Slashdot Mirror
New Spam Zombies Use ISPs' Mailservers
RMX writes "CNet's reporting
that the new
spam zombie PCs are no longer acting as their own mailservers, but cooperate with the ISPs' recommendation that instead of running your own mail server, to use theirs instead."
Is this just doing what normal email clients do already? Why didn't they think of it earlier?
Yeah, and then all those zombies lose their ISP accounts, and suddenly become much more aware of the need to secure their PC.
There's a very simple solution that many webhosting companies already use -- the ISP should force their users to authenticate with the server, using secure SSL. It's good practice any way, and doing so would make even more work for the spam bots (they would have to find the user's login and password for the SMTP server).
Be relentless!
I really don't understand why they don't just use SMTP-AUTH. This shouldn't be something that's such a huge deal... and certainly shouldn't come anywhere near what this guy said in the article...
"The e-mail infrastructure is beginning to fail," Linford warned. "You'll see huge delays in e-mail and servers collapsing. It's the beginning of the e-mail meltdown."
500GB of disk, 5TB of transfer, $5.95/mo
MMMMmmmmm Brai.... Opps MMMMmmmmm Spam
This is where we are, our rock we stand, among the world, looking forward, eternally.
Will many ISP SMTP servers get automatically blacklisted because of this?
Now just force SMTP Authentication on the ISP side. They didn't implement it just for fun. Everybody put his login/password in the pop3/imap textboxes, just put your login/password in the smtp textboxes. Won't kill anyone.
Problem instantly resolved.
I was reading about the "American GI (Joe) captured in Iraq" yesterday and the same thought crossed my mind today.
If you are going to tell everyone that spam zombies (or terrorist websites) are out there, why don't you give details like processname (or website URL)?
It does no one any good if you just say, "Hey, there's a chance your computer may be infected and is a zombie spammer," if you don't also tell us the zombie process name.
throttle the amount of e-mails a customer can send per time-period.. and the max amount of "BCC, CC" addressess.
It's just a hell and takes lots of time to go through contacting abuse-department of ISP's like AOL and Verizon who decide to block for very few spam-reports. Even though the damage of spambot-infested computers on your own network is limited.
My ISP requires me to authenticate against their server when I send mail. In theory, that should negate the problem right?
Unlike when they did it on the clients, this puts it through a limited number of gates.
ISP's will likely start limiting outbound email to x email/hr. Companies and ISP's will likely start monitoring and kill quicker.
This will benefit spammers for a very short period, then bite them in the ass.
ISP's and companies aren't going to tolerate a spike in CPU usage, and possible blacklisting if they can take care of it. They will start blocking IP's from sending mail, etc. etc.
What ISP isn't going to notice thousands if not millions of rapid-fire connections to its SMTP server?
I'm a big tall mofo.
Maybe I won't get terrible karma for this... And look at the date before you say redundant! Spam levels are about to skyrocket, according to experts who warned this week that spammers have developed a new way of delivering their wares. According to the SpamHaus Project--a U.K.-based antispam compiler of blacklists that block 8 billion messages a day--a new piece of malicious software has been created that takes over a PC. This "zombie" computer is then used to send spam via the mail server of that PC's Internet service provider. This means the junk mail appears to come from the ISP, making it very hard for an antispam blacklist to block it. Previously, zombie PCs have been used as mail servers themselves, sending spam e-mails directly to recipients. "The Trojan is able to order proxies to send spam upstream to the ISP," said Steve Linford, director of SpamHaus. Linford believes that this Trojan horse was created by the same people who write spamming software. ISPs in the United States may have already been hit. "We've seen a surge in spam coming from major ISPs. Now all of the ISPs are having large amounts of spam going out from their mail servers," Linford said. This will cause serious problems for the e-mail infrastructure, as it is impractical to block mail with domain names from large ISPs. Linford predicts that ISPs will see a growth in the volume of bulk mail they send and receive over the next two months, with spam levels rising from 75 percent of all e-mail to around 95 percent within a year. "The e-mail infrastructure is beginning to fail," Linford warned. "You'll see huge delays in e-mail and servers collapsing. It's the beginning of the e-mail meltdown." Linford said that ISPs need to act fast to take control of the problem. "They've got to throttle the number of e-mails coming from ADSL accounts. They are going to have to act quickly to clean incoming viruses. ISPs have so much spam--they are too understaffed to call people up and tell them they have Trojans on their machines. And no one would know what you're talking about." Antispam company MessageLabs confirmed Linford's findings. "This ups the ante in the need for filters," said Mark Sunner, chief technology officer for MessageLabs. "It makes it more difficult for people who compile blacklists, which is why spammers are doing this. It will put more pressure on ISPs to take greater interest in the traffic they carry and filter at source." The Information Commissioner's Office, the United Kingdom's point-of-call to report spam, said it had received no complaints of bulk spam from ISPs. Some U.S.-based ISPs contacted by News.com said an e-mail meltdown has yet to arrive. But technicians at some of the largest Internet providers have acknowledged the issue and similar exploits in the past. Many, but not all, U.S. ISPs have blocked open relay ports, such as port 25, to shut out spammers from disseminating messages from home-operated servers. The block has helped some broadband ISPs limit the output of zombie spam, and some have noticed the new form of malware taking shape. Time Warner Cable, the nation's second largest cable company, said it had become aware of this spam "vector," as it calls it, and has mechanisms to control it, according to company spokesman Keith Cocozza. He noted that the company's ISP, called Road Runner, has outgoing e-mail limits in place, but declined to elaborate on how the company monitors and responds to this malware issue. Earthlink, which runs a dial-up and broadband service, said it noticed a gradual increase in spam volume coming from its legitimate mail servers since the beginning of 2004. The company claims it has implemented safeguards, such as authenticated SMTP servers and re-routing of legitimate e-mail, to cut down the flow. "Overall we've been able to greatly reduce the amount of spam from our network by routing activities and applying chokepoints," said Trip Cox, Earthlink's chief technology officer. Cox added that the measure have reduced spam from 30 percent of the ISP's total e-mail volume to 2 percent.
I know two wrongs don't make a right, but--grrrrrrr--I HAT how these spammers work.
The CB App. What's your 20?
Maybe its that the zombies are now willingly using the isp mail servers instead of being forced
This is where we are, our rock we stand, among the world, looking forward, eternally.
You gotta love a Zombie that plays by the rules...
It'll be interesting to see how this effects ISP's Service Agreements:
"The customer, nor any device connected to the customer's network will not for any reason, send emails regarding 'P3n15 Enl4rgm3n7!!!', etc.. etc.."
Buuhahaha...
Score +1 for the rebel force. Score -1 for the Chinese empire.
If you are going to karma whore, at least format the fucking article properly.
Ever heard of a little thing called "formatting?"
I would love to see a Special Ops unit bust down the walls of a spammer's house, beat him, gag him, beat him again, send him to Guantanomo Bay for eternity, and than C-4 the spam servers.
Everyone should write their congressmen requesting this.
If you're karma whoring, at least have the decency to format your text. Only some people hate whores, but everybody hates ugly whores.
English is easier said than done.
If we just switched to a secure email system (SSL/TLS, or whatever), a lot of these dumb problems would go away.
... they all know how.
Yes, I know some mail clients don't support this functionality, but come on. Name one of the modern clients that won't do it. Thunderbird, Mail.app, Eudora, Outlook
I suppose then you just have to convince users. This, though, should be the easiest part:
Dear User,
This email is to notify you that your neighbor has been recieving your monthly e-bank statements and password confirmation emails because you are stubborn and insist on using insecure email protocols.
Incidentally, we'd like to thank you for your subscription to DAILY LESBIAN ACTION MAIL!!!1
Frankly, I haven't used my ISP's email regularly since 1999 or so. Instead, I've used yahoo (which already has problesm with people spamming from @yahoo.com and deals with it).
Instead of bringing about some sort of "email meltdown" won't this simply push email into being a web-based service instead of an isp-provided service?
Your post is stupid in so many ways.
First of all, they've been willingly doing it as long as they've been doing it. Why would they act against their will? That's the sort of nonsense the liberals on this forum spout.
Second of all, the elaborate game theory of the spam industry dictates that an ISP's mail server, by virtue of needing to be an open relay for a particular netblock, is highly valuable as all that is needed to use it is access to that netblock. Spammers spend months acquiring lists of open relays; being able to use an ISP's smtpd is gold.
And I posted your parent, too. And I mean it. Fuck you Rob Malda, this place used to be "news for nerds", now it's "news from two weeks to a year ago, filtered for bad grammar". I spend two years fighting in Iraq and I come back and this place has turned into an utter cesspit.
Since they're cooperating so wonderfully, has anybody thought to ask them to stop sending spam?
Force users to install one of these insane Captcha thingies as plugin to their Outlook Express client. That would work for sure. By the way it would prevent your 6 year old son from sending stupid emails to your coworkers. Or maybe not. Yeah, they should force you to physically come to the ISP headquarters with your .eml on a floppy disk.
This might be a little OT, but I've been thinking about this, and I'm not sure if there is something like it...Think a global repository (Thunderbird style) of spam, which your e-mail client feeds off of. You mark something as junk, and it uploads that addition to the DB that everyone else feeds off of in realtime. Wouldn't this work? Wouldn't it virtually eliminate spam (or at least cut it back DRASTICALLY)..? You could even go a step further to allow SMTP servers to access the list as well, and nuke spam before it even gets to the end user.
It is pitch black. You are likely to be eaten by a grue.
"The e-mail infrastructure is beginning to fail," Linford warned. "You'll see huge delays in e-mail and servers collapsing. It's the beginning of the e-mail meltdown."
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
This is the best sign yet that we're winning the war on spam. This is exactly what measures like SPF were designed to induce - forcing zombies to go through the ISP rather than sending mail themselves.
Now all the ISPs have to do is to filter and detect sudden jumps in email traffic. It will be easy for them to detect systems which have been infected. This will catch the small number of users who suddenly start running high volume email lists from their home systems, but those cases will be few enough that they can be dealt with manually.
This is the beginning of the end for the zombie spam problem!
Dude. Paragraphs are our friends.
(I know there's been rumours on 'em)
"Flyin' in just a sweet place,
Never been known to fail..."
It automatically HTML formatts it and I forget to plain-text it.
For me, the amount of spam I receive has gone down steadily for the past year, on all my email accounts, as ISPs and other email providers have improved their filtering capabilities.
Looking at my spam folder, I get between five and eight spam mail per day delivered, most of which I never saw since I also filter locally with spamassassin (this does not count those tagged as spam by my ISPs). A year ago, the number would have been ten to twenty times higher.
If anything, I get the distinct impression that if we aren't defeating the spammers, we certainly aren't losing either.
Trust the Computer. The Computer is your friend.
Not difficult, just do a MX lookup on the current host DNS and then use the results for a SMTP host. I've been wondering how long it would take for the virus writers to figure this one out. Most Blacklists have a list of zombie IPs, so SMTP servers will just start getting on them now.
First of all, most ISPs require you to authetenticate in some way. Either they require a login/password or more often, they wait until you check your POP3 email and give you a 30 minute window to send email without authentication.
Secondly, ISPs often have a limit to how fast you can send mail or how many per day you can send.
I don't really see this as a problem.
Wouldn't an anti/virus program fix this? Are all the zombies unprotected machines? If so, couldn't the ISP's (I know Cox does) disconnect their service until the problem is fixed? (Or at least temporarily let them back on to download an A/V program)
this is #oldnews... spammers have been doing this for 5 years... they just look at the mx, and connect like a normal client.
the easiest way is to use an rbl/sbl/xbl blacklist service. Some mail firewalls easily integrate this -
barracudanetworks.com
But we all know how compitent our government is on these matters . . . . .
"ONLY TERR . . . er . . . . SPAMMERS HAVE PORT 25 OPEN!!"
Only in a Slashdot fantasy can a Slackware install turn into several hours of sex . . . . .
Because I suspect it doesn't work as well. It's pretty easy for an ISP to notice 100,000 emails from one sender pumping through their SMTP server, but relatively difficult to notice those mails when sent directly through the net. Also, outgoing servers are often set up with throttling.
Of course, nowadays, ISP's have no excuse in either scenario. There are plenty of network monitoring tools that will notice spamming.
But more significantly, it represents a massive opportunity cost. There are all sorts of cool things we could have created for our users that we haven't been able to get to because we were tied up with weekly SpamAssasin upgrades. Spam is short circuiting the work of a lot of the most brilliant people into totally profitless endeavors.
I think the only way to cut down on spam without making everyone change email clients, or re-write the protocols, is to enforce ISP based spam blocking.
This means that an ISPs customers must use the mail server of their ISP - otherwise all their STMP trafic gets dumped. Second, the ISP must monitor how many outbound messages a customers computer is sending. If they go above a email a minute (perhaps averaged out over an hour? half an hour?) their SMTP access is blocked, either permanently (until the customer rings the ISP) or for a set amount of time, afte which access is restored. If they keep tripping out their SMTP access, the ISP should block them automatically.
When the user calls the ISP complaining about how they can't send email, the ISP must have good staff able to walk them through downloading, installing and configuring anti-virus and firewall utilities.
your thoughts?
Major ISPs are trying to be the only mail servers out there. The problem is that there will always be a way to attack these. Instead, of trying to remove adsl/cable residential systems from the net, they should be rate-limited. It is far easier to detect a system that is doing nothing but noise, then it is to try and seperate the noise from a system that also has high signal. Once a system is picked out as generating noise (spam), then others can seperate it out.
I prefer the "u" in honour as it seems to be missing these days.
$100/year/customer?!?
Come on now -- companies like http://www.postini.com/ can do it for magnitudes less.
Maybe your ISP should see what solutions are out there do to what your doing, but for a ton cheaper?
One week ago, I was suspecting interesting activity on my colocated server. I've found out that my SMTP server was sending thoudsands of emails each day containing spam and email. I remember that in the logs I've saw a hostname of "SMTP hunter". Oh well, these spammers make me sick. I've hopefully reformated the server and have a happy ending.
The hip way to get your IP. No ads, ever.
This really is old news. I'm a sysadmin for an ISP, and we saw such viruses and infected zombies doing this early last year when we blocked port 25 to residential customers to everything but out own mail servers. About a month later, we started seeing huge increases on traffic coming from our customers, most or all of them being infected zombie boxes.
The bad thing is that it can get your mail servers on some blacklists instead of just some dynamic IP ranges, the good news is that it's fairly easy to spot such users and shut them down before real harm is done.
It's better to burn out than to fade away
With a regular zombie, you really can't email the person controlling the machine (or the one who has it in his house).
With an ISP's mail server, you can.
And they should be more interested in shutting down the thousands of spam messages so that their regular mail can be sent.
You should listen more closely to what GWB says. It's not the war on Terra, it's the war on Terrr.
Spammers are using Microsoft's Hotmail servers as Spam servers, and sending out hundreds (of millions) of emails each day to unwilling recipients.
Come on, this is hardly news worthy on the front page of Slashdot...this kind of thing has been going on in one way or another for a long time.
Never underestimate their ability to neutralize any efforts made to clean up their infected PCs or to teach them how to do it themselves.
Running with Linux for over 20 years!
Dear Angry AC,
Hello, my name is the Constitution. I'm here to let you know that, indeed, my first ammendment (that very one that allows free speech) is still here in on the front of me. Uncle Sam and I thank you for your service. And remember, you still have the right not to read anything you don't want to.
Your pal,
The Constitution
Which is the entire reason behind using a large network of zombie PC's to distribute the load.
Of course, nowadays, ISP's have no excuse in either scenario. There are plenty of network monitoring tools that will notice spamming.
Ok, I am taking suggestions.
I have a lot of customers that go on the road ... They just leave the SMTP set to us, and we have secure logins. Voila. Oh, but we can't use port 25 because a lot of ISPs block it.
You're using SMTP AUTH over TLS on port 587/tcp per RFC 2476, right? ISPs have fewer legitimate reasons (if any) to block 587/tcp out than 25/tcp out.
LinuxToday is more civilized in the talkbacks...
We host email for a lot of small domains. Many of our customers are using SBC Global for their DSL.
We had everyone doing authenticated SMTP through our server for outbound but SBC shut that down and forces them to do authenticated SMTP through their servers now.
I have absolutely no problems with this except two small issues...
1. They didn't let anybody know. (To my knowledge) There was no press release on the home page or any instructions emailed out to inform customers how to update their mail settings. Since of course they only officially support their email addresses any non-technical customers that called in to SBC royally messed up receiving mail from our servers.
2. There is no non-customer technical support period. You can't make your way through their automated system and they have no way to contact any body on an ISP to ISP level that I could find.
I even contacted some marketing person at their HQ that I managed to find contact info for and explained the situation. They even tried to contact support and couldn't figure out how to do it. Very sad. Glad it wasn't an emergency.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
n/t
This isn't off-topic. It's a "zombie" joke, you slavering morons.
Honey, I shrunk the Cygwin
How in the fuck is this "flamebait"? It's Interesting. It might be Funny. It is most certainly not "flamebait". The MODERATION (-1, Flamebait) is flamebait!
Honey, I shrunk the Cygwin
I thought that this was the way it was done before ISP's got smart and started checking IP's.
Acrylic Bubble Panels www.beyond7.com
I knew this would happen once idiot ISPs try to block port 25 for sending email. I connect to a company mail server (that isn't my ISP's) to send/receive email (which requires authentication). Some ISPs have blocked ppl from doing that to "cut down on spam."
It was just a matter of time before the weasels figured it out. they have too much money to throw around not to work on something like this.
-- DuckWing
Allow me to be the first to say
/) (, ) /
/___, _ (/_ / / ___ /
________) __ __)
(, /
) / (_(_(__/(__ (___/_ (_)(_(_
(_/ )
(__ /
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
now Bill Gates is gonna blame the Windows pirates for being vulnerable! >:(
For a few months now I have been tossing the idea around in my head of requiring a license to access the net. I have posted this before, so I will make this brief, but just a simple security course. If your machine becomes infected and infects other machines, you loose you license. Simple and effective.
K Man
There's tonnes of software out there to help users kill and remove spam. But where's the sofware that will let me find the real source/company of the spam? I want a program that will go to the linked URL, bounce through the re-directs, figure out who in China actually owns the site which is trying to recieve money, and tell you. THEN, all those ISP's should be blacklisting that hosting site for all traffic. Its a waste of time/never ending arms race to keep trying to protect every PC out there - you have to follow the money. anyone have that program? Its a real pain to do all that tracking manually and just get ignored by the hosting ISP...
Email is an arcane, brilliant, overloaded, compatible mess. For everyone with an overpowered PC overflowing with spam, there's someone with a museum piece for whom email is a lifeline. It's not going anywhere. I'd love a modern alternative. Something with decent compression and encryption. Digital signatures and proper user authentication for sending. Meanwhile, I just bought a fax in order to better communicate with a new community of people I've recently joined. I'll still be able to send and receive email using my Amstrad PPC XT portable in 20 years time.
http://www.shaftek.org/blog/archives/000245.html
For some reason they have no problem sending all of their customers zillions of email ads, yet informing us of an important technical change like this is "impossible".
Once I realized what was going on, however, a quick Google search provided some answers.
There is an automated process to request unblocking Port 25 on a per-account basis. It took about 24 hours after filling out the request form, but it did work for me.
Help page from SBC/Yahoo.
Opt out of port 25 blocking form (be sure to fill out account name/password correctly & choose as "Abuse Type", "**Opt Out Port 25".
Note that this is an automated request, so there is no point in filling up the description field with a detailed account of all your frustrations. Just make sure you've got your account info and "**Opt Out Port 25"--that's all you need!
Just take a look at the statistics:
Europe has only had strict laws against junk communications for two years (Article 13 of Directive 2002/58/EC), they have only been in full force since November 2003 (and the provisions for criminal penalties are not even in place in each and every corner of the European Union yet) - but they mean pure and simple opt-in, and look how this continent's "spam output" already has become almost completely insignificant.
The U.S., I'm afraid to say, have put next to nothing in the way of these sociopaths: only a now-you-CAN-SPAM-more-than-ever Act that lives up to its name in the worst of ways, by legalizing most of the spam, enacting an unworkable opt-out onus on the users, and putting anti-spam warriors at the legal risk of interfering with (and being taken to court by the operators of) what is considered a legitimate "business model" except for some of the worst abuses - and for however little it is, all of this even an entire decade too late.
Reliance on technical solutions and minimal government intervention is just fine for many things - but it's failed in the fight against spam.
Here is how to do it:
That's certainly nowhere near rocket science, and if the above looks a bit complicated, that's probably just because- a directive is a (binding) template for lawmakers in all of the European Union's member states
- necessarily, the legal techniques as well as the "Legalese" itself vary between jurisdictions
- this is a great one-ban-fits-all provision that outlaws each and every flavor of spam at once
"First Amendment" implications: zero (and yes, of course there is freedom of speech in this part of the world as well, and even more of that speech could be heard if it wasn't drowned out by American spam - some of which comes relayed thru Asia of course) - it only bars some people from "pissing in everyone else's pool", but certainly not from speaking their mind!There is nothing wrong with following an example that works so well, even if it is from Europe...
Call your congresscritter now to outlaw unsolicited commercial communications, place a hefty fine and jail time on the offenders, and put an end to these abuses before they put an end to eMail itself.
As an employee for a mid-sized ISP, it's a lot harder to handle several thousand calls of "I can't send emails!" vs handling reports of spamming in a timely manner. We throttle connections, but once you start filtering...
The problem with computers is that they do what you TELL them to do, not what you WANT them to do.
arcane, brilliant, overloaded, compatible. Couldn't think of any descriptive terms? (That was sarcasm.) Arcane??? Better look that one up, Sparky, or else if it really is arcane to you, you should find a new hobby. It's way simpler than blogging. Overloaded??? What's overloaded? Your unprotected inbox? Compatible is how it works. The power of the PC has no effect on the amount of spam it receives. If it's an unprotected Windows PC, then its power helps a little in the spam flood, but it really doesn't make much difference in the big picture.
And if you're looking for something nice and stable, surviving the centuries with virtually no illegal intrusions, consider the postal service. You know: written notes, sent physically, paid for by 'stamps', those little licky paper things?
Sig not available, please try again later. If the problem persists, then the submitter is an idiot.
Are you Chinese? You act like one.
The only way to slow down this nonsense is to put a limit on the amount of messages a single account can send in one day.
This would accomplish two goals:
1. (Obvious) it would limit the amount of crap-mail spewed out by ISP's compromised customers.
2. It will encourage joe six-pack to clean up his infected machine. When Joe wants to send and email and he can't (because a bot has used up his allowance) he'll be forced to actually clean up his infected machine.
-ted
You can click that little box thing by the spam and press "delete". I mean, really.
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~
You have got to be kidding, right?
Just because you do not *SEE* the spam, by no stretch of the imagination does that mean it's *NOT THERE*. Don't *EVER* confuse those facts.
As administrator of several small mail servers, I'm killing in excess of 88% of incoming email as spam. In one particular case, a very small ISP mail server with about 600 email accounts has a steady inbound SMTP flow of 280kbps minimum 24x7 into the email server. That doesn't sound like much, until you do the math. If that figure held up linearly in larger installations/sites, that would mean that a small-medium sized ISP with 50000 email accounts would see a 23Mbps stream of incoming email - the equivalent of half a DS3.
Now, if the 88% spam figure holds (and unfortunately I'm pretty sure it will - if not even worse than that), that's almost 20Mbps of utterly wasted bandwidth. And guess what? Bandwidth costs money.
Between the RBL's and Spamassassin, we see about a 96% effectiveness in the reduction in spam. Trust me, the reason you see less spam is because your provider is at least trying to catch some of it and the filters have gotten much better at spotting it, *NOT* because there is less spam.
The definition of "not losing" is purely a matter of perspective. Due to the (current) effectiveness of filtering software implemented properly, certainly users are less frustrated and happier.
However, more and more effort (time, software, server resources, horsepower, money) is being spent to combat it, not to mention the waste of bandwidth at all levels. That's effort and money that could be used to expand or enhance services, lower rates, or both. I personally still consider that "losing".
The more I read about email, the more I am convinced that it will eventually go under. I do not think that we'll have to create a new system, but a paradigm shift is inevitable. Spam is unbeatable, because the only way to filter it out is by content. But every time we come up with an algorithm to detect spam, they respond with an algorithm to foil us. A classic arms race -- and nobody wins.
It was a pure fantasy, anyway, to expect that email will function just like USPS, but faster. It is about time to start using Internet the way it can be used best. The change must occur in the culture. How about whitelisting by default? May seem inconvenient at first, but once it gets a proper mindshare, it will become almost invisible. Let there be a pass of some sort which cannot be collected automatically -- for example, a subject line which you list on your website -- that can enable the incoming email to get through and to whitelist the sender at the same time. When you receive your first spam email, you just un-whitelist it and change your pass. Done.
Store your pass anywhere you want, put it out in the open if you want, just keep it two paces apart from your email listing, just enough to make it infeasible to collect email/pass pairs automatically.
If people know and expect that emails tend to be guarded with such passes, they will request you to provide them along with the email -- not much strain on communication, since passes could be as simple as your mum's name. All they need to do is to send you one "introductory" email -- and they don't have to worry about it anymore.
Seriously though, I am at loss as to the practical steps we need to take today if we ever want to see spam-free Internet.
... now thats a new one. hehe.
Let me rephrase and expand.
The spammers are sending more and more spam, and yet less and less is actually getting through. Methods for stopping it at various points have become steadily better, and they need to resort to more and more esoteric methods to get any spam delivered. And the spam that is delivered needs to look more and more like regular mail to have a chance of sneaking through.
While sending spam is almost costless, it is not _totally_ so. Creating zombie networks is not free; if nothing else, the non-zero risk of getting cought is a cost. Renting capacity on someone else's zombie network of course carries a direct cost. Farming addresses, or buying collections; getting machines and bandwidth (and keeping it, in the face of vigilance on the part of ISPs) - it all carries costs.
And since less and less is actually delivered, we are increasing the cost per message. There is a definite cutoff point where it ceases to be profitable to send spam about a particular product or service (different, depending on the product). As the cost increases, you could counteract by promoting more upscale, higher-margin products - except that you can't, in the case of spam. You could not sell real Rolexes with spam, for instance; people with that kind of money will go to High Street and buy it there.
What I meant are two things: spam is less of a problem for the end-users (since ISPs and others are doing a much better job filtering it today); and fighting spam seems to be working, seeing how the spammers are doing more and more work, and yet seeing less and less actually delivered.
This last step looks a bit desperate. Sending it through the ISP gateway seems like a great way to have the zombie network detected and shut down much faster than before, thus destroying a needed resource in the course of using it.
Trust the Computer. The Computer is your friend.
Lots of people mentioned the obvious plus of this -- that the ISPs outbound mail servers will provide a good choke point to throttle and detect spam from zombie PCs. There's another big plus though: the ability for the ISP to investigate complaints.
Back when I used to work in the ISP industry (a long time ago now, thank $DIETY) I had to deal with abuse complaints. Back in the early days of spam it was obvious when you had a customer spamming -- you'd get thousands of complaints in a few hours. Of course as time goes on fewer and fewer people would complain (who has time?) and eventually it got to the point where it would take longer to get even one complaint for a big spam run.
Now when you get a single spam complaint it takes time to investigate -- after all its easy for someone with an IRC grudge to send a fake complaint framing the person at a certain IP at a certain time. You at least need to give it a decent look to make sure it isn't an obvious forgery before you close an account or you risk looking real stupid later.
If the mail came through OUR mailservers though our job is a lot easier -- we can correlate the message-IDs and times to verify that they make sense. Sure, a forger could have changed the message body (modifying an innocent email) but they must have received something... so you can go after the forger based on the email address the innocent message was sent to.
Plus if someone is spamming and using our servers we can probably figure it out pretty quickly from the mail logs ("gee they sent out 200 messages that hour, all about the same size, to seemingly random email addresses...")
If spam zombies are desperate enough to go this route then this is GREAT NEWS - we must be winning the battle.
Aah an enticing subject line, large penis etc - in fact all they want is to lure you somewhere where they can eat your brains!
Basicly, it would be a CDROM (and perhaps a book or manual) that would be sold in computer shops.
When you install it, it would clean all the spyware, viruses, trojans, zombies and gunk from your system automatically.
It would then install anti-virus and anti-spyware and etc programs designed to run periodically and clean the system. (including hooks into email programs like Outlook Express to remove the viruses before they even reach the users inbox) Plus a firewall with settings to block known bad software (spyware, trojans etc) but not block anything else. (this prevents the problem of the user blindly allowing everything through). It should also contain auto-updates so it keeps the data files it uses up to date without any action from the user.
If you can make it block or restrict websites used by philshing (fake bank sites etc) in a way that is going to be understandable for the cluless users the package is aimed at and which will be 100% sure to not block anything other than malicious sites, even better. (although I suspect this is going to be difficult)
Design the UI and interface so that it can be used and understood by even the most cluless of users (the kind that think that the "blue E icon" is "the internet" for example).
Give it a name like PC Tune Up or something. Most people (even the most clueless of people) know that you should take your car into the mechanic and have it serviced regularly if you want to keep it running well. So pitch this package as the computer equivelent of getting a service/tune up, that way even the clueless will be able to understand why running it is a good thing.
Also, in the marketing campaign & software, show people all the bad things that hackers, viruses, spyware, trojans, philshing etc can do you & your computer. For example, show (in a way the cluless can understand) how these things can be used to access your online banking and bank account and take money from it without your knowledge. And so on.
Firstly, this program would serve to get rid of the junk even without the user needing to know exactly what the junk is.
And secondly, it would serve as a way to educate the users so that they know how to avoid the junk in the future.
At least this gives the ISP a massive incentive to block zombie traffic rather than risk email blacklisting their entire user base.
I see in sendmail a MaxRecipientsPerMessage option, which would prevent an infected client from specifying too many RCPT addresses. (It's not clear to me what happens if we have a mailing list with > MaxRecipientsPerMessage subscribers, though.)
What I don't see is an option to limit based on messages per hour. Does anyone know if this exists within sendmail? Or do you need separate monitoring software for that?
- spam zombies simply won't work
- people with no clue but wanting to run a mailserver will have trouble setting it up, so their choice is either to ask someone knowledgeable enough or forget about the whole thing.
- the ISP won't get blacklisted
When I set it up back in the day I was annoyed at the stuff I needed to do to get my mailserver up and running (even though it took me only about 30 mins for finding out what to do and reconfigure my server). Nowadays I'm glad they do this because of the advantages this small requirement offers.The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness.
That's very useful info. Thanks for the links!
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Why not create a top level domain like .adv for advertisement which would be the legal way to send spam especially now that the email is on the edge of collapse from what the article says.
One solution is SURBLs (Spam URI Real-time Block List, I think). This is a list of web addresses contained in spam. An anti-spam filter parses an email, then checks any URIs against various SURBLs. They are pretty damned effective. Any URI in spam gets blocklisted pretty soon, and filters can act accordingly and block spam.
These are up and working, and have been for at least a year. The latest SpamAssassin has support for them out of the box, I haven't checked but it may use around 5 different lists.
There is a small network delay and very little processing overhead on the spam filter. So email may be delayed for 15 seconds, but spam will be filtered to a far greater extent.
Visit www.surbl.org for more info, and don't forget to check out SpamAssassin as well. Anyone running a modern Linux can filter their own email, even if they pick email up from a pop3 server. I'd recommend a fetchmail, postfix, procmail and spamassassin combination, but there are many, many ways to do this.
Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
Can you use the ISP's server to send emails to for example: bob@music.indy? If not, then they have broken the internet...
FRA: STFU GTFO
For example, the url linked from this article is (includes slashdot space insertion goodness):
This url works just as well....
Since they just launched a new outbound SMTP spam scanner...u cts/key_feat ures_ob.php
http://www.barracudanetworks.com/prod
Anyway, judging by the fact that Barracuda just released it, must mean it's been going on for a while now.
Dcc could help here... If a load of spam is in transit in a single server it can be tracked easely. Actualy it is a good thing http://www.rhyolite.com/anti-spam/dcc/
It's pretty easy for an ISP to notice 100,000 emails from one sender pumping through their SMTP server...
That's the point though - they're not all from one sender anymore. If you Zombie 1000 PCs, and have each send 100 messages, you've still got your 100,000 and it's all from different people, so the traffic looks like lots of normal email, and as such you bypass the throttle.
I would guess that a lot of ISPs only do spam checking on mail coming in from outside, and not from their own users as that saves resources.
Like you say, there's still no excuse. I don't think these methods are entirely new, as this is generally how email viruses spread themselves. They should be checking all email, in and out, for spam and viruses, and rejecting bad email before it is queued (ie: the client can't even complete sending).
-- Steve
What again is the reason why ISPs don't block outgoing port 25 and only allow it to their mailserver ?
Then the only way out would be via the ISP's mailserver which could do spam and virus scanning (mailfilter.info or something similar).
The few geeks who run their own mailrelay on their home DSL could request the port to be opened (and pay all damages if they manage to screw things up), or simply use the ISP's mailserver as smarthost.
And to top it off you would have to SMTP AUTH with the ISP's mailrelay, so a spamzombie couldn't use the mailrelay at all (unless extracting the password from the mailclient)
RedShirt
Microsft spel chekar vor sail, worgs grate !!!
Are people still using email ? I stopped using it about a year ago and haven't looked back.
Need to pass data between friends ? Give them FTP accounts on your server or let them give you FTP access to their server.
Email is dead. Spam killed it. As far as I'm concerned ISPs can simply block SMTP traffic altogether.
Presumeably this zombie virus needs to extract the mail server host name from e-mail software you already have installed. This surely means that It can only be effective if you have a piece of email software it's been programmed to be able to jack the info from. Isn't it a little worrying that other programs can access this information without you noticing? Shouldn't these e-mail programs store your settings more securely? If e-mail softwares do indeed store your username and password securely, why do most ISP's not require authenticated SMTP? (My ISP doesn't) My point is you can't blame the user for everything.
If it's Dubya, it's war on both, Terra and Terrr
I've already seen ISPs that throttle SMTP messages. Only allowing you to send up to 50 in a 5 minute period. While that would still allow spammers to send 600 an hour per host; Thats a lot better than allowing them to send 5k-10k or more an hour per host.
ISPs shold not allow users with computers that are used to spam, or otherwise abuse the Internet, to remain connected to the Internet. It is up to the user to effectively secure his computer or to have somebody else secure his computer for him. Whether a user updates his software or uses a firewall properly doesn't matter at all, as long as the computer is effectively secured. It does not matter if the software maker produces insecure software, if the user choses to use insecure software or buys an insecure computer, the user is still responsible for the security of his computer. It does not matter if the user himself is knowingly causing the abuse or the user's computer is a zombie, the user is responsible for the abuse. The ISP should be held responsible for acting on abuse reports sent to abuse@isp and promptly disconnecting any user who has a computer that is abusing the Internet. If the abuse was caused by an insecure computer the ISP sould require that the user effectively remediate the problem and secure the computer before being reconnected.
Is that a new "feature"?
This is exactly what measures like SPF were designed to induce
:(
We've lost.
The Internet was designed to be, and should remain, a network of peers. There exists no hierarchy on the Internet. My computer is as signifigant are Microsoft's web server (albeit, far less popular).
With systems like SPF, we've abdicated our computer's place on the Internet to so-called super-peers. Now, to send an email, I have to get permission from my ISP.
Fuck that.
Call me an unrealistic idealist if you want, but a network of peers is a Freer structure than the one that SPF creates. Give me freedom, with all its problems, over permissions-based structures any day of the week.
We've come closer to beating spam at the cost of the Free Internet. If we've won something, then it's a pyrrhic victory at best and you guys will be celebrating without me.
-Tom
Some people see impending email doom, but I see the perfect Mac Mini advertising campaign. ;)
CNet thinks this is something new?
It is not new.
The user has to authenticate to send E-mail. If they can't (like the trojan that doesn't know the tokens), they can't send mail.
In practice, the user tells the MUA to store the SMTP AUTH tokens in some sort of config file or registry. If the trojan can just pipe mail through that, it can send mail.
There has been copious discussion and analysis of this over the past two years or so on Spam-L. (Spam-L is THE place to find the Internet's leading experts on spam. Anybody who's anybody is there; anybody who's not there just isn't paying attention.)
It was a highly predictable move, given the success that spammers have already had with direct-to-MX spam via zombies -- thanks in large part to the incompetence and neglect of consumer broadband ISPs, who were warned about this early and often, and chose to sit on their hands -- and let it burn.
This became even more of a certainty, as poorly-thought-out and largely worthless proposals like SPF, SenderID, and DomainKeys were trotted out: this undercuts all of those neatly. (And it's not the only way: there are a number of other tricks that spammers can be expected to employ as the need arises that render all three of these proposals so much disposable nonsense.)
There is at least one factual error in that article, though: the author says "This means the junk mail appears to come from the ISP [...]
If it's coming from their servers or their network, then it is IS coming from the ISP; it's their spam and they bear full responsibility for making it stop.
No excuses. No whining. No stalling. Anyone who's not competent and diligent enough to detect this problem and deal with it immediately should unplug their entire network until they can -- or at least have the guts not to complain when they are -- correctly -- blacklisted for spamming.
I moved to a crappy small town and expected my connection to suffer. Thus far in the the last year I think that Telus has only once been at fault for a downed connection.
I think the parent is grousing that Telus assigns static IPs via DHCP. But hell, that's how I do it here at work (for those that are static).
Most large ISP's have moments of idiocy. Out of many, Telus has actually been decent by me.
Every upstream provider should only accept mail which as been passed by a Spamassassin server.
That would end spam as we know it - I hope.
-- From Denmark
LOL +3 Funny
We run an open hot spot FreeWiFi. How would you stop them from connecting?
Do you think Borders is going to refuse to take a customers money even if they have a virus? Don't think so.
What about at the library?
While your idea has merit, there is currently no way to enforce it.
Cisco is working on routers that will block these type of virus/worm's. I think the solution needs to be from within, not from the government. Who's government would be in control here?
These guys would make her look look an expert.
(If at first you don't succeed, do it different next time!)
Yes, but 100,000 emails from an ISP big enough to have 1000 zombies isn't that much spam.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
What gets me is why aren't the ISPs transparently proxying SMTP...