Slashdot Mirror
IBM Unveils Anti-Spam Services to Stop Spammers
bblazer writes "CNN Money is running a story about a new IBM service that spams the spammers. The idea behind the technology is that when a spam email is received, it is immediately sent back to the originating computer - not an email account. From the article, ""We're doing it to shut this guy down," Stuart McIrvine, IBM's director of corporate security strategy, told the paper. "Every time he tries to send, he gets slammed again."""
I think I'll stick with spamd. It doesn't waste my bandwidth.
How does this exactly help solving the spam problem when the machine sending the spam is not owned (but "0wned") by the spammer?
Or do they plan to DDoS the spam-zombies?
Watch as AOL and MSN/Hotmail now mark IBM as a spammer...
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
You end up shutting down the zombied PCs. I don't see how that's a bad thing.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
What's the problem? If you are participating, on purpose or not, you should be stopped.
Being subject to this form of retribution might make people aware of the problems on their machines. It seems to be a Good Thing to me.
Agile Artisans
If it helps knock the zombie effectively offline, the user is more likely to notice that there's a problem.
Paleotechnologist and connoisseur of pretty shiny things.
-- Thou hast strayed far from the path of the Avatar.
massive extra traffic to all isp's, traffic that doesn't even end up shutting the real source of the spam down.
so.. double the money wasted on spam on total and no cure.
world was created 5 seconds before this post as it is.
"e-mails coming from a computer on the spam list" are treated this way. Great. So when a variable-IP zombie pc power cycles and I get their old IP address next, it becomes my problem. Time to buy a fixed IP service, people.
I don't see any way that this would shut down zombified PCs. DSL/Cable usually has much more downstream bandwidth that upstream, assuming that its even open for receiving mail, I don't think that they would effectively be shut down at all.
Better to slam the websites advertised, like the slashdot effect, I reckon.
-d
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
I doubt it. What average user is going to understand the problem, much less the solution?
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
1) Person on comcast gets zombie-fied
2) starts sending out spam to say IBM
3) IBM sends back spam to the zombie
4) IBM gets put on every RBL list because it actually is sending spam, think about it
5) comcast and every major company using that RBL and every user in comcast can no longer get mail from IBM
6) IBM yells and screams to RBL list owner that they really arent sending spam, just well sending back email to people who didn't ask for it, or didn't want it or didn't sign up for it. OK they are sending spam... just not bad spam.
Only positive I see is maybe ISPs like comcast might wake the hell up and start cleaning up the problems and stop ignoring their users.
Suppose the spammer's machine that sends 200k e-mails per hour. This machine is for sending only. It does not have any port for receiving e-mails opened. So - the throughtoutput must be high to send out 200k of e-mails, and what they will do to the spammers? If all servers (it is not likely to happen) are having IBM soft then they will receive 200k attempts per hour to connect to blocked ports on spammers machine while trying to hit back... And this is going to stop them? :-) Their specialized machines tuned for sending with no receiving capabilities against high-performance spam-analyzing machines that will waste CPU by identifying spam and waste bandwith while trying repeatdly pass e-mail to some blocked ports on spammers machine... Hm. I don't understand it. Just another way how to hurt people afected by spam by selling the useless software/hw to them.
Well, I've got to get back to work. When I stop rowing, the slave ship just goes in circles.
IBM's tactic is utterly useless because the vast majority of spam originates from zombie PCs. Those zombie system may have an SMTP engine to generate spam, but they most likely do not have port 25 open. Bouncing the spam back will be futile. It is more likely to generate a new denial-of-service attack: send a spam to IBM and watch them fight in vain attempting to bounce back the message.
signature pending slashdot approval
If an ISP notices the extra traffic, might they not be motivated to get the zombies that are used for spamming off their network?
My small local ISP sends techs to help their customers when these things happen - and, yes, I realize that's not viable in most cases.
spamd(8) gives you additional capabilies above that of a packet filter ... greylisting, automatic whitelisting, etc. plus, you don't have to run it on your mail server and it will still function correctly. 3.7 will also have greytrapping
vodka, straight up, thank you!
I hope you invest for retirement, instead of saying "what's the point of spending money to make money later?"
Sounds more like undergoing chemo to kill cancer... just gotta hope that it kills the cancer before it kills you.
Or so I've heard, anyhow.
They don't really need to. Hopefully they can be smart enough to take it somewhere to have it fixed, even if they have to pay some outrageous fee to do it.
If your car stopped running because of some complicated issue in the engine, you don't have to understand the problem or the solution to take it to a mechanic.
Actually, you don't have to abandon SMTP at all. The protocol has already undergone a fairly major revision with the change to ESMTP and there are very few servers left that are still SMTP only. Technically, it wouldn't be very hard to bolt a much more robust mail transfer mechanism onto SMTP in the same manner we use to deliniate SMTP and ESMTP - the mail server banner and client "HELO/EHLO". For instance you could change the ESMTP banner to include the string "ESMTP v2" instead of just "ESMTP" and compliant servers could sign on with "ALLO", while older clients can still resort to "EHLO" or even "HELO" while the deployment is underway.
Simple, huh? Unfortunately not, because politically, it would probably be a complete nightmare to actually do anything like this. The whole idea would almost certainly break apart under the weight of competing agendas from the various parties involved. I think the whole MARID fiasco proved that beyond any doubt.
UNIX? They're not even circumcised! Savages!
is the law and the fines that will be applied internationally and enforced (collected) by the local authorities on the SOURCE.
If there was no Spam senders there would be no problem with Spam. Right? The problem is that we keep going after the carrier, not the beneficiary.
Fine the people for whom and on whose behalf the Spam is sent. Make it for one dollar per spam message received. Instead of sending for free, the messages end up costing more than the Post Office.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
You know, some customers on the entry level ADSL plan at one of the ISPs I work for are on a plan that gives them 500MB of data transfer a month, with excess at 15c/MB. It's a pretty standard arrangement here in Australia.
If this sort of plan counts as a DDOS attack, I wonder if those users will start sending their excess usage bills to IBM.
Then don't complain when ISPs start blocking port 25 at their head end.
I really don't know why ISPs don't just suspend the accounts of PCs with zombies/viruses. In the same way that you get your driving licence revoked/suspended for driving like an ass, people should get their internet accounts suspended too.
And it's not like it's hard to tell who the culprits are. Anyone who has logging enabled on their firewall will know exactly what I mean.
Can you say Comcast?
How the hell do you expect ISPs to react to this kind of retalitory behavior?
You start attacking major networks automatically and you're going to see port blocking come up faster than you can say Postfix.
SMTP requires two-way communication, so spoofing is nearly impossible. As mentioned in the article, this isn't a system of returning mail to the From email address, as everyone knows that is forged nearly 100% of the time in spam. It is returning the message to the SMTP server it arrived from. If spam is coming from your IP, you either have an exploited host or open relay.
That would be a hit to the bottom line - Average User will just think the ISP is incompetent and find another, way before ever admitting their system has a problem.
Better to just silently block ports, open them only when people specifically ask - then monitor for abuse.
The "news" story is pretty much completely wrong. You might want to read the actual technical details and refactor. (Sadly, a lot stays the same, I think.)
One line blog. I hear that they're called Twitters now.
Great, I can't wait to have my dynamic IP switch to one of a zombie pc and get dos attacked.
" What if the spammer had this same technology? Would the internet get stuck in an infinite loop and go to 100% usage?"
No more calls, we have a winner.
Why not just offer a service that acknowledges to spammers that they have reached a viable recipient? This is better than the old "Click here if you want to get off this mailing list".
For every 3 spam messages, I get a user saying they aren't getting their legitimate mail because the spam filter is blocking it.
The British had the right idea. Find the spammers and coil their intestines on a bobbin in broad daylight.
If you aren't part of the solution, there is good money to be made prolonging the problem
damn.. 100% overrated...
story of my life. heh
I read the IBM article. Sounds like the early days of SpamCop. SpamCop traces headers back to the originator or the first phony header, to validate the source. Mail with tracing problems used to get a challenge from SpamCop, but they gave up on that. Challenge-response effectively does a denial of service attack on joe-job victims. It's also incompatible with too many legitimate autoresponder systems that send mail confirmations of transactions.
but it will almost always bring the spammer down as a (nice) side-effect.
No, it will bring whoever is in the From: address down. It's extremely rare that that is an address that the spammer has anything to do with.
I believe posters are recognized by their sig. So I made one.
While the idea of pinging to death sounds great, it's also a DOS, Which, I think might be agaist some law here in the USA. Returning the mail to the sender seems to be legit.
onepoint
if you see me, smile and say hello.
5. Don't all those challenges take up unnecessary bandwidth? A little bit, but it takes the server much less time to send out a small challenge than it does for the user to look at it in the spam folder, no matter how fast he presses the delete key. Legitimate senders know immediately that a user hasn't received their email, and they can click a button to have it delivered. Meanwhile, the emails sit in the queue for only an hour if they can't be delivered.
The problem with this scheme is the "click a button" aspect. This would require HTML mail.
The spam problem would be 80% solved if HTML mail were not used at all.
1. Spammers wouldn't be able to track mail opening with tagged image links.
2. Spammers wouldn't be able to propagate their custom programmed spamming trojans and viruses nearly as effectively.
3. HTML mail is not needed. When was the last time you got email with a remote loaded picture in it (not attached) that actually interested you? Almost never in my case.
Hey! I got it, the FUSSP! Just ban HTML mail!
.
I haven't seen a spammer's box in the last couple of years that's used to send spam also listen on tcp/25. That's because they don't have a SMTP server listening. When you try to send the spam back to the originating computer you're going to get your TCP connection rejected simply because they aren't running a SMTP server. Who's resources are they planning on wasting? Good grief. This isn't rocket science.
Challenge response does not work well. In my case, there is a spammer out there who uses random email addresses at my domain name. Every time he sends a spam run I get anywhere from tens of thousands to over a hundred thousand bounced emails at my mail server. This server is for personal use only and is not designed to handle huge amounts of email, though Postfix doesn't seem to mind too much even though it's a 333MHz Pentium II box running Linux (uptime now at 595 days).
While my mail server doesn't seem to mind too much (other than huge log files), my Netgear firewall goes nuts from time to time forcing me to reboot it.
What would stop this type of DDOS I'm under? The gateway mail server should validate the recipient and return an error code right away instead of sending a bounced email later.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
This basically makes the assumption that:
a) spammers give a rat's ass about receiving e-mail, and thus actually *have* incoming mail servers, and
b) that spammers aren't spamming through botnets.
Since both these assumptions are false, this suddenly becomes a spectacularly stupid idea.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
Good thing the summary already covered this:
when a spam email is received, it is immediately sent back to the originating computer - not an email account
Unless you know of a way to mass spoof TCP handshaking, that is...
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.