Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is There Any Reason to Report Spammers to ISPs?

Posted by Cliff on from the does-it-do-any-good dept.

marko_ramius asks: "For years I've been a good netizen and reported spam that I get to the appropriate contacts at various ISPs. In the entire time that I've done this I've gotten (maybe) 5 or 6 responses from those ISPs informing me that they have taken action against the spammer. In recent years however, I haven't gotten any responses. Are the ISP's so overwhelmed with abuse reports that they aren't able to respond to the spam reports? Do they even bother acting on said reports? Is there any real reason to report spammers?"

5 of 117 comments (clear)

  1. Reporting helps, keep doing it by TheSkyIsPurple · · Score: 4, Interesting

    I've worked for a very large ISP, and we never responded to them, but we took action on every single report.

    Often, just counting against a mailhost for eventual blockage and upline reporting... but it helped block spam from other people (and more spam to yourself) at the least.

  2. Not at all! by VincenzoRomano · · Score: 4, Interesting

    Spammers run their own MTA or MTAs other than those by the ISP.
    Provided that there is a clear proof (and not just someone's report) that a customer is a spammer, they would have two options:
    1. filter out their outgoing SMTP traffic or
    2. shutting down the link

    Spammers then would probably change ISP in a snap.
    The real (technical) point should be: why spammers do exist? One answer could be "because SMTP has not been designed to cope with authentication and authorisation."
    Maybe it's important to look at problems from the correct perspective.

    --
    Maybe Computers will never be as intelligent as Humans.
    For sure they won't ever become so stupid. [VR-1988]
  3. Re:Dont bother - they're in on the racket by walt-sjc · · Score: 5, Interesting

    That may have been back when you worked there, but it's quite obvious that it's not the case now. If ISPs gave a shit, they would block outbound port 25 by default for dynamic IP clients (and maybe ALL IPs). That would stop at LEAST 95% of the spam botnets. This works best with a tool to allow you to open the port if needed (running a mail server.) Running a mail server on a dynamic address at this point is futile as a good portion of servers will block you anyway. MUA's should all be configured to use port 587 for authenticated submission.

    ISPs could also install sniffers to watch the rate of outbound off-network port 25 SYN packets, and investigate unusual activity. Oh and don't go saying that this is difficult - just talk to AT&T and the government - they have been sniffing ALL traffic.

    But it's VERY VERY rare to find an ISP that does ANYTHING AT ALL to stop outbound spam. Oh sure, they are perfectly willing to install blacklists and filters on inbound, but outbound? Nothing. They don't care. The only way to fix this is to make habitual offenders be financially liable. ISPs also need to make end users liable and start enforcing their TOS, disconnecting grannie and her POS windows box that has no firewall, anti-virus, and is running spambot software.

  4. No, I strongly disagree... by msauve · · Score: 3, Interesting

    with any sort of port blocking, either inbound or outbound. Unless free and open communications are allowed, they're not an ISP, they're a "web browsing service provider," and they are damaging, not helping, the Internet. Port blocking is anathematic to the purpose of the Internet, it interferes with open peer to peer communications. Port blocking is the equivalent of governmental prior restraint.

    What ISPs should do is to identify nodes which have actually been infected by a botnet (or are otherwise sending spam/malware) and nuke them in accord with every ISP TOS out there. But, that would be more work, and cut into their revenues, so they don't want to do that.

    I run a firewall (iptables), run up-to-date malware scanners, and take responsibilty for what leaves my network. If my security is ineffective, and one of my machines starts spewing spam, I should be cut off and held responsible. But, I should not be penalized or limited because of the actions of others.

    Finally, it should be obvious that port blocking, refusing acceptance of smtp connections originating from dynamic IPs, etc. simply hasn't been effective against spam. Spam continues to increase, and will continue to do so until action is taken closer to the root causes - networks start going after originating machines, law enforcement start going after businesses using spam (and, of course, instituting a death penalty for anyone caught purchasing any product from a spammer).

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re:No, I strongly disagree... by kchrist · · Score: 3, Interesting

      You obviously have no idea what the reality of this is like but I'll try anyway.

      We absolutely did shut down the users sending the spam, but the largest offenders didn't care, because they weren't legitimate customers; they were large-scale spammers creating literally dozens of spam accounts daily, using stolen credit cards. Surely you've heard the expression "whack-a-mole"? That's what we were playing and the deck is stacked against us in a situation like this. These particular spammers were almost exclusively using overseas open relays to send spam from these fraudulent dialup accounts and implementing port 25 filtering got them almost entirely off our network in one fell swoop.

      Once we reduced the load of that particular problem we were able to go after the smaller spammers, the ones spamming through our own mail servers. These were much easier to catch and we terminated the accounts on sight. We also charged a $200 "clean up" fee, but again, spamming and credit card fraud go hand-in-hand, so this had little effect as a deterrent.

      We implemented port 25 filtering somewhere around 2000 or 2001. This was before the rise of the spam botnets we see today. Spam proxies are hard problems to solve because the vast majority of end users out there simple aren't able to understand what's happening, yet they are the ones who have to deal with it. Nonetheless, we gave them one warning, accompanied by loads of information on what software to download/buy or who to hire to fix the problem, and then terminated the accounts if they didn't fix it.

      Tell me again how we left anyone alone to abuse the internet?

      You're also talking about two different things here, I think. Outbound port 25 filtering does not result in mail being blocked. Anyone unable to send legitimate mail through other mail servers was given the available options: use our outbound mail servers or use the mail submission port (587) on their other server. Either of these are trivial and no mail was prevented from going out, ever.

      If you're talking about blocking mail originating on dynamic IP address ranges, this is an entirely separate and unrelated thing. This can result in non-delivery of legit mail (obviously) but the senders got a helpful bounce telling them what the problem was. And again, mail servers running on dynamic IP address should smarthost their mail through another server. Problem solved.

      I'm sorry if either of these things upsets your utopian vision of a free, wide open internet, but the reality is that there are very serious problems that cannot be dealt with without taking what may look to you like extreme measures. We had a small number of customers like you -- people who absolutely rejected the trivial changes required to work with our new policies -- and a business decision was made that we can't make 100% of the people happy 100% of the time, and we were ok with that. We had a far greater number of customers who made the changes they needed to, and then never thought of it again because in the end, it really wasn't a big deal to most people.

      --
      Web consulting +