Slashdot Mirror
Trouble Getting to SpamCop?
geekwench writes "SpamCop was apparently the victim of a recent DoS attack. A false complaint to their domain registrar led to all primary DNS information being pulled. The problem is now fixed, but there may still be access issues for the next couple of days as ISPs clear the old DNS information out of their caches. You can read about it here and here. (Sounds to me as if SpamCop is proving to be a good-sized thorn in the sides of a number of spammers.)"
This is scary stuff... anyone can get any domain pulled with a little accusation?
We need to secure the domain registration/ownership process... seriously... We might not be able to take down microsoft.com, but with this complaint technique, I'm sure we could do some damage to a lot of less high profile companies... We need to get this fixed now! It's almost as bad as being allowed to call your neighbour a terrorist, and have him/her arrested indefinetly, with no proof...
---
Programming is like sex... Make one mistake and support it the rest of your life.
> Sounds to me as if SpamCop is proving to be a
> good-sized thorn in the sides of a number of
> spammers.
Maybe, but maybe not. The DOS attacks by spammers have been getting pretty brazen of late. SpamCop's a well-known name, and that's probably all it took to make it the target of an attack, regardless of how effective it is.
They've gotten almost no resistance to the attacks they've launched so far. They've got no reason not to launch an attack on anyone who even attempts to block spam at this point.
It would be far more effective to simply drop any SMTP connections from networks in Brazil or China. Even better would be to actively scan emails for links pointing to that IP space, and dump any messages received. This would eliminate most spam from user mailboxes.
Spamcop is a nice parser, though, for those rare occasions in which reporting would do any good. Unfortunately, they're in bed with Cyveillance--don't forget to uncheck that box to avoid helping them.
One benefit of reporting spam to spamcop is that it lets ISPs know about client systems that have been owned and are being used for relaying spam. I don't know how many of the major ISPs actually do anything with the information.
Mea navis aericumbens anguillis abundat
Someone has to protect the public from the people who regularly misuse their power online. To this day, that was Spamcop. Now as many of the anti-spam groups go offline, the public is getting pelted with more and more spam, and viruses.
This whole thing reminds me of the war on drugs. If the cops wanted to really stop the drugs from existing on the streets, they could. But they don't have any incentive for that because it works against their budgets to pull all the drugs off the streets.
The police profit from the drug war, so they have to keep it going. They bust the guys at the top, but that just creates a vacuum, so they wait for it to be filled, and bust the next idiot who steps in. See how this connects to the anti-spam and anti-virus corporations profit from buggy Microsoft software and OS gaping holes. If this was a cover of an O'Reilly book, it would be a stippled drawing of one spider eating a hundred flies, and another spider selling tickets, and a few million other flies buzzing around, with a long line of spiders waiting with money for the guy selling tickets.
The situation is like this: the day anyone with money really cares about quality of life online, is the day that delivering quality of life online is very profitable.
It all has to get much worse before it will ever get any better.
Had they taken the thirty seconds to actually look at the headers, it'd've been obvious that I was, effectively, as much a victim of the spam as my user.
A "disconnect first, ask questions later" policy is fine, assuming you bother to ever actually ask.
IANAL, but doesn't this give reason for some sort of lawsuit? Joker have, on account of one false complaint about wrong adres info, suspended a service which i presume was still being paid, without any warnings after their first one, though a reply had been given. I don't know which law applies here, but in Holland, this would be reason enough for a court meeting.
On top of that, there is ofcourse the question of: how is this possible? are there rules for actions of this kind? returning a fax is, IMHO, indeed no prove at all, though it will probably hold in court.
And a question to the lawyers here: if you, with bad intentions, use this method to bring down sites, is that a crime? I'd think yes, but then, Joker has to give the name of the person that claimed te info being false.
In all: interesting things may come out of this...
I agree. The only way to stop spam is by filtering it at the ISP or end user level. Email is too entrenched and too important for us to be mucking around with whitelists and trusted senders and whatnot. Reverse lookups would really do the trick, but since in my experience 99% of ISP's/bandwidth providers are just too uncooperative in updating their reverse DNS, that is out. Couldn't do virtual domains either.
You could utilize some minimal checks like forward dns or just a HELO name check, which my company used for a while. But, there are SOOO many exchange servers out there that identify themselves as "microsoft.msft" (which is of course not correct) that some of our clients couldn't get their mail. They'd call, "Hey, so and so can't send me email." I'd telnet to their port 25 and check what they returned in their HELO... sure enough, it was incorrect, so I'd notify the administrator and our client that their email server is not configured correctly (and it's an open relay to boot). A couple of days later this client would call again saying, "Other people can receive this guy's email, but I can't. What's wrong with your server?"
After a while, it's just a perception problem. You've got to be able to receive from everybody (except the absolute worst spammers). So we accept all mail and tag it with spamassassin using the X-Spam-Status tag. Clients then can filter it and check at their leisure. If they have a little more no-how, we tell them to download and install mozilla-mail or thunderbird with built in spam filtering. You've got to train it, but it works.
Email is too important and too ubiquitous to be screwed around with. The surest and best way to deal with spam is to filter/tag at the end user or ISP. Legislation won't cut it. Threats won't cut it. Whitelists/Blacklists won't work. You can't even rely on first line HELO identification checks. There are just too many monkeys who've set up email servers out there.
And just think about this: even ipv6 STILL isn't widely deployed.
Toddlers are the stormtroopers of the Lord of Entropy.
Won't do them any good here. Local bayesian filter. Approaching 99% classification accuracy after 6 months.
:)
Spam doesn't stand a chance
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
It sounds like you don't know how SpamCop works. If it was *a* false complaint, then there is no "they." SpamCop is a tool that allows a user to easily trace and report spam. In your case, apparently a SpamCop user determined that the message they received was spam and used the SpamCop service to send a report to your ISP. Why would the reporter try to contact you if they thought you were the spammer? The proper procedure *is* to report to the ISP of the spammer.
If the message was not spam and your ISP cut you off on the basis of a single complaint, then you have a beef with your ISP. Additionally, if it can be shown that a SpamCop user filed a false complaint, then SpamCop will take action against that user if the issue is reported to SpamCop.