Slashdot Mirror
IBM Unveils Anti-Spam Services to Stop Spammers
bblazer writes "CNN Money is running a story about a new IBM service that spams the spammers. The idea behind the technology is that when a spam email is received, it is immediately sent back to the originating computer - not an email account. From the article, ""We're doing it to shut this guy down," Stuart McIrvine, IBM's director of corporate security strategy, told the paper. "Every time he tries to send, he gets slammed again."""
IBM's Anti-Spam services are designed to stop spammers?!?!?
What will they think of next?
And maybe the screaming hordes of DSL-bots will finally get shut down.
Sometimes seventeen/Syllables aren't enough to/Express a complete
I think I'll stick with spamd. It doesn't waste my bandwidth.
... but what about the vast majority of spam that's sent from zombied PCs and open relays instead of from the spammer's own mail servers?
Automatic DDOS of spammers. Very cool!
Paleotechnologist and connoisseur of pretty shiny things.
How does this exactly help solving the spam problem when the machine sending the spam is not owned (but "0wned") by the spammer?
Or do they plan to DDoS the spam-zombies?
The United States of Lard
by Mark Driver
We are a fat, fucking country. We're also lazy, complaining, selfish,
hypocritical assholes, but today, I'm just gonna focus on the fat part.
More than half of Americans are obese. Not just overweight mind you,
OBESE, meaning there is so much blubber on your bones, it's unhealthy.
Your lard encrusted heart pumps your greasy blood through tightening
arteries and brittle veins. Unsightly fields of poisonous cellulite dot
the noxious landscape that is your body. Our chubby children can barely
pry their fat engorged bodies out of bed. There are even reports of these
little butterballs suffering from adult diabetes, a condition that used to
take dozens of years of abuse to manifest. Like a pod of sleepy whales
sucking pure lard out of a generically mutilated mother hog covered from
snout to tail in teats, we just feed and breed. It doesn't matter what the
fuck we put into our bodies. It can be uranium soaked dog feces sprinkled
with live baby tarantulas, tapeworm eggs, cigarette buts and diesel fuel
causing impotence, baldness, spontaneous abortion, and premature death -
as long as it's battered, fried, and salted: it's dinner.
New National Anthem (sung to the tune of anything by N' Sync)
Suck and sleep,
Mate and eat.
Breed and feed,
Breed and feed.
Don't lather.
or rinse,
or chew,
just repeat.
How did everyone get so fat? Our grandparents weren't fat. Most senior
citizens aren't fat (maybe the fat ones die off early). George Washington
wasn't fat. Abe Lincoln wasn't fat. Ben Franklin was fat, but he made up
for it in charm (from what I hear). In random snapshots of history, most
people aren't fat. They didn't have the luxury of a life where you spent
15 hours a day laying on your back. They didn't have the luxury of a
purely sedentary lifestyle. If they wanted to eat something disgustingly
unhealthy, they didn't have the luxury of waddling over to Wendy's for a
bacon triple cheese burger - they had to make it themselves by scratch.
Luxuries have their costs, don't they fatty?
So are you one of these fat asses? One of these obese, bacon-grease
drinking Americans that make up more than half of our population? Do your
rotund children roll around on the floor in their own drool, playing video
games, suffering from high blood pressure and hemorrhoids because you feed
them processed crap and never make them go outside?
It's easy to stop off at the store or pull up to the drive through window,
but if it came down to it, would you be able to provide any of the foods
you consume for yourself? Would catching a pig leave you breathless and
huffing like a broken bag pipe? Could your short, fat fingers fit around a
cow's udder for milking? Could you even climb into the seat of tractor to
dig a trench to seed some corn? Could you pull a stalk of wheat out of the
ground? Could you run after a chicken? Can you even run?
I'm not saying this to be deliberately mean, I'm saying it because you
fat, lazy, pieces of shit piss me off. What is it, like a third of the
world that's starving to death? In countries worldwide, there are human
skeletons with gaping eyes trying to make bread out of tree roots and
dust, swollen joints and bloated, empty stomachs. 5' 3" and forty pounds.
Now that's a fucking weight problem. Imagine reaction of one of these poor
souls watching American late night TV. Picture them, ribs showing through
their stained rags, broken teeth jutting out of their shrunken heads,
trying to find a place to sit on your fast food wrapper papered couch. You
hit "on", and the TV shows images of fat asses just like yourself, crying
with Richard Simmons, saying things like "I just can't stop myself from
eating! Pies! Fried Chicken! Cake! Pizza! Hamburger! I just eat and eat
and eat! I can't stop! And now look at me! I'm fat." You try to explain to
your new, malnourished
Watch as AOL and MSN/Hotmail now mark IBM as a spammer...
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
The networks of zombie PCs are going to be even more lagged by IBM. Maybe this will finally get their owners to patch or firewall them.
IBM Unveils Anti-Spam Services to Stop Spammers
Anti-Spam services that STOP spam?!? You don't say? Now there's a novel idea...
This joke was brought to you by the Department of Redundancy Department.
Seeing how most spams come from zombies, I'm not quite sure what we're after; It's cool that we'll chew up the bandwidth so it limits the amount of spam he can send, but it's not like that's actually hurting the spammer.
I will be interested to see if this significantly limits the amount of spam at all.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
I don't understand what they mean about sending it back to the computer, not the email address. Do they mean that they'll identify the postmaster or domain administrator, because most spamers don't even have those addresses, or if they do they're total black holes.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
What if the spammer had this same technology? Would the internet get stuck in an infinite loop and go to 100% usage?
This post has been filtered for sanity.
Now we'll have even more junk traffic slowing things down on the internet. It's a waste of bandwidth, in my opinion, to do this.
Rather than adding yet more traffic to the net I think it'd be far better if more places ran OpenBSD's spamd package. It tarpit's mail connections from spammer machines thus consuming the remote machine's resources rather than generating more traffic in a misguided game of "fight fire with fire".
Trolling is a art,
I'd forge my return address as "webmaster@ibm.com"
Umm, what else would anti-spam services be used to stop?
IBM says in a new report that, in February, 76 percent of all e-mails were spam. While its report says that is down from a summer 2004 peak of nearly 95 percent, it is well above levels in February 2004.
Interesting that the figure has dropped so significantly in a year's time. The mere fact that email has been so thoroughly polluted as a medium by spamvertisers prompts me to think that RSS could be a way to circumvent email and its problems entirely. Imagine if people had pass-protected RSS feeds for all their contacts, as well as group feeds and a public feed. Then, when it's time to email someone, you just insert a new entry in that person's feed. A mechanism that checks feeds 10 times an hour should be sufficient. In terms of end-user interface, it would be identical to email in every significant way. Just seems to me that there's no room for spammers in a system like that, since in order to be "spammed" you'd have to subscribe specifically to a spammers feed.
There would be a lot of traffic overhead with a system like that, but it couldn't possibly be worse than the 75% spam overhead of email.
I Want To Believe
Completely pointless exercise, most big spammers are going to be using a outbound only load balanced relay of some kind, they won't be accepting the mail in from the same exit point.
...
This is complete crap.
take it from me, someone who sends out roughly 5 million emails daily.
It's been reported on a mailing list that the article is actually about FairUCE, which implements something completely different which makes at least some sense (for scoring, not for outright blocking).
-- Thou hast strayed far from the path of the Avatar.
I think maybe you missed the line that read "it is immediately sent back to the originating computer - not an email account".
Maybe I'm just new here, but wouldn't spamming the spammers still cause an awful lot of network traffic on some "innocent" ISPs for the spam wars?
Who is John Galt?
"honest spammers" -- there's an oxymoron if I've ever seen one before.
I think that was the intent. Almost time to drag out the "Reasons this won't work" list again...
Kjella
Live today, because you never know what tomorrow brings
perpetuate the problem of increasing traffic on networks thereby increasing infrastructure costs to a company?
Nevermind the fact that most spammers don't use a real e-mail address (shocker) -- but my IT department doesn't have funds to waste attacking spammers.
This is a duplicate of http://it.slashdot.org/article.pl?sid=04/12/04/204 7246&tid=111&tid=185&tid=95
However, the CNN story referenced seems to be utterly clueless as to how this technology, known as FairUCE, actually works. It really is nothing like they have described it. For real information go to IBM's page: http://www.alphaworks.ibm.com/tech/fairuce
This system does not try to DDOS the spammers, or anything stupid like that. It attempts to link the IP address of the sender to the senders domain name using DNS and WHOIS lookups. If that fails, it sends a challenge/response email to the sender.
"e-mails coming from a computer on the spam list" are treated this way. Great. So when a variable-IP zombie pc power cycles and I get their old IP address next, it becomes my problem. Time to buy a fixed IP service, people.
*THIS* is insightful? Although modern english grammar allows for "she", it is correct to use "he" to describe any person male or female without a sexist component.
I mean, it is seriously flawed. Why not dump it and design an optimal system that can handle the real world issues that pertain to email? We keep trying to patch a flawed system, it is only going to get worse. I realize many people have dumped a lot of money into email systems, but it is fatally flawed.
Maybe they take incoming spam that would have been bounced and instead reconnect to the SMTP server that tried to send it and direct the email to postmaster@localhost ?
wow, what a cool invention! surely IBM filed a patent?
Tristan
This will only add useless traffic to the net. Successful spammers hijack systems through use of trojans planted on Joe User's computer. Sending spam back to those hijacked systems will only cause more problems, and it's probably illegal in the first place. The only solution is to get a robust email provider that does effective spam filtering through the use of mail manipulation into folders, with application of aging on suspected spam.
Slashmail.org "The Open Source Email Company"
So they'll only be able to send spam at half speed.
And that's just until they figure out how to set up a packet filtering rule.
Not a big improvement.
Real solutions to spam [in decreasing order of success]
1. Not use SMTP, sounds like a shocker but like the doctor says "if it hurts don't do it".
2. honeypots can be used to waste spammers time
3. Absolutely don't reply to spam in any form
But the real problem is SMTP is not a reliable or robust protocol for the problem it tries to solve. The fact that people keep pushing it shows they're lazy.
But you don't have to abandon SMTP completely. Something as simple as hashcash could essentially eliminate spam.
Just nobody wants to actually implement it [re: think about a mozilla/thunderbird plugin that uses X-HEADERS to put/read hashcashes].
Tom
Someday, I'll have a real sig.
It is called a blacklist. There are many blacklists out there from the free like http://cbl.abuseat.org/ to the non-free http://www.spamhaus.org/. Wonder how much time IBM wasted on figuring out how to send a 500 error message based on IP.
...a valid e-mail from a company gets tagged as spam and then everyone who receives e-mail from that company starts attacking it back.
The main question here is who/what defines what's spam or not?
English does not have a third-person, gender-neutral pronoun for referring to a person (although "hir" has been proposed). So, as a matter of convention, when gender is ambiguous, the masculine is typically used by default.
I learned this from reading various military tech manuals that will, on occasion, put something to this effect in their preface.
A goal is a dream with a deadline
Okay, the subject sounds like I'm a troll.
Just being sarcastic. This is kind of a vigilante tactic and it doubles the bandwidth consumption of spam, which IMHO, isn't a good thing. I recall a statistic published six or seven years ago that stated that roughly 40 percent of all internet traffic was AOL email. Sorry I don't recall the attribution. Extrapolate that to all email and the ration of real email to spam.
If IBM finds widespread adoption, the increase in bandwidth consumption would be huge. And just how do they propose to not spam innocents that are listed in forged headers? I supposed this could be coordinated with tcpdump or somesuch on a router or even implemented on a transparent mail proxy but again innocents will likely get bombarded or it could be used to DOS an innocent.
Is this like 'fighting fire with fire' or the 'an eye for an eye will make the whole world blind' situation?
If you mod this up, your slashdot background will turn into a beautiful sunset!
Isn't that sort of like cutting off your legs to run faster?
...the spammers themselves use this service? Could their system get jammed by messsages going back and forth?
But really, suppose you take the most prominent IP adress out of the email, how on earth are you going to send an email back to him/her when port 25/tcp is closed (or does not connect to an SMTP service)?
To me, this sounds like wasted traffic, which has a price. So it's wasted money.
according to the helpdesk ctrl+alt+del will fix it, if it doesnt just reboot !
"Every time he tries to send, he gets slammed again."
Being sexist, huh?
I recall a pic of a female spammer years ago, she was of course ugly. All the photoshopping by dozens of antispammers didn't help either.
Tag lost or not installed.
The best idea is not hit the spammer, but the people advertising using the spammer. If they can generate enough traffic to hit the advertiser with essentially a DDOS, then the advertisers will go somewhere else.
Somehow I think the scum bag advertisers will be shut kdown without much effort and hopefully go back to selling knock off Rolex's on street corners.
Seems to me that most spammers will just disallow incoming mail.
Otherwise, sounds good to me.
With the increase in the cost of bandwith to ISPs (that allow zombies), this will hopefully force ISPs to shut off these connections.
Others may assume that these people will just pick up and move to another ISP... but I doubt it.
The majority of people only have a few options open to them when it comes to an ISP, and when their internet is not working they generally want to find and fix the problem, not cancel (if they even can, without breaking a contract) or pay a few hundred dollars to go to a new ISP (hardware, set-up fees, etc.).
Plus I'm betting that most people are more willing to run Ad-Aware (or get a neighboorhood kid to clean up their computer, for $30 or so), then wait a week switching to a new ISP.
1) Person on comcast gets zombie-fied
2) starts sending out spam to say IBM
3) IBM sends back spam to the zombie
4) IBM gets put on every RBL list because it actually is sending spam, think about it
5) comcast and every major company using that RBL and every user in comcast can no longer get mail from IBM
6) IBM yells and screams to RBL list owner that they really arent sending spam, just well sending back email to people who didn't ask for it, or didn't want it or didn't sign up for it. OK they are sending spam... just not bad spam.
Only positive I see is maybe ISPs like comcast might wake the hell up and start cleaning up the problems and stop ignoring their users.
Suppose the spammer's machine that sends 200k e-mails per hour. This machine is for sending only. It does not have any port for receiving e-mails opened. So - the throughtoutput must be high to send out 200k of e-mails, and what they will do to the spammers? If all servers (it is not likely to happen) are having IBM soft then they will receive 200k attempts per hour to connect to blocked ports on spammers machine while trying to hit back... And this is going to stop them? :-) Their specialized machines tuned for sending with no receiving capabilities against high-performance spam-analyzing machines that will waste CPU by identifying spam and waste bandwith while trying repeatdly pass e-mail to some blocked ports on spammers machine... Hm. I don't understand it. Just another way how to hurt people afected by spam by selling the useless software/hw to them.
Well, I've got to get back to work. When I stop rowing, the slave ship just goes in circles.
IBM's tactic is utterly useless because the vast majority of spam originates from zombie PCs. Those zombie system may have an SMTP engine to generate spam, but they most likely do not have port 25 open. Bouncing the spam back will be futile. It is more likely to generate a new denial-of-service attack: send a spam to IBM and watch them fight in vain attempting to bounce back the message.
signature pending slashdot approval
and as many open and blind relays got shut down, spammers got new technologies (|-|ac|0rz actually helped them) such as DSL zombie trojans.
... company with deep pockets ... law$uit. "So what if it was spamming, it was working fine until you Big Blue guyz hacked it."
I suppose it's true, these may well disable the actual machines sending the spam.
Hmm, some fool whose zombie machine gets shut down by IBM
"Make Money Fast with a Zombie Machine on the Net" spamming only ibm.com addy's.
Tag lost or not installed.
A discussion on a techie website about article on a financial website about a techie problem and proposed solution. I RTFA- let the groundless speculation fly!
Come on people, don't you find it a bit hard to believe that a company like IBM is going to attempt what they're saying in the article, for obvious reasons? There's something major missing from this article.
666-607: 6th floor apartment of the beast
Spam just lost the battle.
- FairUCE.com
Doesn't appear to be related to IBM based on whois info.
This seems a bit like an internet cold war. We'll send ours...then they'll send theirs...then we'll send some more...and they will send some more...etc...untill the internet as a whole just shuts down under the load. Then no one will win. Tic Tac Toe anyone?
My comments may be crap...but they are my crap...and I am brave enough to stand by them...Never post as AC!
This is one thing that I'm concerned about. I get a lot of spam where the headers are forged to make it look as though the originating computer is in the middle of the whole e-mail routing process. So, for anyone who doesn't know better, they look at the first IP address and assume that that's the guilty system. I'm finding that more and more this is not the case.
If their system gets such a spam, how exactly are they going to determine which IP address is the true, valid IP address? If they do nothing more than find the first IP address in the header chain, the spammers can easily fool the system. Hell, they could even use it to trick the IBM system to DDOS a completely innocent site that they just don't like!
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
ipchains -A input -s $MYNETWORKS -j ACCEPT
ipchains -A input -p tcp -dport 25 -j DENY
I mean, I suppose in theory IBM could DOS my ipchains, but this is rate-limited by what I'm capable of sending out, which is significantly less than ipchains could handle.
All's true that is mistrusted
"Technically, FairUCE tries to find a relationship between the envelope sender's domain and the IP address of the client delivering the mail, using a series of cached DNS look-ups. For the vast majority of legitimate mail, from AOL to mailing lists to vanity domains, this is a snap."
When I'm travelling, I send email using a third party smtp server, not my ISP's server. So, would fairuce screw that up? I already get bounced by Lucent's server if I don't use my isp's server.
Let's try to make the link to the original slashdot story work this time: It's here
Anyone remember the smurf attack? Send a large ICMP PING to a broadcast address from a spoofed IP of your real victim - all the machines in the subnet then DDoS the victim with replies sent to the spoofed address. This new DDoS of spamming machines sounds kind of similar. What's to stop haxx0rs exploiting this to cause a DDoS of non-spammers?
Your post advocates a
(x) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
It's about time the world wakes up to the fact that this is NOT a solution, it only makes the problem worse.
You don't harm a spammer at all by bouncing a message back to the zombie that sent it. You only hurt the network itself, for all of us.
Get your heads out of your asses and realize that the only way to prevent spam is to fundamentally improve SMTP. Billions of dollars of work have been wasted on all of these stupid, stupid, stupid attempts to fix the symptom instead of the cause.
I was expecting it to be "IBM Unveils Anti-Spam Services to Bake Cookies for Spammers".
Headline: "IBM Unveils Anti-Spam Services to Stop Spammers"
As opposed to those nasty Anti-Spam Services that are used to encourage spammers.
is the law and the fines that will be applied internationally and enforced (collected) by the local authorities on the SOURCE.
If there was no Spam senders there would be no problem with Spam. Right? The problem is that we keep going after the carrier, not the beneficiary.
Fine the people for whom and on whose behalf the Spam is sent. Make it for one dollar per spam message received. Instead of sending for free, the messages end up costing more than the Post Office.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I'd like to learn more about this. What's your phone number, I'd like to call you to talk further.
I was talking with my dad the other day. He gets tons of (real) junk mail every day and is tired of it. I believe that the postal code allows you to refuse incoming mail and they will ship it back to sender. I told him that he should do that with every piec of junk mail he gets to prove a point. Maby they would stop sending it to him if they think the address is no longer occupied?
I wish IBM would just distribute free plugins for Notes, Outlook, Evolution and other popular email clients that enforced contact lists. Every contact would include their public key for authentication. Any authenticated incoming message not on an authenticated blacklist would be accepted. Authenticated messages could include attached vCard data, introducing another contact. Blacklists and unauthenticated messages would require a refundable $1 PayPal payment to be attached, while waiting in a filtered folder for eventual consideration by the user. So spammers would have to pay a big deposit to "make new friends", while individuals would risk a negligible amount in individual introductions - which would be refunded if their intro was successful.
This system could all be handled with email protocols. It just needs a simple interface, with the transactions almost entirely behind the scenes. IBM is perfectly positioned to create and distribute it. Let's see some real constructive attacks on spam that improve the infrastructure and trust, instead of just counterproductive acts of vengeware like this latest IBM announcement.
--
make install -not war
For those that actually read the article, it is completely wrong. It does a terrible job of explaining FairUCE. Read the material at http://www.alphaworks.ibm.com/tech/fairuce. They are not advocating sending spam back to the spammers, but instead are using a combination challenge/response and DNS lookups to associate a reputation to the IP that is sending the email message. I figured IBM was smarter than the original article was implying.
My modest proposal: A email to Doom interface. (Remember the Doom job control UI for Linux a few years ago?) Spam filters could grade the email and represent it as a particular monster in Doom. Then you could just hit delete with a rocket launcher or BFG. Of course, if you're sloppy with your shots, there might be some collateral damage on real email -- but isn't there always?
Yep, an utterly point idea, but at least it's more fun than these FUSSPs.
One line blog. I hear that they're called Twitters now.
yes. Yes. Yes! YES!!!!!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Wait a freakin' minute here. If all these zombie machines are sending from home-type broadband connections, why not just limit the amount of outgoing mail? I mean, the average user shouldn't have to send more than 1 email per minute? On average, think about it, how many emails do you send per hour from home? I measure mine in emails per day, not hours. When the ISP sees, oh 50,000 emails flying out in say, a minute, Put the brakes on that ip addy. I'm sure some reasonable setting would be effective and not bother 99.9% of the users, except for those /. users who'll bitch up a storm.
-- Liberalism is a mental disorder.
I've always wanted to DDOS every machine that is listed as an open relay on the rbl sites. I think a constant reply to a spammers machine would generate more unwanted traffic. Maybe it's time to organize and take down open relays.
The sender ip is easy to determine for the server... how do they want to figure out which port to send the crap back to?
...one of our unix servers got hacked, so I know that ;) They installed sendmail on some random port.
I mean, most of the spam servers are running on non=standard ports.
I read this on CNN this morning, and it made absolutely no sense at all. People who send spam aren't running SMTP servers, they're connecting to YOUR SMTP server. So the plan is to connect back to their hypothetical SMTP server and send the bad message back to them? The best you're going to do is flood some source IP's firewall with ill-fated connection requests. If they're not running a firewall, then you'll even get a reset back. Maybe they figure if you have enough people sending small packets to a single host, it'll shut them down even without the actual mail delivery.
Kind of reminds me of EFNet in the early days, actually.
lets have a look at a the smtp talk:
.)
server: hello blah
client: ehlo someplaceonthenet.com
server: ok
client: mail from: somefaked@nowhere.org
server: sender ok
client: rcpt to: somedestination@thisdomain.com
server: ok
client: data (terminate with
First line is subject.
buy makemoneyfast etc..
.
# Now server recognices spam message and pipes it straight back.
First line is subject.
buy makemoneyfast etc...
# And at last the expected
server: ok
client: quit
----
While 95% of all spam comes from compromised hosts, this might increase bandwidth usage on some of the more prominent spam holes, located in some far away places.
On the other hand I cannot understand why people have a spam problem in the first place. I use rbls I use spam assassin and razor. I may have about 2 spam emails a week and the legit traffic is around 2000 emails per week.
Ok there might be about 5 a day in the spam folder. But that stuff is simply discarded.
For the people i exchange regulary emails with i simply use gpg signatures, and that is about the best line of defence against spam.
After sending a million spam messages to a million recipients using this system, the originating node receives a million challenges. Not DDOS per se, but it will almost always bring the spammer down as a (nice) side-effect.
Can you say Comcast?
How the hell do you expect ISPs to react to this kind of retalitory behavior?
You start attacking major networks automatically and you're going to see port blocking come up faster than you can say Postfix.
Watch as AOL and MSN/Hotmail now mark IBM as a spammer...
How much spam do you get that's actually sent from AOL and Hotmail servers? Sure, you see joe jobs all the time with a reply-to address on one of these servers... but actual spam routed through them? Not much. They've done a decent job cracking down on it (it's in their own best interest, even without IBM retaliation in the picture).
It wouldn't be much use to attack the server the mail "pretends" it comes from. That's not what they're doing -- the vast majority of IBM's targets are going to be actual spammer-owned servers, open relays, and zombies.
As if a thousand spam servers cried out and were suddenly overpowered!
It's *your own fault* if this happens. Keep your PC secure and you won't have a problem.
But what happens when the software controlling the zombie PCs is upgraded to resend the returned spam?
Internet crash!
To: [*.*]
From: [*.*]
Subject: Re: Crashtastic!
John Deere Unveils Lawn Mower to Mow Lawns
What if Digg added local news and a Slashdot inspired comment karma system? ---
http://houndwire.com
Someone(s) is sending spam pretending to be from my email address lately and I am getting tons of bounces, delivery failure notices, etc. Quite a pain.
Anyone else dealing with this? How do you cope? Right now I am still on the "suffer through" phase.
all the best,
drew
FreeMusicPush If you want to see more Free Music made, listen to Free
Then I realized how much crap I was storing and how much bandwidth I was using sending all those challenges. Postgrey and blacklisting have done a pretty good job of cutting my spam load down to acceptable levels. If spammers ever get wise to that trick, my last ditch effort to save my E-mail system will be to check incoming mail against a whitelist and if it's not whitelisted, check to see if it's encrypted to my personal pgp key and reject it if it's not. For my tiny one-person system it's reasonable to do this in real time, but I'd hate to think what that'd do to a server with thousands of people on.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
-no extra bandwidth charges
-free to use
-a whole lot less controversial
-no RBL issues
duh!
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
Umm, I hate to say it but IBM will probably get slammed by lawyers in reverse for DOS attacks. DOSing spammers isn't new and DOSing is still considering hacking.
--- Always remember. 99.36% of all statistics are inaccurate.
Many businesses already have. To send them feedback or ask for more info, they don't provide you with an email address; they make you fill out a web form. But I guess they didn't do it right because when I give them my own web feedback form for "email address" it rejects it. It even rejects their own, so I guess it is broken.
now we need to go OSS in diesel cars
Add a few other things before sending it back. Like ssping, teardrop, gin.c, etc etc. try all the DoS attacks just incase one works :)
Are the 1st of April jokes coming out early this year? I think they had another 1st of April joke like this last year.
The Solution
Suprisingly it works for a variety of situations.
money in pocket
are you on it or in it?
BTW, at the risk of getting flamed, what are the merits of going to a minimal charge model for sending email, to make mass spammings too costly?
Will zombies sidestep even this, or could an accepting protocol require a stamp to allow delivery from none-trusted email?
Just my $0.02.
is an interface to ARIN, etc so when an IP connects to your mailserver and dumps a whack of spam, the mailserver can automatically query ARIN, get the abuse email address (which should be a requirement for administering IP space), and send the logs/spam to that email address. If someone owns IP space and sells it to someone else (an ISP), THAT person who admins that portion of IP space should have to have an abuse email that can be queried by mail servers on ARIN. This way, everyone who owns IP space will get a shitload of junkmail when their machines get pwned, or if they, themselves decide to get into the spamming business. Also, a requirement should be that the email address for the abuse contact should resolve to an IP that is in the owners possesion (so they can't register an email address at hotmail or something to get around all that junk). If the email address does not function, ARIN can pull their IP space or warn them for not obeying the rules. Just a thought.. an undeveloped spur-of-the-moment thing. What do you guys/gals think?
You create your own reality - Leave mine to me.
While the spammers and spyware people think it's cool to install software in holes in Windows. Why doesn't someone use those same holes for good? I know that this has been discussed in the past but hear me out. Use those same holes to install Spybot S&D, Ad-Aware, etc. Activate them. True that you are installing software on another persons computer without their consent. But thinking of the internet as an organism spam zombies are cancer that is killing the ability to use some services effectively. Fight back by doing something useful. Stop the problem at the source. Immunize the PC for the people that don't have a clue. Don't bash them for not being as Uber (yeah I know there are supposed to be umlauts over that) as you are.
Nothing is impossible. It just hasn't been figured out yet.
That will get the user of FairUCE blacklisted. It's called backscatter. The email address provided in the SMTP transaction, or the message headers, should ABSOLUTELY NOT be considered valid unless, and until, the IP is verified as designated by the domain of the RHS of that email address. And then even that won't work very well if spammers start forging addresses within the same domain as the zombied machine. Don't forget that spammers do have a list of lots of email addresses within all the major domains. They only need to pick one at random that has @comcast.net as the RHS for the zombies running on comcast.net.
now we need to go OSS in diesel cars
Strange. From the description on IBM's site for FairUCE, I get nothing like what this blurb describes.
/.
Sounds like someone at IBM was showboating quotes for an article. Seems he didn't read the IBM FairUCE site. Just like 99.9% of the slashdot readers.
I like how most have reached conclussions about the technology without having read about or used it. Of course, that's what makes it
Let's hope they go about their jobs with a little more discipline.
Here's the text of the WSJ article cited by CNN. It actually has much better information and clarifies some points.
--
IBM Embraces Bold Method To Trap Spam
By CHARLES FORELLE
Staff Reporter of THE WALL STREET JOURNAL
March 22, 2005; Page B1
Warriors in the battle against junk e-mail are adopting a contentious tactic: Spam the spammers.
The most-common spam defense used to date -- software filters that attempt to identify and block out the unwanted messages -- hasn't stopped the flood of Viagra pitches, cut-rate mortgage offers, and solicitations for foolproof investment schemes swamping many inboxes. Some recent studies say 50% to 75% of e-mails carried over the Internet are spam.
An alternate approach -- counterattacking, in effect -- has been available for some time to users of open-source software, for which code is posted free of charge on the Internet. But adoption in corporate offices has been slow, partly because of fears of exposing companies to certain liabilities -- especially if a target is actually innocent of spamming.
But now the practice is going mainstream. International Business Machines Corp. is expected to unveil today its first major foray into the anti-spam market with a service, based on a new IBM technology called FairUCE, that uses a giant database to identify computers that are sending spam. One key feature: E-mails coming from a computer on the spam list are sent directly back to the machine, not just the e-mail account, that sent them. The more spam that comes out, the more vigorous the response.
"We're doing it to shut this guy down," says Stuart McIrvine, IBM's director of corporate security strategy. "Every time he tries to send, he gets slammed again."
The IBM move follows security giant Symantec Corp., which released a new product in January that uses a similar technology called "traffic shaping" to slow connections from suspected spam computers.
Trapping spammers is sometimes called "teergrubing," from the German word for "tar pit" -- as in, spammers get stuck. It is the equivalent of answering a telemarketer's phone call, "saying 'Hi, how are you,' and setting the phone down and seeing how long he'll talk before realizing there's no one on the other end," says Tom Liston, a computer-security expert.
Teergrubes exploit some convenient features of the Internet, which was designed to be a polite method of communication. Computers -- including e-mail servers -- that chat back and forth in the Internet's electronic protocol will courteously wait to see that their data has been received before sending more. Typically, such acknowledgments come in a matter of milliseconds. A computer set up to teergrube will languorously stretch its responses out to minutes -- effectively tying up the spamming machine and reducing its ability to pump out messages.
How to handle spam -- or, indeed, any other form of unwanted electronic traffic -- is a tricky issue in security circles. Gaining unauthorized entry to a remote system, even in order to stop it from harming yours, is generally illegal under anti-hacking laws. The aggressive new products from IBM and others don't violate those rules, but they can increase the amount of network traffic. Unnecessary traffic increases are generally frowned upon.
But proponents of aggressive antispam tactics say something needs to be done to choke off the supply; simply turning the other cheek and trying to discard spam as quickly as possible isn't enough. IBM says in a new report that in February 76% of all e-mails were spam, down from a summer 2004 peak of nearly 95%, but still well above levels at the same time last year.
"Yes, we are adding more traffic to the network, but it is in an effort to cut down the longer-term traffic," says IBM's Mr. McIrvine. Brian Czarny, vice president of marketing for MessageLabs Ltd., which uses the Symantec product, says traffic shaping doesn't constitute a potentially illegal "denial of service" attack because it is r
I get the WSJ and the article does indeed confirm it is FairUCE....
IBM Embraces Bold Method To Trap Spam
By CHARLES FORELLE
Staff Reporter of THE WALL STREET JOURNAL
March 22, 2005; Page B1
Warriors in the battle against junk e-mail are adopting a contentious tactic: Spam the spammers.
The most-common spam defense used to date -- software filters that attempt to identify and block out the unwanted messages -- hasn't stopped the flood of Viagra pitches, cut-rate mortgage offers, and solicitations for foolproof investment schemes swamping many inboxes. Some recent studies say 50% to 75% of e-mails carried over the Internet are spam.
An alternate approach -- counterattacking, in effect -- has been available for some time to users of open-source software, for which code is posted free of charge on the Internet. But adoption in corporate offices has been slow, partly because of fears of exposing companies to certain liabilities -- especially if a target is actually innocent of spamming.
But now the practice is going mainstream. International Business Machines Corp. is expected to unveil today its first major foray into the anti-spam market with a service, based on a new IBM technology called FairUCE, that uses a giant database to identify computers that are sending spam. One key feature: E-mails coming from a computer on the spam list are sent directly back to the machine, not just the e-mail account, that sent them. The more spam that comes out, the more vigorous the response.
"We're doing it to shut this guy down," says Stuart McIrvine, IBM's director of corporate security strategy. "Every time he tries to send, he gets slammed again."
The IBM move follows security giant Symantec Corp., which released a new product in January that uses a similar technology called "traffic shaping" to slow connections from suspected spam computers.
Trapping spammers is sometimes called "teergrubing," from the German word for "tar pit" -- as in, spammers get stuck. It is the equivalent of answering a telemarketer's phone call, "saying 'Hi, how are you,' and setting the phone down and seeing how long he'll talk before realizing there's no one on the other end," says Tom Liston, a computer-security expert.
[Spamalot]
Teergrubes exploit some convenient features of the Internet, which was designed to be a polite method of communication. Computers -- including e-mail servers -- that chat back and forth in the Internet's electronic protocol will courteously wait to see that their data has been received before sending more. Typically, such acknowledgments come in a matter of milliseconds. A computer set up to teergrube will languorously stretch its responses out to minutes -- effectively tying up the spamming machine and reducing its ability to pump out messages.
How to handle spam -- or, indeed, any other form of unwanted electronic traffic -- is a tricky issue in security circles. Gaining unauthorized entry to a remote system, even in order to stop it from harming yours, is generally illegal under anti-hacking laws. The aggressive new products from IBM and others don't violate those rules, but they can increase the amount of network traffic. Unnecessary traffic increases are generally frowned upon.
But proponents of aggressive antispam tactics say something needs to be done to choke off the supply; simply turning the other cheek and trying to discard spam as quickly as possible isn't enough. IBM says in a new report that in February 76% of all e-mails were spam, down from a summer 2004 peak of nearly 95%, but still well above levels at the same time last year.
"Yes, we are adding more traffic to the network, but it is in an effort to cut down the longer-term traffic," says IBM's Mr. McIrvine. Brian Czarny, vice president of marketing for MessageLabs Ltd., which uses the Symantec product, says traffic shaping doesn't constitute a potentially illegal "denial of service" attack because it is responding to connections made by anot
Could there be something designed which would automatically send an email or hammer the web site of whatever links/email addresses are in teh spam? It would drive bandwidth costs through the roof for the hosters of the sites as well it will be useless traffic and email boxes would get flooded.
This doesnt even have to be installed at the user level...let the ISPs do it, they already scan your email any remove a lot of junk from it as of now, let them get the 100% match or blocked address list or something...real fast it will stop, they would become valueless.
Mad, adj : Affected with a high degree of intellectual independence. Ambrose Bierce - The Deveil's Dictionsary
Isn't this sort of like blowing up a speeding car?
The collateral damage to innocent people will be tremendous.. If a spammer is stupid enough to use his own machine, he would drop off line instantly after he broadcasts.. IBM's packets have to go somewhere, flooding out neighbors..
Plus, what if the person spamming has been infected with a virus and isn't knowingly spamming, or IBM's system misidentifies the offending machine? There would be hell to pay..
Yes, spam sux, and it needs to stop, but we need to do it properly..
---- Booth was a patriot ----
Whenever I try to go on Slashdot at school, the filter blocks it because it is "General Pornography." Is there something about Slashdotters I don't know yet?
Well, I can think of a way to help conserve bandwidth.
Seems to me the idea is to flood zombie machines and make them unusable. So, rather than suck up valuable bandwidth - why not ping of death the zombie machine?
Zombie machines are what they are because the users don't take basic precautions. Like install patches. I'll betcha 99% of all Zombie machines aren't immune to even simple stuff like ping of death.
Weaselmancer
rediculous.
Sooo.. its ok to commit a crime and 'put down' someone that doesn't even know what is going on?
That's about like shooting out the tires of someone that didn't know the speed limit and went over 5MPH.. "well they had to be stopped"
How about telling their ISP instead.. so they can notify the user. Sort of like giving the speeder a warning ticket..
It is also not reasonable to require that the average Joe understands their pc enough to not get infected.. no more then it would be reasonable for you to understand heart surgery before you went to the doctor for the flu.. Or how to rebuild your transmission when you go in for an oil change. Skills like that take training.
---- Booth was a patriot ----
In the West, Big Blue spams YOU!
Shutdown zombies, fine, maybe choke them enough so their owners realize there's a problem.
But what about those computers out there that aren't zombies? IIRC the last time something like this was proposed or anyone acted on blocking IP addresses of such computers the chinese complained bitterly.
Expect chinese, russian and several other countries which which happily host these servers and the scumbags who own them to complain bitterly.
Remember when our trade was arguments about wood or steel or shoes? Now it's about internet traffic and ecommerce
A feeling of having made the same mistake before: Deja Foobar
Assume you are a spammer. You set up a mail server to send out millions of mail messages from IP address X. There is absolutely no need for IP address X to *receive* mail, so you firewall incoming connections on port 25. FairUCE now just bounces connections off the firewalled port, accomplishing nothing.
So you don't get anything. It may as well just drop the mail.
Microsoft cheerleader, blue flag waving, you got a problem with that?
Why not use these "unique" id's for the purpose of filtering out spam?
"Would it kill you to put down the toilet seat?" -- Maya Angelou
the one true way to stop spam,
and its NEVER been done...
EGRESS FILTERING!
hey guys, get a freaking clue...
it works. use it.
do you know *WHY* it will never be used?
why would AT&T (example) filter a customer who is paying them $100,000 a MONTH to send their spam?!?
yeah, you got that right, spammers are paying that much just so the ISPs WILL carry their trafic. if all that money suddenly went away. well... you know the rest...
PS-I work for a MAJOR ISP that does this. I think I mentioned their name in this article....
From the FAQ (http://www.alphaworks.ibm.com/tech/fairuce/faq)
No real performance testing has been done, but speed is expected. The code basically consists of a few if/then statements and some DNS look-ups (which are cached in memory as well as on the DNS server). The mail server will probably bog down before FairUCE does.
Wow... sounds like the developers don't even consider this to be a substantial piece of software.
I read the IBM article. Sounds like the early days of SpamCop. SpamCop traces headers back to the originator or the first phony header, to validate the source. Mail with tracing problems used to get a challenge from SpamCop, but they gave up on that. Challenge-response effectively does a denial of service attack on joe-job victims. It's also incompatible with too many legitimate autoresponder systems that send mail confirmations of transactions.
CNN (and by extension, slashdot, surprise!) got this completely wrong. It's challenge and response sender identity technique, which is way different. See the IBM webpage about fairuce.
It's not offtopic, dumbass. It's orthogonal.
Over a year ago I had this idea and I tried to get my ISP to do it. I even talked to a VP, but all I got was all the "reasons" why it couldn't be done, or it wouldn't work because the spammers fake the IP, etc.
I still think it can work, and I've (finally!) begun using KMail which has a "bounce" function.
Since using "bounce" on all spam, I've been getting far less spam, so I have to believe it works.
If spammers are able to fake the IP in the sending header, then the SMTP relays and routers need a patch to bounce any faked IP on the spot.
"spams the spammers"?
I think not. This is from CNN after all. They publicly admit they lie often. This is true here.
http://www.alphaworks.ibm.com/tech/fairuce/faq
Take note to what this system actually does. Not what the (lying) press tells you.
1. Isn't this just another challenge/response system?
No. Challenge/response (C/R) systems challenge everybody; FairUCE sends a challenge only when the mail appears to be spoofed.
2. Other anti-spam technologies work well. Why should I switch?
FairUCE eliminates any need for a "probable spam" folder, as well as the necessity of keeping up with the latest version of antispam software.
3. Will it run on Windows®, or with QMail, or with Sendmail, etc.?
No, the current release does not.
4. Is it fast?
No real performance testing has been done, but speed is expected. The code basically consists of a few if/then statements and some DNS look-ups (which are cached in memory as well as on the DNS server). The mail server will probably bog down before FairUCE does.
5. Don't all those challenges take up unnecessary bandwidth?
A little bit, but it takes the server much less time to send out a small challenge than it does for the user to look at it in the spam folder, no matter how fast he presses the delete key. Legitimate senders know immediately that a user hasn't received their email, and they can click a button to have it delivered. Meanwhile, the emails sit in the queue for only an hour if they can't be delivered.
If the user doesn't exist, most of the time it gets /dev/null'ed - you have to accept the message rather than just drop the connection, but sendmail and postfix deal with this situation fairly gracefully, at least if your server can handle a brief load average of 100+ gracefully.
Traditionall, we just send those unknown addresses to "sales" where they were dutifully examined by someone, usually by filtering through "rm" after the disk filled up - you never known when a message addressed to aaaaaaa@ is going to be the big sales lead!
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
If the 3000 machines in my botnet get connectivity from generic-isp.example.net,
and I set the sending email address of my spam payload to be
"user@generic-isp.example.net", it sounds like FairUCE may let the spam
fly unmolested.
I was thinking of writing my own virus that packet sniffs all the devices and triggers on outgoing port 25 requests. It gathers statistics about how many emails are sent in a given hour and if it detects more than say 20 emails per hour, pops up a dialog box stating that there's an unusual amount of email being sent from that computer each hour and that it could very well be infected with a mass mailing relay bot.
If I was clever enough, I'd have it monitor all incoming and outgoing packets, looking for patterns and log them. Then it could take those logs and send them to authorities to investigate the source of the spam abusers (looking for common source ip addresses for example, then tracking it back to the individual(s) who has been controlling these bots).
Of course, I'm clever enough to know that even a benign or beneficial virus like that would be a bad thing as far as the law is concerned, so I'm not going to bother.
Isn't the real key to find out WHAT is spam? Are they just using a spam level from SpamAssassin and then DDoS'ing the sending IP?
I (and the world?) am more interested in what method they're using to decide its spam, instead of what they do with it after they make this decision.
--falz
It is registered by the author who wrote this article and published it on the IBM alphaWorks site. And spam has not lost the battle at all. In fact FairUCE actually gives spammers a new tool to do DDoS attacks. The logic of FairUCE is all wrong. And the code does not appear to be free open source. Networks that send C/R will still get blacklisted.
now we need to go OSS in diesel cars
Excuse me?
How does it get the zombie's email address in order to send it spam? Maybe what you meant to say is that IBM DoS's the zombie? Or maybe IBM sends spam to the forged sender email address?
But I do think IBM would deserve the RBL listing if they go forward with the brain-dead idea.
now we need to go OSS in diesel cars
I'm wondering why they developed this instead of just leveraging/adopting/inproving spf, domainkeys, or some other DNS-based soution that's already out there? (yes, I see that they plan to add SPF support eventually). Seems pretty limited in it's current form.
Oh dear, you're right. It's Yet Another CR System, but with some standard sender verification (a la SpamAssassin) glued on the front.
In other words, it's as utterly useless and counterproductive as any other challenge-response system. See http://www.xciv.org/~meta/2005/02/15/ for more discussion (from me) of why CR won't work.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
This is the section How it works from the IBM site:
I do not read spamming the sender here, only trying a challenge/response on probable spammers.
This space is intentionally staring blankly at you
Why do people from reputable organizations even float ideas like this? Attacking the minions doesn't do anything, "you have to kill the head vampire!"
Luck favors the prepared, darling.
Wait, wait! I got a better idea. If you get spam from someone, send them a Gmail invite! It will confuse the heck out of them, and I don't know about you, but I got enough invites :-)
AOL bought mailblocks which has a US patent on this type of technology. I am not sure if it does apply in this case, but it will be interesting to see if AOL goes after IBM.
In my view, I believe prior art exists with TMDA (Tagged Message Delivery Agent)
-Nuke the moon
We need bounty hunters. That's the only way to stop spam. The "laws explicitly prohibiting it" can go to hell. They can't track down osama bin laden, or spammers, but microsoft puts out a bounty for whoever created the last big virus and they find the guy in a 3rd world country 3 days later. Now I'll just wait for someone to reply to this and suggest that a 1 cent tax on every email sent could pay for the bounties.
In the US, there's already a law that if applied, could stop spammers: the 2nd ammendment.
It tries to match the IP address of the sender to their domain name. [...]If it can't [...]then it sends a challenge/response email back to the senders email address (not to the zombie PC). If the sender is genuine they click a button on the challenge/response email and the original mail gets accepted.
Great:
My site administers its own mail. But direct SMTP outbound mail uses a DSL line whose reverse translation points to our DSL provider, while outbound mail through the local mail servers goes through a mailserver site at a different ISP whose reverse translation will also point to them rather than us.
So all our outgoing mail will receive the challenge. Mail is handled by polling, so every outgoing letter to a site using their tool will now require two extra email transactions, two extra wait-for-poll delays, plus an extra wait-for-sender-to-read-email delay. (No more "fire and forget - now email accounts have to be checked several times a day.)
"Click a button"? On a mail reader without HTML or with it disabled? More like "copy and edit, and hope you don't screw it up".
Yuck!
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Ass-Hat.
Sooo.. its ok to commit a crime and 'put down' someone that doesn't even know what is going on? It's not a crime, IBM proposes sending back only spam sent from that machine. They are comfortable with the liability aspects. I am too.
In order to get attention. The problem has been ignored too long.
That's about like shooting out the tires of someone that didn't know the speed limit and went over 5MPH.. "well they had to be stopped"
No, it's more like shooting bank robbers in the head while they are trying to get away after having shot multiple victims in the bank. They ARE guilty of spewing spam, even if they didn't know it.
How about telling their ISP instead.. so they can notify the user.
Heh. You have no idea. We have been telling the ISPs for years. Most have no response, don't read their abuse mail, which is why they get listed in SBL and SPEWS, and are then whining about their mail being blocked.
They had every chance to solve the problem but the vast majority do nothing about it and the spam continues.
It is also not reasonable to require that the average Joe understands their pc enough to not get infected.. no more then it would be reasonable for you to understand heart surgery before you went to the doctor for the flu.. Or how to rebuild your transmission when you go in for an oil change. Skills like that take training.
No, but it is reasonable that he prevent his computer from causing damage to others BEFORE he shares the internet with US.
Just like it is reasonable that he know how to drive without crashing into others, BEFORE he shares the roads with US.
Or his ISP has to manage the problem. Or they can both pay the price.
Blackholed, DOSsed by the IBM antispam system. Whatever.
Time to take responsibility.
If this causes pain for some who are a part of the problem and gets their attention, it's good.
.
For one doing this is one thing, but don't go announcing to the world that you are effectively trying to DOS the spammer because to my knowledge there is still no law in place that allows you to attack back and the company trying to attack back could face legal action. Also isn't a large majority of spam from spoofed addresses using open relays meaning that they are just going to be sending back a bunch of traffic to possibly people that aren't the real senders.
News Reporters Make Tasty Polar Bear Treats!
I haven't seen a spammer's box in the last couple of years that's used to send spam also listen on tcp/25. That's because they don't have a SMTP server listening. When you try to send the spam back to the originating computer you're going to get your TCP connection rejected simply because they aren't running a SMTP server. Who's resources are they planning on wasting? Good grief. This isn't rocket science.
economically viable.
Drugs and other illegal activities are in the same class and the fines (and jail time) apply if you get caught (for both the buyer and the sales people)
With Spam you can't hurt the Spammers directly. They're hidden and have incentive to stay that way. That's why 'bots were created.
Instead you have to hit the Spammers CUSTOMERS where it hurts... The customers are the ones who pay the Spammers to send the stuff, not me and thee who toss all of that crap into the bit bucket.
Personally, I'd like to see extensive, multi-million dollar fines levied against them and let the local authorities collect (and that will take care of them whereever they happen to actually be.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Thorns aura is illegal in leagues.
But then you need an ISP that will allow you to fake a bounce message. I don't know what the law says regarding this. For all I know, it could be illegal.
First off McIrvine only works for Tivoli so what he's selling is a toolkit you can retrofit into a hosting farm.
Next he's talking about a SERVICE so that if IGS hosts a customer, it's 99% likely that the customer will have a domain of customername.com not ibm.com. The spam fighter will originate from customername.com. So if some other source detects that the spam fighter is spam only that domain will get hammered.
So yeah, it sounds a lot like a roll-your-own version of TMDA with SPF whitelisting.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Challenge response does not work well. In my case, there is a spammer out there who uses random email addresses at my domain name. Every time he sends a spam run I get anywhere from tens of thousands to over a hundred thousand bounced emails at my mail server. This server is for personal use only and is not designed to handle huge amounts of email, though Postfix doesn't seem to mind too much even though it's a 333MHz Pentium II box running Linux (uptime now at 595 days).
While my mail server doesn't seem to mind too much (other than huge log files), my Netgear firewall goes nuts from time to time forcing me to reboot it.
What would stop this type of DDOS I'm under? The gateway mail server should validate the recipient and return an error code right away instead of sending a bounced email later.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Backscatter problems are different - they're the problem of email claiming to be From: realuser@realdomain or random-fake-user@realdomain, but actually sent from some other location, whether a spammer's machine or an open relay, zombie, etc. Yahoo/Hotmail/etc. get annoyed about the large volume of spam claiming to be from fake addresses on their machines, because they not only get complaints, they also get bouncegrams. Real users get even more annoyed - this used to be a huge problem when several popular Microsoft-email viruses were forging from addresses to make their mail more likely to be read, and occasionally spammers decide to joe-job somebody who's annoyed them.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This basically makes the assumption that:
a) spammers give a rat's ass about receiving e-mail, and thus actually *have* incoming mail servers, and
b) that spammers aren't spamming through botnets.
Since both these assumptions are false, this suddenly becomes a spectacularly stupid idea.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
I know, its extreme. in fact, I would end up blocking myself (I send valid email from a home smtp server on dsl).
BUT - the majority of systems that are sending mail from dsl/cable are invalid. owned systems.
even just a single grep of the DNS name (from the inbound connect on your system) and a reject will eliminate 95% of the spam. at least the zombie driven spam.
(not only that, but I have my mailer feedback info, live, into my ipchains (or similar) firewall. the firewall is on the same system as the mailer and so once I detect a cable/dsl user sending to me, I block him at the firewall level.
he sends one connect to me, I get his domain name, I shut him off and he never even GETS to deliver body parts or more headers to me.
same thing works for illegal usernames. if someone tries to guess usernames at my site, they get blacklisted on my firewall on port25. if they persist, they get blackholed on ALL ports.
it works.
and there's no DOSing of anyone.
--
"It is now safe to switch off your computer."
Duh.
4 7246&tid=111&tid=185&tid=95
Any other news, CNN?
"IBM stock edged higher in midday trading on the New York Stock Exchange." Yeah, great. Sure as hell this is related.
And then, dear slashdotters, it's a dupe. http://it.slashdot.org/article.pl?sid=04/12/04/20
Ohmygod. Einstein was right about the universe and human stupidity.
...So what is the big deal?
:( And onone is going to read this...
The CNN article says "IBM is not concerned about liability, even in cases where innocent senders might be misidentified as spammers, because all the technology does is bounce back the e-mails, said Gail." The WSJ article posted by someone above says "based on a new IBM technology called FairUCE, that uses a giant database to identify computers that are sending spam. One key feature: E-mails coming from a computer on the spam list are sent directly back to the machine, not just the e-mail account, that sent them." This sounds exactly like the DNSBL FAQ at www.spamhaus.org which reads "Doing a DNSBL lookup on a message at SMTP connect time is cheap in hardware cycles and system time. Your DNS server may even have it cached from the last time the spammer tried. If your MTA already knows the incoming message is spam it can deny a spam message before having to pass it to mail-scanner (medium cost), through the virus scanner (medium to expensive), bayesian filtering (medium), spamassassin network tests: blacklists, DCC, pyzor, razor, etc. (medium - high). Mail rejected by a DNSBL does not disappear into the bit bucket. A DNSBL realtime rejection creates a delivery status notification (DSN) to the sender identifying the cause of the rejection, therebye allowing troubleshooting on the sender's end. Realtime rejection avoids the "backscatter" problem of some spam filters which accept delivery, close the connection, and then try to return the mail after it is determined to be spam. Of course, as we all know, most spam and all viruses have forged sender addresses, and so the "bounce" goes back to an innocent third party (if it is deliverable at all). Using the SBL-XBL lists together (recommended) rejects a very large amount of spam and virus mail with very low "false positive" rejections of legitimate mail. And remember, all those rejected legitimate mails are instantly reported to the sender with a DSN. "
The IBM page says "FairUCE (which stands for "Fair use of Unsolicited Commercial Email") is a spam filter that stops spam by verifying sender identity instead of filtering content." "Technically, FairUCE tries to find a relationship between the envelope sender's domain and the IP address of the client delivering the mail." This suggests that the receiving mail server does a DNS lookup "at SMTP connect time" verifying that the from address is related to the owner of the IP address the mail is coming from i.e. email from joe@yahoo.com originating from www.msn.com "bad" email from me@myisp.net originating from www.myisp.net "good" or something like this. If the cash is of WHOIS lookups so what? IP addresses do not change hands very often (do they?), I may have a different IP every time I log on to the internet, but that IP is always comes up on a WHOIS as being assigned to my ISP.
this sounds like what my webserver is setup to do; if it detects an attempt to perform an exploit (POST'ing a file to a non-existant directory, attempting to execute non-existance scripts, etc.) instead of closing the port, it holds it as long as possible, sending it's response at the rate of 1 character a second.
...N...o...t...F...o...u...n...d...
4...0...4...:...P...a...g...e...
aka a tarpit
That doesn't mean you can't hack a DHCP server to always hand out the same IP address when asked by a MAC address that you've seen before, so everybody effectively gets a static address as long as they don't change NIC cards, add or change firewall boxes, etc. Or you can do more work and hack up something that, when it sees a new MAC address, hands it a 192.168.*.* address with 10-second lease-time which has a DNS and web server that asks you for your user account number and configures the DHCP server with your MAC and regular static IP address, so you can unplug and connect again and get back the address you're supposed to have. But those take work, at least for somebody, once.
I pay about $57 from sonic.net for service with static IP address; the price would be the same for dynamic, and I could get 4 static addresses just by asking for them. I've looked into other ISPs which have attractive-looking $29 deals, but those seem to all be dynamic addresses (and most are loss-leader pricing for a short term), and by the time you buy a static address, they all seemed to be at least $55. Speakeasy's price was similar to Sonic's when I last looked, and Sonic's plan structure was a slightly better match for me.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
NDR messages are bad enough these days. This new service from IBM will just clog networks more with bounce messages like the worms from the last few years. Anyone who's had their email address used in a worm email knows what I'm talking about.
I use a product called MXRate which is a configurable RBL/IP4r server that lets you set your own blocking criteria, and has a database that tracks mail server activity from about 5 million senders.
It blocks 98% of spam at my relay box before it even gets to my real server, and doesn't generate more bandwidth like IBM's new offering. Just a hint for those looking for a better solution that sending MORE mail.
Disclaimer: As a Comcast stockholder, I've had lots of reasons to call the company terminally stupid. Their cable modem folks are worse :-) [Oh, and just so this isn't totally off-topic, their cable modem people don't sell static IP addresses to residential users and don't let you run an email server, which is really annoying to Linux users and doesn't bother spammer zombies a bit.]
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If the IBM system does things cleverly, and I think it does (though you can't really tell from the confused news articles), instead of sending a TMDA-like confirmation note directly to the From: user's address, it makes an SMTP connection to the machine that sent the email and sends the confirmation note from there. This would at least mean that the confirmation only gets delivered to the purported sender if it's sent from a mail server that can reach that person. In general, legitimate mail usually gets sent this way (but not always, especially for people with multiple email addresses), zombie mail doesn't, and open relay mail does (but zombies and relay-blocking lists have made it less popular.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
First lycos now IBM, these people are FUCKING MORONS. Guess what genious's most spammers don't pay for their fucking bandwidth. Only the most legitimate spammings originate from the spammer. Its 99% carded, hacked or stolen servers. Way to cost non-spammers money on their bandwidth!
Sigh. This is an alphaWorks project that's been kicking around for a while. Precis: it tries to match the sender IP to the purported sender domain. If it can't find a match, it falls back to something similar to challenge/response. The theory goes:
1. All spam is spoofed, so it will fail the IP/domain match and won't get past the challenge.
2. The vast majority of legitimate mail will pass the IP/domain match, so will be delivered without needing a challenge.
3. The only legitimate mail that needs to be challenged is sent by "power" users, who will know how to deal with a challenge.
This could initially cause false positive problems for some legitimate direct marketers who use some bulk email service providers. However, the problem is quite easily fixed.
Note that this doesn't fight spam, so much as fight spoofed senders. Much like SPF, in fact.
Note also that there's been a deal of lousy reporting (say hello to WSJ and CNN), saying that FairUCE somehow spams the spammers back. What a load of old cobblers, as we say over here.
From the quotes attributed to an IBM exec in the WSJ, I'm worried that this mis-reporting might actually be IBM's fault.
[x] I am a total retard
[x] I deserve to be taken behind the barn and shot
[x] I have an inflated sense of my own sense of humor
It's not offtopic, dumbass. It's orthogonal.
What about NAT clients behind a firewall though? Sure it would be simple enough if using a mail relay, but it could cause problems for people who want to deliver directly via SMTP, but via a NAT gateway.
I think more and more we will see SMTP slowly move away from clients delivering directly. Incidentally one of the most amusing solutions I once saw was to reject connections from Windows machines only by using system fingerprinting.
How about, instead of blasting them back[0], we make a quick pass to determine what flavour of compromised the machine is, then exploit the bug to remove and patch it?
Yes, I know this isn't a new idea, but it seems to me a hell of a lot better in one paragraph than the article summary. And yes, I know it'd eat a lot of bandwidth, and you'd get the destination servers possibly stepping on each others' toes. You could roll some dice, add to a DNSBL of sorts, whatever. Rough idea.
[0] Sounds like they're just sending bounce messages. I just RTFA'd in the middle of posting to make sure I wouldn't sound completely clueless: Wow. Innovative.
Assume I was drunk when I posted this.
OOPS! Never mind!
They are merely sending the email back to where came (see here) Would you be sending unsoliticited post if you were sending junk mail back to the credit card company it came from. (which really annoys junk mailers by the way!!!)
The latest gadget news and reviews. www.absolutegadget.com
No matter what companies do to prevent spam the problem will get worse. The only way to put an end to this is for the governments of all the major nations to put forward a serious effort to stop spammers. The recent lawsuits filed in the US are a good step foward but in the wrong direction as they only are relevent to domestic cases. This is an international problem and it needs global collaboration in order to work.
The best way to approach penalisation of these criminals is for nations to impose not fines of millions of dollars which will never be paid, but to imprison and publically humiliate offenders. Twenty to fifty years in a Nicuagian, Turkish, or Russian prison would certainly deter spammers in those countries from commiting such economic crimes, and for those who think that such punishment is harsh think about the billions of dollars in lost revinue that spam has cost us in the form of wasted electricity, bandwidth, and IT. Total that with the damage done by viral spammail and the numbers quickly add up. If this kind of theft of capital occured in any other form it would be considered a major felony in just about every country.
I'm not trying to slam IBM. The very fact that they are doing something to cure this technological disease is great, but it just won't have any long term inpact. Technology is only a short term solution--spammers will eventually find a way around every filtering system we can possibly build. The only thing that will ever have a long term inpact on spamming (spyware, adware, crapware, pop-up, and pop-overs for that matter) is a common international law that tackles the issue. Unfortunately, the only flaw would be that it would be up to the individual nations on how t enforce it (or weather or not to enforce it at all).
> It is returning the message to the SMTP server it arrived from ...
It is not. Check the facts. What the program does is decribed quite well in its website. It uses some DNS hueristics to let some email that looks OK pass through. If the IP of the sender doesn't match the domain of the envelope-from address well enough a challenge email is sent: sent means to the envelope-from, not to the sender's IP. You cannot send to the sender's IP. You can only send to an email address, and the only available address is the envelope-from that was determined to be probably forged.
So what this program does is send a email message as a challenge to people that it setermined that are probably not really the senders. The developers claim it works great for them and they have to treat far less spam. But that is only because the manual treatment of the spam is passed to the innocent people whose addresses were used as forged "from" addresses. This system works for its users as long as they are few (just as any other challenge/response system). But it is not scalable. If Everyone used it, then it would become an annoyance equal to spam. You cannot have everybody sending challenges to everyone else all the time!