Slashdot Mirror
Unplugging Email To Combat Spam
monkeyserver.com writes "from Reuters (via CNN) we hear that 'Consumers who allow their infected computers to send out millions of 'spam' messages could be unplugged from the Internet under a proposal released Tuesday by six large e-mail providers.' They are looking at 100 per hour or 500 per day; this doesn't really sound like a bad idea, though it could cause problems for a few people trying to run companies from their basement..." On the other side of the coin, rastakid writes "It appears that Microsoft is taking its actions against spamming a little bit too far: Hotmail accounts which are suspected of sending spam are closed without a single investigation. This article states that Maariv International registered a new Hotmail account and sent an abuse message about spamming activities from that account, while not a single message was sent from it. Microsoft closed the account immediately, without investigating."
Internet companies should make sure that their equipment has been properly secured so spammers can't route their messages through them
I agree. Open relays, apparently not as common as they used to be, are still a huge source of the spam we intercept. I'd be in favor penalties for open relays (in theory), but how would that be effective, being that a lot of it originates from outside the US?
Sigs cause cancer.
I'm just curious if you have any rights and how the ever popular Gmail and growing yahoo mail will treat complaints as in my case it was someone upset with something i did claiming spam and not abuse by anymeans worth of terminating a long standing account and prohibiting me from accessing years of archived mail that was lost because of the cancellation.
They did email me i got a free passport account though. Funny i'm terminated but then they try and push something with real potential for abuse and sensitivity
... will be affected too. I guess that would probably mean the death of MailMan
As seen on Wired: Get a free desktop PC
It's a bit creepy that somebody was able to register a new Hotmail account, send nothing, and then get it closed by sending a spam complaint. Even the dumbest safety check would have proven the alligation to be false because Microsoft should be able to tell from logs that zero messages were ever sent from the account, so even if that was 100% spam that's still zero spam messages!
The risk of having an account stripped from you because somebody who knows your address falsely accuses you of being a spamer is a bit high to take. Then again, anybody who takes their e-mail seriously shouldn't be on Hotmail anyway...
This sounds like an excellent idea, although it depends somewhat on how it's implemented. We don't want to make it impossible for people to run mailing lists. ISPs should allow users who need to send larger amounts of mail to request an increase in their quota. It also sounds from the article like they want the ISPs to simply disconnect users who send mail at more than a certain rate, which sounds like an over-reaction; it would make more sense just to bounce mails that go over the quota.
Find free books.
There may be no monitary value trading hands, but by using a Hotmail account, you're depending on Hotmail to reliably deliver to you messages that have been sent to them marked for final delivery to your account.
If Hotmail breaks that trust too often, then they won't have anybody in their right mind using the service. Oh, wait, anybody who cares about their e-mail has already left...
Guess what, the most exploited open relays are running unix/linux variants, either because they are in a country that doesn't care about spam, or because some wannabe system admin-computer geek set up linux and doesn't know how to secure sendmail.
I think the idea of shutting down accounts that send spam, even accidentally, has some merit. What would be ideal would be if you could easily set things up so when a violating account authenticated, they could only read email. That way they would have a good chance of seeing the email message you sent them explaining what had happened, why, and how it could be resolved. But that's probably too complex.
As far as businesses go, just allow businesses who expect to have legitimate needs for more than the baseline to tell you. A slight additional fee would cover the cost to modify the filter parameters for that business.
Free email accounts? Anyone using such an account for a business is just begging for touble.
--
To whomever modded my last post "troll", it was a JOKE, YOU INSENSITIVE CLOD!
At least one UK ISP (NTL Cable) started doing this at the time of the Blaster worm to reduce the rate of infection among their subscribers. Machines which were infected and transmitting infected packets were booted off the network and not allowed to reconnect until they were clean. Owners had to contact NTL to get theirconnections unblocked.
As a techy, I ended up cleaning up several machines so their internet-porn deprived owners could feed their fixations. That said, I can't blame NTL for doing this, it was the responsible action and was done at the right time.
I believe that the duty of ISPs to prevent their customers destroying the internet by inadvertent DDOS should be at least as important as the contractual duty to the consumer.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
"...though it could cause problems for a few people trying to run companies from their basement..."
I have a solution for this that I think could really work. I think that by default, people should be limited to a certain number of emails per day, and in order to send more than that ammount, they have to register with their ISP or some central organization. Once the information is verified, the person can send as many emails as they want. Then it would be easier to keep track of possible spammers.
Sure it's not 100% perfect, but it's a possible solution.
Was it Patton or Macarthur who said
Interesting question. Apprently neither. The origins of the phrase are much older than I would have previously thought.
Sigs cause cancer.
Consumers who allow their infected computers to send out millions of "spam" messages could be unplugged from the Internet under a proposal released Tuesday by six large e-mail providers.
Isn't conspiring to restrain trade illegal? Comcast, AOL and others might be opening themselves up to suits from legitimate businesses.
From businesslaw.gov:
"Antitrust laws make it illegal to conspire to restrain trade or commerce in any marketplace, regardless of size."
It's simple: I demand prosecution for torture.
Back when I was still clueless about spoofing, I sent an abuse complaint to Hotmail about some spam I had received that looked like it came from a hotmail account...
They replied with an explanation of what spoofing was.
Then again, maybe the spoofed hotmail address didnt exist in the first place, so they couldnt shut it down sight unseen as they seem to be doing now.
You probablary made the mistake of choosing an easy-to-guess name. I bet hsj72_zmfoe_248q@hotmail.com doesn't get any!
Well, until the bad bots read this page, anyway...
I'm scared of numbers that can't be written as a fraction. It's an irrational fear.
My hosting service just emailed me to threaten to pull my account because someone complained about spam from my domain. The service threatens that they'll pull my account if they get another complaint. Basically, their policy is that they don't decide if my email is spam or not, if people complain that I sent spam they just pull the acount.
I have evidence that spam was sent with my email account name forged in the header, but no evidence it actually went through my computers or hosting service. I can't get a hold of an actual copy of the spam, since the hosting service didn't provide one and the several hundred delivery failure messages I received that look like they're for spam didn't include a copy either.
I'm really freaking out about it because my domain contains my portfolio and my email, and I'm job hunting.
You might find it much more effective to put your club calendar on a web page, doesn't have to be any fancier than whatever you email out. All 208 members of your club know to look there for updates.
This approach beats the "spamming out the newsletter to a list" approach, hands down. Especially when your list grows past manageable sizes.
If you want to operate a mailing list for your interest group, there are good ways to go about that. If you want to dissemenate information periodically, there are much more effective ways than email, more reliable, an overall better use of resources, easier to manage, and just plain the right way to do things.
-fb Everything not expressly forbidden is now mandatory.
Instead of a complete disconnect, why not redirect all traffic to a proxy that permits connections only to specific anti-virus and update sites, and directs all other web traffic to a page that says "your machine has been quarantined for {spamming|DDoSing|Whatever}, here's what you need to do to fix it..."
.sig
Allow them to reach microsoft update and redhat.com and they're more likely to be able to fix the problem.
-- not a
My mom basically runs a country dance club in my hometown. It has well over 500 members in it. Every month she sends out a newsletter by email to all the members that request it. She's already have had problems with spam. Her ISP's spam protection labeled her address as a spammer so she couln't get these newsletters to anyone for a while. Her dialup ISP seemed be pretty cool about it when she called them, and were able to resolve the problem immediately. But if her ISP would follow the ways of these email providers, it would probably force her to email the newsletter over the course of a few days, which would be really annoying and cause problems. Assuming she doesn't get "unplugged."
I can understand that spamming has got really out of hand, and that something needs to be done about it. But I think the countermeasures might screw other people (like my mom) who are running non-profit orginazations and are sending information on their member's request. It's unfortunate that a handful of people who want to make a few dollars by abusing a system screw over the people who use that system ethically.
Abaddon: An Xbox 360 Indie game
Open relays really are not a problem, anymore. Not that I've seen.
Virtually no mail server will accept an email that is sent from an unknown system, anymore. I had to reconfigure all of my computers on my network to use my ISP's SMTP server, instead of using the one built into my email server, because virtually every site i sent legitimate email to bounced it back saying "we don't accept email from this host" or some such. When I changed to using Comcasts SMTP server, even though i was still using the same address (@blackmagik.dynup.net) for the email, they would all accept.
It's using the computer to get the SMTP server settings, attack the hell out of the ISP's SMTP server. Of course they'll relay your email, you're their customer!
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
One of my friends runs several email lists from his server, and they generate 600 emails per hour, he claims (I believe it -- each one is incredibly high volume and many people are on several of the lists). These lists help create tribal connections in the San Francisco Bay Area and among many out of staters that spill over into Burning Man and many other events throughout the year.
Killing his email server would do a serious disservice to the needs of hundreds of people who depend on the list to seek advice, provide help, give things away instead of throwing them away, and generally just maintain social and working connections.
Who doesn't hate spam. But sheesh! This is a death sentence comparable to MS killing email accounts without confirmation of the act accused of. Let's not put ourselves in the same boat as Microsoft.
Go back to February, 1999 and read RFC 2505. See what it says about how securing open relays will work to end spam (it's the RFC that says to secure open relays.)
There are the open relays and there are the ones who abuse them. The ones who abuse them are the spammers, are the criminals. Doncha think maybe a teeny bit of attention might be paid to the criminals? Securing the open relays hasn't ended spam, not since 1999. It's not a means for ending spam. Whacking spammers, on the other hand, has strengths in the "ending spam" category. Bend the effort a little more toward whacking the spammers. In 1999, 2000, it was extremely easy to whack spammes right and left by operting a fake open relay - but few did.
If, someday, you really wish to see spam ended perhaps you'll think about how to hit the spammers and stop trying to blame other victims. Whatever else comes from blaming other victims, it's not productive, not doing much at all to end spam.
If you're already primed to respond with a "oooh, you're a spanked open relay operator" be aware that I have a rude, scornful reply in mind for you. No, I'm not. I'm a person who has bothered to think about spam and open relays and who understands better what to do (unlike, confound it, ASTA.) If ASTA would do MINIMAL research and READ RFC 2505 they might GET A CLUE about how and why securing systems is not a solution. If this is their technical approach to ending spam 5 years after RFC 2505 they are below pathetic - and that's being polite. If you are going to use technical means against spammers then USE TECHNICAL MEANS AGAINST SPAMMERS. Blocking ISPs who might have zombie systems isn't a solution to spam, isn't an action taken against spammers. Contact the ISP, tell them to find out where the abuse originates, and then themselves contact the ISP where it does originate (it could be coming from an open proxy, or even a zombie.) What in tarnation do people think "technical means" are? spam pervades the internet. Does it not seem barely possible that if ISPS would actually LOOK at the traffic they could SEE the abuse?
If Delgado has scared you off (and you're an ISP) ask your freaking lawyer. There are exemptions that allow monitoring traffic and spam traffic being sent by theft of your or your customers' services isn't "communication." It's THEFT.
I've seen this done to my account TWICE already.
The first time happened when I got a trojan after getting caught in a porn spin cycle (joke all you want, I don't care). And yes, I was using Firefox, not IE. Anyway I thought I had eradicated all traces of it until one day that my modem's power light is flashing. I call to see what's up, and they let me know that my comp was sending out spam, and to fix it, and it will be reset. After a reformat and informing them, I was back on.
The second time was four days ago. I have a mailing list of about 800 sim racers who like to receive info on my league yearly, so I sent out mass bcc mails in batches of 100 (I think RR's mail limit is about 120). Well about four hours after this, I needed to send a mail to someone, and I get back an error message upon sending. I look it up at RR's help site and it denoted that my SMTP mailing privileges were suspended for the day for possible spam activity (regular surfing was not suspended).
SPF is a good idea in theory, but it can cause nightmarish problems in some situations.
One of my customers has their website hosted by one company, and their internet access provided by another company. Their email clients were set up to use their ISP's mail servers, rather than their webhost's, but still use their domain name for the outgoing address.
The webhoster implemented SPF, and all of a sudden, they couldn't send emails within the company, because they were coming in from mail.isp.com, as opposed to mail.webhoster.com.
The webhost company's solution was: "Use our mail server."
This would be fine, other than the ISP blocks outgoing port 25 to prevent spam, thereby prohibiting the use of any mail server other than mail.isp.com.
If everybody used the same anti-spam solutions, it would be fine, but they don't, and the mish-mash makes legitimate email very difficult to send sometimes.
"City hall" in German is "Rathaus" Kinda explains a few things......