Slashdot Mirror


UUNet Is The Number 1 Spam Host

An anonymous reader submits "Statistics for February have UUnet leading the Spamhaus top 10 worst Spam ISPs chart. The Register point out that ISPs like UUnet and Abovenet continue to host spammers despite advertising anti-spam AUPs." And the competition is probably wishing they had as much luck.

12 of 346 comments (clear)

  1. What comes around... by rf0 · · Score: 5, Interesting

    ...goes around. I'm sure when spam block become so vicious that ISP's like this are blocked off they will either go under or change their mind

    Rus

    1. Re:What comes around... by orion024 · · Score: 5, Interesting

      That's a valid point. Or... we might help accelerate that process. What if filtered spam was "returned" to the sender? Granted this would put extra load on all of our own ISP email servers, but it would put a MUCH greater load on the ISP's who host the spammers. It's one thing to send out 1million spam messages on your server, but to have to deal with all of those emails coming right back at them...

  2. Re:Spam doesn't matter to me by MikeCapone · · Score: 5, Interesting

    It's indeed possible to catch most of it with good filtering (I get over a hundred a day and catch about 95% of it -- but I'm using a webmail account so I don't have control over the filtering), but it's still clogging up the net and wasting everybody's bandwidth.

    Sometimes I wonder if we'd "feel" a big difference in net responsiveness (browsing, file transfer, latency in online gaming, etc) if all spam stopped suddenly. Probably.

  3. Wow, there's a surprise. by James+A.+H.+Joyce · · Score: 5, Interesting

    Big ISPs which can afford to lose customers talk shit and do nothing. You know as well as I do that it's going to be us, the end-users, who have to be proactive about this. These ISPs don't give a fuck. They're probably run by cable school drop-outs.

  4. Give spammers their own IP range by KalvinB · · Score: 4, Interesting

    UUNet should give known spammers on their network their own IP range. If you spam, you get moved into that range. Those who don't want their crap can then easily filter it out by blocking those allocated spammer IPs. And the ISP still gets paid.

    Customers who are running legitimate mail servers can stay out of that range as long as they don't break the AUP. The ISP doesn't even have to kill port 25 on the spammer IPs. They could simply limit the amount of bandwidth that can be used to something like 10MB per day on port 25. Which is reasonable. There's no incentive to out and out ban those IPs if no massive amount of junk can come out of them. The spammer is just forcibly restricted until they can behave themselves. At which time they can go back to a less restricted IP range.

    I don't think there's any law that says ISPs can't selectivly put people in certain IP ranges. I don't think spammers have any way to fight it under current anti-discrimination laws. If you can even call it discrimination since it's would be based solely on the actions of the person and not who they are.

    Ben

  5. You're paying for it by ZakMcCracken · · Score: 5, Interesting

    At issue is the business model for interconnection agreements between carriers. When an IP carrier interconnects with another, the basic metric to see who pays whom and how much is the download/upload ratio of the connecting carrier. Peering (at-cost interconnects) is only granted to carriers with whom there is a level upload/download ratio.

    So if you're an IP carrier with no or little hosting on your network, you mostly download from your interconnects. Therefore you pay more to interconnect with the big IP backbones like UUnet.

    If you're UUnet, there is an economic incentive for you to host spammers, because it boosts your upload; therefore you pay less (or, in the case of UUnet, get more money) on interconnects.

    If I was UUnet, I don't see why I would waste money on fighting spammers who (1) are my customers and (2) increase my bottom line by boosting upload at interconnects.

    By considering all packets to be equal on the backbone, you're averaging "unwanted" traffic vs. "useful" traffic such as web traffic (aka porn). The side effect of this is, you're paying for spam with your Internet connection.

  6. Re:Spam doesn't matter to me by fembots · · Score: 5, Interesting

    Yeah, spammers are also using HTML tags, eg viagra, which in a HTML-enabled email client will just show viagra, but this kills a lot of filter. these guys are trying out another approach to deal with this though.

  7. UUNet the Home of Spam by csk_1975 · · Score: 5, Interesting

    My experience with UUNet:-

    1. In 2000 a spammer in Louisiana forges one of my domains in spam runs sent via UUNet - I get tens of thousands of bounces and hundreds of complaints.

    2. I complain to UUNet - no action.

    3. I phone UUNet security as the runs are being sent - no action.

    4. Every weekend for 2 months this happens and I get sick of it.

    5. I start to autobounce all this junk back to abuse@uunet.com.

    6. Spammer sends a run using a different ISP.

    7. UUNet gets really pissed that I bounce 1000 mails to abuse@uunet.com which didn't originate from their network (with some justification).

    8. UUNet block all access from my class C to their servers.

    9. The spam runs sent via UUNet continue....

    Forward to 2004, I still can't send mail to uunet.com!

  8. It's easier by KalvinB · · Score: 4, Interesting

    to just automatically move an account over to a spam IP if port 25 traffic gets too much than to pull the account entirely. Cox Communications supposedly already has an automated system to redistribute IPs (mine's never changed). So it's not something drastic that would need to be implemented.

    As other people have mentioned, relays are a big part of the problem. It's better to "punish" ignorant customers by moving them to a restricted port 25 IP than to cut them off entirely. By moving them there's no harm no foul since they weren't the ones directly spamming anyway and probably won't notice they were moved.

    If they do notice and call then the ISP can tell them to do something about their excessive e-mail sending and point them at the AUP. It's all very quick and painless to resolve the issue since it's the customer that has to take action to speak with people and not the company making the calls. People who have to call when they know they broke the rules are far less likely to do anything.

    Cox recently cut off incomming port 25. Probably because of myDoom. I'm not about to call and complain because I was trying to run a spam can on my home system. Outgoing port 25 has been blocked since I got the service. And it would be a waste of time and money for them to call me and yell at me. They quietly cut off my server and I just shut my mouth about it.

    By having a no harm no foul automated system you can punish a spammer as soon as say X MB of e-mails get sent in Y amount of time. Versus finding out about it later after it's too late and gigs of e-mails have been sent.

    Automatically kicking customers entirely is just asking for trouble because the ignorant (those who unknowingly relay) will be kicked which will result in bad PR where there should be none.

    You can still kick the spammer entirely. It's just a matter of starting with a little punishment and then escelating only as nesseccary.

    Kicking a customer should be the last resort when just limiting port 25 traffic is sufficient.

    Ben

  9. Spam solutions by jonwil · · Score: 4, Interesting

    Firstly, all ISPs (and corperations, schools, unis and so on) should block port 25 by default.
    Those that want to run a mailserver for legitimate reasons can do so but anyone who hasnt speicificly said "I want to run a SMTP server on my connection" will be prevented from doing so (this would cut out 99% of the spam comming from spam zombie boxes)

    Second, close open relays (if you need to have an "open machine" run some kind of SMTP authentication)

    Thirdly, implement SPF for more hosts and more clients (if you want to run your own mail server with xxx@mydomain.com addresses but relay through mailservers at ISP, work etc, just add those SMTP servers to the SPF record)

    And forthly, be more proactive in blacklisting ISPs that are known spam havens (if enough people block the IP ranges of bulletproofspamhosting.com, spammers wont be able to get their messages through and bulletproofspamhosting.com will go out of business when the spammers leave)
    If its a regular ISP with non-spam customers as well, pressure from the non-spam customers (especially if those non-spam customers are big) might convince the ISP to dump the spamers.
    Eventually, if this happens enough, ISPs will realize that hosting spamers means that they will be blacklisted.

  10. How ISPs make money from Spammers - Clarification by ZB+Mowrey · · Score: 5, Interesting

    The major ISPs charge in a metered fashion. That means all their customers pay by the MB, GB, etc. A spammer who uses bandwidth to send spam is going to pay for all that data - but so will the end user in the ISP's system. The ISP knows that spam is an issue, but it provides them with zero-maintenance traffic, constantly running up the user's 'meter'. In a capitalist society, profit is always the motive. The ISP doesn't just charge you what the bandwidth costs them... They add a percentage that equals profit. [Begin technically inaccurate but wholly educational example] XISP has a fixed cost of 10 cents per Gigabyte of traffic, upstream or down. They charge 12.5 cents per Gig. Spammer_X sends out 20GB of spam. He pays the ISP $2.50 for that privilege. Since cost was $2, they made 50 cents. Now, assume that the mail is primarily directed at ISPs who lease lines from XISP, and who pay that same 12.5 cents per Gig. If they get 60% of the downstream covered, they'll be able to make another $1.50 off the traffic they originated. So for transferring 20GB across their own network, they made $4 on something that cost them $2. THAT is why the "Common Carriers" take their time getting rid of spammers. The longer they can let the guy spew his mail, the more 'incidental revenue' they can scrape together.

    --

    Self-referential sigs are rarely entertaining.

  11. Re:Do they use stolen credit cards regularly? by ddent · · Score: 4, Interesting

    Apparently your not familiar with the plight of most internet merchants these days. Credit card fraud is basically ignored, and is the merchant's liability. Sad, but true.