Slashdot Mirror
FTC Recommends ISPs Disconnect Spam Zombies
Mike Markley writes "CNN is carrying a story about the the FTC's plans and concerns around spam zombies. They say they will be identifying such zombie hosts and notifying ISPs, and are recommending that the ISPs disconnect indicated users. There's also a recommendation likely to raise the ire of the geekier sorts: that ISPs only permit users to send mail through their own servers (presumably by blocking port 25 outbound)." From the article: "Law enforcers in 25 other countries, from Bulgaria to Peru, are also participating in the campaign, the FTC said. Absent from the list of cooperating countries was China, where experts say rapid growth and a relative lack of technical sophistication have led to a large number of zombie computers."
Problem solved, and everybody wins.
Check out my sci-fi/humor trilogy at PatriotsBooks.
I wouldn't mind to much, so long as you could opt out - just call up and say "I have half a clue what I'm doing" or "I'm not running a festering infected OS from Redmond".
...
I'm guessing most of the people who unwittingly harbour zombie machines wouldn't know wtf port 25 was anyway
Maybe a couple of basic networking questions to weed out the chancers?
Here's Bob. Bob is your boss at a small to mid sized company. He's not what you'd call "technical". You're the company's "tech" guy. You also do other things, but when the computers don't work, you're the go-to guy. Your company isn't that large, or that technical itself, so you host your mail with your company's ISP, PhoneCo. When Bob goes home, however, his ISP at home is CableCo. Bob is perpetually calling you either at home, or into his office because he "damn well can't send that email!" Invariably, the reason is because his account is configured to the wrong SMTP server, depending on where he his located.
Wouldn't it be nice if you could just set up his account to use the company's ISP for SMTP all the time? You used to be able to do that, until the spineless CableCo decided they were just going to blanket-block port 25, no exceptions, instead of doing traffic analysis and chopping off the offenders. But that would take work, and effort, and nobody wants to do that, so just block 25 and call it a day!
Note: Some elements of this story might be based on real experiences, which may explain the negative bias towards blanket policies of any type as bandaids.
Closing port 25 is pointless because the owners of the botnet already know to use the ISP's SMTP server, just like the victim does, to send mail. You won't really stop the spam or DDoS this way, you will just stop normal users from doing something that's easy and useful.
There's nothing difficult about running a mail server. Exim comes with debian and has reasonable default values set in a script that tells you what it's doing. It's no harder to run than it is to use a GUI client. There are many advantages to it as well, such as custom mail addresses for registrations and other junk.
Reducing redundancy is bad for national security. In the end, it's much easier to DDoS email by targeting two broadband providers than it is to target thousands of individual users with a clue. The setback will be temporary. As email dies as a useful communication media, Jabber and others will rise in it's place.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Hardcore geek here, with a UID that's far lower than yours.
Don't block my outbound port 25.
Don't block my outbound ANYTHING.
Block me off completely when my machine hurts the internet by spamming/flooding/whathaveyou.
I'm so sick of this "Let's surrender our internet because of Microsoft" bullshit. I'm sick enough of it to burn karma by posting this crap that's going to get modded into oblivion.
Not all of us know someone with a well connected server. Not all of us want to post mail from somewhere other than our box. I know that my box is working and isn't logging what I'm sending somewhere else. I know that the government isn't reading my email logs. I know that my server is MY SERVER and that's THAT.
If you don't like it, go back to AOL. Then you can have your little closed interface, able to email all of your little friends who use the same closed interface, and get charged for what I can get for free. All I have to pay for is my connection, whereas you'll have to pay for every "value-added" service you use.
The previous has been a secret message to my comrades.
Roadrunner, by contrast, doesn't do this. This is why I subscribe to their service now and dropped Mindspring.
Email I send goes over my LAN to my SMTP server, which then handles sending it out. 99% of the time I don't have a problem. When I do, it's usually for some shit like AOL or sending mail _to_ Earthlink or Mindspring, at which point they get a complaint email (whcih they of course ignore), and then a bunch of enraged calls from their customers (who don't understand the entire thing) saying that the ISP's email reception is broken (which it _is_). This wastes their time dealing with their enraged customers. If they don't like it, they can fix their fucking systems.
Of course, I could set a smart host to my ISP's mail server, which solves the problem, but grants me the problem I pointed out in the first paragraph.
If ISPs are going to block outgoing port 25 and effectively break the net that way, then they need to FIX THEIR FUCKING SMTP SERVERS FIRST. If they would do that, then I wouldn't give a rat's ass what the fuck they do aside from the principle of the thing.
All of this evades solving the real problem. The real solution is to filter spam using something like Spamassassin and, because that's a drain on resources, block the originating SMTP host automatically (and send an email to the technical contact) when X number of spams are received from the same IP address. When Y number of spams are received from an ISP, block that entire ISP. The IP mappings are available or, at least, could be made available. Then the ISP's resources are only tapped up to X (or Y) number of spams. This blocks zombies, but is a stopgap solution. The real solution lies with the originating ISP, which needs to map that back to an account and cut that account off. After that, the originating ISP which was used can send a bill back to the user and turn them into the FTC for violating anti-spam legislation. All this, of course, with forced banning of ISPs running zombies.
This, in turn, puts pressure on Micro$hit to fix their fucking operating system, and on users to keep their systems up to date.
Now the simplest solution? Wait for it, it's mind-numbingly simple. If you're going to block port 25, ALL ISPs should allow opening of port 25 with a no-questions-asked phone call with the understanding that if it's caught sending spam then, after a human review, the account will be cut off.
Hardcore geek here, with a UID that's far lower than yours.
You're allegedly a hardcore geek, but you're whining about the fact that people on consumer-grade internet connections are treated like consumers?
Really, if you want to get treated like the big swinging dick you apparently think you are, you should probably get a real internet connection. Go get yourself a T1 or a colocated server. Or both. Christ, I know people who get hundred-megabit pipes for their hobby projects; if you can't afford the few hundred bucks a month for a home T1, or the $70 bucks a month for a real ISP's DSL, then you should scrape together the $20 per month for a fractional colocated server and run your own mailserver.
Otherwise we may have to take away your ridiculously low UID and give it to somebody more deserving.
Both of these concepts have a potential flaw. Burden of Proof.
If someone is using my email address for fraudulent headers to make it appear that I am sending the spam, is that sufficient for them to shut me down? Do I have to prove that the email which I do not have a copy of, did indeed not come from me?
Based on how ISP's have behaved in the past, they would be more likely to arbitrarily shut someone down because their either triggered a spam filter erroniously (false positive) or got their email address put into the spam headers.
I do not agree that there should be a nominal fee applied to someone who is hosting their own mail server. On the contrary I should be getting refund on the basis of lower costs are realized against my account since I have zero email disk usage on their servers and have fewer help desk calls. The uber-geek types only need to call the ISP when the connection is down or blocked.