Slashdot Mirror
Fighting "Snowshoe" Spam
Today Spamhaus announced they are releasing a new list of IP addresses from which they've been receiving "snowshoe" spam — unsolicited email distributed across many IPs and domains in order to avoid triggering volume-based filters. "This spam is sent from many small IP ranges on many Internet Service Providers (ISPs), using many different domains, and the IPs and domains change rapidly, making it difficult for people and places to detect and block this spam. Most importantly, while each host/IP usually sends a modest volume of bulk email, collectively these anonymous IP ranges send a great deal of spam, and the quantities of this type of spam have been increasing rapidly over the past few months." A post at the Enemies List anti-spam blog wonders at the impact this will have on email service providers and their customers. The author references a conversation he had with an employee from one of these providers: "... I replied that I expected it to mean the more legitimate clients of the sneakier gray- and black-hat spammers would migrate to more legitimate ESPs — suggesting that it was, in the long run, a good thing, because ESPs with transparency and a reputation to protect will educate their new clients. His reply was essentially that this would be a problem for them in the short run, because it would swamp their new customer vetting processes and so on."
Ummm, unfortunately . . . no.
Greylisting just doesn't work in a business environment. When an e-mail is rejected with a "please try again later" response, it makes the recipient's company look bad at an organizational level. What's worse, senders may ignore these "try again" messages, or never see them at all. Greylisting doesn't work well in high volume business environments.
Facts have a liberal bias.
Why is this being presented as if it were something new?
As early back is 2001, as an admin for an ISP, I would see what I called a "spam attack" - a large number of emails sent over a 24 hour period or so, adding up to (typically) around a million attempted emails to random addresses at the domain name(s) for which I administered.
We used greylisting to stop these attacks, but it was *very* taxing - in a typical attack, I logged well over 10,000 source IP addresses.
These so-called "snow-shoe" spam attacks are pretty much exactly what I saw some 8 years ago.
Everything old is new again...
I have no problem with your religion until you decide it's reason to deprive others of the truth.
I think a better idea...
Stop filtering spam at all. For a whole week.
Let the spammers break the system.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
I don't think you realize just how protected you are from fraud and similar crimes by the fact that they are crimes. You can knock our justice system for being imperfect, but you can't knock it for being ineffective. ('cepting the "war on drugs", of course)
The truth is that we have a first-rate police force and criminal investigation system that is quite effective at enforcing laws of commerce - protections that provide you with a refund if the item purchased didn't work out, etc - that you use so casually, you hardly know they are there.
And that leaves a population terribly unprepared for the wild wooly Internet, where those protections so painstakingly put into place mean almost nothing. You can talk all you want about education and eliminating the source of the problem, but it's never worked before and all of social commerce is set up to work the other way.
So, good luck with that.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
I agree with everything that you say, however greylisting does have value in this situation.
The delay imposed by greylisting means there is more chance that the sending host's messages have been flagged as spam by razor, pyzor, or dns blacklists.
That is the value of greylisting these days, rather than the fact that it drops mail from badly written spambots.
In other words we've come full circle and are back to the days when spammers were actually hosted somewhere. Only this time in a bit more of a distributed fashion.