Slashdot Mirror
FTC vs. Open Relays, round 2
mbrain writes "PC World is reporting on a new federal program run by the FTC to close relays and proxies that serve as spam gateways. It's called 'Operation Secure Your Server'. The FTC will publicize this program by... sending tens of thousands of emails." I think it's a continuation of this program.
I have to wonder how many owners they will be able to successfully contact. It has been a long time since I've actually seen a WHOIS record listing a valid email address. Plus, popular registration services like Dotster now offer email masking as a standard part of domain registration.
I think this is mostly due to the trend of spammers attempting to "steal" domain registrations by doing thousands of WHOIS searches and contacting domain owners.
How many roads must a man walk down? 42.
What I'd give to get that list
HOW'S MY POSTING? CALL 1-800-POSTING
People who have open relays (in most instances) are either too stressed or too ignorant to understand what that means, and getting a letter from the FTC won't change that (in most instances.)
The FTC can only suggest that the relays be closed. Until they have some form of enforcement, there is nothing preventing those with open relays from ignoring the emails (assuming this is the rare situation where the above does not apply).
This doesn't take into account that some of those relays may be there on purpose, as in ISPs possibly colluding with, and also possibly profiting from, spam.
libertarianswag.com
Stop SPAM by sending thousands of emails? That's funny.
>Does anything in CAN-SPAM make it unlawful to knowingly aid and abet spammers in the United States?
It's only knowingly when you've been told by the spammer he'll be using your relay for spamming.
I don't think that applies for someone uninvolved warning you that it might be. You aren't aiding and abetting someone stealing your car when you ignore the "keep your car locked" signs at the parking lot, are you? (I really, really, really hope not, anyways.)
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
I remember when I was a kid ... My dad had an operation similar to this ... it was code named.
"Close the damned door, we ain't air conditioning the whole damned neighborhood."
That program was affective, dont see why this one won't be.
They couldn't come up with a better name, I mean isn't the whole point of government projects to confuse people as to what the the intent of the program is while tying in some patriotic theme.
Perhaps I might offer a bit of suggestion.
"Operation Cage the Free Eagle"
See, you got no idea what it really means, but it says Operation and includes "FREE and EAGLE", it must be good.
Ignore the "p2p is theft" trolls, they're just uninformed
Whether you like it or not, there's nothing that's wrong about having open relays.
Bullshit. If your open relay is used by spammers, it inconveniences hundreds of thousands, or even millions of users. It costs ISPs and businesses money to deal with the spam that's spewing out of your open relay.
If I wish to leave my house door unlocked, it's not the business of the government to tell me I have to lock it. It may be irresponsible, but it's my right.
What a stupid analogy! If you leave your house unlocked, the only person likely to be hurt by it is you when you come home and find your stereo, PC, and TV gone. If you leave an open relay, you potentially hurt many innocent third parties. If you want a better analogy, it's like the government telling you that you can't leave a loaded shotgun on a picnic bench in a public park.
Just the same, I have the right to have an open relay and not close it. They have no right to tell me how to run my server. I accept the consequences of how I run it.
So does that mean that you're going to reimburse me and the other postmasters who have to deal with the spam? Are you going to compensate the users who got spam through your open relay? Are you willing to accept legal responsibility for the porn ads sent through your system to e-mail addresses of children? If not, in what way are you accepting the consequences?
As a sysadmin at an ISP, this is good news for me. Getting customers to close their open relays has always been a hassle. "We really need you to take care of this; its against our terms of service" is often followed by "Well, maybe we'll just find another ISP."
"We expect you to take care of this; you're operating in violation of Federal Trade Commission policy" has a much nicer ring to it. One less likely to generate argument.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Actually, if I got a letter from the FTC I might well look into what it said. But if I got an email supposedly from the FTC, I would likely just ignore it without even opening it (after forwarding a copy to uce@ftc.gov).
I'm an American. I love this country and the freedoms that we used to have.
What boggles my mind is how hostile people get towards end users of fairly complicated Mail hosting programs. Personally, I've had to deal with the people at ordb.org, and let me tell you, they're a bunch of jackasses about the whole thing. If you had a chance to read their old FAQ (they've since changed it), you could tell that whoever wrote it was getting off on forcing people to change their server settings as he saw fit. So, while I'm getting barked at by customers who's "e-mail won't work," I've got to sit through childish comments about how I suck as an admin. The whole thing really pissed me off.
I understand that many of you uber-users expect that every admin should know all the ins and outs of every server/program, but I'm afraid that's just not possible sometimes. Our Wireless ISP consisted of 3 technically-capable people. Between setting up people's connections, repairing relay sites (using both proprietary and OTS equipment), setting up servers, setting up routing, technical support, providing network content shaping, hosting/designing websites, setting up policy enforcement, documenting it all, securing the network, AND providing e-mail to boot, there's just not enough time to do everything and get it right the first time. BESIDES, what's so wrong about expecting things to work when you do a regular install?
Since when has default == basically broke?
-Grym
NO. A central authority-based communications system is not going to accomplish much... it will, however, put the power of communications in the hands of few companies (probably monopolies)... it will let them charge fees... and it will ruin the versatility, adaptability, and reliability that we have because there is a great diversity of small hosts handling all their own email.
You want to stop spam? Grab spamprobe or something and watch your spam disappear. You want a more efficient and scalable solution for a big organization? Install DCC and be done with spam for your whole site. Seriously, spam is no longer a problem because both user-side and server-side tools with near perfect accuracy exist. If you're seeing spam, it's because your ISP isn't taking advantage of the filtering solutions that are available.
I'm not talking out of my ass... I've been keeping a close eye on mail and spam issues for the past decade. Spam is dead, so if spam still bothers you force your ISP to employ modern filtering. My university did, and the flood of spam dropped from 100/day to 0 in my account (they're using DCC). At home I employ spamprobe and again I see next to 0 spam.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
There have now been four or five generations of proxy-trojan backdoor worms, with features such as randomized port listening, making them next to impossible to detect until the spam begins.
Several dozen "zombie networks" already exist, along with hijacked netblocks of companies which went under during the "dot-bomb" in 2001.
In fact, there are places on the web where you can buy lists of exploited machines. As someone who investigates spam for a living, it's been nearly two years since I've seen spam through an open relay mailserver. Almost everything now comes from infected home PCs on cable or DSL lines.
This "white-hat" in particular disagrees with your use of the word "controversial" and suggests you substitute "liable to land one in prison for 10 years". Recommendations of "hacking the hackers" and "spamming the spammers" are sophmorish, unprofessional, and when implemented, tend to attract the attention of law enforcement onto your ass rather like sticking a lightning rod up it.Happily, spammers still don't know how to write a proper SMTP client. Most spamware only approximates a real SMTP transaction (usually well enough to work). Without going into detail (for obvious reasons), this can be detected.
See the Composite Block List as an example of the practical application of passive detection of spammer malware.
Here's a hint for those running their own mailservers: Spamware tends to time out very quickly. Add a short delay before your MTA presents an SMTP banner (oh, 30 seconds is fine). Most spamware will start behaving as if you don't even exist. The SMTP RFCs say clients should wait for the initial banner for five minutes before timing out .
There are a few places which set their timeouts ridiculously short, like Yahoo, and UUNet, and if you do a lot of business with them you'll need to whitelist. Otherwise, go to town.--Og