Slashdot Mirror
IBM Unveils Anti-Spam Services to Stop Spammers
bblazer writes "CNN Money is running a story about a new IBM service that spams the spammers. The idea behind the technology is that when a spam email is received, it is immediately sent back to the originating computer - not an email account. From the article, ""We're doing it to shut this guy down," Stuart McIrvine, IBM's director of corporate security strategy, told the paper. "Every time he tries to send, he gets slammed again."""
Watch as AOL and MSN/Hotmail now mark IBM as a spammer...
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
The networks of zombie PCs are going to be even more lagged by IBM. Maybe this will finally get their owners to patch or firewall them.
IBM Unveils Anti-Spam Services to Stop Spammers
Anti-Spam services that STOP spam?!? You don't say? Now there's a novel idea...
This joke was brought to you by the Department of Redundancy Department.
You end up shutting down the zombied PCs. I don't see how that's a bad thing.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
What if the spammer had this same technology? Would the internet get stuck in an infinite loop and go to 100% usage?
This post has been filtered for sanity.
What's the problem? If you are participating, on purpose or not, you should be stopped.
Being subject to this form of retribution might make people aware of the problems on their machines. It seems to be a Good Thing to me.
Agile Artisans
If it helps knock the zombie effectively offline, the user is more likely to notice that there's a problem.
Paleotechnologist and connoisseur of pretty shiny things.
It's been reported on a mailing list that the article is actually about FairUCE, which implements something completely different which makes at least some sense (for scoring, not for outright blocking).
This is a duplicate of http://it.slashdot.org/article.pl?sid=04/12/04/204 7246&tid=111&tid=185&tid=95
However, the CNN story referenced seems to be utterly clueless as to how this technology, known as FairUCE, actually works. It really is nothing like they have described it. For real information go to IBM's page: http://www.alphaworks.ibm.com/tech/fairuce
This system does not try to DDOS the spammers, or anything stupid like that. It attempts to link the IP address of the sender to the senders domain name using DNS and WHOIS lookups. If that fails, it sends a challenge/response email to the sender.
massive extra traffic to all isp's, traffic that doesn't even end up shutting the real source of the spam down.
so.. double the money wasted on spam on total and no cure.
world was created 5 seconds before this post as it is.
"e-mails coming from a computer on the spam list" are treated this way. Great. So when a variable-IP zombie pc power cycles and I get their old IP address next, it becomes my problem. Time to buy a fixed IP service, people.
Moderators, parent post is not insightful, it is clueless. It doesn't depend on the spammer being honest. It depends on the spammer being dishonest. For actual information about how this system works see IBMs web page about it:
http://www.alphaworks.ibm.com/tech/fairuce
1) Person on comcast gets zombie-fied
2) starts sending out spam to say IBM
3) IBM sends back spam to the zombie
4) IBM gets put on every RBL list because it actually is sending spam, think about it
5) comcast and every major company using that RBL and every user in comcast can no longer get mail from IBM
6) IBM yells and screams to RBL list owner that they really arent sending spam, just well sending back email to people who didn't ask for it, or didn't want it or didn't sign up for it. OK they are sending spam... just not bad spam.
Only positive I see is maybe ISPs like comcast might wake the hell up and start cleaning up the problems and stop ignoring their users.
If an ISP notices the extra traffic, might they not be motivated to get the zombies that are used for spamming off their network?
My small local ISP sends techs to help their customers when these things happen - and, yes, I realize that's not viable in most cases.
spamd(8) gives you additional capabilies above that of a packet filter ... greylisting, automatic whitelisting, etc. plus, you don't have to run it on your mail server and it will still function correctly. 3.7 will also have greytrapping
vodka, straight up, thank you!
As requested (all selections open to change, subjective, etc, etc) Note the law-based stuff comes from the fact that I suspect a retaliation response like this is probably illegal, IANAL though so this may be/probably is wrong.
Your company advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
( ) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Your post advocates a
(x) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Sounds more like undergoing chemo to kill cancer... just gotta hope that it kills the cancer before it kills you.
Or so I've heard, anyhow.
That's the whole point of this system. It tries to match the IP address of the sender to their domain name. If this is successful then the mail is classed as genuine and delivered. If it can't (i.e the sender is an 0wned PC), then it sends a challenge/response email back to the senders email address (not to the zombie PC). If the sender is genuine they click a button on the challenge/response email and the original mail gets accepted.
As someone else pointed out, this could be used to DDOS someone by using a zombie net sending spam purporting to come from them. They'd then get innundated with challenge/reponse emails. Not nice.
I'd like to learn more about this. What's your phone number, I'd like to call you to talk further.
how about a bunch of geeks with shotguns and a list of all known spammers and their current residences?
I really don't know why ISPs don't just suspend the accounts of PCs with zombies/viruses. In the same way that you get your driving licence revoked/suspended for driving like an ass, people should get their internet accounts suspended too.
And it's not like it's hard to tell who the culprits are. Anyone who has logging enabled on their firewall will know exactly what I mean.
That would be a hit to the bottom line - Average User will just think the ISP is incompetent and find another, way before ever admitting their system has a problem.
Better to just silently block ports, open them only when people specifically ask - then monitor for abuse.
You're right on the money.
I went through chemo and radiation last year. The idea of chemo is that it kills cancerous cells, but it's completely untargetted, so you end up poisoning the whole body.
Without the chemo, I'd likely be dead now. I traded a few months of extreme weakness in exchange for near perfect health now.
The "news" story is pretty much completely wrong. You might want to read the actual technical details and refactor. (Sadly, a lot stays the same, I think.)
One line blog. I hear that they're called Twitters now.
Here's the text of the WSJ article cited by CNN. It actually has much better information and clarifies some points.
--
IBM Embraces Bold Method To Trap Spam
By CHARLES FORELLE
Staff Reporter of THE WALL STREET JOURNAL
March 22, 2005; Page B1
Warriors in the battle against junk e-mail are adopting a contentious tactic: Spam the spammers.
The most-common spam defense used to date -- software filters that attempt to identify and block out the unwanted messages -- hasn't stopped the flood of Viagra pitches, cut-rate mortgage offers, and solicitations for foolproof investment schemes swamping many inboxes. Some recent studies say 50% to 75% of e-mails carried over the Internet are spam.
An alternate approach -- counterattacking, in effect -- has been available for some time to users of open-source software, for which code is posted free of charge on the Internet. But adoption in corporate offices has been slow, partly because of fears of exposing companies to certain liabilities -- especially if a target is actually innocent of spamming.
But now the practice is going mainstream. International Business Machines Corp. is expected to unveil today its first major foray into the anti-spam market with a service, based on a new IBM technology called FairUCE, that uses a giant database to identify computers that are sending spam. One key feature: E-mails coming from a computer on the spam list are sent directly back to the machine, not just the e-mail account, that sent them. The more spam that comes out, the more vigorous the response.
"We're doing it to shut this guy down," says Stuart McIrvine, IBM's director of corporate security strategy. "Every time he tries to send, he gets slammed again."
The IBM move follows security giant Symantec Corp., which released a new product in January that uses a similar technology called "traffic shaping" to slow connections from suspected spam computers.
Trapping spammers is sometimes called "teergrubing," from the German word for "tar pit" -- as in, spammers get stuck. It is the equivalent of answering a telemarketer's phone call, "saying 'Hi, how are you,' and setting the phone down and seeing how long he'll talk before realizing there's no one on the other end," says Tom Liston, a computer-security expert.
Teergrubes exploit some convenient features of the Internet, which was designed to be a polite method of communication. Computers -- including e-mail servers -- that chat back and forth in the Internet's electronic protocol will courteously wait to see that their data has been received before sending more. Typically, such acknowledgments come in a matter of milliseconds. A computer set up to teergrube will languorously stretch its responses out to minutes -- effectively tying up the spamming machine and reducing its ability to pump out messages.
How to handle spam -- or, indeed, any other form of unwanted electronic traffic -- is a tricky issue in security circles. Gaining unauthorized entry to a remote system, even in order to stop it from harming yours, is generally illegal under anti-hacking laws. The aggressive new products from IBM and others don't violate those rules, but they can increase the amount of network traffic. Unnecessary traffic increases are generally frowned upon.
But proponents of aggressive antispam tactics say something needs to be done to choke off the supply; simply turning the other cheek and trying to discard spam as quickly as possible isn't enough. IBM says in a new report that in February 76% of all e-mails were spam, down from a summer 2004 peak of nearly 95%, but still well above levels at the same time last year.
"Yes, we are adding more traffic to the network, but it is in an effort to cut down the longer-term traffic," says IBM's Mr. McIrvine. Brian Czarny, vice president of marketing for MessageLabs Ltd., which uses the Symantec product, says traffic shaping doesn't constitute a potentially illegal "denial of service" attack because it is r
Great, I can't wait to have my dynamic IP switch to one of a zombie pc and get dos attacked.
Eliminate RSS from the mix, and essentially you are talking about something similar to IM2000.
http://cr.yp.to/im2000.html
The basic idea is to reverse the concept of how mail is handled today. If you want to send an email, you store it on your site until someone comes and picks it up from you. It is never delivered, all mail must be picked up. Instead of pulling your mail from a single Inbox, you pull your incoming mail from hundreds of repositories, depending on who is mailing you.
One advantage is that if someone wants to send out a million emails, it is up to THEM to store it, not you. Blacklisting becomes easier, as does whitelisting, etc.
And for you whiners who love bitching about how Dan Bernstein is behind it so it MUST be bad, please don't bother. That horse has been beaten to death hundreds of times before.
CNN (and by extension, slashdot, surprise!) got this completely wrong. It's challenge and response sender identity technique, which is way different. See the IBM webpage about fairuce.
It's not offtopic, dumbass. It's orthogonal.
"spams the spammers"?
I think not. This is from CNN after all. They publicly admit they lie often. This is true here.
http://www.alphaworks.ibm.com/tech/fairuce/faq
Take note to what this system actually does. Not what the (lying) press tells you.
1. Isn't this just another challenge/response system?
No. Challenge/response (C/R) systems challenge everybody; FairUCE sends a challenge only when the mail appears to be spoofed.
2. Other anti-spam technologies work well. Why should I switch?
FairUCE eliminates any need for a "probable spam" folder, as well as the necessity of keeping up with the latest version of antispam software.
3. Will it run on Windows®, or with QMail, or with Sendmail, etc.?
No, the current release does not.
4. Is it fast?
No real performance testing has been done, but speed is expected. The code basically consists of a few if/then statements and some DNS look-ups (which are cached in memory as well as on the DNS server). The mail server will probably bog down before FairUCE does.
5. Don't all those challenges take up unnecessary bandwidth?
A little bit, but it takes the server much less time to send out a small challenge than it does for the user to look at it in the spam folder, no matter how fast he presses the delete key. Legitimate senders know immediately that a user hasn't received their email, and they can click a button to have it delivered. Meanwhile, the emails sit in the queue for only an hour if they can't be delivered.
Oh dear, you're right. It's Yet Another CR System, but with some standard sender verification (a la SpamAssassin) glued on the front.
In other words, it's as utterly useless and counterproductive as any other challenge-response system. See http://www.xciv.org/~meta/2005/02/15/ for more discussion (from me) of why CR won't work.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak