Slashdot Mirror
UUNet Is The Number 1 Spam Host
An anonymous reader submits "Statistics for February have UUnet leading the Spamhaus top 10 worst Spam ISPs chart. The Register point out that ISPs like UUnet and Abovenet continue to host spammers despite advertising anti-spam AUPs." And the competition is probably wishing they had as much luck.
Thanks to Mozilla + Bayesian filters.
Seriously, my life has changed for the better thanks to Open Source. I don't know what I'd do without it.
Background: 28/M/Bi-Sexual; Owner of a Linux company; MBA Harvard 2003; B.S. Comp Sci MIT 2000
Could this probably be because UUNet in my understanding is one of the largest ISP's?
Veni, Vidi, Velcro!
...goes around. I'm sure when spam block become so vicious that ISP's like this are blocked off they will either go under or change their mind
Rus
Cheap UK and US VPS
why would the competition would have luck by hosting SPAMMERS? get payed because of all the traffic?
------
mmmm round and soft...
I know not where it comes from, but I know where it goes. About 500 pieces of it each day, most of it filtered. I have to wonder aloud, with such a deluge, do any of these fools pushing junk actually believe such an onslaught will generate business?
A feeling of having made the same mistake before: Deja Foobar
If I get another bogus e-mail from "anyone@attbi.com" I'm gonna snap!!! They are no more! Kill it in the registrar...
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
The easiest way to stop spam is as follows:
Step 1: Buy an aluminum baseball bat.
Step 2: Find spammer.
Step 3: Beat spammer with aluminum baseball bat.
Step 4: Sell what is left of spammer to Hormel, makers of spam.
Step 5: Deposit money into legal fund for defense against spam. (Baseball bat Distribution center)
Does anyone have a mirror? I can't seem to load the page.
After reading this, I'd rather go with AOL than some bastard ISP that allows spam to exist. Screw you UUNET.
Spammers can sneak into even the most STRINGENT anti-spam ISP network. A stolen credit card that works only once gets a spammer an account that can deliver many thousands of letters before they're shut down. UUnet isn't spam-friendly anymore than Rackspace is spam-friendly. Spam is going nowhere until good authentication techniques are implemented internet-wide.
... or does anyone really think that these guys are NOT aware of this?
Big ISPs which can afford to lose customers talk shit and do nothing. You know as well as I do that it's going to be us, the end-users, who have to be proactive about this. These ISPs don't give a fuck. They're probably run by cable school drop-outs.
I think it's pretty much been proven that this is wishful thinking. When a provider starts blocking large stretches of IP blocks owned by a particular ISP like UUNet, average users scream bloody murder. My prediction is UUNet will do nothing, and nothing will happen to UUNet. Sad but true.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
UUNet is probably just trying to get as many customers as possible.
I'm not sure if this reasoning is sound if we're talking about regular accounts, unless spammers are paying for their bandwidth (a thing I expect they avoid doing at all cost).
A regular customer who checks email once a day should be a lot more profitable to a ISP than someone who sends spam all day long.
Of course things are probably different with commercial accounts... I'm not familiar with UUNet so I don't know if they are a commercial only ISP.
Treehugger? Treehugger... Treehugger!
What, are you training to be an editor here? All you need now is some trollish editorial at the end of your link, some misspelling, and you'll be well on your way!
0 1&mode=thread
http://slashdot.org/article.pl?sid=04/03/01/18182
our new spam overlords...
Large portions of UUNet have been listed by the various anti-spam blacklists, such as Spamhaus, and all of UUNet is blacklisted in SPEWS. These providers are the scum of the Earth. They will delay, misdirect, and outright lie to keep their sweet large contracts with the spammers, at the expense of all their other customers.
Do you want to put your faith in a business that is indirectly lining the pockets of spammers?
Doing the Right Thing should not be preempted by making a buck.
So what that he is bisexual? Really now, what part of that merits that he should be modded down?
Its time for ISP's to take responsiblity for the shit that they host. Didint Gates say that spam will be dead by 2006? ( http://www.cbsnews.com/stories/2004/01/24/tech/mai n595595.shtml). Time to start breaking down doors Bill. I guess he could just use a backdoor in to the spammers running windows.
Do they use stolen credit cards regularly? I wouldn't think so. You can get away with spam a lot of the time without legal conseqences but credit card fraud is another matter. Wouldn't any spammer that did this sort of thing get caught fast? Or do they go through chained proxies to do it all and regularly get away with it?
UUNet should give known spammers on their network their own IP range. If you spam, you get moved into that range. Those who don't want their crap can then easily filter it out by blocking those allocated spammer IPs. And the ISP still gets paid.
Customers who are running legitimate mail servers can stay out of that range as long as they don't break the AUP. The ISP doesn't even have to kill port 25 on the spammer IPs. They could simply limit the amount of bandwidth that can be used to something like 10MB per day on port 25. Which is reasonable. There's no incentive to out and out ban those IPs if no massive amount of junk can come out of them. The spammer is just forcibly restricted until they can behave themselves. At which time they can go back to a less restricted IP range.
I don't think there's any law that says ISPs can't selectivly put people in certain IP ranges. I don't think spammers have any way to fight it under current anti-discrimination laws. If you can even call it discrimination since it's would be based solely on the actions of the person and not who they are.
Ben
Work Safe Porn
Before this debate gets too out of hand, has anyone weighted amount of spam vs. size of network?
UUNet is a large, large carrier with many networks globally. Are they the worst spammer because they have the most network entry/exit points, or are they unfairly attacked here because they are just large?
The reason UUNET is known as a facilitator of the largest amount of spam is that they are the largest ISP. And many of their customers have what is called an open relay. Since most UUNET customers send thier outbound mail through mail.uu.net (UUNET's mail relay), spammers that find an open relay send email that looks as if it is coming from a UUNET customer (and UUNET's mail relay.) This is a problem that UUNET tries to remedy, but educating a I-D-10-T customer )not to mention 10,000 customers) about his/their own mail server's open relaying capabilities is difficult to say the least. If a spammer tries to use UUNET's mail relays directly, it does not last long and eventually he is told to take his buisness elsewhere. The people that think that UUNET is using spammers to make more money are just plain ignorant.
At issue is the business model for interconnection agreements between carriers. When an IP carrier interconnects with another, the basic metric to see who pays whom and how much is the download/upload ratio of the connecting carrier. Peering (at-cost interconnects) is only granted to carriers with whom there is a level upload/download ratio.
So if you're an IP carrier with no or little hosting on your network, you mostly download from your interconnects. Therefore you pay more to interconnect with the big IP backbones like UUnet.
If you're UUnet, there is an economic incentive for you to host spammers, because it boosts your upload; therefore you pay less (or, in the case of UUnet, get more money) on interconnects.
If I was UUnet, I don't see why I would waste money on fighting spammers who (1) are my customers and (2) increase my bottom line by boosting upload at interconnects.
By considering all packets to be equal on the backbone, you're averaging "unwanted" traffic vs. "useful" traffic such as web traffic (aka porn). The side effect of this is, you're paying for spam with your Internet connection.
Oh the irony...
I particularly enjoy the "Ads by Google" in the banner at right of the article, for
Bulk Mailer
Reach 500,000 opt-in recipients
and Bulk Email List
Low Cost Bulk Email Marketing Full Email Reports.
it makes that nice "Ping" upon good contact with the kneecap, and no pesky splinters get formed that could be traced back to the original bat...plus, no worries about breaking, just swing away, and watch your spam go down the drain...
Is there a reliable way to identify the origin (ISP-wise) of an email in the content? I'm using Spamoo, and I would like to tell its moderators which IPs are definitely spams.
Nowadays Sender/From fields are useless!
I thought that UUnet was just a backbone? I know that my ISP is a small local cable company, and that in turn they get their connection from UUnet. I'm not sure that a regular home user can get an account there. And yes, it is by far the nation's largest ISP, this probably has something to do with the problem in more ways then one. It's the MS syndrome: if you are big enough, you're going to be the most-targeted for lots of malicious things. At the same time, being the biggest means not worrying as much about taking care of your customers: where else are they going to go?
once you go slack, you never go back
Posted anonymously, no karma whoring
It's not about spam, it's about trust
A domain of a spammer listed for level13 was rooted. OR did a spammer root all of this users domains and use them to spam?
p
This is just untrue. UUNET sets limits on the amount of email a customer sends out. If they want to send over that limit, they have to document why and confirm that the emails are actually wanted. If it is determined that someone is spamming they are warned once. Then thier service is cut off and they are told to take thier business elsewhere. The problem is open relays as I explained in my post lower down in the thread.
of course, I've used blacklists and whitelists on my acct (from softhome.net). They also have a thing called greylisting (some opensource guy came up with the idea; sry, don't have linkie) which is like the telezapper I have on my phone; it holds an email and doesn't tell the sender's server if it was successfull or not [timeout] then waits for the sender's server to try again and since most spammers use a mass-mailing program that uses a "take it or leave it" tactic, it catches most spam.
Of course, I've added ppl I know to a whitelist so there's no delay and added IP ranges (typically uunet or above.net and some from the UK, china, korea, etc.) [Class B and Class C] to my perma-blacklist. Being able to blacklist IP ranges {or even mail that doesn't have a sender address regardless of IP) is very useful. I don't get spam that's mailed directly to me anymore (still get some spam that's sent to a mailing list like sourceforge's MLs, though).
One odd thing I've noticed is that softhome's implementation of one of the blacklisting options has changed and effectively blocks all email that's not ok'd by me (the blank sender address filter that is). But it's ok, most ppl I know get placed on my whitelist or if I'm sending to some company, I make sure I add the companies domain(s) to my whitelist as well. Hey, it's a small price to pay for lack of spam.
Also, if someone legit tries to email me and gets blocked, they get an error from their host that reports that "the server doesn't like them". Good for those pesky relatives...hehehe
At least they are bigger than Exodus & Level3 in one way. Bill LaPerch is doing such a great job at Abovenet, you'd never guess that he's such a gravy-sucking pig.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Does anyone remember when UUNet was black listed? Or when Rogers was blacklisted?
Those were the days... but the age of activist sys admins is gone... we have been replaced with dot bomb drop outs who care about nothing more than a few $$$.
We are finished.
And think about it... what antispam technique can you think of that is more effective than filters and less intrusive (IE less clicking) to the users?
Loads of things are effective but all make the user work harder than they would by just deleting the spam.
Think of spam as an advert in your newspapaer or a commercial on TV. You're fucked and nothing can be done about it. Get a TIVO and suck it up.
E.
I run a report daily that tells me where my Bayesian-identified spam came from (IP address and host name via reverse lookup).
Out of the approximately 16 daily reports in my inbox, only two addresses are uu.net. I'm seeing comcast.net (37 occurences) and adelphia.net (29 occurences) a lot more, by comparison.
My experience with UUNet:-
1. In 2000 a spammer in Louisiana forges one of my domains in spam runs sent via UUNet - I get tens of thousands of bounces and hundreds of complaints.
2. I complain to UUNet - no action.
3. I phone UUNet security as the runs are being sent - no action.
4. Every weekend for 2 months this happens and I get sick of it.
5. I start to autobounce all this junk back to abuse@uunet.com.
6. Spammer sends a run using a different ISP.
7. UUNet gets really pissed that I bounce 1000 mails to abuse@uunet.com which didn't originate from their network (with some justification).
8. UUNet block all access from my class C to their servers.
9. The spam runs sent via UUNet continue....
Forward to 2004, I still can't send mail to uunet.com!
Yes- but the funny thing is that these days, ISPs are so competitive that there is little to no way to differentiate between them; even the slightest advantage/disadvantage can have wide-ranging consequences.
In fact, one of the largest factors is reliability, both locally and long-range; you don't want your T1 to go down, and you pretty much expect to be able to get to anything on the internet. UUnet is widely regarded as one of the most reliable. Wouldn't it be a shock if, gee whiz, UUnet customers suddenly found their mail bouncing back to them, they couldn't get to websites(and their customers couldn't get to -their- website), and so on?
The very fascinating part is that it doesn't take much to make this sort of thing effective; the mere chance that your site might not be accessible to people is enough to make you want to switch, or not go with UUnet at all.
The problem is that you have to hurt them more than spam is helping them. Yes, helping. For every byte of a spam that gets delivered, who makes money? Not the spammers, directly. If SMTP traffic were unbillable, UUnet would be all over spam like a dog on fleas. But, it makes them money and makes up more and more of their business, quite frankly. I'm sure they -love- spam. Too bad that such a vision is remarkably shortsighted- if spam gets bad enough, people will be driven away from email just like they were driven away from usenet(I used to read usenet daily- I haven't fired up a news reader in probably 10 years, because all of usenet is just spam, spam, and more spam).
I think it's time we reinstituted the usenet death penalty, only for routers, webservers, and email servers. Participation from businesses is unlikely, but there are plenty of sites still run by individuals willing to make a point. Heck, you don't even have to block them, you can just trigger a blurb on every webpage("Hi there, you're a UUnet customer. UUnet supports spammers. If they keep doing it, you won't be able to view this webpage") based on their IP, for example.
Please help metamoderate.
It is really to bad to hear such negative things about UUNET. They are one of the early pioneers of the Internet providing the east coast Unix to Unix (UU) network of universities. Maybe their early academic roots of open, unfettered access kept them from seeing the need to clamp down in later days.
Don
I am a UUNet/Worldcom customer and have multiple pipes to my network from their backbone. I think they have one of the best-performing backbones on the Internet.
Unfortunately, while I am happy with UUNet's performance and stability, I am even more unhappy with their apathy towards their network being clogged by spam traffic. And at least 40% of the bandwidth I pay for is consumed by unwanted UCE, so they actually profit from this crap. As a result, there's not much incentive for them to address it. And I have to grudgingly pass these expenses on to my customers.
But UUNet is not any different from other top-tier ISPs. They hide behind the "common carrier" metaphor, using it as an excuse to justify a large portion of the bandwidth they sell to others which is unuseable due to spamming.
I can't help but think if I ordered a telephone line, and 40-60% of the time I had "noise" interfereing with my ability to communicate, that the phone company would be obligated to resolve the situation. Unfortunately, with ISPs, there doesn't seem to be anyone at the top that really gives a damn, nor any incentive on their part to address the situation.
Change your sig, otherwise your just asking to be marked at a troll in anything you post.
I'm not saying that I agree or disagree with it, just being giving you some friendly advice.
Life is not for the lazy.
If they actually taked Hotmail into account, i am sure it's the main source of spam. May be not for the big spammers, they have their own smtps, but those spams are the easier to block, i mean, come-on, if it says viagra, no mother how obfuscated .. bayesians take care of it. But, let me tell you, lots of little spammers hurts more than one big, and those people uses mostly hotmail to spam. Besides this, I sysadmin, and let me tell you, once i did something like "grep -i hotmail maillog > hotmail; grep -v hotmail maillog > realmail; ls -lh"; let me tell you, the hotmail file was REALLY bigger than realmail .... Not only spam, also most of legitimate mail goes through hotmail.
I Know it can't be done, but banning hotmail would help a lot.-
WTF am I doing replying to an AC at 5 A.M on a Friday night?
They control 30% of the internet, they are like your ISP's ISP. So this statistic is really moot.
I bought viagra online from a florida spammer. After I received the Viagra, I filed a lawsuit against the spammer, then settled for $7500.
Fight Spammers!
nearly all spams contain a link to somewhere. I just filter out the domains those links go to since no legitimate e-mail will contain a link to those domains. You also can't hide the destination of a link if you don't leave the harvesting solely up to an automated system.
Takes care of most of the spam. And it costs spammers money every time they get a new domain so I can deal with what little spam gets through before the filter is updated. I've put hundreds of domains in my Mercury Mail filter which equals thousands of dollars worth of domains that are now useless for sending spam through my mail server. And it doesn't matter how distorted the header or body is. The domain can't be distorted or it won't work as a link.
Ben
Work Safe Porn
n/t
Blacklisting a whole network like UUNet, which -- that's the problem -- does not only host spammers, is exactly the approach that doesn't work, at least if you're relying on the Net for anything serious.
Imagine a company using black lists such as SpamCop: once in a while, they would happen to bounce customer email and the reason would be "you are spam"!! Not great customer care. Same goes for any communication of a company with the outside world (recruitment, PR, technical collaborations...).
That's why the solution cannot be blacklisting. You gotta find better than that!
Quack, quack.
there'll be spam? (see previous /. articles)
Considering lots of it is advertising US products in US units, the US is either the target and/or producer for an awful lot of spam...
Considering that these schmucks will not accept email from small fry. If you run a legitimate business on a DSL line, have a small allocation... fugetaboutit... You cannot send email to a UUNet hosted company. You have to go through your "DSL mail" provider (even though said provider is not your email provider).
So we are making life easy for ourselves by advising our client base to leave UUNet for better pastures. Not that hard when they and their parent are bankrupt. We simply note to them that a) business email is important, and it could represent lots of revenue, b) the kind folks at UUNet have decided a-priori who can and cannot email you, and c) they have been enabling so much spam, have ridiculous email limits, and their costs are far too high compared to their competitors. After that, the show-me-the-money types are quite happy to ditch them.
to just automatically move an account over to a spam IP if port 25 traffic gets too much than to pull the account entirely. Cox Communications supposedly already has an automated system to redistribute IPs (mine's never changed). So it's not something drastic that would need to be implemented.
As other people have mentioned, relays are a big part of the problem. It's better to "punish" ignorant customers by moving them to a restricted port 25 IP than to cut them off entirely. By moving them there's no harm no foul since they weren't the ones directly spamming anyway and probably won't notice they were moved.
If they do notice and call then the ISP can tell them to do something about their excessive e-mail sending and point them at the AUP. It's all very quick and painless to resolve the issue since it's the customer that has to take action to speak with people and not the company making the calls. People who have to call when they know they broke the rules are far less likely to do anything.
Cox recently cut off incomming port 25. Probably because of myDoom. I'm not about to call and complain because I was trying to run a spam can on my home system. Outgoing port 25 has been blocked since I got the service. And it would be a waste of time and money for them to call me and yell at me. They quietly cut off my server and I just shut my mouth about it.
By having a no harm no foul automated system you can punish a spammer as soon as say X MB of e-mails get sent in Y amount of time. Versus finding out about it later after it's too late and gigs of e-mails have been sent.
Automatically kicking customers entirely is just asking for trouble because the ignorant (those who unknowingly relay) will be kicked which will result in bad PR where there should be none.
You can still kick the spammer entirely. It's just a matter of starting with a little punishment and then escelating only as nesseccary.
Kicking a customer should be the last resort when just limiting port 25 traffic is sufficient.
Ben
Work Safe Porn
...from the "yeah, NO SHIT" department...
Right is wrong when left is right.
The issue of spammers is fairly unrelated to the different major bandwidth suppliers. We have three different providers here and spammers rarely request or care which network we put them on. They just want to get their 1.5 day's of major spamming done before we shut them down. The issue is what is going on at data centers to stop spammers quickly and what is being done on the internet to make spamming unprofitable.
./revolution
Perhaps this would hurt spammers the only place that counts - in the pocketbook. When a message is confirmed as spam then have a filter extract all the urls from the message and place them in a file. Have an hourly cron job visit that list of urls and download using wget everything at that url and all of it's subfolders - and delete the files after downloading - and bypass the proxy if you have one - these are all wget options. Have the hourly cron job keep only the last 10,000 or so urls so that there is some semblance of only downloading current spam urls.
This process, if followed by millions of spam haters (perhaps we could have a public spam url website that would let people fetch a hundred urls at a time to work on that we could upload our own spam urls to), would apply the slashdot-effect to all the spammers. Bandwidth costs money for them - it's the only way to make 'em stop.
Natch. IP address range for spammers is not enough.
Insist that spammers turn on the Evil bit - RFC 3514.
(More seriously - RFC 3675, ".sex considered dangerous", gives a little more thinking about why this is a Bad Idea. This is NOT an Internet standard, but it's a well written document.)
How hard would it be for all ISPs to scan their own customers for open mail relays?
There, that ought to stir up more comments by those who know more than I.
This issue is a bit more complicated than you think.
Wasn't Paul Vixie, the creator of anti-spam vigilantes MAPS, the CTO of AboveNet?
Just FYI, UUnet is now owned by MCI. UUnet/MCI also have a large amount of dial-up (modem) POPs, which is resold through other companies and used by end users. They also offer DSL in some markets.
All of this is in addition to them being the largest backbone.
What about legitimate companies who get listed by Dpamhaus, Spamcop, SPEWS, etc?
All these do is make it a hassle to get removed from the list, even when you take the necessary steps required (jumping through loops is an understatement for some, especially SpamHaus).
Yes I work for a web host company. Yes we have anti-spam AUPs. Yes we still believe people when they call for a sale (let's face it, cash is cash, and if a person calls you up asking for half a dozen servers you're going to be inticed, and if they fully know and agree to the polocies already in place and agree to abide by them, you really have to believe them and work with them a little).
Spamhuas even goes so far as to slander hosting companies who do have customers who send unsolicited email.
So what do we use? SpamAssassin. Kills a very good percentage of spam before our users see it, including our own accounts which have been in existance for what feels like eternity.
When Anti-spam products like these start to interfere with business, not only our own but that of our customers, I have to seriously question the merit behind them.
I was getting deluged by uu.net originated spam, and of course abuse@uu.net is ignored.
Finally I resorted to bouncing all uu.net originated spam to sales@uu.net and info@uu.net
make the sales scum suffer the same problem they inflict on everyone else by selling their pink contracts.
Some of the indignant replies from the sales staff were quite amusing. I guess they told their spammers to delete me from thier spam runs, as the volume quickly dropped and then finally stopped completely.
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2
Other responders have adequately answered the question and demonstrated why--that spammers really do make good money this way. The question that lies past that one is: Why are people foolish enough to buy from spam, and what do we do about it? I have... a modest proposal.
Why don't we deal this problem the same way we deal with prostitution? Make buying in response to spam a crime, just like soliciting a prostitute is a crime? The commercial relationship is already quite similar, in that the consumer usually pays money and ends up getting screwed (and is more likely to get a virus).
Maybe if responding to a spam solicitation was illegal, people would show more discretion. It would at least add a little bit of needed chlorine to the on-line gene pool...
Although it is convienient for the individual, having a super fantastic spam filter is not a good solution to the problem of spam because it doesn't change the fundamental disbalance of spam.
Spammers are stealing the surplus bandwidth of the 'information superhighway' for their own benefit. No one has the 'right' to send hundreds of thousands of emails soliciting a financial transction for their private benefit (of the benefit of those who hire spammers) over fiber optic lines that they have not paid for. They have paid for non-commercial bandwidth.
If spammers want to have a dedicated channel to hundreds of millions of people that they can use for their private gain, then let them spend hundreds of millions of dollars to lay fiber optics in the ground and across the oceans.
Until they do that, then they are just thieves. And they should be treated as thieves. This is like a trucking company demanding two lanes on every interstate highway in the country for their own private use and paying no gas, weight, or highway use tax.
Plus spam programs by their very nature must examine every piece of e-mail that comes to you. Basicly you are surrendering your e-mail privacy to a program in order to avoid being inconvienced by thieves.
Better just to get rid of the thieves.
Whatever happened to the idea of the 'USENET death sentence'? Seems like a similar idea, implemented against large-scale spamhauses, would be a good idea. Too hard to implement nowdays, or what?
What about this here Spamd stuff I've been reading about with OpenBSD? Does it make spammer's lives a little more difficult? Tying up their resources while never sending any of their junk out?
Firstly, all ISPs (and corperations, schools, unis and so on) should block port 25 by default.
Those that want to run a mailserver for legitimate reasons can do so but anyone who hasnt speicificly said "I want to run a SMTP server on my connection" will be prevented from doing so (this would cut out 99% of the spam comming from spam zombie boxes)
Second, close open relays (if you need to have an "open machine" run some kind of SMTP authentication)
Thirdly, implement SPF for more hosts and more clients (if you want to run your own mail server with xxx@mydomain.com addresses but relay through mailservers at ISP, work etc, just add those SMTP servers to the SPF record)
And forthly, be more proactive in blacklisting ISPs that are known spam havens (if enough people block the IP ranges of bulletproofspamhosting.com, spammers wont be able to get their messages through and bulletproofspamhosting.com will go out of business when the spammers leave)
If its a regular ISP with non-spam customers as well, pressure from the non-spam customers (especially if those non-spam customers are big) might convince the ISP to dump the spamers.
Eventually, if this happens enough, ISPs will realize that hosting spamers means that they will be blacklisted.
This whole spam thing should be easy to solve.
Look, spam just doesn't pay unless the spam actually points at an end destination; the person or company that actually profits most from spam. These people must be stationary and locatable otherwise, again, they couldn't profit from spam.
Many times, this should be enough. Does anyone here really believe that a pill will enlarge their penis? That's false advertising! Most of the ridiculous "deals" that are offered on popular, expensive software have been shown to be counterfeit AND loaded with trojans that allow more spamming. Why aren't governments around the world interested in stopping these activities, which have been declared illegal by almost every civilized country? Why isn't Microsoft/BSA attacking these clowns instead of prosecuting the poor sunuvabitch that just left a copy of Office on the hard drive when they moved the machine to production?
Now, once you locate the person or company that pays for spam, you can follow the money trail to the people who generate the spam and these people generally aren't respected or liked by anyone. Why the hell haven't they been shut down yet? As stated above, lots of counterfeit software has been loaded with trojans to promote more spamming; who profits from this? Why, the very spammers that everyone says they want to shut down anyway; so why isn't Microsoft/BSA threatening the countries who harbor these activities?
I've been running mimedefang alongside spamassassin and graphdefang to help catch my spam.
Something really interesting happened the other day. I noticed that > 90% of my spam was coming from the IP 206.46.164.23 | 22
So, I happily blacklisted the host.
Whereupon, I began getting complaints that users were unable to send mail to us from Yahoo!
I promptly made the discovery that Yahoo!'s servers are happily sending me over 90% of all my spam. It despicable.
I have a domain which I've had for years (3+), before that someone else had it. To this day I'm recieving spam to users that doesn't exist on my system and which thus are directly rejected by my mailer.
Now my question is this; since we can be 99.99% sure that everything mailed to these non-existant users (which haven't existed here for years and no normal person would try and contact over and over again) are spam, where/how could I use this information?
I'd like to have a script (I run exim so if I could set up rules to trigger it directly that'd be great) which basically updated realtime block lists with the IPs of these spammers contacting me.
Not a good idea? I wouldn't mind using such a list.
Belief is the currency of delusion.
I know they're not anyone's favorite company, but it's worth noting that AOL is not anywhere on the top 10 list. Not so many years ago (less than 5), they used to top that list most of the time, and the rest of the time they were in the top 3 (not necc. Spamhaus's list, but Spamcop's definitely, back when they meant something).
Having been involved in the work, I can tell you that AOL was one of the first, if not the first, large ISP to implement tagging of outbound email with the true email address of the sender, regardless of whether or not they put it in there (the X-Apparently-From header that AOL inserted). Also close to the first, or the first, to implement outbound filtering of email for spam. When the second one was put into place, I watched the ranking and saw AOL drop from #1 to nowhere on the top 10.
-Todd
"The details of my life are quite inconsequential..."
The spammyness of your web hosting ISP can be a major factor. When you sign up with a host company, either dedicated or shared, you are assigned an IP address from their "pool". If you get an IP from a former spammer life is not good!
I got an IP address that was blacked listed by SPEWS once. Much of my email would not work and the web host company would not change my IP. They suggested I contact SPEWS. I later learned that the host company was a spammer magnet and I was not alone. I switched companies and all is well.
Jeff
The major ISPs charge in a metered fashion. That means all their customers pay by the MB, GB, etc. A spammer who uses bandwidth to send spam is going to pay for all that data - but so will the end user in the ISP's system. The ISP knows that spam is an issue, but it provides them with zero-maintenance traffic, constantly running up the user's 'meter'. In a capitalist society, profit is always the motive. The ISP doesn't just charge you what the bandwidth costs them... They add a percentage that equals profit. [Begin technically inaccurate but wholly educational example] XISP has a fixed cost of 10 cents per Gigabyte of traffic, upstream or down. They charge 12.5 cents per Gig. Spammer_X sends out 20GB of spam. He pays the ISP $2.50 for that privilege. Since cost was $2, they made 50 cents. Now, assume that the mail is primarily directed at ISPs who lease lines from XISP, and who pay that same 12.5 cents per Gig. If they get 60% of the downstream covered, they'll be able to make another $1.50 off the traffic they originated. So for transferring 20GB across their own network, they made $4 on something that cost them $2. THAT is why the "Common Carriers" take their time getting rid of spammers. The longer they can let the guy spew his mail, the more 'incidental revenue' they can scrape together.
Self-referential sigs are rarely entertaining.
How do you know that the company or site named had any thing to do with the spam? If putting an URL in a mass-mailing is enough to get the owners of that URL punished (financially or legally), then you will see joe-job spam used as yet another means to harrass uninvolved third parties.
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
And if you're on dial-up, then is 10 times worse than that. My parents' ISP recently started blocking measures, but up to then it was 20-30 idiotic spam messages, sometimes with graphics. Of course, those stupid chain-letters are even worse...
Yes, but sometimes it just pays to take your time and enjoy yourself...
Gee, isn't it deceptive trade to say one thing and do another? Is failure to enforce a published contract, saying that everyone has to abide by it fraudulant?
On the email servers I manage, UUNet, Level3, Shaw, Cox, and Above.net are all almost completely blocked. The bounce message says "This site does not accept email by default from your current ISP. Please call xxx-xxx-xxxx to request whitelisting."
I love it when spammers call and try to get whitelisted. Like I've never heard of SpamCop, SpamHaus, SPEWS or News.Admin.Net-Abuse.Sightings...
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
For all of those missing their regular goatse.cx fix, it's back up at goat.cx instead.
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
GROSS!
UUNet and Abovenet record a massive surge in the number of new accounts registered with their ISPs...
...for watching porn all day.
CAn'T CompreHend SARcaSm?
Since autumn 2002, I've been calling for people to Boycott MCI for exactly this reason. Note that UUNet is still part of the MCI group.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
UUnet belonged to the defunct WorldCom.
So is this at all surprising?
My ISP is blocking all outgoing port 25 connections.
More and more ISP's force this onto their home users and render the Internet less usable.
Granted, it gives them a little more control over the email traffic - it has to go through *their* mail-server, so they can set preciser rules (limit the number of emails per minute or so) - but it also limits my freedom to do with my connection what I want.
And this only because some idiots catch some Windows malware and turn into zombies.
Why am I pissed off? Sounds like a good idea?
Yeah, except that their SysAdmins, that dont trust me, arent good enough to keep their own mailserver running. And if I have to wait 1 hour to get my mail send, just because they prevent me from delivering it myself, I'm pissed.
And I really liked to read my error logs to find out instantly if there are problems with an email instead of waiting 2 days till my ISP sends me a : "I've tried several times and still wasnt able to deliver it"-message.
Finally, I dont like the whole : "let's protect our stupid lusers from themself"-strategy.
Educate them, instead of putting them in a cotton wool cage.
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
Have we ever thought about the idots who actually bother providing the backbone connections to spammers in the first place. Qwest is one
Imagine a beowolf of slashdotters pinging of these down.
http://www.spamhaus.org/rokso/index.lasso
Query replace ping shoot.
disclaimer: I do NOT advocate people for actually finishing 200 individuals responsible for 90% of spam, this was supposed to be joke.
Emacs is good operating system, but it has one flaw: Its text editor could be better.
WHOLLA - ARRRRG!
/.
Voila - French, meaning (roughly) "Look at that!"
Perhaps we should add that to the ongoing LOOSE/LOSE problem on
www.eFax.com are spammers
My university uses it, and it's extremely effective. I'd say it stops about 90% of spam, and worms too. Not that I agree with the method, but it works very well (since spammers haven't caught on yet).
Wow, post an anti-fundamentalist screed in a different thread, and watch a +3 insightful post in a different topic drop to a -1 offtopic/flamebait...
Tough crowd...
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
I must beg to differ with this, but perhaps this varies with different countries or Europe/U.S. policy? I live/work in Sweden.
I once worked for a rather large customer of Worldcom. Some times a technician phoned us and helpes us track down open relays and other problems inside our network (which wasn't completely within our immediate control, but we always got rid of the machines one way or another).
Very helpful!
Spam is going nowhere until good authentication techniques are implemented internet-wide.
Why not do what my ISP did to me when I established my account, paying by check.
Namely, I had to show them a driver's license.
It's the same principle, really. Before the authorities controlling the traffic let me out on the public road where I could do a great deal of damage I have to get tested and get a unique and authenticated proof that I've passed the test.
Why not the same for anyone capable of spewing IP packets?
And just as commercial drivers licenses give their possessors greater authority to drive large heavy dangerous vehicles, an IP-issuer license would be graded similarly based on how many MB/s your connection is capable of spewing.
Make Aunt Tillie learn a little more about viruses and worms a little more before she hooks that Windows ME box up to the cable modem...
"Provided by the management for your protection."
My post about working at the data center and our experience get's a +4 but this person get's "troll"ed? That isn't fair.
My experience if I went more in depth would be to also include the fact that spam listing's like Spamhaus and Spews, hurt our business on a regular basis even though we are constantly fighting spam.
One spammer can cause tons of customers to be unable to send mail to anyone using Spews, Spamhaus or any of the other spam blacklists and this simply isn't fair to them. We need to fight spam intelligently and these blacklists are obviously not solving the problem.
./revolution
The spamoo link in the grandparent comment works. However, when I tried to learn "About Spamoo" on the General Menu in the page, it only produced the required page SOME of the time for me. I had to try several times before it brought up the requested page.
So, it may be that a link in a comment, in and of itself, won't get one /.'d, but apparently a link in a comment.... to a site whose functionality is partially implemented as aspx's ;-), is sufficient to earn one partial /.'ing. I wonder what their server's horsepower is, and if it's doing anything else this evening.....