Spamhaus Guru Steve Linford Profiled

BenLev writes "The New York Times has an article profiling Spamhaus Project director Steve Linford. The feature goes behind the scenes at Spamhaus, 'one of the leading groups that is trying to make the world safe from junk e-mail', showing that it operates from Linford's houseboat on the Thames near London, spammers don't like him, and his volunteer corps likens itself to the X-Men."

Adding info to DNS servers

[Space+cowboy]

What happened to that proposal to add records (as comments, so the DNS protocol wasn't broken) to the DNS saying that a domain was authoratative for the envelope 'From ' header ? That sounded like a good idea, so long as the MTA's took it up...

Simon

These guys block pretty large blocks.

[ron_ivi]

Few weeks ago, much of my email was blocked because because spamhaus.org was blocking a huge (69.64.32.59/20) range that contains our address.

My particular server (a dedicated box) was innocent, but my hosting facility had spammers on other dedicated boxes.

Isn't blocking a /20 like swatting flys with a hand grenade?

Re:These guys block pretty large blocks.

[Indy1]

/20 isnt that agressive. Probably your isp kept moving the spammers around and spamhaus said fuck it and plonked a bigger range. Stop blamming the blacklists and start yelling at your isp to stop hosting spammers. If your going to live in a crackhouse, dont be surprised when your friends refuse to visit you.

Re:These guys block pretty large blocks.

[ron_ivi]

I didn't say I felt it was "wrong" that owners of networks can block whatever email they want. I agree with their right to do so whether it's because some blacklist says it's IP address is within a few hundred of a spammers, or whether it contains keywords suggesting it's pr0n.

I'm just pointing out that there are quite a few false positives when large IP ranges are blocked.

Any low-cost hosting (in this case, an under $50/month dedicated linux server) that offers the users the ability to run whatever services they like may attract spammers. My hoster does have policies to stop spammers, but with affordible single-dedicated-system hosting spammers come and go. IMHO, blocking large ranges doesn't much affect the spammers or the hosters in this case - it just causes a minor inconvenience to others on the same ip address blocks who have to temporarily route their email through their DSLs for a while.

Note I'm not saying this policy is "wrong" or "right"; and I agree organizations can block whatever they want. I just think blocking large address ranges does as much to create false-positives than to block spam.

Re:These guys block pretty large blocks.

[frankie]

Dammit, stupid non-optical mouse jumped and I hit Submit instead of Preview.

Anyways, I meant to say that 69.64.32.59 is listed in SPEWS and it is not listed in Spamhaus. Given that the wider-reaching SPEWS only lists a /24 in that vicinity, I find it higly implausible that Spamhaus would drop a /20.

Instead, I am starting to consider the notion that there is a pro-spammer astroturf campaign being waged against blocklist sites.

Re:Lucky me?

[Burb]

One reason might be that spammer's can't guess your email address by dictionary searching. Case in point: my wife set up an email account some years ago and used a name based on a "Peanuts" character. For various reasons she didn't use the account and I'm fairly sure she did not sign up for any mailing lists etc. so the name was not published. Then all of a sudden she gets 20-30 porn messages a day into the account, because some spammer decided to try

Re:epitome of laziness

[ctr2sprt]

I get about 180 spam mails a day. Now I can get Mozilla to block all but 2 or 3 of those... but it also classifies every NON-spam message I get as spam. So I have to weaken the filters, and now about 20-30 messages a day get through. And unfortunately that's still over my limit of how much I can effectively filter mentally. As much as I stress to people that any emails they send me with generic subject lines (like "Hello" or "Last night") are going to get thrown in the trash by accident, they still do it. And I still space out when manually filtering out spam and delete their messages.

It still only qualifies as an annoyance because I seldom do anything important over email. But the reason I don't do anything important over email is because I know spam makes it unreliable. Bit of a Catch 22 there. Seems like the reason spam is an annoyance and not a serious issue is that it's increasing fairly gradually. If there were this much spam back in '95, there'd be riots. (Among the nerds, which I guess means lots of really heated USENET posts about how Captain Kirk is so much better than Captain Picard.)

The end of spam

[heironymouscoward]

I'm surprised no-one has thought through the logical conclusions of where we're going with spam.

Spam filters work only for those able to configure them. For the vast majority of Internet users, they are just a dream.

Spam blacklists are unsustainable in a world where most net connections come across DHCP, and most spam is/will be sent from owned home computers.

Spam merchants will continue to harness the 'dark side of the force', paying crackes and virus writers to create the networks of owned machines they need to operate from... ... since there is nothing serious happening against any of these directions, the conclusion seems unavoidable. What I'd like to say is that
the Net will split into two halves, an "infected" and a "clean" part, and every single transaction from the infected part will be treated with scrutiny and suspicion.

But this is impossible too.

Conclusion: the purity of the net is a thing of the past. We will come to understand that traffic is bad until demonstrated good. Emails will be 99.999% junk, virus, and trojan, and the art will come not from filtering out this junk but from detecting the signal within the noise.

Clearly, whitelists are part of the solution but they are limited since you can't form a network of whitelists, it's a one-to-one solution that does not scale.

I see only one solution that is scalable. Data clearing houses. You register with me, I'll vouch for all your data, and pass it on to those who need it, along with my signature. A trust network, if you like.

Data clearing houses will rate each other, creating a system of moderation in which data is never guaranteed good, but at least you get a measurable index of confidence.

Re:good idea.

So call me a troll, but...
It's pretty hard to enforce US laws on a Taiwan spamhaus.

And why exactly would anyone want to use US law in this case? Hasn't it been proven to be about as toothless and worthless, not to say non-existant end sometimes even endorsing spammers? Thanks, but no thanks. It would be like trying to get rid of cockroaches by drowning them in excrements.

If anything, a law which actually tries to stop these sleazy vermin should be used. If the mentioned EU law/directive is that much better than US "law" as it seems at first sight, I believe that should be used.

If later China get their act together and decides this is a capitol offence (after all, they do still execute people en masse on large arenas - letting people watch the executions), I wouldn't mind at all watching Ralsky & Co. fry in the chair - on web-TV. They are after all among the worst vermin on the planet. Far worse for far more people than e.g. ebola or anthrax.

If there was a fund to have these pests terminated, I'd happily pitch in a 50.

Pay me...

[Cygnus78]

0.01 $ to get on my whitelist.

Which spammer has the energy ?

If you really want to mail me, you probably have the energy and the money, or if you really want I could pay you back :)

Re:epitome of laziness

[welsh+git]

> I think spam is not that big of a deal. It's just a small annoyance
> that can be deleted in less than 3 clicks.

I run my own server, and mailhost for a number of friends and family.

In total, the server receives approx 10,000 spams a day which is not at all reasonable.

Secondly, because of 'porn spam' my young niece can't have her own email address.

Thirdly, lots of spam in a mailbox can sometimes make you miss important emails if you just delete them quickly.

Finally, no-clicks at all... GUI mailers are too slow :-)

Re:Just a matter of time until we get secure email

[Analysis+Paralysis]

What Spamhaus does that is different in that they provide information on the worst spammers on their ROKSO list - including names, addresses and phone numbers where known. For some reason, spammers do not like being "outed" (I wonder why?) and this has, in one case, caused a spammer to cease business.

I doubt that any progress will be made in fighting spam until Microsoft/Apple include authentication options in their default mail applications.

Unfortunately, authentication is unlikely to do much to stop spam unless people use it with a personal whitelist of permitted senders. It is currently straightforward to track a spam email (SpamCop can do this if you paste the email in with full header information) but nowadays it typically comes from a cable/DSL user whose machine has been hijacked.

Re:epitome of laziness

[anaplasmosis]

You're an idiot. I get 6 or 7 *hundred* spams a day and 1 or 2 hams. If I was deleting this stuff manually, it would take hours a day. I cannot recommend ASSP strongly enough; http://assp.sourceforge.net

Attempted slander against anti-spam services also

Look what I got yesterday (with forged headers):

---- quote --------------
Dear Internet user.

We are an organization dedicated to stopping spam. Please help us as we are
funded solely by private donations.

visit www.spamcop.net for full details. Or you can send your donations to:

Julian Haight
PO Box 25732
Seattle, WA
98125-1232

As you can see by this message unsolicited e-mail is an invasion of your
privacy. As you can also see it can be sent anonymously

We will continue our efforts until all spam is eliminated.

To join please visit www.spamcop.net or contact
jkdom@mail.julianhaight.com

We will continue to send out this message until we convince all ISP's to
stop all spammers.

!!!Stop low-lifes from invading your inbox with their junk!!!
---- end quote ------------

If they spew out fake spam which can only be meant for slanderous purposes, would you really expect them to *not* be in the virus game. Almost all these Windows viruses, if you hexdump them, have smtp capability. It's quite thinkable that a fair amount of them are really experiments rather than 'bad things done to innocent users because the virus writer likes doing that'.

There must be a lot of money involved in the art of spamming still. I wouldn't be surprised if spamhauses are partially means of laundering money as well (think about it). Either way, these people *are* criminals and one should consider them as such.

Re:This doesn't seem to be helping...

[Ryokos_boytoy]

We (the dev firm I work for) was approached to do spamming. I went apeshit and said I would quit and report it to the FCC but they were offering real money and my bosses were tempted. So I turned off the blacklists and let them swim in spam a few days till they came to their senses. When he had 100+ spams everyday, he saw the light.

It sucks, but...

[falsified]

People are going to have to stop using email. With the vast majority of internet users using some sort of instant messaging program, it's easy to get ahold of a person on the internet. In the instances that a more formal message must be sent, we can use radical new solutions such as the postal service. Fixing SMTP won't work, a new protocol won't work, banning spam won't work, a tax on email is uncollectible and WON'T WORK.

In an unrelated rant, my username is a normal English word and my domain is a popular email domain. I get five or ten spams a week. The solution? Completely fake information when I sign up for things. The New York Times knows me as Pablo Rodriguez from River Forest, Illinois. My email for them is hotsexy69696969696969@hotmail.com. I suggest you all do the same.

Re:You give spammers too much credit...

[Phroggy]

You misunderstand. I meant, they would check the Do Not Spam list to get a list of valid e-mail addresses (if somebody bothered to list them, they must be valid), then sell that list to other spammers as a confirmed opt-in spam list.