Australia's Largest ISP Redefines Spam

cpudney writes "According to this article in NEWS.com.au, Telstra BigPond, Australia's largest ISP will monitor its customers' e-mails and suspend the accounts of users suspected of sending spam, viruses or denial-of-service attacks. Under changes to its Acceptable Use Policy, BigPond will investigate cable and ADSL Internet customers sending more than 20 e-mails in a 10-minute period, and BigPond management "may suspend the (user's) account while the customer is contacted" if they are suspected of sending spam. Previously, BigPond's definition of spam was held to be 400 messages sent over a 15-minute period and now it's changed to 20 e-mails over 10 minutes. Internet Society of Australia president Tony Hill said BigPond's new definition of spam was very restrictive and he was concerned the limit had been set too low for legitimate e-mail users."

This does seem a bit restrictive.

[Cyno01]

I hope they at least contact the user before shutting off service. I can think of many legitimate reasons to send 20 e-mails in 10 minutes. My adress book has many times that, and sending a CC to a fraction of my adress book would trip this.

Re:This does seem a bit restrictive.

[Liselle]

Might be over-reacting. I RTFA, and it's peppered with "mights" and "maybes". I'd wager that hitting the limit of emails in a certain time period is only going to make them put a magnifying glass on you for a while. They have access to enough information to ascertain whether you are sending legitimate emails or spam, that's for sure.

As a side benefit, this will help them help their customers that get hit with email worms... some people may not even know they are spamming, no?

Re:This does seem a bit restrictive.

[ShadowDrake]

>Sending more than 20 email in 10 minutes The >first time you log on to a new account

From: Joe.Blow@bigpond.com.au
To: Entire Address Book
Subject: New address

Time Scale Too Small

[Josuah]

Why is BigPond trying to identify a spammer from just 10 minutes of traffic. Or even just 15 minutes? I would think it would be much better to have a metric like 1000 emails in a single day. Or 10,000 emails over a week?

I can very easily go through 20 emails in 10 minutes just because I might be having one of those back-and-forth email conversations. I don't know if I could do 400 in a 15-minute period, unless I was running a mailing list (well, which I do, but that's why I use "personal" business ISPs).

This sort of metric just seems extremely silly. Is someone putting pressure on BigPond, or is one of their executives being an idiot?

Slashdot style

[GQuon]

Great..a slashdot style limit on time between posts.
Now Telstra's customers are just missing the lameness filter and the moderation. The occasional dupe happens in email allready.
Hm. There's a chance a lot of my work on Healthcare Informatics would be modded -1 Redundant and never reach my professor.

Might be a good start...

[wrinkledshirt]

I couldn't tell from the article exactly how they were counting 20 emails (cc's or bcc's count? groups count?). But the fact that they monitor by email sending rate seems interesting. I think adding just one more step to that process could make it really useful.

1) Monitor all sources of emails in which large numbers are being sent over a short time period.

2) Allow a central repository for people to report which emails are considered spam. Once that amount reaches a certain threshold...

3) Connect the dots, you get a spammer.

I would have commented on this story sooner...

[Black+Parrot]

...if not for Slashdot's 2-minute delay policy.

More slashdot sensationalism

[Steve+'Rim'+Jobs]

Quote:

Under changes to its Acceptable Use Policy, BigPond will investigate cable and ADSL Internet customers sending more than 20 e-mails in a 10-minute period, and BigPond management "may suspend the (user's) account while the customer is contacted" if they are suspected of sending spam.

It doesn't say anywhere they they will suspend your account if you simply send 20 emails in 10 minutes. All it says is they may investigate users who do, and may suspend their account upon further investigation. I really don't see a huge deal with this, and there isn't any plausible reason to get angry with this policy if it is followed properly.

Wait and see

[SEE]

It's not like there's an automatic suspension for exceeding the limit. They're just advising that 20 in ten minutes is the level that now prompts them to look more closely at. If they aren't stupid about it, it shouldn't be a problem.

Admittedly, that's a big if, given that it's Telestra that we're talking about, but . . .

Shouldn't be a problem in that case

[KU_Fletch]

They're only going to investigate those people, not disable their accounts. If they look at it and see that they sent legitimate messages because they just pop on to send e-mail, they'll be find and their ISP will move on. At least this should make the net big enough to actively catch spammers eariler.

This won't be good for Bigpond customers...

[Kulic]

One of my uni lecturers uses Bigpond as his ISP. He also has his uni email accounts redirected to his Bigpond address. He had problems a while ago when Bigpond went down. He normally accepts assignments via email, but everything sent to him got delayed a few days. Thankfully he accepted assignments which had been sent to him on time, otherwise a lot of people would have inconvenienced.

This lecturer also has other responsibilities (I won't go into detail here) which require him to him to send out newsletters to all of the students in our department, plus international committees and a large number of university staff. We are a small department, but still have ~100 students. Sending out a student newsletter would trip the new email limit. I don't know how he's going to get around this from home (obviously he can send it using our uni mail server when he's at work).

Just another example of Bigpond not being up to scratch these days. I personally use a competing ISP, and have never had a problem. I don't know how Bigpond is going to keep its customers with shit like this.

Re:This won't be good for Bigpond customers...

[wrmrxxx]

I don't know how Bigpond is going to keep its customers with shit like this.

Telstra has all sorts of ways to try keep their customers. For example, misleading advertisements - they were forced to take some of their TV ads off the air by the ACCC. Or abusing their monopoly on the phone lines by lying about the availability of ADSL - they told a customer he was too far from the exchange when he wanted to get ADSL through another ISP, but was close enough for Bigpond. Then they threatened him when he talked!

I think there is only so far they can slide, however, before even the most uninformed consumers see the light. Their recent run of email brown outs must have been hard for even the most tolerant of users to ignore. This article at whirpool suggests that people are finally starting to wake up.

SpamCop paying $30K / year to fight DDoS attacks

[JeffMagnus]

It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.

The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.

And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.

And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.

Nice going.

It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.

Proletariat of the world, unite to kill spammers

Re:Honest question?

[ducomputergeek]

I can send 20 messages in 10 minutes. I usually check my email at 7 AM when I get into the office. Many times its emails like "Can you update this item on my webpage". At the end of the day, say about 4PM. I will reply to these messages with a simple: Done, you have X hours of tech support left this month and I can send out 15 - 20 in 5 minutes easy.

400 in 15 minutes, yeah, that looks odd and should be checked into. 20 in 10...that's not too hard.

Not about Spam, about using Spam to gouge

[child_of_mercy]

This isn't about stopping spam, serious spammers don't use their own accounts, they relay off others.

What it will sneak through under the cover of Spam hysteria is the following.

1) It will force budget business users onto more expensive corporate accounts.

2) It will stop people batching their email correspondence to miminise online time which in turn will reduce peak load on telstra and also bring in more money.

3) Less nasty but equally beneficient to Telstra it will allow them to stop worm riddled machines bogging down their email servers (Telstra are facing massive damages over the near collapse of their email infrastructure and associated business losses).

Re:Oh telstra you dorks

[bernywork]

If you read a little better, this is only for ADSL and Cable customers, why they would read offline (Unless they have a notebook or something) when on ADSL or Cable it doesn't matter if they are online or not?

On top of the previous posters comment regarding it only being investigated and not an automatic immediate suspension.

Re:SpamCop paying $30K / year to fight DDoS attack

[Jeremi]

It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.

Agreed. But fighting the spammers won't prevent that. The only way to prevent that is to secure the majority of on-line PCs so they can't be zombified.

"Virii" DOES NOT EXIST. BZZZT. defcon4

What's the Plural of `Virus'? What's the Plural of `Virus'? The plural of virus is neither viri nor virii, nor even vira nor virora. It is quite simply viruses, irrespective of context. Here's why.

Sections in this document:

• English Inflections
• Classical Inflections and References
• Journey Into the Fourth Declension (new)
• Other Latin Resources
• ASM News
• ASM News Update (new)
• Footnotes

English Inflections First off, the OED gives nothing but viruses for the plural. Here's its abbreviated entry:

Etymology: a. L.

virus slimy liquid, poison, offensive odour or taste. Hence also Fr., Sp., Pg. virus.

1 Venom, such as is emitted by a poisonous animal. Also fig.

2 Path. a A morbid principle or poisonous substance produced in the body as the result of some disease, esp. one capable of being introduced into other persons or animals by inoculations or otherwise and of developing the same disease in them. Now superseded by the next sense.

b Pl. viruses. An infectious organism that is usu. submicroscopic, can multiply only inside certain living host cells (in many cases causing disease) and is now understood to be a non-cellular structure lacking any intrinsic metabolism and usually comprising a DNA or RNA core inside a protein coat (see also quot. 1977). [ Formerly referred to as filterable viruses, their first distinguishing characteristic being the ability to pass through filters that retained bacteria. ]

Other sources that support viruses include Birchfield (n Fowler :-) in Modern English Usage (3rd Edition), and also the Cambridge Encyclopedia of the English Language . Classical Inflections While one would hope that the authoritative sources cited above would suffice, some writers prefer to maintain the classical inflections on some English words, particularly in technical writing. For example, conflicting indexes/indices and minimums/minima are both easily found, depending on the intended audience and use. In that case, what's the classical plural of virus?

The simple answer is that there wasn't one. The longer answer follows.

Writers who, searching for a fancy plural to virus, incorrectly write *viri are doubtless blindly applying an overreaching -us => -i rule. This mis-inflects many words. For example, status and hiatus only change the length of the final vowel; genus goes to genera; corpus goes to corpora. Others are even worse if this rule is mis-applied, like syllabus, caucus, octopus, mandamus, and rebus.

Anyway, Latin already had a word viri, but it was the nominative plural not of virus (slime, poison, or venom), but of vir (man), which as it turns out is also a 2nd declension noun. I do not believe that writers of English who write viri are intentionally speaking of men. And although there actually is a viri form for virus, it's the genitive singular[1], not the nominative plural. And we certainly don't grab for genitive singulars for the plurals when we've started out with a nominative. Such hanky panky would certainly get you talked about, and probably your hand slapped as well.

This apparently invariant use of virus as a genitive singular may als

Re:"Virii" DOES NOT EXIST. BZZZT. defcon4

[Eskarel]

This may be both off topic, posted by an anonymous coward, and insanely long, but it should be modded up just so that the general slashdot population isn't denied the pleasure of witnessing the worlds most anal retentive pedant in action.

I've seen grammar nazis before but this is the most incredible thing I've personally ever witnessed.

Are They Really Dumb?

[Bob9113]

Is Telstra really excessively dumb? I would guess not, so let's suppose for a moment that they aren't.

If they're not really really stupid, they might have thought: Gee, I wonder if there's any way to tell what's 3 standard deviations above the mean as far as peak mail sending rate is? Do we have, anywhere, a listing of all the emails that have been sent by our users? Preferably arranged in chronoligical order, with timestamps? If we had that, why all we'd have to do is a little grep and wc action, toss in some particularly ugly perl to aggregate the results, and we'd be able to figure out what normal is. From there, we'd be able to figure out what weird is. Once we know what weird is, we'll know which accounts we should take a closer look at.

I've gotta think they figured that out. After all, they have to have figured out how to count the mails per minute per user to be able to implement this (and their former rule), right?

Of course, it's possible they really are too dumb to look at their own server logs. Maybe they pulled this number out of some business weenie's ass during one of those catered lunch meetings in the big glass windowed room with the collossal oak table. If this is the case, then they'll get false positives by the cartload and they'll quickly be swamped in the acrid stench of their own foolishness.

I find the latter a little implausible. Telstra may be a big evil monopoly, but I don't think they're a big evil imbecilic monopoly.

Re:Oh telstra you dorks

[tunah]

Sometimes I write emails on my laptop while it's not on the network, and send them when i plug in.

Bigpond partly to blame, too

[Gavin+Rogers]

This is probably common with all huge Telco ISPs the world over but I think that Bigpond themselves could do more to prevent tides of Spam originating from their customers... I think these mega ISPs have a "CPE" attitude that's left over from their Telco division - i.e. If it's beyond the equipment we provide - it's "Customer Premises Equipment" and we therefore, don't care.

Bigpond could install heavy default firewalling (especially ports 80 and 25) to protect against people who install default operating systems with Christmas tree options or are infected with spamware so they readily become spam relays and force customers to use ISP provided gateway servers. Better yet, ask customers to knowingly switch off their ISP firewalling if they're providing a legitimate Internet service. (and therefore prove that they know what they're doing)

The end days of open-slather unfirewalled broadband accounts for "Mum and Dad" Internet users is long overdue.

The conspiracy theorists claim that because Bigpond charges customers per Mb for both incoming and outgoing traffic, they really don't care if their customers are open-proxy spam relays because they'll be hit with a bill for the traffic "they've" used at the end of it. That's probably extreme, it's more than likely that they just don't care or have the technical/human resources to do anything about it...

Re:Oh telstra you dorks

[-Maurice66-]

As long as they don't mention they just went out to get their viagra they should not have a real problem there ;-]

Cheers,

M

Sounds familiar -- and not even bad

[llauren]

There was an article, featured on Slashdot, quite some time ago, which could be applied here. The thought was that if an identified spammer tries to send to your SMTP server, the service would be slowed down.

To protect both the ISP and the innocent, they could implement a feature where after 20 mails in 10 minutes, mails would only be processed at the speed of, say, one mail per 30 seconds, and maybe slowing progressively after each 100 mails. When the mail pipe has been silent for a given amout of time, say ten minutes, the "mail slower" would be reset.

This wouldn't make much difference for the legit home user but for the spammer (and for a business connection) it would be a tar pit to avoid.

This could probably be implemented just by installing a crappier mail server ;)

~llauren

YAY! this is great!

[the_unknown_soldier]

I am a bigpond user. and i know that for many users this is a godsend! you see bigpond has very restrivtive and long contracts which cost a lot to buy out of. this gives us the chance to get out of our contract without paying the fee. also... bigpond has the worst spam of any network in the world...simply because they have incompetent staff. this won't stop it.