Slashdot Mirror
Email Servers Will Choke, Says Spamhaus
Rub3X writes, "The legal battle between antispam organization Spamhaus and e360 Insight is heating up. Spamhaus has a user base of around 650 million, and its lists block some fifty billion spam emails per day, according to the project's CEO Steve Linford. Spamhaus CIO Richard Cox says the immediate issue is that if the domain is suspended, the torrent of bulk mail hitting the world's mail servers would cause many of them to fail. More than 90% of of all email is now spam, Cox says, and he doubts that servers worldwide would be able to handle a ten-fold increase in traffic." Others estimate Spamhaus's blocking efficacy as closer to 75%; by this metric spam would increase four-fold, not ten-fold, if Spamhaus went unavailable. The article paraphrases CIO Cox as saying that the service will continue "even if there is a short-term degradation."
Oh wait it couldn't... Looks like it's time to start clustering my servers...
"Chinese Amazons, power armor, laser swords.... things just meant to be." - Shampoo, A Very Scary Bet
It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.
I still think they 3360 guys just look and smell like spammers. That spamhaus aggrees just adds to this conclusion. Here's what seems to amount to the spam histroy of the "plantiff".
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
...tilling for weeds and replacing your entire front yard with rocks.
I hope, when they die, cartoon characters have to answer for their sins.
I am so ready to walk away from email. I just need someone to point me to a workable replacement.
Maybe some legal problems could be avoided by having two lists. One, a list of spammers. The second list is people who are not spammers (cough) who have threatened or engaged in legal action to be removed from the first list. In other words a list of plaintiffs in court cases. Mail server admins could choose whether to use one list or both for blocking mail.
-- Ed Avis ed@membled.com
Which houses many many servers for a LARGE online University, amd we have problems with our email servers and viruswalls anyways. An extra 10 maybe 20 percent increase in email will probably choke us until we get new hardware....
Millions of men would experience an undeniable growth in penis size, everybody would be rich because of these nice fellows in your average third world country and being happy is out of question as long as the Xanax/Oxycontin stocks are full.
Die, Spamhaus! Die!
I understand, that SpanHaus's domain was/is at risk of being 'pulled' from the company.
:-/
If that happens, they can just get their clients to use the dotted-decimal URL format,
ie, to get the same services as can now be had via SpamHaus's domain name.
What's the problem?
This whole case is an insult to an other country's laws.
Maybe spamhaus going dark for a bit will be enough to wake people up to the problem a bit more and maybe finally get people working on a solution. Im all for registered mail (whitelists) or even pay to send email within reason.
I have a client who complains daily about the amount of spam she recieves (4-6 a day) and takes probably half an hour a day forwarding each of them to me along with rants about them. I have tried to explain that if she would parlay that half hour into about 5 seconds of clicking the delete button she would save herself alot of grief. She just wants it all eradicated, and frankly I dont think its really possible with an open email address. She will download things like weatherbug and signup for webshots or any other "free" service without regard to what "free" means when it comes to the web. I have tried explaining that you simply cant stop all of it and that level of spam control I have been able to maintain in far superior than most, but she insists I just dont know what im doing. The latest problem has been with image spams regarding penny stocks. The source shows basically nothing filterable, anyone ever find a way to deal with those?
I am now evaluating a Deep Six spam box to see if that helps but with what little is trickling through now I dont see alot of improvements, im already catching hundreds a day without it.
Here's the dnscache (part of the djbdns family) solution: /service/dnscache/root/servers# cat spamhaus.org
216.168.28.44
204.69.234.1
204.74.101.1
204.152.184.186
#
No need to HUP -- once the file is created and filled with those IPs, it'll pick them up automatically. You can easily install dnscache with the other tools on your mail servers for 0 interuption of service.
Cheers.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Law of the land vs Law of common sense. my money is on the law of the land.... (never bet on common sense... it is neither common nor makes sense)
I still do not see how the courts manage to see "right to deliver unwanted messages" are as free speech, while ignoring the rights and monetary loss of others.
First while "sending" email is free, the cost of actual delivery (internet backbone) and storage (server admins) are handled by other parties.
And the spam which makes the ways to the inbox somehow causes loss of time, two times. First the time of the recepient who must carefully find "real" email which could be lost in the piles of junk. And the time of the programmer who must develop anti-spam technologies.
I guess the best "comprimise" would be "taxing" the e-mails somehow. So that the cost of 1,000,000 messages of a single sender will not be put upon the carriers and the recipients (the attitute is: you're sending me mail to store, so you must pay for it).
Spamhaus has no idea how many spams it actually blocks. No idea about what other blocking mechanisms are used by its users, and only an estimate about how much email is spam.
holding the pipes and tubes to the internet screaming with his war face "BRING IT ON!"
now thats a slashdot experiance
After the failed attempt of the illegal alien crowd to shut down the USA by telling immigrants to march on one day (they don't differentiate between illegal and legal), Spamhaus should try the same.
Have spamhaus pick a day and time to report empty lists from 9am to 11:59am on a Monday. Then lets see what Congress and the FTC says.
The FTC issued a report (http://www.ftc.gov/opa/2005/06/adv1.htm) claiming that labelling spam would not be as effective as filters. If the idiots at the FTC and in Washington would feel the effect of spamhuas being down for a few hours.
Mandatory labelling os spam is effective. It would cut net traffic and processing time for some of the spam and make it easier to prosecute the illegal spammers.
I have many thoughts on the legal issues, but Steve Linford said not to discuss those as they may give the spammers idea. I will respect that.
Fight Spammers!
Use the UK domain system, e.g. http://www.spamhaus.org.uk/ . It works, and it's not subject to US law.
Wow, looks like an innovative use of BitTorrent...
I'm starting to wonder about the sanity of Spamhaus' lawyers -- or if they really have lawyers at all. So far their arguments seem to have been
1. This case is at the wrong court, it should go to a federal court instead.
2. (to the federal court) We agreed that you had jurisdiction over this, but we're going to pretend that we didn't say that.
3. What? You've decided that we broke the law? Well, you shouldn't punish us because we're really nice people.
While I do not doubt Spamhaus' credentials as really nice people, this is hardly relevant to the case in question.
Tarsnap: Online backups for the truly paranoid
Spamhaus is correct in saying that 90% of SMTP traffic on the net is spam. Based on my analysis we're seeing somewhere around 93%. People do not realize how much spam is blocked by relay blacklisting that never even gets to content-based filter systems. Virtually all major ISPs, including AOL, are heavily using relay blacklisting.
If Spamhaus goes down though, ten more RBLs will pop up. It's necessary to stop spam. And they're right... most mail servers on the Internet are not capable of handling the sheer amount of traffic if they were not also hanging up on bogus SMTP connections before even receiving content information. You ever wonder why your e-mail is delayed? This is because your ISP is queing mail processing because they can't handle it all at once. Without relay blacklisting, e-mail would be even slower and likely interrupted. I'm not suggesting that Spamhaus is that important, but what they do in theory, is.
All I can say is, pray that IPv6 doesn't get adopted or it will be even worse.
This judgement, if followed through, would be a big blow for continued US governance of ICANN. The Free speech argument is good as afar as it goes but don't people also have the right not to listen to the message? The judge is effectively saying that if someone is spouting crap defended by the right of free speech he also has the right to restrain people and force them to listen to this message. That surely can't be right, even in the United States.
Please tell me which is the Judge e-mail?.
This event may boost other spam fighting solutions like SPF.
In my opinion, it's a much better long term solution.
For more info see: http://www.openspf.org/
Why don't spamhaus just remove the e360 adresses from their regular spam lists and add them to a new list named "addresses no longer blacklisted becuase we were sued and ordered to remove them"?
:)...
That list would then serve as a perfect permanent black list for all sysadmins who happen to think that people who sue spam lists might not be the kind of people who send worthwhile emails.
I would actually recommend even higher priority to that list in the spamassassin config file than spamhaus' regular blacklists
Open Materials Database
Meanwhile the rest of the planet will treat an unenforcable court order from this judge about as seriously as they would a court order from the judge in this case.
GP was missing the link above.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Sorry to disappoint but SPF has nothing to do with spam, spam has traditionally forged the sender address and widespread SPF adoption would put an end to that.
I've also no idea why that old SPF web site is still up. Try here instead
OK, there's legal wranglings over the domain that you use for distributing this information.
.org.uk name, controlled by a British entity, that people who are worried about ANY downtime can use instead? I've seen ten or twelve press releases on this thing and not once a single mention of their contingency plan for if the world goes insane and the domain IS suspended (which they can fight about later).
This information is NOT illegal in the UK (in fact, the exact opposite).
So where's the backup
In fact, why stop at one, why not have half a dozen, registered under different countries? Why not publish lots and lots of backup domains that work in an identical manner that everyone can plug into their systems NOW and then not have to worry about things like this ever again?
Or is the press generated by such an issue more important for spamhaus than their user's mailbox?
I understand the principle of fighting the case anyway and not giving in because of some loopy judge in the US, but seriously people - this is the computing industry. Where are your backups?
I know people are going to love this... but after much thought I really only know one solid way to get rid of spam. That is by changing the system so spamming doesn't make any economic sense. Yes, what we need is a $0.2 tax on each email sent. As soon as bulk emailing has cost/benefit implications, spam is gone. Then, marketing has to work. The tax money could also be used for something good, like infrastructure development and upkeep.
Following these Spamhaus stories, I see a lot of comments from the /. denizens along the lines of "Spamhaus provides a list which is optional to use, so what is the big deal?". I agree with this sentiment, however e360insight's angle was that Spamhaus was denying them business by calling them a spammer. Of course, this entailed adding them to a list which administrators used to curb unwanted emails getting through. That's my reading (IANAL etc etc); if I'm wrong, please correct me.
Unfortunately it seems like Spamhaus went about defending this incorrectly ("I don't recognize the authority of this court, take it to the Federal court", "Okay", "I don't recognize the authority of the Federal court..."), which has complicated matters. I'd have liked to see how this would have turned out had it A) been defended correctly or B) no authority besides the UK courts recognized in the first place. Still, I think this has a little way to run before we see the end of this.
If all you have is a grenade, pretty soon every problem looks like a foxhole -- MightyYar
Most of the comments I've read so far seem to be in favour of Spamhaus, and while I agree that they do some good work, they are not all good. Specifically, they seem over keen to blacklist address ranges without providing any proof, and very reluctant to unblock these.
/27 subnet), and their explanation was that we were hosting someone from their ROKSO list.
I work for an ISP providing dedicated server hosting & colocation. Recently a couple of our customers contacted us saying that they had appeared on the Spamhaus blacklist, and were consequently having trouble sending e-mails. They claimed that they had not involved in any spamming activities, and that this listing was therefore incorrect. We found out that Spamhaus had blacklisted a range of our IP addresses (specifically a
While it was indeed true that we were hosting a server for this person, Spamhaus had a) blocked an address range larger than the IP addresses involved with this spammer, and b) would not offer any proof that the spammer had been using the server we host for him to involve in any spamming activities. When we contacted them, they refused to unblock this range unless we suspended the account of this spammer (again without providing any proof of activities conducted from our network that would breach our TOS), even though they acknowledged that the range they were blocking involved innocent customers. For us to suspend him at the request of Spamhaus would have been US breaking our contract with him, as there was no indication that he had violated our AUP (which DOES prohibit involvement with spam).
When we refused to break our contract with our customer at the request of a third party (perfectly acceptable position imho!), Spamhaus said that if they blocked any of our customers in future, they would blacklist our entire network (which is a considerable amount of addresses). This is unacceptable in my view, they are essentially trying to hold us to ransom without providing any proof of activities. When talking with some other ISPs, we heard of similar stories. In one case, the ISP concerned suspended the spammer's account and contacted Spamhaus to have their blacklist removed, and were told that "due to under-staffing, Spamhaus would not be able to remove the blacklist entry for a couple of days. however, if they would like to make a donation to spamhaus, they would remove the entry much sooner".
To reiterate my earlier point, Spamhaus does provide a valuable service, there's not much doubt of this. But they way in which they are organised leaves a lot to be desired!
Let the @#$% hit the fan and effectively slap the world upside the head. I'm fighting more and more spam everyday. It's money out of my companies pocket. It's lost productivity out of our employees. Legislation has no real teeth (just loopholes for the spammers). These spammers are funding a different kind of terrorism, the kind that sucks the lifeblood out of the economy. Pull the pin, and watch the net grind to the halt. Business grind to a halt. Stop masking the problem with whitelists, blacklists et al. We are all paying for this, and spammers are virtually untouchable (and getting richer). Deal with this now, or deal with this when these whitelist/blacklist servers get DOS attacks launched against them in a crossfire exercise. You've been warned!
I want to beat the shit out of the users, explode their RJ45 wires, choke them with what's left from the wire, piss on them, cuss, and then explode their house for being so full of shit and allowing their shitty Windows desktop computers spam the whole world with shitty commercials that are actually responded to by the same gullible shits who themselves actually spam and lose money buying penis enlargement (and indefinitely lowering their ePenises) == botnets.
I wish we could pull off a eugenics program on COMPUTER ILLITERATE WHO USE COMPUTERS WITH INTERNET ACCESS..
I like Spamhaus. Hell, I USE it daily. It was a bad move to ignore the lawsuit. I understand why they ignored it, but I think it was a foolish decision in the long run.
please forward this slashdot story to 20 of your friends in order to fight spam.... actually just to be sure email it to them twice.
actually I am happy to see you, however that is in fact a banana in my pocket.
No one will be hiding behind NAT's or using dynamic IP's with IPv6. These two abuses of IPv4 addressing are the main reason why it is so difficult these days to track down and control sources of network abuse, including spam. This will make it easier to make computers and people responsible for them accountable for their actions, which means spammers and people who insist on running insecure operating systems can no longer hide or deny responsibility so easily as they can now.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
After the failed attempt of the illegal alien crowd to shut down the USA by telling immigrants to march on one day (they don't differentiate between illegal and legal), ...
This is garbage and as such damages any argument you might try to make regarding the subject being discussed (spam). The goal of the Day Without Immigrants protest was to call attention to both the plight and the influence of immigrants. Apparently you are uptight about being part of a system that explicitly relies on undocumented immigrant labor? Perhaps a bright future awaits you in the agricultural or travel industries? There was no attempt to shut down the US, and during the protests it was common to see expressions of patriotism including displays of the flag and replicas of the Statue of Liberty.
Absolutely everyone differentiates between illegal and legal. That is the whole point. In order to become a legal immigrant there should be a process. The existing process typically takes in excess of ten years simply to review an application, never mind actually approving one and letting someone in. Many of these people who wait for ten years or typically more may do quite a bit of productive work in the interim. While the rules for entrance get endless argument Americans show they want immigrants by hiring them and endorsing the products that are associated with them by forking over money.
Perhaps you might be able to kick start your empathy if you moved away from the focus on illegality and thought more about the criteria involved. If someone is willing to work hard and has skills that are valued, does a waiting period of at least ten years make sense as an initial barrier before other barriers are introduced? Hint: There would be fewer undocumented workers if the process for documenting them functioned at all, even functioned as designed, better yet functioned by more common criteria.
Suuuure, it's worked so well to get Americans to give up their SUVs and take public transit to slow the flow of all the oil money that supports terrorists. And those bounties have helped us get Osama Bin Laden in custody. Right?
Start a happiness pandemic
Just have a "cut me off after $5/month" plan. Few use 500 emails per month. For those that do, there could be 10/15/20/etc plans.
In the US, e260'd have to prove this was not the case to win against Spamhaus's allegation of being a spammer.
In the UK, they would not have to prove the case, but they didn't bring that case in the UK, did they. Because spamming is illegal and even if they won, they'd have to prove to the court they aren't spammers or go to jail after being arrested outside the court.
Surely, only small users make use of Spamhaus via DNS? I always assumed that big ISPs and corporate customers will use their Datafeed service. If spamhaus.org goes offline, then surely all that would happen is that users' databases would stop being updated. I agree that this would cause an increase in spam, but only slowly as the data aged, not in one sudden spludge as would happen to those using the DNS service?
Spam is not a technical problem
Spam is not a social problem
Spam is a Microsoft problem
Others estimate Spamhaus's blocking efficacy as closer to 75%; by this metric spam would increase four-fold, not ten-fold, if Spamhaus went unavailable
I think the math is a lot more complicated than this implies. Here's how I'd work it:
- P = % Spam (% of all sent mail)
- S(T) = Total Mail Sent
- S(S) = Spam Sent
- S(N) = Non-Spam Sent
- E(T) = Overall Filter Efficiency (% spam detected, Spamhaus + All Other Filters)
- E(S) = Spamhaus Filter Efficiency (% spam detected, Spamhaus Only)
- E(O) = Other Filter Efficiency (% spam detected, All Other Filters w/o Spamhaus)
- F(T) = Overall Type II Error Rate (% false positive, Spamhaus + All Other Filters)
- F(S) = Spamhaus Type II Error Rate (% false positive, Spamhaus Only)
- F(O) = Other Type II Error Rate (% false positive, All Other Filters w/o Spamhaus)
- R(T) = Total Mail Received
- R(S) = Spam Received
- R(N) = Non-Spam Received
We're interested in R(T) and what happens to it with and without Spamhaus. (Assuming we're still interested at all, since math sometimes does thatWith Spamhaus:
- R(T) = R(S) + R(N)
- R(T) = S(S) x [1-E(T)] + S(N) x [ 1-F(T)]
- R(T) = P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)]
Without Spamhaus:- R(T) = R(S) + R(N)
- R(T) = S(S) x [1-E(O)] + S(N) x [ 1-F(O)]
- R(T) = P x S(O) x [1-E(O)] + (1-P) x S(O) x [1-F(O)]
The difference, expressed as a ratio of (Without Spamhaus - With Spamhaus)/(With Spamhaus), is[ P x S(O) x [1-E(O)] + (1-P) x S(O) x [1-F(O)] ] - [ P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)] ]
Divided By
[ P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)] ]
The assumptions yielding either the ten-fold or the four-fold increase seem to be that E(O)=0, and of course that false positives don't matter. Even with these assumptions, the math in the OP is a bit fuzzy to me:
- E(O) = 0
- E(T) = E(S)
- F(O) = 0
- F(T) = 0 [i.e., F(S) = 0 as well]
- [ P x S(T) + [ (1-P) x S(T) ] - [ P x S(T) x (1-E(T)) + [ (1-P) x S(T) ] ]
- Which Reduces To:
The ten-fold increase seems to be predicated upon both P=.9 and E(S)=E(T)=1. However, even if that were true, the increase would actually be nine-fold (.9/.1).yields (reducing above ratio):
Divided By
[ P x S(T) x (1-E(T)) + [ (1-P) x S(T) ] ]
P x E(T) / [ 1 - [ P x E(T) ] ]
The four-fold increase seems to be predicated upon P=.9 and E(S)=E(T)=.75. However, this would yield about a two-fold increase of
[.9 x
Factoring in false positives might actually make the Without Spamhaus scenario more dire, but clearly it would be less dire if we assume that E(O) is not zero. A better approximation would use the marginal efficiency of Spamhaus. Even with a generous assumption that Spamhaus catches an additional third of all spams sent (vs. all others without Spamhaus, and ignoring false positives), the overall increase in R(T) looks less than 50% to me (.3/.7, or approximately 43%).
What happens when government email servers start crashing? Will this become a "national security" issue? Will it occur to government that the CAN-SPAM Act was a horrible bit of legislation? Or will they see the server crashes as an attack on infrastructure? And what is the likely result? Government putting legal pressure on software makers to patch their security holes? Or owners of zombified computers being placed under NSA scrutiny?
+0 Meh
Given the general ass-hattery of the court it ended up in and the displayed asshattery of the judge in not noticing that e360 lied about jurisdiction claims, how do you know that if Spamhaus *had* turned up, they'd be better off?
I mean it's demonstrated that they'll arrest people passing by the US on to somewhere else because they are interpreting a law to cover their activities as illegal.
It is _not_ a valid defense to say that something would break without you - while you might be right, that is the wrong argument to be pushing here.
Would slashdot give Microsoft so much slack if they were put on trial for monopolistic behaviour, and said the world's computers would become vulnerable if they were put out of business?
Real men don't write sigs
This reminds me of a certain scene from ghostbusters. Hope it doesn't turn out exactly the same though..
Spamhaus has no idea how many spams it actually blocks.
Bullshit. They have metrics on how many requests they get and on how many on list/not on list responses they send back.
Care to explain how a "on list" response doesn't end up in a block?
And you decided to sign a contract with someone on the ROKSO list.
Or did they mis-represent themselves about their ROKSO status?
I often thought wouldn't the best way to fight spam be via spam? i.e. grab all mail addresses from the spam mail and subscribe them to every mailing list on the planet using something like avalanche, it wouldn't stop them from sending, but at least they'd end up with no useable replies
I rather prefer a front yard that has rocks rather than turf as you don't have to water or mow rocks. I used to live in an area that was a high plains desert and xeriscaping (which includes lots of rocks) is a most logical method of landscaping in areas that have little rainfall.
For starters, Spamhaus is based in the UK (that's what this whole fracas is about), so it's not hard to imagine that some people OUTSIDE the U.S. might be using it, Jackoff.
... so they can throw his ass in jail !!
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Configure your fucking mail servers right...and you won't have a problem.
Check your DNS, that's the easiest thing you can do, and call your ISP to setup the RDNS, and make sure any server that has a job on the Internet has a proper A record.
Second, block senders without DNS records.
Third, don't allow mail forwarding to another account, and don't allow invalid recipient bounces.
And finally, use a real MTA like Postfix. Exchange 2000 or 2003 don't have half of the security, and compliance features that Postfix has. At a minimum, put a Postfix MTA in front of your Exchange boxes. Here is one here... http://www.freespamfilter.org/. Pick your flavor of *NIX and go with it.
It's that easy.
How about Spamhaus taking them to the UK court for spamming (illegal in the UK). Then, when they don't turn up and Spamhaus wins by default, the judge orders the e360 website removed and (because this is an illegal rather than civil breach) extradition to the UK of the site owners.
This is nonsense. Spamhaus is a voluntary list of places you might not want to allow to deliver email to you. The people that subscribe to the list do so out of choice, they can configure their servers to block or score higher (usually) based on a listing in the Spamhaus list. Where in all of this is there place for a Judge, a court or even a whiny little Spam company ? No Judge in the world can force a delisting from Spamhaus. It's no different from me posting a list of companies that I don't like - for whatever reason - and because some people see my list and also decide they aren't going to like them either - being told I must like them. This is bollocks of the most objectionable level.
When are the courts and the politicians going to start serving the people ? Corporations are all about money and self interest - start protecting the populace not the highest bidder.
Call me stupid, but why doesn't Linford just get some 3rd party to register a new domain and point it at the Spamhouse servers? Then send an email to the Spamhaus clients telling them that Spamhaus may 'alternately be accessed with this domain.'
Seriously, whats the big deal about closing a domain anyway? I know if I had a big mail server using Spamhaus, the first I heard rumours of ths shutting down the domain I would have switched to IP addresses anyways. An american judge can't order a foreign ISP to revoke IP addresses after all.
No money changes hands, but you may bypass the other sides spamfilters if you factor a product of large prime numbers for them, thus proving that you spend computing power on sending that email. Works like a charm!!
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Would anyone like to spam the Illinois district court? Just to help them understand the nature of the case.
From Spamhaus:
David Lindhart's Email Address...
dave@e360data.com
I receive complaints from time to time about the amount of spam that gets to users Inboxes in one of the places I manage. There are approximately 1-5 messages a day for a couple of users (who most likely post their email addresses or colleagues email addresses into random web sites).
The logs I get suggest that approximately 86% of the mail sent to the server is spam, and are stopped at the Firewall. I think they would be greatly appreciative of the training I have given that spam filter, although it can always do with more.
I am sure there are other higher profile mail servers that get hit with a whole lot more spam than my tiny little corner of the Interweb. If the filtering servers went down I am sure there would be an overwhelming "OMFG" from all those nay-sayers.
Cheers, Chris
Your post advocates a
( ) technical (x) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
(x) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(This time the spammers will be doing the filtering, and that will be quite easy [captcha.net] for them.)
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
. . . by threatening judges with impending doom.
Really. It doesn't work, unless, of course, you are the President, warning judges about terrorists.
Still, I've argued this point before; there's at least a few points of dispute regarding jurisidiction, and spamhaus should have showed up in court.
It doesn't matter if they are ultimately right; what matters is that it is not 100% clear cut, and as such, a judge will give a plaintiff a great deal of leeway in a default situation.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Yes, this man has no dick.
+0 Meh
Ladies and gentlemen of the jury, my case is thus.
If my client is found to be in the wrong there will be a huge increase in spam and a slowdown of the internet, I rest my Case.
In the not too distant future, next Sunday A.D.
If you use DNSBLs to help filter incoming email, you probably a) use more than one, and b) use other anti-spam techniques later in the chain. For the (medium traffic) domains I manage, I can tell you that Spamhaus is our front-line; however, messages that get past it have other blacklists to pass, and that's before they even hit our content filters.
There will certainly be some increase, but the only reason to expect a four-fold increase is if Spamhaus is your only defense. And as any seasoned mail admin knows these days, a single strategy doesn't cut it any more..
For an average week on a small mail server:
2500 messages delived (some of it spam that made its way past the filters)
11700 blocked using RBLs
and another 18000 rejected due to invalid (or no longer valid) recipients. (some of which are abandoned usernames due to the spam level)
And remember it's not just processing power, it's all the additional disk space that would be required to store the spam. And since this server has a bandwidth cap, rejecting spam (instead of having it delivered) leaves more bandwidth for its intended purpose.
I can imagine the judges reaction when he realises that he decision has just sabotaged his own personal email. and the reaction of his/her friends when they find out that he/she is to blame for all of the extra spam they are suddenly getting.
"It is a greater offense to steal men's labor, than their clothes"
They are not subject to the US court system. If it was me in this position I'd be sending the judge an e-mail with a picture of me holding up my middle finger. Then I'd move my operations to a .org.uk address and notify my customers.
Bob
Listen to my latest album here
... so they can throw his ass in jail !!
Why would imprisoning a donkey help? Does he use it to carry all his luggage for him or something?
They are the ones that are actually doing the blocking.
What they can do if the domain is suspended is to have domains available in each and every country in the world.
As so many providers use the service as well, donating domains should be not an issue. Each and every time some domains could be donated and people just pick 10 of them so that if one is down due to a legal issue, another can be used.
The best solution is indeed to just open the floods for one day. Unfortunatly sept, 18th is already past, because it would have been the releasedate that could have been named after this movie
Don't fight for your country, if your country does not fight for you.
Spam percentage of a 474 message inbox could only be 100%, 99.78903%, 99.57805%, 99.367089%, 99.156118% ....
Thought it would be funny, but it is not, but I am not going to waste all that typing calculation I did, so will hide behind anonymity ;-)
wish I had mod points. Yes, the parent is witty, but more importantly it is spot on. I've seen this before, but it really can't be repeated too many times in my view.
In theory, there's no difference between theory and practice; in practice there is.
But aren't these emails ALREADY hitting email servers? It sounds like this speculation is FUD-y.
I mean, it's not like Spamhaus somehow redirects the emails to itself like some sort of Intarweb spam-specific black hole.
As I understand it:
1. Spam is sent by spammer (it's taking bandwidth). Because of how mail packets flow through multiple redundant paths, each mail takes up bandwidth many times its raw packet size.
2. Spam hits email server (it's taking CPU time to process)
3. Email server checks against Spamhaus blacklist (dunno if this is bandwidth, CPU, or both - I'm not terribly familiar if Spamhaus caches that information locally at its client sites)
4. Spam is rejected (taking CPU time)
5. Rejection reply generated/sent (? dunno if it does this; would take CPU+bandwidth both)
So Spamhaus disappears. Yes, it would suck as a email user to get flooded with spam, but would this REALLY cause any more work for the mailservers? I could see (if they are generating rejection replies and sending them) that this might actually be LESS work for CPUs and less bandwidth used.
-Styopa
Then you're no better than he is, all that inbound email would cost him money... and bandwidth ain't free you know!
Before anyone resorts to spamming, they should read through all the PDF documents he has thoughtfully made availiable.
Then you should grep your mail server logs for any connections from e360's netblock. I think uunet (Verizon) will reimburse you for any bandwidth costs, we wouldn't want this carrier get away with a free lunch would we? You should mark invoices for the personal attention of John Thorne, senior VC. I gather he will be most supportive.
Exactly, mod parent up!
Damn, why no mod points right now.
In my opinion totalitarian states judge fairer than capitalist powerhouse judicial systems
Don't Yanks ever get fed up with the way in which their legal system transforms society into a mechanical, 'i can't do that because it would make me liable', stilted, joke of a community? I cannot imagine what its like to live in a country where inhabitants cling tightly to nationalist ideals on the one hand, and on the other hand so desperately try to sue eachother out of having a normal life. Its a dead giveaway of a nation spoiled beyond comparison..
Tell that to Julie Gabble from Geometry class. She's been banged so many times she walks funny.
I have been getting a lot of spam which wasn't blocked by blacklists (including Spamhaus) and it was not sent by some hacked Win machine (because graylisting would kill it). But it still gets through (although Bayes marks it).
Why it isn't blocked by blacklists? Look at the headers:
Received: from mail.blancalle.com (mail.blancalle.com [69.51.15.35])
Received: by mail.blancalle.com (PowerMTA(TM) v3.0c2)
Received: from mail.Nomegoze.com (mail.nomegoze.com [75.126.42.135])
Received: from mail.riverpins.com (mail.riverpins.com [66.97.162.150])
It is fully featured mail server dedicated for spamming. When you go to www.domainname, it usually says that they help market blah blah...
Question: how to stop them? I have tried many blacklists, no one lists them. Is it because they give an "opt-out" solution?
I think all sides are idiotic.
Where I work, if somebody is incorrectly identified as a spammer, that person can contact us, and we work to resolve the issue. It happens all of the time.
On the other hand, Spamhaus is not the only organization capable of filtering spam. If Spamhaus went away, spam would still be filtered.
I doubt the judge has jurisdiction, and I think the judge knows it.
The domain is issued by an american, still, organization. If they would have showed up in court. Hoped that the judge was competent enough to understand that nothing gets blocked by spamhaus unless an email administrator has set up rbl checks via spamhaus.
Oh well. Should have. Could have. Water under the bridge. It is time to make spamhaus a redundant system. Anyone care to estimate the amount of bandwidth needed to mirror the service?
Having to work for a living is the root of all evil.
Have you people never heard of gmail?
c++;
because Spamhaus keep the complaints that get them listed in the first place. Production of a few complaints and a perusal of the e360 website (whish show that they produce NOTHING themselves: so how can they have a prior commercial relationship with ANYONE?) is a simple proof. Given that this puts them squarely under the spammer label as the law states it, they'd have to show why they specifically aren't.
Much like if you are caught copying copyrighted materials, you still have the ability to prove that, though you HAVE copied their stuff, the limitations of the copyright allow your use (parody/excerpts/de minimis/...).
If spam is made more of a problem, there will have to be adjustments. Spam is mostly sent from shady ISPs, hacked/worm infested machines which act as relay drones, and nations which don't deal with these things well. The blacklisting will have to be done manually, meaning that allowing spam to come from your networks may have much larger penalties for those who tolerate it. Hurricane electric and most asian nations will likely be the first entries in my blacklist.
Since most of the filtering is done on the recieving side anyway. Now end users on the other hand will see a big uptick in spam.
I just don't want to see a precident set by the court.
With a tax it would be illegal to block paid for mail, a federal offense probably. Then we would just get /different/ spam, like for chevy trucks and pepsi-cola.
It is all or nothing. The idea is to make the people in the USA feel it, not limit spam from sources in the USA.
Been There- Done That.
We block roughly 96% of Spam on average (at times of day 85% and at other times of day 99% depending on actual volume) and tag a few percent of 'maybes' on top of that. Every once in a while someone will whine about how they are getting so much Spam and that these Spam filters are useless. So I tell them I'll take it off for 24 hours. A few thousand e-mails to some of their inboxes later and I receive a praise letter and small gift in the mail.
In any case, folks complain like anything about the 3-5 Spam e-mail messages they get a day (most of which are tagged) and have no real view as to what is actually out there. It's like taking out someones immune system for a day (except they won't die of course).
More important would be how the e-mail system would survive with 10-30 second delays on every mail as the spamhaus lookups fail.
-M
when you see the word 'Linux', drink!
Honestly, the "out of office" autoreply feature (most notably used in MS Outlook) could use some work. For starters, it really needs to be designed so users turning it on are immediately prompted for whether they'd like it to respond to all incoming email, or only to internal corporate mail. Quite often, I've emailed a salesperson at some company, only to get back an auto-reply that's intended only for other employees of his/her business -- not outside customers.
We have a solution.
It's called a naive Bayesian filter.
Please read Paul Graham's 'Plan for Spam'.
Spam is no longer a problem, and hasn't been for a loooooong time.
Fuck the RBL fascists and their scare-mongering.
This would be a terrible thing if this were to happen. Obviously, the judge has no conception of what this could cause.
[%] Cingular Ringtones
After all, if the percentage of all emails that are spam actually REACHED 100%, nobody would use email and spamming would be pointless. Attempts to keep Internet email useful, therefore, are also what is keeping spam alive.
First, some stats on the mail server I use from a year ago yesterday and yesterday:
October 15 2005 :
Pieces of spam blocked by realtime blocklists: 9062
Top blocklists:
sbl-xbl.spamhaus.org 7193
bl.spamcop.net 1648
dnsbl.njabl.org 221
October 15 2006:
Pieces of spam blocked by realtime blocklists: 47429
Top blocklists:
sbl-xbl.spamhaus.org 40631
bl.spamcop.net 5240
dnsbl.njabl.org 1558
As spamhaus is currently rejecting 40631 emails which consequently don't have to be processed by spamassassin, it would be definitely be felt on this server were Spamhaus to become available. In fact, the reason I started using RBLs to begin with was due to one of the Spamhaus ROKSO culprits sending about 20,000 messages per hour to a dictionary list of users at a hosted domain. The server was dying then, but using OpenBSD's pf databases together with the spamhaus SBL, the problem was stopped cold.
I really don't care if they're being drama queens about it...
The US courts have nothing on a UK entity..
And maybe in doing so they will solicit more people into the fray...
let the flood gates open, ready or not, learning can be a painful experience for anyone...
Meanwhile I just want to grab a chev and a few shotguns and find these guys...
How we've let the ISP's and such let us believe that they are powerless
to kill 99% of SPAM is beyond me. I say we track down the parasites and take
them down ! (Metaphorically speaking that is...)
End of Line.
I did like the way the poster's poor grammar is consistent in both posts though...(read the following in 'HULK SMASH' voice)
GP - "Spamhaus could of done a better job in front of jury."
PARENT - "Damn, why no mod points right now."
Ok, this is a pet peeve, and sorry for the rant, but this is
The phrase "increase by n-fold" means that the value would increase by a factor of 2^n, not by a factor of n. The terminology comes from the idea of folding some physical object in half. For example, if you fold a piece of paper in half, the overall thickness increases by a factor of 2 (or 2^1). Fold it again, and the overall thickness increases from the original by a factor of 4 (2^2). These are examples of increasing by one- and two-fold, respectively.
In the example in the original submission, the amount of unblocked email traffic (10% of all email traffic) if increased by ten-fold, would increase to 10240% of all email traffic, which is clearly impossible.
In the editor's example, the amount of unblocked email traffic (25% of all email traffic) if increased by four-fold, would increase to 400% of all email traffic. This is also clearly impossible.
The correct phrases to use in these cases are "increase by a factor of ten" and "increased by a factor of four" respectively.
$rant_mode='off';
-m
1. Go after their location in every willing country by using building and fire codes. Locate where they do business, inspect it, and shut it down. Have the tax people follow on the heels of the fire department, confiscating everything that can be carried out to look for tax evasion. That's how they went after the Mafia. I suspect 99% of the spammers are cheating on their taxes. Throw the book at them for that.
2. Follow the money. Pressure Visa and the others to refuse to sign up this scum as merchants. And when people complain about being ripped off by a spammer, Vista et al should such the money back out of spammers' accounts and return it.
3. We should also look for other ways to make spamming for profit a headache for those doing it. I once knew a nurse who had no ability to say no. She'd just gotten off working all night, when the pre-Internet equivalent of a spammer showed up, a door-to-door salesman. Rather than argue with him, she signed up for three magazine subscriptions. After he left and before she went to bed, she called and canceled all three. Texas had a 72-hour rule. Any purchase you make from a door-to-door salesman can be canceled within 72 hours with no penalty. We need something similar for spammers.
4. Start a lively tradition of making fun of the fools who buy from these jerks. "You're so stupid, I bet you buy from spammers." That sort of thing. Work it into the scripts of TV shows.
The best way to get enough spam to swamp almost any filter is to fwd all mail for a domain to a single inbox.
Google has reported 60K spam over the last 30 days, and about 10 messages in hour still get through to my inbox.
Worse is these asscactuses start sending mail that looks like it was from my domain, so I get all the bounces, and look like an asshole myself.
That one Russian spammer who was savagely murdered... it's hard to drum up sufficient sympathy for that.
If all the world is bending over backwards to find new ways of plugging their ears, stop yelling.
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
The governing body of internet domain names, ICANN, has been advised of the proposed order. It says however that it cannot comply with any such order as it has neither the ability nor the authority to do so. Only the internet registrar with which the registrant has a contractual relationship can suspend an individual domain name, ICANN says.
If even ICANN says it won't comply, and the judge hasn't even signed the order, why is this a big deal, and furthermore, how is this "heating up?" Sounds to me like a bunch of fuss about a non-issue. Now, if ICANN was actually going to comply, then we'd have something to talk about.
Without a blacklisting site, greylisting will not be effective TOMORROW.
It's simple for the spammers to re-send their spam floods. The only issue today is that the spam flood will trigger spam traps run by the blacklists. So there's not much reason for the spammers to send the flood again because the people using greylisting will probably also use blacklists.
If the blacklists weren't there, greylisting would be easily bypassed with a second flood.
"Defense in Depth". You have to use multiple layers and multiple approaches and they have to be inter-linked.
1. Tucows seems to be the registrar for spamhaus.org. They seem to be Canada based and will probably laugh at a court from Illinois telling them what to do. And if ICANN has a half a brain (which they have) they won't touch this. The international community would flip... 2. Spam protection should be in layers just like all security protection. Should one fail or let something slip through then another layer should catch it. I very seriously doubt that Spamhaus would be forced to shut down. And if they did shutdown then I very much doubt the impact would be anywhere near what the claims are.
...but for all thier bitching and moaning about this, they haven't actually done a thing in thier own defense. Further, being in the UK (as they have pointed out on many occasions now), why do they not just get a nice little .or.uk? All of this "the world is going to end" crap actually makes me think alot less or them. It's really thier own fault for ignoring the litigation, even if they had intention of complying to begin with.
A ten-fold or four-fold increase in traffic - either number assumes that mail admins use spamhaus's list as their one and only spam filter. My guess is such systems are rare to non-existent. In fact what will happen if spamhaus goes away is that the other layers of filtering will take up the slack. Most sites won't even notice the change.
Every time I come here, it seems I'm saddled with damned mod points. Now, when I need them...
Procrastination -- because good things come to those who wait.
I don't know why people don't mod up mod up posts like this one (#16452955) since it is not a ploy for being modded up.
I like the way the parent pokes fun at the GP and GGP because they are consistent in bad grammar.
GP - "Damn, why no mod points right now."
PARENT - "(read the following in 'HULK SMASH' voice)"
Jeen-yus!
"More common" does not equal "correct", unfortunately. Like "try and" (rather than "try to"), "could of" is just plain wrong.
Now where did I leave my gabble?
I didn't say that jurisdiction is whatever the judge says it is, I said it is whatever the laws constituting the court says it is. Yes, jurisdictions are often limited by those laws, including the laws in the US. But the point is that courts derive their jurisdiction from the sovereign states that establish them. This is an indisputable fact. As a practical matter, foreign courts can only enforce judgments, orders, convictions, etc., against you if your home state is willing to co-operate. They are in many cases willing to do this: for instance, a desire for reciprocity. In many cases, they will not.
What's clear here, however, is that Spamhaus isn't completely untouchable by US courts, because Spamhaus has dealings with people that the US courts *can* enforce orders against, eg, ICANN or PIR or Tucows (a Canadian company, yes, but one with offices and assets in the US).
It's not that US courts have jurisdiction over anything in the world: it's that they could have and that would be as legitimate as any other definition of jurisdiction. Spain and Belgium have courts of universal personal jurisdiction (although, these are war crimes courts, of course).
In any case, US federal courts clearly have personal jurisdiction in suits between US citizens and nonresident foreign aliens. This does not mean that you can sue any random foreigner in a US court. For the most part the rule is that there must be certain minimum contacts. However, even if the court would have no jurisdiction -- such that if you challenged jurisdiction you could have the action dismissed -- you're still allowed to voluntarily consent to the jurisdiction and waive your right to dispute it later. Under the Federal Rules of Procedure, you are assumed to voluntarily consent to the jurisdiction unless you dispute it in a very specific way at the outset of the case. Spamhaus clearly did not do this: they in fact made a jurisdictional argument that was essentially: the state court does not have jurisdiction, a federal court would. They have clearly consented to the jurisdiction at US law.
I understand your point and your frustration at what seems to be a very unjust outcome. But this is really all Spamhaus' fault. All they had to do was challenge the jurisdiction appropriately, or go to court and make a bare semblance of a case, and they likely would have prevailed. Instead, they thought they were above responding to a spammer (and e360 sure stinks of being a filthy spammer), and now look what's happened?
I don't lose. We all lose because Spamhaus may be shut down because they were arrogant.
The point is enforcement is not immaterial, but it's not
...that we're not the only ones. I've seen the rate of blocked spam messages on our spam firewall increase from 75% to 97% in the past few months. That means only 3% of our total message stream is allowed through as "legit" and our users are STILL seeing about 20 spam messages a day. So this, is apparently normal e-mail in this day and age? Sad.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Relay blacklisting is based around a list of known IP addresses that the SMTP server refuses to accept mail from, so if a spammer (usually a zombie PC) connects to port 25, the IP address is checked against the blacklist, if the IP is blacklisted (i.e. it's Verizon, Comcast or Qwest broadband space -- a common RBL IP block because those asshats don't police their zombie PCs) the server will instantly HANG UP on the connection. This takes a few milliseconds and virtually no bandwidth. More than 90% of most SMTP connections are dropped by systems that use RBL.
Compare this with content-based filtering where the SMTP server sits there and wastes precious bandwidth, cpu power and other resources churning through the spam garbage data, saving it, analyizing it, etc., only to find out it's junk e-mail and then either deleting or quarantining it. The amount of resources consumed by content-based filter systems is EXPONENTIALLY GREATER than relay blacklist filters.
This is why most ISPs mail services would literally choke if they turned off relay blacklisting as a means to stop spammers. There are literally millions of safe IP address lists that should not be sending mail that a smart postmaster will configure his server to completely ignore -- not even accept any mail content and waste bandwidth (*cough* Comcast, Brazil, most of China, Korea, etc. *cough*)
It works. It works very well. Without RBL, your mail server is in for a world of pain.
If you aren't using RBL, then you're just pissing away precious, expensive resources.
The bottom line is that the law means something or it doesn't. The decision may not have been the one most sysadmins (or even users) hoped for (and God knows it's not the one I would have wanted), but it was decided within the rules of the law and in accordance of the law as written now. I would hate to think that a judge would make a decision based on what his friends and neighbors might think. This is supposed to be a country of laws. Should it ever not be, that would be a very bad thing.
So stop the judge-bashing. Cases are not supposed to be decided on pragmatic issues when the pragma directly violates previous jurisprudence - legislation is the solution to pragmatics not matching current judicial findings. The bottom line is that Spamhaus f*cked up by not appearing in court. They should have. And, because of that, the judge rendered judgement in a proper fashion. If Spamhaus didn't understand the impact that not showing up in court would have on them (especially if they already had the wherewithal to hire a lawyer to file motions with said court), then they have no one to blame but themselves.
Spamhaus is now free to ignore the court's ruling (they are, of course, based in another country with servers in a third and can do so with relative impunity). The court is also now free to attempt to enforce its judgement in any way it sees fit within the bounds of the law. That's the way the system works. If you don't like it, change the system. Don't bitch at the actors who are merely doing their jobs (and, in fact, appearing to be doing so in an relatively competant way).
That is all.
I am serious: If any politican would seek to introduce the death penalty for spammers, he'd have my vote. I have lived with this nonsense now for ten years, and my patience is wearing thin.
I agree that spam email is about 90% of traffic. In my case the ratio is probably even higher. I get a lot of spam. Most of it gets filtered out by spamcop.
If RBLs suddenly became unavailable, the only - and I do mean only - option for me would be to reject any email that doesn't come with correct sender verification of some sort, say, SPF. Then, once spammers start using those systems too I'd have to start whitelisting senders.
I really can't believe that the US is putting up with that. I think only judges who have no email account could even agree to hear such a case.
MySpace is a much more efficient way to communicate anyways.
If Spamhaus does this voluntarily, just to prove a point, and the results are as bad as some predict (overloaded servers losing emails resulting in financial damages to companies in the millions or hundreds of millions of dollars), Spamhaus could be in much worse legal trouble than they are right now. On the other hand, if they do it involuntarily because the US courts force their domain to be shut down, then they can't be held liable for the consequences of that action. The US government, on the other hand...
If I (still) worked for a huge email or Internet service provider, I would have my team on full alert, and would be busy talking to legal about our possible options for trying to prevent anyone (Spamhaus or the courts) from abruptly shutting down this service, and to vendors and the finance department about the possibility of getting emergency extra storage if needed. I'm surprised I haven't heard of some big ISPs trying to get the injunction blocked already. (Although, since I don't still work for a huge email provider, I don't know what legal's response would have been, which might explain it.)
Spamhaus should pull the plug. All the way. They are working to prolong something that totally sucks. Shut down Spamhaus. Let email totally tank. Let the traffic explode.
Then grab your torches and pitchforks and go after the freak'n spammers. I'm talk'n heads on pikes in the town square.
That's the way to fix smtp.
Fox believes that the border should be open for Mexicans comming into the USA. Of course, if you look at illegals comming into Mexico, he talks a different story. In Mexico one will be prosecuted if they are illegal. In Mexico, you have to show that you are there legally before being allowed gto work or go to school.
Bush says we should give everyone amnesty because they are law abiding people who only want to make money. First they are not law abiding because by working in the USA w/o a proper visa, they are breaking 2 laws. Second, amnesty was tried with Reagan, but that did not work. By granting amnesty you are allowing people who came illegally to cut in line in front of the people who obeyed the law.
And paying a small fine and being required to pay income taxes for the last 3 years is amnesty. I wish I could work for years w/o paying income taxes, and then give a guess to the IRS of how much I owe. Unless the illegals are sent back and put to the end of the line, then it is amnesty!
I do realize that the parent qualified his statements, but I should point out that I firmly beliee that those who advocate stricter legislation of morality or stupidity are guilty of hypocrisy and should be the first to be punished under the legislation they advocate. Ooops. I think I might have just said I should be punished, too. :-)
Basically I think it's morally wrong to force a codified morality (set of ethics) onto people who disagree with it. There are obvious exceptions, such as those who think it's "morally okay" to murder, etc. Similarly, I think it's stupid to propose laws that target stupidity. If taken to its absurd logical conclusion, such laws would jail all but the smartest person in the population. So unless you ARE the smartest person, advocating such a law is by definition stupid.
I'd also like to take issue with the notion of hardcore jailtime for minor offenses. I think that longer prison sentences are not a good deterrent for crime. Imagine you've managed to make stupidity illegal, punishable by 20 years in prison...*waves hands*... Now everybody lives in constant fear of doing something stupid (this is especially true of the smarter ones). The trouble is: living in mortal fear of making a mistake actually increases the likelihood that you will make one. It's like straining to keep a paperclip balanced on a knife: The more you tense up, the more the paperclip shakes. So once you do inevitably mess up, your choice is to admit the mistake and take responsibility or deny it and/or run. When you perform your internal cost/benefit analysis, a 20 year sentence is like an infinite cost, so you'll do almost anything to avoid getting caught -- including murder.
If you want people to take responsibility and behave rationally, don't sentence them to years in prison for minor mistakes. School analogy: For "most" people, simply getting their name on the blackboard is enough to deter repeat offense. When that fails, a letter home usulaly works wonders. You really only have to send the habitual troublemakers to the principal's office for suspension or spanking (*if that's still legal in your jurisdiction).
In short, I think that rather than legislating morality or stupidity, we should simply advocate more (peer?) review. For example, you're less likely to try to bang the white house intern in the oval office if all the windows are open and there's a public webcam under the desk. Similarly, if all surgeries were televised, surgeons would be much less likely to "forget" a pair of foreceps or a chunk of gauze when they sew you back up. And if a surgeon did forget, some couch potato would likely to catch the mistake and phone it in for a reward.
On my mailserver, if Spamhaus SBL-XBL fails to return an answer, SpamCop's BL will still be up and working. I've got my MTA configured to check for both. In the past day, Spamhaus SBL-XBL has rejected 25,791 emails and after checking through that list SpamCop has found an additional 4,256 emails to block. If I switch which service is checked first, the numbers are roughly the same (SpamCop will catch ~80% and Spamhaus will catch the other 20%). I'm sure any ISP mail admin knows at least this much.
However, that other 20% that Spamhaus SBL-XBL would have blocked will then get through, and SpamAssassin will start checking against SURBL.org for spam-vertized domains in the email content and catch the rest. This is at a much larger CPU cost to use SpamAssassin than using Spamhaus SBL-XBL on the MTA before it even accepts the email.
BTW, SpamAssassin with SURBL and a number of other filters (pyzor, dcc) still tagged another 5,135 emails as spam (I don't auto-delete, just add headers).
That's pretty scary to me that my system, which houses a few domains for friends and family, has blocked/tagged 35182 spam messages in the last 24 hours.
SOME servers will choke.
Their clients will start having bigger penises!
I'm wondering why there haven't been a bunch of small claims filed in small claims court against the people that hire this type of person/service , or even why both are not named in suites like this it is after all isn't unsolicited spam against the law? . If enough were filed would this not send a clear message to the types that use this tactic.
no matter how good it is, it is human nature always wants to make things better
I don't know about the rest of the world, but the idea of shutting down Spamhaus instantly reminded me of Peck shutting down the containment grid in "Ghostbusters":
VENKMAN: (to Policemen) At ease, Officers. I'm Peter Venkman. I think there's been some kind of misunderstanding here and I want to cooperate in every way I can.
PECK: (turns on him immediately) Forget it, Venkman. You had your chance to cooperate but you thought it was more fun to insult me. Now it's my turn, smart-ass.
SPENGLER: (excited) He wants to shut down the storage grid.
VENKMAN: If you turn that thing off we won't be responsible for the consequences.
PECK: On the contrary! You will be held completely responsible. (to the Con-Ed Man) Turn it off.
The CON-ED MAN steps to the control panel and looks at the switches, meters and chasing lights.
VENKMAN: (to the Con-Ed Man) Don't do it! I'm warning you.
THE CON-ED MAN: (He looks nervously at the Police Captain.) I've never seen anything like this before. I don't know ...
PECK (enraged): Just do it, fella. Nobody asked for your opinion.
The Con-Ed Man reaches for a switch...
I'd love to see all of the spam-fighting services go on strike for a week. DNS blackholes, spam filters, the works. Let spam flow uninterrupted. Let every user on the internet see just how bad spam really is. THAT would get some useful laws in place, and some criminals behind bars.
Unfortunately, too much of the IT economy is closely tied to fighting spam, and they can't afford to let that happen.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Here's a stupid question: what if spamhaus moved to a .co.uk domain? Does ICAN still have control over it? Wouldn't it side-step the issue completely?
/confused
And ban his IP range too.
"Spamhaus has a user base of around 650 million, and its lists block some fifty billion spam emails per day"
thats like the entire human population is sending 50 emails a minute, even those who dont have a computer!
Gaa. I feel like a dolt for having to reply to my own post.
The line "Number of messages rejected because they were spam:" represents mail filtered out by SpamAssassin. Mail is filtered in the order seen here, with "wrong e-mail" first, then RBL, then Spamassassin and virus filtering.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
Linux, or more properly, the more popular applications that run on Linux, are horrible, bug-ridden, security-vulnerable pieces of crap that require constant patching. (PHP, I'm looking at you.)
Hosting companies can either a) automatically patch customers or b) notify customers who can then patch themselves.
In case a, updates can, will and do 'break' things. Resulting in angry customers.
In case b, chances are, nothing will ever be updated.
Case a runs contrary to running a successful business. (Generally, it's a good idea to not break the websites of companies who, while having idiots for IT staff, generate their revenue through their website.)
Case b is the norm. When case b happens, systems are hacked.
When systems are hacked, 99% of the time, someone's looking to spam. What happens then? It depends on the ISP. Pretty much every ISP can recognize attacks in progress, and takes measures to deal with the situation. That, however, isn't good enough for the assholes who run blackhole lists.
One system compromised for a day?
Fuck it - Ban the entire IP range! Forever!
Inherited a bad block of IPs from a former customer of your upstream provider? Sucks to be you, don't it?
But the slaughter of the innocent is alright, hey? Long as you don't need to get off your ass and configure your own mailserver properly to filter spam, like everyone else does, right?
Well, to be honest, I freaking agree entirely. I eagerly await the day that e-mail dies and is replaced. When will that happen?
When e-mail becomes finally and absolutely overrun with spam to the point of being entirely useless. Not one moment beforehand. Better systems? There are plenty of better systems out there now. A moron could figure out a better system. But people won't change - not when everyone's already using e-mail. E-mail 2.0?! We can't switch, Mr. CEO! Why, all our customers are using old school e-mail!!!!!!!!11111111111111eleventy
I don't know where they other guy got their numbers, but Spamhaus blocks better than 90% of the mail coming in our server. No we don't want 360's shit. Thank you Spamhaus keep up the good work!