Slashdot Mirror
Spammers' Upend DNS
Saint Aardvark writes "eWeek reports on the latest trick of spammers: getting around DNS-based lookups. By registering a domain *after* the spam goes out advertising it, they can get around blacklists. However, that causes all sorts of problems for ISPs and anti-spam services. Paul Judge, CTO at Ciphertrust, says "Even in large enterprises, it's becoming very common to see a large spam load cripple the DNS infrastructure.""
I never put valid DNS links in my posts.
Until they pass a law that makes it completely legal to kill spammers, the spam problem will not go away.
I'm a big tall mofo.
Thats a nice stunt
How do you combat this? If the e-mail contains an invalid domain name kill it? What about typos?
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Thank goodness we can now register domains and have them active within 30 minutes!
Oh look, my foot's bleeding. Someone must have shot it.
cyn, free software and *nix operating systems enthusiast.
I bet that the barracuda spam blocker would protect against this.
Electrons are free; it is moving them that becomes expensive.
The article goes on to say that some anti-spam applications do as many as 30 dns lookups. This is a design problem with the apps, not with DNS. Do less lookups, minimize the problem. I'd venture that after checking with a few of the major blacklists, you've pretty much hit the point of diminishing return in distinguishing spam/ham.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
And you can define how you want to kill them. Then the spammer's family is sued. Then anybody related to the spammer is shot.
So is the title refering to an "upend DNS" that belongs to spammers? If so, can someone explain what an "upend DNS" is?
Heck I would love it if they would make it fully legal to hack the spammers computer and forcefully remove you name from the list. But because I don't know exactly where my name is on the list I figure that I will just rename all the domains to point themselfs. or there ISP Leader.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
yeah! and make drugs illegal too! that'll teach 'um.
"Nobody owns the fucking words man." - James Dean
Email authentication, or the wholesale abandonment of email as a viable communication platform?
When a DNS query goes to an ISPs DNS server, and the entry does not exist, does it go to the root servers?
Secondly, do invalid domain names get cached (I'm thinking not)?
Item: Sending mail and checking received mail for spam involves DNS lookups. If you send and/or receive a lot of email, you need to do a lot of DNS lookups.
Item: Spammers use nonexistent domains.
Where would we be without eWeek?
I don't get it.
So I send out a million spams, all saying "go to www.stratjaktsmadeupdomainname.com for hot viagra and lower mortgage payments."
The domain doesn't exist, and people click on it, which "cripples" dns because the dns servers have to respond with a "no such domain name" reply?
How does this cripple them? Was DNS not designed to handle fat-fingered domains gracefully?
What happens, do all the requests for my domain get propogated up the chain, is that the crux of the problem? If so, doesn't DNS update like, quite often (several times a day) now? There's no need to kick all requests up to the top, right?
I don't need no instructions to know how to rock!!!!
I don't get it. By advertising a domain that doesn't exist, how are they supposed to sell anything? People get the spam, click the link... and get nothing. What's the point?
this is not meant as any kind of informative post, but every time i read something like this, or receive another spam in my Inbox, i feel a bit of both sadness and anger...
here is a wonderful tool that made communication easy, fast and cheap but is absolutely being ruined by the malicious few with absolutely no morals, ethics or concerns for others.
just like those orphan traders at tsunami disaster areas... i really would like to have a chance to confront these disguisting people and try to make sense of their thought process...
Some anti-spam group should set up a spam filter that looks for domain names, and registers any that it sees that aren't valid. They would point to a web site that politely explains to users how stupid they are for clicking on a link in spam.
I expect spammers would drop that technique quite quickly if that were done.
I know whois would just get ripped a new one but what about a system like that on verifying a domains true existance?
It would have to be a true/false response so it would be fast. No vitals returned just if the domain is really regisitered or not.
DNS time out. Look for in the "quick-whois" for it. It's not there (but whois gave a non-timeout response) drop the message. If they are there (or a "quick-whois" timeout) then queue it like normal.
It's a rough idea and probably not that good of a one; come up with a better one then.
Sounds silly to have to double lookup. Maybe a DNS modification would be better... The query should be able to say if a domain is registered or not they all have at least that record right?
DNS could play a role in beating spam. DNS servers suffering from "spam overload" can see that they're handling a lot of the same lookups, that are overloading them. They could flag their responses back to the isolated SMTP servers that are processing the spams, which can tell that they're all the same message. So the distributed network can identify spams, and at least require the senders to share some of the processing load (through another extension to the SMTP and DNS protocols). A more severe response that might affect mere mass-mailers (different from "spam" because content is either noncommercial, or was solicited by the recipient) would be to report such spam-suspects to blacklist servers, which in turn inform users spam filters.
Having had several mass-mailed (big Cc: lists) urgent messages filtered out by corporate spam filters in the past couple of months, I know we need a much better system. Spam is taking down DNS, blocking SMTP, and, even worse, censoring legitimate message needles in the spam haystack. We need network protocols to get smarter, taking advantage of the distributed intelligence that can kill spam. Can the IETF overcome its interest in perpetuating the spam that pays for so much of the Internet, in leading us out of the spam trap?
--
make install -not war
We need to be going after the spamvertisers, not the spammers. Legislation outlawing spamvertising, with penalties for the advertiser and the spammer, not just the spammer, would be far more effective than merely shooting all spammers. After all, spammers can hide and work from offshore, while the advertiser has to have some way to collect the cash. He can't hide nearly so well.
Yes, there would be joe-jobs, but our legal system is already familiar with the idea of ``framing'' innocent parties, and they know how to deal with it.
On the topic of spam and spammers, I think the fortune at the bottom of the page is wonderfully appropriate:
No one can have a higher opinion of him than I have, and I think he's a dirty little beast. -- W.S. Gilbert .
See what I've been reading.
Why is it modded as Funny?
It should be modded as Insightful.
Bah ! slashdotters... always confusing the interesting with important and necessary with coulda', shoulda', woulda'...
"Doing what i can, with what i have." ~ Burt Gummer
BIND, at least, does negative caching. Surely this means the load on DNS servers due to looking up the non-existent spam domains is minimal.
Also, once the mail server has decided that a bounce reply is undeliverable (because of no DNS records), surely it is going to dump the email immediately, rather than continuning to attempt to deliver it?
So is this a case of SOME brain dead implementaions of DNS and mail servers, or a real problem for all?
The real "Libtards" are the Libertarians!
I hate this new trend! I have to wait until morning until I can order my v!@gra!!!
What happened to the good old days, when I could order B0n3r Juic3 as soon as I got my mail!
The article was posted on Monday and was sent out to those who subscribe to the FREE e-mail newsletter. This not intent as flamebait or a troll so please don't reply with fames; I just wanted to vent and the fact that thissite is usually GREAT at supplying up to the minute information. I guess I'm just upset that I went to the link expect new information and got disappointed with the same article I read Monday.
"It is not my intent to offend, but if offense is taken, the fault lies with the audience." attributed to Patrick Henry
Failed requests (non existent domains) always go to the root servers.
2advanced.net - Business Quality Hosting
Without a domain to check the SPF record of, the mail would never be delivered. Easy.
On the other hand, it could result in far, far more DNS lookups for an organization, but in theory they would never need more DNS capability then they have mail capability.
ReadThe ReflectionEngine, a cyberpunk style n
making something that cannot effectively be controlled illegal does nothing. the value of making something "illegal" comes from being able to hand out effective punishments for the violations, not in the simple act of "labeling" it illegal. something being illegal is hardly a deterrant on its own...
oh wait, that law gets broken frequently too. damn, i guess your political satire fails to stand up to reason.
Only once, then their cached with some sort of default timeout (ie; check again in a few hours), or does this vary from implementation to implementation?
What I'm thinking, is that this is a big problem for (since this is slashdot) Microsoft ActiveDNS 2005, but not for BIND or OSS implementations, which have no such flaws.
Is this the case, or is it an inherent problem that DNS is just a shitty outdated protocol, like SMTP?
Will moving to IPv6 change anything?
I don't need no instructions to know how to rock!!!!
A comment at the bottom of the article holds validity regarding DNS. He says that if a spammer registers the domain, it makes them easier to track down.
I don't think the author of the story quoted people correctly.
From what I learned from DNS, whether the domain exists, or not, the same amount of queeururueeing is done.
M$ wants you to have redundant DNS servers, they get more $$$, you buy more CALs, licenses, and headaches.
Either the journalist drastically misunderstood and misinterpreted what they were told, or one of the people interviewed is launching some magic snake-oil product that'll "solve" this non-existant problem. (Yes, I know exactly what spammers do. That's my job. I know exactly what DNS does, that was my previous job. This article is fiction.)
Slashdot writers (and editors) are still a lot worse than spammers, but their punctuation has some room for improvement.
With Yahoo mail.
I typically get 80 messages a day which the builk mailer always finds. These last 2 or 3 weeks only half the spam is being caught and my mail box is becoming loaded again. I was wondering why the fail rate was going up.
My guess is Yahoo used dns lookups in its anti-spam software.
http://saveie6.com/
If it existed, the first such lookup would get passed up to the root servers, send the right address down, and it would be cached locally, and the next million lookups would get the cached version, with minimal network traffic.
If it doesn't exist, the first lookup goes all the way up to the root server, and so does the second, the third, and the millionth, because you don't want to cache "that doesn't exist", you want to keep trying until it does, so that the instant it exists you get the correct value.
If you did cache "that doesn't exist", you would minimize traffic, but break in the case where a site is legitimately advertised before existing (by a stupid person who hits 'send' before hitting 'register me a domain'); like most protocols, DNS attempts to maintain correctness even when costly, rather than minimizing cost at the expense of correctness.
Spam involves criminal activity (fraud at the least). It involves many people (mail-senders, product suppliers, and some legitimate businesses like credit card processors, banks, and ISPs).
Smells like a Racketerr-Influenced Corrupt Organization to me. Anyone even remotely involved gets a ticket to the proverbial Federal PMITA prison for 20 years, $100k in fines.
These penalties and a wide net are all that can influence spam.
And who wired their brains to think this way? As much as I hate the stuff they do, ya gotta give them credit for being masters of manipulating The System(tm)
"Draco dormiens nunquam titillandus."
Will moving to IPv6 change anything?
Wow. I thought you were pretty retarded in the Apple threads, but this just goes to show that you are a fucking moron. Just stop posting and save everyone the hassle of having to read your tripe.
That's not accurate. An existent domain can be quickly resolved, possibly at the first-level nameserver. A non-existent domain requires upchannel querying all the way up to the TLD root, before deciding the lookup failed. That's a lot of elapsed time, and a lot of extra traffic. And I don't think DNS systems cache "does not exist" lookups, do they? So if an email refers to a non-existent domain 5 times, it could wind up with 5 different time-consuming failed lookups.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Wow. The article itself is ... stunning. On a per-word basis, I don't know where I've seen a higher concentration of misconceptions about DNS.
Most modern MTAs have the ability to reject email purportedly coming from domains that aren't registered. Just as one example, sendmail does this by default. Not registering domain names makes it *much* *easier* for me to avoid spam. I encourage spammers to adopt the practice described in this article.
Moreover, the costs of looking up nonexistant domains is roughly comparable to the costs associated with lookup up existing domains.
Of course, despite the article being worthless, it's still more than enough cause for the /. regulars to get whipped up into a frenzy.
They only need to auto-register the domain once they get > 100 (put apropiate threshold here) enquiries about a non existent domain, point it to a web page telling the user please do not support spam, and, once the domain is registered, the secondary dns servers will be able to cache it as regular, and the spammers won't be able to use it later, because it is already registered.
Then, after a couple of months, the domain could be automagically removed.
While I do agree with you, its not like it would be that hard to track these people down. The very core nature of spamming demands some level of locatability. After all, they're selling products. Just subpoena the names of the people that the penis enlargement pill wholesaler has hired to advertise for them (force their cooperation with the threat of an accessory charge), and then prosecute the spammers into the dirt.
The fact is that spamming for anything practically demands a paper trail - any scam requires a point of sale. The only reason that, if it was illegal, it wasn't prosecuted, is that law enforcement people haven't been told to give a shit yet. There are tons of laws that are not enforced ever, even when police have a case fall in their lap. Many laws are only prosecuted if you confess to or commit in front of a cop.
The problem is that law enforcement needs to have their priorities forceably adjusted from busting pot-dealers and speeders to enforcing crimes that actually hurt people (although I think fighting street violence and large-scale financial crimes rates a damn sight higher than spam).
Hell, hire handful of devoted nerds and accountants onto a police squad and give them access to the resources needed to get search warrants and subpoena computers and you could probably get the evidence thrown together to nail dozens of spammers and scammers in a matter of weeks. Of course, the legal process would be a whole other matter, but still, I'm sure that tracking down scammers isn't that hard if you follow the money trail.
"here is a wonderful tool that made communication easy, fast and cheap but is absolutely being ruined by the malicious few with absolutely no morals, ethics or concerns for others."
Welcome to illegal file trading. The story is basically the "Cold War, tit for tat" that gave us the bomb and MAD, as well as dictatorships. What wonderfull things will the "P2P vs content providers, tit for tat" bring us? How about the "SPAM vs Anti-SPAM, tit for tat"?
Maybe we'll have the hard reality that it's not the technology that needs fixing, but us?
But with the advent of dydns services, hasn't caching all but been reserved for corps?
If a system has a dns expire time set real low, wouldn't it still look up the full domain, even back to the tld?
Just wonderin, still learning ya know.
Thanks
You miss the point of what they're doing.
Spammer sends out email with a link to www.joeblowscompany.com except that domain does not yet exist.
Spam software scans the email for URL's and domain names to check against. It validates the sender as a registered domain (not forged), finds a few more URLs, but they don't exist so it cannot check to see if those domains are known spamvertisers or not.
Mail system delivers the mail, certifying it as 'not spam' as far as it can tell.
Spamvertiser registers the aforementioned domain name, putting their warez up there.
User now has a spam message that could have been caught but wasn't because the spammer knew how the filter worked, found a loophole, and used it to deliver the message.
That is the crux of the problem, not the DNS load. Most spam-detection software is already doing this level of DNS lookups, pounding on the system to validate information. Not much changes there. What does change is that now, instead of being filtered, the messages get through.
How about a deadpool? Set up a website where we can all place a 'bet' on when we expect each spammer to eat it. Eventually, each spammer is worth more dead than alive... Then someone will guess a time that proves to be exactly right (perhaps with some help to ensure it) and earns the pool of thousands or millions of dollars... We just need a way to pay the winner anonymously. I've got a $20 for each person on the ROKSO list ready to go!
You were modded as +5, Funny. I'd submit to the crowd that it should have been +5, Insightful!
One has to ask how useful a "bona fide" email would have been with an invalid link? I can not work up a lot of sympathy for the few clowns who cant be bothered to properly cut/paste a valid URL from a browser.
...but it is a DRY heave. -- me
Another point: If it is coming from a legit SMTP server then they should get a clue from the NDR sent to them when the email is rejected.
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
So why can't spam software be made immune by denying the message if it finds that the URL returns an error message, indicating it doesn't exist?
A blog like any other.
BIND certainly does cache NXDOMAIN ["does not exist"] for some period of time. I am not sure how long though.
The real "Libtards" are the Libertarians!
If we had a wildcard, then all these lookups would resolve! Problem solved
.com.
Let's go ask Network Solutions to add a wildcard to
[the above is a lame attempt at humor]
[or is it--tinfoil hats on -- could it be that NS is behind the article in an attempt to promote the "sitefinder" wildcard entry?]
The real "Libtards" are the Libertarians!
But then again, I use SpamAssassin, which handles this type of thing gracefully. If the DNS tests are taking too long, SA will quit them. This has a throttling effect, so it hasn't hosed my DNS server.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
IPv6 uses a different DNS system, dopey.
Standard IANAL disclaimer, but:
Couldn't the spammers be sued for causing what amounts to a DOS attack on the recipient mailserver?
Also, if sexual predators and hackers can be barred from going online, and if corrupt executives can be barred from acting as corporate directors, why can't judges ban unrepentant spammers from going online, or carrying on an internet related business? (And extradited if they subsequently set up shop offshore)
My rights don't need management.
The spammers could easily step up the pace and cost them a considerable amount.
I've been randomly experiencing some issues with phantom emails sent to my domain. People swear up and down that they sent me an email (sometimes a reply to an email I sent) and I don't recieve it. Futhermore they don't receive an undeliverable or waiting for delivery response. I've checked spam filters - everything I can think of. The evidence is that the email is getting dropped somewhere in the chain. Could overloaded DNS servers on either end be causing this issue? BTW - I'm not using my domain to send SPAM. No really, I'm not, I SWEAR! -- Rock and Roll ain't no riddle man...
That is the crux of the problem, not the DNS load.
Then why is the article suggesting that spam is bringing DNS to it's knees and the sky is falling?
Sounds like a problem with the spam filter.
If the spam filter encounters an non-existent domain, then IT should cache it, and not bother DNS with subsequent requests. If it delivers it fine, the user marks it as spam, and bayesian algorithm doesn't allow "stratjaktshotsexviagramortgagesite.com" again.
I don't need no instructions to know how to rock!!!!
Why can't spam software be made immune by denying the message if it finds that the URL returns an error message, indicating it doesn't exist? If it finds a web site doesn't exist (and I'm not referring to the domain, but the actual URL, in its entirety), it should simply reject it. Does this not make sense?
A blog like any other.
Actually, it appears likely that the article is getting the wrong end of the stick entirely, confusing WHOIS and DNS. more details...
in the case where a site is legitimately advertised before existing (by a stupid person who hits 'send' before hitting 'register me a domain')
That's not a problem, a site that doesn't exist yet is not "legitimately advertised".
BIND caches misses.
It sounds to me like the spam filter should be doing the caching though, not DNS.
I don't need no instructions to know how to rock!!!!
you had me at #!
Incidentally, any "domain hiding" service which assists a spammer could find themselves liable under the "conspiracy" clause in the CAN-SPAM act. CAN-SPAM is weak on spamming but tough on identity forgery.
From the spamhaus website:
"it's suprisingly easy to shut down a spammer..."
Well you know how the old saying....
Easy come, easy goes.
Tricks like this just show how naive steve linford is...
The invalid link may be a link to an internal website. For instance http://wiki.local./ is valid in the office but invalid outside the firewall.
Jeff
ipv6 is my vpn
Right...so when you leave your Windows box wide open on the internet, and someone installs a spamming trojan, do you get to go to prison? Because I think we already have enough problems with prison overcrowding.
spam lists on cd-r, must be able to physically destroy their system and storage media....
It will work even better when it becomes illegal NOT to kill a spamer.
beat the spammers to death, and then sue the family for the cost of the bat used to beat them with.
this was dont in blackadder iirc (UK comedy), where some french people had to pay for their own relatives execution
Register the domain they are using and they will be forging messages.
When over 30% of people in the United States have murdered someone at least once in their lifetime, and 10% have murdered someone in the last month, and they are willing to admit this to a cold-calling phone researcher, your counter argument will make more sense.
Jerry
Too bad DNS does have the ability to offer different caches for positive vs. negative pools. The the hit rate for positives wouldn't be affected by negatives.
DBs allow a DBA to define different memory areas for different tables/structures/etc so why not DNS?
Non illegemati carborundum est!
Spammers are not "up-ending" the DNS, they're simply causing poorly designed anti spam systems to consume inordinate resources as a result of their naive assumption that DNS lookups don't need to be managed intelligently. I'm sure this is something that the anti spam vendors are looking at, but probably not something that will be fixed soon, since it's really quite a difficult problem to address.
Interestingly enough the same technique can be used against spammers. Take a look at what these guys are doing -- the site's content a bit slim but it looks like they're using a kind of DNS aliasing that could really hurt spammers in much the same way. I imagine techniques like these that operate at the DNS level are the next step in the evolution of anti spam.
Well, for positive caching at least the cache time is defined by the data received (the TTL), not by the nameserver (or at least that's the way the RFC is written -- some ISP's run broken nameservers that ignore TTLs)
For negative caching, I think is is the same, there is a TTL for ".com" (and other TLDs) and this TTL defines how long the negative hits should be cached.
The real "Libtards" are the Libertarians!
The article is just wrong, and there's a feedback post on the same page that explains why very well. (Although, what's with the stupid formatting?)
Remove the load of the estimated 80% spam that ALL mail servers currently deal with, replace it with authentication for email claiming to be from said server... Something tells me there isn't going to be a performance loss.
The fact of the matter is that the American correction system is quite nice to people. Things would change if we had public floggings and hung murders, rapist and child pornographers. Murder is only a 7-10 year sentence around here. We give our criminals cable TV! Prison should be like military boot camp. Hard physical labor, no free time, and because I do believe in paying your debt and reform, schooling to teach and educate so the person can get a job and make a contribution to the society they have harmed. BTW, I am not in anyway a 1) Republican, 2) Born-again Christian. I just think it is time we start forcing people to be RESPONSIBLE for their actions. All this touching feeling shit is killing me. Oh, there should be less stupid laws - the drug and prostitution laws need to. Legalize and regulate.
And spammer should still be shot. If you kill a few I will bet spamming would stop.
The DNS queries are to verify the domain that sent the message is valid. It's not a system to query every URL that shows up in the content of the email.
who removed your sense of humour? they did a bang-up job
You completely missed the point. It isn't a matter of ANY penalty being effective, it's a matter of removing the causes. The spammer makes money, that is the root of the problem. Why does he make money? How do I stop SPAM from making money. hmm. ponder that and you may find the answer. Making prison harsher is not going to solve anything. making prison the answer OBVIOUSLY doesn't solve anything. Removing a person from society doesn't fix the problem with the society to begin with. It's a fantasy that taking away the person who took advantage of a problem fixes the problem is downright moronic! Fix the damned problem and the issue is closed. Gosh, at what point are we going to start applying common sense to these type of issues and stop throwing incarceration and penalties at them. It's so stupid and the greater majority of the people can't see it. I feel like we live in the stone ages, but we just got a bunch of cool stuff to get us through it. God forbid we should change anything because we know a better way, we have always done it this way whether it works or not. It's so frustrating. I am not opposed to make laws and regulating, but the 'punishment' for breaking those laws is simply ridiculous. Once we see that we have an issue. Pass the laws in a necessary fashion to remove the cause of the problem, not to remove the effect of the problem. that's trying to backend the issue and that never works.
The blacklists we have been using for a long time -- SPEWS, Spamhaus, CBL, SORBS do work on DNS and they continue to work fine whether or not the spammer registers a domain after the spamrun. These blacklists work by looking up the connecting IP address that is sending mail, and that IP address can not be forged in TCP/IP. Whether or not the mail body contains IPs or domain names that are invalid or not, forged, etc is an auxiliary issue. Most spam can be blocked at the entrance point, the mail transfer (SMTP).
This isn't a popular view these days, but it's always been generally accepted that their are bad people. Not people who are inwardly good but act poorly, but genuinely bad people. One relatively modern name giving to such people is "sociopaths". They have no regard for other people, if they even see other people as fellow human beings at all.
These people have always existed, and to them the idea of whether a certain profitable action is moral is moot, because morality doesn't really have a place in their worldview. As long as their are sociopaths (or Bad People), there will be spam, orphan traders, and personal injury lawyers. Do not try to understand their thought process. First, it's usually amazingly simple ("What course of action will benefit me the most?") and you'll get all tied up in trying to find a hidden meaning in their rather straightforward behavior. Second, you really don't want to go there - seriously.
Dewey, what part of this looks like authorities should be involved?
Luckily people like you aren't in power and there are checks and balances to ensure people like you cannot use your power to the extent you would.
I detest anyone who attempts to tell me how to behave and that there is one way that people should be socialized into society. You'll get a gun in your face before you force me to conform to your methods.
to abandon email due to spam. Those worst hit own email servers but cant or aren't willing to invest in antispam technology.
By: Sir Old News
W/S: recycledbits.job
Then why is the article suggesting that spam is bringing DNS to it's knees and the sky is falling?
Because it's the spam which caused us to implement spam-filters and doing all kind of nifty technical solutions against a (anti)social problem.
bash$
GO Away, Troll
I'm sorry but I do not think that making prison something like a Nazi work camp will lower crime. Most people do not think that they will be caught when committing a crime. If you want something to rehabilitate criminals do not send them to "criminal school". Instead it might be a nice idea to legalize LSD-imprinting reversal research started by Timothy Leary. He had an over 80% success rate before the US government stepped in and stopped his criminal actions....
Think for yourself, question authority
And you have missed the point as well. Even assuming that the negative result is cached, that is still per cache. So although you DO reduce the load somewhat (tho chances are, the negative is being cached already) you are forgetting breadth. You still have this spam sent to 10million email addrs, and to say 100,000 domains.
Say there is an average of 2 domains per MX server (number pulled out of ass. however it is probably reasonable), you now have 50,000 requests. per mailing.
And these requests will likely all be made over a one hour, mebbe two hour period. Which doesn't sound so bad. But now consider the following.
Now add in the fact that there are, say, 1000 of these emails sent out with different domains. You now have 50million requests.
Which probably will have a spread of (for example, this is another number pulled out of ass) maybe 6 hours.
True, this might not be so bad, but it certainly is not good. and you certainly didn't remember this problem. Depth isn't our only concern, but also breadth.
I'm going to hate myself for asking this but how can you murder someone more than once? You'd think once would be enough.
I think it's really sad to refer to Users as Losers. It's very disrespectful and ignores that fact that just because you have to use a computer does not mean that you should have to be a computer professional and monitor Slashdot 24/7.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Why would that take more, and what's wrong with the design?
How about finding indivudal spammers and their homes and attaching, with a dagger, to their door, a recently dead chicken and a suitable, neatly handwritten message?
C'mon: They gotta live somewhere.
Surely as long as the mailserver can see internal DNS the domain would still resolve though?
How many people can read hex if only you and dead people can read hex?
"hile I do agree with you, its not like it would be that hard to track these people down. The very core nature of spamming demands some level of locatability. After all, they're selling products. Just subpoena the names of the people that the penis enlargement pill wholesaler has hired to advertise for them (force their cooperation with the threat of an accessory charge), and then prosecute the spammers into the dirt."
Prosecute them with what? Commiting legal mail based advertising?
Prosecuting them once caught is why we want it illegal.
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
'Funny that you would read it that way!
And, praytell, how does your mail server see my internal DNS server?
"I'm not impatient. I just hate waiting." - My Dad
So much legislation focuses on the spammers, but it seems to me that's a pointless target. Spammers spam because of the response they get. It means there's a small group of idiots out there that respond to the spam and make it all worthwhile. Why not make it illegal to respond to SPAM e-mail? A misdemeanor, perhaps.
Think of a prostitution sting. Your ISP is getting tired of SPAM, it simply sets up a filter that redirects the URLs in a randome percentage of identified SPAMs (which are passed on to the recipient) to the authorities who then fine / publish names of the "Johns". Certainly, this tactic hasn't gotten rid of prostitution, but for spam it ought to work (because proactively seeking out the things in a SPAM and sellikng the things would still be legal, just not the response to the spam).
In the US, there's plenty of precedent for such legislation...
I'd almost like to see sitefinder return, simply to be /.'ed. Network Solutions deserves to drop off the face of the earth.
I use Macs to up my productivity, so up yours Microsoft!
After I did a quick RTFA, some guy claiming to be behind www.dnsstuff.com. The commenter is basically saying the article got it dead wrong. link [eweek.com]
No they don't. In the example given, the DNS cache performing the query will not need to query the root servers since it almost certainly has the address of the authoritative server for the com. top level domain cached. It will query this server, which will return NXDOMAIN. The only time the top root servers need to be queried is if the top level component of the domain (com, org, uk, etc) doesn't exist or if the cached SOA record for that domain has exceeded its TTL.
I am TheRaven on Soylent News
I agree spam is a large nusiance and a time and money waster for our economy, but prison time for the offense seems quite extreme to me. Stealing your television, raping your wife, killing your kids, those are prison offenses. I think we are going overboard.
OpenBSD's spamd will initially reject all mail from previously unknown sources. It will only permit access to sendmail after an attempt at redelivery. This has brought my spam load down to about zero.
Unless a spammer using the above trick attempted redelivery (which is unlikely), it would not cause a DNS flood.
spamd is only one of a great many reasons to consider OpenBSD on your critical servers.
Hot. Pokers. In. The. Eyes.
Explain, please, how the word Spammers is possessive in the title?
All this reverse crap means nothing.
We need to push SPF or something else forward so people are required to do work in order to send an email.
This makes the from address mean something, and harder to spoof.
Now spammers can register a valid email server, but then they have a place to be tracked to. If they are offshore we could do something about that.
Speaking of which, being able to categorize my mail by country would help alot.
Is there a standard for the mail servers to give their clients IP information about the server that delivered the message? This would help alot.
It's not my mailserver which does the filtering. It should only be the terminating server which does any form of filtering, ergo the one on the corporate network.
How many people can read hex if only you and dead people can read hex?
1. Recieve spam with unregistered domain name
2. Register domain name *before* the spammer does
3. ????
4. Profit
Also part of the problem is that if you send out a few million spams with links to www.stratjaktsmadeupdomainname.com most of the virus filters that this will pass thru will do a lookup on the domain, since it does not exist it wont be listed in any bind caches for you local dns server, they then have to query their parent servers (all the way back to the root servers)
... plus a few more for the people that click on the emails... since it will have to try and load the images in the email, etc.
say your typical poorly written spam program checks all the links (and for easy math you have 10 links in your spam)
10,000,000 emails x 10 links = 100,000,000 dns lookups
Its a nasty problem, since the first 100,000,000 hits would occure within a short period of time.
In short DNS can handle fat-fingered mistakes, just not on this scale...
Those rules don't get hit much (really not at all), because I moved them below my spamhaus check. But if messages get through that check now, I'm sure that those reject rules will catch most of the cruft.
And of course spamassassin then analyzes what gets through all of that.
This would be a fairly definitive measure... Instead of guessing the veracity of the content of a message, we would instead verify the physical origin of the message. While I concede that there will almost certainly be some sort of attempt at circumvention, it's a hell of a lot more difficult to get around then your average bayesian filter (which is the best thing going next to black/whitelists IMO).
We're talking about a fundamentally different approach here, treating the cause (unsecure, unverified protocol) instead of the symptom (spammers taking advantage of said protocol).
I understand your point. I just do not always agree with it. People are dumb, and some will buy stuff from spammers. So do we pass a law to make that a 10-15 year sentence? How do we fix the root cause of spam? Get rid of profit or money. If you want to make someone think twice about doing something you need to make the punishment not work the reward.
As to removing the cause, sure make drugs legal, I am in favor of that. That would solve a few issues. But at the end of the day, there will always be people that want more then they have. You cannot fix that. Communisim is a great idea except is it 100% against human nature and does not work. Tell me how do you fix the root cause of bank robbery? Or someone that likes to rape? You cannot.
We need to teach responsiblity for ones actions - and the punshment for not being responsible should be harsh.
If you can solve the problems like you talked about you are a smarter man they everyone else that has been trying since the dawn of time. Me, I am just trying to be realistic.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I understand that in China, prisoners' families are billed for the bullets used to execute them.
Why yes, I AM a rocket scientist!
Hum, don't remeber telling you how to behave, except for maybe asking for you to be responsible for you actions. If you are not willing to do that then I hope someone cuts your life short before you hurt someone else. I am a compete libertarian. You can do whatever the fuck you want as long as it does not mess with my right to do whatever the hell I want.
The key to a peacefull world is personal responsiblity on everyone part.
I think you missed the point.
Say we both work for some company X, and we use a server that is within the firewall and called foo.local
I am at home, and the e-mail I read at home is a@isp and not a@corporate.
You want to send me an urgent message to log onto the company VPN and check out something on foo.local, but I have to send it to a@isp.
The @isp mail server can't resolve foo.local and will therefore drop the message, meaning I will never get your message.
There are times when you want to send e-mail about internal domains to e-mail addresses residing outside of the domain, where the MX server at the end of the line cannot resolve the internal domain, but the person reading the e-mail can (through access to the internal servers).
Then it would fark any email in which somebody mistyped a URL, or if it interprets something as a url and it comes up invalid.
Could be as bad as if I wrote "I'll meet you 8pm@work." It might interpret the 8pm@work as an email address and scan for valid domain. Or I might just have a typo such as http://www.slahsdot.org which would also bork an email. Perhaps even a domain that isn't in DNS (one specific though a local shared HOSTS file)
Remember, antispam is not only designed to crapfilter out spam, it should be priority to allowing legitimate emails.
you need to kill anyone who buys any product or service advertised with spam. Without a market, spammers are out of business.
"National Security is the chief cause of national insecurity." - Celine's First Law
I know the, flamebait mods' get thrown; around when slash:dot users' give the editors' crap but c'mon guys'! Do your freakin jobs'!(_
Yes, my only tool is a hammer. And you're starting to look like a nail.
... the slashdot editors'!
I am no longer wasting my time with slashdot
What mail server even allows mail from unknown/unregistered domains? Isn't that, like, one of the most basic anti-UCE checks? I hope spammers employ this tactic because I know my mail gateways will drop all of the spam.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
I think it has something to do with finding the top halves of the people sending me all those Cialis ads.
Been seeing something like this for a while in my blog's comment spam: an apparently innocuous note with a URL that looks like the author's name (maybe something like "http://joeshmoe.com"). The URLs go nowhere. I'm sure they get redirected to pr0n and veye-ah-gra sites a few days after posting.
This is my post. There are many others like it. If you don't like what you read here, go try one of the others.
When you've got companies spending millions of dollars a year on extra equipment to deal with the spam problem, you've gone beyond being a "large nuisance."
And this is WITH the horribly lenient joke law that is "CAN-SPAM".
" Until they pass a law that makes it completely legal to kill spammers, the spam problem will not go away."
Ah no- that would only make it worse= the ones left alive would know that you were still there to annoy.
befuddled (noun) 1. Unable to create a pithy sig
Bollocks. Find individual spammers and attach them, with a dagger, to a chicken. Then slip a note into the spammer's mailbox indicating where where the family can pick up the remains along with their last free meal.
All depends on the DNS server. Note most DNS servers have set able limits on valid and invalid DNS cache. So spamming a DNS cache correctly setup spamming random crap does not work because it does not effect the number of vaild sites stored in the DNS server just fills the invalid section. Default on a lot is 0 for invalid but it can be set higher note with users using spam filter programs it is a good idea to set this higher due to caused load from doing not required lookups.
Yes, let's not criminalize spamming, because clearly organized crime enforcement over the past few decades hasn't stopped organized crime.
Oh crap, I forgot, organized crime has been forced so far into a corner that the average city dweller's only interaction with an organized crime figure involves a TV. Well, that or eBay.
Why not simply enact appropriate fines & terms based on the negative impact a person's actions have on society
If you simply put a new system in place, the spammers will find a end-run around the new system. So we'll just keep rolling out new system after new system until they give up?
These antisocial types are always going to exist. They will always find a way to scam people out of money. All you can do is make them live under a rock because their actions carry real world penalties.
They won't be buying nuclear bunkers from the government and running servers from them. They won't be buying large houses in ritzy sections of town and putting servers in their basement. They'll be forced to maintain a low profile.
Hey, ISPs! Download dspam!
Don't thank God, thank a doctor!
Joe Llywelyn Griffith Blakesley
[This post is in the public domain (copyright-free) unless otherwise stated]
i mean that personally, fuck you. if you've spammed once, or many times i already dislike you as a person.
http://shit.slashdot.org/article.pl?sid=05/01/13/1 721203
Try a different parser...
To reasonably compare drug laws to murder laws, as the previous poster did, 30% of the people in the United States would have to have committed at least one murder in their lives. 10% of the people in the United States would have to have committed at least one murder in the last month. And they would have to care so little about breaking the laws against murder that they'd be willing to let a federal researcher (NIDA, in the case of drug laws) know.
Unless and until those numbers are true, the comparison to murder laws makes no sense.
Jerry
With Rendezvous on macinosh, it normally comes up with names such as 'jeffs-computer.local.' with the extra dot, and it works. What is the specific standard for HTTP URL's and the extra dot?
--jeff++
ipv6 is my vpn
Sophos PureMessage is not (and never was) vulnerable to this trick. That is because it works off URI's rather than IP addresses.
The above post is by Ken Simpson (aka President Simpson) of mailchannels.com
http://mailchannels.blogspot.com/
Just subpoena the names of the people that the penis enlargement pill wholesaler has hired to advertise for them (force their cooperation with the threat of an accessory charge), and then prosecute the spammers into the dirt.
No, that's wrong. What you need is to follow the money trail to the people who are benefiting from the spam. That is, those who commission it.
If you make spamming a misdemeanour offence, but receiving income from the activities of spammers a criminal offence, just as receiving stolen goods warrants a more severe punishment than theft, then you will begin to have an effect.
It is not the idiots who buy from spammers you have to control. It is not the senders of bulk email you have to control (although I'd like to see some serious jail time for them, sending spam is too easy, and there will always be more who'll do it). It is the companies that pay for the spam and which derive the most benefit from the spam that must be charged and severely punished.
"I've got more toys than Teruhisa Kitahara."
SPAM should be considered crime against humanity. But then, what do you get for this kind of crime? Some media coverage at most.
Joe Llywelyn Griffith Blakesley
[This post is in the public domain (copyright-free) unless otherwise stated]
Last login: Thu Jan 13 20:48:21 on ttyp4
Welcome to Darwin!
You have mail.
$ ping clplap.local.
PING clplap.local (192.168.0.96): 56 data bytes
64 bytes from 192.168.0.96: icmp_seq=0 ttl=64 time=0.255 ms
$ links http://clplap.local./~jeffk/
My original point is that urls with local intranet domains in this form would break mail scanners that checked for valid urls in emails. Hell, even when I email a friend something like: "Your router admin page is accessible via http://192.168.32.1/ " would end up getting filtered as spam!
--jeff++
ipv6 is my vpn
But what happens if someone who sees the spam happens to register the domain first - the spammer would be SOL.
Thanks for the alert by AC about the astroturfing.
Ken don't be an ass, you have a couple of interesting FOSS things on your site - but it looks like the other stuff is smoke and mirrors that businesses will find awesome but techies would see through.
What really is this DNS/mail voodoo that you are peddling?
I don't proposed removing all jail terms for all crimes, but I just feel that the penalty is stiff only because people irritated by a high level of inconvienience. Granted there are cases where it is justified, but we already have laws that can handle those instances. If irritation is a jailable offense, I don't think you would ever see anyone take a job in the airline industry. We seem to have been running down a road where we need to severely punish people for irritating other people. Take for instance the Road Rage law in New York. If the anger results in an accident or a fatality, I think it may be justified, but people are being charged for getting upset over being issued a speeding ticket. Talk back to the cop and you can be charged with rage. It fits the context of the law as it is written. At what point do we draw a line on the nonsense? I agree with you stance on responsibility and feel strongly that it supports my point more than yours. If people took responsibility for their actions as they should, then we should have to have any laws at all. Perhaps if we made the punishment more reasonably fit the nature of the crime, we could avoi a lot of the criminal element that we breed with our current system.
As far as someone being smarter and finding an answer. That will not work in our society either. Smart people are looked at suspiciously. They have the ability to take advantage of us and we can't see it until it's all over. We don't trust them and therefore we will not listen to any 'plan' they might have to correct the same system that we use to keep them in check. I think there are a lot of smart people out there who understand the problem have better solutions, but understand the high cost we have placed on speaking out. They are smart and will do the smart thing, stay quiet. We are building a system of failure. We have to change that course somewhere along the way, or we will all fail as a whole.
We have a supersized prison population because:
* We can't see the light on the victimless crime of drug consumption and insist on sending people growing pot to prison for 20 years.
* "Tough on crime" legislators have implemented such corrections gems as "3 strikes and you're out" so that a shoplifter who takes 3 items from 3 departments in a store gets nailed with 3 counts of shoplifting and goes to prison for life as a career criminal.
* The same legislators have also implemented manditory sentencing (which the Supreme Court just modified), requiring the above pot grower's wife to be considered a co-conspirator and sent to jail for 20 years, whether she knew he was growing it or not.
NONE Of this makes punishing the organized fraud known as spam some kind of exercise in penalty escalation. Computer hijacking, relay hijacking, falsifying information deceptive advertising, ineffective products, fake products, undelivered products -- at what point is punishing people for stealing wrong? Because someone can sit in their basement and do it on a computer doesn't make it any less impactful or less deserving of punishment.
Criminal punishments involving prison time have to be meted out at least initially so that the people involved won't just chalk up civil fines as the price of doing business and keep doing it.
You're right -- this was astroturfing. Thanks for keeping me honest and I apologize to the greater Slashdot community for having done so.
... where the alias part is a pseudorandom sequence that acts as a shared secret between one or more parties who wish to communicate with each other.
What we have built is an automated system for creating and managing domain-based email aliases. What does "domain-based" mean? Basically this:
Regular Address: username@domain.com
Domain-based Alias: username@alias.domain.com
Because the MX entry for the alias subdomain is consulted each time a message is delivered, it's possible to have a different MX entry for different aliases. In this way, mail traffic can be routed differently at the network level depending on who it originates from.
The use case that has received the most traction so far is to separate customer traffic so that it can be treated more kindly by the spam filter -- or bypass the filter altogether. In this way, you never lose a message from a customer (i.e. no false positives).
We are in the middle of a site update that will explain all. If you're interested, visit http://www.mailchannels.com in a few days' time or watch for a press release.
BTW -- the Apache::SMTP bits are a genuinely cool innovation courtesy of our CTO Will Whittaker. Look out for some articles showing up soon on this topic.
Regards,
Ken
CEO, MailChannels (and convicted Astroturfer)
Amen! Your last point, although valid, lacks any historical presidence of ever taking place. We have rarely ever decreased to penalty for a 'crime' that is on the books, (except for prohibition). It would be wonderful if we had a system that allowed us to reduce a penalty where it was deemed as reasonable, but the basis of our politcal system voids that as a possiblity. Politicians, as a rule, will not lobby their peers for reductions because it always becomes politcal fodder for the re-election process. The sound bite era has made that problem even worse, as it is easy to point a finger in 30 seconds, damned hard to explain why in that same amount of time, and secondly it puts that politician in an imediate defensive position, just where they don't want to be.
Amen! Your last point, although valid, lacks any historical presidence of ever taking place. We have rarely ever decreased to penalty for a 'crime' that is on the books, (except for prohibition).
This really isn't true. Historically cattle rustling and horse stealing were capital offenses. I'd be surprised if a first time cattle rustler even went to jail for more than six months, the same with horse stealing.
Legislators even saw the light to some extent with marijuana decriminalization in the 1970s -- what was once a guaranteed jail sentence for small amounts of pot is now a traffic-ticket offense. Of course this is counterbalanced with the extreme federal sentencing for other aspects of drug posession.
I think what we're seeing today is the beginning of the end of the "tough on crime" initiatives that began in the early 80s as an antitode for the increases in crime in the late 70s. Historically we began "reforming" instead of "punishing" criminals in the 1950s and by the mid-70s the demographics of the baby boom produced a lot of crime and a lot of public outrage at the "revolving door" of the prison system.
By the early 80s, polticians were eagerly lining up to vote on measures that made life without parole a common punishment. When the legislators discovered that judicial sentencing discretion wasn't implementing this mandate, they (temporarily, at least) eliminated this as well and we got to where we are now.
I think that the economic pressures of this are starting to show (if not the lack of rationality). When you jail 1 in 20(?) people, it costs money. A lot of money. Unfortunately we probably still aren't smart enough to figure out that some people SHOULD be jailed for a long time for both retribution and public safety (robbery, rape, assault, murder, kidnapping) and some people really shouldn't (most drug posession charges).
We'll either figure out that permanently jailing a significant portion of the population is at the very least economically untenable or we'll use terrorism and the war on $arbitrary_social_paranoia to just continue sliding into a police state.
I was just in a country that executed rapists. Let me tell you, it doesn't work very well. Basically, it turns every case of attempted rape or rape into a murder because it is so important to the rapist not to be caught.
While I was there, a man nabbed a little girl (10 years old) just down the street from me. She screamed for help, so he stabbed her five times in the chest and ran. Her mother was within earshot, but (obviously) ran to the girl instead of after the man. The little girl died in her mothers arms within seconds, and the man got away.
Isolated incident? No. I asked -- it happens all the time. They have fewer incidents there, but if a woman is attacked, she can pretty much knows she won't live through the experience.