FTC vs. Open Relays, round 2

mbrain writes "PC World is reporting on a new federal program run by the FTC to close relays and proxies that serve as spam gateways. It's called 'Operation Secure Your Server'. The FTC will publicize this program by... sending tens of thousands of emails." I think it's a continuation of this program.

How many can they find?

[digitalvengeance]

I have to wonder how many owners they will be able to successfully contact. It has been a long time since I've actually seen a WHOIS record listing a valid email address. Plus, popular registration services like Dotster now offer email masking as a standard part of domain registration.

I think this is mostly due to the trend of spammers attempting to "steal" domain registrations by doing thousands of WHOIS searches and contacting domain owners.

Re:How many can they find?

[kyndig]

I host a domain name which has been rumpled for the past 3 years. I developed a script to detect open relays and block them. This list is currently 25,000+ entries in my fire wall. They don't need to send out emails, just ask for a list of open relays from host providers. Just a basic website with a frontend to a database storage would suffice. This would allow host providers to input lists of open relays which can be verified by automated scripts.

I foresee some problems with this...

[bc90021]

People who have open relays (in most instances) are either too stressed or too ignorant to understand what that means, and getting a letter from the FTC won't change that (in most instances.)

The FTC can only suggest that the relays be closed. Until they have some form of enforcement, there is nothing preventing those with open relays from ignoring the emails (assuming this is the rare situation where the above does not apply).

This doesn't take into account that some of those relays may be there on purpose, as in ISPs possibly colluding with, and also possibly profiting from, spam.

Re:I foresee some problems with this...

[dev11]

This doesn't take into account that some of those relays may be there on purpose, as in ISPs possibly colluding with, and also possibly profiting from, spam.

Just a minor nit. There probably still are ISP's that profit from so called pink contracts, but I don't see a spammer purposely running an open relay. Spammers are more interested in finding open relays and servers than running them. Operating an open relay serves no purpose to a spammer, and would likely draw attention. One of the reasons (aside from free bandwidth) of using an open relay is to hide your identity.

Problem...

[The+Master+Control+P]

Once all/most/many of the relays that they can use without *overtly* breaking the law close up, spammers will simply turn to *overtly* breaking the law, as in creating zombie networks. And as soon as those poorly maintained computers are cleaned up, they will simply use the same virus/worm/exploit to 0wn more poorly maintained computers (These computers will coincedently tend to be crawling with malware already).

Though any such move would doubtlessly be controversial, I suggest writing a "white hat" virus what would:

1) Check if a machine was unpatched/0wned (Probably meaning "it could infect it in the first place")
2) Once loading itself, download and run anti-spyware/-adware/-spamware/-malware applications to clean up the computer
3) Contact and infect other hosts, but NOT at such a rate as to bring down networks.

I omitted suggesting that it download the latest patches, because (as is oft pointed out) one reason many people and organizations DON'T download the latest patches for Windows is that they often break other things.

Although, again, this would be extremely controversial, I am suprised at never having seen it suggested before.

open relays today, licensed email tomorrow?

[twitter]

Can someone tell me the difference between an internet with open relays and one of peer machines where everyone is free to run mail transport agents. ? If my open MTA records your IP address, don't I know who hijacked me to spam? Isn't that the same as being spammed in the first place? Is this just another step towards an internet of legaly privileged "servers" broadcasting emsil and the rest of us "clients" soaking up whatever Corporate America decides we should? What's the practical benifit of cracking down on open relays when the world is full of hijacked Windoze boxes on cable modems that are serving kiddie porn while blasting us all with DDoS and spam attacks?

Good news for ISPs

[Spazmania]

As a sysadmin at an ISP, this is good news for me. Getting customers to close their open relays has always been a hassle. "We really need you to take care of this; its against our terms of service" is often followed by "Well, maybe we'll just find another ISP."

"We expect you to take care of this; you're operating in violation of Federal Trade Commission policy" has a much nicer ring to it. One less likely to generate argument.

E-mail needs to be "closed"

[LostCluster]

The Internet's greatest strength is also its greatest weakness. At a technical level, everything with an IP address is a peer to all other devices with IP addresses... no special license is needed to make somebody a server. When it comes to e-mail, the same SMTP protocol that your favorite e-mail program uses to reach your outgoing mail server is the same SMTP that server is going to use to relay the message to the next server. You don't need anything special if you want to set up a mail server for your organization... but that also means nothing prevents a virus-infected PC from being an e-mail relay that starts spewing Spam on behalf of the virus writer.

Any "secure" system needs a "root of trust", someone or something that is a trustworthy party from which all other relationships can be traced back to. Most things on the Internet don't have a central authority, and that's by design to prevent censorship. However, e-mail is one thing that we want censorship for... we want abusers of the system thrown out.

However, to reliably kick out abusers, there needs to be a central authority. In short, there needs to be some sort of approval body for e-mail servers to prove that they're trustworthy operators, so that any e-mail that passes through them is sure to not be spam, with reprocussions for the server operators who do let spam through their system. In short, a closed system, where membership for servers is by approval, and therefore those who operate e-mail services have to enforce limits on their customers.

Unfortunately, that's so incompatable with the e-mail system we have today... any dreams of creating a No-Spam-Allowed e-mail system can go sit between IPv6 and the Devorak keyboard design in the pile of ideas that look good on the drawing board but will never be put into widespread use.

Waste of time and effort...

[Kjella]

There'll be more than enough hosts compromised somewhere, instead try to fix the damn system with proper certificates, "soft" blocking like hashcash or similar, easy feedback of SPAM, easy whitelisting of mailing lists etc.

Hell, I just recently discovered that my RHL9 box has been somehow compromised. Don't ask me how, but those sendmail spam zombie processes weren't mine. And on this Win2k PC I run anti-virus, firewall, the works. Still, a few things slips through the cracks, at least for a time.

But see how, my Linux box if routed shouldn't get a domain. It would be @[IP] @???.bb.online.no (dns of that IP) or @[spammer-provided domain], not @aol.com. And even if I wanted to run a mailserver here on a residential DSL - it's reasonable to limit my delivery speed by hashcash or some such measure.

If I wanted to do mass mailings (opt-in, the good kind, they exist, remember?) there should be a whitelisting system. Some kind of cryptographic token or similar, as proof of the opt-in. But noone seem to be doing anything like that.

Damage control is the way to go. Running around chasing the latest compromising trojan and whatever is futile, at least to cure the problem, not just the symptoms.

Kjella