Slashdot Mirror
Unplugging Email To Combat Spam
monkeyserver.com writes "from Reuters (via CNN) we hear that 'Consumers who allow their infected computers to send out millions of 'spam' messages could be unplugged from the Internet under a proposal released Tuesday by six large e-mail providers.' They are looking at 100 per hour or 500 per day; this doesn't really sound like a bad idea, though it could cause problems for a few people trying to run companies from their basement..." On the other side of the coin, rastakid writes "It appears that Microsoft is taking its actions against spamming a little bit too far: Hotmail accounts which are suspected of sending spam are closed without a single investigation. This article states that Maariv International registered a new Hotmail account and sent an abuse message about spamming activities from that account, while not a single message was sent from it. Microsoft closed the account immediately, without investigating."
Internet companies should make sure that their equipment has been properly secured so spammers can't route their messages through them
I agree. Open relays, apparently not as common as they used to be, are still a huge source of the spam we intercept. I'd be in favor penalties for open relays (in theory), but how would that be effective, being that a lot of it originates from outside the US?
Sigs cause cancer.
Microsoft closed the account immediately, without investigating.
They own the account! Not to mention, it's a free account...you get what you pay for. Caveat Emptor, Greg...
Was it Patton or Macarthur who said, "Shoot 'em all, and let God sort them out"? Apparently Microsoft has cloned him and he's now running Hotmail!
I'm just curious if you have any rights and how the ever popular Gmail and growing yahoo mail will treat complaints as in my case it was someone upset with something i did claiming spam and not abuse by anymeans worth of terminating a long standing account and prohibiting me from accessing years of archived mail that was lost because of the cancellation.
They did email me i got a free passport account though. Funny i'm terminated but then they try and push something with real potential for abuse and sensitivity
Doesn't this pose a risk for effectively DOS'ing all hotmail users? Just create a script to aggregate Hotmail accounts through google and send complaints? Thats mildly annoying.
--Kevin
... will be affected too. I guess that would probably mean the death of MailMan
As seen on Wired: Get a free desktop PC
Before this gets slashdotted:
Exclusive: Hotmail shuts down "spammers" who don't spam
Complain you got spam from a Hotmail user, and Hotmail's abuse team will shut down their account, no questions asked.
Hotmail.com shuts down Hotmail accounts shortly after receiving complaints about spam being sent from them, without checking if the user has actually sent spam, NRG Maariv has learned. Thus, malicious users can cause the shutting down of accounts, as an act of revenge or just for kicks.
In its haste to fight spam, Hotmail has foregone looking into abuse reports it gets from email users. In three instances documented by NRG Maariv, Hotmail's abuse team shut down Hotmail accounts less than 24 hours after receiving complaints about spam being sent from them, even though the spam mail clearly did not originate from those accounts.
In two of the instances, the spammers spoofed the sender's address so it looked like it was sent from a Hotmail account, while they were actually sent through an Israeli ISP. In both instances, the spoofed accounts were shut down.
The third instance was a test: NRG Maariv opened a new account with Hotmail and sent no email whatsoever from it. Using a different email, we filed a spam complaint, saying it came from the new Hotmail account. Attached were Internet headers from an old spam, where the sender's address was replaced with that of the new account.
Within less than 24 hours, we received a message saying the new account was shut down.
"My name is Claire, and from what I have read in your message, you are complaining about the unsolicited email you received from a Hotmail account", said the message written by Claire C. with MSN Hotmail Technical Support. "I have closed the account you reported in accordance with the Hotmail Terms of Use (TOU). It is a strict violation of the TOU for our members to send objectionable material of any kind or nature using our service".
Trying to log on to the Hotmail account, we found it closed. No explanation was provided, just a laconic message saying "Account Closed. Access Denied". No appeal procedure was mentioned. The account was shut down for good.
Hotmail's public relations representative, Waggener Edstrom, has yet to respond to the story.
It's a bit creepy that somebody was able to register a new Hotmail account, send nothing, and then get it closed by sending a spam complaint. Even the dumbest safety check would have proven the alligation to be false because Microsoft should be able to tell from logs that zero messages were ever sent from the account, so even if that was 100% spam that's still zero spam messages!
The risk of having an account stripped from you because somebody who knows your address falsely accuses you of being a spamer is a bit high to take. Then again, anybody who takes their e-mail seriously shouldn't be on Hotmail anyway...
Even though this is a step in the right direction, all the actions proposed are easily manuvered around. They close a hotmail account, another one is opened. I like the ISP e-mail ban though. Another issue that will most likely develop is anyone who buys webspace has an option to set up a POP3 mailbox. I just finished buying 3 gigs worth of space, and as a bonus I was awarded unlimited POP3 accounts. The price per month of that space wasn't even that expensive (www.hostony.com). I admire these ISPs efforts to stop the spam, but in the end spammers will always find a way around every obstacle implemented to stop their spam.
I gave up on Hotmail a long time ago, not because of spam sent from those accounts, but because any time I opened up a hotmail account, it was immediately deluged by SPAM
The CB App. What's your 20?
Not too sure how I feel about this....
On one hand I applaud the proactive stance of shutting down spammers, but on the other hand I feel that an account should maybe be sent one warning which, if not answered within 1 day or so would then result in account suspension.
Or, you are prevented from sending out any more e-mails until you respond to a "human test" e-mail.
Just my thoughts...
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
I think something like this could work, but not on it's own.
ISPs should send a letter or e-mail to all their customers (i.e.
make sure they get it) stating that they are about to introduce
rate-limiting both from their smtp servers for that IP address/subnet
and from port 25 from the IP(s).
Customers who don't know what this means or who aren't bothered will
ignore it, and will be rate-limited (so they basically won't be
affected since they either a) aren't bothered, or b) aren't heavy
e-mail users).
Customers who know they will be affected or otherwise want to be
rate-unlimited can e-mail the ISP and request the rate be removed.
Perhaps they could be asked to prove they are worthy by describing
what they've done ("I've patched and secured my Windows box, and
my other boxen run BSD and run no mail daemons").
This way, no one has their service unfairly cut back, and unknowledgable
users (those responsible for zombie-Windows systems) will be protected
(or everyone else protected from them..).
This sounds like an excellent idea, although it depends somewhat on how it's implemented. We don't want to make it impossible for people to run mailing lists. ISPs should allow users who need to send larger amounts of mail to request an increase in their quota. It also sounds from the article like they want the ISPs to simply disconnect users who send mail at more than a certain rate, which sounds like an over-reaction; it would make more sense just to bounce mails that go over the quota.
Find free books.
Ok, so what'll happen if you send a message about spam from "abuse@hotmail.com" to "abuse@hotmail.com"???
Anyone care to open a hotmail account and then forge an email to appear to come from that account....just to see what happens?
You mean, like the article says?
Maariv opened a new account with Hotmail and sent no email whatsoever from it. Using a different email, we filed a spam complaint, saying it came from the new Hotmail account. Attached were Internet headers from an old spam, where the sender's address was replaced with that of the new account. Within less than 24 hours, we received a message saying the new account was shut down.
RTFA? Yes, I must be new here...
Slashdot, more repetitive than spam
Really. Those types of machines really are the bane, since Comcast actually started 'doing' something I've seen *nothing* from them. My inbox was empty for the better part of 2-3 weeks, no spam just e-mail. Then yesterday, I start getting a barage of spam from asian open relays. 35 e-mails to 70 spams a day and now it's climbing through the roof, really now. Pop online and I see 207 spams. Gah.
I mean come off it. And you *wonder* why entire asian hosts are blocked. It's because of crap like that, secure your machines or boot the bloody idijits off of them.
I don't care if you are too stupid to figure out *how* to do it, pay someone, call that smart 12 year old who knows how but do it. But bloody well do it.
Om, nomnomnom...
The poster makes the claim that 100 per hour or 500 per day would only cause problems for people running companies from their basements. I heartily disagree. Think of people who run mailing lists from their home servers, these can easily send out more than 500 messages a day. Another example, when I recently got engaged, I sent out an email to a LOT of people. Probably over the course of that first hour after I sent out the original notice I sent out well more than 100 emails. I wasn't doing anything wrong.
The real fact of the matter is that this will do nothing to stem the tide of spam when one considers that most spam is now generated by zombies. Also, don't think they won't just find a way around it. This is like the DMCA, it only stops the honest people.
Fortunately, there has been some movement on SPF.
I suppose I can be happy about that.
My Slashdot account is old enough to drink...
Guess what, the most exploited open relays are running unix/linux variants, either because they are in a country that doesn't care about spam, or because some wannabe system admin-computer geek set up linux and doesn't know how to secure sendmail.
I think the idea of shutting down accounts that send spam, even accidentally, has some merit. What would be ideal would be if you could easily set things up so when a violating account authenticated, they could only read email. That way they would have a good chance of seeing the email message you sent them explaining what had happened, why, and how it could be resolved. But that's probably too complex.
As far as businesses go, just allow businesses who expect to have legitimate needs for more than the baseline to tell you. A slight additional fee would cover the cost to modify the filter parameters for that business.
Free email accounts? Anyone using such an account for a business is just begging for touble.
--
To whomever modded my last post "troll", it was a JOKE, YOU INSENSITIVE CLOD!
Neither.
"Caedite eos! Novit enim Dominus qui sunt eius"
"Slay them all! God will known his own!"
-Abbe Arnaud-Amaury, before the slaughter of Beziers during the Albigensian Crusade
Someday, you're going to die. Get over it.
At least one UK ISP (NTL Cable) started doing this at the time of the Blaster worm to reduce the rate of infection among their subscribers. Machines which were infected and transmitting infected packets were booted off the network and not allowed to reconnect until they were clean. Owners had to contact NTL to get theirconnections unblocked.
As a techy, I ended up cleaning up several machines so their internet-porn deprived owners could feed their fixations. That said, I can't blame NTL for doing this, it was the responsible action and was done at the right time.
I believe that the duty of ISPs to prevent their customers destroying the internet by inadvertent DDOS should be at least as important as the contractual duty to the consumer.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
Dear sir, It pleases me to inform you that in the last one month I have recieved several spam e-mails for the slashdot.org domain, particularly one from a certain CmDrtaco. Please take appropriate action in your spam filters. cc: yahoo.com, hotmail.com, gmail.com Oh, and by the way, I also recieved some from my_competitors_acct@hotmail.com!
___
internet, productivity blog
"...though it could cause problems for a few people trying to run companies from their basement..."
I have a solution for this that I think could really work. I think that by default, people should be limited to a certain number of emails per day, and in order to send more than that ammount, they have to register with their ISP or some central organization. Once the information is verified, the person can send as many emails as they want. Then it would be easier to keep track of possible spammers.
Sure it's not 100% perfect, but it's a possible solution.
So if I email an event notice to my club membership list of 208 addresses, (given freely for this purpose) I'll be labelled a spammer unless I split the mailing up over 3 hours? There are other ways to find spammers besides shear output.
~~~~~
If you throw it, it will come.
Consumers who allow their infected computers to send out millions of "spam" messages could be unplugged from the Internet under a proposal released Tuesday by six large e-mail providers.
Isn't conspiring to restrain trade illegal? Comcast, AOL and others might be opening themselves up to suits from legitimate businesses.
From businesslaw.gov:
"Antitrust laws make it illegal to conspire to restrain trade or commerce in any marketplace, regardless of size."
It's simple: I demand prosecution for torture.
It is attributed to Arnaud-Armaury, the Abbot of Citeaux, and "spiritual advisor" to the Albigensian Crusade.
Pope Innocent III ordered the Albigensian Crusade, to purge southern France of the Cathari heretics. It began in the summer of 1209, with their first target - the town of Beziers. The Catholic faithful in Beziers refused to give up the Catharis among themselves. The crusaders invaded. When Arnaud-Amaury was asked whom to kill he replied "Kill them all. God will know his own." They did. The crusaders slaughtered nearly everyone in town, over 20,000, either burned or clubbed to death. Thus they achieved their goal of killing the estimated 200 heretics who were hiding in the town among the Catholic faithful. The brutal crusade continued on for the next twenty years. Eventually the Catholics devised a new approach for dealing with the remaining Cathari heretics in France. It was called "the Inquisition".
"Only one thing, is impossible for god: to find any sense in any copyright law on the planet." Mark Twain
Back when I was still clueless about spoofing, I sent an abuse complaint to Hotmail about some spam I had received that looked like it came from a hotmail account...
They replied with an explanation of what spoofing was.
Then again, maybe the spoofed hotmail address didnt exist in the first place, so they couldnt shut it down sight unseen as they seem to be doing now.
A lot of people's hijacked systems could have been kept clean were they fully patched:
I've been saying for a while now, if an ISPs sign-up disk had all current Windows service packs and critical patches loaded into it and installed them as part of the setup procedure -"You consent to Windows update patches being applied to your system during install"- then I'm sure a lot of network and support load could be lifted off the ISP and the net as a whole. If they could broker a deal to install Zonealarm or Sygate Personal firewall at the same time even better.
It isn't an unreasonable expectation that a machine connecting to a public network shouldn't have gaping security gaps. In fact, IMO, it is a public duty that it should not.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
It has come to my attention that the email address
[*@hotmail.com] has been sending out large quantities of spam.
Please correct the situation as you see fit.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
My hosting service just emailed me to threaten to pull my account because someone complained about spam from my domain. The service threatens that they'll pull my account if they get another complaint. Basically, their policy is that they don't decide if my email is spam or not, if people complain that I sent spam they just pull the acount.
I have evidence that spam was sent with my email account name forged in the header, but no evidence it actually went through my computers or hosting service. I can't get a hold of an actual copy of the spam, since the hosting service didn't provide one and the several hundred delivery failure messages I received that look like they're for spam didn't include a copy either.
I'm really freaking out about it because my domain contains my portfolio and my email, and I'm job hunting.
...Anyone care to open a hotmail account and then forge an email to appear to come from that account....just to see what happens..,.
Along a similar train of thought, how about creating a new Hotmail account, then from this new account, file a complaint against it regarding spam abuse. Should be interesting to see if they'd shut it down right away, or just what they'd do...
Hope be with ye,
Cyan
The one problem I see is this. You get virussed and your pc starts spamming. You get cut off. Good, that's what you deserve. Your ISP will reconnect you , but if you send spam again you get cut off again. How can you clean out your pc without downloading some cleaning software from the net?
/.ers, but almost impossible for average folk, like my parents. 2 really shouldn't be encouraged, ever. 1 and 3 are daunting tasks for the average person also. So what your really doing by cutting them off is permanently cutting them off.
/dev/null.
This pretty much forces users to take one of 4 paths
1) reinstall
2) buy software at the store
3) switch to linux (same as 1 really)
4) find another net connected computer
4 is easy for people like
I think what has to be done is this. Don't cut them off entirely. Just force them to a page hosted by your ISP that helps them fix their problem. Provide some cleaning software. Maybe some harsh informative words. You know, that sort of thing. Until they fix up just route all the mail they spew out to
The GeekNights podcast is going strong. Listen!
Their attitude is just assinie, and quite frankly shows that they don't know anything abuot how the internet works (hint: anyone can send email claming to be from anyone else. And almost all spam is faked this way)
You do own your own domain, right?
I'm signed up with one-hosting. They dissallow "anything that might get them blacklisted" basicaly, so sending spam or using your page to host a spam-promoted site. But no black-lists will list you for being jo-jobed (the anti-spammer term for whats happening to you).
The worst part of being jo-jobbed is that there's really nothing you can do about it, since you can't track down the offender. And the hundreds of bounce messages you get every day...
autopr0n is like, down and stuff.
Or at least they did when I worked there. I could see 100/hour being an issue for mail lists, but usually 500/day is reasonable and I think that's the only filter they have. One it detects higher than that it blocks port 25. It stays blocked until the user calls in to complain, at which time they get interrogated about mailing lists, viruses, etc. Usually it doesn't get unblocked until they demonstrate that they've gotten updated antivirus etc.
There was that one guy with the legitimate 3000 user mailing list though, he was really annoyed that we weren't going to let him run that.
Introducing the new Occam Fusion! Now with sqrt(-1) fewer blades!
Instead of a complete disconnect, why not redirect all traffic to a proxy that permits connections only to specific anti-virus and update sites, and directs all other web traffic to a page that says "your machine has been quarantined for {spamming|DDoSing|Whatever}, here's what you need to do to fix it..."
.sig
Allow them to reach microsoft update and redhat.com and they're more likely to be able to fix the problem.
-- not a
My mom basically runs a country dance club in my hometown. It has well over 500 members in it. Every month she sends out a newsletter by email to all the members that request it. She's already have had problems with spam. Her ISP's spam protection labeled her address as a spammer so she couln't get these newsletters to anyone for a while. Her dialup ISP seemed be pretty cool about it when she called them, and were able to resolve the problem immediately. But if her ISP would follow the ways of these email providers, it would probably force her to email the newsletter over the course of a few days, which would be really annoying and cause problems. Assuming she doesn't get "unplugged."
I can understand that spamming has got really out of hand, and that something needs to be done about it. But I think the countermeasures might screw other people (like my mom) who are running non-profit orginazations and are sending information on their member's request. It's unfortunate that a handful of people who want to make a few dollars by abusing a system screw over the people who use that system ethically.
Abaddon: An Xbox 360 Indie game
Open relays really are not a problem, anymore. Not that I've seen.
Virtually no mail server will accept an email that is sent from an unknown system, anymore. I had to reconfigure all of my computers on my network to use my ISP's SMTP server, instead of using the one built into my email server, because virtually every site i sent legitimate email to bounced it back saying "we don't accept email from this host" or some such. When I changed to using Comcasts SMTP server, even though i was still using the same address (@blackmagik.dynup.net) for the email, they would all accept.
It's using the computer to get the SMTP server settings, attack the hell out of the ISP's SMTP server. Of course they'll relay your email, you're their customer!
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
Most of the time the end users have no idea of what is going on, and although they paid for the computer and OS and internet connection they are going to be disconnected.
...
Shouldn't the computer vendours and ISPs be much to blame as well? They are in such a rush to sell their products/services that they fail to tell their customers about their responsabilities as computer/internet users. Then they come around and bite them in the ass by unplugging their connection and charging to fix their infected computers.
Ignorance has a price indeed
The problem with an ISP ( or email service ) canceling an account due to JUST a complaint is that most e-mail's are spoofed..
If you just take the 'shown' send-from, and complain, you just had an innocent bystander's account wiped...
---- Booth was a patriot ----
Umm, no. The days when you could send emails from your own SMTP server are long gone now.
First, the cheapest ISPs blocked port 25 entirely, except to their own SMTP server. The idea caught on, and most are blocking port 25.
Now, even with the very good ISPs, you can send mail over port 25, but even major ISPs are using different spam lists like the SORBs DUL, that blocks ALL EMAIL from dynamic IP addresses, bar none.
In the near future, having a static IP and one of the better ISPs won't help still. You'll also need to be running your own DNS server, and provide SPF records.
Frankly, limiting people to 500 emails per day is rather benign compared to all the other measures that have already been taken up to this point. All signs point to the future being even worse for anyone who doesn't want their e-mail service provided by one of the big ISPs.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Go back to February, 1999 and read RFC 2505. See what it says about how securing open relays will work to end spam (it's the RFC that says to secure open relays.)
There are the open relays and there are the ones who abuse them. The ones who abuse them are the spammers, are the criminals. Doncha think maybe a teeny bit of attention might be paid to the criminals? Securing the open relays hasn't ended spam, not since 1999. It's not a means for ending spam. Whacking spammers, on the other hand, has strengths in the "ending spam" category. Bend the effort a little more toward whacking the spammers. In 1999, 2000, it was extremely easy to whack spammes right and left by operting a fake open relay - but few did.
If, someday, you really wish to see spam ended perhaps you'll think about how to hit the spammers and stop trying to blame other victims. Whatever else comes from blaming other victims, it's not productive, not doing much at all to end spam.
If you're already primed to respond with a "oooh, you're a spanked open relay operator" be aware that I have a rude, scornful reply in mind for you. No, I'm not. I'm a person who has bothered to think about spam and open relays and who understands better what to do (unlike, confound it, ASTA.) If ASTA would do MINIMAL research and READ RFC 2505 they might GET A CLUE about how and why securing systems is not a solution. If this is their technical approach to ending spam 5 years after RFC 2505 they are below pathetic - and that's being polite. If you are going to use technical means against spammers then USE TECHNICAL MEANS AGAINST SPAMMERS. Blocking ISPs who might have zombie systems isn't a solution to spam, isn't an action taken against spammers. Contact the ISP, tell them to find out where the abuse originates, and then themselves contact the ISP where it does originate (it could be coming from an open proxy, or even a zombie.) What in tarnation do people think "technical means" are? spam pervades the internet. Does it not seem barely possible that if ISPS would actually LOOK at the traffic they could SEE the abuse?
If Delgado has scared you off (and you're an ISP) ask your freaking lawyer. There are exemptions that allow monitoring traffic and spam traffic being sent by theft of your or your customers' services isn't "communication." It's THEFT.
Read this article from The Register, almost three years old: Verified: you can get anybody you want kicked off Hotmail
Tag lost or not installed.
I've seen this done to my account TWICE already.
The first time happened when I got a trojan after getting caught in a porn spin cycle (joke all you want, I don't care). And yes, I was using Firefox, not IE. Anyway I thought I had eradicated all traces of it until one day that my modem's power light is flashing. I call to see what's up, and they let me know that my comp was sending out spam, and to fix it, and it will be reset. After a reformat and informing them, I was back on.
The second time was four days ago. I have a mailing list of about 800 sim racers who like to receive info on my league yearly, so I sent out mass bcc mails in batches of 100 (I think RR's mail limit is about 120). Well about four hours after this, I needed to send a mail to someone, and I get back an error message upon sending. I look it up at RR's help site and it denoted that my SMTP mailing privileges were suspended for the day for possible spam activity (regular surfing was not suspended).
SPF is a good idea in theory, but it can cause nightmarish problems in some situations.
One of my customers has their website hosted by one company, and their internet access provided by another company. Their email clients were set up to use their ISP's mail servers, rather than their webhost's, but still use their domain name for the outgoing address.
The webhoster implemented SPF, and all of a sudden, they couldn't send emails within the company, because they were coming in from mail.isp.com, as opposed to mail.webhoster.com.
The webhost company's solution was: "Use our mail server."
This would be fine, other than the ISP blocks outgoing port 25 to prevent spam, thereby prohibiting the use of any mail server other than mail.isp.com.
If everybody used the same anti-spam solutions, it would be fine, but they don't, and the mish-mash makes legitimate email very difficult to send sometimes.
"City hall" in German is "Rathaus" Kinda explains a few things......
So get the webhoster (or whoever is hosting the DNS) to set up the SPF record correctly so that the ISP's mail servers are allowed to send email for the customer's domain.
Which brings up another point, the owner of the domain should have 'control' of the DNS (and thus make the decision on whether or not to publish SPF ecords) for their domain.