Slashdot Mirror
Email Servers Will Choke, Says Spamhaus
Rub3X writes, "The legal battle between antispam organization Spamhaus and e360 Insight is heating up. Spamhaus has a user base of around 650 million, and its lists block some fifty billion spam emails per day, according to the project's CEO Steve Linford. Spamhaus CIO Richard Cox says the immediate issue is that if the domain is suspended, the torrent of bulk mail hitting the world's mail servers would cause many of them to fail. More than 90% of of all email is now spam, Cox says, and he doubts that servers worldwide would be able to handle a ten-fold increase in traffic." Others estimate Spamhaus's blocking efficacy as closer to 75%; by this metric spam would increase four-fold, not ten-fold, if Spamhaus went unavailable. The article paraphrases CIO Cox as saying that the service will continue "even if there is a short-term degradation."
It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.
I still think they 3360 guys just look and smell like spammers. That spamhaus aggrees just adds to this conclusion. Here's what seems to amount to the spam histroy of the "plantiff".
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Maybe some legal problems could be avoided by having two lists. One, a list of spammers. The second list is people who are not spammers (cough) who have threatened or engaged in legal action to be removed from the first list. In other words a list of plaintiffs in court cases. Mail server admins could choose whether to use one list or both for blocking mail.
-- Ed Avis ed@membled.com
Dude,
I am so ready to walk away from cars. I just need someone to point me to a workable replacement.
I am so ready to walk away from television. I just need someone to point me to a workable replacement.
I am so ready to walk away from radio. I just need someone to point me to a workable replacement.
I am so ready to walk away from life. I just need someone to point me to a workable replacement.
I am so ready to walk away from my legs. I just need someone to point me to a workable replacement.
Here's the dnscache (part of the djbdns family) solution: /service/dnscache/root/servers# cat spamhaus.org
216.168.28.44
204.69.234.1
204.74.101.1
204.152.184.186
#
No need to HUP -- once the file is created and filled with those IPs, it'll pick them up automatically. You can easily install dnscache with the other tools on your mail servers for 0 interuption of service.
Cheers.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
It's because you have no friends.
Your company advocates a
(x) technical ( ) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
() The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
(x) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Easy. We just need to set up a protocol where an ISP is charged $0.01 per email sent. That will kill the spammers without having any real effect on people sending email.
Actually, the problem is not this simple. Spammers today send their emails from millions of hacked computers worldwide. They will just continue to do so, and these charges will drop on the clueless users whose computers are used to send the emails.
As long as computer security is as bad as it is today, there just is no easy solution to spam. All hyper-clever ideas about encrypted network id:s, black and whitelists, hashcash, etc, are just temporary solutions --- they only serve to drive the spammer to more intensly use the fact that a hacked computer also gives access to an online identity.
Open Materials Database
I'm starting to wonder about the sanity of Spamhaus' lawyers -- or if they really have lawyers at all. So far their arguments seem to have been
1. This case is at the wrong court, it should go to a federal court instead.
2. (to the federal court) We agreed that you had jurisdiction over this, but we're going to pretend that we didn't say that.
3. What? You've decided that we broke the law? Well, you shouldn't punish us because we're really nice people.
While I do not doubt Spamhaus' credentials as really nice people, this is hardly relevant to the case in question.
Tarsnap: Online backups for the truly paranoid
Why don't spamhaus just remove the e360 adresses from their regular spam lists and add them to a new list named "addresses no longer blacklisted becuase we were sued and ordered to remove them"?
:)...
That list would then serve as a perfect permanent black list for all sysadmins who happen to think that people who sue spam lists might not be the kind of people who send worthwhile emails.
I would actually recommend even higher priority to that list in the spamassassin config file than spamhaus' regular blacklists
Open Materials Database
Meanwhile the rest of the planet will treat an unenforcable court order from this judge about as seriously as they would a court order from the judge in this case.
GP was missing the link above.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Here.
Here.
Here.
Here.
You can't walk away from your legs. Not with the same legs, at least.
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
Most of the comments I've read so far seem to be in favour of Spamhaus, and while I agree that they do some good work, they are not all good. Specifically, they seem over keen to blacklist address ranges without providing any proof, and very reluctant to unblock these.
/27 subnet), and their explanation was that we were hosting someone from their ROKSO list.
I work for an ISP providing dedicated server hosting & colocation. Recently a couple of our customers contacted us saying that they had appeared on the Spamhaus blacklist, and were consequently having trouble sending e-mails. They claimed that they had not involved in any spamming activities, and that this listing was therefore incorrect. We found out that Spamhaus had blacklisted a range of our IP addresses (specifically a
While it was indeed true that we were hosting a server for this person, Spamhaus had a) blocked an address range larger than the IP addresses involved with this spammer, and b) would not offer any proof that the spammer had been using the server we host for him to involve in any spamming activities. When we contacted them, they refused to unblock this range unless we suspended the account of this spammer (again without providing any proof of activities conducted from our network that would breach our TOS), even though they acknowledged that the range they were blocking involved innocent customers. For us to suspend him at the request of Spamhaus would have been US breaking our contract with him, as there was no indication that he had violated our AUP (which DOES prohibit involvement with spam).
When we refused to break our contract with our customer at the request of a third party (perfectly acceptable position imho!), Spamhaus said that if they blocked any of our customers in future, they would blacklist our entire network (which is a considerable amount of addresses). This is unacceptable in my view, they are essentially trying to hold us to ransom without providing any proof of activities. When talking with some other ISPs, we heard of similar stories. In one case, the ISP concerned suspended the spammer's account and contacted Spamhaus to have their blacklist removed, and were told that "due to under-staffing, Spamhaus would not be able to remove the blacklist entry for a couple of days. however, if they would like to make a donation to spamhaus, they would remove the entry much sooner".
To reiterate my earlier point, Spamhaus does provide a valuable service, there's not much doubt of this. But they way in which they are organised leaves a lot to be desired!
Others estimate Spamhaus's blocking efficacy as closer to 75%; by this metric spam would increase four-fold, not ten-fold, if Spamhaus went unavailable
I think the math is a lot more complicated than this implies. Here's how I'd work it:
- P = % Spam (% of all sent mail)
- S(T) = Total Mail Sent
- S(S) = Spam Sent
- S(N) = Non-Spam Sent
- E(T) = Overall Filter Efficiency (% spam detected, Spamhaus + All Other Filters)
- E(S) = Spamhaus Filter Efficiency (% spam detected, Spamhaus Only)
- E(O) = Other Filter Efficiency (% spam detected, All Other Filters w/o Spamhaus)
- F(T) = Overall Type II Error Rate (% false positive, Spamhaus + All Other Filters)
- F(S) = Spamhaus Type II Error Rate (% false positive, Spamhaus Only)
- F(O) = Other Type II Error Rate (% false positive, All Other Filters w/o Spamhaus)
- R(T) = Total Mail Received
- R(S) = Spam Received
- R(N) = Non-Spam Received
We're interested in R(T) and what happens to it with and without Spamhaus. (Assuming we're still interested at all, since math sometimes does thatWith Spamhaus:
- R(T) = R(S) + R(N)
- R(T) = S(S) x [1-E(T)] + S(N) x [ 1-F(T)]
- R(T) = P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)]
Without Spamhaus:- R(T) = R(S) + R(N)
- R(T) = S(S) x [1-E(O)] + S(N) x [ 1-F(O)]
- R(T) = P x S(O) x [1-E(O)] + (1-P) x S(O) x [1-F(O)]
The difference, expressed as a ratio of (Without Spamhaus - With Spamhaus)/(With Spamhaus), is[ P x S(O) x [1-E(O)] + (1-P) x S(O) x [1-F(O)] ] - [ P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)] ]
Divided By
[ P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)] ]
The assumptions yielding either the ten-fold or the four-fold increase seem to be that E(O)=0, and of course that false positives don't matter. Even with these assumptions, the math in the OP is a bit fuzzy to me:
- E(O) = 0
- E(T) = E(S)
- F(O) = 0
- F(T) = 0 [i.e., F(S) = 0 as well]
- [ P x S(T) + [ (1-P) x S(T) ] - [ P x S(T) x (1-E(T)) + [ (1-P) x S(T) ] ]
- Which Reduces To:
The ten-fold increase seems to be predicated upon both P=.9 and E(S)=E(T)=1. However, even if that were true, the increase would actually be nine-fold (.9/.1).yields (reducing above ratio):
Divided By
[ P x S(T) x (1-E(T)) + [ (1-P) x S(T) ] ]
P x E(T) / [ 1 - [ P x E(T) ] ]
The four-fold increase seems to be predicated upon P=.9 and E(S)=E(T)=.75. However, this would yield about a two-fold increase of
[.9 x
Factoring in false positives might actually make the Without Spamhaus scenario more dire, but clearly it would be less dire if we assume that E(O) is not zero. A better approximation would use the marginal efficiency of Spamhaus. Even with a generous assumption that Spamhaus catches an additional third of all spams sent (vs. all others without Spamhaus, and ignoring false positives), the overall increase in R(T) looks less than 50% to me (.3/.7, or approximately 43%).
Here.
Come to Australia so we can strip search you and rob you of your internets, pr0n, rights and freedoms.
It's sad how this statement is becoming more and more associated with freedom nowadays.
Modern copyright is theft of culture from everyone and it retards the progress of the useful arts and sciences.
I can imagine the judges reaction when he realises that he decision has just sabotaged his own personal email. and the reaction of his/her friends when they find out that he/she is to blame for all of the extra spam they are suddenly getting.
"It is a greater offense to steal men's labor, than their clothes"
Spam percentage of a 474 message inbox could only be 100%, 99.78903%, 99.57805%, 99.367089%, 99.156118% ....
Thought it would be funny, but it is not, but I am not going to waste all that typing calculation I did, so will hide behind anonymity ;-)
First, some stats on the mail server I use from a year ago yesterday and yesterday:
October 15 2005 :
Pieces of spam blocked by realtime blocklists: 9062
Top blocklists:
sbl-xbl.spamhaus.org 7193
bl.spamcop.net 1648
dnsbl.njabl.org 221
October 15 2006:
Pieces of spam blocked by realtime blocklists: 47429
Top blocklists:
sbl-xbl.spamhaus.org 40631
bl.spamcop.net 5240
dnsbl.njabl.org 1558
As spamhaus is currently rejecting 40631 emails which consequently don't have to be processed by spamassassin, it would be definitely be felt on this server were Spamhaus to become available. In fact, the reason I started using RBLs to begin with was due to one of the Spamhaus ROKSO culprits sending about 20,000 messages per hour to a dictionary list of users at a hosted domain. The server was dying then, but using OpenBSD's pf databases together with the spamhaus SBL, the problem was stopped cold.