Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC vs. Open Relays, round 2

Posted by michael on from the drop-in-the-bucket dept.

mbrain writes "PC World is reporting on a new federal program run by the FTC to close relays and proxies that serve as spam gateways. It's called 'Operation Secure Your Server'. The FTC will publicize this program by... sending tens of thousands of emails." I think it's a continuation of this program.

3 of 255 comments (clear)

  1. Re:E-mail needs to be "closed" by bigberk · · Score: 4, Informative

    NO. A central authority-based communications system is not going to accomplish much... it will, however, put the power of communications in the hands of few companies (probably monopolies)... it will let them charge fees... and it will ruin the versatility, adaptability, and reliability that we have because there is a great diversity of small hosts handling all their own email.

    You want to stop spam? Grab spamprobe or something and watch your spam disappear. You want a more efficient and scalable solution for a big organization? Install DCC and be done with spam for your whole site. Seriously, spam is no longer a problem because both user-side and server-side tools with near perfect accuracy exist. If you're seeing spam, it's because your ISP isn't taking advantage of the filtering solutions that are available.

    I'm not talking out of my ass... I've been keeping a close eye on mail and spam issues for the past decade. Spam is dead, so if spam still bothers you force your ISP to employ modern filtering. My university did, and the flood of spam dropped from 100/day to 0 in my account (they're using DCC). At home I employ spamprobe and again I see next to 0 spam.

  2. Please stop pointing out the FTC is US only (d'uh) by maggard · · Score: 5, Informative
    For those not literate enough to read the linked story (yet apparently compulsively posting here) let me quote the second sentence(emphasis mine):
    The FTC and 36 other government agencies from 26 countries have launched Operation Secure Your Server.
    All of those who have already posted inane comments about the US's FTC not having extra-territorial jurisdiction, and the fools who moderated them up, are now asked to read the original article out loud to themselves and in the future refrain from posting until they're sure they're not making public asses of themselves.

    --
    I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
  3. Re:Problem... by Caveman+Og · · Score: 4, Informative
    Once all/most/many of the relays that they can use without *overtly* breaking the law close up, spammers will simply turn to *overtly* breaking the law, as in creating zombie networks. And as soon as those poorly maintained computers are cleaned up, they will simply use the same virus/worm/exploit to 0wn more poorly maintained computers (These computers will coincedently tend to be crawling with malware already).
    You're behind the curve. Spammers have actually already run out of machines they can use without *overtly* breaking the law, and starting about TWO YEARS ago, began exploiting security vulnerabilitys and employing professional virus-writers in Russia and the Ukraine.

    There have now been four or five generations of proxy-trojan backdoor worms, with features such as randomized port listening, making them next to impossible to detect until the spam begins.

    Several dozen "zombie networks" already exist, along with hijacked netblocks of companies which went under during the "dot-bomb" in 2001.

    In fact, there are places on the web where you can buy lists of exploited machines. As someone who investigates spam for a living, it's been nearly two years since I've seen spam through an open relay mailserver. Almost everything now comes from infected home PCs on cable or DSL lines.

    Though any such move would doubtlessly be controversial, I suggest writing a "white hat" virus what would:
    This "white-hat" in particular disagrees with your use of the word "controversial" and suggests you substitute "liable to land one in prison for 10 years". Recommendations of "hacking the hackers" and "spamming the spammers" are sophmorish, unprofessional, and when implemented, tend to attract the attention of law enforcement onto your ass rather like sticking a lightning rod up it.

    Happily, spammers still don't know how to write a proper SMTP client. Most spamware only approximates a real SMTP transaction (usually well enough to work). Without going into detail (for obvious reasons), this can be detected.

    See the Composite Block List as an example of the practical application of passive detection of spammer malware.

    Here's a hint for those running their own mailservers: Spamware tends to time out very quickly. Add a short delay before your MTA presents an SMTP banner (oh, 30 seconds is fine). Most spamware will start behaving as if you don't even exist. The SMTP RFCs say clients should wait for the initial banner for five minutes before timing out .

    4.5.3.2 Timeouts

    Initial 220 Message: 5 minutes

    An SMTP client process needs to distinguish between a failed TCP connection and a delay in receiving the initial 220 greeting message. Many SMTP servers accept a TCP connection but delay delivery of the 220 message until their system load permits more mail to be processed

    There are a few places which set their timeouts ridiculously short, like Yahoo, and UUNet, and if you do a lot of business with them you'll need to whitelist. Otherwise, go to town.

    --Og