UUNet Is The Number 1 Spam Host

An anonymous reader submits "Statistics for February have UUnet leading the Spamhaus top 10 worst Spam ISPs chart. The Register point out that ISPs like UUnet and Abovenet continue to host spammers despite advertising anti-spam AUPs." And the competition is probably wishing they had as much luck.

What comes around...

[rf0]

...goes around. I'm sure when spam block become so vicious that ISP's like this are blocked off they will either go under or change their mind

Rus

Re:What comes around...

[orion024]

That's a valid point. Or... we might help accelerate that process. What if filtered spam was "returned" to the sender? Granted this would put extra load on all of our own ISP email servers, but it would put a MUCH greater load on the ISP's who host the spammers. It's one thing to send out 1million spam messages on your server, but to have to deal with all of those emails coming right back at them...

why?

[.silG.00]

why would the competition would have luck by hosting SPAMMERS? get payed because of all the traffic?

Re:Spam doesn't matter to me

[MikeCapone]

It's indeed possible to catch most of it with good filtering (I get over a hundred a day and catch about 95% of it -- but I'm using a webmail account so I don't have control over the filtering), but it's still clogging up the net and wasting everybody's bandwidth.

Sometimes I wonder if we'd "feel" a big difference in net responsiveness (browsing, file transfer, latency in online gaming, etc) if all spam stopped suddenly. Probably.

Wow, there's a surprise.

[James+A.+H.+Joyce]

Big ISPs which can afford to lose customers talk shit and do nothing. You know as well as I do that it's going to be us, the end-users, who have to be proactive about this. These ISPs don't give a fuck. They're probably run by cable school drop-outs.

Re:ATTBI.COM!!!!!!

[ackthpt]

If I get another bogus e-mail from "anyone@attbi.com" I'm gonna snap!!! They are no more! Kill it in the registrar...

263.net/263.com bombs me pretty consistently, I think it's chinese. It suggests pretty strongly to me that a lot of this "Chinese censorship" stuff is crap. If you've got the dough, then you can do as you please in the PRC.

Give spammers their own IP range

[KalvinB]

UUNet should give known spammers on their network their own IP range. If you spam, you get moved into that range. Those who don't want their crap can then easily filter it out by blocking those allocated spammer IPs. And the ISP still gets paid.

Customers who are running legitimate mail servers can stay out of that range as long as they don't break the AUP. The ISP doesn't even have to kill port 25 on the spammer IPs. They could simply limit the amount of bandwidth that can be used to something like 10MB per day on port 25. Which is reasonable. There's no incentive to out and out ban those IPs if no massive amount of junk can come out of them. The spammer is just forcibly restricted until they can behave themselves. At which time they can go back to a less restricted IP range.

I don't think there's any law that says ISPs can't selectivly put people in certain IP ranges. I don't think spammers have any way to fight it under current anti-discrimination laws. If you can even call it discrimination since it's would be based solely on the actions of the person and not who they are.

Ben

Re:So why are there still customers?

because the reality is:

1. every person who buys hosting just cant afford to deal with being "politically correct" when choosing providers. Its not practical to change ISP's every 3 months because their current ISP pisses off some vocal minority who represents some whacko cause (take porn, for instance, whom hosting providers get a lot of flack from Christian groups)

2. Sometimes financial constraints force you to go with one provider alone

3. If an ISP shuts down spammers, some other ISP will be happy to make the lost profits that that ISP didnt want to make

4. The SPEWS people are generally regarded as a bunch of hypocritical zealots. Very few people use them and very few people care what they say.

You're paying for it

[ZakMcCracken]

At issue is the business model for interconnection agreements between carriers. When an IP carrier interconnects with another, the basic metric to see who pays whom and how much is the download/upload ratio of the connecting carrier. Peering (at-cost interconnects) is only granted to carriers with whom there is a level upload/download ratio.

So if you're an IP carrier with no or little hosting on your network, you mostly download from your interconnects. Therefore you pay more to interconnect with the big IP backbones like UUnet.

If you're UUnet, there is an economic incentive for you to host spammers, because it boosts your upload; therefore you pay less (or, in the case of UUnet, get more money) on interconnects.

If I was UUnet, I don't see why I would waste money on fighting spammers who (1) are my customers and (2) increase my bottom line by boosting upload at interconnects.

By considering all packets to be equal on the backbone, you're averaging "unwanted" traffic vs. "useful" traffic such as web traffic (aka porn). The side effect of this is, you're paying for spam with your Internet connection.

hahaa, rooted spammer

[ph43thon]

A domain of a spammer listed for level13 was rooted. OR did a spammer root all of this users domains and use them to spam?


p

Re:Spam doesn't matter to me

[fembots]

Yeah, spammers are also using HTML tags, eg viagra, which in a HTML-enabled email client will just show viagra, but this kills a lot of filter. these guys are trying out another approach to deal with this though.

how about blacklisting until they clean up

[MoFoQ]

of course, I've used blacklists and whitelists on my acct (from softhome.net). They also have a thing called greylisting (some opensource guy came up with the idea; sry, don't have linkie) which is like the telezapper I have on my phone; it holds an email and doesn't tell the sender's server if it was successfull or not [timeout] then waits for the sender's server to try again and since most spammers use a mass-mailing program that uses a "take it or leave it" tactic, it catches most spam.

Of course, I've added ppl I know to a whitelist so there's no delay and added IP ranges (typically uunet or above.net and some from the UK, china, korea, etc.) [Class B and Class C] to my perma-blacklist. Being able to blacklist IP ranges {or even mail that doesn't have a sender address regardless of IP) is very useful. I don't get spam that's mailed directly to me anymore (still get some spam that's sent to a mailing list like sourceforge's MLs, though).

One odd thing I've noticed is that softhome's implementation of one of the blacklisting options has changed and effectively blocks all email that's not ok'd by me (the blank sender address filter that is). But it's ok, most ppl I know get placed on my whitelist or if I'm sending to some company, I make sure I add the companies domain(s) to my whitelist as well. Hey, it's a small price to pay for lack of spam.

Also, if someone legit tries to email me and gets blocked, they get an error from their host that reports that "the server doesn't like them". Good for those pesky relatives...hehehe

Re:Spam doesn't matter to me

[ackthpt]

problem is when it catchs important mail and then you have to check for 1 good in hundreds of bad ones

Sunday: 429 emails, 1 valid. It's not often like that, some days I get as many as 10 valid for about the same overall volume.

UUNet the Home of Spam

[csk_1975]

My experience with UUNet:-

1. In 2000 a spammer in Louisiana forges one of my domains in spam runs sent via UUNet - I get tens of thousands of bounces and hundreds of complaints.

2. I complain to UUNet - no action.

3. I phone UUNet security as the runs are being sent - no action.

4. Every weekend for 2 months this happens and I get sick of it.

5. I start to autobounce all this junk back to abuse@uunet.com.

6. Spammer sends a run using a different ISP.

7. UUNet gets really pissed that I bounce 1000 mails to abuse@uunet.com which didn't originate from their network (with some justification).

8. UUNet block all access from my class C to their servers.

9. The spam runs sent via UUNet continue....

Forward to 2004, I still can't send mail to uunet.com!

Re:UUNet the Home of Spam

[platipusrc]

Speaking of online spam-only type accounts, have you received a bunch of email lately with no subject and no body? It seems weird to me. Is that some group testing out open relays or something? My Yahoo account had about 20 of those from the last 5 days, and they weren't flagged as spam.

Re:I'm not seeing it...

[humankind]

Comcast is my number one source of domestic spam as well. My largest source of foreign spam is coming from Wanadoo.fr. That's after I was forced to refuse connections from the plethora of Chinese IPs that seem to solely exist to promote penis-enlargement and home mortgage scams.

What a shame, maybe it is their open roots

[donheff]

It is really to bad to hear such negative things about UUNET. They are one of the early pioneers of the Internet providing the east coast Unix to Unix (UU) network of universities. Maybe their early academic roots of open, unfettered access kept them from seeing the need to clamp down in later days.

Don

It's easier

[KalvinB]

to just automatically move an account over to a spam IP if port 25 traffic gets too much than to pull the account entirely. Cox Communications supposedly already has an automated system to redistribute IPs (mine's never changed). So it's not something drastic that would need to be implemented.

As other people have mentioned, relays are a big part of the problem. It's better to "punish" ignorant customers by moving them to a restricted port 25 IP than to cut them off entirely. By moving them there's no harm no foul since they weren't the ones directly spamming anyway and probably won't notice they were moved.

If they do notice and call then the ISP can tell them to do something about their excessive e-mail sending and point them at the AUP. It's all very quick and painless to resolve the issue since it's the customer that has to take action to speak with people and not the company making the calls. People who have to call when they know they broke the rules are far less likely to do anything.

Cox recently cut off incomming port 25. Probably because of myDoom. I'm not about to call and complain because I was trying to run a spam can on my home system. Outgoing port 25 has been blocked since I got the service. And it would be a waste of time and money for them to call me and yell at me. They quietly cut off my server and I just shut my mouth about it.

By having a no harm no foul automated system you can punish a spammer as soon as say X MB of e-mails get sent in Y amount of time. Versus finding out about it later after it's too late and gigs of e-mails have been sent.

Automatically kicking customers entirely is just asking for trouble because the ignorant (those who unknowingly relay) will be kicked which will result in bad PR where there should be none.

You can still kick the spammer entirely. It's just a matter of starting with a little punishment and then escelating only as nesseccary.

Kicking a customer should be the last resort when just limiting port 25 traffic is sufficient.

Ben

I NEVER get uu.net spam any more

[sik+puppy]

I was getting deluged by uu.net originated spam, and of course abuse@uu.net is ignored.

Finally I resorted to bouncing all uu.net originated spam to sales@uu.net and info@uu.net

make the sales scum suffer the same problem they inflict on everyone else by selling their pink contracts.

Some of the indignant replies from the sales staff were quite amusing. I guess they told their spammers to delete me from thier spam runs, as the volume quickly dropped and then finally stopped completely.

Re:I NEVER get uu.net spam any more

[sik+puppy]

not really - I just sent it back to its source. If pink contracts become more trouble than they are worth, maybe they'll stop getting written.

complaining to abuse@uu.net doesn't work. complaining to sales@uu.net and info@uu.net does work - the sales staff need the leads and inquiries generated, therefore they have to look through their inbox instead of just dumping it all.

Spam solutions

[jonwil]

Firstly, all ISPs (and corperations, schools, unis and so on) should block port 25 by default.
Those that want to run a mailserver for legitimate reasons can do so but anyone who hasnt speicificly said "I want to run a SMTP server on my connection" will be prevented from doing so (this would cut out 99% of the spam comming from spam zombie boxes)

Second, close open relays (if you need to have an "open machine" run some kind of SMTP authentication)

Thirdly, implement SPF for more hosts and more clients (if you want to run your own mail server with xxx@mydomain.com addresses but relay through mailservers at ISP, work etc, just add those SMTP servers to the SPF record)

And forthly, be more proactive in blacklisting ISPs that are known spam havens (if enough people block the IP ranges of bulletproofspamhosting.com, spammers wont be able to get their messages through and bulletproofspamhosting.com will go out of business when the spammers leave)
If its a regular ISP with non-spam customers as well, pressure from the non-spam customers (especially if those non-spam customers are big) might convince the ISP to dump the spamers.
Eventually, if this happens enough, ISPs will realize that hosting spamers means that they will be blacklisted.

Something really interesting...

[KingRobot]

I've been running mimedefang alongside spamassassin and graphdefang to help catch my spam.

Something really interesting happened the other day. I noticed that > 90% of my spam was coming from the IP 206.46.164.23 | 22

So, I happily blacklisted the host.

Whereupon, I began getting complaints that users were unable to send mail to us from Yahoo!

I promptly made the discovery that Yahoo!'s servers are happily sending me over 90% of all my spam. It despicable.

How ISPs make money from Spammers - Clarification

[ZB+Mowrey]

The major ISPs charge in a metered fashion. That means all their customers pay by the MB, GB, etc. A spammer who uses bandwidth to send spam is going to pay for all that data - but so will the end user in the ISP's system. The ISP knows that spam is an issue, but it provides them with zero-maintenance traffic, constantly running up the user's 'meter'. In a capitalist society, profit is always the motive. The ISP doesn't just charge you what the bandwidth costs them... They add a percentage that equals profit. [Begin technically inaccurate but wholly educational example] XISP has a fixed cost of 10 cents per Gigabyte of traffic, upstream or down. They charge 12.5 cents per Gig. Spammer_X sends out 20GB of spam. He pays the ISP $2.50 for that privilege. Since cost was $2, they made 50 cents. Now, assume that the mail is primarily directed at ISPs who lease lines from XISP, and who pay that same 12.5 cents per Gig. If they get 60% of the downstream covered, they'll be able to make another $1.50 off the traffic they originated. So for transferring 20GB across their own network, they made $4 on something that cost them $2. THAT is why the "Common Carriers" take their time getting rid of spammers. The longer they can let the guy spew his mail, the more 'incidental revenue' they can scrape together.

Re:Slashdotting spam domains ...

[RyLaN]

No, no no and no. Fighting fire with mass wget will just further clog the network. Think of it, some spammer finds out that you started this scheme. Next thing you know, they put your domain in a spam email and you get ddos'd to high heaven.

Re:Do they use stolen credit cards regularly?

[ddent]

Apparently your not familiar with the plight of most internet merchants these days. Credit card fraud is basically ignored, and is the merchant's liability. Sad, but true.

Re:Spam doesn't matter to me

The difference between the electricity you use when your machine is idle vs. filtering spam, and likewise for the route it reached you via is probably not that large, and considering the amount of time your machine is idle or performing other tasks vs. filtering spam, and likewise for the route.

If spam increased the usage of computing resources by tens of percents, that would be significant, but I'm pretty sure that it makes less than 1% of a difference. Getting rid of spam would save much less energy than focusing on making the computing devices themselves consume less energy - because electricity is relatively cheap, the only devices optimized for energy consumption are those that rely on batteries (e.g. laptops).

I'm not defending spam, just trying to put your argument into perspective.

Re:Looks like you CAN get /,'d from a comment link

[Helen+O'Boyle]

Blockquoth the parent:

You don't get slashdotted just because you're in somebody's comment, even a well-moderated one.

9:35pm PST:
The spamoo link in the grandparent comment works. However, when I tried to learn "About Spamoo" on the General Menu in the page, it only produced the required page SOME of the time for me. I had to try several times before it brought up the requested page.

So, it may be that a link in a comment, in and of itself, won't get one /.'d, but apparently a link in a comment.... to a site whose functionality is partially implemented as aspx's ;-), is sufficient to earn one partial /.'ing. I wonder what their server's horsepower is, and if it's doing anything else this evening.....