Slashdot Mirror
IronPort Arms Both Sides In Spam War
securitas writes "We all know about IronPort's recent acquisition of SpamCop. What may not be common knowledge is that IronPort's Senderbase has 'the reputation as the fastest way to send millions of junk e-mail messages' and is popular with spam factories. Founded by two former Microsoft executives - Hotmail's Scott Weiss and ListBot founder Scott Banister - IronPort claims its customers are not spammers but legitimate marketers. Critics say that this is a clear conflict of interest. Playing spam from both sides might be likened to a pharmaceutical company enabling the spread of a disease in order to sell the cure. SpamCop founder Julian Haight - who had to sell the company in order to remain solvent - is quoted as saying of IronPort's anti-spam measures: "I am not sure all its standards are tough enough." The story was originally reported by the New York Times' Saul Hansell. Abbreviated mirror at IHT."
Spamcop could improve what is already good filtering, by automatically blocking crap from IronPort's SenderBase clients.
"All your SenderBase are belong to us."
His comment was about Bonded Sender, not SpamCop.
--
Have you read the Moderation Guidelines Addendum
Sounds like when that one phone company (I think it was AT&T) was selling technology to block telemarketers to consumers, and selling technology to get around technology to block telemarketers to telemarketers.
And, as they say, hilarity ensues...
There are only 10 kinds of people in this world... those who understand binary and those who don't
Verizon (my local phone company) got my name wrong somehow when I signed up for my phone. So I was going to get it changed, until I got some junk mail (snail, not e) with that mispelled name on it. Hrm... interesting indeed. So now I know when Verizon sold my info to some telemarketers or whatever. Plus, when people call looking for Mr. Gandnee, I can say wrong number :-)
There are only 10 kinds of people in this world... those who understand binary and those who don't
There are some legit companies that use it. A place I used to work used it for sending user-configured news and stock alerts. Interestingly enough, the box is a rebranded dell running freebsd. I have my suspicions they are using qmail on it also just because of the way it behaves. Everything is hidden behind a nice little interface though, so you have to boot with a floppy to poke around, which I never got around to doing.
:) It is a good product though, you would have serious trouble getting that kind of performance out of a standard mailserver using the same hardware.
The boxes are $30k each last I checked. On a revenue of $10 million, that's likely under 300 machines if you include a support contract. Not selling many of them...
Need Free Juniper/NetScreen Support? JuniperForum
The company I work for is looking at using one of these boxes to send our opted-in newsletters. IronPort may be popular with spammers, but I have to agree that there are perfectly ethical reasons to send out millions of emails per day (per hour in fact!) The IronPort systems are by far the fastest mail servers around.
Spamcop doesn't rock.
It's configuration of spamassassin isn't very good IMHO.
Quite a bit of spam still gets through.
I've seen much better implimentations of spamassassin elsewhere. And no, they're not just one off site specific implimentations.
I'm sorry if I've dissed Julian - I'm not sure who's responsible for the technical setup.
Spamcop used to be incredible. The last couple of years hasn't been so hot.
Frankly, I'd recommend other filtering options. (Like getting your webhosting/email from totalchoicehosting.com and using their implimentation of spamassassin.)
If you're forced into filtering a single account, than using a local copy of spamassassin is probably better, but spamcop is easier.
I dunno, there's no great answer out there.
But trying to stop reading spam will always have loopholes. What would be more effective is the elimination of the spammers themselves.
Anti-Spam enforcement ought to go after the *beneficiaries* of spam. They (the beneficiariesof spam campaigns) have to bank somewhere, and it's likely at a bank we (the US) have access to. Go after the profits, and the demand for spam will drop. (This will easily target 99.9% of direct product spam, but will be harder to use against "mindshare" spam.)
Sure, there's some problems in determining who is really responsible, as someone could troll spam "for" your business just to get you in trouble - but I suspect it would be fairly trivial to know when it happened. (One could also require/allow discovery in court to determine if any funds were transferred between the spammer and the beneficiary - so I think that's doable.)
Anyway...
Cheers
Their product is basically a highly optimized MTA with built-in personalization capabilities. As far as I know, the box is just a "standard" server-class PC. Probably running BSD or Linux.
The personalization stuff is basically the ability to give, say, 1000 email addresses and a message, and also some macro values (first name, last name, etc,) for each address. If the MTA connects successfully, it rewrites the message on the fly for delivery. The big upshot here is that you don't need to submit each individual mail to your sending MTA, and therefore it doesn't need to handle thousands/millions of files in the spool directory.
I'm sure there are more features than just that, but when my employer was looking at them, that was the main feature I remember.
Also note the "Spam Farmers" post, where AT&T is promoting "viral marketing" as a benefit to developers of their new mMode service.
--
make install -not war