Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major ISPs Publish Anti-Spam Best Practices

Posted by michael on from the rules-to-live-by dept.

wayne writes "The ASTA, an alliance of major ISPs, has just published a set of best practices to help fight spam. The list of ISPs include the likes of AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast. The recommendations include such things as limiting port 25 use, rate limiting email, closing redirectors and open relays, and detecting zombies. For details, see the ASTA Statement of Intent (pdf) or any of the ISP's antispam websites."

25 of 252 comments (clear)

  1. I don't want to sound pessimistic by TheOtherAgentM · · Score: 2, Insightful

    ...but the people that would really read these things are the one that know how to avoid most spam already, aren't they? I doubt my parents would even stumble across any of these resources in their daily submitting of their email addresses to every form they can find.

    1. Re:I don't want to sound pessimistic by pavon · · Score: 2, Insightful

      Seeing as how these are guides for system administrators, I don't see how your parents need to know any of this. Besides it isn't a knowledge problem that this solves, but a business problem.

      This is a loose agreement by ISP's about what they need to do on thier part to confront spam. These things would improve the situation, but ISP's are reluctant to implement them out of fear that the user will become angry with the tightened security problem and go to another ISP. And I am not talking about spammers, I am talking about everyday users who don't like to be told to patch thier systems or get off the internet.

      So what this guidelines does is provide a unified front - a lowest common denominator policy that all the ISPs are willing to implement. It will improve the situation somewhat, but will not be too noticable by the user, and to the extent that it is they can't leave and go somewhere else because all the major ISP's will be doing it.

  2. Best practices,... published? by Bill,+Shooter+of+Bul · · Score: 2, Insightful

    Spammers are like a retrovirus. The will adapt to any system you construct. Creating a list of what every major isp will do to combat them will only serve to accelerate their evolution and make them more effective spammers.

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.
    1. Re:Best practices,... published? by AviLazar · · Score: 5, Insightful

      And just like all crime, all we can do is fight back. We either find the weakness ourselves and fix it, or we find out that a criminal (spammer) found a weakness and we fix it. To sit and do nothing would be really bad (imagine windows XP with all the flaws dating back to windows 3.1) :)

      --

      I mod down so you can mod up. Your welcome.
    2. Re:Best practices,... published? by WormholeFiend · · Score: 2, Insightful

      one example of bad spammer behavior I've seen, which is totally new from the usual types is spammers sending email pretending to be my ISP, complete with legit-looking special offers from said ISP...

      but with a suspicious attachment or a spurious "click here if you don't want to receive such notices anymore".

      I shudder to think how many people will fall for those evil tricks.

    3. Re:Best practices,... published? by jkabbe · · Score: 2, Insightful

      One major reason that spammers are using zombies is that ISPs cracked down on spammers and closed a lot of open relays. Are you suggesting these weren't good ideas? Just because a spammer may find another way to spam doesn't mean we shouldn't shut down the known methods of spamming if we know how.

    4. Re:Best practices,... published? by surreal-maitland · · Score: 5, Insightful

      just like we should not publish our source code because then hackers will find exploits, right?

      --
      -ninjaneer
    5. Re:Best practices,... published? by Have+Blue · · Score: 2, Insightful

      Spam does not have to be made impossible to be eliminated; we just have to reduce response rates to the point where it's no longer profitable and wait for professional spammers to die off.

    6. Re:Best practices,... published? by deadmongrel · · Score: 3, Insightful

      Spammers are like a retrovirus. The will adapt to any system you construct. Creating a list of what every major isp will do to combat them will only serve to accelerate their evolution and make them more effective spammers.
      Spammers always try to be one step ahead of the game. Just by keeping the best practices a *secret* wound't help to combat spam. Its the business model that needs to be attacked. Money is made somewhere and that is where we have to attack. Having said that, I think its important we keep these fighting techniques open. A lot of people would benefit from it. Also, just like security, obscurity would be of no help.

    7. Re:Best practices,... published? by Anonymous Coward · · Score: 1, Insightful

      They will adapt to any system you construct.

      In theory, yes. In practice, given enough time, yes. But it usually takes quite a bit of time and it makes anti-spam filters better. How? Well, generally speaking, spammers have a standard set of tricks that they stick to. When a lot of people stop giving them the ability to use those tricks, they just try harder to find suckers that will.

      For instance, formmail.pl is a traditionally vulnerable spamming hole. When it was fixed (and when NMS became popular), a hell of a lot of spamming opportunities were made unavailable. But spammers still try and find vulnerable versions, as there are always a few lurking out there.

      If we reduce the suckers significantly, spammers not only go to more effort to find them, but the set of suckers they have to operate with are smaller (hence, easier to track down and blacklist).

      When the number of suckers drops below a certain point, it's true that spammers do have to invent new tricks. But that is hard and expensive (at least compared with a spammers usual workload). It may also be illegal, making it much easier to crack down on spammers. For instance, now that open relays are almost non-existent, spammers have been forced to pay programmers to write viruses/worms/etc for hosts to send through.

    8. Re:Best practices,... published? by MissTuxie · · Score: 2, Insightful

      one example of bad spammer behavior I've seen

      Have you ever seen any GOOD spammer behavior?

      --
      Cozinha para as massas (e para geeks)
  3. Balance by it0 · · Score: 1, Insightful

    I hope they find the right balance between just providing the internet and locking it down so it can't harm the average consumer.

  4. limit port 25 by markan18 · · Score: 4, Insightful

    As long as i still can run my own smtp server.
    They can limit outbound port 25 because i still can forward my email through their official smtp server. If they limit inbound port 25, it will suck big time.

  5. Whatever... by Bif+Powell · · Score: 4, Insightful

    ...let's just all do something before the government really starts to regulate things. I'm stupid about such things, so out of curiosity why hasn't the w3c or the people who write the RFCs come up with some new SMTP spec?...please...

    1. Re:Whatever... by firewood · · Score: 2, Insightful
      SMTP is so entrenched everywhere that writing a new spec is like making a new internet. In theory, it's easy, in reality everybody would bitch that their email doesn't work.

      New net protocols have always displaced old protocols without requiring a new internet. Like Gopher (et.al.), SMTP will soon fade away because it already doesn't work. At the current rate-of-increase of spam, allowing current SMTP email onto your network will soon become (if not has become already) the same as paying a gangster to DDoS your network.

  6. How about "no more delayed bounces" by Anonymous Coward · · Score: 5, Insightful

    I'd be very happy if everyone could get their act together and reject undeliverable addresses during the SMTP transaction. Delayed bounces are responsible for most of the backscatter which pollutes my mailboxes and logs these days.

    Qmail, I'm looking at you. People who don't run something like LDAP on their secondary MXs, I'm looking at you.

    I'm almost to the point of blocking the null sender from certain hosts, just because they are nothing but crap. I know all about the RFC (and rfc-ignorant.org), but they're causing a serious problem for the rest of the world.

    The worst part is for people who run control panels like Plesk. They have to run qmail (no choice in the matter), and so they either become a delayed bounce source, or they enable the catchall and get to suck down all that mail. They can't win.

  7. ISP's need to act by nagora · · Score: 4, Insightful
    If someone has an open relay box because of some Trojan horse program surely their ISP are in the best place to notice the traffic patterns in and out of their port 25. Cut them off and when they call to complain tell them to sort their machine out or find another ISP.

    But, of course, that might cost the ISP's money. So instead we get a "best practice" document which preaches to the converted and achieves nothing.

    TWW

    --
    "Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
  8. Re:Don't forget SPF by Smallpond · · Score: 2, Insightful

    SPF should be checking envelope MAIL FROM, not From: header. If your bank is forging the envelope, then you should block them, since their software is borken.

  9. Protect your own domain name by Talking+Toaster · · Score: 5, Insightful

    best practices to help fight spam. The list of ISPs include the likes of AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast.

    Something that would really help is for these big companies to protect their own domain names by going after anyone who forges the headers as such. These days if someone isn't already in my whitelist they are probably going to get caught in my spam filters if they use any of these domain names.

    Under most circumstances I think it is a bad thing for a company to throw lawyers at someone until there is nothing left but a smoking hole in the ground, but I think I would make an exception for spammers. These companies not only have the resources to make spamming unprofitable, but they have a valid, and vested interest to do so.

    --
    Howdy Doodly Doo!
    Anybody want some Toast?
  10. Penalties by Anonymous Coward · · Score: 2, Insightful

    If you want to kill spammers, kill thier source of income. Fine the hell out of the people ADvertising through them. Hit where it hurts (the bottomline) and spammers would be out of a job.

  11. Re:Mail admin here, my solution was port 26 by silas_moeckel · · Score: 4, Insightful

    Why dont you get with the rest of the planet and use 587 for client mailers to connect to your server and run authentication??? It's a port that shouldent be blocked by anybody but a corperate system and if they are blocking it you shouldnt be trying to get around it :)

    --
    No sir I dont like it.
  12. Re:Related article on Reuters by Tripster · · Score: 2, Insightful

    Is it reasonable to expect that your average home user will act as responsibly as a company's system administrator at keeping their systems patched?

    If they keep getting fined and/or booted by ISPs then yes it is reasonable to expect it. After all, our public highways are safer because we expect people to learn to use vehicles and to also properly maintain them mechanically. If you drive around with no brakes and cause and accident you will be held accountable.

    What would you prefer? When you have idiots getting infected by viruses by actually entering a password to the encrypted zip attachment it means said user sorely needs some education about proper usage of the device in front of them. Since all the TV/Radio/Newspaper stories telling these same idiots not to open unannounced attachments don't seem to work then hitting them in the pocket book or removing them from the information highway entirely might be a better education method.

    Really, the users are only stupid if you keep on letting them do the same old things without educating them, for those extra stupid you need more extreme training methods.

  13. Re:Take what they say with a grain of salt by Desert+Raven · · Score: 2, Insightful

    You have to presume that it's far more common than anyone would suspect

    Actually, pink contracts aren't even necessary for spammers anymore. With major providers like MCI/UUNet, who will only kick off spammers if they spam from their space, and the wide availability of compromised systems to use as relays, spammers can have completely bulletproof hosting from the largest backbone provider without negotiating special contracts.

  14. Re:Don't forget SPF by squiggleslash · · Score: 2, Insightful
    You know, blocking all email that contains a Subject: line would also only break CURRENT methods of sending and receiving email.

    I think it's a tad silly to say "Well, it's ok if it breaks everything, because we can always change everything."

    --
    You are not alone. This is not normal. None of this is normal.
  15. You are wrong. by warrax_666 · · Score: 2, Insightful

    Blocking outbound port 25 has the effect that zombies cannot send mail to SMTP servers listening on port 25. (Incidentally, it also has the effect that completely legitimate and well-behaving mail servers on the network cannot do so either -- unless there is some form of more or less manual unblocking which the customers can apply for/use)

    --
    HAND.