Symantec's products are the only software I've ever seen that can take a 2Gz P5 and make it perform like a P-133. It is really nothing short of amazing how bloated and resource-intensive their products are. I'm beginning to think this is part of their anti-virus strategy: they make the system so ill-performing and unstable, no virus or worm could properly operate.
I contend that this, like so many other issues which fall in favor of corporate interests, are due to the control large companies have over the media. The voices and arguments that would have changed opinions and made elected/appointed officials more weary over cowling to special interests never get heard from. This is because the one device which guaranteed important news couldn't be stifled, and people had a right to petition to get alternative voices heard in mainstream media has been eradicated. This is the Fairness Docrine.
If the Fairness Doctrine were still being enforced by the FCC, groups that opposed this issue would have had a better opportunity to educate the public on this issue. Virtually anything that happens these days, from the Downing Street Memo, to ignored world crises, could be re-prioritized in the hearts and minds of people and their leaders if we had the Fairness Doctrine back in place.
Everyone I have been in discussions with has stated one thing clearly - AT&T is going to be moving seriously into security.
If this is true, the first thing you need to do is filter all port 25 traffic from your broadband customers that isn't going to your SMTP relays. You do this, we'll have a noticeable drop in security problems on the Internet at large. Any other thing you do is trivial. Enforce your own TOS. If you don't allow broadband users to run their own servers, then you should be stopping infected machines from becoming zombies. You have the capability to do this. It doesn't require any major upgrades. AOL did it. AT&T needs to do it.
FILTER PORT 25. If you do anything else, you'll not be taken serious. Wait a minute.. nobody takes AT&T seriously anyway, so maybe this is the first step in not being laughed at if you make claims about caring about anything other than raping customers financially.
Since a huge portion of their networks are the main source of security breaches. Maybe they can run 24-hour tickers showing the amount of spam, worms and viruses they are unable to control originating from their network, and at some point, one of their idiot executives will agree that port 25 needs to be filtered from their broadband users?
With all due respect, this isn't newsworthy, any more than it's a revelation that the stuff people don't sell at a yard sale end up in the trash, free-for-the-picking, the next day.
If anyone knows better, it's the online community, who recognizes that the mainstream media is so marginalized in terms of content, it's not worth paying attention to. This can be traced back to Reagan's veto of Fairness Doctrine. Now mainstream media and news is basically one long infomercial for cars, pills and unoriginal theatrical releases.
If any of the news networks want to make useful video available, they should remove the commentary and show the whole raw feeds, so that people without ADD can get more of the story before it gets approved for publication by their advertisers.
Is this a live stream? If so, would it even be worth watching? Granted, Dylan has lost his voice so much you might not be able to tell the difference, but I have yet to view any real-time video stream that was worth the time and effort. If Amazon really wanted to reward their customers, how about making the binary files for the DVD available for download?
Well, how about telling us _which_ lists you use then?
Right now we're using spamcop and SBL and an internal RBL we've been developing which is largely a DUL/Broadband list. We're still looking for a good community DUL list. I'd like to make ours public, but I am not going to put it online from our network for fear of attracting retribution from spammers.
SORBS got carried away and overzealous, so we had to stop using them.
There are good RBLs and bad ones. At this time, I'm not sure if SORBS is a good choice for commercial mail servers based on our experience. We started to get too many false positives and had to drop them.
First, thanks very much Steve for your tireless service to the community. We've been using your SBL for a long time and it has helped tremendously.
It really bothers me that people compare filtering to RBLs. They are really two completely different animals. RBLs *stop spammers from communicating with you* thereby keeping them from stealing bandwidth and system resources (which is the nucleus of the formula which has the capacity to make their unethical and illegal efforts economical and practical). Content-based filtering does not. It requires even more resources by the victim network and doesn't address the critical issue that is spammers' consuming a disproportionate amount of resources for the cost.
For people who choose to employ content-based filtering, good for you, but know that your efforts are not at all contributing towards the reduction of spam -- quite the opposite. RBLs however, do. They cause spammers to spend more money and time to do their spamming by moving about in IP space trying to find rogue ISPs, infecting clients and other methods to get around RBLs. The only way you stop spam is by negating the economic formula that makes spamming practical, and the only solution that does this right now are RBLs.
If Graham wants to plug filtering, that's his prerogative, but he shouldn't call himself any sort of champion in the war against spam. He's just a champion of sorting his mailbox folders.
RBL's have a tendency to turn into evangelical power mongers
The market weeds out those RBLs that aren't responsible.
However, RBLs are one of the few ways for victim networks online to put pressure on larger ISPs who are acting irresponsibly. Every single day, an RBL forces an ISP to clean up their act. That's more progress in the battle against spam than all the client-side spam-filtering software combined.
According to our Anti-Virus, Anti-Spam gateway, only 1/2 of 1% of the messages being stopped by the gateway were being stopped because they were on an RBL...
1. If the blogger doesn't allow comments, it's not worth reading.
If you want to slap stuff up and not give anyone the opportunity to comment or correct your work, chances are you're not really interested in being truthful or accurate.
Paul Graham's "essay" is a mean-spirited vengeful attack on RBLs because he's been caught in them. And ironically, he shows he's a total hypocrite by claiming the RBLs are abusing their power, all the while he abuses his own power and influence by writing a one-sided wholesale condemnation of RBLs.
I agree, his lame diatribe probably isn't worth mentioning in./, but at least on this forum we can comment on the dubious nature of his self-serving propaganda. He won't allow anyone to question his statements on his own site.
Hear that sound? That's whatever's left of Paul Graham's credibility being flushed down the toilet.
However, the best approach I've found is using RBLs. They are several orders of magnitude better than any other spam solution in terms of the resources they require for the results they deliver.
Yes, this is a never-ending arms race. But RBLs are one of the few real "solutions". Everything else is an expensive band-aid that quickly becomes obsolete and costs more to maintain and doesn't stop resource theft.
Spamcop's RBL does exactly what you're suggesting. Their automated system automatically "retires" IP addresses from the RBL after set amounts of time. It goes one step further though, and determines the suitability for longer-term inclusion on the list based on the IP's history of spamming. It works exceptionally well.
I have been the victim of the formmail exploit, and been RBL'd as a result. It was not difficult to get un-blocked. Yes, it was a hassle, but I suspect those that complain about being RBL'd, are the people that send nasty, vicious, "take me off or i'll sue you f'ing jerk!" e-mails and then wonder why they weren't removed. If you're polite with the RBL maintainers they're more than happy to cooperate. Anyone who's running an RBL that isn't reasonable, won't have anyone using their list so it doesn't matter.
If you insist, use a proxy server that's outside of DUL IP space. Problem solved.
Your ISP sucks because they haven't started filtering port 25 traffic outside of their authorized SMTP relays. I figure eventually all ISPs will do what AOL has done and restrict this activity and make the Internet a better place. It might even create a new marketplace for proxy mail services for people that do want more control.
But for right now, I am fully in support of all DUL IP space being flagged as unauthorized for SMTP traffic. It sucks if you're doing something legitimate, but until your ISP controls their idiot users, it must be done, and it's the only way to get idiot ISPs like Earthlink, Verizon and Comcast to get off their lazy asses and fix their shit.
blocking spammers via a central database just doesn't work.
If sure as hell does work!
Jun 6 00:00:00, 12099 Jun 7 00:00:00, 12747 Jun 8 00:00:00, 12980 Jun 9 00:00:00, 11971 Jun 10 00:00:00, 11942 Jun 11 00:00:00, 11251 Jun 12 00:00:00, 10502 Jun 13 00:00:01, 10528 Jun 14 00:00:00, 10404 Jun 15 00:00:00, 11037
In the last ten days, on one of my smaller mail servers, my own homebrew relay blacklist stopped 115,461 spams. This is before I run checks against spamcop and other systems.
In the past six months, I've had THREE false positives. That's it.
You don't know what you're talking about. RBLs work. I have years of stats and many happy clients because of it, and I've saved tens of thousands of dollars in bandwidth and resources by using RBLs.
DUL IP space, cable users, DSL and the like should be wholesale RBL'd. If you disagree, that's probably because you enjoy hanging a linux box off your cable connection, but you're stuck among a zillion zombied PCs and using an irresponsible ISP who isn't controlling unauthorized activity on their network. That's not my problem. You have work-arounds you can do using proxies. I see nothing wrong with blocking huge IP space and then whitelisting individual legitimate relays. It's the way to do it and it WORKS!
I swear by them and I've tried every conceivable spam solution and continue to do so. I've been running large scale Internet servers for more than ten years.
RBLs do one thing that no other solution addresses: They counter the theft of resources by spammers. All other anti-spam solutions require even more resources to stop spam and do very little to curtail spammer's theft of bandwidth. So ironically, ISPs end up spending more money and resources in the process of dealing with the flak from spammers' theft of bandwidth and resources.
I've had to implement mail servers that are 4-5 times more hefty than my legitimate mail needs, just to maintain base services for my clients. That's bullshit, and that's because spammers steal resources. I'm sure as hell not going to spend even more money to stop spam when it doesn't put a dent in the real issue of spammers wasting bandwidth and network connections. RBLs shut spammers down quickly and keep them from wasting my system resources.
Spammers hate RBLs more than anything else. It's the one solution that lets them know their crap isn't getting through. Nothing else does.
Sure, I've ended up on RBLs, but it's not difficult to get removed. In the past, I've gone on rampages when things like this happen, but time has weeded out the irresponsible RBLs and made it easier. Anybody who complains about RBLs probably engages in questionable SMTP traffic on occasion. I've never met anybody who really had a problem with them unless they were violating the TOS of their ISP in the first place. This especially goes for broadband customers who throw up servers in DUL IP space and get their panties in a wad because they realize their homebrew SMTP server, however legitimate, is being RBL'd. Most of those people are violating their ISPs terms of service by doing so, and if they're not and they're caught in an RBL because they're intermixed among IP space held by moron, worm-infected broadband users, it's their ISPs fault, NOT the RBLs.
You stop spam by:
1. Enforcing existing laws on the books - almost all spammers are violating the plethora of existing computer tampering and mail abuse laws - problem is they're not being enforced.
2. Whitelisting SMTP relays. Nobody wants to talk about it, but this is the future. It WILL happen, especially if we move to IPv6, which will create a huge nightmare in terms of tracking spammers. SMTP licensing and whitelisting will work, but it's a four-letter word people don't want to talk about until things get worse.
3. RBLs are the next-best thing to whitelisting. You blacklist irresponsible IP blocks and refuse to allow SMTP traffic from them. It's the ONLY way to force bad ISPs and administrators to stop polluting the Internet.
I was around when SMTP relays used to be wide open by default. There was a time when anybody could use anybody's relay, then the spammers came along and ruined it. Shortly thereafter, it was the RBLs that forced admins to close their SMTP servers - everybody hated it, but now it's the accepted practice. RBLs have done more to enforce responsible Internet use than almost any other service. They're here to stay.
This is due to AOL filtering port 25 traffic on their network, which is the primary way these worms propagate.
If Comcast, Verizon and others started filtering all SMTP traffic from their DUL customers (except traffic to their authorized relays), the infection rate of PCs would drop exponentially.
Despite what the report may indicate, AOL has one of the best anti-spam processes of any major ISP. Even Earthlink, which constantly advertises about how much they care about stopping spam, still lets their customers' zombie PCs reign terror via SMTP.
Probably the reason why there's more DoS traffic from AOL is because the infected PCs can't be repurposed to further propagate the worms via SMTP.
Who is publishing the best DUL/Broadband RBL?
on
Zombie Report By ISP
·
· Score: 1
The main way these worms spread is via e-mail and I've found one of the best long-term ways to stop it is to refuse any port 25 traffic from broadband IP space (that shouldn't be running a mail relay).
I know MAPs has a good DUL list, but I refuse to pay a fee to try their RBL without first seeing if it will affect my clients' legitimate e-mail, so does anyone have any good sources for free DUL RBLs?
IMO, all legitimate mail relays should refuse SMTP traffic from cable, dsl and other inappropriate IP space. This would substantially halt the infection and creation of zombie PCs. I'm asking if anyone out there can share their experience with RBLs of this type and which ones they use?
If I recall my reading of the so-called CanSpam act, only ISPs can bring suits against spammers.
You're wrong. And this isn't about spam. It's about computer tampering, which has been a crime since before the Internet. People who break into other peoples' computers and compromise them are breaking laws. (Port scanning may or may not be criminal, but it's the precursor to criminal activity) I'm just pointing out that the most significant group doing this are obviously the spammers. Anyone who is paying attention can see that, and they are clearly breaking the law. If you break in and take over someone else's computer, that's a felony.
Unfortunately, we probably won't see law enforcement do anything about it until a spammer accidently breaks into the computer that contains the formula for McDonald's special sauce.
Every state has laws like this:
Breaking into someone's computer may seem like fun, but the consequences are not: Under the Arizona Computer Crime Act of 2000, computer tampering is a felony. Offenders can face up to 12½ years in prison and fines of up to $150,000.
Next time back up your brain-dead claims with something.
Anonymous COWARD. You must be a spammer, and that's why you're so offended by my message. Why don't you show your identity?
There's plenty of stats and information to back up these claims. Most domestic spam is originating from compromised computers being used as unauthorized SMTP relays.
You want evidence? Check your e-mail you stupid moron. Look at the headers of the spam you receive. Notice how a significant chunk of it comes from comcast, verizon, cox cable, TDE, and other broadband IP space. These are end users who have been infected with worms that have turned their boxes into proxies. These dumbass ISPs refuse to filter port 25 on their networks so they're ripe for being taken over by spammers, and the spammers, in an effort to thwart relay blacklists (which are THE ONLY current anti-spam solution which is affecting their efforts) must continually compromise third-party computers to send out their junk mail.
You don't see much spam from AOL any more. Know why? They filter port 25. If more ISPs did this, then you'd also see a significant reduction in port scanning on popular backbone networks because the reason they portscan is to find machines to zombie spam.
Keep spamming... you're going to get caught eventually.. provided people demand their District Attorneys start prosecuting scumbags like you who willfully break the law and steal other peoples' resources.
The first problem is the pervasive use of C and C++, which makes systems unnecessarily prone to buffer overflows and related problems. C and C++ programmers keep saying that they can handle it, but it is obvious that they can't.
Bad programming is bad programming. You can write vulnerable code in ANY language.
Take some responsibility for things instead of blaming everything on the environment.
Windows is badly designed and badly implemented. These same people, designing the same type of system in a different language would likely create the same problems.
It's a fallacy that ignorant kids are behind the port scanning.
It's spammers. It's professional organized crime. I believe the majority of these port scanning and worm/virus propagation is going on by organized groups looking to take over peoples' computers for the purpose of finding new IP space from which they can send unsolicited e-mail. If there are any script kiddies, they are a fraction of a fraction of the percentage of the traffic.
My systems are constantly under probe attacks and port scans. The majority of these attacks originate from rogue IP space in China, Korea, and other areas that appear to be more liberal in doing business with the spammer organized crime contingent.
At this point, I don't see technology making much difference. This is a political and enforcement issue.
My advice is to contact your local District Attorney and demand that they start prosecuting computer tampering cases. We know these people are ultimately in the U.S. and can be caught even if they route from around the globe. We know they're breaking laws and can be prosecuted. We have laws in effect right now - we don't need more laws. We need enforcement and government authorities who WILL ENFORCE THE LAW AND STOP THESE PEOPLE. You can't count on ISPs to help since they profit from bandwidth consumption; you can't count on corporations to help, they are scared of any attempt to curtail cyber marketing of any sort. You must start on a local level and demand that the judicial and enforcement branches go after these criminals.
First off, as a rule of thumb, I do not use public terminals for anything that needs to be secure. It's too easy to carry a laptop around and jack in using ssh.
That being said, an interesting approach to addressing this problem could be via the use of a signal system using a CGI script to temporarily set a particular password. For example, you write a CGI script that is called with certain parameters that "seed" a password that only you know. You call the cgi script, it changes the password of a particular account (I like using additional variables like time-of-day numbers to seed the password), then you log in and when you're done, you call the cgi script again with a code to reset to the password. It wouldn't be difficult to integrate this into a web server or some other listener. The keylogger would be useless.. even if it captured everything, there would be a formula that only you know, integrated into the cgi script that would never be revealed during the transaction.
I stopped playing EQ before the last expansion came out. Our uber guild fell apart when EQ2 launched and things got so bad many servers merged to deal with the large losses of players. It was hard enough playing the high-end game before, I don't see any reason to pick EQ back up again. I still have friends who are playing EQ2 but it's just the same hamster wheel with a little more shiny chrome on it.
Slashdot Mirror
Symantec's products are the only software I've ever seen that can take a 2Gz P5 and make it perform like a P-133. It is really nothing short of amazing how bloated and resource-intensive their products are. I'm beginning to think this is part of their anti-virus strategy: they make the system so ill-performing and unstable, no virus or worm could properly operate.
I contend that this, like so many other issues which fall in favor of corporate interests, are due to the control large companies have over the media. The voices and arguments that would have changed opinions and made elected/appointed officials more weary over cowling to special interests never get heard from. This is because the one device which guaranteed important news couldn't be stifled, and people had a right to petition to get alternative voices heard in mainstream media has been eradicated. This is the Fairness Docrine.
If the Fairness Doctrine were still being enforced by the FCC, groups that opposed this issue would have had a better opportunity to educate the public on this issue. Virtually anything that happens these days, from the Downing Street Memo, to ignored world crises, could be re-prioritized in the hearts and minds of people and their leaders if we had the Fairness Doctrine back in place.
Everyone I have been in discussions with has stated one thing clearly - AT&T is going to be moving seriously into security.
If this is true, the first thing you need to do is filter all port 25 traffic from your broadband customers that isn't going to your SMTP relays. You do this, we'll have a noticeable drop in security problems on the Internet at large. Any other thing you do is trivial. Enforce your own TOS. If you don't allow broadband users to run their own servers, then you should be stopping infected machines from becoming zombies. You have the capability to do this. It doesn't require any major upgrades. AOL did it. AT&T needs to do it.
FILTER PORT 25. If you do anything else, you'll not be taken serious. Wait a minute.. nobody takes AT&T seriously anyway, so maybe this is the first step in not being laughed at if you make claims about caring about anything other than raping customers financially.
Since a huge portion of their networks are the main source of security breaches. Maybe they can run 24-hour tickers showing the amount of spam, worms and viruses they are unable to control originating from their network, and at some point, one of their idiot executives will agree that port 25 needs to be filtered from their broadband users?
With all due respect, this isn't newsworthy, any more than it's a revelation that the stuff people don't sell at a yard sale end up in the trash, free-for-the-picking, the next day.
If anyone knows better, it's the online community, who recognizes that the mainstream media is so marginalized in terms of content, it's not worth paying attention to. This can be traced back to Reagan's veto of Fairness Doctrine. Now mainstream media and news is basically one long infomercial for cars, pills and unoriginal theatrical releases.
If any of the news networks want to make useful video available, they should remove the commentary and show the whole raw feeds, so that people without ADD can get more of the story before it gets approved for publication by their advertisers.
Is this a live stream? If so, would it even be worth watching? Granted, Dylan has lost his voice so much you might not be able to tell the difference, but I have yet to view any real-time video stream that was worth the time and effort. If Amazon really wanted to reward their customers, how about making the binary files for the DVD available for download?
Well, how about telling us _which_ lists you use then?
Right now we're using spamcop and SBL and an internal RBL we've been developing which is largely a DUL/Broadband list. We're still looking for a good community DUL list. I'd like to make ours public, but I am not going to put it online from our network for fear of attracting retribution from spammers.
SORBS got carried away and overzealous, so we had to stop using them.
There are good RBLs and bad ones. At this time, I'm not sure if SORBS is a good choice for commercial mail servers based on our experience. We started to get too many false positives and had to drop them.
First, thanks very much Steve for your tireless service to the community. We've been using your SBL for a long time and it has helped tremendously.
It really bothers me that people compare filtering to RBLs. They are really two completely different animals. RBLs *stop spammers from communicating with you* thereby keeping them from stealing bandwidth and system resources (which is the nucleus of the formula which has the capacity to make their unethical and illegal efforts economical and practical). Content-based filtering does not. It requires even more resources by the victim network and doesn't address the critical issue that is spammers' consuming a disproportionate amount of resources for the cost.
For people who choose to employ content-based filtering, good for you, but know that your efforts are not at all contributing towards the reduction of spam -- quite the opposite. RBLs however, do. They cause spammers to spend more money and time to do their spamming by moving about in IP space trying to find rogue ISPs, infecting clients and other methods to get around RBLs. The only way you stop spam is by negating the economic formula that makes spamming practical, and the only solution that does this right now are RBLs.
If Graham wants to plug filtering, that's his prerogative, but he shouldn't call himself any sort of champion in the war against spam. He's just a champion of sorting his mailbox folders.
RBL's have a tendency to turn into evangelical power mongers
The market weeds out those RBLs that aren't responsible.
However, RBLs are one of the few ways for victim networks online to put pressure on larger ISPs who are acting irresponsibly. Every single day, an RBL forces an ISP to clean up their act. That's more progress in the battle against spam than all the client-side spam-filtering software combined.
According to our Anti-Virus, Anti-Spam gateway, only 1/2 of 1% of the messages being stopped by the gateway were being stopped because they were on an RBL...
You're using sucky RBL's.
My rate is somewhere around 97%
1. If the blogger doesn't allow comments, it's not worth reading.
./, but at least on this forum we can comment on the dubious nature of his self-serving propaganda. He won't allow anyone to question his statements on his own site.
If you want to slap stuff up and not give anyone the opportunity to comment or correct your work, chances are you're not really interested in being truthful or accurate.
Paul Graham's "essay" is a mean-spirited vengeful attack on RBLs because he's been caught in them. And ironically, he shows he's a total hypocrite by claiming the RBLs are abusing their power, all the while he abuses his own power and influence by writing a one-sided wholesale condemnation of RBLs.
I agree, his lame diatribe probably isn't worth mentioning in
Hear that sound? That's whatever's left of Paul Graham's credibility being flushed down the toilet.
I've done most of what you've done as well.
However, the best approach I've found is using RBLs. They are several orders of magnitude better than any other spam solution in terms of the resources they require for the results they deliver.
Yes, this is a never-ending arms race. But RBLs are one of the few real "solutions". Everything else is an expensive band-aid that quickly becomes obsolete and costs more to maintain and doesn't stop resource theft.
Spamcop's RBL does exactly what you're suggesting. Their automated system automatically "retires" IP addresses from the RBL after set amounts of time. It goes one step further though, and determines the suitability for longer-term inclusion on the list based on the IP's history of spamming. It works exceptionally well.
I have been the victim of the formmail exploit, and been RBL'd as a result. It was not difficult to get un-blocked. Yes, it was a hassle, but I suspect those that complain about being RBL'd, are the people that send nasty, vicious, "take me off or i'll sue you f'ing jerk!" e-mails and then wonder why they weren't removed. If you're polite with the RBL maintainers they're more than happy to cooperate. Anyone who's running an RBL that isn't reasonable, won't have anyone using their list so it doesn't matter.
Don't run SMTP in DUL space. Simple as that.
If you insist, use a proxy server that's outside of DUL IP space. Problem solved.
Your ISP sucks because they haven't started filtering port 25 traffic outside of their authorized SMTP relays. I figure eventually all ISPs will do what AOL has done and restrict this activity and make the Internet a better place. It might even create a new marketplace for proxy mail services for people that do want more control.
But for right now, I am fully in support of all DUL IP space being flagged as unauthorized for SMTP traffic. It sucks if you're doing something legitimate, but until your ISP controls their idiot users, it must be done, and it's the only way to get idiot ISPs like Earthlink, Verizon and Comcast to get off their lazy asses and fix their shit.
blocking spammers via a central database just doesn't work.
If sure as hell does work!
Jun 6 00:00:00, 12099
Jun 7 00:00:00, 12747
Jun 8 00:00:00, 12980
Jun 9 00:00:00, 11971
Jun 10 00:00:00, 11942
Jun 11 00:00:00, 11251
Jun 12 00:00:00, 10502
Jun 13 00:00:01, 10528
Jun 14 00:00:00, 10404
Jun 15 00:00:00, 11037
In the last ten days, on one of my smaller mail servers, my own homebrew relay blacklist stopped 115,461 spams. This is before I run checks against spamcop and other systems.
In the past six months, I've had THREE false positives. That's it.
You don't know what you're talking about. RBLs work. I have years of stats and many happy clients because of it, and I've saved tens of thousands of dollars in bandwidth and resources by using RBLs.
DUL IP space, cable users, DSL and the like should be wholesale RBL'd. If you disagree, that's probably because you enjoy hanging a linux box off your cable connection, but you're stuck among a zillion zombied PCs and using an irresponsible ISP who isn't controlling unauthorized activity on their network. That's not my problem. You have work-arounds you can do using proxies. I see nothing wrong with blocking huge IP space and then whitelisting individual legitimate relays. It's the way to do it and it WORKS!
The BOTTOM LINE is that RBL's work.
I swear by them and I've tried every conceivable spam solution and continue to do so. I've been running large scale Internet servers for more than ten years.
RBLs do one thing that no other solution addresses: They counter the theft of resources by spammers. All other anti-spam solutions require even more resources to stop spam and do very little to curtail spammer's theft of bandwidth. So ironically, ISPs end up spending more money and resources in the process of dealing with the flak from spammers' theft of bandwidth and resources.
I've had to implement mail servers that are 4-5 times more hefty than my legitimate mail needs, just to maintain base services for my clients. That's bullshit, and that's because spammers steal resources. I'm sure as hell not going to spend even more money to stop spam when it doesn't put a dent in the real issue of spammers wasting bandwidth and network connections. RBLs shut spammers down quickly and keep them from wasting my system resources.
Spammers hate RBLs more than anything else. It's the one solution that lets them know their crap isn't getting through. Nothing else does.
Sure, I've ended up on RBLs, but it's not difficult to get removed. In the past, I've gone on rampages when things like this happen, but time has weeded out the irresponsible RBLs and made it easier. Anybody who complains about RBLs probably engages in questionable SMTP traffic on occasion. I've never met anybody who really had a problem with them unless they were violating the TOS of their ISP in the first place. This especially goes for broadband customers who throw up servers in DUL IP space and get their panties in a wad because they realize their homebrew SMTP server, however legitimate, is being RBL'd. Most of those people are violating their ISPs terms of service by doing so, and if they're not and they're caught in an RBL because they're intermixed among IP space held by moron, worm-infected broadband users, it's their ISPs fault, NOT the RBLs.
You stop spam by:
1. Enforcing existing laws on the books - almost all spammers are violating the plethora of existing computer tampering and mail abuse laws - problem is they're not being enforced.
2. Whitelisting SMTP relays. Nobody wants to talk about it, but this is the future. It WILL happen, especially if we move to IPv6, which will create a huge nightmare in terms of tracking spammers. SMTP licensing and whitelisting will work, but it's a four-letter word people don't want to talk about until things get worse.
3. RBLs are the next-best thing to whitelisting. You blacklist irresponsible IP blocks and refuse to allow SMTP traffic from them. It's the ONLY way to force bad ISPs and administrators to stop polluting the Internet.
I was around when SMTP relays used to be wide open by default. There was a time when anybody could use anybody's relay, then the spammers came along and ruined it. Shortly thereafter, it was the RBLs that forced admins to close their SMTP servers - everybody hated it, but now it's the accepted practice. RBLs have done more to enforce responsible Internet use than almost any other service. They're here to stay.
This is due to AOL filtering port 25 traffic on their network, which is the primary way these worms propagate.
If Comcast, Verizon and others started filtering all SMTP traffic from their DUL customers (except traffic to their authorized relays), the infection rate of PCs would drop exponentially.
Despite what the report may indicate, AOL has one of the best anti-spam processes of any major ISP. Even Earthlink, which constantly advertises about how much they care about stopping spam, still lets their customers' zombie PCs reign terror via SMTP.
Probably the reason why there's more DoS traffic from AOL is because the infected PCs can't be repurposed to further propagate the worms via SMTP.
The main way these worms spread is via e-mail and I've found one of the best long-term ways to stop it is to refuse any port 25 traffic from broadband IP space (that shouldn't be running a mail relay).
I know MAPs has a good DUL list, but I refuse to pay a fee to try their RBL without first seeing if it will affect my clients' legitimate e-mail, so does anyone have any good sources for free DUL RBLs?
IMO, all legitimate mail relays should refuse SMTP traffic from cable, dsl and other inappropriate IP space. This would substantially halt the infection and creation of zombie PCs. I'm asking if anyone out there can share their experience with RBLs of this type and which ones they use?
You're wrong. And this isn't about spam. It's about computer tampering, which has been a crime since before the Internet. People who break into other peoples' computers and compromise them are breaking laws. (Port scanning may or may not be criminal, but it's the precursor to criminal activity) I'm just pointing out that the most significant group doing this are obviously the spammers. Anyone who is paying attention can see that, and they are clearly breaking the law. If you break in and take over someone else's computer, that's a felony.
Unfortunately, we probably won't see law enforcement do anything about it until a spammer accidently breaks into the computer that contains the formula for McDonald's special sauce.
Every state has laws like this:
Here's a list of computer crime laws by state
Here's info on Federal computer crime laws
Also see:
Next time back up your brain-dead claims with something.
Anonymous COWARD. You must be a spammer, and that's why you're so offended by my message. Why don't you show your identity?
There's plenty of stats and information to back up these claims. Most domestic spam is originating from compromised computers being used as unauthorized SMTP relays.
You want evidence? Check your e-mail you stupid moron. Look at the headers of the spam you receive. Notice how a significant chunk of it comes from comcast, verizon, cox cable, TDE, and other broadband IP space. These are end users who have been infected with worms that have turned their boxes into proxies. These dumbass ISPs refuse to filter port 25 on their networks so they're ripe for being taken over by spammers, and the spammers, in an effort to thwart relay blacklists (which are THE ONLY current anti-spam solution which is affecting their efforts) must continually compromise third-party computers to send out their junk mail.
You don't see much spam from AOL any more. Know why? They filter port 25. If more ISPs did this, then you'd also see a significant reduction in port scanning on popular backbone networks because the reason they portscan is to find machines to zombie spam.
Keep spamming... you're going to get caught eventually.. provided people demand their District Attorneys start prosecuting scumbags like you who willfully break the law and steal other peoples' resources.
The first problem is the pervasive use of C and C++, which makes systems unnecessarily prone to buffer overflows and related problems. C and C++ programmers keep saying that they can handle it, but it is obvious that they can't.
Bad programming is bad programming. You can write vulnerable code in ANY language.
Take some responsibility for things instead of blaming everything on the environment.
Windows is badly designed and badly implemented. These same people, designing the same type of system in a different language would likely create the same problems.
It's a fallacy that ignorant kids are behind the port scanning.
It's spammers. It's professional organized crime. I believe the majority of these port scanning and worm/virus propagation is going on by organized groups looking to take over peoples' computers for the purpose of finding new IP space from which they can send unsolicited e-mail. If there are any script kiddies, they are a fraction of a fraction of the percentage of the traffic.
My systems are constantly under probe attacks and port scans. The majority of these attacks originate from rogue IP space in China, Korea, and other areas that appear to be more liberal in doing business with the spammer organized crime contingent.
At this point, I don't see technology making much difference. This is a political and enforcement issue.
My advice is to contact your local District Attorney and demand that they start prosecuting computer tampering cases. We know these people are ultimately in the U.S. and can be caught even if they route from around the globe. We know they're breaking laws and can be prosecuted. We have laws in effect right now - we don't need more laws. We need enforcement and government authorities who WILL ENFORCE THE LAW AND STOP THESE PEOPLE. You can't count on ISPs to help since they profit from bandwidth consumption; you can't count on corporations to help, they are scared of any attempt to curtail cyber marketing of any sort. You must start on a local level and demand that the judicial and enforcement branches go after these criminals.
First off, as a rule of thumb, I do not use public terminals for anything that needs to be secure. It's too easy to carry a laptop around and jack in using ssh.
That being said, an interesting approach to addressing this problem could be via the use of a signal system using a CGI script to temporarily set a particular password. For example, you write a CGI script that is called with certain parameters that "seed" a password that only you know. You call the cgi script, it changes the password of a particular account (I like using additional variables like time-of-day numbers to seed the password), then you log in and when you're done, you call the cgi script again with a code to reset to the password. It wouldn't be difficult to integrate this into a web server or some other listener. The keylogger would be useless.. even if it captured everything, there would be a formula that only you know, integrated into the cgi script that would never be revealed during the transaction.
I stopped playing EQ before the last expansion came out. Our uber guild fell apart when EQ2 launched and things got so bad many servers merged to deal with the large losses of players. It was hard enough playing the high-end game before, I don't see any reason to pick EQ back up again. I still have friends who are playing EQ2 but it's just the same hamster wheel with a little more shiny chrome on it.