Slashdot Mirror
Getting on Top of Spam Down Under
The Register is reporting that Australia has implemented a new industry code for the regulation of email with respect to spam. From the article: "Under the new code, internet service providers (ISPs) will bear some of the responsibility for helping fight spam. Service providers must offer spam-filtering options to their subscribers and advise them on how to best deal with and report the nuisance mail. ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email."
How about a first post spam filters? May be we don't require law to make slashdot do this...or do we?
While this is a good idea, I'm surprised most ISPs wouldn't do this anyways. It's a considerable waste of bandwidth, and their best interest to reduce spam.
How would this clash with the pay-for-spamming option by AOL?
What a stupid law. Why put enforcement on the ISP's? There aren't that many spammers, the key is to go after them with harsh penalties. The rest will wake up after a few test cases.
Since when has this country used intellectual elite as a pejorative term?
So the law states that ISPs have to give consumers a choice on their spam protection. Does the law mention anything about if the ISPs can charge the customer for that option?
Oh shit, did I just do that?
Anyone got a link to the *actual* legislation ?
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Brilliant!
"No post shall be made until another post has been made first."
I predict the end of all Slashdot troll posts!
"People that quote themselves in their signatures bother me" - athakur999
...have some bizarre fetishes.
picpix image polls. create - share - vote. fun!
I run a tiny web host biz (150 or so domains) .. Our Clients INSIST on spam filtering.. We're not an ISP... I could say "Heres Spam Assasin" deal with it, but, it doesnt work in the real world. We have to deal with the spam. Why would anyaone give out their primary email address on a form anyways?
Let the Yahoos,gmails,and hotmails deal with it. (no?)
-- I Dont Deserve A Sig I Have Bad Karma
Colour me unimpressed - the Prime Minister of this country (John Howard) phone spammed the continent prior to the last election, then paid his smug looking son to spam the nation.
Anyway, back on topic, here's an article from a local paper - it contains a link to the actual code of practice (pdf warning)
My pics.
Why wouldn't they have this running already? It would reduce wasted bandwith, and make users happier. ISPs should do their best, and let users know in case some crappy 'joke' fwd'd to 100s didn't get through. My suggestions: Graylisting Mailscanner ClamAV Bitdefender Spamassassin DCC checks This will help reduce things CONSIDERABLY - again, if I can do it at home, why can't an ISP have a dedicated FreeBSD box (or two) that just handle this step, and then pass it on IF it passes?
fak3r.com
On the other hand these stats are interesting:
http://www.ciphertrust.com/resources/statistics/
They tell me a few things.
1. Don't use citibank.
2. We're not doing as well as it seems to me
It's another token effort.
internet service providers (ISPs) will bear some of the responsibility for helping fight spam.
Some is not all, which means that any percentage they block meets the requirement. If they delete one, and pass 1000 - that fits the definition of some.
ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email.
Do any spammers use their own account for outbound spam?
Weaselmancer
rediculous.
I saw an article elsewhere on /. about wrong numbers directed to someone's cell phone (in essence, accidental phone spam). A few days ago, I saw a print article on the difficults an admin at a school corp. has with students' use of school computers, and that he routinely blocks 150 or so sites a week.
These are all related issues with one simple solution - implement a "deny by default" rule. Deny all communications except what is permitted. Given the option, I'd have all phone calls from number other than what's in my built-in phonebook routed to voice mail. I would block all email other than what's sent from my list of 'approved senders'. And in the admin's case, I'd block all internet access except what's specifically permitted.
Why don't people do this?
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
SPF assumes all email to be spam unless proven otherwise.. seems to reduce it by the ton from what I've seen. We should have more implementation of this.
{} ------ When I think of a good sig, I'll put it here
The Following links are as follows:
Spam and internet security information http://www.acma.gov.au/ACMAINTER:STANDARD::pc=PC_2 008 web page
Spam Act Review: http://www.acma.gov.au/acmainterwr/telcomm/industr y_codes/codes/iia%20spam%20code%20dec%202005.pdf
Spam Review http://www.dcita.gov.au/ie/spam_home/spam_act_revi ew2 documents.
Knock yourselves outwith it.
RegardsSlashdotgirl
The more I know, the less I know
I think the real lesson is not to be an idiot about emails from "the bank".
I can see where the Aussies would have a pretty bad spam problem; most spam is already focused on the Down Under regions.
...to press submit, but figured I might as well live a little.
YES, WORLD, MY MIND IS IN THE GUTTER!;-)
picpix image polls. create - share - vote. fun!
As more and more people put SPF into their DNS, the punishment for a message not having it can increase. In turn, then, more and more people put SPF into their DNS.
Let's get the ball rolling!
http://en.wikipedia.org/wiki/Sender_Policy_Framewo rk
The title of the article is "Getting on Top of Spam Down Under," and I haven't even seen one v1@grA joke yet.
Your customers will usually send out the same amount of email every day. If it's within their regular levels, don't worry about it.
But when they suddenly start sending 100 emails a second, to 100 different address, it's time to shut them down and email/call them to see if they meant to do that.
Scanning outbound email can be a problem. I send virus tests to servers and I would not like an ISP stopping that.
The same with scanning for "spam" because I also send spam examples to lists and other people.
For me, the best approach would be for all companies (ISP's or otherwise) hosting email services to limit outgoing email to 100/minute or something and automatically blocking accounts that have a huge change in the amount of their outgoing email.
It's never going to happen, but that's the approach I'd take.
What I don't understand is why the ISP's don't do SOME degree of spam checking and dump the offending customers onto their own email server?
Okay, I know why BellSouth doesn't do that. They send out a lot of spam.
But other ISP's. If you're just going to buy more bandwidth, at least be sensible and put the problem children on their own server with their own, tiny, pipe and keep the big, fast pipes for your good customers.
Your government advocates a
(x) technical (x) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid government for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
This sig has not been evaluated by the FDA. It is not designed to diagnose, treat, prevent, or cure any disease.
Perhaps you've heard of me? I'm pretty popular!
By default I block all inbound IP connections, "except what's spefically permitted."
The big problem is a combination of three things:
- Goodmail is only useful for commercial mailing lists - it's not useful for people who aren't making money, whether that's non-profits or open-source developer lists or political grass-roots organizing or groups of friends or whatever, and
- by whitelisting Goodmail customers, AOL can turn up the screws on other high-volume email, which is bad for spammers but also causes collateral more damage to other legitimate mailing lists.
- AOL isn't providing a mechanism for people to choose whether to reject more of the non-GoodMail or not - they're just saying that the Goodmail is good.
From a social standpoint, the collateral damage is focused on non-commercial groups. I remember the days when almost any civic or recreational group typically charged a membership fee of $20-30/year, which covered printing and postage on a dead-tree newsletter. It'd be really annoying to have to go back to those days - for $20/year you can get yourself a real email provider instead of AOLBill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If they write laws that are too draconian, they'll break all the Aussie email providers and ISPs, and you'll will be stuck using Telstra to reach email providers in the US or Hong Kong - and Linux users probably won't be able to run their own email at home unless UUCP slides by the rules...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
"ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email"
Of course, if you want to exceed the "reasonable limit" of 2 messages per day, you must pay $30/month.
Also, a lot of ISP's spam filters suck. I have earthlink service and I get no less than 14 spam emails per day. that makes me quite reluctant to try their other "services" such as "scam blocker".
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
And will contribute further to the unreliability of email. False positives are much worse than spam, but just try to convince spamfiltering ISPs of that...
Hey, that sounds like the title of a spam message I recieved recently.
I'd be willing to bet the number of firewalls that are configured to allow by default exceeds the number of firewalls that are configured to deny by default by about 5 to 1. At least.
/. over port 80 and look what happens anyway.
I'm not talking about ports, but about source/destination of traffic. Of course, everybody's going to restrict to 80, 443, etc. But then you let in
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Unfortunately, the big phishing targets don't appear to be running SPF - eBay, PayPal, Chase Manhattan, e-Gold, etc., and unless they do, it won't have a lot of influence on spam. SPF can't stop all the possible abuses - somebody can still register names similar to the real ones (remember paypa1.com, with a digit 1 instead of lower-case L in the name?), and even give them SPF records - but at least it would be possible to block a lot of the junk. But if *they* don't adopt SPF, or DKIM, or PGP signatures, or S/MIME signatures, then they're not much help. Any ideas on how to reach clueful people at those companies to get them on board?
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
We have an old GroupWise 5.5ep system. But I have it sending through an app called Guinevere that runs SpamAssassin and the anti-virus apps. Guinevere hands off to Exim4 running on Debian.
Exim4 runs greylisting, checks open relay lists, etc. If everything passes there, it hands off to Guinevere which runs anti-virus then SpamAssassin (with Bayes) to flag anything suspicious.
Prior to that, 8 out of 10 messages would be spam.
Now, less than 1 out of 10 messages is spam.
I prefer Exim4 because I can put my phone number right in the error message that our server kicks back. I only block during SMTP receipt. Everything that I accept, I deliver. I might deliver it with a SPAM tag, but it gets delivered.
I get about 1 call a week from someone who's blocked or has problems. Usually it's because their server is incorrectly configured or they're using their ISP's email server and their ISP is on multiple blacklists for spamming (BellSouth is a prime offender there).
In the past month, we've received 2,005 messages that were flagged as "spam". I'm sure that many of those were legit ads from reputable companies.
We've also sent out 14,960 messages. So our incoming spam is even a fraction of our outgoing email.
We've received 29,594 messages that same month.
I cannot recommend Exim4, greylisting and SpamAssassin highly enough.
The following list is by no stretch exhaustive but hits many of the major enterprise level vendors available today. I'm primarily a router/switch guy, not firewall guru, but my experience reflects the same info I got from a couple quick googles:
Checkpoint:
Default deny "any" where "any" is a configurable list that by default actually omits some popular types of traffic. Yuck...just...yuck. Still, most services are in the "any" list.
Cisco (by far the largest market share):
Pix-OS based? Default deny external to internal. Fine.
IOS-based? Default deny external to internal. Fine.
Fortinet FortiOS(all platforms):
Default deny external to internal. Fine.
Juniper/Netscreen:
Default deny external to internal. Fine.
So you must be talking about SOHO broadband router and/or host-based software firewalls. Woe is the mail server admin who hides behind those.
Can you elaborate on how you think the ant-spam laws are ineffective?
As far as I can tell the laws have had quite a good effect, apparently spammers have either stopped, or have moved overseas: http://www.spamhaus.org/news.lasso?article=154, and http://www.spamhaus.org/news.lasso?article=161
All we need now is a law against fax spamming so that Dell and getawaysdownunder.com.au stop using my equipment and resources for their own marketing campaign.
What I am surprised by is that no-one has noticed section 8.1:
"ISPs directly responsible for the allocation of IP addresses to their subscribers (eg, all of them) will use all reasonable efforts to retain information pertaining to those allocations for a minimum period of seven days."
Can someone tell me what this has got to do with spam? Isn't this just a case of our privacy being thrown out the window but disguising it within a "spam act"?
1.ISPs need to filter or block port 25 by default unless someone specifically requests it unblocked. Or, failing that, detect zombified machines and block those.
2.ISPs need to implement good email based virus scanning (email is a major attack vector for viruses & trojans including spam zombies)
3.ISPs need to implement SPF. SPF wont stop spam but it will make it easier to detect if email claiming to be from fraud@paypal.com is really from paypal.com or if email from asdgtrqwrdasfsd@hotmail.com is really from hotmail.com (and therefore if there is a legit account associated with the address and if the sender of the email owns that account)
4.Governments need to introduce penalties for any provider that knowingly provides hosting (web, email or whatever) to a sender of unsolicited bulk email.
But until the economics of the spamming game change significantly, the stuff won't go away, and the economics include the facts that worldwide communication is nearly free, worldwide money transfer is convenient, at least from modern Western economies, and suckers are born every minute.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
You're misunderstanding me. It's not the firewall, it's the loose screw behind the keyboard that's using it. Firewalls, just like any other electronic appliance, are generally capable of doing their job AS LONG AS THEY'RE CONFIGURED PROPERLY. Of the homes and businesses with which I've been familiar enough in the past 5 years or so, I'd say 5% of homes, 10% of small businesses, and 20% of large businesses are setting their firewalls to "deny by default". And yes, I'm pulling those figures out of my anal orifice - it's just personal observation over the years.
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
I think we're talking past each other. To me, "configured by default," means the device comes from the factory with that behavior configured. To you, it apparently means, "a rule administrators deliberately configure to handle types of traffic that aren't specifically handled by other rules."
By default most firewalls deny all inbound traffic on an external interface and allow all outbound traffic that originated on an internal interface. Adminisitrators usually have to "break" their configurations to allow inbound from the outside "by default"--and, yes, this happens. I don't know that I'd say 80% are broken, but many are.
After looking through a few possible anti-spam plans the best I can see is chargin people to send emails. I don't really know how to administer it but if you charge a small amount, say 1c for each email. This wouldn't really effect the average user but to the people that spam sending thousands/millions it would become ecomically impossible to continue sending it?? I know the idea isn't perfect but it would have an immediate effect on the amount of spam. Let me know what you think. Cheers
Keep in mind that I'm talking about source/destination blocking, not port blocking. Sure, ports are blocked by default, and most people leave it that way. I'm talking about blocking by IP or DNS mask. How many home users realistically deny by default when it comes to addresses? Personally, I think that ought to be the approach to a lot of communications - email, web, IM, phones, even cable channels! Deny by default, then let in what you want.
J
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
They need to redesign the e-mail protocol, as it seems to allow insufficient control to block spam.
Some clever people need to sit down together and invent something new and future-proof, since the e-mail protocol as it exists has had it's best time. The anti-spam battle can go on forever until it's technically impossible to keep sending spam.
The whole spam filtering stuff is just hogging down e-mail servers, it's like fixing a leak by putting a bucket underneath it.
The best solution would be some opensource e-mail/instant messaging/VOIP/file exchange/blog integrated solution. It would fix many problems at the same time!
Keep in mind that I'm talking about source/destination blocking, not port blocking.
Er, default "deny all" rules do block by IP, not by port. The only times the firewall would look at the transport or higher layers are:
1) When there are existing entrie in its session table for internally initiated sessions that would expect return traffic. For that it would match transport layer ports and src/dst IP addrs to table entries.
2) There are exception rules superceding the default behavior. Then each packet must be inspected at layer 4 or higher to see if exceptions apply.
3) If NPAT one-to-many overloading is configured, such that every packet's layer three and four headers are updated according NPAT table entries.
How many home users realistically deny by default when it comes to addresses?
If they don't mess up their default configurations, then "many". But who knows? Home users aren't the demographic of this article.
Personally, I think that ought to be the approach to a lot of communications - email, web, IM, phones, even cable channels!
What a PITA that would be. Doesn't scale, breaks more stuff than it fixes, and generally just ugly conceptually. But to each their own...
I don't know about you but I don't find this funny anymore. It might have something to do with only one of the points actually being valid with respect to this article and even that one's only a "maybe".
In case you hadn't noticed, the government isn't actually advocating any particular approach but simply saying that you must take some approach to fighting spam or we'll fine you big time.
All this code has really done is to create a big stick that the government can use to whack ISPs who harbour spammers or who make it easy for spammers to operate. I'm sure this will improve the situation somewhat but three quarters of Australian ISPs will already comply with this code today, before it is enforced and the others are probably the small players. The market place demands that ISPs have spam filtering and virus scanning. Not sending out devices in default configuration is just common sense. Common sense is now legally mandated.
Sig matters not. Judge me by my sig, do you?