Slashdot Mirror
FTC Recommends ISPs Disconnect Spam Zombies
Mike Markley writes "CNN is carrying a story about the the FTC's plans and concerns around spam zombies. They say they will be identifying such zombie hosts and notifying ISPs, and are recommending that the ISPs disconnect indicated users. There's also a recommendation likely to raise the ire of the geekier sorts: that ISPs only permit users to send mail through their own servers (presumably by blocking port 25 outbound)." From the article: "Law enforcers in 25 other countries, from Bulgaria to Peru, are also participating in the campaign, the FTC said. Absent from the list of cooperating countries was China, where experts say rapid growth and a relative lack of technical sophistication have led to a large number of zombie computers."
Comment removed based on user account deletion
Problem solved, and everybody wins.
Check out my sci-fi/humor trilogy at PatriotsBooks.
That ISPs only permit users to send mail through their own servers (presumably by blocking port 25 outbound)
My ISP doesn't block 25 outgoing but a few spam blacklists have my IP range on their "DSL/Cable/Dialup" listings so I send mail from my internal server through the ISP.
The result? No more "You're on a dynamic IP" bounce messages.
Trolling is a art,
Here's Bob. Bob is your boss at a small to mid sized company. He's not what you'd call "technical". You're the company's "tech" guy. You also do other things, but when the computers don't work, you're the go-to guy. Your company isn't that large, or that technical itself, so you host your mail with your company's ISP, PhoneCo. When Bob goes home, however, his ISP at home is CableCo. Bob is perpetually calling you either at home, or into his office because he "damn well can't send that email!" Invariably, the reason is because his account is configured to the wrong SMTP server, depending on where he his located.
Wouldn't it be nice if you could just set up his account to use the company's ISP for SMTP all the time? You used to be able to do that, until the spineless CableCo decided they were just going to blanket-block port 25, no exceptions, instead of doing traffic analysis and chopping off the offenders. But that would take work, and effort, and nobody wants to do that, so just block 25 and call it a day!
Note: Some elements of this story might be based on real experiences, which may explain the negative bias towards blanket policies of any type as bandaids.
Hardcore geek here, with a UID that's far lower than yours.
Don't block my outbound port 25.
Don't block my outbound ANYTHING.
Block me off completely when my machine hurts the internet by spamming/flooding/whathaveyou.
I'm so sick of this "Let's surrender our internet because of Microsoft" bullshit. I'm sick enough of it to burn karma by posting this crap that's going to get modded into oblivion.
Not all of us know someone with a well connected server. Not all of us want to post mail from somewhere other than our box. I know that my box is working and isn't logging what I'm sending somewhere else. I know that the government isn't reading my email logs. I know that my server is MY SERVER and that's THAT.
If you don't like it, go back to AOL. Then you can have your little closed interface, able to email all of your little friends who use the same closed interface, and get charged for what I can get for free. All I have to pay for is my connection, whereas you'll have to pay for every "value-added" service you use.
The previous has been a secret message to my comrades.
But there are better ones. I have just shy of 2 million broadband users on my network. Every day I have many customers who are detected as being infected. Automagically they are placed in a walled garden where the only page they can load tells them what is happening. Basically it tells them that they have been compromised. If we can determine the virus/trojan they are running, we give them a link to a locally stored method of corrrecting the problem. I have never received a complaint about it, but I have received hundreds of calls saying thank you.
I do have to question the FCC's thinking though. Most people who get infected are not of a technical nature. If you disconnect them from the net, they are at a loss of how to fix the issue. Obviously they don't have uptodate protection on their machine. if they go out and buy a brand new copy of whatever virus software, it will need to download the latest definitions, which they can;t do because you shut them off.
It reminds me of the mid 90's where if your ds3 to one of the 6 or so backbones went down they would send you an email to notify you. Or sending them a letter telling them you shut their phone off and telling to call you to get it turned back on.
Blocking port 25 would just about kill small business people that use a 3rd party hosting service for their webpages and email.
;)
It doesn't matter what SMTP server you send outgoing mail from (so long as it's not blacklisted) -- SMTP doesn't check domain names or anything (which is also really the reason spam can exist so easily).
I had a situation that was really annoying a few years ago. We were on DSL with the incumbant phone company, and used our own co-located server to send mail. One day, I could no longer connect to SMTP. Called them, of course teir 1 tech support says "no, nothing has changed". I wait for a while to see if it'll go away, then call them back a couple hours later. This time, the guy says that they noticed one router wasn't blocking 25, so they "fixed" it. I decided just to use their server, since it was an easy fix (make a DNS entry in the office only that points to their IP instead of ours).
This was fine for a couple months. Then one day, we couldn't send mail again. I tried to connect to their SMTP, and it would either timeout, or VERY slowly connect. I call them, and they say they're being hammered by viruses, and it'll be fixed soon. Within half an hour it was back to normal. This happened about 3 more times, and I got really annoyed. I called and asked them to remove the port 25 block (just for my account -- even to only my mail servers IP), because it was rediculus we couldn't send email. They said they couldn't, I'd just have to wait. Well, it was several hours and still not working, so I called again, and asked to speak to a manager or supervisor. Basically, same deal "no, we can't take off the block. Maybe you can use webmail". Although it would work, I didn't want to tell everyone to use webmail instead of their email clients just because of this. I called another ISP, asked them how long it would take to get me DSL (and made sure I could use my mail server), ordered it, and called my ISP back and set to get rid of their connection.
Of course, this started another rediculus series of events. The DSL remove order and DSL add order (that get filed by old and new ISPs, respectively) got "mixed up", and a couple days after moving to my new ISP the DSL signal was lost. An angry call to the phone co had it back within an hour (yet it somehow still takes 5 business days normally).
The old ISP also decided that we actually couldn't cancel when we did - we were on a 1yr contract, and had to pay 50% of 8 months service or something for cancelling early. We had been a customer for 3 years, and none of our bills for the past year said anything about a 1year contract. They also couldn't produce the contract -- not even an unsigned version. In subsequent calls, they claimed that it was a verbal contract yet couldn't name who had supposedly made it. Eventually months later, in an effort to get our local phone service back (we had switched to a CLEC many years ago), they decided to "credit" our account for the charges. Of course, we remained with the CLEC.
Anyway, that got a tad off topic, but I felt the need to vent. Stay away from the big phone companies
Speak before you think