Anti-Spammers DDoSed Out Of Existence

Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"

The Heavy Hitters Are Still Around

[Nintendork]

So, when will we see a distributed RBL that can stand up to distributed attacks?

I'd never even hear of the two sites that closed down. Personally, I use Spamcop's DNSBL, DSBL, and ORDB.

-Lucas

Re:The Heavy Hitters Are Still Around

[frankie]

SpamCop is currently alive, but Julian had to blow a bunch of cash on upgraded servers after getting knocked down a couple months ago. Pretty much every site which offers any sort of blocklist has had several months of continuous DDoS.

Re:Double-edged sword

[nate1138]

Um, you got it wrong pal. It wasn't spammers getting DDOS'd, it was spam fighters getting knocked off the net. By spammers. You know, the bad guys.

Re:massive Joe jobs?

[beady]

A Joe Job is where some unsuspecting innocents email is placed as the "from" address in the email headers. Headaches ensue

Re:massive Joe jobs?

[Rogerborg]

Where your send email purporting to be from someone else, or in this case when spammers send spam purporting to be from the anti-spam orgs. SMTP servers don't validate the From: field, you can put anything in there. Most lusers and a shocking number of clueless sysadmins don't realise this.

I won't miss email black lists.

[Vic+Metcalfe]

I'm sorry for the trouble these guys have had, but I've had more trouble with black lists then benefit. I've been black listed many times for stupid reasons. Like one of the sign-off's mentioned, I've had @mydomain.com used to send spams, had to handle the bounces and then been blacklisted on top of that. I've had spam link to a page I host even though the spam wasn't advertising the page, it was using the page to support the sale of its product. The page was about water safety, and posted by someone with no connection to the spammers. I've twice been blacklisted and once had UUNet filter my IP allocation because users had uploaded old vulnerable versions of FormMail.pl to their web sites and spammers found and abused the hole. Both times I had found and removed the offending script before getting shut down, only to be blacklisted/filtered AFTER fixing the problem.

As you might have guessed I have no love for RBL type services. I think their hearts are in the right place, but I'm tired of getting caught in the cross-fire. Since at some point, in order to benefit spammers have to be contacted by consumers, law enforcement should be able to track them down. I'd love to see that sort of thing become common. I can't see a technological solution even with a complete overhaul of how email works. I like the fact that a stranger can email me if they like. I just want to see legal limitations on that contact to prevent spam.

Re:Here's what cracks me up

[EinarH]

Wheter this is the responsibility of the DHS or the FBI I'm not sure about, but Ron Guilmette who runs the now closed monkeys.com actually tried to contact FBI.
From a google groups post here:

I was also on the phone to Ron just a few minutes ago.

More specifically, the law enforcement issue is twofold:

First, he tried talking to his city police. He had to fight them to even take a written report of the incident. That was to be expected, of course.

Then, he tried calling the FBI. The receptionist who took the call apparently didn't understand a word of Ron's explanation of a "denial of service attack against his Internet servers" and asked him "Is that illegal?". Ron insisted that he must speak to somebody who is more capable of understanding the issue. The receptionist transferred the call to the duty officer, which turned out to be an answering machine.
Ron left a message, expecting to be called back, but no call so far.

If this is correct, I have no indication that it should not be, it looks like a total FBI fuck up.

(more info here)

Re:Sounds like a good use for Freenet

[lx805]

Good point, but if it is signed, then it is not anonymous is it.

It doesn't need to be anonymous, just available. SpamCop isn't anonymous. Spamhaus isn't anonymous. SPEWS is anonymous, but they probably don't need to be, and they already have someone who is *NOT* anonymous distributing their lists via PGP signed e-mail (see http://groups.yahoo.com/group/spews).

ISPs that use these lists to reject mail are being irresponsible, and are most likely doing it without the knowledge of their users. One false positive that gets dropped is one too many when your users don't know it is happening.

I agree with you there 100%. ISPs *maybe* should offer it as an option, but shouldn't filter by default. I've seen some ISPs do some pretty stupid things with the blocklists (i.e. add the IP ranges to their core router's ACLs). Those admins should be shot.

Admittedly, though, I'm not nearly as concerned about false positives as most people. People tend to forget that e-mail in it's very nature is unreliable, and should never replace a phone call or good old fashioned face time.

Re:Excellent idea!

[bdsesq]

Fogeries can easily be prevented.
All you need to do is put a PGP signature on the list.