Slashdot Mirror
Swedish ISP Blocks Computers That Send Spam
snuppepuppan writes "One of Sweden's largest ISPs, Telia starts to block computers that send spam. 'The computers that Telia will block are primarily those that have been infected with "trojans" which are being used, without the customer's knowledge, to send enormous amounts of spam.'"
The users blocked are notified about it, and Telia will help them sort things out. Probably by giving suggestions to clean up trojans, etc. since these are often the reason someone spam without knowing. They also only seem to block well-known, heavy duty, spammers right now, since they haven't yet implemented a spam filter, but are considering it.
/. news post incorrectly states.
So, even if the customers won't be given a time period to stop spamming, they're still not left unaware about it, as the
Telia says they're also attempting to detect spam hosts much quicker than earlier, when it could take up to a week or more to shut a host on their network down, when the damage was already done.
Beware: In C++, your friends can see your privates!
TeliaSonera is a company formed by the merger of swedish Telia and finnish Sonera. Sonera is one of the largest Internet/telecommunications providers in Finland and their e-mail systems have become a laughingstock during the last month. Reason: they don't work. There have been delays of several days in message delivery, some messages are lost entirely and their SMTP server seems to be down.
Sonera is blaming this 100% on the W32.Swen.A virus and while there is ongoing debate regarding Sonera's e-mail administrators' competency, that certainly explains why Telia is scrambling to remedy this problem in Sweden. [Un]fortunately (ignore the part in brackets if you are a privacy advocate) the Finnish legislation doesn't allow Sonera to perform the same thing as even automatic monitoring of e-mail traffic is not permitted by the communication privacy laws.
Okay, I know this is offtopic as hell ....
Then don't post it here -- send it (in the form of a question) to Ask Slashdot.
-kgj
Telia is mostly known for their suckage over here. They've made several false starts, including blocking SMTP completely at their border making it impossible to host ones own mail server.
Yes, but bostream is no better. They make customers who want to use an email with FROM-header other than foo@*.bostream.foo setup their own SMTP-server. I preferred Telia's approach.
I don't think their press release will affect the ammount of spam in my inbox. Telia is all too clueless for that. I am however happy that I get a pretty low ammount of spam when compared to US figures. I'm down to less than one junk mail per hour and still not prepared to pipe all messages through SpamAssassin (too high false negatives due to most mail being sent in Swedish).
Still, Telia has alot to do with the ammount of incoming spam. Most of the spam that arrive in my Telia inbox doesn't even have my email in the TO-header (but has it in X-Original-To). The other types of spam I get is the ones that look like:
Received: [*Snip*] Sat, 1 Nov 2003 15:50:49 +0100 (CET)
Date: Wed, 28 May 2003 23:14:06 +0000
I hate spam I can't directly see which box it is sent to, which date it was sent or that has ASCII-art topics.
It'd be a lot easier that block a user's dynamic IP. Simply suspend their account. Then you don't have to loss an IP from your pool.
stuff
You mean "Sonera, the Finnish side of TeliaSonera". ("Telia" is not a company any more, just a brand for the Swedish side of TeliaSonera. Not that Telia didn't somewhat get the upper hand in the merger...)
Actually, last year (2002-10-29, if I remember correctly) they closed down all SMTP traffic from DSL accounts without any type of notice. Yes, you did read that correctly. Without notice!
:)
A lot of companies and individuals switched other companies like Bostream and Bredbandsbolaget. I don't think anyone ever regretted this. Because Telia mostly....hm, is not that good.
This had one amusing side effect thou. Telias customer support service used DSL and could not send any mail to their clients. Nice going...
That might just have been because AOL began bouncing all e-mail from Telia -- mainly due to the same problem as they have now. What would you have done?
I think this is a good thing. it stops the relays now and those affected will notice it, call the support, and be informed of why they were cut off.
"Stop failing the Turing test!" -- Dilbert
I'm down to less than one junk mail per hour and still not prepared to pipe all messages through SpamAssassin (too high false negatives due to most mail being sent in Swedish).
I've never had a mail in Swedish marked spam by SpamAssassin - the only false positives I've had (three in 6 months) were mails from mailing lists where the poster indeed had weird headers.
it's in my head
If you buy an e-mail account from them, why should you be able to set the "MAIL FROM"-header?
Because the mere fact that you choose to purchase an email account from one provider doesn't mean that you choose to abandon any and all other email accounts that you may have for various purposes, perhaps.
I may have an email account for responding to work-related email and another for personal messages, for one example.
If you're a zombie and you know it, bite your friend!
If you buy an e-mail account from them, why should you be able to set the "MAIL FROM"-header?
When signing up for their $2.5/mo mail service, one of the main features advertised is being able to send mail. However, they do in fact require you to set the FROM header to your new mail account.
This sucks big time because:
1. I didn't want to spend 4 minutes configuring Postfix to send my mail.
2. When I informed them of the problem they sent me a Win32 MTA (despite the fact that I said I was using Linux).
3. I didn't want to use the new mail account (I have an own domain that gives me shorter mail adresses than their domain name).
4. I already pay $1/mo for a 100MB mail account.
b-one, which I use for my mail won't let me use their SMTP for things other than PHP scripts (beacause, they say: The ISP is supposed to relay mail, in order to reduce the spamload). Telia locks their SMTP servers to allow outgoing mail only from *.telia.com. Bostream does this for their premium accounts as well, but their standard ADSL service is using a very dynamic IP (*.bredband.skanova.com, which it shares with other ISPs). Thus they can't use an IP range to allow outgoing mail (if you want, you can check this page to see how many IP updates I've had. I've had zero downtime until sometime Thursday last week, but I've had _many_ different IPs.
They really wanted me to be able to send my mail with their server, as that was the way it was intended to be used, and it's not really their fault. It's just that a monopoly (Telia) sucks.elia is, in this regard, a much better ISP. This is much due to the fact that they own skanova (which means the other ISPs bite the dust).
And now for your actual question: Why should I be able to set my FROM-header? Simple: In Sweden, you may get a wide range of mail-adresses, none of which you have an SMTP server for. Take my student.liu.se for example. It will only relay my mail if I am on the student network. Telia will only relay if I am on their network. Bostream won't relay at all. An ISP is supposed to give you a service. And with the ammount of spam today, none other than your ISP wants to give you that service. That's why. Simple as that.
Telia's terms of use state that the customer may not use their service to send spam, and that he will have his connection terminated if he does. If someone wishes to send spam then he'll just have to find an ISP that is willing to sell him that service.
Telia is now "TeliaSonera", after merging with the Finnish company Sonera. This anti-spam move is not just in Sweden, it's in Finland too.
ISPs must provide a QOS in Finland, and Sonera were fined recently (last few weeks) for being unable to deliver mail as they were so bogged down with spam.
So they're not doing it for altruistic reasons, they're doing it because it costs them big-time if they don't. I'm still glad they're doing it though.
All of this was filtered from stories in the Helsingin Sanomat
via my "doesn't speak Finnish" brain, so may be not quite true.
(HS had suffered because of the Sonera e-mail problems, I remember, so they had a particular bias (anti-spam, not anti-Sonera) in
their report).
Anyway - agreed. Period.
YAW.
Your head of state is a corrupt weasel, I hope you're happy.
My guess is that part of the problem is that most abuse desks are flooded with inane crap. At least ours is. I can't tell you how many emails we get from people who forward a spam to us, and do not include full headers. I mean, they had to find the IP and track down who owned it to get the spam report to us, so how can they then forward us the spam and not include headers? Amazingly, that accounts for well over half the abuse mail we get. Then there are the people who send a message saying "Stop sending me spam" and include an IP address, followed by a copy of our ARIN netblocks, as if we didn't know who we were, and that's it. No spam, no timestamp. Nothing. Then there are the myriad of people who simply write our abuse desk with nothing more than "Please remove me from your mailing list." And it goes on and on and on like that. Of course, now that all the nice new viruses are out there, we also get a ton of "One of your users attacked me on port 135" emails. (We have port 135 blocked on our routers to keep from our users from infecting the net, but on the same NAS, they can still get to each other.) The best ones are from people who send us email claiming they are being attacked by one of our DNS servers because their firewalls are capturing logs of the DNS requests.
That's why, as I've said before, we love SpamCop. When we see a SpamCop report, we know we will have everything we need to knock someone off the network. Very seldomly have we gotten a SpamCop report on something that was not spam. As for the rest of the abuse mail? Maybe 1% or 2% have enough information to track the user, and are actual abuse issues. And usually, they were already banned from a SpamCop report.
Anyway, I've rambled on enough. But for those who don't work abuse for a large ISP, now you have a small glimpse of what the abuse mail looks like.
WWJD?
JWRTFM!
Blocking SMTP is not idiocy. You might be inconvenienced a bit, but spammers still use throwaway accounts. They pay their first month of service, and then spam until the ISP finally catches on and shuts down the account. If it takes even 8 hours to catch them, that's millions of spams. Most of our spam reports are around 24 hours old when they reach us. That's 24 hours of constant spamming. Port 25 blocks keep them from being able to use our network to do that.
It may be a bit upsetting not to be able to run your own mailserver, but the amount of spam stopped far outweighs that inconvenience.
Disclaimer: I work for an ISP, but not Telia...
WWJD?
JWRTFM!
I do not know how they do the detection part, but one of my colleagues came for advice on how to clean/up secure his own PC, because it was shut down from the network.
Their method is really simple:
I like this attitude, because even if it does not prevent on-purpose spam, it at least prevent unknowable people to spread nastywares. The only problem beeing that the help desk should point to the IPS URL where they explain how to secure your machine. I hope they will get it right...
[Pruneau