Slashdot Mirror
Name and Shame Spam Senders With OpenBSD
Peter N. M. Hansteen writes "Once you've identified spam senders, OpenBSD provides all the tools you need to take one step further: exporting their addresses and publishing the evidence. You can even trap them yourself using known bad addresses. It's easy, fun and good netizenship."
...NO!
Wouldn't it be more fun to go to their house and either serve them with a civil suit for a $Million+ or just beat their computer into a cube with a sledge hammer?
Professional Politicians are not the solution, they ARE the problem.
These have all been used by Leo Kuvayev (often under his alias "Alex Rodrigez" (note the last name spelling)) in his spamming operations. I'm sure there are more recent ones as well.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I agree the vast majority of email sent to "known bad" addresses will be sent by spambots, and that'll probably be the exclusive source for never-published addresses. But in the case where they publish these known-bad addresses on a page that they hope spambots will index, it seems blacklisting based on them is vulnerable to abuse. If I want to get some server blacklisted, and I have any sort of access to send mail from it, I can just send mail to the known-bad addresses. For example, good way for mischievous students to cause mayhem by getting their university's mail servers blacklisted.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Sorry, I'd never claim citizenship on the internet, after all, who'd want to live in a place that was almost entierly composed of porn?
Oh wait...
A learning experience is one of those things that say, 'You know that thing you just did? Don't do that.' - D. Adams
I think someone tried the latter approach already and it didn't end up helping her much
while(1){sig.get()}
Your post advocates a
( ) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
(X) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
They can call it easy, fun, and good netizenship... But I say they're just putting a friendly face on vigilanteism.
From a technical perspective this isn't that different from other collaborative filtering systems (though since the listing criteria is based on secondary sources, it's going to be susceptible to confirmation bias and other sampling errors, so this isn't likely to be a good one). I take big issue with the naming, though: Other collaborative filters say that "This machine is listed because it met these criteria", which you then make your own decisions on.
It crosses a line when you're saying they should be "shamed", especially when you're not taking extensive precautions to make sure you're not listing innocents.
If you want to "name and shame" someone, you need to be 100% sure you got the right person. E-Mail is such a vague and diverse system that you really need to know your network technologies to be able to find who's spamming you with any certainty. There's no automatism which can do it for you. Besides, you don't want to turn into one of those bitter and overzealous anti-spammer types, do you? Work with people who operate or host compromised computers which send spam, improve your spam classification systems, get on with your life.
Really is spam that big of a problem anymore? Ever since I've switched to Gmail all my spam has been blocked by it or blocked by a simple mail filter. Now then again, I don't give my real e-mail address to everyone and their brother, but individual spam blockers have come a long, long ways.
Taxation is legalized theft, no more, no less.
What's the point of trying to *shame* a spammer? You can't shame someone who has no shame.
Naming them is pointless, too. "Oh, hey, I found out it's a guy named Viktor in the Ukraine sending me all this spam!" Now what?
I could be misreading, but I think he's using the IP of the server that actually connects to his server and attempts to deliver mail, not the IP reported in the mail headers.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
I agree that being a vigilante can be risky business. Report spammers to your local branch of the Internet Police.
That form looks like a wise and economical approach, but what in the earth could pass clean that form? phone calls? SSL channels with certs? SMTP-Ajax(?)?
That spammers couldn't just be very selective in their targeting. "Oh, sweet, I just got an e-mail about cheap Canadian b33r!"
What's with all these recent stories on Slashdot which have nothing to do with Australia?
I don't come to this site to read anything except self-indulgent promos about how amazing and sophisticated Australia is.
Could it be that with kdawson's absence other Slashdot editors are sneakily slipping in stories which have absolutely no connection with or relevance to Australia?
I think we're all in agreement that the sooner kdawson returns the better!
Most of the article is about grey listing. That's nearly suicidal for most mail server administrators. When I tried it, it did make a difference.
Of course, while it is working..........
Executive A, "This guy just sent me a contract 60 seconds ago. I keep clicking the damn send/receive button but it's not coming in. Are you a fucking moron or something? What the HELL is going on?!!"
Either paranoia, or people trying to send email with attachments to each other while *on the phone*, makes grey listing a huge hassle for the administrator. You just can't force a delay in email of 10 or 20 minutes for most users. The pitch forks and torches come out.
Once you do use it, you cannot control the duration of the delay either. The other mail server has its own settings on how often it retries mail as well. So yours is set to 3, theirs is set to 20. The delay is 20.
I also find it hard to believe that the spammers have not figured this out. It's not like they are stupid. They try very hard to deliver their payloads. It would be trivial to update their software to retry messages that receive those codes.
Oh, and if you have high volume get ready to drain some resources. Keeping track of thousands and thousands of IP addresses in a grey list to determine which one can communicate at what point is resource intensive.
Wow, what a stupid idea. He is just adding to the problem.
Most spammers never look at return mail. The return address is usually bogus, or, worse, somebody ELSE's legitimate email address.
As a one-time victim I can attest to the potential damage of the approach this idiot is advocating. (My domain name was used in a prolific spammer's return address - the resulting deluge shut-down my ISP for a few hours. My domain at the time was live.net - the spammer was advertising a phone service with "live girls"...)
Spam return addresses are generally MEANINGLESS and by publishing them you are potentially harming an innocent third-party.
Wow you're an idiot and you don't understand email. He's using the TARGET address to blacklist the IP ADDRESS from the SMTP CONNECTION. That's the envelope sender, not the mail header's return address.
Do your research before you start casting wild allegations around.
I do believe OP missed one more, namely:
(X) Blacklists suck
But really,
(X) Why should we have to trust you and your servers?
sums up the failure quite nicely.
Don't be so quick to call someone an idiot. Look at the last link in the summary.
If I understand correctly from a quick scan of the explanation, the list you see there is what they have supposedly seen as fake "From:" addresses (which they happen to know to be undeliverable).
So while it's not quite as bad as what GP thought, it's (IMHO) dangerously close.
... is it good Nietzscheanship?
spamd has been around since OpenBSD 3.3. Not news at all. Anyway, I probably read this on undeadly.org, but one feature is particularly funny. When a probably spammer is connecting to your server, the greeting is sent with a TCP window size of 1 byte and a rate of 1 byte per second. Most spammers won't expect a connection to be so incredibly slow, so you end up wasting their time. It isn't meant to stop spam, but you can make spammers frustrated.
greytrapping hosts at the University of Alberta generates a downloadable blacklist based on the greyptrap data, updated once per hour, ready for inclusion in spamd setups elsewhere.
What stops the badguys from flooding the U of A email domain via gamed accounts (hotmail, yahoo, etc) and poisoning the list to block an unacceptable amount of legitimate traffic?
> Really is spam that big of a problem anymore? Ever since
> I've switched to Gmail all my spam has been blocked by it
Spam is annoying, no question. Having legit email blocked
by braindead antispam filters SUCKS. Gmail blocks legit email.
Yes that is a BIG problem when a gmail address is the only
contact info you have for someone.
But, that is the sledgehammer-to-the-mosquito solution, hehehe. But, then again, if it werks....
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
I'm a contributing member of Project Honeypot, having been responsible for "catching" several spammers with my little honeypot, and I'm also contributing an MX record for its use. I think that's good enough. If everyone who had even a simple blog contributed to the Project, there'd be no place left for spammers to hide. Its http:BL database exists as a free resource for anyone to use. Not only do I contribute to Project Honeypot, I also use http:BL to help keep the comment spammers out of my blog:
http://vulcantourist.info/media/PivotSpamLog.pdf
Great thing to do to people that you hate.
Joe Job, if you have to look it up, you shouldnt be suggesting anti spam solutions.
Totally wrong front to battle the spam. Spam can EASILY be fought if ISPs really wanted to. They don't want to because it generates traffic they charge to their (infected) customers.
But if ISPs seriously applied the P2P blocking technology to email filtering, and blocked out infected windows boxes, THAT would spell the end of spam once and forever. Until then, (borg voice) resistence is futile.
all i can think of when watching this is falling black dude
AAAAAAAAAAAAAAAAAAAAGGGGGGH
At least here in Finland we have laws against disturbance of domestic peace. I would assume that USA has at least similar if not much stricter laws about that. IE., I am not allowed to come in front of your house with a megaphone and shout whatever I want, day and night, non stop and disturbing your life.
As such, I shouldn't be allowed to do that online either. Shouting over 9000 times into your inbox (which you might need to communicate with your friends, to do your work, etc. so you can't just choose not to use it) should be no different than shouting over 9000 times in front of your house.
Razor/Spamcop, Pyzor, and DCC are heading in about the same direction, just without using such caveman tools as compiling huge webpages. So how is that BSD caveman's blog worth all the fuss?
Strange - Last time I used OpenBSD I thougt it was an operating system, not some anti-spam software.
It is nice to have some feedback from someone who has actually tried something of the sort, instead of the usual gut-driven reactions. How does just posting 'No' get moderated to 5? Kinda makes you distrust all trust-based networks.
I would have thought the original articles description ought to work. You don't slam someone from white to black because their posting has crossed some arbitrary line. You slowly crank up the delay. Just asking for a resend ought to filter out most of the dumber spambots. If subsequent posts seem OK, then they get their whiteness back. You don't chuck them in the tarpit unless you are really sure. Something has got to keep a tally of squillions of nano-grudges, but that's what computers do best. Sounds like your mail daemon was somewhat shit. Likewise, Executive A.
I do think publishing blacklists is a bad idea. It gives spammers and pranksters feedback. They will surely use that against you.
The best thing about this solution is that it is not passive filtration. It actively fights the spammer or spamming bot engine back. In fact, it is delightfully evil because it is fundamentally both an economic and technical solution. Spam has been a popular method of advertising because it is economical compared to mass market fliers, mailers, and faxes. The greytraps, tarpits, and the name of shame list takes the economics right out of sending spam. Better yet, it is not a solution that spammers can easily adapt to because their robots harvest addresses from web sites and a robot is unable to tell a good address from a bad one. Therefore, the OpenBSD Spamd solution is actually using the spammers' harvesting tools as a weapon in a fight against the spammer. This is essentially the most elegant way of fighting back as results are immediate, the cost of operation very, very low, and have none of the delays and dickering around of a legal solution.
1/ Using someone's computer without their permission is a criminal act
First there's the upfront sponsoring of criminal acts. Those supporting MS products are sponsoring anti-competitive and often illegal business methods. Second, Windows can be said to, in effect, be designed to make these takeovers easy, we can extend that observation: running Windows while connected to the net is a criminal act.
Now those are from unpatched systems. However, many remote exploits are available for years before Waggener Edstrom / Microsoft even acknowledges their presence. Remember a bug exists, and can have published exploits, whether or not the company acknowledges its existence.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
He's generating a list of spamtrap addresses, based on his server logs of the unknown addresses in his own domain. If your address isn't in his domain, you're unaffected.
He is publishing his list of bad addresses on a page as a spamtrap. If you don't harvest email addresses off this page, you're unaffected.
He's publishing a list of IPs which have sent messages to those spamtrap addresses (at his own domain, using his own mailserver). If your server didn't send mail to a spamtrap address on his server, you're unaffected.
This has nothing to do with spam return addresses, other than the fact that a lot of his log entries with unknown addresses are due to spammers Joe Jobbing him (just like they did to you). He's just taking that data, and further using it to catch other harvesting/spamming operations.
How about if we allow email receivers to set their own rates. Friends and family get to send me mail free. Businesses that I have some relationship with can send me mail for about the price of a stamp. Other business I've never heard of, have to pay more or the mail just gets rejected. Better be a good sales pitch.