Hotmail Implements Spam Filter System

emerson writes "News.com is reporting that Hotmail has finally taken the plunge and decided to implement the MAPS RBL spam "blackhole" list. The article notes that they have seen a marked decrease in spam in just a short time. Read the whole article." More and more ISPs seem to be jumping on the MAPS RBL bandwagon. It's a very good thing IMO, especially for the "free" e-mail services that attract spammers the same way picnics attract ants.

Re:WTF

[Perrin-GoldenEyes]

Because this is still a good thing. Not everything that Microsoft does is bad. Their OS monopoly sucks, but all prejudice aside, they have some really nice products. I have quite a few pieces of Microsoft hardware, and they are all excelent. Powerpoint is a fairly good product. Though I'm somewhat afraid of the flames I'll get for saying it, Internet Explorer (4 or later) is pretty good. Running in windows, it's fast and way more stable than Netscape.

I think it's unfortunate that many people seem to lose sight of many of the main objections to Microsoft and just slam the company as a whole. I think Windows leaves lots of room for improvement. However, that doesn't bar them from releasing other quality products. We don't like Microsoft because of some of their business practices, but how much better are we if we just automatically say "It sucks because it's from Microsoft," without even investigating what "it" is.

A spam filter on hotmail is a good thing. I'm not above saying, "Way to go, Microsoft!" when they do something good.

Way to go, Microsoft!


Cheers,
Perrin.

Re:WTF

Well you know, *everyone* should have a Hotmail account. It is an excellent address to have you SPAM sent to ;) After reading this article I checked my hotmail account. 9 messages in the last two days. All SPAM. Is this really a decrease as of late ? R.

Good news...

[Gerv]

because the RBL becomes more effective the more systems implement it. If an ISP suddenly finds it has been RBLed, and therefore it's customers can't reach half the e-mail addresses on the planet, it'll shut down its spammers or secure their mailserver pretty sharpish ;-)

Gerv

Re:Good news...

[Egorn]

Right! We use it a lot on our servers.. Also I wanted to make note of how late they are in doing this I mean look at NetAddress(USA.net) they have had it since.. Well as long as I can remember.. and that's a long time over 3 years.
------------------------------------------ -

Seriously good news!

[jonathanclark]

This means ISPs who have been lazy about closing their spam relay holes will have to take the RBL seriously now. If you are running a server and want to make sure you don't have any holes that will put you on the RBL telnet to mail-abuse.org

Finally.

[J1]

Wow. Hotmail just shot up 10 points on my esteem-o-meter. Basically, the last paragraph sums it all up: "Functionally, the RBL is a way of saying you're not holding up your end of the bargain. Isn't that a good reason for you to fix what's wrong with your system?" This whole issue has nothing to do with freedom of speech, it's a technical matter: if you haven't configured your server in a way that prevents abuse, you should expect to be shunned by other providers. Hotmail adopting this viewpoint may well give the anti-spam movement a push in the right direction.

an open relay called hotmail.com

hrmm.. still as long as any dude can just get a hotmail account or anything of that similarity we will be plagued but the sin called spam. and what a forum to recice spam, I beleive this isnt an improvement

Re:an open relay called hotmail.com

[cruise]

Although Hotmail implements protections from allowing their own users to send too many emails/spams out.. There is nothing stopping me from creating hundreds of hotmail accounts and creatively spamming a bazillion users.

How many times do you think Hotmail itself shows up on the spam blocking services available? I quit my sysadmin job for something more rewarding and aside from the user support, spam was the number two headache I had to deal with. LOTS AND LOTS of spam comes from Hotmail accounts.

The spam issue will not come to an end by these means. I hate to say it but I really think the only thing that will stop the spammers is a world wide agreement to prosecute harshly.

Re:an open relay called hotmail.com

[Paul+Wright]

LOTS AND LOTS of spam comes from Hotmail accounts.

Lots and lots of spam has a hotmail envelope from address or a hotmail reply address, but I've never had spam which actually originated at hotmail.

Spamming via hotmail would be really painful and slower (even with a Perl script to handle it for you) than just finding an open relay and/or a throwaway dialup account. Unless all the other ways of spamming get locked down, I don't think we'll see this happening much.

Finally.

[J1]

Wow. Hotmail just shot up 10 points on my esteem-o-meter.

Basically, the last paragraph sums it all up:

"Functionally, the RBL is a way of saying you're not holding up your end of the bargain. Isn't that a good reason for you to fix what's wrong with your system?"

This whole issue has nothing to do with freedom of speech, it's a technical matter: if you haven't configured your server in a way that prevents abuse, you should expect to be shunned by other providers. Hotmail adopting this viewpoint may well give the anti-spam movement a push in the right direction.

ObSneer: Something good from Hotmail. What next, pigs with wings?

about time too

My hotmail account has been getting about 10-30 spam mails a day for a while. Usually I will use spamcop.net to report offenders - but hotmail has allowed the spammers to send mails with no sender, no recipient - basically, no headers but the subject and a fake from line. No way block those has existed. Wonder if they will do something about that now ??

Re:about time too

[Guardn]

They should take a look a the spam filters at yahoo mail. I have an account there for over two years,that I give to people or websites I don't trust and I have not received a single spam-mail on that account.

Global spam killer

[slashdot-me]

Wouldn't it be neat to have a centralized database that would collect the hashes of various spams. Email clients could query the database to see if a message was spam before presenting it to the user. When a user receives spam, just forward it to the database and it would be blocked for everyone else. 'Course its probably been patented already.

Re:Global spam killer

[robinjo]

Not really a good idea. Imagine the horrendous amounts of hits that one would get every day. Also delays would be quite horrendous and make reading e-mail a pain.

Just make a deal with Russia and send all the spammers to Siberia :-)

Re:Global spam killer

[nocleverhandle]

See Brightmail, I think it is fairly close to what you are talking about. Unfortunately it is a proprietary, for-profit system. Not sure if they have patents. There is an overview of the system design. I believe the software is written in Perl!

Re:Global spam killer

[B.D.Mills]

This probably won't work if you just go by the subject or content of the message. I have a Hotmail account that gets a few spams a day, and this has allowed me to study spam mail in some detail.

Some spam software adds random stuff to the subject line and/or at the end of the message in an attempt to confound such filters. One common spamware program adds a random number at the end of the subject, and another random number with a row of asterisks at the end of the message. I have occasionally gotten duplicate spam from the same source, and these details are different each time.

However, this is also a weakness of the software that would allow you to write another filter. Anytime you get a message with a subject that ends in '(' one or more digits ')' and/or that ends with a row of two or more identical characters followed by a number by itself, it is spam. Guaranteed.

Here's some samples I made up to illustrate what I mean.

Subject: Buy millions of e-mail addresses! (194843)

(blah blah blah spam blah blah blah buy buy buy)

******************************
59859


A better technique of filtering might be to use some heuristics to determine the probability of a particular message being spam.

Magic Spam Filter

1. From address is suspect? Add two points.
2. "To:" header is suspect? Add two points.
3. Fake "Received:" headers? Add four points.
4. "Message-ID:" is suspect? Add two points.
5. "Bcc:" header is present? Add one point.
6. Add one point for every 10 addresses in the "To:" header. (Some AOL spammers are really stupid.)
7. Does the mail body contain hyperlinks? Add two points and save hyperlinks in database.
8. Does the mail body contain an e-mail address? Add two points and save e-mail address in database.
9. Does the mail body contain what looks like an American-style phone number? Add three points and save phone number in database.
10. Does the mail body contain a mailing address? Add two points and save mailing address in database.
11. Does the mail body contain the words 'free', 'S.1618', 'remove', 'XXX' or any other common spammer words and phrases? Add one point for each word.
12. Does the mail body contain anything that's already in the database? Add one point for each match.
13. Does mail match known spamware patterns? Add three points.

If the e-mail scores ten or more points, it's spam - chuck it out!

(I leave the implementation of such a filter as an exercise for the reader.)

--

This is the kind of thing that makes life great.

[Lonesmurf]

I have an account that i use to filter all my spam through.. the account that i use when i need to get a mail.. but i know will get sold to spammers.

That account is usually getting about 20-40 spams a *DAY*.

That same acount was empty when i checked it this morning.

That has never happened before. Thank you RBL.

--

Is this really shocking news?

[Abigail-II]

Well, I guess in one way it's nice, but wouldn't it be better if hotmail customers can decide for themselves what to filter? OTOH, hotmail accounts are free, so people get what they pay for.

It isn't making me removing hotmail.com from my procmailrc file though...

-- Abigail

Re:Is this really shocking news?

[arafel]

>Well, I guess in one way it's nice, but wouldn't
>it be better if hotmail customers can decide for
>themselves what to filter?

In some ways, yes, since I use my hotmail.com accounts for spam reporting purposes (one is used for newsgroups, and the other sends the reports about the spam sent to the first :)

OTOH, if something's on the RBL then the source is (in effect) a spamhaus, so I guess I'm not really losing anything.

HotMail *IS* a spam filter

[VSc]

Well for 'the best of us' who are lucky enough to have a real account, HotMail seems to always have been a spam trapper - a way to indentify yourself on newsgroups, registering on a free account (NYT comes to mind) or registering on nearly anything else: you would surely get something of the sort:

• In order to do that / download that / go there please fill in this simple 35 step form, required fields are marked with * (e-mail is marked with an * of course)
  
• "Thank you for you registration, here is your password" + spam spam spam (buy that buy this). The last line says "This is not spam because we include unsubscribe information" (Their concious is not clear already I see ;-)
  
• "Half an hour ago you displayed an enormous interest in our product so here are some news for you" + spam spam spam
  
• You be polite you unsubscribe
  
• "We are awfully sorry that you would have to leave us" + spam spam spam (this is already interesting - they spam you while you try to unsubscribe!). In order to unsubscribe, go to URL:blah.blah.com
  
• Being the patient soul you are, you go to the URL
  
• Unsubscribing, you get the (hopefully final) e-mail stating "You've been unsubscribed, we don't know how we can go on living without you" + spam spam spam.
  

So, just trying to make it as painless as possible yields you at least 5 spam emails, all trying to unsubscribe. They sure don't waste their tim with that.

All spam starts with the line: "THIS IS NOT SPAM"

Re:HotMail *IS* a spam filter

[Sorklin]

All spam starts with the line: "THIS IS NOT SPAM"

My favorite starting line is "THIS EMAIL IS NEVER SENT UNSOLICITED." Funny, I don't remember searching out spam and requesting it.

That one is followed closely by "TO UNSUBSCRIBE YOU MUST CALL THIS NUMBER. THERE IS NO OTHER WAY TO UNSUBSCRIBE." That one is good cause if you are stupid enough to call them, you have a nice charge on your bill, and I guarantee that you will be completely inundated in spam (having been one of three people who actually called).

Sheesh.

MAPS Lists

Well well, i noticed my ISP is on the list, (eu.net), no wonder my inbox is spam-free, except for newsletters i sign up for. I didnt even know about this before this /. link. It all makes sense now.

Re:MAPS Lists

[Krellis]

This isn't how the RBL works. An IP/IP block that is on the list is banned from sending mail to anyone who is subscribed to the list. Well, you can choose to do special things with people on the RBL, but most sites using the RBL will just send anything from sites which have been RBL'd straight to /dev/null. Now, if you mean your ISP is on the list of people who USE the RBL, you should have been more clear.

---
Tim Wilde
Gimme 42 daemons!

Re:MAPS Lists

[heypete]

That's one way that the RBL works -- Mail servers query the RBL list to see if it's from a "bad" source. Some ISP's configure their routers to discard ALL packets both to and from that source. That pretty much renders the "bad" host cut off ("blackholed") from that host. It's quite fun to see, really. :-)

Too late...

[StrawberryFrog]

I had a hotmail box for anonimity reasons. It is spammed to hell and back (mainly becuase I made 2 mistakes in the early days - I put the unmangled email address on a web page, and I wrote angry replies to spam).

About a month ago I moved over to webmail.co.za becuase I was sick of deleting 40 useless messages every week. Praise to hotmail, it's just to late.

Re:Too late...

[arcum]

Agreed. I had a hotmail account both for spam and newsgroup communication, but I abandoned it soon after their security problems in favor of hushmail (same username...).

I posted messages on 2 or 3 newsgroups about switching my email with the old one mentioned flat out in the post, and the new one spamguarded. Checked my abandoned hotmail account a couple days later and there were 100 or more spams...

The irony is killing my inbox

[gad_zuki!]

Spammers using Hotmail will be happy to have a mailbox that won't fill up with their competitor's spam right before it gets canceled.

Maybe from now on all spam will be from Hotmail.com to Hotmail.com.

"Who needs open relays when you can get a free mailbox in 96 seconds?"

Re:The irony is killing my inbox

[frankie]

Everyone repeat after me: "spam with Hotmail in the From line usually is NOT sent from Hotmail". Most spammers are abusing an open relay and forging the From address to deflect attention.

Some spammers might use Hotmail as a drop box, but it's not a very good choice since it will get cancelled in a few days and lose most replies. These days most spams use dedicated spam-friendly domains (like conru.com) for their drop boxes, or don't give you a valid email address at all.

If you aren't your own mail admin, go tell your postmaster to use RBL. When it reaches sufficient density, other admins will work very hard to stay off that list, and spamming will get that much harder.

It's easy, really.

[pen]

Spam filtering is easy! Heck... even Outlook can do it!

1. Create a rule to move all mail that doesn't contain your email address in the "To" header.
2. Create another rule (with a higher priority than the one above) to skip certain messages that you do need (mailing lists, etc.)
3. Voila! Enjoy a spam-free life!

If you're afraid that some important email may be accidentally deleted, make the messages go to a temporary "Spam" folder, and check it once in a while.

Actually, my Hotmail accounts are the only ones I didn't do this with, as Hotmail doesn't allow filtering by the "To" header.

--

Re:It's easy, really.

[freakho]

Actually you can overcome hotmail's infantile filters, hotmail lets you use an email client to check your mail. (Yeah, I couldn't believe they'd do something this cool and not announce it either) The servers are pop.hotmail.com and smpt.hotmail.com. Just use an email client with the filters you listed above to check your hotmail, and voila.

fh

Re:It's easy, really.

[veg]

It's amazing features like this that make outlook the wonderful program it is.

Here's another method. Simply let the spam go straight into your inbox and delete it yourself as you read through. That way you wont have to check the 'spam' mailbox all the time and you wont send messages from mailing lists into the bin (unless they're from the N30 mailing list of course).

Still no match for RBL tho'.

Re:It's easy, really.

[pen]

It's apparent that you don't get 10 or more spam messages per day, and that you haven't looked at the headers of the spam mails.

Sorthing through the spam is a tedious and annoying process. Almost all of the spam I receive (so far, no exceptions in nearly a month, with 10 to 20 mails a day) does not have my email address in the "To" header. Maybe some Sendmail hackers can explain this to you, as I don't know it well enough to be sure that my ideas are true.

As for accidental deletions, I think I covered that in #2. Usually, if not always, the mailing lists will either come from the same email address, contain a certain string in the "Subject" header, or both.

Again, in the little-more-than-a-month of the filters being in effect, I have had no accidental deletions whatsoever. And I do get a lot of email, including some from mailing lists.

--

Re:It's easy, really.

[pen]

Officially (at least last time I checked) Hotmail charges for these services. I have tried them a few times, with months in between, and found them very unreliable and slow. If you want a free POP3/SMTP account, try HotPop, which even gives you a choice of a few different domains.

--

Re:It's easy, really.

[Sesse]

But then, about 30% of my spam is addressed to my own e-mail address...

I've released a product (yeah, yeah, here comes the commercials) called spamstop, which does this and has many other rules. Couple it with the RBL, DUL and others (if you can -- not everybody runs their own SMTP mailer, you know!) Check out its Appindex record. (Well, calling it a product is a bit too much, but it's effective enough.)

Anti-spammers, unite!

/* Steinar */

Re:It's easy, really.

[jridley]

Yes, as long as you don't subscribe to any mailing lists. About 90% of my mail comes from mailing lists.
I think this is pretty funny, considering that hotmail.com was the first domain to go into my kill filter. I have it killed at my provider; I don't even receive them.
Nonetheless, I am glad to see another major email service using the blackhole list.

Re:It's easy, really.

[PD]

Two more options for this:

Yahoo.com will let you use a POP server if you agree to let them send you advertisements. This is sort of an opt-in scheme. I do not use the POP server, and yahoo has not sent me any spam, which is as it should be.

Geocities also runs a pop server, and the accounts are free.

mail.com will forward e-mail to another account. I use their startrekmail.com as my spam drop, which forwards to another account that I have on another service. If I ever get too much spam from startrekmail, I will just register another name.

I've noticed that accounts at netscape.net and altavista.net collect spam even when the accounts are unused. I have pdrap@netscape.net and pdrap@altavista.net and both are full of spam though I've never used them. Stay far far away from those.

Re:It's easy, really.

[leonids]

Someone might want to correct me but can these spammers be systematically spamming aaaaaaaaa to zzzzzzzz? Might explain why my unrevealed emails too get spammed for no reason. Unless of course those companies sell out our address.

Re:It's easy, really.

[Paul+Wright]

Someone might want to correct me but can these spammers be systematically spamming aaaaaaaaa to zzzzzzzz? Might explain why my unrevealed emails too get spammed for no reason. Unless of course those companies sell out our address.

I believe that must be what happens with hotmail, as I've not revealed my address widely yet it gets a load of spam. Sounds to me like someone ran a dictionary against @hotmail.com and remembered which ones didn't bounce.

For ISPs which give you your own subdomain, DNS zone transfers (or dictionary attacks on the DNS where ISPs do not allow zone transfers) are another variant on this: the DNS definitely was used by Insight.com to spam Demon and Freeserve users. Shame really, as I might have wanted to use Force9 or buy hardware from Insight.

Re:It's easy, really.

[pen]

You do realize that there are 2821109907456 different combinations between (and including) aaaaaaaa and zzzzzzzz, right?

--

Re:It's easy, really.

Can Outlook Express do it? I can't find any ways to select all messages that don't contain my e-mail address. I can select messages that do though. Unfortunately, it won't let me default all messages to the deleted folder, and then put stuff with my address in the inbox. Can you help me?

Re:It's easy, really.

[Pascal+Q.+Porcupine]

The 'To:' header in the message itself has nothing to do with the message it was sent to. Your typical SMTP session looks something like this: (italics is what is sent to the server; username is typically gotten through the auth mechanism)

220 some-mailserver.fred.org ESMTP Exim 2.05 #1 Wed, 10 Nov 1999 22:54:45 -0500
HELO some-machine.bob.net
250 some-mailserver.fred.org Hello username at some-machine.bob.net [192.168.1.2]
MAIL FROM: bob@bob.net
250 is syntactically correct RCPT TO: some-user@fred.org
250 is syntactically correct DATA 354 Enter message, ending with "." on a line by itself From: Bob Loves You <bob@dobbs.net>
To: your friend <fluffy@yellow.com>
Subject: I love you

I love you!
.
250 OK id=11llKJ-0000we-00
QUIT
221 some-mailserver.fred.org closing connection

Notice that the To: and From: lines in the message itself (what comes after the DATA) have nothing to do with the actual sender and recipient as far as the mailserver is concerned (the MAIL FROM and RCPT TO, respectively, in the SMTP negotiation). SMTP is a very simple, open, flexible protocol which assumes that everyone is benevolent and sharing. Sadly, this isn't so, which is why now the domain in the MAIL FROM or RCPT TO must be one handled in some way by the mailserver (otherwise it's an open relay), and why there's lots of fun authentication (such as the identd) to make tracking non-benevolent users a little bit easier.
---
"'Is not a quine' is not a quine" is a quine.

spam will always be a problem

[Ater]

I logged in to one of my old hotmail accounts after reading this article, and if there's really been spam reduction efforts, I haven't noticed. I have about 15 spam mails dating from last week (I did not sign up for any mailing lists or register anywhere with this address. I did sign up for webspace at some odd site, but I put its spam domain on ignore already). I took a look at the domains and saw about 8 emails from various obscure/unlisted domains which I assume to be open mail servers. Moreover I had 2 emails from RealNetworks, which had supposedly been blocked according to the article. Another problem I noticed is that the rest of the spam came from major 'legit' domains like yahoo.com, aol.com, and hotmail itself. There's no way hotmail will block these huge domains off, and since a LOT of spam is generated by such sites, the spam problem will still be in effect. Despite hotmail's and MAPS' best efforts, I really don't see anything a e-mail provider can really do to fully prevent spam.

So I guess spam handling is still more of a personal issue than anything. My advice for spam control would be as follows:

1. Don't give out the adress for your main ISP account... I never even use mine since I learned my lesson with my old ISP. I gave out the account to every sleazy signup site and ended up with about 100 msgs on the server at one point... which is a real pain when on your main account.

2. Either use an extra e-mail account from your ISP, an account on a friends domain, or a low-profile free mail service for your main email adress. You most likely won't be placed on any mass spam list if you only give the adress to people you intend to communicate with. Plus you have a greater level of anonymity should you need it or desire it.

3. Hotmail accounts do have a purpose after all. My advice would be to register one or more and keep it/them as a spambox... use it to sign up for accounts, mailing lists, newsletters etc. You'll expect spam anyway, and if it gets flooded to hell, it's just a free hotmail account, so no big loss.

4. If you don't need to recieve a reply email (like website passwords or account verification) from a site that expects you to give them your adress, use a fake one. It's easy, and allows you to exercise your creative juices... I always like using root@ :)

Let's just face it, spam is always going to be an issue regardless of the efforts of MAPS and the like. It can be annoying, but if you just use an extra moment of time and some common sense, you'll save yourself a lot of annoyance. (I'm actually to the point where I check my hotmail inbox just to see all the new spam since I never get any mail in my personal box :D )

Re:spam will always be a problem

[freakho]

4. If you don't need to recieve a reply email (like website passwords or account verification) from a site that expects you to give them your adress, use a fake one. It's easy, and allows you to exercise your creative juices... I always like using root@ :)

An even better one is putting in the site's own abuse@ address. If they have one, they'll get the joy of spamming themselves; if they don't, it'll bounce. Nobody gets hurt but the jerks. :)

fh

Re:spam will always be a problem

[ptomblin]

abuse@ftp.warez.org
Look at the A record for ftp.warez.org

Re:spam will always be a problem

[tommck]

I agree. This hasn't fixed crap. I use hotmail as my own SPAM filter. From November 4th until yesterday morning, I received 28 SPAM messages. Doesn't sound like a good filter to me...

T
~~~~~~~~~~~~~~~~~~
Tom McKearney

Re:spam will always be a problem

[esme]

An even better one is putting in the site's own abuse@ address. If they have one, they'll get the joy of spamming themselves; if they don't, it'll bounce. Nobody gets hurt but the jerks. :)

One better, so you don't even have to bother with figuring out who is going to start sending the spam: just use postmaster@127.0.0.1

--
-Esme

Re:spam will always be a problem

[blaize]

I personally like to use "hemos@slashdot.org". Hemos, correct that spelling or you'll be my spam filter! ;)

Re:spam will always be a problem

[B.D.Mills]

I have a Hotmail account that I use regularly. There's not a lot of spam traffic, fortunately, and this makes it possible for me to use SpamCop on all the spam to report each offender. I'm getting a couple of confirmed kills a week - it does give one a warm, fuzzy feeling to read an e-mail that contains the words "spammer", "account" and "terminated".

At least I would report all the spam, except for a problem that Hotmail is having with their mail servers. When Hotmail receives e-mail, about 30% to 40% of the time it does not attach "Received:" headers to the message. I have told them about the problem, and they report that it is under investigation.

Now all we need to do is get psi.com and aol.com added to the RBL....

As an aside, I think a good way of combatting the spam problem is for disposable dial-up accounts to have account limits placed on them. In the old days of timesharing, each user had restrictions on what they could do, such as disk quotas, print limits and so forth. If these "free" dial-up accounts had limits such as a maximum amount of data uploaded per hour, maximum e-mails per hour (enforced by monitoring received packets for SMTP traffic) and so forth, then there would be less of a spam problem. These limits could be removed after a month once the ISP received payment for the dial-up account.

A limit of twenty e-mails per day for new accounts would not be an onerous limit for the majority of people who are just getting started on the 'Net, and it would make such accounts unusable for the spammer.

--

Good News

[Commie]

I've kept a hotmail account for awhile now as it's nice to have web-mail when on the move or when I don't want to give out my real e-mail for whatever reason. I only access it every week or two, and good god, the spam is amazing. After two weeks I'd easily have over 100 spammed e-mails to sift through - it was barely usable. Hopefully this will help out...

there are filter options

[Ater]

Actually hotmail does have its own share of filter options. Just log into your hotmail account, go to options, and you will find a filter option. There, you can add e-mail adresses to a list of "blocked senders," and any e-mail from the specific sender will be sent directly to the trash can. Also, you can also direct incoming e-mails to a certain folder (including trash can) by telling it to look out for certain keywords in the subject, sender's name, or sender's e-mail. Or if you're really lazy, and you already have some spam in your inbox you can just go to the messgae and tell it to block the sender of that message from now on. Granted, it won't keep your hotmail account spam-free, but the option is there should you wish to use your hotmail account for standard e-mail purposes. But personally I would stick to one of my current POP3 accounts instead of bothering to configure my hotmail account :)

Try www.deja.com for auto-spam filtering

[Timothy+Chu]

Choose My-Deja as your free email provider, and don't worry about spam--they've used spam filtering for a while now.

The only thing wrong with it is that I don't know what their filter criteria is, nor can I ever peek at those filtered messages. I use that account as my newsgroup account. I use a usa.net account as a sign-in account that nobody ever needs to contact me at, but I can check if I ever forget a password somewhere and need it sent somewhere.

And of course a main account that isn't listed anywhere except for my friends' addressbooks.

<tim><

Re:This is the kind of thing that makes life great

[bjorky]

Same token, I opened up my account today that usually receives 3-5 spams a day, and today, no spam.

The disturbing part is that the account I created to specifically give out as a semi-bogus e-mail address for registrations and whatnot gets less spam than my preferred mailbox.

Stopping spam

[david.given]

There's a really easy way for an ISP to protect itself against people using it to send spam: introduce a one or two second delay before accepting each message. This is insignificant to the normal user --- my mailer, exmh, takes about five seconds between my pressing `send' and control returning to me --- but would stop spammers dead. Two seconds per message means 30 per minute, less than two thousand per hour. It means that they can no longer blast thousands of messages into the server. If you like, you can also implement something that checks for, say, more than a few hundred messages in an hour and automatically disables email.

The effort needed to implement this is trivial.

(You would need a normal mail server to handle mailing lists, of course. But that's not a problem as mailing lists tend to be handled purely at the server end, without the messages been sent down the dial-up link.)

Re:Stopping spam

[JamesHenstridge]

Of course, if the spammer puts 100 addresses into the BCC header, you get 180,000 messages an hour. Granted this is less than is possible without timeouts, but it still is a lot of messages. I suppose you could get around this by varying the delay based on the number of recipients (maybe use an exponential relationship?).

Re:Stopping spam

[B.D.Mills]

A short delay would only work for mail relays. Most spam is sent point-to-point, so the technique of a two-second delay won't slow spammers down much.

So forget a two-second delay. Someone in Germany has invented a technique called "teergrubing" where an SMTP connection is held open for as much as several hours. It exploits SMTP continuation lines. Read more about it in the teergrubing FAQ. A spammer runs into enough teergrubing sites, and their spam output plummets.

Personally, I like the idea of fake open relays set up especially for spammers to find. It accepts any relay requests, but only pretends to forward the mail instead of sending back an error message (unless the spammer host was a recipient, in which case the message is processed as normal - this defeats the spammer's check of the effectiveness of the spamming). A spammer could be connected to such a relay for six hours, only to find that of the quarter of a million spams sent, *not one* was really sent! I know this might deform the rules of the 'Net a bit, but really, what legitimate purpose would an open relay serve the 'Net community?

--

Re:Stopping spam

[Pascal+Q.+Porcupine]

Um, BCC is handled by the mail program. In fact, all CCing is handled by the mail program. The SMTP protocol itself has nothing for multiple sends; CC is just a standard message-space header which all programs understand as meaning "this message was also sent to the following other parties." The only difference between CC and BCC is that the mail program doesn't put the BCC header into the sent message (or puts in 'undisclosed-recipients').

The delay would still easily apply.
---
"'Is not a quine' is not a quine" is a quine.

Re:Stopping spam

[tlhIngan]

Well, I've done it through telnet to SMTP servers, and seen email clients do it, but I'm sure a 2 second limit isn't much of a deterrent, because spammers probably load up the RCPT TO: lines up to the limit of the server. (Great fun. Leave the (B)CC'ing to the server).

Perhaps a combination of each connection only allowing a very low number (say, 10 at most) RCPT TO: commands, and each non-mailing list connection to be handled with a few extra seconds between connections (as well as limiting simulataneous connections to oh, 2 per machine?).

Re:Stopping spam

[mpe]

Um, BCC is handled by the mail program. In fact, all CCing is handled by the mail program. The SMTP protocol itself has nothing for multiple sends; CC is just a standard message-space header which all programs understand as meaning "this message was also sent to the following other parties."

All the relevent details are in RFC 821. SMTP dosn't care about To:, cc:, bcc: all the headers will be sent with the DATA command.

The only thing SMTP cares about is the RCPT TO: commands. All the RFC states is that multiple RCPT commands should be possible it dosn't state that there shouldn't be a limit or that there should be no delays in the client sending the command and the server sending a response code.

Section 3.2 is also relevent.

Re:Stopping spam

[mpe]

Well, I've done it through telnet to SMTP servers, and seen email clients do it, but I'm sure a 2 second limit isn't much of a deterrent, because spammers probably load up the RCPT TO: lines up to the limit of the server.

In that case then maybe something like 2^(n-1) where n is the number of RCPT's sent in the transaction.
Thus you get
1st RCPT 1 second delay
2nd RCPT 2 second delay
3rd RCPT 4 second delay
4th RCPT 8 second delay
5th RCPT 16 second delay
6th RCPT 32 second delay
7th RCPT 64 second (over a minute) delay

Re:Stopping spam

[Pascal+Q.+Porcupine]

Yes, that's what I said, but only in summary. Or were you agreeing with me? :)
---
"'Is not a quine' is not a quine" is a quine.

Re:Stopping spam

[mpe]

A short delay would only work for mail relays. Most spam is sent point-to-point, so the technique of a two-second delay won't slow spammers down much.

Do you have any figures on this, sending spam direct is slower for the spammer that relaying (n.b. for someone sending legitimate mail relaying is likely to be the slower option.) As well as rendering the spammers own machine vulnerable to getting hammered, even if it dosn't support identd, finger, etc it's still might have to handle these requests.

So forget a two-second delay. Someone in Germany has invented a technique called "teergrubing" where an SMTP connection is held open for as much as several hours. It exploits SMTP continuation lines. Read more about it in the teergrubing FAQ. A spammer runs into enough teergrubing sites, and their spam output plummets

Except that if the spam is relayed then it's the relay machine which gets tied up. As long as people advocate always relaying as a good practice this is a potential problem.

Re:Stopping spam

[greenrd]

(unless the spammer host was a recipient, in which case the message is processed as normal - this defeats the spammer's check of the effectiveness of the spamming)

Unfortunately, the spammer could have any number of free email accounts on e.g. hotmail, bigfoot, his ISP etc. which you wouldn't know about. Still, it'd be something!

Re:Stopping spam

[mpe]

Yes, that's what I said, but only in summary. Or were you agreeing with me? :)

Further information, as well as indicating which RFC is applicable.

Far too few people appear to actually understand how SMTP mail works. (And for that matter how it dosn't work.)

Good news ?

[azatoth]

Actually, hotmail.com is in my SPAM list. That means that in my domain nobody can use hotmail.

When hotmail.com wasn't forbidden there thousands
of spam messages coming from them.

Hard for my users, but they have learned not to use hotmail ;-)

Re:Good news ?

[Blade]

Agreed, for me, the problem is not getting spam into a hotmail account, but preventing spammers from using hotmail to send spam out!

I'm sick of having hotmail accounts cancelled, only to find that surprise surprise, the same person has another one the next day.

This is even more annoying when people are being disruptive on mailing lists, and you have them banned, etc. Tomorrow, another hotmail account, another anonymous identity.

Hotmail spam service

[falcocw]

Great! Now maybe they can work on there customer service and support a little! I've been waiting almost two weeks for them to fix my account (or the machine it is on), contacted support about 12 times, and I keep getting "We're working on it; don't know when it will be fixed...." SO WHO CARES ABOUT SPAM FILTERS IF THEY CAN'T EVEN TAKE CARE OF THEIR ACCOUNT HOLDERS!

Re:Hotmail spam service

[falcocw]

Of course, the upbeat side of this is I can say I have Seen NO SPAM WHATSOEVER in my hotmail account these past two weeks!

Re:WTF

[emerson]

So talk to the MAPS people about the offending domains -- subscribing to the RBL is no guarantee of spam freedom -- the RBL has to be maintainted constantly by volunteers and people in the community.

If the RBL isn't decreasing your spam, it's at least partly because you're not doing your part to help MAPS.


--

My spam problems

[guran]

Exellent to see the market pressure do something good here. Since there are many freemail hosts, why would anybody use the one without spam control.

However, my biggest "spam" problem has never been the pure spamming (gee I compiled this adress list from a web spider. I bet they all want to hear about my amazing new porn site) All of you who reads /. allready know how to deal with these jerks. No, my problem is those who abuses the fact that I actually signed up for some mailing list at one time. I might have bought a server component at one time, and of course I want to know of any upgrades or bugfixes to it. However I don't want them to send "valuable information" about their other products. In the same manner there are a lot of mailing lists with some really valuable info, but a low signal to noise ration. And then there is that nice feature "company wide messages" Oh thank you mister manager for sending your 3 meg power point presentation to everyone here! I really loved to wait for it to pass through my modem. Unfortunalely there are some really valid uses for that group adress so I cant just block it out.

Any of you who have any nice solutions to this sort of semi-legitimate spamming?

Re:My spam problems

[httptech]

Owning your own domain name can help solve a lot of your spam problems. Assuming you have unlimited aliases wherever your domain is hosted. Whenever I go to a site that asks for my email address, I make up a new alias on the spot just for the purpose of that form. For instance, downloading RealPlayer, I would use RealPlayerDownload@mydomain.com. I can make up anything on the spot, it all comes to me at the default forwarding address.

Now, if the scumbags start sending me crap I don't want I can send that alias to /dev/null and forget about it. Chances are they're not going to send me anything useful (like bugfixes) if they have to spam their customer base to get business.

And, if by some chance they sell my email address to some spammer, I know exactly who sold it and
can take action against the site that sold it.

As far as cow-orkers are concerned, there's not much you can do about that except educate them.

Spam Relays

[Evil+Greeb]

I can't understand why the average site would want to act as a mail relay for other sites, after all,
bandwidth == money (at least, here in the UK, where my co-location deal is £50 per month for 1Gbyte data transfer, and that was the best one I could find).

As for spam, my yahoo site has been taken to being spammed by yahoo addresses, my hotmail one has loads of @hotmails, and my usa-net account is ridiculously full of porn spams (I only put that address up on one silly free page and that's what I get for it!) Actually, I wondered if usa-net was actually giving out my address to spammers because the amount of junk was so excessive, so I set up a spam-box account there a while back, checked it yesterday, still not a whimper.

The most annoying thing about spam e-mails is that half of them say 'to get off this list, you must phone 1-800-AMERICANNUMBER', and I'm like, er, yeah right! So I have a filter at yahoo that gets rid of e-mails containing American phone numbers and the permutations of the phrase 'Zip Code'.

At least web-based accounts don't actually spend hours downloading the spam onto your machine, (significant while we still pay for dial-up calls in the UK).

Re:Spam Relays

I can't understand why the average site would want to act as a mail relay for other sites, after all, bandwidth == money

I had this argument with my webspace provider last year. Their excuse was that they needed to provide relay for (legitimate) offsite users. Two months later, for whatever reason (to my shame, not me), they implemented POP-Before-SMTP.

Regardless, the chicken-n-egg syndrome has been solved by Sendmail 8.10 by implementing SASL (RFC 2554?). There's now no excuse in the world (no matter how lame) to run an open relay.

Spooooon!

Re:Spam Relays

[heypete]

In the "good ol days" of the internet, having an open relay was the only way for mail to pass from one server to another. A server would bounce it from server to server until it finally got to its recipient.

Then people started abusing 'em.

That's when all of us admin-type folks decided to close their relays. Well, most of us anyways. :-)

Re:Spam Relays

[mpe]

In the "good ol days" of the internet, having an open relay was the only way for mail to pass from one server to another. A server would bounce it from server to server until it finally got to its recipient.

Are you sure you arn't confusing The Internet and UUCP email?

DNS MX records obsoleted this paradigm over a decade ago!

Indeed the only cases where relaying is actually needed are
a) where the mail is initially sent by something other than SMTP (over TCP/IP).
b) where the originating machine has an RFC 1918 IP address and there is no form of NAT in operation.

Re:Spam Relays

[heypete]

Are you sure you arn't confusing The Internet and UUCP email?

Perhaps I am. Maybe I should lay off the caffiene before posting. :-)

hotmail spam

[noah_nelse]

I was so excited when i got outlook express 5 from microsoft, which allowed me to both download my email directly from Hotmail just like POP mail and also to do spam filtering. I was a little worried at first that the spam filtering would go too far, so I just set it to highlight spam and let me do the deleting. The first piece of spam i received was from Hotmail itself! Even Microsoft's own email client can recognize spam when it sees it...even when it's from Microsoft. I assume Hotmail is exempt from its own spam policies, which given the large user base of Hotmail, might make this more of a problem than a solution. suddenly Hotmail is the most attractive service for spammers, as they filter mail from everyone else, but not themselves...

Hotmail and spam

[boneshintai]

I don't really see why everyone bitches about hotmail's spam problem. I lived there for quite a while, put my address out carefully, and never had more than two spammails a month.

Owen

Re:Hotmail and spam

[radja]

I don't get much spam, mainly because according to most questionaires i filled in for me address show that I have _NO_ interests. ofcourse.. the autoreply might help.. at the second message I get from a site that's spam, that address gets submitted to about 100 mailing lists. only had to do that once..ofcourse.. at the third spammail, I get nasty...

//rdj, the utter bastard

Can't tell.

[BradyB]

I use hotmail as a spam filter like just about everyone else. Heck even the one posted here is a spam account, but it doesn't get spammed. I have been going into my hotmail account everyday and if anything the amount of spam has increased. If they implimented anything I sure as hell can't tell. I guess it's time to use my mail filters on hotmail again, they don't work but they worked better than this RBL thing.

Re:Can't tell.

[hellonwheels]

I can REALLY tell. This week, I have been getting an average of 40 spams per day. Hotmail even seems to be ignoring my block list. I knew something was wrong. I should have known they attempted an "upgrade".

Re:Can't tell.

[PigleT]

I'm certain someone does trawl /. for email addresses. I never had any spam to speak of at netscape.net and now I'm on here, it all starts flooding in. Yes, it's a spam trap, and yes, it gets used, and no, I'd never *ever* stoop so low as to use a M$loth-provided webmail service as evil as hotmail, even as a spam trap.
So I guess they're welcome to do whatever they like with it, by me!

Another spam blocking approach

[steevc]

I was getting a lot of spam via my Bigfoot address which I do tend to give out, but it now diverts to my web account at www.msgto.com which checks for 'human' senders by sending them a picture where they have to pick on a given word. You can also manually add people to your acceptable list. I use their POP3 facility to pick up my mail in Outlook and I don't see any spam there now. I just check the spam folder once in a while in case a mailing list ends up there and just delete the spam.

msgto is still in beta, but so far looks good.

Re:Another spam blocking approach

[heypete]

I used MsgTo.com. Two words: No Good.

Sure, you'd think that all the senders of mail wouldn't mind getting a little picture to click on, but it gets REALLY annoying really fast. Yes, I know a sender only needs to click on it once for your account, but for every other account they send it too, they need to do it again. Very annoying.

Also, such a little "auto-reply" message *really* wastes bandwidth. Sure, it's just a few kilobytes, but so's any other image on the web...and you complain about how long it takes to download those, don't you? :-)

MsgTo.com also doesn't let you view the full headers of a spam from the web, so you can't report the spam you *DO* get.

One final thing: If you get an auto-reply from MsgTo, try changing the last number(s) of the URL it sends you. Lo and behold! You now have another user's email address, and it's verified! (Yes, I know, spammers probably won't send mail there, but think of the fun you could have by putting the "From" address as abuse@, and they get swamped with all the little 'Click Here to Authenticate' messages. :-))

My favorite thing: SpamCop. Parses spam with about 90%+ accuracy to its source, sends reports to proper administrators, and even offers mail filtering. (The whole SpamCop community looks out for each other. See http://spamcop.net/ for more info.) Oh, and they've got a cool newsgroup to boot! :-)

Is microsoft hotmail still using FreeBSD?

According to a survey by ZDNET of webservers used by major companies microsoft only uses NT IIS.

Re:Is microsoft hotmail still using FreeBSD?

[danb35]

According to Netcraft, hotmail is still running FreeBSD.

Re:Is microsoft hotmail still using FreeBSD?

[athos-mn]

Putting aside that Microsoft crashed and burned when trying to switch to NT, Exchange doesn't support the RBL - so that would ice it. I know plenty of poor sods who use Exchange (because the non-computing boss said so), who would like to use the RBL, but can't.

Yahoo not immune

[phil+reed]

Then you're lucky. I've received some. Not a lot, true, but the address doesn't have wide distribution.


...phil

Re:Yahoo not immune

[sqrlbait5]

I have a yahoo account that has over 380 SPAM e-mails and not once have I given out that address or used it in any way.

Spam receiving service

[phil+reed]

For this kind of requirement, I use and recommend the Spam Receiving Service at www.tinaa.com/spam/index.html.


...phil

RBL/MAPS

[gardenhose]

Problem with this system: it punishes the 'little users' for their ISPs mistakes. I was more than a little irked to find that I couldn't send email from my professional address to my mother of all people because my hostname was on their 'blackhole' list. I went through the site and the mail server I had been using was abused by some spammer through an open relay so it was put on the blacklist.

Now, this is a big place, and the wheels of bureacracy only turn so much so far, and this event happened months ago and our sysadmins haven't gotten around to fixing this little nuisance yet. So now because some people don't want to use procmail or hit the delete key when they get UCE, I can't email my freakin' mother.

I hate spam as much as the next guy, but this banding together and automatic trial-by-fire via 'intelligent systems' is going a little too far. I have a feeling these RBL guys have a pang of glee as they happily restrict an entire domain from sending email somewhere... "That'll teach 'em"... that'll teach 'em what? To pester their poor sysadmins to "do something"? _They_ didn't send the spam.

Re:RBL/MAPS

[EvilBastard]

Same thing happened to the evilbastard domain - our host was using a generic email server that forwarded all of their hosted domains without any identity checking. All my friends (who use evilbastard email addresses just because they look nice) couldn't send mail for 3 or 4 days. Very annoying.

But, all things considered, I'd rather lose email for the period of time it takes domain hosts to learn how to secure their systems and be a good net.neighbour, then to continue as we were about a year ago.

The RBL is both neccesary and bloody annoying. If it wasn't annoying, then it would get ignored. It's the next step towards ending spam.

After this, we just have to stop the Large commercial spammers (Barnes and Noble, last week), and we'll be able to reclaim our email addresses and open our mail in safety.

Providing they arn't in HTML, of course.

Re:RBL/MAPS

[Fluffy+the+Cat]

If your ISP didn't pay their electricity bills, they'd be cut off. Would you blame their electricity company for denying you the ability to send mail, or would you blame your ISP for not paying their electricity bills?

Your ISP shouldn't be aiding spam in any way, be it hosting web sites, failing to deal with abusers or having mail servers that are open to relaying. It's their fault.

To pester their poor sysadmins to "do something"? _They_ didn't send the spam.

No, but they had an open relay. There's no excuse for this. People aren't put on the RBL purely for making mistakes - they're put on the RBL for failing to fix something that's broken after being asked to fix it. If your ISP is unwilling to behave in a responsible fashion, don't act surprised when people start refusing to deal with them any more.

Re:RBL/MAPS

[Erik+Fish]

Those "poor" sysadmins at your workplace are responsible for the way their server is configured -- they need to "do something". This is 1999, not 1992; There is no good reason for any mail server to be an open relay.

I subscribe to the rbl-nominate mailing list and believe me, putting a site in the RBL is not something that is done without careful consideration and a lot of work. Phone calls are made, lengthy evidence is gathered and everything is researched, checked and double-checked. Most of the participants are doing all of this in their spare time. Do you think this is fun? It's about as much fun as picking up garbage along the freeway. The alternative to the RBL and similar programs is a freeway with a garbage dump running it's length.

Oh, but poor gardenhose can't send e-mail to his mom from his work address because his lazy admins won't unfuck the mail swerver. Is this the RBL's fault? No, it's his own fault. If gardenhose can't get action on this from his luser admins, then maybe he should consider getting off his lazy ass and signing up for a free e-mail address with a responsible provider (such as Hotmail)!

Re:RBL/MAPS

[seebs]

Figure it this way: You had *one* message not go through. If the relay weren't on the RBL, hundreds of thousands of spams would have gone out, many of them filling mailboxes, and a much larger number of messages woulda been blocked.

Closing a relay takes all of five minutes.

Also, remember, they don't list you just because you're an open relay; they list you because you're an open relay, and *multiple* good faith efforts to get you to fix it have failed.

Re:RBL/MAPS

[Tim+Pierce]

There are a couple of relevant comments here.

One is that it is not easy to get into the RBL. First, someone who has received spam from your site needs to write up a nomination. It has to include not only a record of the spam itself, but also a description of attempts that they have made to contact your site, explain the problem and to resolve it.

If repeated attempts to resolve the problem with the site fails, then MAPS will consider the RBL nomination. An RBL staffer or volunteer will follow up and try to explain the gravity of the situation with the responsible people at your site, and will make it clear what an RBL listing means. Only at that point is it possible to add a site's network to the RBL.

The RBL is just about the most fastidiously maintained abuse tracking system on the Internet. In fact, that is the chief reason that it is used so widely -- a network doesn't get on the RBL unless it has proved itself to be really irresponsibly run.

The other salient point is that participation in the RBL is voluntary. No site is required to use MAPS' abuse lists. They do so because they need to block spam and find that MAPS fills that need.

Ultimately your complaints are better directed at your mother's ISP, for using the RBL, and (most of all) at your own ISP, for failing to run their systems responsibly. Blaming MAPS is like blaming Ralph Nader for making your seatbelt too tight.

Re:RBL/MAPS

[Kaz+Kylheku]

... because some people can't use procmail or hit the delete key when they get UCE, I can't send e-mail.

How do you think the procmail filter is going to recognize SPAM? Mine pings the anti-spam databases using nslookup.

Instead of complaining, you should switch to a site that has responsible administrators, not some lackeys that can't fix a simple mail server configuration problem.

By staying with this ISP, you are endorsing their spam-friendly attitude, and their relaxed hiring policy toward incompetent sysadmins. Your continued support is giving them one less reason to modify their behavior.

When my ISP's mail machine was found by ORBS to have a hole, I sent mail to the operator and he fixed it within hours, and then thanked me for giving him a heads-up on the problem. By the way, you could always send Mom a nice snail-mail letter. ;)

Re:RBL/MAPS

[gardenhose]

So I took some time to read up on RBL/MAPS and agree with most of you here.. I guess my annoyance is directed at the fact that this is something I can not opt out of. No, I can *not* change ISPs, this is where I work.

Since I use procmail I tend not to care much about spam. My procmail filters are not anti-spam, they are just pro-people: I know who and why I get email and have told Procmail to deal with it accordingly. So I do get spam, in my inbox, but since my more important messages are flagged that way there's no big deal.

If there was a way that I personally could opt out of MAPS/RBL, if it worked on the user level and not the hostlevel, then I would. But as of now I have no way to email certain people from my place of employment. This is not a big deal, yes I have other accounts, etc... and yes I know that it would be nigh impossible from MAPS/RBL to work on a user-level instead of a host-level.

I think what they're trying to do is great, but on the other hand, they're going to piss some law abiding people off one day. Kudos to them for sticking through it.

Re:RBL/MAPS

[heypete]

So I took some time to read up on RBL/MAPS and agree with most of you here.. I guess my annoyance is directed at the fact that this is something I can not opt out of. No, I can *not* change ISPs, this is where I work.

That's the purpose of the RBL - To annoy people and to annoy ISPs to change their policies. If you *really* needed to send your mother an email, why not get a Hotmail account? Hmm? :-)

Will they block their own spam?

[YourFingerYouFool]

The only spam I've been getting at my hotmail account has been from hotmail/microsoft. When I read any other message I am given the option of blocking the sender. This option is curiously missing from MicrSpam.

Microsoft vs. Microsoft

[mrsam]

What's really funny is that currently Microsoft itself is VERY close to being RBLed for their massive spewage of Y2K related junk E-mail. They are spamming every last E-mail address they have their hands on, and, as a result of that, are really pushing the edge of the envelope.

So, if microsoft.com gets RBLed, we'll just pop some popcorn, and watch what happens when Microsoft ends up RBLing itself...
--

Good reason to switch ISPs

If thier sysadmins are so apathetic to not fix open relays, don't you think you should switch ISPs? I would never use a service in which the provider did not care about me personally.

Re:Good reason to switch ISPs

[gardenhose]

Heh... well, it's a (large) university, not an ISP.

Use ORBS!

[Bartmoss]

Orbs blocks all open relays. Use Orbs! THAT is the really effective thing against spam.... Of course some providers, like roses.de, are either too incompetent or too ignorant to secure their servers and remove themselves from the orbs... Only took a friend of mine 7 months to get them to fix their servers...
Since there is not one valid reason that open relays should exist, the more people use orbs the better. Fight spam, shut down open relays, and draft all spammers into the landmines removal service. That way, everybody will benefit. :-)

finally!!

[doobie]

I signed up for an account with them just for the hell with it a while ago....I login like once or twice a month.,....and I've never used the email address to send a message, however now I 20 spams a day, its pretty damn useless in my opinion!

Other free webmail sites should do the same

My netscape.net address receives nothing but 30-40 messages of CRAP every month. I would dearly love to not see such junk but the Netscape junk mail filter is so lame. Basically it expects the user to enter the email addresses they don't want to see email for.

It sounds like the MAPS RBL would be an ideal way to slash such junk. I hope Netscape (and Yahoo!) follow suit and implement this scheme too.

No spam from Yahoo, AOL & Hotmail (almost)

[Bj�rn+Stenberg]

Another problem I noticed is that the rest of the spam came from major 'legit' domains like yahoo.com, aol.com, and hotmail itself.

Actually, almost no spam originates from these domains. They are, however, among the top favourites for fake From: addresses in spam messages.

You need to know that the From: address in an email is purely cosmetic. The old postcard analogy can be used again when saying that the From: line says no more about the sender of a message than the signature (or lack thereof) on a postcard.

Instead, as on a postcard you look at the stamp to derive information of the true origins, in an email you look at the "Received:" lines. Or you can simply download some script to automatically extract the information and complain to the proper addresses on the guilty relays.

Bottom line: Ignore the From:-line and instead complain to the real senders! It works. I routinely notify the relays of all the spam I get (it's a one-key operation with scripts like the above) and that results in the closing of about one open mail server per week. Less open servers means more difficulties for the spammers, which is a Good Thing.

ISPs mis-using RBL

[hernick]

My ISP's connectivity provider, Teleglobe, has started using the RBL in a special way. They simply router blackhole every host on the RBL, instead of denying incoming e-mails.

That has the unfortunate effect of making sites such as http://members.home.com unreachable from my ISP, and all the other ISPs that use Teleglobe.

After arguing with my ISP's CSRs, it's clear that they will do nothing to restore connectivity to such sites.

Teleglobe provides connectivity to many large ISPs, including JA.NET which is huge in Europe, I believe, and Videotron Telecom (my ISP) which is the only Cable Modem provider is many areas of Québec.

I've been forced to use a proxy to access some sites, which is a pain... I wish they'd use the RBL the way it was intended to, blocking E-Mail only instead of denying access to legitimate web sites.

Ah well. Life is hard. ISPs are Evil.

Re:ISPs mis-using RBL

[Kaz+Kylheku]

That's not mis-use; it's one of the ways in which the RBL was meant to be used. The B stands for ``black hole''. That means creating black hole route entries for the rogue networks so to deny them access to your network.

Kudos to Teleglobe for having the courage to take action against spammer infested cesspools like home.com.

The RBL is far from being for blocking e-mails only. Ultimately, MAPS wants to cut off spammers from all services that they rely on. That means networks which host spammer web sites are blacklisted as well, not just networks that originate spam e-mail. In other words, the networks that Teleglobe is denying access to don't even originate spam e-mail; some of them just host spammer sites.

There may be legitimate web sites alongside spammer websites under these networks. The idea is to exert pressure on the operators of these networks to crack down on the spammers, and get themselves un-blackholed so that access to their site is restored.

There is no easy technological measure to block out only the spammers, and retain access to legitimate sites. Heck, a spammer site and a legitimate site could even be on the same web server machine. That sort of scalpel precision would require URL filtering, which is difficult to implement at the IP forwarding level. Doing that would also remove a lot of the incentive for the spammer-friendly operators to change their ways, and the expense of fighting spam would be absorbed entirely by the people doing the costly filtering.
Such filtering at the TCP stream level would likely reduce bandwidth and require more hardware.

Re:ISPs mis-using RBL

[congiman]

Just a small followup:

The RBL works not only via DNS (which is how sendmail and most mail packages kill it) but it also is available as a BGP4 AS route (the original way it was done).
If you look at
http://www.mail-abuse.net/rbl/usage.html#BGP
it details it.

-- C

Re:ISPs mis-using RBL

members.home.com (= members.home.net) isn't on the RBL and is reachable via Teleglobe.

6 if-10-0-7.bb4.NewYork.Teleglobe.net (207.45.216.233) 229 ms (ttl=251!)
7 if-1-0-0.bb1.SprintNAP.Teleglobe.net (207.45.223.6) 228 ms (ttl=250!)
8 2-sprint-nap.home.net (192.157.69.16) 239 ms (ttl=249!)
9 c1-pos9-0.cmdnnj1.home.net (24.7.72.109) 239 ms (ttl=248!)
10 c1-pos6-0.clevoh1.home.net (24.7.67.145) 241 ms (ttl=247!)
11 c1-pos3-0.chcgil1.home.net (24.7.64.173) 259 ms (ttl=246!)
12 c1-pos1-0.omahne1.home.net (24.7.64.141) 249 ms (ttl=245!)
13 c1-pos8-1.lnmtco1.home.net (24.7.66.165) 299 ms
14 c1-pos1-0.slkcut1.home.net (24.7.64.57) 289 ms
15 c1-pos5-1.snjsca1.home.net (24.7.66.69) 289 ms (ttl=243!)
16 bb1-pos0-1.rdc1.sfba.home.net (24.7.72.18) 299 ms (ttl=243!)
17 *
18 members.home.net (24.0.0.200) 290 ms (ttl=245!)

how do you wash dishes?

[anonymous+cowerd]

How do you wash dishes? The answer: you hold them under the faucet and run water, a great deal of water, across them, and whatever was on the dish that you want to get rid of gets swept away in the flood.

This is my system for dealing with spam. All I do is subscribe to two or three mailing lists, which deal with interesting subjects (for me, art and economics). From these mailing lists I get about eighty emails a day. In addition to those, maybe three times a week someone sends an email directly to me, and of course every day anonymous spammers throw a few slices of spam in the mix.

Before I subscribed to those mailing lists, there were times when I'd log in to my mail server and almost all the new mail - say, four emails out of five - was spam, and like everybody else I found that quite annoying. But now if I get four or even ten spams in a day, I barely notice and I don't care.

The only downsides are: 1.) if I don't log on and download the email it piles up to an alarming height; until just now I haven't logged on to my personal account since Saturday, and I had to download over four hundred messages, and 2.) that's an awful lot of stuff to think about; from where I sit at my desk I can see three open books, face down, which I am reading to try to keep up with the the current threads on the two economics lists. Beats the Hell out of watching TV, though.

Yours WDK - WKiernan@concentric.net

One cheer for Micro$oft...

[frankie]

Yes, Redmond is an evil monopoly out to destroy our freedoms. But even a broken clock is right once in a while. Hotmail using RBL is a GREAT thing that will benefit EVERYONE -- an awesome boost for an underused public service.

Hopefully the resulting buzz will be sufficiently positive that the other free email services (like my dear old Yahoo) will follow suit. I've been requesting it for years and Yahoo never replied.

Ah, to imagine the day when I never get another email from Andrew Conru or Sam Khuri...

SPAM with opt out phone numbers

[q2k]

Assuming the toll free numbers are legit - why don't we just set our modems to autodial the voice number all night long - every connect will add to their phone bill - we could bankrupt somebody in a hurry!

Seriously - why would this not be a good idea?

Re:SPAM with opt out phone numbers

[Steve+B]

Assuming the toll free numbers are legit - why don't we just set our modems to autodial the voice number all night long - every connect will add to their phone bill - we could bankrupt somebody in a hurry!

Seriously - why would this not be a good idea?

Toll free numbers have built-in caller ID. Spammers will then dump junk phone calls on you, the same way they send you more e-mail spam if you are foolish enough to reply via e-mail.

To avoid such harassment, you want to make your complaints via a pay phone not particularly close to your home or office.
/.

Re:SPAM with opt out phone numbers

[Booker]

Hm, I was going to say "just block it" but I found this from the FCC (http://www.fcc.gov/ccb/CID/cidfacts.html):

800 Number/Toll Free Calls

o Requesting privacy on calls to 800 and 888 numbers may or may not prevent the display of one's telephone number. When you dial a toll free number, the party you are calling pays for the call. Typically, the called party for toll free calls is able to identify your telephone number using a telephone network technology called Automatic Number Identification. FCC rules limit the subsequent use of this information and require carriers to inform consumers that telephone numbers are being transmitted in this way.

Other interesting information at http://www.studio42.com/ kill-the-spam/pages/tollfree1.html

Re:SPAM with opt out phone numbers

[crtreece]

Of course you could also set your dial string to include *70, or whatever your local phone company uses to block caller id information. Anyway, wouldn't multiple emails with the same number also entitle you to make multiple calls, without being subject to harassment charges?

Of course this doesn't work all that well when the number is long distance. I have tried calling some of these long distance numbers, collect of course. For some reason, they don't accept collect calls. I guess this would put a crimp in their customer service budget.

Re:SPAM with opt out phone numbers

[heypete]

Assuming the toll free numbers are legit - why don't we just set our modems to autodial the voice number all night long - every connect will add to their phone bill - we could bankrupt somebody in a hurry!

A funny thing I've done is call up a spammer from a payphone tell them I was "very interested" in their product/service, and that they should call me ASAP. I leave the telephone number for another spammer. Then I call the "other" spammer, and do the same. Rinse, lather, repeat. :-)

MAPS RBL

[Signal+11]

. There, I said it - and no pun intended. Most of the spam I get isn't blocked by it. Second, alot of ISP's subscribe to the DUL - which has the unfortunate effect of making my e-mail from my home box here (on a dialup) impossible to deliver to some locations. So I'm alittle pissed - In the process of trying to find and neutralize spammers, they've broken several rules of netiquette - most importantly the one that says that it's a peer to peer network. Gee.. I don't feel like a peer right now - I need to go spend $1500/mo to get the 'right' connection so they take my mail seriously.

Boo, hiss! Go use something like intelligent filtering. It works a helluva lot better than the RBL, and innocent people aren't caught in the line of fire.

--

Re:MAPS RBL

[Tim+Pierce]

Second, alot of ISP's subscribe to the DUL - which has the unfortunate effect of making my e-mail from my home box here (on a dialup) impossible to deliver to some locations.

Signal11 is talking about MAPS' Dialup User List, which helps a mail server identify a connection directly from a dialup IP at a remote site. Because legitimate users generally send mail through their ISP's own mail server, mail coming direct from a dialup account is almost always spam.

You need to learn about smarthosts (or whatever the equivalent is if you're using a trendy new MTA). If you route all of your mail traffic through your ISP's mail server, instead of connecting directly to remote MXes, your mail won't be blocked by dialup lists like the MAPS DUL. End of problem.

Re:MAPS RBL

[Signal+11]

Or not. You see, I have several e-mail addresses through my ISP, and have a few pseudonyms I go under. My problem is that my ISP (Mediaone) has decided to attach your full name to your e-mail address.. regardless of what /you/ set. This wouldn't be so bad, except for the fact that somebody switched my full name and password around - so whenever I send mail through their relay, my password shows up on in the #$@! headers. Yes, I've called... they deny that's happening.

So much for 'smart' relays. I'd settle for 'smart' admins.

--

Re:MAPS RBL

[Erik+Fish]

So instead of shutting down spammers by pressuring the businesses that provide them with connectivity to stop we should just get larger servers to handle the load of "intelligently filtering" all the e-mail we handle?

How long before we DO have to pay $1500 a month to get a simple dialup account because all the ISP's have to buy supercomputers to handle all the spam?

If the RBL bothers you so much then get a free e-mail account or get a responsible ISP.

Re:MAPS RBL

[mpe]

There, I said it - and no pun intended. Most of the spam I get isn't blocked by it. Second, alot of ISP's subscribe to the DUL - which has the unfortunate effect of making my e-mail from my home box here (on a dialup) impossible to deliver to some locations. So I'm alittle pissed - In the process of trying to find and neutralize spammers, they've broken several rules of netiquette - most importantly the one that says that it's a peer to peer network.

There is also the little matter of rfc974, really an machine which has an MX record pointing to it should only be rejecting already relayed email.

Not only is the behaviour bad netiquette it's also stepping on an Internet standard.

Note that AFAIK the model of always using a relay (as is the only mechanism available to MS Outlook Express, Netscape Messenger, etc) is not defined in any RFC.

Re:MAPS RBL

[mpe]

Signal11 is talking about MAPS' Dialup User List, which helps a mail server identify a connection directly from a dialup IP at a remote site. Because legitimate users generally send mail through their ISP's own mail server, mail coming direct from a dialup account is almost always spam.

Or at least this is the theory behind having the list.
In reality it's a little more complex.

Spammers like relays, because they assist in hiding and protecting them. Also becuase they can feed a relay a list of addresses and a single message body, the relaying machine has to then handle the delivery (and bounces).

Note that there's little practical difference between an open relay and a restricted one operated by an ISP who allows instant access to their network.


Also the model of always using a specific relay is not defined in the relevent RFC's. (Unfortunatly various pieces of common software were written by people who apparently couldn't be bothered to read the relevent standards.)

The legitimate (according to the standards) way is to establish a connection to the SMTP port according to the DNS MX records. (Note also in this situation the machine receiving the mail can find out a lot about the original sender. If it's being fed already relayed mail all if can find out about is the relay machine.)

Re:MAPS RBL

[Signal+11]

*snickers* You obviously don't know how fast extended regular expressions (regrex) are. More computing resources go into managing a listserv than any intelligent filtering schema that uses regex matching.

And as to 'responsible' ISP - I'd love to. alas, my provider is Mediaone, US West hasn't deployed DSL here, and there are no other high-speed internet solutions. Shall I go back to 28.8k?

--

Re:MAPS RBL

[Leghorn]

AMEN BROTHER! I just spent all day tracking down why one of my company e-mail systems suddenly stopped working...it's because our company Exchange server somehow got on one of the anti-spammer lists and ALL MAIL FROM OUR DOMAIN WAS SUMMARILY BLOCKED!

I'm all for reducing spam, but don't punish the legitimate users when someone else abuses the system. Go to the source.

Re:MAPS RBL

[kashani]

I'd deny you too.

I don't accept email from the following places:

1. Mail machines with unmatching forward and reverse DNS
2. RBL'ed boxes.

If you can't get correct DNS either relay off your ISP or get it changed. And for all the rfc quoters, all the rfc asks is that you are specific in you sends and general in you accepts. My company decided what those would be and it has caused us very few problems considering we push 10mb/s of mail on average.

Kashani

Re:MAPS RBL

[Tim+Pierce]

This wouldn't be so bad, except for the fact that somebody switched my full name and password around - so whenever I send mail through their relay, my password shows up on in the #$@! headers.

That's a shame, but it's still MediaOne's fault and not MAPS's.

Re:MAPS RBL

[Pascal+Q.+Porcupine]

Ah, but I run my own mail domain from my cable modem connection. Yeah, I know, it's kinda unethical, but then I have control over my mail and can setup as many accounts as I need (for roommates, spam-trapping, etc.) in my own domainname, rather than having to pay out the ass for additional mailboxes. Granted, this is a moot point, as I'll soon be setting things up where a friend's machine does a vhosted MX for me and everyone with an account in trikuare.cx will use fetchmail or whatever, which solves several problems (including the potential for being blocked through DUL). In the meantime, this is the first I've heard of DUL, and have yet to have any mail blocked (as far as I know, anyway) because of the fact that the PTR to my mailserver is obviously a dynamic IP address (though not technically a dialup one). In the meantime, I somehow doubt that my cable provider's sysadmins even care about participating in DUL anyway.
---
"'Is not a quine' is not a quine" is a quine.

MAPS RBL

[Signal+11]

The RBL sucks. There, I said it - and no pun intended. Most of the spam I get isn't blocked by it. Second, alot of ISP's subscribe to the DUL - which has the unfortunate effect of making my e-mail from my home box here (on a dialup) impossible to deliver to some locations. So I'm alittle pissed - In the process of trying to find and neutralize spammers, they've broken several rules of netiquette - most importantly the one that says that it's a peer to peer network. Gee.. I don't feel like a peer right now - I need to go spend $1500/mo to get the 'right' connection so they take my mail seriously.

Boo, hiss! Go use something like intelligent filtering. It works a helluva lot better than the RBL, and innocent people aren't caught in the line of fire.

--

the power of RBL/MAPS

[frankie]

the wheels of bureacracy only turn so much so far, and this event happened months ago and our sysadmins haven't gotten around to fixing this little nuisance yet.

Aha. This is exactly why Hotmail using RBL is such a good thing. Your local sysadmins may not care much about email being unable to reach a few small domains. But what happens when your company can't contact thousands (or millions) of clients, because your sysadmin is allowing spam?

The squeaky wheel gets the grease, and a mountain of refusals from Hotmail will be very squeaky. If another big name like Yahoo or Earthlink joins in, the squeak becomes a roar, and your bureacracy will move quickly indeed. Which is precisely how RBL is supposed to work.

Re:the power of RBL/MAPS

[Kirby]

Just for the record, WebTV is already using RBL (and ORBS, and our own self-maintained blacklist.) We've definitely found that legitimate sites that we block notice, and we've educated more than a few on how to close their open relays.

The vast majority of sites that spam comes through these days are foreign open relays, mostly in Japan, Taiwan, and Germany. It's pretty rare that these people ever do anything to get themselves unblocked.

Collateral damage is the other half of the coin in spam fighting. (Like when my grandmother can't send me email because a spammer hit through her system.) At WebTV, we've had a fortunate amount of support from the higher levels, and been able to tolerate more of this than some ISPs can. Users do have the ability to opt out of spam filters (though it's an all-or-none approach) which does provide a workaround if someone really needs mail from a blocked site whose sysadmins won't fix things.

(It also helps us a lot that it's very difficult to send spam _from_ an actual WebTV box. They're not computers running a standard OS, you can't buy BulkMail 3.0 and start spewing. We may have dumb users, and we may have a lot of spammers forge a from webtv address, but very little spam actually originates from our sites. If Netcom wanted to be as aggressive in their actions, people would mock them.)

We're also doing some interesting things with watching the rate of incoming mail from sites, that seems to catch a lot of spams in the act. This obviously only works if your site is big enough, but often we can have a spam hit a few hundred people rather than 20,000 people.

- Kirby, WebTV spamfighter

RIGHT ON!

[Shaman]

I own an ISP and have used the RBL with Qmail since mid-1997. It is a great service, and DOES catch many spammers - and lets them know about it.

Re:WTF

Hey Mr. Moderator and people get it clear. This forum says "News for nerds. Stuff that matters". Meaning any news that is interesting is worth posting here.

This isn't a strict Linux-lover Microsoft-hater site. Just as people can say they love Linux, someone can too say he likes Microsoft products. Such a post isn't a damn flamebait cause it has its f*cking basis! Furthermore he stated it nicely without offending any other OSs.

Lame mentality going on here.

Problems with RBL

[HarveyOpolis]

I run an ISP and used to have my sendmail configured to filter out MAPS RBL spam.

I found that it also filtered good traffic... because many other isps are black listed because they've had spammers in the past, etc.

If all ISPs maintained their systems correctly, and kept themselves off the list, I would use it. But I lost too much business due to it.

- Hugh

Flamebait? WTF!?

[Perrin-GoldenEyes]

This was a perfectly reasonable post. Why did it get moderated down? It is NOT flamebait.

Moderator: If you don't like Microsoft, than reply to Fuhrer's post in a reasonable manner. He did not post flamebait, he posted a message saying that Microsoft occasionally does good things. Would you moderate me down for posting flamebait if I said that I think Redhat does good things sometimes? I seriously doubt it.

I sincerely hope that somebody comes along and moderates that post back up at least to 1 where it started.

Cheers,
Perrin.

How do you know they come from hotmail?

Most spam has a forged sender address, which you can determine by looking at the message's headers. Instead of unfairly blocking hotmail, you should simply forward the spam messags (with all headers) to abuse@hotmail.com and have them deal with it whether it is a forgery or not.

Marko

Nazi bullshit.

The hypocracy of anti-spammers is astonishing. Put a tire iron upside that parasite Wallace's head? Heaves no, why, that would be a criminal act of violence! Crack into his servers and badblocks -w on the root partitions? Goodness no, that would be illegal computer hacking!

No, what we'll do instead is use coercion on innocent third parties, punishing them for the alleged failings of yet another batch of innocent third parties exercising a perfectly legitimate option to operate their servers as they see fit. Oh, lets run D.O.S. attacks on the spammers upstream providers, too. Do our dirty work, or else!

While we're at it, let's not only bash people for mere association through unwittingly using the same servers as some asshole, let's preemptively punish dial-up users for running their own mail servers. Obviously they are just spammers waiting to happen. There. MAPS, DUL, we've got it all covered.

The beauty of all this is that we get to say: "Oh, don't blame us! We're not doing anything to anybody! We just maintain lists that sysadmins can choose to use or not, as they see fit. (Or else.) Don't bitch to us, talk to the sysadmin at xyz.net or where the hell ever. Life's a bitch, blah, blah.

Fuckin' cowards. Shitheads. Bullies. What's that word? Oh yeah, Nazis. I'm ashamed to be running BIND.

Re:Nazi bullshit.

I can here the music of "My heart bleeds for you".

HaHa

Re:Nazi bullshit.

Let me guess. You are a spammer who is pissed that his spam is now being dropped. My 'roids bleed for you, spammer.

The article talks about MAPS but what about ORBS?

[Kaz+Kylheku]

For effective anti-spam measures, they should not only use MAPS, but also the ORBS database and the Radcliffe database as well.

ORBS is effective at fighting spam. And the nice feature, compared to MAPS, is that it's automated. ORBS automatically tests an SMTP server to determine whether it has known holes. If a hole is found, that server is blackballed right away by the software; the only way to get out of ORBS is to fix the problem. A convenient web sumission form lets you report suspected open relays, and you can track the progress that it's making in probing the site.

To protect myself from spam, I use a procmail filter that pings *four* databases.

The only rare spam I get nowadays is from the true ``whack-a-mole'' spammers: mostly amateurs who spam directly from dial-up accounts. The last time that happened, I complained to the ISP in question and they supposedly took action. Additionally, very rarely, I get a spam through a hitherto unknown open relay, which I promptly report to ORBS.

Wrong---won't help against ``spread spectrum''

[Kaz+Kylheku]

The delay won't help against spread spectrum attacks, whereby the spammer sends a small number of messages to a large number of servers.

Also, you are forgetting that spammers don't send to your ISP directly; they usually get someone's insecure relay to do the dirty work of delivery. The relay has all that time in the world.

A one or two second delay wouldn't be enough anyway; a spammer could send mail to two hundred people in just over three minutes. That's enough to bother a small ISP.

The delays imposed by distinct mail servers are going to be consumed in parallel, so your scheme would not do anything to stop the overall spamming. In three minutes, the spammer could send a hundred messages to a hundred different ISP's in parallel, even if each of those ISP's had the delay mechanism in place.

Re:Wrong---won't help against ``spread spectrum''

[Pascal+Q.+Porcupine]

But some protection is better than none. Also, it'd help with the relay time (which the original poster never said it wouldn't be through).
---
"'Is not a quine' is not a quine" is a quine.

Re:Wrong---won't help against ``spread spectrum''

[mpe]

The delay won't help against spread spectrum attacks, whereby the spammer sends a small number of messages to a large number of servers.

However this increases the ammount of data, since
every SMTP transaction then needs the body of the message sending.

Also, you are forgetting that spammers don't send to your ISP directly; they usually get someone's
insecure relay to do the dirty work of delivery. The relay has all that time in the world.

The solution here is simple, get rid of relays, all of them...

Why sites act as relays: the answer.

[Kaz+Kylheku]

The number one reason is administrator cluelessness. Mail servers don't relay because their admins want them to, but because the admins who set them up don't have a freaking clue on how to operate a secure mail site. At least, these are the ones who have ``wide open relays''.

Even admins who think they have closed their relays often have left some obscure hole, due to bugs or quirks of programs like sendmail.

For example, some sendmail servers will properly refuse to forward a mail with the envelope recipient address like but if it's wrapped in quotes, like they forward it, thinking it's a local address. The deeper rule that operates after the quote stripping doesn't enforce the no relay policy or something like that.

The ORBS system performs about a dozen or so different tests involving various obscure holes that permit mail to be routed. If you want more information, surf www.orbs.org.

Re:Why sites act as relays: the answer.

[Thorsett]

It is, perhaps, understandable when through ignorance an administrator of a small system misses a security hole that they haven't seen exploited. What I find appalling is the continued cluelessness of some so-called administrators after problems have been pointed out to them. I recently got a message from the Office of Space Science at NASA saying that their space science email list was being moved from NASA headquarters computers to an email list management service. The number one reason:

"A growing number of subscribers are not receiving the messages because their internet service providers (including WebTV and some others) are blocking e-mail sent from NASA HQ. They are blocking us because we have an 'Open Relay' on our mail server here. This is a technical problem that cannot be fixed, according to my network people here."

(my emphasis)

Re:Why sites act as relays: the answer.

[mpe]

The number one reason is administrator cluelessness. Mail servers don't relay because their admins want them to, but because the admins who set them up don't have a freaking clue on how to operate a secure mail site. At least, these are the ones who have ``wide open relays''.

IMHO MTAs should in there "out of the box" configuration not relay at all. i.e. relaying should be an explicit "feature" which needs to be explicitally activated. With any MTA which relays "out of the box" being listed on a "hall of shame".

However that still leaves old software in operation, which is again really an admin laziness/cluelessness problem.

Re:Why sites act as relays: the answer.

[mpe]

What I find appalling is the continued cluelessness of some so-called administrators after problems have been pointed out to them.

"A growing number of subscribers are not receiving the messages because their internet service providers (including WebTV and some others) are blocking e-mail sent from NASA HQ. They are blocking us because we have an 'Open Relay' on our mail server here. This is a technical problem that cannot be fixed, according to my network people here."

Hopefully the sender of this message got plenty of replies explaining exactly how the problem could be fixed :)

Re:WTF

Why in the hell was this marked as flamebait?? Hey moderators, please refrain from showing your personal bias's.

To me this is another reason why the quality of /. has dropped. Instead of calling it "score", how about "pro-linux rating"?

Beating people, not just an evening adventure anymore!

RBL as a user option

Is there any reason Hotmail (or any other email service) couldn't make use of the RBL a user-selectable option?

Micropayments will eventually eliminate spam

[Catamaran]

Here is how it will work: You will require that any email which is sent to you be accompanied by a small payment. If the email is not spam (as defined by you) then you send the payment back, otherwise you keep it.

Re:Micropayments will eventually eliminate spam

[Kirby]

I've heard this proposal before. Unfortunately, it wouldn't work in the real world of spam.

Most spam does not come from individuals on their home ISP anymore. Nor does it come from bulk-email houses that don't forge headers - those are very easily blocked.

It comes through open relays, with forged headers. Most (nearly all) of these are not in the United States - I see a lot of .jp, .tw, .de, and such.

So, where do you send the bill? To some random person in Japan, that will just throw it away, and has no clue what you're talking about? Do you try and track down the fulfillment information in the spam (ie, URL, phone number, address)? That could be difficult, would often be time consuming, and they'd also just throw the bill away. Which would mean you'd have to employ lawyers, which is very expensive.

This idea just isn't feasible. And even if you did track down the actual spammers, and did get them into court, there's no guarantee that your fee would hold up.

-- Kirby, WebTV Spamfighter

Re:Micropayments will eventually eliminate spam

[Catamaran]

You don't send a bill. You just don't accept any email which does come with the proper "postage" applied (think digital cash). Email clients could be configured to do this automatically and also to return the payment for those emails which are accepted.

Why this would not be a good idea.

[Kaz+Kylheku]

The problem is that the toll free numbers might be legit, but belong to someone other than the spammer. So first you would have to do a careful check to find out that the operation behind the toll free number does in fact correspond to what is advertized in the spam.

Secondly, by doing the auto-dialing, you are participating in criminal activity. The means by which you got the phone number does not clear you of wrongdoing. The spammers could find out who you are and take some sort of civil action against you, for the amount racked up by the automatic calls and possibly other damages.

And, of course, you have to watch out that you don't call numbers which cost YOU money.

Hotmail uses FreeBSD and Solaris

[delmoi]

Shouldn't you have learned not to trust ZDnet? They tried NT, and they crashed and burned....
--
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

blatant plug

[Mija+Cat]

http://www.despammed.com http://www.despammed.com

And the silence was deafening...

[Pont]

...as people around the internet stop receiving e-mail from any Hotmail accounts. After installing the spam filtering software, all mail sent from Hotmail gets deleted before it even leaves the Hotmail servers! Hurray!

Re:And the silence was deafening...

[Kirby]

Of course, in reality, not much spam gets sent from hotmail's actual mailservers. (I have quite a bit of data on spam complaints here at WebTV. I'm not making this up.) What does happen is that people use random open relays, and use hotmail (or yahoo or aol or any other free email) for the From or Reply-To headers. It may look like it's coming from hotmail, but they didn't have anything to do with it, and couldn't have prevented it. That's part of the nature of being a free email provider - spammers will put your name on things, and there's nothing you can do to stop it. All that a site can responsibly do to prevent creating spam is to make sure they're not an open relay. (see this link for information on closing an open relay.) You could also get creative and put some throttling limits on outgoing email - particularly on dialup ports. Most spam comes from either dialups where people set up mailservers and blast out spam, then disconnect into the night, or from open relays. Very little spam comes from actual ISP mailservers.

Re:And the silence was deafening...

[aqua]

There was one curious thing about the article -- it stated that Hotmail signing on "adds legitimacy to the MAPS effort."

I've been known to be a bit perjorative about these things, but legitimacy is one of the last things I'd ascribe to the emissions of hotmail, and most services like it.

Re:MAPS/ ORBS (DUL/RSS/RBL)

[congiman]

Well if you were really serious,
Maps offers 3 type of spam reduction

1: RBL (based upon net numbers of known spammers)
2: DUL (Dial up pools of users cannot send mail directly to your SMTP server. (Instead they should send it through their ISP's smtp server instead and it will send it along)
3: RSS (Similar to ORBS, in that it restricts open relays, but an entry in the RSS is because someone received relay spam from your domain and referred you to the RSS, where as ORBS, iirc, they go and try every address out on the net to see if its an open relay. (This might have changed)

A combination of all 3 of these can do wonders.
RBL: Stops most hardcore spammers who spam directly
DUL: Stops the dial up trespassers,
RSS: Stops the people with open relays who wont fix them.

Anyways most of this is documented on:
http://www.mail-abuse.net/

-- C

Per-user configurable filters.

[Kaz+Kylheku]

I can think of some reasons why Hotmail wouldn't make use of the RBL a per-user option.

For one thing, it would require some programming in order to make a hotmail configuration web UI affect the back-end. The SMTP servers that handle incoming mail would actually have to accept connections from spammers, take the envelope address, resolve it to a user profile, retrieve the preferences and then make a decision whether to drop the connection or accept the mail. This is extra overhead that could perhaps impact the existing scalability of Hotmail.

Anything is doable with software, it's just a question of time, money and overall feasability. Would the cost of adding frills to the service be justified, given that it is already free? Another aspect of development is the management of risks; hotmail is a live operation. Any fundamental changes have to be thoroughly tested before being deployed, even though this is being run by Microsoft. Someone also has to estimate the performance impact that the change might have.

It's easy to forget that the function of Hotmail is to spam its users anyway---with advertisements. The real clients of Hotmail are the people that pay to have their crap appear on your Hotmail page. Thus it would probably be necessary to convince these clients that giving users extra frills would bring in enough additional revenues to justify the development costs and risks.

Re:Per-user configurable filters.

[Ky'dishar]

For one thing, it would require some programming in order to make a hotmail configuration web UI affect the back-end. The SMTP servers that handle incoming mail would actually have to accept connections from spammers, take the envelope address, resolve it to a user profile, retrieve the preferences and then make a decision whether to drop the connection or accept the mail. This is extra overhead that could perhaps impact the existing scalability of Hotmail. Actually, the way I would implement this is to have the SMTP program add an extra header to these emails (ones from RBL'ed hosts) before forwarding it to the user account. Something like "X-RBLStatus = TRUE", and then have the user's filtering software sort the mail based on that header however they want.

Not all that easy, really.

[Kaz+Kylheku]

A lot of spam does in fact have your correct e-mail address in the To: header. The spammers know the address; how do you think you got the spam?

My procmail filter does reject a big portion of spam by your simple rule, but not all.

Here, let's grep through my current junk log. There are 72 spams in it. Eighteen of them have the correct address. So your rule would have been only 75% effective on that set. That isn't bad, but not good enough for me.

Of the remaining 25%, many were caught by consulting the ORBS and RBL databases. A few were from connections with no reverse DNS so were rejected for that reason even before my filter got to them (the SMTP server added an X-Reject: line). And some were caught due to using an internal-looking From: address, or an internal-looking message ID. Many were rejected based on more than one of these rules.

That still leaves the very few that got through despite the filtering.

Hotmail violates users privacy despite Truste

Hotmail puts your IP address in the headers of it's mail and does not spell this out in their privacy disclosure.

This is no big deal for the clued in among us who would use the correct methods for assuring anonimity.

But I am concerned about the less clued in average folks who use the net today. They would likely be misled by all the privacy BS on the site and think it would require a court order or something for them to be identified.

could you please...

Could you or someone else please post a procmail script that does this in order to enlighten the less informed?

you might try

sending their spam back as a FAX to their VOICE toll free number (some use for the otherwise obsolete modem). Set the retries to the max. You can probably get away with this once per spam, and even have it done automatically in the middle of the night.

You can always explain it away as a mistake (it may even fool the spammers), and who wants your "fax" number anyway?

To protect yourself, it never hurts to have caller id with automatic rejection of blocked calls.

MAPS RBL is faulty

Having been the unwilling participant in the MAPS RBL's insufficient adherence to protocol, I have a few things to say about them.

Not too long ago, the company I work for was blackholed because a customer sent an email to a list of people, not using our service, which contained a URL which pointed to our system. One of the people who received it was on the MAPS board. He took personal objection to this email and recommended blackholing us.

He said that he tried to contact us, but all of his excuses were entirely unsatisfactory. The fact of the matter is that if he did a 'WHOIS' on the domain in question, he would've found out that we host the domain, and could have called the number we have listed, and paged the on-call admin.

All of this took place over a weekend, in which none of the on-call staff were notified.

The MAPS RBL protocol which they follow says that the entire board has to agree to block somebody. The real truth is that it works this way:

There is a mailing list which members send 'nominate' requests to. Paul Vixie then takes the request, is supposed to double check everything, and then updates the RBL.

The reality is that a member sends a 'nominate', Paul grabs it, and posts it.

There is nothing so noble as a 'double check' or a peer review of the nominate request.

Before you stand behind the 'RBL', you should truely understand the consequences of giving control of a significant portion of the Internet, to a few, not neccessarily rational, people.

I won't post the person's name who nominated my employer, but rest assured he is not a person that I would entrust absolute power over most of the Internet, to.

Re:MAPS RBL is faulty

[mpe]

Not too long ago, the company I work for was blackholed because a customer sent an email to a list of people, not using our service, which contained a URL which pointed to our system. One of the people who received it was on the MAPS board. He took personal objection to this email and recommended blackholing us

The reason they need a review process is to stop this kind of thing being done deliberatly (to cause denial of service.)

The MAPS RBL protocol which they follow says that the entire board has to agree to block somebody.
The real truth is that it works this way:

There is a mailing list which members send 'nominate' requests to. Paul Vixie then takes the request, is supposed to double check everything, and then updates the RBL.

The reality is that a member sends a 'nominate', Paul grabs it, and posts it.

There is nothing so noble as a 'double check' or a peer review of the nominate request.

If what you describe is true (and not simply the result of someone failing to do the correct thing in a single incidence) then this should conceren people a lot.

It sounds similar to the way in which "censorware" companies claim to use people to look for dubious websites, but instead simply use glorified search engines.

Ooops...messed up that format...read this.

[Ky'dishar]

For one thing, it would require some programming in order to make a hotmail configuration web UI affect the back-end. The SMTP servers that handle incoming mail would actually have to accept connections from spammers, take the envelope address, resolve it to a user profile, retrieve the preferences and then make a decision whether to drop the connection or accept the mail. This is extra overhead that could perhaps impact the existing scalability of Hotmail.

Actually, the way I would implement this is to have the SMTP program add an extra header to these emails (ones from RBL'ed hosts) before forwarding it to the user account. Something like "X-RBLStatus = TRUE", and then have the user's filtering software sort the mail based on that header however they want.

not that close to first post!!!!

[metawronka]

not that close to first post!!!!

Jesus H Christ

[Robert+S+Gormley]

This makes me ashamed to be a slashdotter. This is NOT flamebait. I can only hope with the help of metamoderation, this guy never moderates again *wanders off because he hasn't 'MetaModerated today'* :)

Speaking of which:

[Chris+Johnson]

I have *counts* five confirmed spammer kills. That's five reports from ISPs that spammer accounts have been closed due to my reporting them.
How about a Slashdot poll:
I have

• 1-10 spammer kills
• 10-100 spammer kills
• 100-1000 spammer kills
• I am Chris King
• I am part of the problem
• Hemos is a taco!

Isn't this hypocrisy?

[Cattywampus]

...And I'm not even going to post as an A.C. ;}

First off: I hate spam as much as the next person. I've called ISPs about their spammers before.

Here's where I say "BUT"...

BUT.. I don't think the RBL is a good idea, for the same reasons that most of the Slashdot community doesn't think that things like CyberPatrol is a good idea.

How many of the ISPs tell their customers that they filter the customer's email? Not a single ISP I have ever subscribed to has disclosed that to me, a paying customer. And all of them (save 1) used the RBL.

A while back I had a fun experience with the RBL. The ISP that I use for my email account is also an upstream provider for other service providers. One of those providers, which used my ISP, had a customer which sent some spam out (the bastard, right? I agree, but he was also within the bounds of the law...). The RBL got wind of this, had their little discussion, and since they couldn't reach anyone at the spammer's provider, they decided they would just blackhole the provider's provider - my ISP. I was in the middle of trying to coordinate a move across the country at the time, and now I can't get in touch with anyone via email.

My ISP resisted this, and so it was a drawn out effort. But I support my ISP in this; they're good people, and they keep their servers configured correctly. They know what they're doing.

Their objection was that a small group of individuals does not have the right to decide who will and will not recieve email from whom. Who monitors the actions of the RBL?

A lot of individuals will bristle at the very mention of the word "Cyber Patrol", or one of its cousins. But those products, and the RBL, work the _same_way_. Except that people rally behind it, because it's "fighting spam", and spam is a big, bad, evil thing.

I don't have a problem fighting spam, but this is not the way to do it. There could just as easily be a way for individuals to download a constantly updated set of email filters, or a program a la McAfee, that would filter their email based on the latest set of spam codes. The point is, it should be an individual's responsibility to filter their own email; it shouldn't be the self-delegated responsibility of some small group of unmonitored people that decide who gets what and when.

Re:Isn't this hypocrisy?

[ahodgson]

> Who monitors the actions of the RBL?

The people who use it. If RBL subscribers aren't happy with the way it's run, they make a lot of noise and maybe stop using it. That would be bad for the RBL so, mostly, the RBL is run in a way that the majority of the subscribers agree with.

So, let's see, some wanker sends out a bunch of spam and your provider doesn't stop them. They ignore calls from the RBL and get blackholed. Which almost certainly means the wanker was allowed to send a lot of spam over an extended period of time, because the RBL rarely moves quickly.

Then your ISP is stupid enough to fight it instead of just doing the right thing and smoking the spammer like they should have done in the first place. So your mail bounces.

Sounds like the RBL's working just fine to me.

And, BTW, I always inform users what filtering mechanisms are in place on their E-mail and always, where possible, make such filtering options opt-in only. A lot of ISP's who use the RBL and other blocking methods do likewise.

--
Alan

Re:Isn't this hypocrisy?

[Cattywampus]

Now, see, this is exactly the sort of thing I was talking about. Read what I originally posted, again. My ISP had _NO_ direct contact with the spammer. They simply provided upstream access to another ISP. It was _that_ ISP's fault.

Think about it. Should the RBL blackhole everything that comes through, oh, say, UUNet, because the RBL team can't get ahold of one of UUNet's subscribing ISPs? How do you think UUNet would respond to being called up by some group of people saying, "Either you stop hosting so and so provider right now, or we won't let email from any of your users reach the inboxes of anybody who uses our service!" Doesn't that sound, in the least bit, wrong to you?

How do you make the RBL an opt-in option? To my knowledge, it's a feature of sendmail. Either it's on, or off, and you can't activate it or deactivate it on a per-user basis.

I'm happy that you notify your subscribers that their email is being filtered by a third party program resident on your server, but that still doesn't validate all of the other providers that fail to say a single thing to their users.

Re:Isn't this hypocrisy?

[mpe]

Now, see, this is exactly the sort of thing I was talking about. Read what I originally posted, again. My ISP had _NO_ direct contact with the spammer. They simply provided upstream access to another ISP. It was _that_ ISP's fault

Did this ISP have a specific set of IP addresses allocated to it. If so then surely the RBL should only have been applied to those addresses.

Re:Isn't this hypocrisy?

[ahodgson]

>"Either you stop hosting so and so provider right
>now, or we won't let email from any of your users
>reach the inboxes of anybody who uses our
>service!" Doesn't that sound, in the least bit,
>wrong to you?

No, it doesn't. That's why I subscribe to the RBL. The RBL exists to punish spammers and everyone who helps them, by cutting off their access to RBL subscribers. They go up the chain until they find someone willing to terminate the spammer and all the downstreams who are supporting the spammer. That's the only kind of pressure that works.

And, in fact, they have come very close to listing UUNet a couple of times. They did list MSN for a couple of weeks until M$ backed down. They have listed Netcom servers in the past. For the most part, they list whoever needs to be listed to stop the abuse, and it works.

> How do you make the RBL an opt-in option? To my
> knowledge, it's a feature of sendmail. Either
> it's on, or off, and you can't activate it or
> deactivate it on a per-user basis.

I use a modified version of the Obtuse SMTP daemon - www.obtuse.com - which I have modified to query a subscriber database on RBL matches (and other RBL-type services).

You can also use Exim which can be configured to insert a header into messages which match the RBL - your users can then filter on that header with procmail or their Windoze MTA's filters if desired.

-- Alan

Mailcity is so much better!

Ever since hotmail got taken over I wont even consider getting an account there. Now you just can't spam my MailCity account! The spam filtering rule is no one can sent you any mail except he/she is in your address book or you have sent them mail before - that pretty much spam free. Better still MailCity dont use cookies anymore...(unlike yahoo) Another thing is hotmail has been spammers favourite mail drop point so filtering mail coming from outside hotmail is only half as good. Forgetting spam coming from hotmail is a serious mistake.

home.com??? LOL

let me see my filtering rule: # The rest of them beam into space >>> $FILTER -A input -s 24.0.0.0/8 -d $LOCALNET -l -j DENY echo "Kick lame ISP..." whahahahahaha

Re:MAPS/ ORBS (DUL/RSS/RBL)

[mpe]

2: DUL (Dial up pools of users cannot send mail directly to your SMTP server. (Instead they should send it through their ISP's smtp server instead and it will send it along)

"Should" here disagrees with the relevent RFC's. Unless someone has yet found an RFC which says "always relay".

DUL: Stops the dial up trespassers,

As well as people running an MTA which complies with all the standards.

The scariest thing?

[Robert+S+Gormley]

This probably is accurately flame bait. Not because of the poster's words, but because it will be flamebait to at least one raving linux fundamentalist.

Dunno which is worse.

DUL is evil!

DUL is Evil Evil EVIL!!!!

Hotmail Filters Spam, Maybe not for me!

I am surprised to hear that Hotmail is using software and are claiming that a lot of the spam is been filtered out!

Frankly, I have not seen much improvement at all! I still get the usual 5-10 messages from unsolicited senders, (today I have already cleared out 5 messages) or with a completely missing heathers - a definite sign of spam or mail that is meant ot avoid standard filtering. Sometimes the messages are repeated, i.e. same message, same sender = 3 times... I do not think it was only me who recived it and when one has that multiplied by the number of users geting it, we land at a number of identical messages crying out to be qualified as spam.

What I think is M$ is palying its usual game of publicity and still selling off actve e-mail addresses of their subscribers to third parties! (as I said I suspect it and have only circumstantial proof.)

There should be a better way of spam protection! It proves expensive for me and my company as well. As they are paying for the time I'm trying to access my e-mail and/or clear out the junk in my inbox.

dzak.com

Re:Is this really shocking news? - Indeet it is...

... still not too efficient, though!

I guess you are not a Hotmail subscriber. I can copy for you the list of e-mail addresses that are barred in my account (over 90). + I have 9 out of the 10 availble filters set to deflect messages from servers that have proved to be spam originators...

Removing Hotmail from your .rc file is not the solution as there are much, much more people who are trying to send messages to friends and family than there are spammers!

One last comment: Yes, people get what they pay for, however, Hotmail may be starting to compromise itself with the amount of spam coming through. OTOH, it is the promiss of the site to let only solicited ads coming through ASWA not disclosing the e addresses of their customers, which they fail to do. A promiss is a promiss no matter what you pay for it!

dzak.com