Slashdot Mirror
Unplugging Email To Combat Spam
monkeyserver.com writes "from Reuters (via CNN) we hear that 'Consumers who allow their infected computers to send out millions of 'spam' messages could be unplugged from the Internet under a proposal released Tuesday by six large e-mail providers.' They are looking at 100 per hour or 500 per day; this doesn't really sound like a bad idea, though it could cause problems for a few people trying to run companies from their basement..." On the other side of the coin, rastakid writes "It appears that Microsoft is taking its actions against spamming a little bit too far: Hotmail accounts which are suspected of sending spam are closed without a single investigation. This article states that Maariv International registered a new Hotmail account and sent an abuse message about spamming activities from that account, while not a single message was sent from it. Microsoft closed the account immediately, without investigating."
Internet companies should make sure that their equipment has been properly secured so spammers can't route their messages through them
I agree. Open relays, apparently not as common as they used to be, are still a huge source of the spam we intercept. I'd be in favor penalties for open relays (in theory), but how would that be effective, being that a lot of it originates from outside the US?
Sigs cause cancer.
Microsoft closed the account immediately, without investigating.
They own the account! Not to mention, it's a free account...you get what you pay for. Caveat Emptor, Greg...
Was it Patton or Macarthur who said, "Shoot 'em all, and let God sort them out"? Apparently Microsoft has cloned him and he's now running Hotmail!
I'm just curious if you have any rights and how the ever popular Gmail and growing yahoo mail will treat complaints as in my case it was someone upset with something i did claiming spam and not abuse by anymeans worth of terminating a long standing account and prohibiting me from accessing years of archived mail that was lost because of the cancellation.
They did email me i got a free passport account though. Funny i'm terminated but then they try and push something with real potential for abuse and sensitivity
Doesn't this pose a risk for effectively DOS'ing all hotmail users? Just create a script to aggregate Hotmail accounts through google and send complaints? Thats mildly annoying.
--Kevin
... will be affected too. I guess that would probably mean the death of MailMan
As seen on Wired: Get a free desktop PC
Before this gets slashdotted:
Exclusive: Hotmail shuts down "spammers" who don't spam
Complain you got spam from a Hotmail user, and Hotmail's abuse team will shut down their account, no questions asked.
Hotmail.com shuts down Hotmail accounts shortly after receiving complaints about spam being sent from them, without checking if the user has actually sent spam, NRG Maariv has learned. Thus, malicious users can cause the shutting down of accounts, as an act of revenge or just for kicks.
In its haste to fight spam, Hotmail has foregone looking into abuse reports it gets from email users. In three instances documented by NRG Maariv, Hotmail's abuse team shut down Hotmail accounts less than 24 hours after receiving complaints about spam being sent from them, even though the spam mail clearly did not originate from those accounts.
In two of the instances, the spammers spoofed the sender's address so it looked like it was sent from a Hotmail account, while they were actually sent through an Israeli ISP. In both instances, the spoofed accounts were shut down.
The third instance was a test: NRG Maariv opened a new account with Hotmail and sent no email whatsoever from it. Using a different email, we filed a spam complaint, saying it came from the new Hotmail account. Attached were Internet headers from an old spam, where the sender's address was replaced with that of the new account.
Within less than 24 hours, we received a message saying the new account was shut down.
"My name is Claire, and from what I have read in your message, you are complaining about the unsolicited email you received from a Hotmail account", said the message written by Claire C. with MSN Hotmail Technical Support. "I have closed the account you reported in accordance with the Hotmail Terms of Use (TOU). It is a strict violation of the TOU for our members to send objectionable material of any kind or nature using our service".
Trying to log on to the Hotmail account, we found it closed. No explanation was provided, just a laconic message saying "Account Closed. Access Denied". No appeal procedure was mentioned. The account was shut down for good.
Hotmail's public relations representative, Waggener Edstrom, has yet to respond to the story.
Anyone care to open a hotmail account and then forge an email to appear to come from that account....just to see what happens?
12:50 - press return.
It's a bit creepy that somebody was able to register a new Hotmail account, send nothing, and then get it closed by sending a spam complaint. Even the dumbest safety check would have proven the alligation to be false because Microsoft should be able to tell from logs that zero messages were ever sent from the account, so even if that was 100% spam that's still zero spam messages!
The risk of having an account stripped from you because somebody who knows your address falsely accuses you of being a spamer is a bit high to take. Then again, anybody who takes their e-mail seriously shouldn't be on Hotmail anyway...
My question is why wasn't this done a long time ago ? Why did it take so long for them to figure this out ?
Is it because there is no main governing body overseeing the net ?
Even though this is a step in the right direction, all the actions proposed are easily manuvered around. They close a hotmail account, another one is opened. I like the ISP e-mail ban though. Another issue that will most likely develop is anyone who buys webspace has an option to set up a POP3 mailbox. I just finished buying 3 gigs worth of space, and as a bonus I was awarded unlimited POP3 accounts. The price per month of that space wasn't even that expensive (www.hostony.com). I admire these ISPs efforts to stop the spam, but in the end spammers will always find a way around every obstacle implemented to stop their spam.
Voluntary means the end user is signing up for this, reading about it, being AWARE of it. If they were any of these 3 to begin with, they'd have already plugged their computer up!!
Why are there only 19 people folding@home for slashdot?
I gave up on Hotmail a long time ago, not because of spam sent from those accounts, but because any time I opened up a hotmail account, it was immediately deluged by SPAM
The CB App. What's your 20?
Not too sure how I feel about this....
On one hand I applaud the proactive stance of shutting down spammers, but on the other hand I feel that an account should maybe be sent one warning which, if not answered within 1 day or so would then result in account suspension.
Or, you are prevented from sending out any more e-mails until you respond to a "human test" e-mail.
Just my thoughts...
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
why doesn't M$ make its product more secure so that there are fewer holes to begin with? shutting down internet of people whose computers send spam without their knowledge is not an answer. its like holding somebody else responsible for ur mistakes when you are equally responsible.
I think something like this could work, but not on it's own.
ISPs should send a letter or e-mail to all their customers (i.e.
make sure they get it) stating that they are about to introduce
rate-limiting both from their smtp servers for that IP address/subnet
and from port 25 from the IP(s).
Customers who don't know what this means or who aren't bothered will
ignore it, and will be rate-limited (so they basically won't be
affected since they either a) aren't bothered, or b) aren't heavy
e-mail users).
Customers who know they will be affected or otherwise want to be
rate-unlimited can e-mail the ISP and request the rate be removed.
Perhaps they could be asked to prove they are worthy by describing
what they've done ("I've patched and secured my Windows box, and
my other boxen run BSD and run no mail daemons").
This way, no one has their service unfairly cut back, and unknowledgable
users (those responsible for zombie-Windows systems) will be protected
(or everyone else protected from them..).
This sounds like an excellent idea, although it depends somewhat on how it's implemented. We don't want to make it impossible for people to run mailing lists. ISPs should allow users who need to send larger amounts of mail to request an increase in their quota. It also sounds from the article like they want the ISPs to simply disconnect users who send mail at more than a certain rate, which sounds like an over-reaction; it would make more sense just to bounce mails that go over the quota.
Find free books.
Ok, so what'll happen if you send a message about spam from "abuse@hotmail.com" to "abuse@hotmail.com"???
Because it's actually a stupid idea maybe?
Slashdot, more repetitive than spam
Instead of limiting just on the total number of emails it would be better to limit based on content. 90% identical content to 100 emails would be more effective. I send well over 100 emails a day for work and this would be a pain. Or maybe track radical changes in email patterns 10 avg emails over a year, then 200 a day for 2days would through a flag.
It seems like intelegent trending would be the most effective means of not punishing small Bis and slowing spam at the same time.
We seem to be reaching consensus on validating return addresses. Let's wait until something is in place there before jumping on folks who might just be running a mailing list or two.
Really. Those types of machines really are the bane, since Comcast actually started 'doing' something I've seen *nothing* from them. My inbox was empty for the better part of 2-3 weeks, no spam just e-mail. Then yesterday, I start getting a barage of spam from asian open relays. 35 e-mails to 70 spams a day and now it's climbing through the roof, really now. Pop online and I see 207 spams. Gah.
I mean come off it. And you *wonder* why entire asian hosts are blocked. It's because of crap like that, secure your machines or boot the bloody idijits off of them.
I don't care if you are too stupid to figure out *how* to do it, pay someone, call that smart 12 year old who knows how but do it. But bloody well do it.
Om, nomnomnom...
*guilty*
12:50 - press return.
As I'm sure many are aware, Microsoft firmly believes in the "you get what you pay for" theory. Hotmail sucks, and I'm sure the people who handle termination of accounts accused of sending spam are not very well-paid or well-qualified to understand most concepts of email (as is the case with most tech support, especially free tech support).
I have a hotmail account, but it only exists for those times when I have to give an email address to a company I don't trust. If that account gets shut down, I don't really care. I have plenty of other accounts where I can get spam from.
I really hate signatures, but go to my website.
There appear to be ways to make e-mail technology much less prone to spam, but I certainly would be uncomfortable with Microsoft running the show. It needs to be a method that does not tie the server or the client to a proprietary piece of software.
Blocking computers that have become spam zombies is certainly one approach that, IMO, has some merit, as does simply imposing limits on an individual computer's number of allowed free e-mails per unit time. That would stop some folks from forwarding as many urban legends and that has to be a really good thing.
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
The poster makes the claim that 100 per hour or 500 per day would only cause problems for people running companies from their basements. I heartily disagree. Think of people who run mailing lists from their home servers, these can easily send out more than 500 messages a day. Another example, when I recently got engaged, I sent out an email to a LOT of people. Probably over the course of that first hour after I sent out the original notice I sent out well more than 100 emails. I wasn't doing anything wrong.
The real fact of the matter is that this will do nothing to stem the tide of spam when one considers that most spam is now generated by zombies. Also, don't think they won't just find a way around it. This is like the DMCA, it only stops the honest people.
Fortunately, there has been some movement on SPF.
I suppose I can be happy about that.
My Slashdot account is old enough to drink...
Hotmail has a zero-tolerance policy towards users associated with sending junk mail. We promptly close accounts that are in violation of the Hotmail Terms of Service as soon as they are reported to us.
"The Service makes use of the Internet to send and receive certain messages; therefore, Member's conduct is subject to Internet regulations, policies and procedures. Member will not use the Service for chain letters, junk mail, spamming or any use of distribution lists to any person who has not given specific permission to be included in such a process".
Hotmail forbids the sending of harassing, obscene or threatening mail messages. Likewise, we do not allow accounts to be used to impersonate individuals or businesses.
"Member agrees not to transmit through the Service any unlawful, harassing, libelous, abusive, threatening, harmful, vulgar, obscene or otherwise objectionable material of any kind or nature. Member further agrees not to transmit any material that encourages conduct that could constitute a criminal offense, give rise to civil liability or otherwise violate any applicable local, state, national or international law or regulation. Attempts to gain unauthorized access to other computer systems are prohibited".
That's just plain asinine. Your proposal would make open-source software too risky to contribute to or write.
And it would do nothing to fix the fact that the holes are already there.
Sorry, but this is another place where the market needs to speak. Let the market destroy those companies with poor security track records.
Guess what, the most exploited open relays are running unix/linux variants, either because they are in a country that doesn't care about spam, or because some wannabe system admin-computer geek set up linux and doesn't know how to secure sendmail.
And I can say that all this about MS closing accounts without proper investigation is absolute BS. I send hundreds of messages a day and . . . #$_ACK . . . [carrier lost]
I'm not tense. I'm just terribly, terribly, alert.
Hmm, Why not just take it one step further, disable email world wide, no more spam. Done.
(Thats Patent #6505583342 owned by MS by the way)
The only thing worse than getting spam, is not getting a legitimate message because of a spam filter. The only thing worse than allowing a spammer to operate on your server is denying access to a legitimate individual.
paul reinheimer
I think the idea of shutting down accounts that send spam, even accidentally, has some merit. What would be ideal would be if you could easily set things up so when a violating account authenticated, they could only read email. That way they would have a good chance of seeing the email message you sent them explaining what had happened, why, and how it could be resolved. But that's probably too complex.
As far as businesses go, just allow businesses who expect to have legitimate needs for more than the baseline to tell you. A slight additional fee would cover the cost to modify the filter parameters for that business.
Free email accounts? Anyone using such an account for a business is just begging for touble.
--
To whomever modded my last post "troll", it was a JOKE, YOU INSENSITIVE CLOD!
Or we go balls to the wall with it and regulate everything so tightly that e-mail simply stops being a form of communication.
I said it before, I'll say it again...trying to regulate the internet and keep it's most promising quality (freedom) is impossible.
Since Microsoft is one of the big six, why can't it issue a patch which automatically closes open relay?
It can be like a monitoring service (like firewall?) that checks for open relay on the machine on every startup.
Rock that crushes, Paper & Scissors that don't matter.
Neither.
"Caedite eos! Novit enim Dominus qui sunt eius"
"Slay them all! God will known his own!"
-Abbe Arnaud-Amaury, before the slaughter of Beziers during the Albigensian Crusade
Someday, you're going to die. Get over it.
People trying to run companies from their basement should really have a business account, which generally has a substantially different AUP than an ordinary personal account.
If they don't, then they're in violation of the AUP, and are at risk of having their account terminated, not just being temporarily disconnected.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
At least one UK ISP (NTL Cable) started doing this at the time of the Blaster worm to reduce the rate of infection among their subscribers. Machines which were infected and transmitting infected packets were booted off the network and not allowed to reconnect until they were clean. Owners had to contact NTL to get theirconnections unblocked.
As a techy, I ended up cleaning up several machines so their internet-porn deprived owners could feed their fixations. That said, I can't blame NTL for doing this, it was the responsible action and was done at the right time.
I believe that the duty of ISPs to prevent their customers destroying the internet by inadvertent DDOS should be at least as important as the contractual duty to the consumer.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
Dear sir, It pleases me to inform you that in the last one month I have recieved several spam e-mails for the slashdot.org domain, particularly one from a certain CmDrtaco. Please take appropriate action in your spam filters. cc: yahoo.com, hotmail.com, gmail.com Oh, and by the way, I also recieved some from my_competitors_acct@hotmail.com!
___
internet, productivity blog
"... Microsoft closed the account immediately, without investigating."
Maybe this is all part of a comprehensive plan by Microsoft managers to give Microsoft a bad name. Those Microsoft people are business geniuses! They save a little by not investigating abuse, and cost Microsoft millions in bad feeling.
Hotmail is the most adversarial of the free email account providers, I've found. It appears to be the "push people enough and they'll buy" theory of customer relations.
Maybe AOL and Hotmail and Enron and Tyco and WorldCom should merge, so whatever it is, is all in one place.
"...though it could cause problems for a few people trying to run companies from their basement..."
I have a solution for this that I think could really work. I think that by default, people should be limited to a certain number of emails per day, and in order to send more than that ammount, they have to register with their ISP or some central organization. Once the information is verified, the person can send as many emails as they want. Then it would be easier to keep track of possible spammers.
Sure it's not 100% perfect, but it's a possible solution.
IMHO, the lack of a governing body (out side of the agreements made on protocols, etc.) is one of the great strengths of the internet. Problems such as this are one of the downsides to the libertarian situation that exists, but it's small potatoes compared to the great benefits to be gained.
---
"I did nothing. I did absolutely nothing and it was everything that I thought it could be."
So if I email an event notice to my club membership list of 208 addresses, (given freely for this purpose) I'll be labelled a spammer unless I split the mailing up over 3 hours? There are other ways to find spammers besides shear output.
~~~~~
If you throw it, it will come.
Yeah, I'm really looking forward to the tech support calls from clueless users complaining that there internet connection doesn't work because their SEMTEEPEE thingy....
weeha!
Remain lost in hidden worlds where I reign. Head engine and caboose in my toy train...
Consumers who allow their infected computers to send out millions of "spam" messages could be unplugged from the Internet under a proposal released Tuesday by six large e-mail providers.
Isn't conspiring to restrain trade illegal? Comcast, AOL and others might be opening themselves up to suits from legitimate businesses.
From businesslaw.gov:
"Antitrust laws make it illegal to conspire to restrain trade or commerce in any marketplace, regardless of size."
It's simple: I demand prosecution for torture.
It is attributed to Arnaud-Armaury, the Abbot of Citeaux, and "spiritual advisor" to the Albigensian Crusade.
Pope Innocent III ordered the Albigensian Crusade, to purge southern France of the Cathari heretics. It began in the summer of 1209, with their first target - the town of Beziers. The Catholic faithful in Beziers refused to give up the Catharis among themselves. The crusaders invaded. When Arnaud-Amaury was asked whom to kill he replied "Kill them all. God will know his own." They did. The crusaders slaughtered nearly everyone in town, over 20,000, either burned or clubbed to death. Thus they achieved their goal of killing the estimated 200 heretics who were hiding in the town among the Catholic faithful. The brutal crusade continued on for the next twenty years. Eventually the Catholics devised a new approach for dealing with the remaining Cathari heretics in France. It was called "the Inquisition".
"Only one thing, is impossible for god: to find any sense in any copyright law on the planet." Mark Twain
Back when I was still clueless about spoofing, I sent an abuse complaint to Hotmail about some spam I had received that looked like it came from a hotmail account...
They replied with an explanation of what spoofing was.
Then again, maybe the spoofed hotmail address didnt exist in the first place, so they couldnt shut it down sight unseen as they seem to be doing now.
A lot of people's hijacked systems could have been kept clean were they fully patched:
I've been saying for a while now, if an ISPs sign-up disk had all current Windows service packs and critical patches loaded into it and installed them as part of the setup procedure -"You consent to Windows update patches being applied to your system during install"- then I'm sure a lot of network and support load could be lifted off the ISP and the net as a whole. If they could broker a deal to install Zonealarm or Sygate Personal firewall at the same time even better.
It isn't an unreasonable expectation that a machine connecting to a public network shouldn't have gaping security gaps. In fact, IMO, it is a public duty that it should not.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
What in the world are you talking about? Email has nothing to do with operating systems, and Hotmail is a Web-based service. This "exploit" is made possible by Microsoft's policy, not their products.
I don't know why, but I always get a kick out of it when someone catches a company doing something stupid. This thing about Microsoft terminating an account without investigating is a prime example.
You'd think they'd have some system in place to investigate, if only to avoid the bad press. But then again... when does Microsoft deserve GOOD press?
for MS to really investigate these things, considering that the accounts can be had for free, it makes them even more expensive to investigate as there probably is no real money being made. I would close them asap as well.
Jonathanjk.com
It has come to my attention that the email address
[*@hotmail.com] has been sending out large quantities of spam.
Please correct the situation as you see fit.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
I am upset at this blatant censoring of worthwhile marketing literature. I guarantee you, despite popular consensus, those penis enlargment pills really do make me think my penis is bigger.
Because of hotmail, millions of users will now fear what they knew all along! That they are average sized!
Easy guys, I put my pants on one leg at a time. The difference is after I put on my pants I make gold records!
I commend your attempt to save money by sending out notices via email but I am amazed that your partner let you. When I got engaged it had to be on nice paper with handwritten notes to too many people.
you get more space with yahoo and a MUCH better spam filter...
hotmale.com would probably offer better email service than hotmail!
well normally not a microsoft supporter by any means (g-mail replaced teh very last microsoft thing i had, a hotmail account) i wonder if microsofts actions where all that bad. They closed down an account that had neither received nor sent an e-mail. Granted, there are times that this could be a nuisance, but i doubt one could as easily have an active hotmail account disbarred. Of course, if someone wants to try and report an existing and used hotmail account as spam and gets banned as easily, well then there is a problem.
People relly heavely on their e-mail accounts (prehaps too much so, especially with web based e-mail). Microsoft, as it's been pointed out, services people with a lot more then just a low rate web based e-mail program. It is generally in their best interest to keep everyone happy (enough) with all their services or risk losing a customer to the increasingly attractive competitors
The Neo-Bohemian Techno-Socialist
..open a hotmail account and send a mail to abuse@msn.com from your new account and include your email addy saying that you are spamming, see if you can access the account after that!
(the ultimate in stupidity!)
When I read "Unplugging Email To Combat Spam", I immediately thought of just forgetting about email altogether and closing all my accounts... This would effectively put an end to all spam as far as I am concerned.
Which I may still do.
Except of course that I want to try gmail first. hehe.
"Piter, too, is dead."
Gmail from Google looks very promising with its spam blocker. When it becomes widely available (right now its only on invite from an existing user) I suggest you look into an account, www.gmail.google.com
Users do not need to be aware of something to voluntarily agree to it. Think: Adware. If RandomISP includes "We will kill your connection if you spam" in their terms of service, people will still blindly sign it. Heck, they can probably jut 'update' the current ToS, and still consider it voluntary.
Looks like even evil can be used to fight spam. >:)
--LordPixie
registered a new Hotmail account and sent an abuse message about spamming activities from that account
Perhaps this wasn't a good test. If spammers frequently create temporary disposable accounts to send spam, maybe the account's incredibly short lifespan was the only investigation needed. Well, that and the fact that it was named CannedSpam4ulol@hotmail.com.
Just what the headline said. Some spam is sent because machines are compromised, with viruses, worms, etc. This is not just about open relays.
My hosting service just emailed me to threaten to pull my account because someone complained about spam from my domain. The service threatens that they'll pull my account if they get another complaint. Basically, their policy is that they don't decide if my email is spam or not, if people complain that I sent spam they just pull the acount.
I have evidence that spam was sent with my email account name forged in the header, but no evidence it actually went through my computers or hosting service. I can't get a hold of an actual copy of the spam, since the hosting service didn't provide one and the several hundred delivery failure messages I received that look like they're for spam didn't include a copy either.
I'm really freaking out about it because my domain contains my portfolio and my email, and I'm job hunting.
Hotmail should be shut down all together. Not too long before MS took over, I opened an account and never used it. In fact, within two hours of opening it, I already had spam coming to the account. Nobody knew about it except me. It was only two hours old. I think there's more wrong with hotmail than just the users.
I wasn't aware that hotmail could be used to send spam, I would have assumed they'd used message-volume limits.
The fact that Microsoft shuts down hotmail accounts after one complaint is pretty problematic, given the prevalance of forged headers out there...
autopr0n is like, down and stuff.
How I offer up something like this as a median solution for virus flooding clue-less users, and I get flamed. And now someone does it, and it's article worthy.
Fucking slashdot.
I see this as almost being a good idea, but it's going to upset a lot of customers. When Grandma goes to browse to the bingo site to see if they're having a game tonight, and can't get online, she's not going to have any idea what it means that she's offline for spamming. Ok, so she clicked that nice attachement a couple days ago, but Grandma is effectively computer illiterate.. How do they tell her, "You have to remove the virus from your computer before you can get back online."?
:)
But hey, providers have been terminating service for spamming for years. There's nothing new there. It's a good thing. If you know your account will be terminated quickly, it makes it harder for them to work, and easier on all of our mailboxes. If I were to spam, I'd expect my provider to yank our connections, which would be very bad for our other customers, but good in the general scheme of things. We're a large enough customer with our provider, that they contact us first, since we're a known legitimate company. It's worth it to them to find out what's going on before yanking the cable, because they know if they report something to us that has a legitimate source, we'll unplug the offending machine ourselves. I've had the pleasure of unplugging a customer machine before and calling them saying "Your machine is unplugged. Come get it, you're no longer a customer."
Hotmail has been terminating spammers accounts for years. I've known a few spammers, and if they use a Hotmail account as their "From" address, it's closed within hours of starting the spam. This isn't news. Why should Hotmail, or any other mail provider, deliver a million+ undeliverable bounced messages? The problem then comes if someone maliciously sends spam with an innocent victim's address as the "From:" line. If someone were to send out a spam as coming from abuse@hotmail.com, does abuse lose it's account?
Serious? Seriousness is well above my pay grade.
The one problem I see is this. You get virussed and your pc starts spamming. You get cut off. Good, that's what you deserve. Your ISP will reconnect you , but if you send spam again you get cut off again. How can you clean out your pc without downloading some cleaning software from the net?
/.ers, but almost impossible for average folk, like my parents. 2 really shouldn't be encouraged, ever. 1 and 3 are daunting tasks for the average person also. So what your really doing by cutting them off is permanently cutting them off.
/dev/null.
This pretty much forces users to take one of 4 paths
1) reinstall
2) buy software at the store
3) switch to linux (same as 1 really)
4) find another net connected computer
4 is easy for people like
I think what has to be done is this. Don't cut them off entirely. Just force them to a page hosted by your ISP that helps them fix their problem. Provide some cleaning software. Maybe some harsh informative words. You know, that sort of thing. Until they fix up just route all the mail they spew out to
The GeekNights podcast is going strong. Listen!
That their computer has been turned into a spam zombie?
MS does such a good job hiding everything from the user, a typical user has no idea what their computer is doing.
As a last line of defense, I periodically run netstat to see if there are any strange connections, but there should be a simple user-friendly way to see what your computer is up to.
...finally a way to terminate my account immediately , instead of not logging in for 30 days. No lost emails!
What about email spoofing? Everyone knows it is very easy to do. Microsoft would cancel an account that was spoofed by a spammer without asking any questions?
"There is no teacher but the enemy."-Mazer Rackham
Sometimes it stops, and I thought at first the assault was over, but I think what actually happened is that whoever was sending me the virus just had their PC turned off. After a while, the onslaught starts up again.
I think it would be great if their ISP were to cut them off.
My hosting service is supposed to have ClamAV installed, as well as spamassassin, but for some reason they're not working, and I can't get ahold of tech support, possibly because they're overwhelmed right now.
What I do is copy my spool file to my home directory each day, truncate my original spool file, and filter out most of the viruses with a procmail script that looks for Zafi's Subject lines. Here's a snippet:
* ^Subject:.*You`ve got 1 VoiceMessage
{
}
Request your free CD of my piano music.
Inteligent application of this type of idea is a good thing. There are a number of ways of doing things that can limit the impact on legitimate users. Personally I've done support for isp's in the past and seen some good ideas from them.
Port 25- I know there are gonna be people who will scream that they need to use port 25 to send out mails from other servers but 99% of the people out there have no clue and they are the problem. One ISP I supported blocked port 25 by default on the account but once the account had been active for a month you could call in and get it unblocked. Inconvinent for some new customers but effective at blocking spam coming from machines on thier network.
An article I read on slashdot before said that comcast? was looking at changing the cable modem's config, routing table basically, so that the only server on port 25 they could access was comcasts if they suspected a zombied machine. Another good way of doing things. For your typical zombied user out there they probably won't even notice the difference but the spam will be cut off.
General idea is allow those who know what they are doing and how to do it properly access to the things they need but prevent the uninformed's computer from being abused by like they are now. I'm sure there are any other number of combinations and good ideas out there too besides these 2
Instead of a hard limit of 100 per hour, or 500 per day then no more until the next period, why not use the toilet tank method to control the volume of email sent? Each user is allowed X emails in their tank, and their tank refills at a rate of Y emails/hour or whatever. Force users to use the ISP's mail host as the outbound relay for counting purposes. Run out of emails in your tank? Too bad, wait another hour. It doesn't stop the problem of home computers getting infected and sending spam, but at least it limits the amount of damage they can do.
the coolest club on
Closing a hotmail account based on spam complaints is a good thing, much like the death penalty. Sure you may get the wrong guy once in a while, but it's worth it for all the times you get the right one.
Their attitude is just assinie, and quite frankly shows that they don't know anything abuot how the internet works (hint: anyone can send email claming to be from anyone else. And almost all spam is faked this way)
You do own your own domain, right?
I'm signed up with one-hosting. They dissallow "anything that might get them blacklisted" basicaly, so sending spam or using your page to host a spam-promoted site. But no black-lists will list you for being jo-jobed (the anti-spammer term for whats happening to you).
The worst part of being jo-jobbed is that there's really nothing you can do about it, since you can't track down the offender. And the hundreds of bounce messages you get every day...
autopr0n is like, down and stuff.
I send mail from home without using an ISP, who's going to be counting my outgoing connections to remote port 25s ?
If I'm testing my remote server by sending it mail will I have port 25 blocked if my test emails go over the limit counter ?
What if I were tunnelling data with email as the transport; SOAP is not the only remote protocol.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
...and sign up for a proper managed e-mail list service?
Dear Microsoft:
I wish to report a spam address. It is bgates@hotmail.com.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Thank you. And your proof of this is, where?
I can make up all kinds of stuff like what appears on The Weekly World News, too. Ponder, if you will, why this is so.
Now I can get that hotmail account name that I missed out on and have been waiting for for years.
I am Bennett Haselton! I am Bennett Haselton!
Or at least they did when I worked there. I could see 100/hour being an issue for mail lists, but usually 500/day is reasonable and I think that's the only filter they have. One it detects higher than that it blocks port 25. It stays blocked until the user calls in to complain, at which time they get interrogated about mailing lists, viruses, etc. Usually it doesn't get unblocked until they demonstrate that they've gotten updated antivirus etc.
There was that one guy with the legitimate 3000 user mailing list though, he was really annoyed that we weren't going to let him run that.
Introducing the new Occam Fusion! Now with sqrt(-1) fewer blades!
Instead of a complete disconnect, why not redirect all traffic to a proxy that permits connections only to specific anti-virus and update sites, and directs all other web traffic to a page that says "your machine has been quarantined for {spamming|DDoSing|Whatever}, here's what you need to do to fix it..."
.sig
Allow them to reach microsoft update and redhat.com and they're more likely to be able to fix the problem.
-- not a
My mom basically runs a country dance club in my hometown. It has well over 500 members in it. Every month she sends out a newsletter by email to all the members that request it. She's already have had problems with spam. Her ISP's spam protection labeled her address as a spammer so she couln't get these newsletters to anyone for a while. Her dialup ISP seemed be pretty cool about it when she called them, and were able to resolve the problem immediately. But if her ISP would follow the ways of these email providers, it would probably force her to email the newsletter over the course of a few days, which would be really annoying and cause problems. Assuming she doesn't get "unplugged."
I can understand that spamming has got really out of hand, and that something needs to be done about it. But I think the countermeasures might screw other people (like my mom) who are running non-profit orginazations and are sending information on their member's request. It's unfortunate that a handful of people who want to make a few dollars by abusing a system screw over the people who use that system ethically.
Abaddon: An Xbox 360 Indie game
Great, now I get kicked of the mail server just for forwarding all of my spam to uce@ftc.gov. And to top it off, since my IsP started blocking port 25, I have to send this e-mail through their servers, rather than better run and more ineligent servers that I would use otherwise.
I'm an American. I love this country and the freedoms that we used to have.
Open relays really are not a problem, anymore. Not that I've seen.
Virtually no mail server will accept an email that is sent from an unknown system, anymore. I had to reconfigure all of my computers on my network to use my ISP's SMTP server, instead of using the one built into my email server, because virtually every site i sent legitimate email to bounced it back saying "we don't accept email from this host" or some such. When I changed to using Comcasts SMTP server, even though i was still using the same address (@blackmagik.dynup.net) for the email, they would all accept.
It's using the computer to get the SMTP server settings, attack the hell out of the ISP's SMTP server. Of course they'll relay your email, you're their customer!
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
"more ineligent servers", huh?
"I'm not a super genius. Or are I?"
And sending out this much e-mail, you damn well better have your own mail server as well. It isn't THAT hard to put one up on a DSL line. Don't have DSL in your area? Well, e-mail isn't a time-sensitive application, get satellite!
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Turn'em off. Even the hotmail ones. It takes 5 secs to get one, so it should take 5 secs to turn one off. SPAM MUST be stopped!
http://jayceecorder.blogspot.com
I have paid to keep my Hotmail account active because my domain name contacts emails are hooked up to it -- so I thought that was a safe bet. I used my Hotmail email adress in the DNS records because if my ISP suddenly changes then I don't have to worry about my domain name, and also a Hotmail account seems more anonymous and therefore seems more private for me (even though it's a public email address).
So now I am posting this comment anonymously because you can derive my domain name from my Slashdot User ID, and some joker might wrongly report my Hotmail account to Microsoft as a spam account, and it might get deactivated without notice. Then how do I manage my domain name? .. better look up the details of that web-based interface to the Registrar.
or just really, really optimistic. Sorry, but if you include the software on the disk, joe average and his 80 year old grandma will expect support (free, of course) when those patches kill you're computer (which they do from time to time). Or when the patches just don't install. Most ISP software has a hard enough time installing as is without the added benefit of installing a buttload of patches. Besides, all you need to do is turn on ICF, and have them go to windowsupdate.com, which they should do anyway so they can get the patch for the patch so it's that much less likely to bust their computer. A better solution would be to pop up windowsupdate.com after the install was done.
:).
But heck, why stop at windows patches? Just distribute a Redhat disk and be done with it
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
One of my friends runs several email lists from his server, and they generate 600 emails per hour, he claims (I believe it -- each one is incredibly high volume and many people are on several of the lists). These lists help create tribal connections in the San Francisco Bay Area and among many out of staters that spill over into Burning Man and many other events throughout the year.
Killing his email server would do a serious disservice to the needs of hundreds of people who depend on the list to seek advice, provide help, give things away instead of throwing them away, and generally just maintain social and working connections.
Who doesn't hate spam. But sheesh! This is a death sentence comparable to MS killing email accounts without confirmation of the act accused of. Let's not put ourselves in the same boat as Microsoft.
There are lots of smaller ISPs that don't differentiate between business and personal accounts. They just have 1 or 2 or N classes of service (dialup, ISDN, DSL, T1, or Poppa, Momma and Baby, or whatever). If the low end is sufficient, lots of home-based bsuinesses use it.
If you're using an account that's explicitly not for business for your business, then you deserve to get shut down.
Most of the time the end users have no idea of what is going on, and although they paid for the computer and OS and internet connection they are going to be disconnected.
...
Shouldn't the computer vendours and ISPs be much to blame as well? They are in such a rush to sell their products/services that they fail to tell their customers about their responsabilities as computer/internet users. Then they come around and bite them in the ass by unplugging their connection and charging to fix their infected computers.
Ignorance has a price indeed
Aventuremail will delete your account just for receiving spam!
FoundNews.com - get paid to blog.,
Earthlink? Comcast? Microsoft? I seem to remember the first two holding most of the real-estae in the Spamcop blacklist, and the thrid wants to charge you for each email you send. sounds like a sham of some kind to me.
Sorry.. let the W3C come up with something first.
boycott slashdot February 10th - 17th check out: altSlashdot.org
You can still use the Web Mail server (https://webmail.yourcitycode.rr.com) to send mail if you go over the limit. Another alternative is Dial Access. You can use the free dialup service to send additional e-mail through the SMTP server.
Additional information
might as well stick this in here, sorta relevant:6 23042aol1.h tml
http://www.thesmokinggun.com/archive/0
Pair Nailed In AOL Spam Scheme
Arrested in theft of firm's 30 million subscriber list
JUNE 23--An AOL software engineer was arrested today for stealing the company's entire subscriber list--totaling 92 million screen names--and selling it to a 21-year-old Las Vegas spammer. According to the below federal criminal complaint, Jason Smathers, 24, last year illegally accessed the highly confidential AOL list by using another employee's identification codes. Smathers, who worked in AOL's Dulles, Virginia office, then allegedly sold the list to Sean Dunaway, who used the AOL database to promote his own online gambling business and who also sold the list for $52,000 to fellow spammers, one of whom used the names "for purposes of marketing herbal penile enlargement pills," according to the complaint. AOL's subscriber base is about 30 million individual customers, who account for 92 million different screen names. Prosecutors also contend that Smathers subsequently sold Hathaway an updated AOL customer list--this one with approximately 18 million names--for $100,000. Both men have been charged with conspiracy, which carries a maximum prison sentence of five years. (13 pages)
--smoking gun is a good site, BTW
Wonder who else got the list? Pretty valuable if a copy on a cd with mostly bogus emails is going for 300$.
Check number of nonspam messages ... 0.
Yep, He's a spammer!
The problem with an ISP ( or email service ) canceling an account due to JUST a complaint is that most e-mail's are spoofed..
If you just take the 'shown' send-from, and complain, you just had an innocent bystander's account wiped...
---- Booth was a patriot ----
1) Get rid of MX record.
2) Add MR record (Mail Receiver)
3) Add MS record (Mail Sender)
All mail from a given domain must come from a server with an MS record. Now you have accountability, w/ accountability comes prosecuting people who violate laws.
DONE.
RandomAndInteresting.comdefending the world from stupidity since 1979
Umm, no. The days when you could send emails from your own SMTP server are long gone now.
First, the cheapest ISPs blocked port 25 entirely, except to their own SMTP server. The idea caught on, and most are blocking port 25.
Now, even with the very good ISPs, you can send mail over port 25, but even major ISPs are using different spam lists like the SORBs DUL, that blocks ALL EMAIL from dynamic IP addresses, bar none.
In the near future, having a static IP and one of the better ISPs won't help still. You'll also need to be running your own DNS server, and provide SPF records.
Frankly, limiting people to 500 emails per day is rather benign compared to all the other measures that have already been taken up to this point. All signs point to the future being even worse for anyone who doesn't want their e-mail service provided by one of the big ISPs.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Go back to February, 1999 and read RFC 2505. See what it says about how securing open relays will work to end spam (it's the RFC that says to secure open relays.)
There are the open relays and there are the ones who abuse them. The ones who abuse them are the spammers, are the criminals. Doncha think maybe a teeny bit of attention might be paid to the criminals? Securing the open relays hasn't ended spam, not since 1999. It's not a means for ending spam. Whacking spammers, on the other hand, has strengths in the "ending spam" category. Bend the effort a little more toward whacking the spammers. In 1999, 2000, it was extremely easy to whack spammes right and left by operting a fake open relay - but few did.
If, someday, you really wish to see spam ended perhaps you'll think about how to hit the spammers and stop trying to blame other victims. Whatever else comes from blaming other victims, it's not productive, not doing much at all to end spam.
If you're already primed to respond with a "oooh, you're a spanked open relay operator" be aware that I have a rude, scornful reply in mind for you. No, I'm not. I'm a person who has bothered to think about spam and open relays and who understands better what to do (unlike, confound it, ASTA.) If ASTA would do MINIMAL research and READ RFC 2505 they might GET A CLUE about how and why securing systems is not a solution. If this is their technical approach to ending spam 5 years after RFC 2505 they are below pathetic - and that's being polite. If you are going to use technical means against spammers then USE TECHNICAL MEANS AGAINST SPAMMERS. Blocking ISPs who might have zombie systems isn't a solution to spam, isn't an action taken against spammers. Contact the ISP, tell them to find out where the abuse originates, and then themselves contact the ISP where it does originate (it could be coming from an open proxy, or even a zombie.) What in tarnation do people think "technical means" are? spam pervades the internet. Does it not seem barely possible that if ISPS would actually LOOK at the traffic they could SEE the abuse?
If Delgado has scared you off (and you're an ISP) ask your freaking lawyer. There are exemptions that allow monitoring traffic and spam traffic being sent by theft of your or your customers' services isn't "communication." It's THEFT.
"Internet providers should take those machines offline until they can be cleaned up, the group said."
How are you supposed to patch your computer without internet access?
i saw the baby, and the baby looked at me
Hotmail and MSN can seriously kiss my ass.
I have had my hotmail account since 1996. It's one of the free ones with a tiny bit of storage that keeps shrinking because they REFUSE to filter out the spam.
I cannot believe that after all this time I still get the same crap OVER AND OVER because they have no idea it's spam.
So let me get this straight? They can't control their own shit, but they expect Joe Schmoe from Idaho to be able to control the amount of spam they can't?
I hate M$. I hate M$. I hate M$.
Read this article from The Register, almost three years old: Verified: you can get anybody you want kicked off Hotmail
Tag lost or not installed.
MS owns the servers and charges nothing to use the basic service. I hardly think its a rights issue that they will close an account that has had a complaint against it as it is far easier to do that than waste someone's time trying to track down the user and get their side of the story. Bottom line, free service using their equipment and bandwidth. If they want to disable your account, for whatever reason, it is their right online to do so. Just like its rastakid's right to look like a moron questioning the practices of a free service of which he also has the right not to use.
When will slashdot institute moderation of the editors and the stories they post.
This pretty much forces users to take one of 4 paths
/.ers, but almost impossible for average folk, like my parents. 2 really shouldn't be encouraged, ever.
1) reinstall
2) buy software at the store
3) switch to linux (same as 1 really)
4) find another net connected computer
4 is easy for people like
Why not tell them to buy software? Wouldn't it be a good idea to get these infected computers some antivirus software? I work at an ISP, and we handle zombie spamming PCs by first sending them a notice saying that their computer is infected with a virus, and if they don't clean it, they're cut off. In a while, they are. Or they call us, and we tell them to go to the store and buy some antivirus software. I don't know why you don't think that buying AV software should be encouraged. It's the most logical idea for an infected PC. That's what the software is designed for, getting rid of viruses. And it's easier for customers than all three of your other ideas.
I've seen this done to my account TWICE already.
The first time happened when I got a trojan after getting caught in a porn spin cycle (joke all you want, I don't care). And yes, I was using Firefox, not IE. Anyway I thought I had eradicated all traces of it until one day that my modem's power light is flashing. I call to see what's up, and they let me know that my comp was sending out spam, and to fix it, and it will be reset. After a reformat and informing them, I was back on.
The second time was four days ago. I have a mailing list of about 800 sim racers who like to receive info on my league yearly, so I sent out mass bcc mails in batches of 100 (I think RR's mail limit is about 120). Well about four hours after this, I needed to send a mail to someone, and I get back an error message upon sending. I look it up at RR's help site and it denoted that my SMTP mailing privileges were suspended for the day for possible spam activity (regular surfing was not suspended).
I wish it was open relays that was the problem they are easy to fix by blocking the IP subnet. You can't do this really unless you block Commcast althogether, and this doesn't work. These spammers have 1000's of zombie machines so they use one and then move to another. They do this hourly.
I do think that the owner of the machine should to something to cover the cost of the problem BUT I think the orginators are the ones that should be strung up by the balls. Personally I see this as a hack and hacking now comes under the homeland security act and carries a 10 year sentence. I think 10 years in jail rooming with one of the users of their penis enlargment formuals would be fine!
I really don't see why the laws are the way they are. They can hijack a machine and all is well. I hack their network and I go to jail for 10 years. They say the scales of justice are balanced. I think somebody needs to check the bitch's scale and her blindfold.
SPF is a good idea in theory, but it can cause nightmarish problems in some situations.
One of my customers has their website hosted by one company, and their internet access provided by another company. Their email clients were set up to use their ISP's mail servers, rather than their webhost's, but still use their domain name for the outgoing address.
The webhoster implemented SPF, and all of a sudden, they couldn't send emails within the company, because they were coming in from mail.isp.com, as opposed to mail.webhoster.com.
The webhost company's solution was: "Use our mail server."
This would be fine, other than the ISP blocks outgoing port 25 to prevent spam, thereby prohibiting the use of any mail server other than mail.isp.com.
If everybody used the same anti-spam solutions, it would be fine, but they don't, and the mish-mash makes legitimate email very difficult to send sometimes.
"City hall" in German is "Rathaus" Kinda explains a few things......
The $50 fee is to re-enable their access after they have been cut off- AFTER they prove that they are clean, eitherc EXCEPT port 80 and 443 LEAVING their IP being clean, as well as passing through ISP initiated port scans looking for open ports unscathed. You could even force people to register the email addresses of people they wish to email with the ISP, and put a limit on it as well, assuming these people also wanted outgoing port 25 enabled. Since so many (often novice) users rely solely on webmail, this won't be much of a problem.
The $100 fee would INCLUDE a cheap (hardware) firewall which would prevent any incoming port forwards, and potentially limit the outbound connections as well. This would help stop the problem of PC's being infected and becoming open relays.
After somebody (or their machine) has been proven or suspected of being a spammer, an email should be sent to the customer telling them that all outgoing port 25 traffic from their IP will be blocked EXCEPT to the ISP, and even then only allow email to flow to "approved" admin type addresses, not the regular customer base. Implement a system where a user can interact with an AUTOMATED system to quickly re-enable their system, even if it is only to small number of recipients, just so any critical emails they need to send can get through. After a day or two, have even those limited addresses blocked if the system detects large or abnormal amounts of mail being sent out.
If people cannot bother to read their email regularly (and get the admin messages), they should not complain (too loudly) if they miss a "critical" email which details why they can no longer email others.
The key here is EDUCATION, and of course the hardest thing to do is to get somebody to pay attention to something they know nothing about. Even the most fearful user would probably try to figure out why they keep getting hit by these $50 bills and keep having problems sending emails.
If somebody needs to constantly send 1000+ emails to a large variety of people (i.e. running their own mailing list) maybe they should apply for/pay for additional access anyway, so Joe-Bob and his mother can continue to have their basic no-frills service cheap.
Maybe with a little more education the average person will come to realize why us geeks are always pissed about the poor security of Windows boxes, and maybe, just maybe some of that will roll uphill to Redmond and change just a little of the way they implement things.
I can think of a million (probably impractacle) hacks that could be put into place to help ensure your customer base is safe. An ISP could even go the route of using something like the Cisco Security Agent. There are a million links to it, but here's one from ZdNet for those of you all paranoid about marketing information: http://techupdate.zdnet.com/techupdate/stories/ma
Basically you could "require" your customers have something like CSA installed to protect their machines are they are simply not allowed on the network. Of course, common sense has to be used (something often lacking, unfortunately) when implementing such policies. If your chosen tool is not available for a specific platform, allow exceptions. We all know that (currently) the biggest threat on the internet is Windows machines anyway, so this isn't unreasonable. Even if something without as much capability as CSA was used, say something with ONLY the ability to to just verify that the virus updates happened in the last X time period, and that critical update X has been installed, etc before they were allowed to access ANYWHERE except those locations, great, the vast majority of problems are solved.
-- I speak only for myself.
"Microsoft closed the account immediately, without investigating."
They should look at aa105966 AT hotmail.com. While closing it would be appropriate that's too friendly. They should empty the mailbox, divert all future email away from it (it will be coming from newly-detected open relays - that's what the mailbox is for), and learn as much as they can about the IP address used to access the email.
At least it was so used on Tuesday.
The internet could be far more spammer unfriendly with very little more effort - and after all these years of spammer abuse wouldn't it be fun to make them hurt?
Hotmail's only purpose is spam. Sending it, and receiving it, and loving it.
People only use Hotmail to sign up for things when they don't want to clog their real accounts. Spammers only use Hotmail to send spam...mostly to other Hotmail accounts.
So it makes perfect sense not to investigate. Who knows why MSN is even bothering to keep Hotmail around? It's clear that they aren't trying to compete with Yahoo! or GMail.
1) Keep the MX records...
2) Have *NO* hidden mailservers not on file with DNS.
3) Only allow official, on-file-with-DNS mailservers to talk to each other *ONLY*
4) Spam is cut way down and rogue mailservers are easier to identify and take action against.
Many spam (zombie particularly) problems can be fixed by all ISP's severely rating port 25 traffic to 1 kb/s for the first 50kb per connection.
That way large file attachments are unaffected, but spammers are severely limited in the amount of spam they can send out (hundreds per day instead of tens of thousands).
The idea needs work and refinement, but I think it could be very effective. Inline traffic shapers that only affect port 25 could allow ISP's to conform without any configuration needed.
I'll bet you $100 that pope was one guilty motherfucker.
Ironically, the word ironically is often used incorrectly.
(Yes, that's a Homestar Runner reference, and I know this is not FARK)
I disagree; sending 1000 emails consumes very little resources, that's why there is a spam problem. This shouldn't be used as a way to screw over customers who have a legitimate mailing list. However, it might be an idea that those who do want to send mail on that scale need to register in some way, just fill out an online form stating roughly how many messages how often they plan to send, and contact details for complaints so admins can take reasonable action if there is a problem. If you try to bill outrageously you'll just end up with legit users using spammer tools to bypass it.
Forcing all email through the ISP's border mail servers, where spam and virus checking can be done, and then make a determination if it's spam or not.
It will not help much probably. Already now big part of spam originated form Indian, Russian, SE Asian free mail accounts. ISP providers probably less scrupulous there. The spam sources will just shift out of US/Europe jurisdiction.
So has your DMCA bot-killer generated any takedown notices yet?
CAn'T CompreHend SARcaSm?
So get the webhoster (or whoever is hosting the DNS) to set up the SPF record correctly so that the ISP's mail servers are allowed to send email for the customer's domain.
Which brings up another point, the owner of the domain should have 'control' of the DNS (and thus make the decision on whether or not to publish SPF ecords) for their domain.
I've seen better reasons for not implementing SPF but this is not one of them as there is an easy solution.
Push the ISP & your customer to implement SPF as well then include the ISP's mail servers in the customer's SPF record. They don't even need to change their sendmail setup, just add the relevant TXT records to their DNS records. For a minimal effort the problem is solved.
Calling this situation "nightmarish" is simply untrue.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
I'd need to check my mail logs, but I suspect I'm getting close to that volume of outgoing mail due to bounces of spams coming in as dictionary attacks on my domains, as well as double-bounces due to joe-jobs using nonexistent accounts on my domains.
the dude is just being nice enough to give this guy and invite and you mod him down and take some karma. I fucking hate you fucks
I'm getting hundreds of bounce messages these days sent to random-name@mydomain. A few of them do contain the orgional message. I should probably dig through those sometime and see if I can try to find the spammer. If you're using a baysian filter, look at the bounce messages that get a high baysian score.
It's really bizzare that the ISP won't even give you a copy of a message they're holding you responsible for.
And anyway, if you're in a suing mood, why don't you sue your ISP? How much did you pay for your year of hosting? one-hosting is $83 for the year, but it sounds like you must have paid a lot more then that.
Go back and read their terms of service, and see if it says "we can cancle your account whenever we want, for any reason." Keep in mind that they are bound by the TOS just as much as you are. If they're in breach of contract, they should refund your money, and pay for the costs involved in moving your domain.
Finaly, if you own your own domain, why not setup SPF? AOL has been pretty big in promoting it, so I would assume they check for SPF records when delivering mail. The spammer might give up on your address if it can't send to AOL.
autopr0n is like, down and stuff.
My guess is like me he runs mail servers as part of his job.
Open Relays are gone - the current problem is the million odd "owned" Windows boxes.
We rarely see spam twice from the same IP address, where as a few years ago the same was from a small number of open relays and you'd see frequent repetition of the same IP addresses.
Sendmail just doesn't feature any more, the only thing sending significant quantities of spam are (presumably) compromised Windows machines.
Have you ever tried getting an ISP to do this? Nightmarish is one of the milder words I'd use to describe it.
In meatspace the owner of an "attractive nuisance" bears some responsibility for the misuse of the property if they do not show that they have made a reasonable effort to prevent such, like using locks on the doors and monitoring the property.
This correlates strongly to "closing open relays" and "keeping your system patched".
Forget diamonds, copyright is forever.
"In meatspace there is a term for things analogous to open relays. That is 'attractive nuisance'. Usually used to refer to such things as unsecured structures that could attract trouble."
I'm aware of "attractive nuisance" but that is more like an unfenced swimming pool that attracts its victim. Even though the victim suffers damage because of the victims own actions the owner of the attractive nuisance bears liability because he didn't properly anticipate and protect against the damage.
"In meatspace the owner of an "attractive nuisance" bears some responsibility for the misuse of the property if they do not show that they have made a reasonable effort to prevent such, like using locks on the doors and monitoring the property."
Get over it. The fault lies with the spammers, not the hapless operators of open relays. The cure is to get rid of the spammers.
There is an RFC that describes why open relays should be secured: RFC 2505. That RFC says that securing open relays won't work to end spam nor to control spam. Find it, read it.
Your "attractive nuisance" misconception is founded in the idea that if all operators of abusable systems everywhere were to secure their systems then no more of the abuse through such systems will occur. That's valid logic but it's useless: all operators are not going to do it, one of the premises fails. No combination of hissy fits and snotty behavior toward operators of open relays (or spam zombies) and their ISPs will turn the "secure the systems" approach into an effective tool. If it were to work then all the blather about completely changing the SMTP protocol to end spam would pointless: securing the systems was the solution.
RFC 2505 is from February, 1999. Open relays are still a problem: I trapped an open relay test message yesterday evening (they do come less often now.) That's over 5 years of "secure your open relay" and open relay abuse continues.
If the ones who are so adamant about securing open relays would bother to do an analysis they'd see that if they simulated open relays (enough to fool the spammers or even only enough to trap open relay test messages) they could take advantage of spammer behavior to cause damage to the spammers.
There's two ways to attack the open relay problem. The way that is good for the individual system operators is to secure their open relays. That keeps them from being sites of abuse - but it doesn't stop spam. The other way is to make it no longer pay for the spammers to do open relay abuse, without fretting about how many open relays there are. That works instantly to help end spam.
What's the goal? "Secure the open relays" or "end the spam"? I aim at "end the spam." Once the spam is ended then it's like it was originally: open relays aren't a problem. That was a nice time, a spam-free time, and it had open relays. They weren't the problem, the spammers were the problem. Still are. Ending spam by eliminating all possible points of abuse is hard. Eliminating spam by eliminating spammers isn't nearly as hard. Why choose the harder method, why be so confoundedly insistient on a failed approach?
The open relay test message I trapped yesterday was from slip-12-65-150-128.mis.prserv.net, to smtps1 AT transedge.com. There's useful anti-spam information in those facts, particularly the latter. Transedge.com seems to have links to a lot of spammish places.
Hotmail accounts which are suspected of sending spam are closed without a single investigation. This article states that Maariv International registered a new Hotmail account and sent an abuse message about spamming activities from that account, while not a single message was sent from it. Microsoft closed the account immediately, without investigating."
Prompts the question, what came first: the government, or the corporation?
Just not going to happen.
The best that can be done is to make what spam remains traceable and act against the spammers using relevant meatspace laws such as fraud, misuse of chattels, libel (or is that slander?), etc.
Open relays, zombie systems, and other "workarounds" make this more difficult, so keep your doors locked, your systems patched, and your relays closed.
And keep a light on.
Forget diamonds, copyright is forever.
My ISP blocks port 25 also. I have webhosting elsewhere and I do not want that domain's mail to be sent through my ISP's servers either.
What you can also do is have your client set thier SMTP to port 587 versus port 25. This is a known SMTP port on the server and your webhost should already be listening for mail on it.
This is actually a part of the SMTP RFC.
"You cannot eliminate spam."
..."
I can't. The people of the internet can.
"Just not going to happen."
Thanks for your support. So you accept spam forever but are angry about open relays because they enable spam. Curious.
"The best that can be done is to make what spam remains traceable and act against the spammers using relevant meatspace laws
That's what I say, too. The fact is most spam is traceable - if you start tracing earlier and if ISPs cooperate in the tracing. If you start tracing earlier then "most" spam doesn't matter - the spam you trace gives enough evidence to get rid of the spammers who sent it.
"Open relays, zombie systems, and other 'workarounds' make this more difficult, so keep your doors locked, your systems patched, and your relays closed."
When spammy comes sniffing for an open relay, etc., detect him and use the meatspace laws: he's committing a crime. If all those things are used to send spam then there's a proportional amount of abuse. That's a huge portion of the internet traffic. Spammy can't hide his traffic: it's massive. That the traffic isn't detected isn't because it is hidden, it's because fewer than one in 10 million look. Tremendously effective things have been done against spammers by individual honeypot operators. It's good advice to secure open relays but securing open relays is an ineffectual approach to dealing with spam. The effective strategy is to go after the open relay abuse committed by the spammer. That works pretty much in direct proportion to the number of practicioners. Securing open relays has no practical effect on spam volume until open relays are either too scarce to find or are so clogged with spam it all can't get through. So far that hasn't happened (although the spammers have lowered the load on the pool of open relays by using other techniques. The net spam load has gone up tremendously since the time when open relays were the predominant spam pathway.)
Honeypots aren't the only way to watch for abuse traffic but they are a way that many individual users can combat spammers. Honeypots exist for open relays and for open proxies. Some reports haveeven been made of honeypot-type activity against zombie-using spammers.
Every complaint against open relays implies that the spamemrs are still looking for open relays to abuse. that may mean they are checking your IP. when they do they may give away information about who and where they are (a few years ago they were blatant enough to test for open relays from their own systems. So few people paid attention that they could do that, didn't even have to think about doing it stealthily. That's a disgrace.)
Forget the disgrace, remember that a spammer might today attempt to test your system and by so doing give himself away. Doesn't it make sense to detect such attempts and to campaign to get the meetspace laws that apply enforced?
The sorts of frauds perpetrated by spammers have been around longer than the Internet, longer than computers, indeed longer than the steam engine.
As long as there are people around eager to attempt these frauds they will find the most efficient means to communicate with their intended victims while concealing their own identities.
Make no mistake on this, these people are highly motivated, and there are large profits they are making by finding victims for their schemes. They will not be tracked or dissuaded by a few grumpy sysadmins.
What we need for what you propose to work is law enforcement (in all the countries involved) that is engaged and willing to help out and use the data that we can collect from regular logs on mailservers that are not configured as open relays. Why take the risk of keeping a system that is proven to be abusable when you don't have to?
Forget diamonds, copyright is forever.
"What we need for what you propose to work is law enforcement (in all the countries involved) that is engaged and willing to help out and use the data that we can collect from regular logs on mailservers that are not configured as open relays."
To which I add fake open relays. All I have is a system that accepts anytihng for relay - but delivers nothing. I trap relay test messages. If I'd deliver them then I'd get spam, which I wouldn't delivver. both ways I have evidence and would dearly love for law enforcement agencies and ISPS to understand the significance of the evidence.
"Why take the risk of keeping a system that is proven to be abusable when you don't have to?"
As I say, securing the system is the right thing for the administrator of the system to do. It is the right thing to do. I don't question that.
Blaming him (and all the others) doesn't end spam. Failing to tell him what he could do that is more effective once he has secured the system (and failing to do so oneself) prolongs spam. That's my real message. The effective weapon against open relay abuse is not securing open relays.
While law enforcement participation would be very helpful action by ISPs that do oppose spam could be very effective. They could also watch their incoming traffic, watch particularly the traffic in to IP addresses from which spam is seen to be emanating, could run their own honeypots. They could get a reputation among spammers as an ISP not worth risking anything with: too sharp, too likely to hit back. But they don't.
They won't stick their necks out for anybody if they don't have to.
Fake open relays are a good idea - as a law enforcement tool. I'd say the FBI and other national police forces should be the ones running honeypots, fake open relays, and other tracking tools. That is one of the things we are paying our taxes for, so that we do not have to do law enforcement investigation ourselves. Especially when the victims of the crimes are so widespread.
Forget diamonds, copyright is forever.
locks outgoing port 25 to prevent spam, thereby prohibiting the use of any mail server other than mail.isp.com
...
That's why you should use the port "submission" (587/tcp) for email-submission. Of course, the mailserver sould not just treat that port identical as smtp (25/tcp) but only allow email-submissions from authenticated clients, preferably encrypted,
I asked the webhoster to do this, and their response was:
"There are no exceptions. This is our policy. If we make an exception for you, then we have to start making exceptions for everybody from everywhere, and pretty soon we might as well have not implemented SPF."
I tend to agree with them on the last part....I don't think they should have. But when they did, they should have at least worked with their customers to try to resolve problems, and they should have warned them all at least a month ahead of time, outlining possible problems, and how to fix them. None of that was done.
Needless to say, we're shopping for another webhost.
"City hall" in German is "Rathaus" Kinda explains a few things......
Port 587 is closed on the mail server in question. Just checked with nmap.
"City hall" in German is "Rathaus" Kinda explains a few things......
I have discovered that by filtering to trash at my ISP server all mail containing: .hotmail .yahoo .msn .jp
and one or two other national domains, I get virtually no spam at all. Down from well over 100 per day. Yes, you can no longer get mail from people at these addresses. Let them change to a less abused domain.
Thanks. I bought a Telex H-851 because it was the only one recommended with 6 stars by Dragon Naturally Speaking, voice recognition software. The Dragon recommendation seemed important, since they want their software to work as well as possible.
"you've framed the problem in such a way that there isn't one"
Well, it's not like he came up with some contrived hypothetical, and, anyway, he framed the problem that way before your earlier comment that, "If you want to dissemenate information periodically, there are much more effective ways than email, more reliable, an overall better use of resources, easier to manage, and just plain the right way to do things."
That was both rude and wrong. Why is the e-mail list he was using not the "right way to do things"? It was functional. I doubt it was very resource-intensive. (In fact, it could easily take less bandwidth than the average user consumes in the same period with web-browsing and the occasional online game. Quick math, a plain text e-mail is probably around 10KB. Multiply that by 208 and you've got what, around 2MB? Even multiplying by 28,000 is only about 273MB. And I assume that these are sent out weekly, monthly, or less often as need dictates.) Actually, I wouldn't be surprised if it was MUCH less resource-intensive than hosting a webpage. The information is updated periodically, but infrequently, so many users would otherwise be downloading the same content repeatedly looking for updates. E-mail delivery might be slightly less reliable, technically, than a website, but the chances are much higher of club members forgetting to check the website than to check their e-mail, so the effective reliability of e-mail in this case is higher. Plus, he already knew how to use it, and so did most if not all of the club members.
In addition to the downsides of using a website to replace an e-mail newsletter, there are many more products that allow syncing of e-mail than easy syncing of websites. For example, I use a PDA to carry mail with me. Avantgo, or another web-clipping tool, could be used to make a copy of a web page with the schedule and whatnot if needed, but it requires more trouble on the users part and isn't nearly as slick.
Also, e-mail is easier for users to organize and flag.
As for scaling, 28,000 members is a lot of club members, so I doubt that will be a worry for many people in a similar position (organizer for a medium-small club or business). Moreover, is there any reason it shouldn't scale well, even to 28,000? After all, spammers do much larger e-mail runs all the time. As long as it's just a reasonably short text e-mail, the bandwidth usage isn't that high; also, if the newsletters are relatively infrequent, he might actually consume less bandwidth with the e-mail than from many members checking the website daily or weekly for updates. The main problem I forsee is the need to be very careful about the opt-in and opt-out policies and removing dead addresses.
Because of this, an RSS feed (or similar technology) actually sounds like the best kind of solution for this kind of need, but the level of adoption is not yet high enough to switch to completely and most synchronization products don't have RSS support yet. In addition, this particular user wants to make some content only available to people paying a premium. I haven't read enough about RSS to know if there is any good way to provide access control to particular feeds.