my e-mail filtered for me by my ISP
How much you want to bet this is someone, not a spammer that got blocked by these blanket lists?
-- 'The' Lord and Master Bitman On High, Master Of All
You can query SPEWS at spews.bl.reynolds.net.au
While SPEWS's tactics may appear "doomed to failure" in your eyes, they are having a noticeable effect on spam-friendly ISPs. If you read nanae you regularly see ISPs that have ignored all spam complaints for months or years finally start dumping their spammers in response to a SPEWS listing.
Furry cows moo and decompress.
That's how the killing always starts. As soon as you start treating a person as an arbitrary object, then it's okay to do anything you want to them and there's no moral consequences. Would you like it if the U.S. Gov'ment went on through with the "equation"
terrorists != "people".
geeks ~= (close enough) programmers,
programmers ~= (close enough) hackers,
hackers ~= (close enough) terrorists... therefore
G.W.B. says, "Kill all the geeks and let God sort 'em out."
Please think carefully before you say that such-and-such group aren't people--even if you're saying it in jest.
Furry cows moo and decompress.
Yeah, that's a great idea. Next, why don't we kill all the people that talk out of their ass about how great it would be to take a bunch of people to an island and nuke them all, you heartless bastard. Also, I'm not sure I agree that theft is best punished by death. I think you're priorities are way out of whack, and maybe you should go down to your local back alley at midnight and get them realigned by a thug.
Furry cows moo and decompress.
OOOOOOOOOOH! Lions and tigers and bears, Oh My!
Spamhaus.org is a nice convenience to have, much like a toilet. It should have police powers. Imagine, if you will, what fun it would be. An automated policeman much like Orin Hatch imagined, but for spammers, and VERY mobile, agile, and hostile.
Yes, they are dangerous, but so are a lot of other ree-taards. Somebody has to live next door to them.
Any preoccupation with ideas of what is right or wrong in conduct shows an arrested intellectual development. (Wilde)
...for good? STOP THE spam. Get ISP's to listen to abuse@. Act to get spammers off their network. Work with the General public and not the "$$$" marketers. Boycott those who use spam to sell their services ( i've stopped shopping at several stores because they chose to spam ). Boycott ISP's who knowingly host spammers. Vote with your wallet.
If it had been political, such as the case of the 20 year old with a link to a bomb making site, they would have gone at it like a pack of wolves.
In any case it does at least serve to give you a sense of your true worth to the government.
A mailbox at pobox isn't going to help you there, you still have to send via your local (blacklisted) ISP.
Got time? Spend some of it coding or testing
No, you cannot sue the government (either federal, state, or local) in order to force a prosecutor to either file a suit (either criminal or civil) or bring a case to trial. Prosecutorial discretion is amazingly broad. Different rules apply to judges -- they can sometimes be forced to take action.
A lawyer & digital forensics examiner. Also an expert on open source software (OSS).
What else was on the ingredient list?
Got time? Spend some of it coding or testing
...every computer in this household is also its own mailserver. With PostFix it's easier to do that OOtB than to configure various things to use a single external mailserver.
Got time? Spend some of it coding or testing
...and it seems to be mostly effective for those accounts mailboxed there.
My oldest email account isn't filtered at all and gets maybe 200 spam and 2 useful messages per day. Not a happy ratio.
Got time? Spend some of it coding or testing
In no particular order
c ast.blackholes.usc kholes.uso les.us w an.blackholes.usl es.ust .blackholes.usb lackholes.usl ackholes.usb el.dkl ackholes.usy net.nle asynet.nld sbl.org
cihost.blackholes.us
turkey.blackholes.us
com
att.blackholes.us
nigeria.bla
russia.blackholes.us
argentina.blackh
brazil.blackholes.us
japan.blackholes.us
cn-kr.blackholes.us
hongkong.blackholes.us
tai
china.blackholes.us
he.blackho
rbl.mail-abuse.org
rr.blackholes.us
qwes
wanadoo-fr.blackholes.us
rogers.
mexico.blackholes.us
dynamicpipe.b
media3.blackholes.us
spamsources.fa
relays.ordb.org
sbl.spamhaus.org
verio.b
level3.blackholes.us
blackholes.eas
proxies.blackholes.easynet.nl
dynablock.
dnsbl.njabl.org
bl.spamcop.net
list.
The first thing I'd like to see is a mailserver plugin that uses a peer-to-peer blocklist sharing client to mitigate the damage done by DDoS attacks against one server. If not this, then an Akamai-type setup needs to be done.
The second thing I'd like to see is for ISP terms of service to change such that if the computer takes place in a DDoS attack due to a patchable bug in the operating system (coughWindowscough), they lose their access until they can prove the patch has been applied and the virus/trojan/worm removed.
If smart filtering were heavily applied they would make less money and go out of business naturally.
I see you know little of what you speak.
Spammers don't make money by selling things to the spam recipients, they make money by selling "opt-in targetted direct contact marketing" services to people who don't know any better.
Spammers don't care if nobody buys the crap in the spams, because they know that there are thousands of suckers willing to hand over their cash. All these people who say "well, it must work, otherwise people wouldn't do it."
You can't stop them by attrition. Just one more thing spammers and cockroaches have in common.
Ok we have all this wonderful file sharing technology avalible, why not put it to good use. Why not build a distributed black list. One that is shared over an automated file sharing network similar to Napster or Kazaa. DDOS only works with a target, with 100 or more geographically diverse machines sharing it I wish them luck. Make being able to access the list depend on your willingness to share it out too. Of course someone would have to figure out the infrastructure but this would rock.
Sick of stupidity? http://www.patentlystupid.com
First of all, it's sending email that is the problem for people on an email blocklist/blacklist. Not receiving email. And certainly not hosting websites.
And there's nothing difficult about paying someone to provide an email "smarthost" for you somewhere else, in unlisted netspace. Though you should of course bitch incessantly at your network provider for forcing you to take that option.
And of course, you should always remember while you're feeling sorry for yourself about being on an email blacklist, that there are a large number of people in the world with problems much worse than yours.
(I'm going to have to find out one day exactly why it is that Brazil apparently only has one ISP. It seems quite bizarre.)
Pete.Seriously, the tactics you support (SPEWS et. al) are identicle to those used by totalitarian military states. "What? He doesn't crack his eggs on the big end?!?! Kill him and every one he knows!" Or more common nowdays: "He's gay? Let's beat the shit outta him and his friends 'cause he might have infected them!"
So you feel like blacklisting is similar to gassing kurdish children or hate crimes? Give me a break. You've dismissed yourself from intelligent conversation about the matter. Wipe the spit off your chin and go see a movie or something.
It's censorship allright, censorship of STUPIDITY. I've never setup a mail server in my life, but even I would know to make sure it wasn't a relay. Anybody that can't telnet ip 25 and check shouldn't be allowed near sendmail or any other mail server. Anybody that sets up an open relay needs to...
a.)Be blacklisted for a while.
b.)Hire a real admin to set it up.
For most "accidental" open relays (small companies, guys with a t1 and an employee that knows "all about" exchange), Getting out from under it is as simple as getting another domain and or IP address. Anybody that can't figure that out needs to...
a.) Be blacklisted for a while.
b.) Hire a real admin to set it up.
One ISP I worked at decided to run their own relay checker and shut down their own customers who had open relays. With very little effort they were able to prevent blacklisting. They did it because they hated SPAM (and were responsive to their customers who felt the same), it was easy to do, and they hated STUPIDITY, not because they were scared of ORBS.
The company I currently work for didn't bother to police their own network and was blacklisted by both AOL and RoadRunner (or at least whatever service they used) at one point. If it hadn't been for the blacklists my company wouldn't have bothered to get it under control (which they did, then got off the lists). So what happened was...
a.)Got blacklisted for a while.
b.) They got a real admin to take care of the problem.
c.)Started enforcing the fines they already had in the user agreement.
I LOVED sending those people to billing to pay their 500$ fine. HAR! In that way the blacklists (which are completely optional, and can be dropped at any time, and in all cases this is done in response to customers excercising THEIR freedom to take their business somewhere else) have increased ISP responsibility. That was sure the case here. Spam is the ultimate waster of bandwidth and storage space (besides my slashdot posts and the blaster worm) and needs to be dealt with.
What about your right to choose? Choose another email address. The list keepers and listusers are in business to make money and blocking spam is an attractive selling point. The fact that Shawn Atkinson was afraid for his life should give you some idea what a selling point it is. Maybe you want/need all that email about fat butts and small wieners. I don't. Well... maybe I NEED it but it hurts my butts feelings (yes my butt is so huge that it has feelings of it's own). Spam is not the price anybody HAS to pay so YOU can feel "free".
What about the "vigilante" method? I mostly liked the way Shawn Atkinson was dealt with, but realistically that doesn't happen often enough to be the only way of dealing with the problem. Granted there needs to be better notification and ease of remittance in some cases, but it doesn't kill any kurdish kids, may actually SAVE the lives of some homosexuals (less hate-spam), and makes me feel better about having a really huge butt and a small wiener.
"sensitive me: These pants make my butt look HUGE!
realistic me: No dude, your butt IS huge."
me
our company's T1 is provided by a company (Lightyear) that gets their upstream from a company (UUNet), that supports spammers.
So what exactly is stopping you changing your ISP?
What I use it for is my own business, JUST like a toilet-like device.
Nobody tells people how to use it.
Nobody can deny that, eh?
I wish they would sell Upper Canada here but it is natural.
Any preoccupation with ideas of what is right or wrong in conduct shows an arrested intellectual development. (Wilde)
As soon as something hits MY property. I choose whether I want it or not. No one has a right to enter your property. It's a privilage you grant them that you're free to revoke at any time for any reason.
The spammer only has a right to send spam from their computer on their connection as far as the ISP allows them to use their property for such a purpose. He doesn't have a right to utilize my connection and my resources to get to me or through me to someone else.
If you're my neighbor you can drive all over your own lawn all you want but you have no right to drive on my lawn to get to my front door and you certainly have no right to drive through my lawn to get to my neighbor on the other side.
This whole spam issue should be handled with existing property laws.
I personally don't care if SPEWS or whoever else is shut down. ISPs should be generating and maintaining their own blacklists. Or forming and maintaining a common list between trusted ISPs to prevent abuse and make it easier for customers to request additions or removals.
I have my own blacklist for my mailserver which is added to on an "as needed" basis. If I'm not getting tons of spam from Asia I don't very well need a thousand IPs to clug through looking for matches everytime an e-mail comes through.
Ben
Work Safe Porn
I never implied that you brought 9/11 into every conversation. I understand the importance of remembering it, like the alamo. My point is that I've got 9/11 overload. I don't know about you, but my experience isn't related simply to slashdot. 9/11 is on TV every hour of the day. 9/11 or something based on how we're going to deal with 9/11 is on the radio every hour of the day. Even on slashdot 9/11 comes up quite a bit. Everytime there is some story of the PATRIOT act, everytime there is a story on some monitoring device or cameras in every city or DARPA's next big plan. Everytime someone says "in light of the new world since 9/11 we feel this is necessary blah blah" or someone else will say "if it can prevent another 9/11 I don't mind giving up this freedom". I'm sick of it. 9/11 has ruined many lives. The reprecussions of 9/11 haven't even come close to stopping. It's a terrible tragic day that continues to ruin our world. I'd like to go a whole day without hearing it not because I'm a commie as the anonymous coward said, and not because I'm tired of hearing you say it, but because when I do go a whole day without hearing it we will have healed quite a bit as a nation. I still hear about it every day because people are still dealing with it every day. Someday it will come up as often as 12/7. It will no longer be an open wound on the psyche and hearts of this great nation and at that time we will be much more healed. I hate hearing about it because I can't wait for that day. so quit being such a sensitive clod.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
another thing dickwad. If you are justifying the DOS attacks because it isn't fair to blacklist the only isp in brazil...aren't the DOS attacks more like terrorism than blacklisting? isn't that like blowing up buildings because you think you have a beef with the US. Seems to me YOU are the one with the exact same attitude that was used to justify 9/11. So fUCK OFF. Using 9/11 to help make your point is lame. It's bullshit and I'm tired of hearing people do it. it's too easy. it's like my point....something about 9/11...and then POW instantly to disagree with me would be a disgrace to the memory of the victims of 9/11. FUCK That Shit. You are a disgrace to the memory of 9/11 if you are gonna go around using it to help support your point in entirely unrelated conversations. They didn't die so that you could win a fuckin debate on slashdot about spammers and isps in fuckin brazil. Take your guilt trip 9/11 tie ins and shove them up your ass.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
I generally do like blacklists, but I do not trust them to get everything right.
:) for mail.
My ISP has multiple POP boxes for each customer though. Currently all the spam gets into one box and the (presumed) legit mail gets into my normal mail box.
Now and then some legit mail gets into the spam pop account. Now and then I check this account for messages that are non-spam. Until now, only some mailinglists have been incorrectly identified as spam (ironically, mostly from IT security companies).
There is still an amount of spam in my inbox too, but some rules take most of that out as well.
I would not want my ISP to throw away all the mail they think as spam; they should never do that without my consent. But blacklistst do not have to be a 0 or 1 (or black or white
Warper
0 - evil bit
Is that a death threat? Perhaps I should get a subpoena for your IP from slashdot. If you read my reply to *crow* you'll see that I'm not a commie. you jumped the gun as so many people do. You are the living breathing example of why people like crow use 9/11 to beef up their arguments. People like you will instantly think..oh he tied it to 911. to disagree would be unamerican. and anyone who does is a liberal commie traitor. it's not that simple. you can disagree without being a liberal or a commie or a traitor. Believe it or not, "with us or against us" is not the way it really is in the real world. small minded people like yourself may like it better that way. You feel safer if someone else tells you who to hate (blacks, gays, the french, feminists) and who to love (business owners, baptists, fat white men (like yourself?)) but the rest of us use our brains. We think for ourselves. We make our own opinions. A smart person would have said "why are you sick of hearing about 9/11" instead of calling me a commie and wishing I was dead. by the way. in wishing more people had dies in 9/11 are you not in some way giving your support of the attack. Couldn't I, if I were a talk radio host, turn your words around to be something like this: A.C wishes more americans would have died in 9/11. He wishes that not only would an innocent slashdot poster have dies, but an American Congressman as well. Perhaps this AC feels that the attacks of september 11th didn't go far enough. Perhaps he wished that the whitehouse would have gone down too. Or capital hill. it's terrorist supporting assholes like this A.C. that are tearing apart this country...blah blah. I wonder if I got you to hate yourself. YOur weak minded enough that you might have fallen for it. Now, for 10 seconds, try to use you fuckin head and think that maybe I'm sick of hearing people desecrate the memory of 9/11 to push their own personal agenda. Surely even a ...coward like yourself can understand that. can't you?
think before you make a knee-jerk death threat next time.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
On the contrary, spammers love Bayesian and any other kind of filtering because it doesn't stop them from sending their spam.
Does anyone know of any work going on towards sharing the filters? IOW, if the training of a bunch of users' filters could propagate up to their ISP, and ISPs could aggregate, then any particular spam message would rapidly find less and less of the MTA's willing to let it through.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I'm sure you enjoy your overblown rhetoric, but your history is a little spotty there. If the real fascists had simply published a list of people they didn't want to listen to, then about twenty million people who died in the 1940's would have lived a normal lifespan.
SPEWS doesn't turn off your net connection. If you're in the SPEWS list, then they're just telling *me* that I might want to drop your packets on the floor if I don't want to be recieving spam. I don't have to listen to you, and neither does anyone else. If you don't like that, tough.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
- That's a great idea. On the other hand, I live in a small town with exactly one feasible ISP that's not a residential cable service with incoming port filters.
Has the U.S. become so backward an nation that one is forced to have a choice of one provider? In Japan, even out where there are nothing but hills and rice paddies, if you've got a phone line, you have a choice of providers - and broadband providers at that.
Maybe it's your representitive or the FCC that you need to be complaining to. They're the ones allowing these monopolies to grow and fester.
My Mom and Dad keep trying to convice me to move back to the U.S. with their only grandchildren, but between what I see on CNN and what I read here about the backward state of ISPs over there, I don't forsee ever moving back.
SPEWS appears to be the least of your problems.
Uh, I'm not defending DOS attacks, where are you getting that from? I'm attacking the premise that it is OK to cut off an entire group simply because one or two may be doing something you don't agree with. Apparently they didn't die so that people could read either.
common sense: noun
What those who are ignorant of the subject matter think; usually wrong.
...is when it'll be legal for me to hack the shit out of anyone who spams me.
Since posting our original comment earlier today, other facts have come to light. In our Opinion posted on 24 May 2003 we outlined who we believe is responsible for SPEWS. Since then, certain details have changed, in particular the registration information for Wewak.net, which has been alluded to in the NANAE group as the host of SPEWS.
Pete Carr Owner Chatmag.com
whattahell is tubgirl? :)
and no, i dont wanna google it at work
class he-man extends man!
How can you decide if others want to receive email form Nigeria or not? If you are running a private server for yourself, then fine, do whatever, nobody cares.
And of course, you should always remember while you're feeling sorry for yourself about being on an email blacklist, that there are a large number of people in the world with problems much worse than yours.
And of course, you should always remember while you're feeling sorry for yourself about being on an email spamlist, that there are a large number of people in the world with problems much worse than yours.
The real problem is large ISPs/backbones like UUNet/MCI, Cogent, Comcast, Level3, China Netcom, AT&T, Brasil Telecom, and Above.net (among others) who flat-out refuse to do anything about the spammers to whom they provide connectivity.
Complaints sent to any of them are promptly auto-acked and then /dev/nulled (if they don't bounce) and so the spammers keep on spamming, most likely due to ephemeral pink contracts and the crooked marketing/sales departments that agree to them, who then put pressure on abuse personel and network admins to ignore complaints about the contracted spammers.
Because of this, those large ISPs and backbones end up on blacklists, DNS blocklists, and a wide variety of other filters. For them, the money they make off the spammers seems to be of greater concern than the money they make off legitimate customers, i.e. those who end up with their netblocks on every blacklist because of who their providers are.
If it weren't for rogue ISPs and backbones, there would be little use for blacklists or blocklists. However, those reprehensible companies do exist. And because of their policies on spam, they continue to be blocked. Money gained from spammers guarantees the blacklists' continued existence.
It's all just cause and effect. As much as it sounds like a conspiracy theory, I truly believe that it isn't, after fighting spam, one email at a time, since 1997.
Probably because they have a contract to provide service to the spammer. The contract will have a clause saying that if you send spam we can terminate your account, but in order to make that term fair (which is a legal requirement on contracts in many countries) to the consumer you would have to provide notice and allow the consumer a reasonable time period to contest the decision before terminating the service.
This is the only legal way of dealing with it from the ISP end, and I think, unless you have experience of running an ISP, it is a little unreasonable of you to complain about things you obviously have no idea about.
lol.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
I've begun to think that "9/11" should be added to Godwin's Law, along with Stalin, Saddam Hussein, and Al-Queda.
P.S. Sorry to mention it. My bad.
It's obviously a conspiracy. The complete lack of evidence only proves just how effective this conspiracy is.
No, I didn't take your comments in too negative a light.
There are some activities where a centralized approach makes sense. Napster was technically a better system than Kazaa.
However, in this case as in Napster, any centralization will be the focus of an attack. A blacklist system should be designed to make an effective attack extremely difficult and expensive. I can't think of a better way to accomplish this, although it brings to mind the dreaded "p2p" word.
Tell them to bugger off? No! Trick them into the forest and put them out of their misery with a blunt object to the head (see hammer discussion a couple of posts up).
Clever signature text goes here.
A perfect example modding to -1 of pointing out a fact that disagrees with these weenies who are religous in their beliefs that only they have the answers.
The solution is end to end ip tracking not blocklists/blacklists.
fucking elitist pigs.
As you can see I don't care about my karma.
I guess you will have to cope with more 9/11 talk the following week. With the 30 years memorial coming up.
This is false. They don't typicaly start with Class C's. Do go look at SPEWS listings yourself and see. Don't ask nana-e posters for more hearsay.
Frankly, the slashdot moderation is stumbling, IMO, many of the +5 posts on this thread are active misinformation designed to discredit DNS blacklists, precisely BECAUSE they work. (This was discussed on N.A.N.A.BL a while ago.)
This crap about the attacks probably not being from spammers is just that. Who else would would break the law to do so? (These attacks are illegal.)
Please mod 5.
Make 'em pay! http://Payola.org #include "stddisclaimer
Bush cites 9/11 to justify everything... http://www.washingtonpost.com/wp-dyn/articles/A574 56-2003Sep10.html
so there.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre