Slashdot Mirror
Spammers' Upend DNS
Saint Aardvark writes "eWeek reports on the latest trick of spammers: getting around DNS-based lookups. By registering a domain *after* the spam goes out advertising it, they can get around blacklists. However, that causes all sorts of problems for ISPs and anti-spam services. Paul Judge, CTO at Ciphertrust, says "Even in large enterprises, it's becoming very common to see a large spam load cripple the DNS infrastructure.""
I never put valid DNS links in my posts.
Until they pass a law that makes it completely legal to kill spammers, the spam problem will not go away.
I'm a big tall mofo.
Thats a nice stunt
How do you combat this? If the e-mail contains an invalid domain name kill it? What about typos?
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
I've always wanted a first post. . . .
Thank goodness we can now register domains and have them active within 30 minutes!
Oh look, my foot's bleeding. Someone must have shot it.
cyn, free software and *nix operating systems enthusiast.
I bet that the barracuda spam blocker would protect against this.
Electrons are free; it is moving them that becomes expensive.
Why dont they just get rid of spam all together. JUST MAKE IT FRIGGEN illegal!!!!! WTF???? #@$#@$#$%#%&%*
The article goes on to say that some anti-spam applications do as many as 30 dns lookups. This is a design problem with the apps, not with DNS. Do less lookups, minimize the problem. I'd venture that after checking with a few of the major blacklists, you've pretty much hit the point of diminishing return in distinguishing spam/ham.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
And you can define how you want to kill them. Then the spammer's family is sued. Then anybody related to the spammer is shot.
So is the title refering to an "upend DNS" that belongs to spammers? If so, can someone explain what an "upend DNS" is?
Heck I would love it if they would make it fully legal to hack the spammers computer and forcefully remove you name from the list. But because I don't know exactly where my name is on the list I figure that I will just rename all the domains to point themselfs. or there ISP Leader.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Email authentication, or the wholesale abandonment of email as a viable communication platform?
"Spammers' Upend DNS"? I think you could certainly do away with the "'".
When a DNS query goes to an ISPs DNS server, and the entry does not exist, does it go to the root servers?
Secondly, do invalid domain names get cached (I'm thinking not)?
gross!
Item: Sending mail and checking received mail for spam involves DNS lookups. If you send and/or receive a lot of email, you need to do a lot of DNS lookups.
Item: Spammers use nonexistent domains.
Where would we be without eWeek?
I don't get it.
So I send out a million spams, all saying "go to www.stratjaktsmadeupdomainname.com for hot viagra and lower mortgage payments."
The domain doesn't exist, and people click on it, which "cripples" dns because the dns servers have to respond with a "no such domain name" reply?
How does this cripple them? Was DNS not designed to handle fat-fingered domains gracefully?
What happens, do all the requests for my domain get propogated up the chain, is that the crux of the problem? If so, doesn't DNS update like, quite often (several times a day) now? There's no need to kick all requests up to the top, right?
I don't need no instructions to know how to rock!!!!
I don't get it. By advertising a domain that doesn't exist, how are they supposed to sell anything? People get the spam, click the link... and get nothing. What's the point?
this is not meant as any kind of informative post, but every time i read something like this, or receive another spam in my Inbox, i feel a bit of both sadness and anger...
here is a wonderful tool that made communication easy, fast and cheap but is absolutely being ruined by the malicious few with absolutely no morals, ethics or concerns for others.
just like those orphan traders at tsunami disaster areas... i really would like to have a chance to confront these disguisting people and try to make sense of their thought process...
Some anti-spam group should set up a spam filter that looks for domain names, and registers any that it sees that aren't valid. They would point to a web site that politely explains to users how stupid they are for clicking on a link in spam.
I expect spammers would drop that technique quite quickly if that were done.
I know whois would just get ripped a new one but what about a system like that on verifying a domains true existance?
It would have to be a true/false response so it would be fast. No vitals returned just if the domain is really regisitered or not.
DNS time out. Look for in the "quick-whois" for it. It's not there (but whois gave a non-timeout response) drop the message. If they are there (or a "quick-whois" timeout) then queue it like normal.
It's a rough idea and probably not that good of a one; come up with a better one then.
Sounds silly to have to double lookup. Maybe a DNS modification would be better... The query should be able to say if a domain is registered or not they all have at least that record right?
DNS could play a role in beating spam. DNS servers suffering from "spam overload" can see that they're handling a lot of the same lookups, that are overloading them. They could flag their responses back to the isolated SMTP servers that are processing the spams, which can tell that they're all the same message. So the distributed network can identify spams, and at least require the senders to share some of the processing load (through another extension to the SMTP and DNS protocols). A more severe response that might affect mere mass-mailers (different from "spam" because content is either noncommercial, or was solicited by the recipient) would be to report such spam-suspects to blacklist servers, which in turn inform users spam filters.
Having had several mass-mailed (big Cc: lists) urgent messages filtered out by corporate spam filters in the past couple of months, I know we need a much better system. Spam is taking down DNS, blocking SMTP, and, even worse, censoring legitimate message needles in the spam haystack. We need network protocols to get smarter, taking advantage of the distributed intelligence that can kill spam. Can the IETF overcome its interest in perpetuating the spam that pays for so much of the Internet, in leading us out of the spam trap?
--
make install -not war
We need to be going after the spamvertisers, not the spammers. Legislation outlawing spamvertising, with penalties for the advertiser and the spammer, not just the spammer, would be far more effective than merely shooting all spammers. After all, spammers can hide and work from offshore, while the advertiser has to have some way to collect the cash. He can't hide nearly so well.
Yes, there would be joe-jobs, but our legal system is already familiar with the idea of ``framing'' innocent parties, and they know how to deal with it.
On the topic of spam and spammers, I think the fortune at the bottom of the page is wonderfully appropriate:
No one can have a higher opinion of him than I have, and I think he's a dirty little beast. -- W.S. Gilbert .
See what I've been reading.
Why is it modded as Funny?
It should be modded as Insightful.
Bah ! slashdotters... always confusing the interesting with important and necessary with coulda', shoulda', woulda'...
"Doing what i can, with what i have." ~ Burt Gummer
BIND, at least, does negative caching. Surely this means the load on DNS servers due to looking up the non-existent spam domains is minimal.
Also, once the mail server has decided that a bounce reply is undeliverable (because of no DNS records), surely it is going to dump the email immediately, rather than continuning to attempt to deliver it?
So is this a case of SOME brain dead implementaions of DNS and mail servers, or a real problem for all?
The real "Libtards" are the Libertarians!
I hate this new trend! I have to wait until morning until I can order my v!@gra!!!
What happened to the good old days, when I could order B0n3r Juic3 as soon as I got my mail!
The article was posted on Monday and was sent out to those who subscribe to the FREE e-mail newsletter. This not intent as flamebait or a troll so please don't reply with fames; I just wanted to vent and the fact that thissite is usually GREAT at supplying up to the minute information. I guess I'm just upset that I went to the link expect new information and got disappointed with the same article I read Monday.
"It is not my intent to offend, but if offense is taken, the fault lies with the audience." attributed to Patrick Henry
Failed requests (non existent domains) always go to the root servers.
2advanced.net - Business Quality Hosting
Without a domain to check the SPF record of, the mail would never be delivered. Easy.
On the other hand, it could result in far, far more DNS lookups for an organization, but in theory they would never need more DNS capability then they have mail capability.
ReadThe ReflectionEngine, a cyberpunk style n
Oh well.
Only once, then their cached with some sort of default timeout (ie; check again in a few hours), or does this vary from implementation to implementation?
What I'm thinking, is that this is a big problem for (since this is slashdot) Microsoft ActiveDNS 2005, but not for BIND or OSS implementations, which have no such flaws.
Is this the case, or is it an inherent problem that DNS is just a shitty outdated protocol, like SMTP?
Will moving to IPv6 change anything?
I don't need no instructions to know how to rock!!!!
A comment at the bottom of the article holds validity regarding DNS. He says that if a spammer registers the domain, it makes them easier to track down.
I don't think the author of the story quoted people correctly.
From what I learned from DNS, whether the domain exists, or not, the same amount of queeururueeing is done.
M$ wants you to have redundant DNS servers, they get more $$$, you buy more CALs, licenses, and headaches.
Either the journalist drastically misunderstood and misinterpreted what they were told, or one of the people interviewed is launching some magic snake-oil product that'll "solve" this non-existant problem. (Yes, I know exactly what spammers do. That's my job. I know exactly what DNS does, that was my previous job. This article is fiction.)
Slashdot writers (and editors) are still a lot worse than spammers, but their punctuation has some room for improvement.
With Yahoo mail.
I typically get 80 messages a day which the builk mailer always finds. These last 2 or 3 weeks only half the spam is being caught and my mail box is becoming loaded again. I was wondering why the fail rate was going up.
My guess is Yahoo used dns lookups in its anti-spam software.
http://saveie6.com/
If it existed, the first such lookup would get passed up to the root servers, send the right address down, and it would be cached locally, and the next million lookups would get the cached version, with minimal network traffic.
If it doesn't exist, the first lookup goes all the way up to the root server, and so does the second, the third, and the millionth, because you don't want to cache "that doesn't exist", you want to keep trying until it does, so that the instant it exists you get the correct value.
If you did cache "that doesn't exist", you would minimize traffic, but break in the case where a site is legitimately advertised before existing (by a stupid person who hits 'send' before hitting 'register me a domain'); like most protocols, DNS attempts to maintain correctness even when costly, rather than minimizing cost at the expense of correctness.
Spam involves criminal activity (fraud at the least). It involves many people (mail-senders, product suppliers, and some legitimate businesses like credit card processors, banks, and ISPs).
Smells like a Racketerr-Influenced Corrupt Organization to me. Anyone even remotely involved gets a ticket to the proverbial Federal PMITA prison for 20 years, $100k in fines.
These penalties and a wide net are all that can influence spam.
And who wired their brains to think this way? As much as I hate the stuff they do, ya gotta give them credit for being masters of manipulating The System(tm)
"Draco dormiens nunquam titillandus."
Will moving to IPv6 change anything?
Wow. I thought you were pretty retarded in the Apple threads, but this just goes to show that you are a fucking moron. Just stop posting and save everyone the hassle of having to read your tripe.
That's not accurate. An existent domain can be quickly resolved, possibly at the first-level nameserver. A non-existent domain requires upchannel querying all the way up to the TLD root, before deciding the lookup failed. That's a lot of elapsed time, and a lot of extra traffic. And I don't think DNS systems cache "does not exist" lookups, do they? So if an email refers to a non-existent domain 5 times, it could wind up with 5 different time-consuming failed lookups.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Wow. The article itself is ... stunning. On a per-word basis, I don't know where I've seen a higher concentration of misconceptions about DNS.
Most modern MTAs have the ability to reject email purportedly coming from domains that aren't registered. Just as one example, sendmail does this by default. Not registering domain names makes it *much* *easier* for me to avoid spam. I encourage spammers to adopt the practice described in this article.
Moreover, the costs of looking up nonexistant domains is roughly comparable to the costs associated with lookup up existing domains.
Of course, despite the article being worthless, it's still more than enough cause for the /. regulars to get whipped up into a frenzy.
They only need to auto-register the domain once they get > 100 (put apropiate threshold here) enquiries about a non existent domain, point it to a web page telling the user please do not support spam, and, once the domain is registered, the secondary dns servers will be able to cache it as regular, and the spammers won't be able to use it later, because it is already registered.
Then, after a couple of months, the domain could be automagically removed.
We should put a bounty on the head of spammers. It should be open season. They should be hunted down and killed. Wasting a spammer should be made legal. They are scum. Oh, please go ahead and mod me down as flame bait or other such. Its not a flame, it is how I really feel about it.
"here is a wonderful tool that made communication easy, fast and cheap but is absolutely being ruined by the malicious few with absolutely no morals, ethics or concerns for others."
Welcome to illegal file trading. The story is basically the "Cold War, tit for tat" that gave us the bomb and MAD, as well as dictatorships. What wonderfull things will the "P2P vs content providers, tit for tat" bring us? How about the "SPAM vs Anti-SPAM, tit for tat"?
Maybe we'll have the hard reality that it's not the technology that needs fixing, but us?
But with the advent of dydns services, hasn't caching all but been reserved for corps?
If a system has a dns expire time set real low, wouldn't it still look up the full domain, even back to the tld?
Just wonderin, still learning ya know.
Thanks
You miss the point of what they're doing.
Spammer sends out email with a link to www.joeblowscompany.com except that domain does not yet exist.
Spam software scans the email for URL's and domain names to check against. It validates the sender as a registered domain (not forged), finds a few more URLs, but they don't exist so it cannot check to see if those domains are known spamvertisers or not.
Mail system delivers the mail, certifying it as 'not spam' as far as it can tell.
Spamvertiser registers the aforementioned domain name, putting their warez up there.
User now has a spam message that could have been caught but wasn't because the spammer knew how the filter worked, found a loophole, and used it to deliver the message.
That is the crux of the problem, not the DNS load. Most spam-detection software is already doing this level of DNS lookups, pounding on the system to validate information. Not much changes there. What does change is that now, instead of being filtered, the messages get through.
How about a deadpool? Set up a website where we can all place a 'bet' on when we expect each spammer to eat it. Eventually, each spammer is worth more dead than alive... Then someone will guess a time that proves to be exactly right (perhaps with some help to ensure it) and earns the pool of thousands or millions of dollars... We just need a way to pay the winner anonymously. I've got a $20 for each person on the ROKSO list ready to go!
You were modded as +5, Funny. I'd submit to the crowd that it should have been +5, Insightful!
One has to ask how useful a "bona fide" email would have been with an invalid link? I can not work up a lot of sympathy for the few clowns who cant be bothered to properly cut/paste a valid URL from a browser.
...but it is a DRY heave. -- me
Another point: If it is coming from a legit SMTP server then they should get a clue from the NDR sent to them when the email is rejected.
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
So why can't spam software be made immune by denying the message if it finds that the URL returns an error message, indicating it doesn't exist?
A blog like any other.
BIND certainly does cache NXDOMAIN ["does not exist"] for some period of time. I am not sure how long though.
The real "Libtards" are the Libertarians!
If we had a wildcard, then all these lookups would resolve! Problem solved
.com.
Let's go ask Network Solutions to add a wildcard to
[the above is a lame attempt at humor]
[or is it--tinfoil hats on -- could it be that NS is behind the article in an attempt to promote the "sitefinder" wildcard entry?]
The real "Libtards" are the Libertarians!
But then again, I use SpamAssassin, which handles this type of thing gracefully. If the DNS tests are taking too long, SA will quit them. This has a throttling effect, so it hasn't hosed my DNS server.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
IPv6 uses a different DNS system, dopey.
Standard IANAL disclaimer, but:
Couldn't the spammers be sued for causing what amounts to a DOS attack on the recipient mailserver?
Also, if sexual predators and hackers can be barred from going online, and if corrupt executives can be barred from acting as corporate directors, why can't judges ban unrepentant spammers from going online, or carrying on an internet related business? (And extradited if they subsequently set up shop offshore)
My rights don't need management.
The spammers could easily step up the pace and cost them a considerable amount.
I've been randomly experiencing some issues with phantom emails sent to my domain. People swear up and down that they sent me an email (sometimes a reply to an email I sent) and I don't recieve it. Futhermore they don't receive an undeliverable or waiting for delivery response. I've checked spam filters - everything I can think of. The evidence is that the email is getting dropped somewhere in the chain. Could overloaded DNS servers on either end be causing this issue? BTW - I'm not using my domain to send SPAM. No really, I'm not, I SWEAR! -- Rock and Roll ain't no riddle man...
That is the crux of the problem, not the DNS load.
Then why is the article suggesting that spam is bringing DNS to it's knees and the sky is falling?
Sounds like a problem with the spam filter.
If the spam filter encounters an non-existent domain, then IT should cache it, and not bother DNS with subsequent requests. If it delivers it fine, the user marks it as spam, and bayesian algorithm doesn't allow "stratjaktshotsexviagramortgagesite.com" again.
I don't need no instructions to know how to rock!!!!
Why can't spam software be made immune by denying the message if it finds that the URL returns an error message, indicating it doesn't exist? If it finds a web site doesn't exist (and I'm not referring to the domain, but the actual URL, in its entirety), it should simply reject it. Does this not make sense?
A blog like any other.
Actually, it appears likely that the article is getting the wrong end of the stick entirely, confusing WHOIS and DNS. more details...
in the case where a site is legitimately advertised before existing (by a stupid person who hits 'send' before hitting 'register me a domain')
That's not a problem, a site that doesn't exist yet is not "legitimately advertised".
BIND caches misses.
It sounds to me like the spam filter should be doing the caching though, not DNS.
I don't need no instructions to know how to rock!!!!
you had me at #!
Incidentally, any "domain hiding" service which assists a spammer could find themselves liable under the "conspiracy" clause in the CAN-SPAM act. CAN-SPAM is weak on spamming but tough on identity forgery.
From the spamhaus website:
"it's suprisingly easy to shut down a spammer..."
Well you know how the old saying....
Easy come, easy goes.
Tricks like this just show how naive steve linford is...
The invalid link may be a link to an internal website. For instance http://wiki.local./ is valid in the office but invalid outside the firewall.
Jeff
ipv6 is my vpn
Right...so when you leave your Windows box wide open on the internet, and someone installs a spamming trojan, do you get to go to prison? Because I think we already have enough problems with prison overcrowding.
spam lists on cd-r, must be able to physically destroy their system and storage media....
It will work even better when it becomes illegal NOT to kill a spamer.
I think you would find that breaking legs would be quite enough...
beat the spammers to death, and then sue the family for the cost of the bat used to beat them with.
this was dont in blackadder iirc (UK comedy), where some french people had to pay for their own relatives execution
Register the domain they are using and they will be forging messages.
Too bad DNS does have the ability to offer different caches for positive vs. negative pools. The the hit rate for positives wouldn't be affected by negatives.
DBs allow a DBA to define different memory areas for different tables/structures/etc so why not DNS?
Non illegemati carborundum est!
Yea! Let's escalate petty crimes to the point that speeding 5 miles over the speed limit has a two year jail term! I think paying bills late should have 90 days in rehab. Sending a check out before you actually have the money in the bank should get 5 to 10 years. We KNOW these things actually bring our society down. We should support absolutism and zero tolerance and eliminate ALL offenders, regardless of whether the offense actually caused any physical damage or not. We all know Land O' Lakes is one of the biggest criminal corporations out there. Heck they make REAL butter! How much does that shorten my life span! Perhaps we should go after the suppliers of the stuff too! Death to all cows! This fantasy that escalation of penalties has any real effect of the what people do is a serious delusion. We prove it to oursleves everyday and yet we refuse to believe the facts that we see in front of us. Incarceration, death, whatever you propose as a penelty is not going to stop the problem. Penelties after the fact that the act has been committed doesn't do ANYTHING. If they did, then our prison population would be going down as we write more laws and penalties along with them, not skyrocketing up as it factually is. Heck we house more of our own population in prisons than any other country in the world. We actually have 30% of the world's prison population here in the US. It doesn't work, it won't ever work, it's stupid to continue going down that road and is extremely frustrating to watch us continue to do it.
Spammers are not "up-ending" the DNS, they're simply causing poorly designed anti spam systems to consume inordinate resources as a result of their naive assumption that DNS lookups don't need to be managed intelligently. I'm sure this is something that the anti spam vendors are looking at, but probably not something that will be fixed soon, since it's really quite a difficult problem to address.
Interestingly enough the same technique can be used against spammers. Take a look at what these guys are doing -- the site's content a bit slim but it looks like they're using a kind of DNS aliasing that could really hurt spammers in much the same way. I imagine techniques like these that operate at the DNS level are the next step in the evolution of anti spam.
Well, for positive caching at least the cache time is defined by the data received (the TTL), not by the nameserver (or at least that's the way the RFC is written -- some ISP's run broken nameservers that ignore TTLs)
For negative caching, I think is is the same, there is a TTL for ".com" (and other TLDs) and this TTL defines how long the negative hits should be cached.
The real "Libtards" are the Libertarians!
The article is just wrong, and there's a feedback post on the same page that explains why very well. (Although, what's with the stupid formatting?)
Remove the load of the estimated 80% spam that ALL mail servers currently deal with, replace it with authentication for email claiming to be from said server... Something tells me there isn't going to be a performance loss.
Yea! Let's escalate petty crimes to the point that speeding 5 miles over the speed limit has a two year jail term! I think paying bills late should have 90 days in rehab. Sending a check out before you actually have the money in the bank should get 5 to 10 years. We KNOW these things actually bring our society down. We should support absolutism and zero tolerance and eliminate ALL offenders, regardless of whether the offense actually caused any physical damage or not. We all know Land O' Lakes is one of the biggest criminal corporations out there. Heck they make REAL butter! How much does that shorten my life span! Perhaps we should go after the suppliers of the stuff too! Death to all cows!
This fantasy that escalation of penalties has any real effect of the what people do is a serious delusion. We prove it to oursleves everyday and yet we refuse to believe the facts that we see in front of us. Incarceration, death, whatever you propose as a penalty is not going to stop the problem. Penalties after the fact that the act has been committed doesn't do ANYTHING. If they did, then our prison population would be going down as we write more laws and penalties along with them, not skyrocketing up as it factually is. Heck we house more of our own population in prisons than any other country in the world. We actually have 30% of the world's prison population here in the US. It doesn't work, it won't ever work, it's stupid to continue going down that road and is extremely frustrating to watch us continue to do it.
The DNS queries are to verify the domain that sent the message is valid. It's not a system to query every URL that shows up in the content of the email.
who removed your sense of humour? they did a bang-up job
The blacklists we have been using for a long time -- SPEWS, Spamhaus, CBL, SORBS do work on DNS and they continue to work fine whether or not the spammer registers a domain after the spamrun. These blacklists work by looking up the connecting IP address that is sending mail, and that IP address can not be forged in TCP/IP. Whether or not the mail body contains IPs or domain names that are invalid or not, forged, etc is an auxiliary issue. Most spam can be blocked at the entrance point, the mail transfer (SMTP).
This isn't a popular view these days, but it's always been generally accepted that their are bad people. Not people who are inwardly good but act poorly, but genuinely bad people. One relatively modern name giving to such people is "sociopaths". They have no regard for other people, if they even see other people as fellow human beings at all.
These people have always existed, and to them the idea of whether a certain profitable action is moral is moot, because morality doesn't really have a place in their worldview. As long as their are sociopaths (or Bad People), there will be spam, orphan traders, and personal injury lawyers. Do not try to understand their thought process. First, it's usually amazingly simple ("What course of action will benefit me the most?") and you'll get all tied up in trying to find a hidden meaning in their rather straightforward behavior. Second, you really don't want to go there - seriously.
Dewey, what part of this looks like authorities should be involved?
to abandon email due to spam. Those worst hit own email servers but cant or aren't willing to invest in antispam technology.
By: Sir Old News
W/S: recycledbits.job
Then why is the article suggesting that spam is bringing DNS to it's knees and the sky is falling?
Because it's the spam which caused us to implement spam-filters and doing all kind of nifty technical solutions against a (anti)social problem.
bash$
GO Away, Troll
And you have missed the point as well. Even assuming that the negative result is cached, that is still per cache. So although you DO reduce the load somewhat (tho chances are, the negative is being cached already) you are forgetting breadth. You still have this spam sent to 10million email addrs, and to say 100,000 domains.
Say there is an average of 2 domains per MX server (number pulled out of ass. however it is probably reasonable), you now have 50,000 requests. per mailing.
And these requests will likely all be made over a one hour, mebbe two hour period. Which doesn't sound so bad. But now consider the following.
Now add in the fact that there are, say, 1000 of these emails sent out with different domains. You now have 50million requests.
Which probably will have a spread of (for example, this is another number pulled out of ass) maybe 6 hours.
True, this might not be so bad, but it certainly is not good. and you certainly didn't remember this problem. Depth isn't our only concern, but also breadth.
I think it's really sad to refer to Users as Losers. It's very disrespectful and ignores that fact that just because you have to use a computer does not mean that you should have to be a computer professional and monitor Slashdot 24/7.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Why would that take more, and what's wrong with the design?
How about finding indivudal spammers and their homes and attaching, with a dagger, to their door, a recently dead chicken and a suitable, neatly handwritten message?
C'mon: They gotta live somewhere.
Surely as long as the mailserver can see internal DNS the domain would still resolve though?
How many people can read hex if only you and dead people can read hex?
'Funny that you would read it that way!
And, praytell, how does your mail server see my internal DNS server?
"I'm not impatient. I just hate waiting." - My Dad
So much legislation focuses on the spammers, but it seems to me that's a pointless target. Spammers spam because of the response they get. It means there's a small group of idiots out there that respond to the spam and make it all worthwhile. Why not make it illegal to respond to SPAM e-mail? A misdemeanor, perhaps.
Think of a prostitution sting. Your ISP is getting tired of SPAM, it simply sets up a filter that redirects the URLs in a randome percentage of identified SPAMs (which are passed on to the recipient) to the authorities who then fine / publish names of the "Johns". Certainly, this tactic hasn't gotten rid of prostitution, but for spam it ought to work (because proactively seeking out the things in a SPAM and sellikng the things would still be legal, just not the response to the spam).
In the US, there's plenty of precedent for such legislation...
I'd almost like to see sitefinder return, simply to be /.'ed. Network Solutions deserves to drop off the face of the earth.
I use Macs to up my productivity, so up yours Microsoft!
After I did a quick RTFA, some guy claiming to be behind www.dnsstuff.com. The commenter is basically saying the article got it dead wrong. link [eweek.com]
No they don't. In the example given, the DNS cache performing the query will not need to query the root servers since it almost certainly has the address of the authoritative server for the com. top level domain cached. It will query this server, which will return NXDOMAIN. The only time the top root servers need to be queried is if the top level component of the domain (com, org, uk, etc) doesn't exist or if the cached SOA record for that domain has exceeded its TTL.
I am TheRaven on Soylent News
I agree spam is a large nusiance and a time and money waster for our economy, but prison time for the offense seems quite extreme to me. Stealing your television, raping your wife, killing your kids, those are prison offenses. I think we are going overboard.
OpenBSD's spamd will initially reject all mail from previously unknown sources. It will only permit access to sendmail after an attempt at redelivery. This has brought my spam load down to about zero.
Unless a spammer using the above trick attempted redelivery (which is unlikely), it would not cause a DNS flood.
spamd is only one of a great many reasons to consider OpenBSD on your critical servers.
Hot. Pokers. In. The. Eyes.
Explain, please, how the word Spammers is possessive in the title?
All this reverse crap means nothing.
We need to push SPF or something else forward so people are required to do work in order to send an email.
This makes the from address mean something, and harder to spoof.
Now spammers can register a valid email server, but then they have a place to be tracked to. If they are offshore we could do something about that.
Speaking of which, being able to categorize my mail by country would help alot.
Is there a standard for the mail servers to give their clients IP information about the server that delivered the message? This would help alot.
It's not my mailserver which does the filtering. It should only be the terminating server which does any form of filtering, ergo the one on the corporate network.
How many people can read hex if only you and dead people can read hex?
1. Recieve spam with unregistered domain name
2. Register domain name *before* the spammer does
3. ????
4. Profit
Also part of the problem is that if you send out a few million spams with links to www.stratjaktsmadeupdomainname.com most of the virus filters that this will pass thru will do a lookup on the domain, since it does not exist it wont be listed in any bind caches for you local dns server, they then have to query their parent servers (all the way back to the root servers)
... plus a few more for the people that click on the emails... since it will have to try and load the images in the email, etc.
say your typical poorly written spam program checks all the links (and for easy math you have 10 links in your spam)
10,000,000 emails x 10 links = 100,000,000 dns lookups
Its a nasty problem, since the first 100,000,000 hits would occure within a short period of time.
In short DNS can handle fat-fingered mistakes, just not on this scale...
Those rules don't get hit much (really not at all), because I moved them below my spamhaus check. But if messages get through that check now, I'm sure that those reject rules will catch most of the cruft.
And of course spamassassin then analyzes what gets through all of that.
This would be a fairly definitive measure... Instead of guessing the veracity of the content of a message, we would instead verify the physical origin of the message. While I concede that there will almost certainly be some sort of attempt at circumvention, it's a hell of a lot more difficult to get around then your average bayesian filter (which is the best thing going next to black/whitelists IMO).
We're talking about a fundamentally different approach here, treating the cause (unsecure, unverified protocol) instead of the symptom (spammers taking advantage of said protocol).
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I understand that in China, prisoners' families are billed for the bullets used to execute them.
Why yes, I AM a rocket scientist!
I think you missed the point.
Say we both work for some company X, and we use a server that is within the firewall and called foo.local
I am at home, and the e-mail I read at home is a@isp and not a@corporate.
You want to send me an urgent message to log onto the company VPN and check out something on foo.local, but I have to send it to a@isp.
The @isp mail server can't resolve foo.local and will therefore drop the message, meaning I will never get your message.
There are times when you want to send e-mail about internal domains to e-mail addresses residing outside of the domain, where the MX server at the end of the line cannot resolve the internal domain, but the person reading the e-mail can (through access to the internal servers).
Then it would fark any email in which somebody mistyped a URL, or if it interprets something as a url and it comes up invalid.
Could be as bad as if I wrote "I'll meet you 8pm@work." It might interpret the 8pm@work as an email address and scan for valid domain. Or I might just have a typo such as http://www.slahsdot.org which would also bork an email. Perhaps even a domain that isn't in DNS (one specific though a local shared HOSTS file)
Remember, antispam is not only designed to crapfilter out spam, it should be priority to allowing legitimate emails.
you need to kill anyone who buys any product or service advertised with spam. Without a market, spammers are out of business.
"National Security is the chief cause of national insecurity." - Celine's First Law
I know the, flamebait mods' get thrown; around when slash:dot users' give the editors' crap but c'mon guys'! Do your freakin jobs'!(_
Yes, my only tool is a hammer. And you're starting to look like a nail.
... the slashdot editors'!
I am no longer wasting my time with slashdot
What mail server even allows mail from unknown/unregistered domains? Isn't that, like, one of the most basic anti-UCE checks? I hope spammers employ this tactic because I know my mail gateways will drop all of the spam.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
I think it has something to do with finding the top halves of the people sending me all those Cialis ads.
Been seeing something like this for a while in my blog's comment spam: an apparently innocuous note with a URL that looks like the author's name (maybe something like "http://joeshmoe.com"). The URLs go nowhere. I'm sure they get redirected to pr0n and veye-ah-gra sites a few days after posting.
This is my post. There are many others like it. If you don't like what you read here, go try one of the others.
When you've got companies spending millions of dollars a year on extra equipment to deal with the spam problem, you've gone beyond being a "large nuisance."
And this is WITH the horribly lenient joke law that is "CAN-SPAM".
" Until they pass a law that makes it completely legal to kill spammers, the spam problem will not go away."
Ah no- that would only make it worse= the ones left alive would know that you were still there to annoy.
befuddled (noun) 1. Unable to create a pithy sig
Bollocks. Find individual spammers and attach them, with a dagger, to a chicken. Then slip a note into the spammer's mailbox indicating where where the family can pick up the remains along with their last free meal.
All depends on the DNS server. Note most DNS servers have set able limits on valid and invalid DNS cache. So spamming a DNS cache correctly setup spamming random crap does not work because it does not effect the number of vaild sites stored in the DNS server just fills the invalid section. Default on a lot is 0 for invalid but it can be set higher note with users using spam filter programs it is a good idea to set this higher due to caused load from doing not required lookups.
Hey, ISPs! Download dspam!
Don't thank God, thank a doctor!
Joe Llywelyn Griffith Blakesley
[This post is in the public domain (copyright-free) unless otherwise stated]
i mean that personally, fuck you. if you've spammed once, or many times i already dislike you as a person.
http://shit.slashdot.org/article.pl?sid=05/01/13/1 721203
With Rendezvous on macinosh, it normally comes up with names such as 'jeffs-computer.local.' with the extra dot, and it works. What is the specific standard for HTTP URL's and the extra dot?
--jeff++
ipv6 is my vpn
Sophos PureMessage is not (and never was) vulnerable to this trick. That is because it works off URI's rather than IP addresses.
The above post is by Ken Simpson (aka President Simpson) of mailchannels.com
http://mailchannels.blogspot.com/
SPAM should be considered crime against humanity. But then, what do you get for this kind of crime? Some media coverage at most.
Joe Llywelyn Griffith Blakesley
[This post is in the public domain (copyright-free) unless otherwise stated]
Last login: Thu Jan 13 20:48:21 on ttyp4
Welcome to Darwin!
You have mail.
$ ping clplap.local.
PING clplap.local (192.168.0.96): 56 data bytes
64 bytes from 192.168.0.96: icmp_seq=0 ttl=64 time=0.255 ms
$ links http://clplap.local./~jeffk/
My original point is that urls with local intranet domains in this form would break mail scanners that checked for valid urls in emails. Hell, even when I email a friend something like: "Your router admin page is accessible via http://192.168.32.1/ " would end up getting filtered as spam!
--jeff++
ipv6 is my vpn
But what happens if someone who sees the spam happens to register the domain first - the spammer would be SOL.
Thanks for the alert by AC about the astroturfing.
Ken don't be an ass, you have a couple of interesting FOSS things on your site - but it looks like the other stuff is smoke and mirrors that businesses will find awesome but techies would see through.
What really is this DNS/mail voodoo that you are peddling?
We have a supersized prison population because:
* We can't see the light on the victimless crime of drug consumption and insist on sending people growing pot to prison for 20 years.
* "Tough on crime" legislators have implemented such corrections gems as "3 strikes and you're out" so that a shoplifter who takes 3 items from 3 departments in a store gets nailed with 3 counts of shoplifting and goes to prison for life as a career criminal.
* The same legislators have also implemented manditory sentencing (which the Supreme Court just modified), requiring the above pot grower's wife to be considered a co-conspirator and sent to jail for 20 years, whether she knew he was growing it or not.
NONE Of this makes punishing the organized fraud known as spam some kind of exercise in penalty escalation. Computer hijacking, relay hijacking, falsifying information deceptive advertising, ineffective products, fake products, undelivered products -- at what point is punishing people for stealing wrong? Because someone can sit in their basement and do it on a computer doesn't make it any less impactful or less deserving of punishment.
Criminal punishments involving prison time have to be meted out at least initially so that the people involved won't just chalk up civil fines as the price of doing business and keep doing it.
You're right -- this was astroturfing. Thanks for keeping me honest and I apologize to the greater Slashdot community for having done so.
... where the alias part is a pseudorandom sequence that acts as a shared secret between one or more parties who wish to communicate with each other.
What we have built is an automated system for creating and managing domain-based email aliases. What does "domain-based" mean? Basically this:
Regular Address: username@domain.com
Domain-based Alias: username@alias.domain.com
Because the MX entry for the alias subdomain is consulted each time a message is delivered, it's possible to have a different MX entry for different aliases. In this way, mail traffic can be routed differently at the network level depending on who it originates from.
The use case that has received the most traction so far is to separate customer traffic so that it can be treated more kindly by the spam filter -- or bypass the filter altogether. In this way, you never lose a message from a customer (i.e. no false positives).
We are in the middle of a site update that will explain all. If you're interested, visit http://www.mailchannels.com in a few days' time or watch for a press release.
BTW -- the Apache::SMTP bits are a genuinely cool innovation courtesy of our CTO Will Whittaker. Look out for some articles showing up soon on this topic.
Regards,
Ken
CEO, MailChannels (and convicted Astroturfer)
Amen! Your last point, although valid, lacks any historical presidence of ever taking place. We have rarely ever decreased to penalty for a 'crime' that is on the books, (except for prohibition). It would be wonderful if we had a system that allowed us to reduce a penalty where it was deemed as reasonable, but the basis of our politcal system voids that as a possiblity. Politicians, as a rule, will not lobby their peers for reductions because it always becomes politcal fodder for the re-election process. The sound bite era has made that problem even worse, as it is easy to point a finger in 30 seconds, damned hard to explain why in that same amount of time, and secondly it puts that politician in an imediate defensive position, just where they don't want to be.
Amen! Your last point, although valid, lacks any historical presidence of ever taking place. We have rarely ever decreased to penalty for a 'crime' that is on the books, (except for prohibition).
This really isn't true. Historically cattle rustling and horse stealing were capital offenses. I'd be surprised if a first time cattle rustler even went to jail for more than six months, the same with horse stealing.
Legislators even saw the light to some extent with marijuana decriminalization in the 1970s -- what was once a guaranteed jail sentence for small amounts of pot is now a traffic-ticket offense. Of course this is counterbalanced with the extreme federal sentencing for other aspects of drug posession.
I think what we're seeing today is the beginning of the end of the "tough on crime" initiatives that began in the early 80s as an antitode for the increases in crime in the late 70s. Historically we began "reforming" instead of "punishing" criminals in the 1950s and by the mid-70s the demographics of the baby boom produced a lot of crime and a lot of public outrage at the "revolving door" of the prison system.
By the early 80s, polticians were eagerly lining up to vote on measures that made life without parole a common punishment. When the legislators discovered that judicial sentencing discretion wasn't implementing this mandate, they (temporarily, at least) eliminated this as well and we got to where we are now.
I think that the economic pressures of this are starting to show (if not the lack of rationality). When you jail 1 in 20(?) people, it costs money. A lot of money. Unfortunately we probably still aren't smart enough to figure out that some people SHOULD be jailed for a long time for both retribution and public safety (robbery, rape, assault, murder, kidnapping) and some people really shouldn't (most drug posession charges).
We'll either figure out that permanently jailing a significant portion of the population is at the very least economically untenable or we'll use terrorism and the war on $arbitrary_social_paranoia to just continue sliding into a police state.