Slashdot Mirror
Google Mail Servers Enable Backscatter Spam
Mike Morris writes "Google email servers are responsible for a large volume of backscatter spam. No recipient validation is being performed for the domains googlegroups.com and blogger.com — possibly for other Google domains as well, but these two have been confirmed. (You can test this by sending an email to a bogus address in either of the domains; you'll quickly get a Google-generated bounce message.) Consequently spammers are able to launch dictionary attacks against these domains using forged envelope sender addresses. The owners of these forged addresses are then inundated with the bounce messages generated by the Google mail servers. The proper behavior would be for the mail servers to reject email traffic to non-existent users during the initial SMTP transaction. Attempts at contacting them via abuse@google.com and postmaster@google.com have gone unanswered for quite some time. Only automated responses are received which say Google isn't doing anything wrong."
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
Translation: Everything that Google does wrong is actually right. When I think about Google I imagine that it's a big red penis that I can suck.
Your post advocates a
( ) technical ( ) legislative ( ) market-based (*) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(*) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(*) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Don't worry. GoogleBackscatter is currently in Beta. When it goes into production backscatter will be even better!
Wow, only on slashdot does microsoft get the blame for google being evil.
Strange things happen in the internet, The other day I was navigating in the internet and my wife was watching the screen, and when I was typing a url, a nasty porn site appeared as autocompleted, I swear I never visited the site. I'll show this google account problem to my wife, she might believe me now.
abuse@gmail.com has an auto-response. bogus@gmail.com has an auto-response.
I'm sending the e-mail right now. I wish I could see the "abuse" account's inbox in a few hours....
The arms race against spammers has failed. There is only one method of behavior modification left: pain.
... remind them.
It's obvious to me that the only long-term cure is retribution. Swift, sure, immensely painful, intimately physical.
1. "y@y! mee sended 4 baziLLi0000n e''s!!!!!! mee grrlfrrnd crrrream bestest!"
2. Two days later, a heavy-set dude wielding an oven mitt, a meat tenderizing mallet, and a blowtorch relieves you of your upper testicle, the ligaments in your right knee, and two left fingers.
3. "wh0@! bad jewjew! mee not sended grrlfrrnd crrrream again!"
4. PROFIT!!!
Pain, or immediate, palpable fear of it, is the only behavior modification technique that works every time. When they get out of line and start spamming again
An italian hacker got it deeper
http://translate.google.com/translate?u=http%3A%2F%2Fpunto-informatico.it%2Fp.aspx%3Fi%3D2247078&langpair=it%7Cen&hl=it&ie=UTF8
(translation from italian)
On the other Porcacchia warning: "We think, for example, a user interested in a product that loses an object to a boom: an attacker could send an e-mail using the address of the seller, stating that the item has not been awarded and the rioffrendolo victim to a discounted price. who receives the email will control the header? Probably not. " The risk is that you find in a case invischiato phishing well orchestrated, despite the spam filter: "My hope - concludes Porcacchia - is that Google will soon resolve this issue."
If your mailbox is randomly losing mail, your IMAP server has problems and perhaps you should consider trying a better one. However, if you think MAPI/Exchange "actually works" in any meaningful sense, then perhaps your ides of 'better' is significantly different from the average person's.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
No fucking shit
LOL. I learned that one the hard way. A mail server grinding to a halt and an entire raid filling up with messages. I almost could not even get the machine to respond at all via the console, let alone remotely administrating it. Took out the whole mail server during the middle of the day for about 3 hours.
You never heard such squawking from the users and the Pointy Haired Ones. The CrackBerries went down... The Sky is Falling the Sky is Falling...
When I saw that I had DOS'd myself, I actually slammed my head into the rack