Unplugging Email To Combat Spam

monkeyserver.com writes "from Reuters (via CNN) we hear that 'Consumers who allow their infected computers to send out millions of 'spam' messages could be unplugged from the Internet under a proposal released Tuesday by six large e-mail providers.' They are looking at 100 per hour or 500 per day; this doesn't really sound like a bad idea, though it could cause problems for a few people trying to run companies from their basement..." On the other side of the coin, rastakid writes "It appears that Microsoft is taking its actions against spamming a little bit too far: Hotmail accounts which are suspected of sending spam are closed without a single investigation. This article states that Maariv International registered a new Hotmail account and sent an abuse message about spamming activities from that account, while not a single message was sent from it. Microsoft closed the account immediately, without investigating."

Re:Open relays

[Bob+Zer+Fish]

perhaps something like SPF could be used? That would ensure that spam was sent from the correct mail servers, and hence not spoofed. This would reduce a large amount of spam appearing to come from other users.
Once this has been done we can then clamp down on the dodgey email servers.

Hotmail DOS?

[kpansky]

Doesn't this pose a risk for effectively DOS'ing all hotmail users? Just create a script to aggregate Hotmail accounts through google and send complaints? Thats mildly annoying.

Re:hate to point out the obvious...

[EvanED]

That doesn't mean that it isn't a stupid or asinine thing to do. It just means that they wouldn't be held culpable.

Easily Avoided

[Ag3nt]

Even though this is a step in the right direction, all the actions proposed are easily manuvered around. They close a hotmail account, another one is opened. I like the ISP e-mail ban though. Another issue that will most likely develop is anyone who buys webspace has an option to set up a POP3 mailbox. I just finished buying 3 gigs worth of space, and as a bonus I was awarded unlimited POP3 accounts. The price per month of that space wasn't even that expensive (www.hostony.com). I admire these ISPs efforts to stop the spam, but in the end spammers will always find a way around every obstacle implemented to stop their spam.

It's kind of ironic, isn't it?

[bennomatic]

I gave up on Hotmail a long time ago, not because of spam sent from those accounts, but because any time I opened up a hotmail account, it was immediately deluged by SPAM

hotmail closing accounts

[networkBoy]

Not too sure how I feel about this....
On one hand I applaud the proactive stance of shutting down spammers, but on the other hand I feel that an account should maybe be sent one warning which, if not answered within 1 day or so would then result in account suspension.
Or, you are prevented from sending out any more e-mails until you respond to a "human test" e-mail.

Just my thoughts...
-nB

A solution

I think something like this could work, but not on it's own.

ISPs should send a letter or e-mail to all their customers (i.e.
make sure they get it) stating that they are about to introduce
rate-limiting both from their smtp servers for that IP address/subnet
and from port 25 from the IP(s).

Customers who don't know what this means or who aren't bothered will
ignore it, and will be rate-limited (so they basically won't be
affected since they either a) aren't bothered, or b) aren't heavy
e-mail users).

Customers who know they will be affected or otherwise want to be
rate-unlimited can e-mail the ISP and request the rate be removed.
Perhaps they could be asked to prove they are worthy by describing
what they've done ("I've patched and secured my Windows box, and
my other boxen run BSD and run no mail daemons").

This way, no one has their service unfairly cut back, and unknowledgable
users (those responsible for zombie-Windows systems) will be protected
(or everyone else protected from them..).

Re:what about forgeries?

[mopslik]

Anyone care to open a hotmail account and then forge an email to appear to come from that account....just to see what happens?

You mean, like the article says?

Maariv opened a new account with Hotmail and sent no email whatsoever from it. Using a different email, we filed a spam complaint, saying it came from the new Hotmail account. Attached were Internet headers from an old spam, where the sender's address was replaced with that of the new account. Within less than 24 hours, we received a message saying the new account was shut down.

RTFA? Yes, I must be new here...

Companies from Basements?

[pridkett]

The poster makes the claim that 100 per hour or 500 per day would only cause problems for people running companies from their basements. I heartily disagree. Think of people who run mailing lists from their home servers, these can easily send out more than 500 messages a day. Another example, when I recently got engaged, I sent out an email to a LOT of people. Probably over the course of that first hour after I sent out the original notice I sent out well more than 100 emails. I wasn't doing anything wrong.

The real fact of the matter is that this will do nothing to stem the tide of spam when one considers that most spam is now generated by zombies. Also, don't think they won't just find a way around it. This is like the DMCA, it only stops the honest people.

Fortunately, there has been some movement on SPF.
I suppose I can be happy about that.

Running a company from their basement?

[drinkypoo]

They are looking at 100 per hour or 500 per day; this doesn't really sound like a bad idea, though it could cause problems for a few people trying to run companies from their basement...

People trying to run companies from their basement should really have a business account, which generally has a substantially different AUP than an ordinary personal account.

If they don't, then they're in violation of the AUP, and are at risk of having their account terminated, not just being temporarily disconnected.

Membership impact

[BoomThing]

So if I email an event notice to my club membership list of 208 addresses, (given freely for this purpose) I'll be labelled a spammer unless I split the mailing up over 3 hours? There are other ways to find spammers besides shear output.

Distributing patches on sign-up disks

[CdBee]

A lot of people's hijacked systems could have been kept clean were they fully patched:

I've been saying for a while now, if an ISPs sign-up disk had all current Windows service packs and critical patches loaded into it and installed them as part of the setup procedure -"You consent to Windows update patches being applied to your system during install"- then I'm sure a lot of network and support load could be lifted off the ISP and the net as a whole. If they could broker a deal to install Zonealarm or Sygate Personal firewall at the same time even better.

It isn't an unreasonable expectation that a machine connecting to a public network shouldn't have gaping security gaps. In fact, IMO, it is a public duty that it should not.

Re:Open relays

[WolfWithoutAClause]

Maybe some sort of "reconnection fee" from the ISP in the $35-50 range would be a good enough speedbump to make consumers aware that this kind of threat exists and it will be their problem if they don't protect themselves from it.

Probably a baddddd idea.

The issue is that, in practice, a vast number of boxes on the internet are all vulnerable to attack- there's bound to be some hidden flaw in the incredible number of packages out there.

So the system can be up-to-date with all known patches, and still be attacked. Fining people for things that flat-out aren't their fault is likely to be, at best, contrary to the ISPs customers idea about what makes a good ISP.

Re:Open relays

[Brobock]

Afterall, there isn't much real cost for a bank to bounce a check, but they're allowed to charge so much because a bounced check is a preventable situation that is very annoying... the fee is there mostly to discurage people from trying to write a bad check.

The problem with this is that if I cash a check and the other person didn't have the funds, I have to pay for the bounced check as well as you. I have been charged $5 for attempting to cash a check that bounced. I wouldn't say preventable

Re:hate to point out the obvious...

[Tatarize]

You overlook some of the more obvious effects of this policy. Basicly if I disliked you, and you had a fairly important hotmail account... It would become trivial to mess with you out of spite.

Many people use their email accounts for very critical information or personal correspondence. Getting them shutdown because somebody said it was used for spam is wrong.

Another thing. What if spammers took to spamming the support mail with huge amounts of this account used for spamming messages while using some accounts for spamming. Backlogging the folks while raising heck on the side. The more you think about any solution to spam the more you think of ways around it, if you were a spammer.

One problem

[Apreche]

The one problem I see is this. You get virussed and your pc starts spamming. You get cut off. Good, that's what you deserve. Your ISP will reconnect you , but if you send spam again you get cut off again. How can you clean out your pc without downloading some cleaning software from the net?

This pretty much forces users to take one of 4 paths
1) reinstall
2) buy software at the store
3) switch to linux (same as 1 really)
4) find another net connected computer

4 is easy for people like /.ers, but almost impossible for average folk, like my parents. 2 really shouldn't be encouraged, ever. 1 and 3 are daunting tasks for the average person also. So what your really doing by cutting them off is permanently cutting them off.

I think what has to be done is this. Don't cut them off entirely. Just force them to a page hosted by your ISP that helps them fix their problem. Provide some cleaning software. Maybe some harsh informative words. You know, that sort of thing. Until they fix up just route all the mail they spew out to /dev/null.

Intelligent application is a good idea

Inteligent application of this type of idea is a good thing. There are a number of ways of doing things that can limit the impact on legitimate users. Personally I've done support for isp's in the past and seen some good ideas from them.

Port 25- I know there are gonna be people who will scream that they need to use port 25 to send out mails from other servers but 99% of the people out there have no clue and they are the problem. One ISP I supported blocked port 25 by default on the account but once the account had been active for a month you could call in and get it unblocked. Inconvinent for some new customers but effective at blocking spam coming from machines on thier network.

An article I read on slashdot before said that comcast? was looking at changing the cable modem's config, routing table basically, so that the only server on port 25 they could access was comcasts if they suspected a zombied machine. Another good way of doing things. For your typical zombied user out there they probably won't even notice the difference but the spam will be cut off.

General idea is allow those who know what they are doing and how to do it properly access to the things they need but prevent the uninformed's computer from being abused by like they are now. I'm sure there are any other number of combinations and good ideas out there too besides these 2

Re:Open relays

[Jim_Maryland]

I don't know about charging the reconnect fee to the customer in all cases. If a security flaw in your system allows your system to be compromised, is it really the end users fault? If the user chooses not to impliment patches, then maybe your proposal would work, but maybe a user doesn't impliment a patches because an application they use hasn't been certified to work with a particular patch.

While $35-$50 isn't much of a reconnect fee, disconnecting probably shouldn't be the first step. Ideally the process would go something like this:

ISP notices a lot of email generated from your node.

Emails registered address inquiring if the volume of email (send statistics) is known to the user.

User responds to confirm they are legitimately sending the volume of email or they respond that they are unaware of the volume.

NOTE: If user does not respond, follow with registered letter or a phone call to the registered user.

If user resolves the problem (patch/removal) system remains intact. If user is unable to resolve the problem, provide options for resolving it. This may include free support, charged support, or recommendation to other support services (The DC metro area has a company called "Geeks on Call").

If user doesn't resolve the problem within an alloted time period, disconnect them.

Charge a reconnect fee.

Re:hate to point out the obvious...

They're not obligated. But they provide the free service for a reason. They want you to use it because of ad revenue/name recognition/killing the competition/whatever. If they give you crappy customer service you won't use their free service. So it is in their best interest to provide decent customer service.

A problem with deactivating accounts on sight..

[nurb432]

The problem with an ISP ( or email service ) canceling an account due to JUST a complaint is that most e-mail's are spoofed..

If you just take the 'shown' send-from, and complain, you just had an innocent bystander's account wiped...

Re:hate to point out the obvious...

[Moridineas]

If your email is so important to you (I know mine is to me) than dont bitch about free services.

This "Close anyone's Hotmail accont" is OLD NEWS

[antispam_ben]

Read this article from The Register, almost three years old: Verified: you can get anybody you want kicked off Hotmail