Slashdot Mirror
FTC vs. Open Relays, round 2
mbrain writes "PC World is reporting on a new federal program run by the FTC to close relays and proxies that serve as spam gateways. It's called 'Operation Secure Your Server'. The FTC will publicize this program by... sending tens of thousands of emails." I think it's a continuation of this program.
I have to wonder how many owners they will be able to successfully contact. It has been a long time since I've actually seen a WHOIS record listing a valid email address. Plus, popular registration services like Dotster now offer email masking as a standard part of domain registration.
I think this is mostly due to the trend of spammers attempting to "steal" domain registrations by doing thousands of WHOIS searches and contacting domain owners.
How many roads must a man walk down? 42.
What I'd give to get that list
HOW'S MY POSTING? CALL 1-800-POSTING
So this means that it's going to be harder for me to spoof emails, and that I *might* get a little less spam than I do already. Um, yay?
Mod "Overrated" instead of replying "I disagree with you," you coward.
People who have open relays (in most instances) are either too stressed or too ignorant to understand what that means, and getting a letter from the FTC won't change that (in most instances.)
The FTC can only suggest that the relays be closed. Until they have some form of enforcement, there is nothing preventing those with open relays from ignoring the emails (assuming this is the rare situation where the above does not apply).
This doesn't take into account that some of those relays may be there on purpose, as in ISPs possibly colluding with, and also possibly profiting from, spam.
libertarianswag.com
Should the U.S. government be "handling" it at all?
Stop SPAM by sending thousands of emails? That's funny.
Until they have some form of enforcement
CAN-SPAM anyone? Does anything in CAN-SPAM make it unlawful to knowingly aid and abet spammers in the United States?
If they send the mail to the address of an open mail server, they will be sending most of them to the hackers that have taken over the machines, won't they?
sending tens of thousands of emails
spam people to stop spam? yeah it will work!
What happend about the EFF exec that keep losing his internet connection because he insisted that he be allowed to run an open relay?
Even though the information is hidden, the e-mail is forwared to the registrant.
Fight Spammers!
Because there's so many viruses, worms and scams that spoof other email addresses, including the scam that claimed to be about the Patriot Act, recipients might think it's a virus, a worm or a scam. I still think fake relays would be a good spam deterent vs trying to close all the open relays.
If the people who leave open servers open are on the hook to be sued, they will wise up very quickly.
Fight Spammers!
I remember when I was a kid ... My dad had an operation similar to this ... it was code named.
"Close the damned door, we ain't air conditioning the whole damned neighborhood."
That program was affective, dont see why this one won't be.
They couldn't come up with a better name, I mean isn't the whole point of government projects to confuse people as to what the the intent of the program is while tying in some patriotic theme.
Perhaps I might offer a bit of suggestion.
"Operation Cage the Free Eagle"
See, you got no idea what it really means, but it says Operation and includes "FREE and EAGLE", it must be good.
Ignore the "p2p is theft" trolls, they're just uninformed
This is a flawed comparison. Leaving your door unlocked doesn't hurt anybody else. An open relay does.
You're lame. Go die.
Once all/most/many of the relays that they can use without *overtly* breaking the law close up, spammers will simply turn to *overtly* breaking the law, as in creating zombie networks. And as soon as those poorly maintained computers are cleaned up, they will simply use the same virus/worm/exploit to 0wn more poorly maintained computers (These computers will coincedently tend to be crawling with malware already).
Though any such move would doubtlessly be controversial, I suggest writing a "white hat" virus what would:
1) Check if a machine was unpatched/0wned (Probably meaning "it could infect it in the first place")
2) Once loading itself, download and run anti-spyware/-adware/-spamware/-malware applications to clean up the computer
3) Contact and infect other hosts, but NOT at such a rate as to bring down networks.
I omitted suggesting that it download the latest patches, because (as is oft pointed out) one reason many people and organizations DON'T download the latest patches for Windows is that they often break other things.
Although, again, this would be extremely controversial, I am suprised at never having seen it suggested before.
I caught this while it was still at Score: 1, and modded it down as Troll -1.
After hitting the moderate button, several others who evidently didn't read it, had modded it up as informative.
Anyway, I tried.
slpalmer (Posting anon, since I've modded this discussion)
If they were truly serious about this, they'd give it a name like "Operation Infinite Freedom" and blame all the spam on terrorists. Use your imagination, people!
Whether you like it or not, there's nothing that's wrong about having open relays.
Bullshit. If your open relay is used by spammers, it inconveniences hundreds of thousands, or even millions of users. It costs ISPs and businesses money to deal with the spam that's spewing out of your open relay.
If I wish to leave my house door unlocked, it's not the business of the government to tell me I have to lock it. It may be irresponsible, but it's my right.
What a stupid analogy! If you leave your house unlocked, the only person likely to be hurt by it is you when you come home and find your stereo, PC, and TV gone. If you leave an open relay, you potentially hurt many innocent third parties. If you want a better analogy, it's like the government telling you that you can't leave a loaded shotgun on a picnic bench in a public park.
Just the same, I have the right to have an open relay and not close it. They have no right to tell me how to run my server. I accept the consequences of how I run it.
So does that mean that you're going to reimburse me and the other postmasters who have to deal with the spam? Are you going to compensate the users who got spam through your open relay? Are you willing to accept legal responsibility for the porn ads sent through your system to e-mail addresses of children? If not, in what way are you accepting the consequences?
now eat a large smelly black anus
your a troll, but i am going to flame you anyways. If your a big enough dumb ass to run an open relay, your going to be blacklisted by so many rbl's its not funny. Two, your going to get firewalled like mad because your server is a known piece of spammy bullshit. Three, if your isp isnt a spam haus or some clueless fucks like comcast or sbc, your going to get nuked off your connection for spam support.
Have a nice day.
Lawyers, MBA's, RIAA? A jedi fears not these things!
jebus bless you
Is that you, John? :)
Great, so your mail client deletes your crap mail. Meanwhile, your sysadmin has to keep beefing up the mail server(s) to handle the growing load.
Filtering at the client side just covers up the problem. You think you're helping, but you're actually just pulling the wool over your eyes.
I'm sure you're happy, but don't call it a solution. It doesn't scale.
If the government wants to have a good influence on the issue of open relays, why not offer a small tax cut to anyone willing to close their relays. The government could test the relay. If it's closed, then the individual or business would be eligible for a small tax cut or maybe even cold hard cash. Giving positive incentives would have a better effect IMHO.
What? It would be far more effective if their taxes were doubled...
Oh well, what the hell...
Blackadder: Baldrick, have you no idea what irony is?
Baldrick: Yeah! It's like goldy and bronzy, only it's made of iron.
It's only knowingly when you've been told by the spammer he'll be using your relay for spamming.
Why not when the relay's operator has received numerous messages at abuse@ and postmaster@ about the UCE flowing through the relay? If not "knowingly", I would guess that such a situation would establish negligence at the least.
I don't think that applies for someone uninvolved warning you that it might be.
How would one consider an e-mail service provider that just received hundreds of spams through your open relay "uninvolved"?
You aren't aiding and abetting someone stealing your car when you ignore the "keep your car locked" signs at the parking lot, are you?
Insurance companies seem to think so, denying claims unless you can prove that you kept your doors locked.
Friends don't help friends install M$ junk.
As a sysadmin at an ISP, this is good news for me. Getting customers to close their open relays has always been a hassle. "We really need you to take care of this; its against our terms of service" is often followed by "Well, maybe we'll just find another ISP."
"We expect you to take care of this; you're operating in violation of Federal Trade Commission policy" has a much nicer ring to it. One less likely to generate argument.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Yeah but then the government would be using telling people what to do with their own machines.
file a freedom of information act request.
I'm an American. I love this country and the freedoms that we used to have.
I'm wondering. Was there talk about changing the SMTP protocol a while back? I know it would a major overhaul, something along the lines of revamping IPv4 to IPv6 (well, not that major..)
This flys right around there with 'taxing every email' which would be an interesting debate indeed.
I've noticed that a bunch of mail servers out there are now doing creative mail filtering, making sure that the mx record corresponds to the actual relay that the mail is coming through. But not everyone has smtp auth over pop..
For instance, my new favourite is AOLmail.. almost any external mail to any aol servers, now takes up to several hours to actually get through their systems. I'm not sure if this is a creative filtering process, or that their servers are just so bogged down?
hrm?
------------
Sase
"It's the opposite of that."
I'm not sure this is a great idea. On one hand, I really want open relays shut down so that people stop blantently misusing them. On the other, I know some companies I've done work with, use open relays completely legitimately, and I don't believe that the open relays are the big problem anymore. I think that most spam comes from
A) Over-seas servers in countries that have abudant bandwidth and few laws governing their usage (ie India)
B) Hijacked machines here in the good ol' US of A that have become spam relays via viruses.
Until we get people to stop buying crap from spam, there will be no way to stop the spammers. Thats all there is to it, no matter how the government tries to stop it.
Maybe someone should send the FTC a copy of Nmap,
have them setup a site so non-tech. people can test their server.I'm not very knowledgeable in this area, but surely the FEDs have someone capable.(that's a joke,ha,ha)
Actually, if I got a letter from the FTC I might well look into what it said. But if I got an email supposedly from the FTC, I would likely just ignore it without even opening it (after forwarding a copy to uce@ftc.gov).
I'm an American. I love this country and the freedoms that we used to have.
Will this do anything about the zombie problem?
Of course, the reason that they can send all this spam^H^H^H^H important advisory information is the CAN-SPAM act itself. Their "advice" may be mass mailed and unsolicited, but it sure isn't commercial, so breaks no laws - I wonder if they even put an appropriate label in their subject lines (maybe GOV: rather than ADV: ?) even though they don't need to.
"Operation Secure Your Server is sponsored by the FTC and agencies around the world. International participants include agencies in Albania, Argentina, Australia, Canada, Brazil, Bulgaria, Canada, Chile, Colombia, Denmark, Ecuador, Finland, Hungary, Jamaica, Japan, Lithuania, Norway, Panama, Peru, Romania, Serbia, Singapore, South Korea, Switzerland, Taiwan, and the United Kingdom."
No openrelays in NZ...w00t!
What boggles my mind is how hostile people get towards end users of fairly complicated Mail hosting programs. Personally, I've had to deal with the people at ordb.org, and let me tell you, they're a bunch of jackasses about the whole thing. If you had a chance to read their old FAQ (they've since changed it), you could tell that whoever wrote it was getting off on forcing people to change their server settings as he saw fit. So, while I'm getting barked at by customers who's "e-mail won't work," I've got to sit through childish comments about how I suck as an admin. The whole thing really pissed me off.
I understand that many of you uber-users expect that every admin should know all the ins and outs of every server/program, but I'm afraid that's just not possible sometimes. Our Wireless ISP consisted of 3 technically-capable people. Between setting up people's connections, repairing relay sites (using both proprietary and OTS equipment), setting up servers, setting up routing, technical support, providing network content shaping, hosting/designing websites, setting up policy enforcement, documenting it all, securing the network, AND providing e-mail to boot, there's just not enough time to do everything and get it right the first time. BESIDES, what's so wrong about expecting things to work when you do a regular install?
Since when has default == basically broke?
-Grym
why not offer a small tax cut to anyone willing to close their relays
Wow, an incentive for everyone who doesn't have an open relay to open it up, collect on the tax cut, and then restore them to non-open status. Why should we be forking over our tax money for something they should be doing already?
The Internet's greatest strength is also its greatest weakness. At a technical level, everything with an IP address is a peer to all other devices with IP addresses... no special license is needed to make somebody a server. When it comes to e-mail, the same SMTP protocol that your favorite e-mail program uses to reach your outgoing mail server is the same SMTP that server is going to use to relay the message to the next server. You don't need anything special if you want to set up a mail server for your organization... but that also means nothing prevents a virus-infected PC from being an e-mail relay that starts spewing Spam on behalf of the virus writer.
Any "secure" system needs a "root of trust", someone or something that is a trustworthy party from which all other relationships can be traced back to. Most things on the Internet don't have a central authority, and that's by design to prevent censorship. However, e-mail is one thing that we want censorship for... we want abusers of the system thrown out.
However, to reliably kick out abusers, there needs to be a central authority. In short, there needs to be some sort of approval body for e-mail servers to prove that they're trustworthy operators, so that any e-mail that passes through them is sure to not be spam, with reprocussions for the server operators who do let spam through their system. In short, a closed system, where membership for servers is by approval, and therefore those who operate e-mail services have to enforce limits on their customers.
Unfortunately, that's so incompatable with the e-mail system we have today... any dreams of creating a No-Spam-Allowed e-mail system can go sit between IPv6 and the Devorak keyboard design in the pile of ideas that look good on the drawing board but will never be put into widespread use.
the one that when you apply the security update, it turns your server into an open relay?
IIRC, even if you went to the trouble to ensure that it was *not* an open relay, the patch would change the settings and, voila, open relay.
In the free world the media isn't government run; the government is media run.
Since when has default == basically broke?
I dunno. When was Microsoft incorperated?
Yeah. I suppose my idea was a little short-sided.
"We've got SPAM and more SPAM and penis enlargement SPAM and refinancing SPAM and credit help SPAM SPAM SPAM and even more SPAM..."
End of Line.
So lemme get this straight, the FTC is going to help stop spam by sending out thousands of emails to everyone
Yep, sounds like the gov't think tank is hard at work.
I noticed the conspicuous absence of China in their list of countries participating.
This is a very dangerous thing they are trying to do. Basically it boils down to the gov't telling people how they need to have their servers configured. Granted open relays are a bad thing, but having some gov't body tell someone running a private server that they have to change how their system is setup? No thanks. I'd rather have open relays.
There are several projects out there that are detecting and blocking open relays (quite effective... I have used this and similar blocklists on my mail server). FTC wouldn't be doing anything groundbreaking, except more formally contacting the owners. Not that mail server admins don't notice when millions of sites start bouncing their mail because they're listed on such places as ordb and dsbl! After all, that is part of the effect of blocklists... puts pressure on people who run improper mail servers.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
I get the open mail relay stuff.. obviously spammers can abuse those to hide their tracks and avoid IP address filters & spam lists.
But, they say that spammers use open proxies too. Sure, you don't want to leave your proxy open for various reasons.. But, I didn't think spam was one of them. It's not like they're spamming through some webmail service or something. And, with the way the document is worded, mixing the MTA & proxy issues, it makes the doc less clear.
Don't let the GNAA hear you talking about freedom of information requests, or it won't be long before another slashdot story gets hit with a thousand comment crapflood.
whats the point of taking the time to spell for cowardly morons like you. Btw: go ahead and spam me, it only improves my filters. (why do you think i dont munge my slashdot addy?)
Lawyers, MBA's, RIAA? A jedi fears not these things!
Is there a way (I doubt this would be legal, but I think it would be plenty ethical) that you could get an open relay to churn email within itself, or somehow create an email loop or something else that would cripple the server or bandwidth?
If they're open, why not use that openness to the worlds advantage...
Spam exists because men are embarrassed to buy penis enlargement pills from their local porn/sex toy stores.
If you wanna stop spam attack its market. Figure out a way to discreetly supply penis enlargement pills and spam will dry up.
Put them in vending machines or something, right next to the Spanish fly.
Whether you like it or not, there's nothing that's wrong about having open relays.
Yeah sure, but what if I'm a customer of yours, and I have a measurable percentage of the emails I send are blocked because my perfectly legit message to a linux related mailing list comes from a known open server?
You are not in that case, delivering on the promise of a smooth running mailserver which is something thats 100% expected when I sign up with you for the service. Particularly when you are the only available game in town!
You've got your head up your ass and are saying thats how its going to be and thats the end of it, while I'm the one who is hassled, and occasionally forced to have my messages relayed by hand by a friend thru another local mailserver.
This was the case with verizons dsl service, although its slowly getting better, we're on fewer and fewer RBL's as time goes by. But its been what, 2 years of bellyaching to them about it? At one point they did have it all closed, but the RBL folks were listing whole blocks instead of the specific machine. The attitude that if they build another machine thats tightened up, and put it in the same block of addresses soon wears thin when you still can't get off a major list because of the list maintainers lethargy.
The Nachi worm and Code Green were attempts to fix Blaster and Code Red. They caused more damage than they fixed - especially Nachi which is still flooding everyone with ICMP echo requests. I am also surprised that you have never seen it suggested before - hint use Google
Closing open relays is a great first step and I hope this program has some effect.
If spammers are driven to using trojaned home computers to send their junk then there will be much more pressure bought to bear on ISPs to do port 25 egress filtering which will stop the trojans dead in their tracks
>In general, you aren't responsible for the traffic that goes through your server, as long as you can't be reasonably expected to know what's going through there.
No argument with your statement of the law.
If you run an open relay in this day and age, I think you can reasonably be expected to know that spammers will use it.
If the jury were made up of Slashdotters, I think a negligence suit against an open relay operator would succeed.
>The criminal is the spammer
Absolutely.
Require open mail relay operators to log each transaction, so they can be used trace spammers.
in the days when they didn't carry guns.
Stop, or I'll yell, "Stop" again!
This has been done and it is not working. Significant design flaws in Microsoft's OS continue to defeat band-aids like this as the myDumb worm proves. Insuficient control of execution by the continued use of filename extentions and insuficient privilidge seperation make continued explotation a reality. Even my ISP's draconian solution, blocking inbound and outbound port 25, has only created single point of failure for the whole network's email - the ISP's own MTA. Either Microsoft fixes their problems or it should be banned from internet connections.
The problem of open-relay mail servers (IMHO) is most appropriatly solved by convincing admins that proper configuaration of their mail servers is critical (or by not accepting mail from servers which allow inappropriate relaying).
At least this one looks simple. Every free distro I'm familiar with ships with it's MTA in a reasonable shape. good user manuals and well explained configuration files. Do you know of MTA's that don't ship this way?
The first problem's "solution" is the thing that's killing me. I can't run a mail server of any sort because someone else's software is so easy to exploit.
Friends don't help friends install M$ junk.
I am very sympathetic to the complaints of harming innocent third parties, and indeed I used to be very supportive of anti-spam efforts. But these days I find that the anti-spammers are doing just as much harm to innocent parties as the spammers themselves. Real time blacklists are some of the worst offenders, since many of them (e.g. SPEWS) actively promote collateral damage as a mechanism for encouraging change.
I don't see how open relay blacklists like orbs or SPEWS can say with a straight face that they care about innocent third party damage from open relays. I consider the damage inflicted by one lost legitimate mail to be far worse than the damage inflicted by one unwanted spam mail.
When spammers exploit open relays, they are violating numerous federal laws involving computer tampering and break-ins. Why is the FTC annoying network operators and not getting off their butts and enforcing the existing laws?
This is like sending out flyers telling children to not talk to strangers instead of going after the child molesters that are roving up and down the street in plain view every single day.
In short, there's nothing but practical issues keeping you from doing this right now. If you can overcome those issues, more power to you. If you want to keep me from running a mail server with well configured free software, go away.
Friends don't help friends install M$ junk.
Immediately following the press conference, Mr. Blumenthal crawled back underneath his rock.
So when someone sets up shop in that unused attic/wing/crawlspace of yours and starts producing Methamphetamines or otherwise generates/disposes hazardous waste but out of your sight, I hope you enjoy the consequences.
Copyrights, Patents, Trademarks: temporary loans from the Public Domain, not real property ("intellectual" or otherwise)
You betcha it's your right. And it's the right of other sysadmins to blacklist your entire network or to teergrube your mail server so that it dies a slow death trying to deliver mail over a connection that gets slower, and s-l-o-w-e-r, and s--l--o--w--e--r, before disconnecting altogether. So, yeah, you can have that open relay so that you can access it from anywhere, but don't complain when no one will accept your mail anymore.
This sentence is a lie.
Sometimes you really do have to fight to achieve peace.
Never. Surrender is always an option, even if it means suicide. It might not be a good option, but it's there.
Fucking for virginity is an oxymoron because fucking will never achieve virginity
Nonsense, your parents fuck and about 9 months later you are born a virgin. fucking -> virginity.
Saw that as the title of the CNN article detailing the FTC's new "Operation". Link here --> Don't click this if you're an IE user, as it may be dangerous ;-P
My question is: How many people that read CNN run MTA servers? Then, of course, there's the now widely misused context of "hacking" used here, but I'll let someone else go into that one. Is it just me, or is CNN and the news media in general spewing out more and more sensationlized garbage?
A common example is the requirement in many places that pools be fenced, even if the property enclosing it is posted as "no trespassing" -- the theory is that a child will be so attracted to the pool that the prohibition on entering the land is ineffective.
The equating of spammers with children is not accidental.
Though any such move would doubtlessly be controversial, I suggest writing a "white hat" virus what would:
1) Check if a machine was unpatched/0wned (Probably meaning "it could infect it in the first place")
Zombies are evil. Any machine found exploited or exploitable should be kicked off the net by law until fixed (exceptions for university research honeypots, etc.). Perhaps a fine for repeat offenders to pay for the scans and resultant support calls. The anti-virus and firewall companies should be trying to brib^H^H^H^H lobby for the passage of such anti-nuisance laws ASAP.
Shutting down open relays harms privacy. In principle, it is both efficient and easy to pass pure text - non-html email - as a matter of principle. SPAM ASSASSIN could also vet incomings.
A text only open relay, has many advantages, and may hurt spammers more - besides text emails are harmless, as spammers have stopped using text only.
This isn't entirely true... When I come in to steal all of your junk, I might stop to make myself a sandwich and cut myself in the process. I could get a hernia or throw out my back lifting your big screen tv. (etc...)
Let's not forget, in the US you, the property owner, are responsible for the safety and well being of your tresspassers/burglars!
One of the solutions to malaria is to breed trillions of sterile mosquitoes, and release them into the wild. The chances of a fertile mosquito mating with another fertile mosquito is therefore very small, and the population is virtually wiped out - but for a few weeks, you have an insufferable amount of mosquitoes.
Maybe sending out masses of junk email is the cure for spam. The chances of someone replying to a *genuine* spam is therefore reduced, so the spammers might stop trying.
Look, spam may be a problem for the mail admins having to put up with crap, but closing and banning open relays is B.S. The spammer can just download a free mail server and spam thru that...keep in mind, that in opensource ones spammmers can just corrupt the header, altho the relays IP would be included theres no proof. This is rubbish, i dunno what spams like there, but it is NOTHING to worry about here!
It's not *servers* where I'm getting spam from -- it's mainly 0wn3d home PCs that are sending them now. If you look at the Received: headers of the vast majority of the spam, you'll find your MTA got it from a system on a residential cable, DSL or dialup connection.
.dsl. or .adsl. or .dialup. or .cable. in the PTR.
I've been adding SpamAssassin rules to score heavily against email from *.client.comcast.net (one of the worst offenders, so I've called the rule RECEIVED_FROM_SPAMCAST), and score against anything received from with
Oolite: Elite-like game. For Mac, Linux and Windows
Every other ISP out there firewalls port 25, so they have to use your relay. If you have customers who need port 25 (but really you should have them relay on the other port through their other ISP then... I forget what, something in the 500 range) run a login script for them that turns this off in the firewall (not easy to do right, but you can do it).
Ideally your mail relay would log the email address of whoever was loged in (the one they signed up for, even if they use a different one), but that sound like a difficult scripting job.
Relay no email addresses from ISPs like AOL which impliment spf, presumably they have enough of a clue to have their own password protected relays.
It isn't being a good sysadmin.
This isn't TV. Few real cops ever draw their gun in the line of duty. "Stop or I'll shoot" is for the movies, when a real officer shoots it is more than just a criminal running away, it is a criminal who has proven to be too dangerious to let run. Every cop I know tells me that if you run they will let you go. (With all the body armor and equipment they wear there is very little chance the cop can catch you). Much easer to get on the radio and get help, and/or make sure that when you are caught you now also face the charge of running from the police.
I only know of one former cop that had to shoot in the line of duty. Former cop because he was never able to put on his uniform again. Sure it happens once in a while, but this guy had 20+ years in.
Mind I think it is silly the the british cops don't carry a gun. However it is about the least useful tool to have. Used by and expert in the right (well wrong really) situation and it prevents someone dangerious from commiting further crimes. Only used as the very last choice.
The responsiblity should be one the mail package writers. Not the novices who attempt to run a mailserver off there dsl and the experts who don't really have this problem.
If all mail packages reported a sucessful relay for any connection but then would either just toss the relayed message into
But it's even harder then this. Many spammers own there relays and operate them from off shore in asia/russia/south america and other places where there is little authority or desire on the part of the local authorities to shut these people down. The burden is then on us or the incomming fiber/backbone providers/ and or ISP's to block the IP of spammers. Attempting to get individual Mail server operators to track and block hundreads of thousands of spam servers from off shore just isn't practical...
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
Couldn't such a system easily be crippled by people submitting millions of domains, thus rendering the system unusable? Or how quickly can a host be checked?
Shouldn`t Slashdot fix their OWN open relay before posting stories like this?? smj@freeshell.org has notified them several times and they are still helping spammers. No, I am not smj, just a happy user of freeshell.org. They have blocked all email from slashdot.org because of this relay problem. Fix your own problem before complaining about spam!
Open relays, while enabling spamming, aren't the real problem. The real problem is the total unwillingness of the FTC to crack down on email based crime. Almost all spam is pretty much openly fraudulent -- either the products don't work, you don't get a product, or you're not supposed to get the product in the first place.
Why hasn't the government initiated a crackdown on the crime WITHIN the spam? Why is their such a willingness to accept that but be mad that someone is spamming about it? I sometimes wonder if most Americans (and I'm one as well) don't have some kind of built-in huckster or a total absence of ethics that they don't have a problem with the fact people are committing fraud.
If the government would bother following the money trail over some spam transactions, they'd not only get a much better idea what's "behind" spam (my theory is a fairly small number of people are responsible for a lot of it), as well as catch the same people comitting the same fraud, over and over, which becomes a possible RICO prosecution -- lots of jail time for anyone even tangentally involved. Which might actually do more to end spam by getting rid of its clients than some lame relay closing enterprise -- haven't they moved a lot of their operations to zombies and cracked proxies anyway?
Funny ;^)
There'll be more than enough hosts compromised somewhere, instead try to fix the damn system with proper certificates, "soft" blocking like hashcash or similar, easy feedback of SPAM, easy whitelisting of mailing lists etc.
Hell, I just recently discovered that my RHL9 box has been somehow compromised. Don't ask me how, but those sendmail spam zombie processes weren't mine. And on this Win2k PC I run anti-virus, firewall, the works. Still, a few things slips through the cracks, at least for a time.
But see how, my Linux box if routed shouldn't get a domain. It would be @[IP] @???.bb.online.no (dns of that IP) or @[spammer-provided domain], not @aol.com. And even if I wanted to run a mailserver here on a residential DSL - it's reasonable to limit my delivery speed by hashcash or some such measure.
If I wanted to do mass mailings (opt-in, the good kind, they exist, remember?) there should be a whitelisting system. Some kind of cryptographic token or similar, as proof of the opt-in. But noone seem to be doing anything like that.
Damage control is the way to go. Running around chasing the latest compromising trojan and whatever is futile, at least to cure the problem, not just the symptoms.
Kjella
Live today, because you never know what tomorrow brings
That must be why the FTC is working with 36 other government agencies from 26 countries.
They really think anyone will read their spam?
Im getting a good 1000 a day now.. their message will be lost in the static.
If it isnt captured by spam filters totally...
---- Booth was a patriot ----
They will cancel the service, which exposes the whois information. Then since it had to be registered with Godaddy, then GoDaddy will suspend or cancel the domain.
Fight Spammers!
I'm hugely disappointed that there's been no sign of the FTC or any other government entity attempting to prosecute spammers or people advertising/selling products via spammers. You'd think a dozen or so cases would make people think twice about sending spam...
Most open relays aren't in the US, but rather in countries that don't give a rat's behind about what the FTC says.
"Everything works if you let it" - The Flying Mouse