Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC vs. Open Relays, round 2

Posted by michael on from the drop-in-the-bucket dept.

mbrain writes "PC World is reporting on a new federal program run by the FTC to close relays and proxies that serve as spam gateways. It's called 'Operation Secure Your Server'. The FTC will publicize this program by... sending tens of thousands of emails." I think it's a continuation of this program.

9 of 255 comments (clear)

  1. Re:Shouldn't the FCC be handling this? by LostCluster · · Score: 2, Informative

    No branch of the U.S. Government has the power to actually stop spam, but just like the FDA puts out nice public relations campaigns about what we should be eating, the FTC puts out campaigns about what businesses should be doing. The FTC can't exactly stop open e-mail relays, but they can label that as a bad idea.

  2. Re:Open Relays by Junta · · Score: 2, Informative

    Actually, I can't think of a single good reason for anyone to have a fully open relay on a mail server. I can see relays for IP networks, I can understand authenticated relay, but what possible justification is there for a fully open relay these days? Even ISPs restrict SMTP servers for their IP subnets. If you need to support road warrior configurations, give those users a username and password and tell them how to configure SMTP with TLS and authentication. The most flexible mail server I have right now is a relay for two internal networks, and external users only after authenticating (and authentication only allowed after STARTTLS).

    --
    XML is like violence. If it doesn't solve the problem, use more.
  3. Re:MOD PARENT DOWN AS "DIMWITTED" by Anonymous Coward · · Score: 2, Informative

    As the author of several books, including those on the administration of UNIX and Windows servers, I've dealt with the topic of spam and open relays many times. As such, I'm also familiar with laws involved dealing with the traffic that goes through servers.

    In general, you aren't responsible for the traffic that goes through your server, as long as you can't be reasonably expected to know what's going through there. The courts will uphold this as it relates to mail servers. It's not the job of the relays to censor what goes through them. And if the government attempted to pass such a law, it would be a clear violation of the first amendment.

    Also, remember that the administrator is guilty of no crime. The criminal is the spammer; the one sending the obnoxious and abusive unsolicited commercial e-mails.

    You're showing your ignorance with your abusive comments. I've written several books and deal with these matters on a daily basis. Tell me, what's your qualifications to argue this?

  4. We already know, and admins already know by bigberk · · Score: 2, Informative

    There are several projects out there that are detecting and blocking open relays (quite effective... I have used this and similar blocklists on my mail server). FTC wouldn't be doing anything groundbreaking, except more formally contacting the owners. Not that mail server admins don't notice when millions of sites start bouncing their mail because they're listed on such places as ordb and dsbl! After all, that is part of the effect of blocklists... puts pressure on people who run improper mail servers.

  5. Re:E-mail needs to be "closed" by bigberk · · Score: 4, Informative

    NO. A central authority-based communications system is not going to accomplish much... it will, however, put the power of communications in the hands of few companies (probably monopolies)... it will let them charge fees... and it will ruin the versatility, adaptability, and reliability that we have because there is a great diversity of small hosts handling all their own email.

    You want to stop spam? Grab spamprobe or something and watch your spam disappear. You want a more efficient and scalable solution for a big organization? Install DCC and be done with spam for your whole site. Seriously, spam is no longer a problem because both user-side and server-side tools with near perfect accuracy exist. If you're seeing spam, it's because your ISP isn't taking advantage of the filtering solutions that are available.

    I'm not talking out of my ass... I've been keeping a close eye on mail and spam issues for the past decade. Spam is dead, so if spam still bothers you force your ISP to employ modern filtering. My university did, and the flood of spam dropped from 100/day to 0 in my account (they're using DCC). At home I employ spamprobe and again I see next to 0 spam.

  6. Please stop pointing out the FTC is US only (d'uh) by maggard · · Score: 5, Informative
    For those not literate enough to read the linked story (yet apparently compulsively posting here) let me quote the second sentence(emphasis mine):
    The FTC and 36 other government agencies from 26 countries have launched Operation Secure Your Server.
    All of those who have already posted inane comments about the US's FTC not having extra-territorial jurisdiction, and the fools who moderated them up, are now asked to read the original article out loud to themselves and in the future refrain from posting until they're sure they're not making public asses of themselves.

    --
    I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
  7. Re:Problem... by Caveman+Og · · Score: 4, Informative
    Once all/most/many of the relays that they can use without *overtly* breaking the law close up, spammers will simply turn to *overtly* breaking the law, as in creating zombie networks. And as soon as those poorly maintained computers are cleaned up, they will simply use the same virus/worm/exploit to 0wn more poorly maintained computers (These computers will coincedently tend to be crawling with malware already).
    You're behind the curve. Spammers have actually already run out of machines they can use without *overtly* breaking the law, and starting about TWO YEARS ago, began exploiting security vulnerabilitys and employing professional virus-writers in Russia and the Ukraine.

    There have now been four or five generations of proxy-trojan backdoor worms, with features such as randomized port listening, making them next to impossible to detect until the spam begins.

    Several dozen "zombie networks" already exist, along with hijacked netblocks of companies which went under during the "dot-bomb" in 2001.

    In fact, there are places on the web where you can buy lists of exploited machines. As someone who investigates spam for a living, it's been nearly two years since I've seen spam through an open relay mailserver. Almost everything now comes from infected home PCs on cable or DSL lines.

    Though any such move would doubtlessly be controversial, I suggest writing a "white hat" virus what would:
    This "white-hat" in particular disagrees with your use of the word "controversial" and suggests you substitute "liable to land one in prison for 10 years". Recommendations of "hacking the hackers" and "spamming the spammers" are sophmorish, unprofessional, and when implemented, tend to attract the attention of law enforcement onto your ass rather like sticking a lightning rod up it.

    Happily, spammers still don't know how to write a proper SMTP client. Most spamware only approximates a real SMTP transaction (usually well enough to work). Without going into detail (for obvious reasons), this can be detected.

    See the Composite Block List as an example of the practical application of passive detection of spammer malware.

    Here's a hint for those running their own mailservers: Spamware tends to time out very quickly. Add a short delay before your MTA presents an SMTP banner (oh, 30 seconds is fine). Most spamware will start behaving as if you don't even exist. The SMTP RFCs say clients should wait for the initial banner for five minutes before timing out .

    4.5.3.2 Timeouts

    Initial 220 Message: 5 minutes

    An SMTP client process needs to distinguish between a failed TCP connection and a delay in receiving the initial 220 greeting message. Many SMTP servers accept a TCP connection but delay delivery of the 220 message until their system load permits more mail to be processed

    There are a few places which set their timeouts ridiculously short, like Yahoo, and UUNet, and if you do a lot of business with them you'll need to whitelist. Otherwise, go to town.

    --Og

  8. Code Green/Nachi revisited by csk_1975 · · Score: 3, Informative

    The Nachi worm and Code Green were attempts to fix Blaster and Code Red. They caused more damage than they fixed - especially Nachi which is still flooding everyone with ICMP echo requests. I am also surprised that you have never seen it suggested before - hint use Google

    Closing open relays is a great first step and I hope this program has some effect.

    If spammers are driven to using trojaned home computers to send their junk then there will be much more pressure bought to bear on ISPs to do port 25 egress filtering which will stop the trojans dead in their tracks

  9. Re:Legal action against open relays would be wrong by Anonymous Coward · · Score: 1, Informative
    It's called "maintaining an attractive nuisance"

    A common example is the requirement in many places that pools be fenced, even if the property enclosing it is posted as "no trespassing" -- the theory is that a child will be so attracted to the pool that the prohibition on entering the land is ineffective.

    The equating of spammers with children is not accidental.