Slashdot Mirror
UUNet Is The Number 1 Spam Host
An anonymous reader submits "Statistics for February have UUnet leading the Spamhaus top 10 worst Spam ISPs chart. The Register point out that ISPs like UUnet and Abovenet continue to host spammers despite advertising anti-spam AUPs." And the competition is probably wishing they had as much luck.
Could this probably be because UUNet in my understanding is one of the largest ISP's?
Veni, Vidi, Velcro!
...goes around. I'm sure when spam block become so vicious that ISP's like this are blocked off they will either go under or change their mind
Rus
Cheap UK and US VPS
I know not where it comes from, but I know where it goes. About 500 pieces of it each day, most of it filtered. I have to wonder aloud, with such a deluge, do any of these fools pushing junk actually believe such an onslaught will generate business?
A feeling of having made the same mistake before: Deja Foobar
The easiest way to stop spam is as follows:
Step 1: Buy an aluminum baseball bat.
Step 2: Find spammer.
Step 3: Beat spammer with aluminum baseball bat.
Step 4: Sell what is left of spammer to Hormel, makers of spam.
Step 5: Deposit money into legal fund for defense against spam. (Baseball bat Distribution center)
It's indeed possible to catch most of it with good filtering (I get over a hundred a day and catch about 95% of it -- but I'm using a webmail account so I don't have control over the filtering), but it's still clogging up the net and wasting everybody's bandwidth.
Sometimes I wonder if we'd "feel" a big difference in net responsiveness (browsing, file transfer, latency in online gaming, etc) if all spam stopped suddenly. Probably.
Treehugger? Treehugger... Treehugger!
Spammers can sneak into even the most STRINGENT anti-spam ISP network. A stolen credit card that works only once gets a spammer an account that can deliver many thousands of letters before they're shut down. UUnet isn't spam-friendly anymore than Rackspace is spam-friendly. Spam is going nowhere until good authentication techniques are implemented internet-wide.
Big ISPs which can afford to lose customers talk shit and do nothing. You know as well as I do that it's going to be us, the end-users, who have to be proactive about this. These ISPs don't give a fuck. They're probably run by cable school drop-outs.
I think it's pretty much been proven that this is wishful thinking. When a provider starts blocking large stretches of IP blocks owned by a particular ISP like UUNet, average users scream bloody murder. My prediction is UUNet will do nothing, and nothing will happen to UUNet. Sad but true.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
UUNet is probably just trying to get as many customers as possible.
I'm not sure if this reasoning is sound if we're talking about regular accounts, unless spammers are paying for their bandwidth (a thing I expect they avoid doing at all cost).
A regular customer who checks email once a day should be a lot more profitable to a ISP than someone who sends spam all day long.
Of course things are probably different with commercial accounts... I'm not familiar with UUNet so I don't know if they are a commercial only ISP.
Treehugger? Treehugger... Treehugger!
problem is when it catchs important mail and then you have to check for 1 good in hundreds of bad ones
/ss
Its time for ISP's to take responsiblity for the shit that they host. Didint Gates say that spam will be dead by 2006? ( http://www.cbsnews.com/stories/2004/01/24/tech/mai n595595.shtml). Time to start breaking down doors Bill. I guess he could just use a backdoor in to the spammers running windows.
Do they use stolen credit cards regularly? I wouldn't think so. You can get away with spam a lot of the time without legal conseqences but credit card fraud is another matter. Wouldn't any spammer that did this sort of thing get caught fast? Or do they go through chained proxies to do it all and regularly get away with it?
UUNet should give known spammers on their network their own IP range. If you spam, you get moved into that range. Those who don't want their crap can then easily filter it out by blocking those allocated spammer IPs. And the ISP still gets paid.
Customers who are running legitimate mail servers can stay out of that range as long as they don't break the AUP. The ISP doesn't even have to kill port 25 on the spammer IPs. They could simply limit the amount of bandwidth that can be used to something like 10MB per day on port 25. Which is reasonable. There's no incentive to out and out ban those IPs if no massive amount of junk can come out of them. The spammer is just forcibly restricted until they can behave themselves. At which time they can go back to a less restricted IP range.
I don't think there's any law that says ISPs can't selectivly put people in certain IP ranges. I don't think spammers have any way to fight it under current anti-discrimination laws. If you can even call it discrimination since it's would be based solely on the actions of the person and not who they are.
Ben
Work Safe Porn
Before this debate gets too out of hand, has anyone weighted amount of spam vs. size of network?
UUNet is a large, large carrier with many networks globally. Are they the worst spammer because they have the most network entry/exit points, or are they unfairly attacked here because they are just large?
The reason UUNET is known as a facilitator of the largest amount of spam is that they are the largest ISP. And many of their customers have what is called an open relay. Since most UUNET customers send thier outbound mail through mail.uu.net (UUNET's mail relay), spammers that find an open relay send email that looks as if it is coming from a UUNET customer (and UUNET's mail relay.) This is a problem that UUNET tries to remedy, but educating a I-D-10-T customer )not to mention 10,000 customers) about his/their own mail server's open relaying capabilities is difficult to say the least. If a spammer tries to use UUNET's mail relays directly, it does not last long and eventually he is told to take his buisness elsewhere. The people that think that UUNET is using spammers to make more money are just plain ignorant.
At issue is the business model for interconnection agreements between carriers. When an IP carrier interconnects with another, the basic metric to see who pays whom and how much is the download/upload ratio of the connecting carrier. Peering (at-cost interconnects) is only granted to carriers with whom there is a level upload/download ratio.
So if you're an IP carrier with no or little hosting on your network, you mostly download from your interconnects. Therefore you pay more to interconnect with the big IP backbones like UUnet.
If you're UUnet, there is an economic incentive for you to host spammers, because it boosts your upload; therefore you pay less (or, in the case of UUnet, get more money) on interconnects.
If I was UUnet, I don't see why I would waste money on fighting spammers who (1) are my customers and (2) increase my bottom line by boosting upload at interconnects.
By considering all packets to be equal on the backbone, you're averaging "unwanted" traffic vs. "useful" traffic such as web traffic (aka porn). The side effect of this is, you're paying for spam with your Internet connection.
Oh the irony...
I particularly enjoy the "Ads by Google" in the banner at right of the article, for
Bulk Mailer
Reach 500,000 opt-in recipients
and Bulk Email List
Low Cost Bulk Email Marketing Full Email Reports.
Yeah, spammers are also using HTML tags, eg viagra, which in a HTML-enabled email client will just show viagra, but this kills a lot of filter. these guys are trying out another approach to deal with this though.
Rock that crushes, Paper & Scissors that don't matter.
I run a report daily that tells me where my Bayesian-identified spam came from (IP address and host name via reverse lookup).
Out of the approximately 16 daily reports in my inbox, only two addresses are uu.net. I'm seeing comcast.net (37 occurences) and adelphia.net (29 occurences) a lot more, by comparison.
My experience with UUNet:-
1. In 2000 a spammer in Louisiana forges one of my domains in spam runs sent via UUNet - I get tens of thousands of bounces and hundreds of complaints.
2. I complain to UUNet - no action.
3. I phone UUNet security as the runs are being sent - no action.
4. Every weekend for 2 months this happens and I get sick of it.
5. I start to autobounce all this junk back to abuse@uunet.com.
6. Spammer sends a run using a different ISP.
7. UUNet gets really pissed that I bounce 1000 mails to abuse@uunet.com which didn't originate from their network (with some justification).
8. UUNet block all access from my class C to their servers.
9. The spam runs sent via UUNet continue....
Forward to 2004, I still can't send mail to uunet.com!
Filtering is **NOT** the solution. Blocking spamsources at the origin **IS**.
Hehheh, at the bottom of that page:
This site is protected by The Do-Not-Slashdot ACT 1996
I suffer from attention surplus disorder.
And without spam filtering, you'd still have to check for small numbers of good messages buried in a mountain of bad ones, only you'd have to do it every single day rather than just occasionally. This to me is a step forward, not a reason to avoid filtering.
I am a UUNet/Worldcom customer and have multiple pipes to my network from their backbone. I think they have one of the best-performing backbones on the Internet.
Unfortunately, while I am happy with UUNet's performance and stability, I am even more unhappy with their apathy towards their network being clogged by spam traffic. And at least 40% of the bandwidth I pay for is consumed by unwanted UCE, so they actually profit from this crap. As a result, there's not much incentive for them to address it. And I have to grudgingly pass these expenses on to my customers.
But UUNet is not any different from other top-tier ISPs. They hide behind the "common carrier" metaphor, using it as an excuse to justify a large portion of the bandwidth they sell to others which is unuseable due to spamming.
I can't help but think if I ordered a telephone line, and 40-60% of the time I had "noise" interfereing with my ability to communicate, that the phone company would be obligated to resolve the situation. Unfortunately, with ISPs, there doesn't seem to be anyone at the top that really gives a damn, nor any incentive on their part to address the situation.
You **CAN** convey **EMPHASIS** with just bold or CAPITALS.
I bought viagra online from a florida spammer. After I received the Viagra, I filed a lawsuit against the spammer, then settled for $7500.
Fight Spammers!
nearly all spams contain a link to somewhere. I just filter out the domains those links go to since no legitimate e-mail will contain a link to those domains. You also can't hide the destination of a link if you don't leave the harvesting solely up to an automated system.
Takes care of most of the spam. And it costs spammers money every time they get a new domain so I can deal with what little spam gets through before the filter is updated. I've put hundreds of domains in my Mercury Mail filter which equals thousands of dollars worth of domains that are now useless for sending spam through my mail server. And it doesn't matter how distorted the header or body is. The domain can't be distorted or it won't work as a link.
Ben
Work Safe Porn
Quack, quack.
to just automatically move an account over to a spam IP if port 25 traffic gets too much than to pull the account entirely. Cox Communications supposedly already has an automated system to redistribute IPs (mine's never changed). So it's not something drastic that would need to be implemented.
As other people have mentioned, relays are a big part of the problem. It's better to "punish" ignorant customers by moving them to a restricted port 25 IP than to cut them off entirely. By moving them there's no harm no foul since they weren't the ones directly spamming anyway and probably won't notice they were moved.
If they do notice and call then the ISP can tell them to do something about their excessive e-mail sending and point them at the AUP. It's all very quick and painless to resolve the issue since it's the customer that has to take action to speak with people and not the company making the calls. People who have to call when they know they broke the rules are far less likely to do anything.
Cox recently cut off incomming port 25. Probably because of myDoom. I'm not about to call and complain because I was trying to run a spam can on my home system. Outgoing port 25 has been blocked since I got the service. And it would be a waste of time and money for them to call me and yell at me. They quietly cut off my server and I just shut my mouth about it.
By having a no harm no foul automated system you can punish a spammer as soon as say X MB of e-mails get sent in Y amount of time. Versus finding out about it later after it's too late and gigs of e-mails have been sent.
Automatically kicking customers entirely is just asking for trouble because the ignorant (those who unknowingly relay) will be kicked which will result in bad PR where there should be none.
You can still kick the spammer entirely. It's just a matter of starting with a little punishment and then escelating only as nesseccary.
Kicking a customer should be the last resort when just limiting port 25 traffic is sufficient.
Ben
Work Safe Porn
The issue of spammers is fairly unrelated to the different major bandwidth suppliers. We have three different providers here and spammers rarely request or care which network we put them on. They just want to get their 1.5 day's of major spamming done before we shut them down. The issue is what is going on at data centers to stop spammers quickly and what is being done on the internet to make spamming unprofitable.
./revolution
Perhaps this would hurt spammers the only place that counts - in the pocketbook. When a message is confirmed as spam then have a filter extract all the urls from the message and place them in a file. Have an hourly cron job visit that list of urls and download using wget everything at that url and all of it's subfolders - and delete the files after downloading - and bypass the proxy if you have one - these are all wget options. Have the hourly cron job keep only the last 10,000 or so urls so that there is some semblance of only downloading current spam urls.
This process, if followed by millions of spam haters (perhaps we could have a public spam url website that would let people fetch a hundred urls at a time to work on that we could upload our own spam urls to), would apply the slashdot-effect to all the spammers. Bandwidth costs money for them - it's the only way to make 'em stop.
I agree that blocking is preferable to filtering. Filtering is like solving gun violence by improving emergency room medicine.
However, as an interim step, it's better than not to have Bayesian filters and well-staffed ERs.
all I want to say is that you can't trust filters 100% :) and they can't let themselves to miss it.
it does not matter much to people who use e-mail to forward chain letters if they miss some message - but there are also people who run business which depends on e-mail (hey I don't mean on spammers)
/ss
Firstly, all ISPs (and corperations, schools, unis and so on) should block port 25 by default.
Those that want to run a mailserver for legitimate reasons can do so but anyone who hasnt speicificly said "I want to run a SMTP server on my connection" will be prevented from doing so (this would cut out 99% of the spam comming from spam zombie boxes)
Second, close open relays (if you need to have an "open machine" run some kind of SMTP authentication)
Thirdly, implement SPF for more hosts and more clients (if you want to run your own mail server with xxx@mydomain.com addresses but relay through mailservers at ISP, work etc, just add those SMTP servers to the SPF record)
And forthly, be more proactive in blacklisting ISPs that are known spam havens (if enough people block the IP ranges of bulletproofspamhosting.com, spammers wont be able to get their messages through and bulletproofspamhosting.com will go out of business when the spammers leave)
If its a regular ISP with non-spam customers as well, pressure from the non-spam customers (especially if those non-spam customers are big) might convince the ISP to dump the spamers.
Eventually, if this happens enough, ISPs will realize that hosting spamers means that they will be blacklisted.
I know they're not anyone's favorite company, but it's worth noting that AOL is not anywhere on the top 10 list. Not so many years ago (less than 5), they used to top that list most of the time, and the rest of the time they were in the top 3 (not necc. Spamhaus's list, but Spamcop's definitely, back when they meant something).
Having been involved in the work, I can tell you that AOL was one of the first, if not the first, large ISP to implement tagging of outbound email with the true email address of the sender, regardless of whether or not they put it in there (the X-Apparently-From header that AOL inserted). Also close to the first, or the first, to implement outbound filtering of email for spam. When the second one was put into place, I watched the ranking and saw AOL drop from #1 to nowhere on the top 10.
-Todd
"The details of my life are quite inconsequential..."
The spammyness of your web hosting ISP can be a major factor. When you sign up with a host company, either dedicated or shared, you are assigned an IP address from their "pool". If you get an IP from a former spammer life is not good!
I got an IP address that was blacked listed by SPEWS once. Much of my email would not work and the web host company would not change my IP. They suggested I contact SPEWS. I later learned that the host company was a spammer magnet and I was not alone. I switched companies and all is well.
Jeff
The major ISPs charge in a metered fashion. That means all their customers pay by the MB, GB, etc. A spammer who uses bandwidth to send spam is going to pay for all that data - but so will the end user in the ISP's system. The ISP knows that spam is an issue, but it provides them with zero-maintenance traffic, constantly running up the user's 'meter'. In a capitalist society, profit is always the motive. The ISP doesn't just charge you what the bandwidth costs them... They add a percentage that equals profit. [Begin technically inaccurate but wholly educational example] XISP has a fixed cost of 10 cents per Gigabyte of traffic, upstream or down. They charge 12.5 cents per Gig. Spammer_X sends out 20GB of spam. He pays the ISP $2.50 for that privilege. Since cost was $2, they made 50 cents. Now, assume that the mail is primarily directed at ISPs who lease lines from XISP, and who pay that same 12.5 cents per Gig. If they get 60% of the downstream covered, they'll be able to make another $1.50 off the traffic they originated. So for transferring 20GB across their own network, they made $4 on something that cost them $2. THAT is why the "Common Carriers" take their time getting rid of spammers. The longer they can let the guy spew his mail, the more 'incidental revenue' they can scrape together.
Self-referential sigs are rarely entertaining.
How do you know that the company or site named had any thing to do with the spam? If putting an URL in a mass-mailing is enough to get the owners of that URL punished (financially or legally), then you will see joe-job spam used as yet another means to harrass uninvolved third parties.
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
I was thinking about that the other day. Then I got to wondering how much CPU-time I was spending on spam filtering which led to my thinking about how much electricity I was using to filter spam. Then I started to think about all the electricity being used by computers moving the mail and routers between network points and so on. It didn't take long before my mind boggled.
Spam is often touted as being better than physical junk mail as it doesn't use all that paper. There are however, other costs. All that electricity has to be generated and that can't be good for the enviroment.
The next time someone says spam is a hassle but doesn't really cost them anything, remind them what went into getting that spam to them.