> Kind of like Kevin Mitnick doing network security....WAIT A MINUTE!
I'd trust Kevin Mitnick with my network before I'd trust anyone from Doubleclick with my privacy.
The difference between Mitnick and Doubleclick? Only one of 'em is a lying shitweasel whose sole reason for existence is to the invasion of your privacy through clever social engineering.
SCO releases brand-new Linux for brand-new CPU! DoubleClick now in charge of privacy! AOL now the Good Guys for suing spammers, and Australia about to ban all spam! Feral robot dogs run amok!
If Baghdad Bob hanged himself the other day, he obviously made it to heaven, and God must have left the Reality Machine unattended.
> More likely create some super mutant virus as a result of gene therapy research. THAT is what will kill us all.
Goddamn Eukaryotes.
We methanogenic Archaea had a perfectly good thing going until one of our experiments got out of hand and ruined the whole damn planet for everyone. Now the last habitable space is around these frickin' deep-sea vents.
Payback's comin', and it's gonna be a bitch, man. Just you wait until a few billion years when that frickin' yellow star of yours starts to heat back up again! Oh yeah, just you wait...
> Hey, if you read the article then you would have understood Sir Martin Rees's reasons for recommending self-censorship. Here's a sample paragraph: > > "Some experiments could conceivably threaten the entire Earth," he writes. "How close to zero should the claimed risk be before such experiments are sanctioned?" > >
He isn't talking about research that has potentially dangerous applications if it falls into the "wrong" hands, he's talking about potentially dangerous experiments. The kind of experiments where something going wrong could, say, create a minature black hole and thus destroy the planet.
> >
When you're talking about an experiment going that wrong then you don't really give a damn who's
performing it, "them" or "us".
Hey, if you look at cave paintings then you would grok Shaman Roa's big think for banish Caveman Og:
"Og's big fire think scary. Fire could burninate entire grassland where tribe hunt all meat things", Roa speak. "Fire come from Gods, not tribe! Roa know Gods, Roa eat happy mushrooms, talk to Gods every day! Og not talk to Gods, he too busy with fire think. Roa not want Og make Gods angry with two stick rubbing thing! Tell Og put sticks down!"
Og's fire think not scary-but-good because fire keep tigers away at night. What if Gods angry, make Og drop fire? Og burninate all grass! No grass, no antelope, no fruit! Whole world burninate! Like three rainy season ago when Gods sent fire from sky, burninated grassland! Half of tribe starve!
Og's fire think bad. Roa know! If Og not care what Roa think, Shaman Roa say send Og away forever!
> An interesting approach to online RPGs: throw away the Massively Multiplayer aspect. It's possible (in my mind anyways) that this is just an unattainable fantasy, to have a fluid, engrossing, plot-driven world where everyone is a character.
/me screams through the flames "the Heretic speaks the truth!"
The best "multiplayer" RPGs, plot-wise, were the single-player Wizardry series. One player commands six people. The first week, it always seems weird - these guys are cannon fodder, these guys are generic spellcasters. The second week, it sorta gels that they're working together. Fred's the guy who's mean with the sword, Zapp's workin' on the polearm. By the end of the third week, all six have their own (imaginary) personalities and the party just wouldn't be the same without 'em.
If I'm gonna play an online multiplayer RPG, let it be with three of my friends from meatspace, the four of us taking on the world, to emerge as heroes a month later... only to re-roll and do it all over again as another party if the adventure was good enough the first time.
The idea of being an anonymous luzer scraping out a living killing orcs in a vast countryside teeming with 100,000 other anonymous orc-killing luzers... shit, if I wanted that, I'd play The Sims Online... or I'd just drop the RPGing and stick to real life.
> In "Revenge of the Nerds," Woz tells the story of phreaking his way to Vatican City and trying to get the pope on the line, claiming to be Kissinger (IIRC) > Do you have a favorite story, either because of the people involved, the tech (high tech or low tech) used, or the problems solved along the way?
Along those lines:
What do you consider the most outrageous hack you *did* perform, and likewise, what's the most outlandish hack you *didn't* do, but the media falsely ascribed to you out of fear and ignorance?
(For instance, Mitnick would probably list one of his many feats of social engineering as his "greatest hack", and his mythical ability to start World War III by whistling into a telephone as the most amazing ability falsely ascribed to him.)
P.S. I was born too late to even think about getting into boxing, but you were still an inspiration. *waves soldering iron* Thanks for being one of the guys whose ideas got me started on my way to a great career in tech.
> Accounting investigations usually refer to SEC regulators, who are concerned with public companies. I can't imagine that there are many public companies engaging in pr0n/scam spamming!
As opposed to, say, Worldcon (uu.net), Verio, Rackspace, XO, and Level3. Nope, none of those fine upstanding companies would knowingly host spammers or have questionable accounting, no sirree!
(It's a lie! The SEC investigators are not in the corner office! Our glorious accountants have shredded everything! Our boss was just play-acting some sort of role-playing-arrest thing at the corner office, that's why he had those fake plastic handcuffs on...)
> This is yet another lie. These companies did not send any spam. Today we slaughtered them in the airport.
Y'know, I think we've got a job for you after the war. As part of the terms of ceasefire, you'll be required to make good on just one of your pronouncements. Please, God, let it be that one. *g*
Block outbound port 25 by default. Turn it back on by request.
99% of your users have neither the intention nor the desire to run their own SMTP server. They'll use your mail server - that is, they'll talk POP or a similar protocol to whatever server you set up for them. That's enough for them - they just want email, and they'd rather not have to provide it for themselves.
The other 1% of your users are smart and clued enough to set up their own mail servers, and probably have legitimate reasons to do so.
Now, back to your 99% who have no intention of talking on port 25, anywhere. Of them, 10% of your users probably will set up an open proxy, or run an open wireless node. Whether they do so with malicious intent (unlikely) or out of ignorance (highly likely!!) doesn't matter.
What matters is the fact that these nodes will be abused by spammers.
So, if you want the 1% of your geeky-and-clued customers to be able to send email to the rest of the world from their own MTA, it's up to you to make sure that the 10% of your clueless customers can't.
Otherwise, expect your users - clued and clueless alike - will be talkin' to the 550 like 24.0.0.0/8, 4.0.0.0/8, 12.0.0.0/8, and 200.0.0.0/6, four big chunks of netspace I - and others - don't wanna hear from, because they have a million open proxies spewing spam for every legitimate customer.
I'm not saying block outbound port 25 for everyone. I'm saying block it by default, and lift the block for anyone who calls the support center and says "I can't send mail. Yes I'm running my own mail server, and I need to run my own mail server for $REASON", where $REASON is basically anything other than "The guy who sold me the Millions Of Addresses CD said port 25 blocking was censorship!":-)
> "We" didn't do this to ourselves, our broadband ISPs intentionally proliferated this. I've had @Home, ATTBI, Comcast, and now SBC. Not a *one* of them was willing to even mention to me that security is an issue much less take any responsibility for protecting me in any way shape or form. "You've got a firewall? I'm sorry, I can't help you with that. I also can't help you with any other problem until you disable it." "You've got a router? That's not supported and may be against our rules." > >You can't expect Ma & Pa to even know these issues exist. The providers have failed in a very fundamental way to give their users what they've been promised.
A very valid point.
The optimal solution would be to educate Ma & Pa and tell them how to secure their boxen. That's likely to be viewed as cost-prohibitive by the ISPs.
The next-optimal solution would be to not educate Ma & Pa, but to portscan them and to warn them if and only if they're running an open proxy/relay/WAP point (because Ma & Pa might just leave a Win9x box up, running no services, which is pretty harmless), and/or to transparently proxy outbound port 25 traffic from their box to the central mail server a'la AOL. Ma & Pa can remain clueless, and the expense of this is minimal.
My "solution" of blocking port 25 is yet-more-suboptimal, but it has the one virtue of being even cheaper for the broadband ISP to implement. That makes its likelihood "1%" as opposed to "0%".:)
The current solution - which is no solution at all - is to let the broadband luzers spam with imputiny. That's the truly zero-cost solution for the ISP in the short term, but has a great long term cost. I only hope that AOL's action serves as a wakeup call - if you sell broadband, your failure to police your users makes your product less valuable.
For the record - I've got assloads of rr.com, comcast.com, sbcglobal.net, pacbell.net, verizon-dsl.net, and attbi.com spew. Unless speakeasy is leasing their lines from the above and reporting that as their rDNS, someone's doing it right.
Basically, when identifying information is not munged out of the abuse report, sometimes the spam stops. When identifying information is munged, the spam continues.
Picking just one spammer as an example, googling on rackspace 1514 reveals a pattern of spam support on a SPEWS-listed spamhaus as far back as June 2002. Their abuse department cannot possibly claim they're unaware.
I conclude that for some of Rackspace's customers, reporting spam is counterproductive, in that for these customers, Rackspace appears to be more interested in helping the spammers listwash in order to cut down on the volume of complaints received in the future - not in cutting down on the volume of spam gushing forth from Rackspace's netblocks.
> The really funny thing is that I got Slashdot's email-notification of your post, and there was a Rackspace ad in it
Hey, if Rackspace is paying the freight to keep/. up and running, that's fine. Doesn't mean I'm gonna accept SMTP connections from them, though:)
> Here are the top 10 sources of spam sent to my domain over a recent 8-day period:
No, those are the top 10 domains forged into the From: or Reply-To: headers of your spam.
Look at the IP address in the first Received: line of your spam.
Betcha most of it's from 24.0.0.0/8 (rr.com and other cablemodems), 4.0.0.0/8 (BBN/Genuity/LVLT/dsl-verizon.net or whatever residential broadband slumfest inhabits there this week), 12.0.0.0/8 (attbi.com and more AT&T stuff), or 200.0.0.0/6. (200,201 = South America / LACNIC, mostly DSLuzers, 202,203 = some of China)
Betcha a good chunk of the rest is also from residential broadband in smaller netblocks with cogeco, cogentco, or other rr.com / AOLTW, and/or attbi.com references in the rDNS.
> If I ever start thinking that way, I'll probably grab a server out at Rackspace and blow the $300/month or whatever it is.
Rackspace?
Probably the only chunk of netspace that's even more blocked than AOL. Check their SPEWS records - Rackspace is blocked on my box because they've been in the spam-hosting business for as far back as I can remember.
Despite months of 550s, I still get dreck from Rackspace-supported spammer S1514 every day or so
> Its sad, but the majority of broadband users have forced this action.
*applause*
It's partially the fault of the residential lusers, but it's largely the fault of their ISPs' negligence/
If ISPs had blocked outbound port 25 from residential broadband from Day One -- the same way they were already blocking outbound port 25 for residential dialup cusomters -- we wouldn't have this problem.
By default, port 25 should have been blocked on residential DSL and cable modems.
That would rid the world of spam bounced off open proxies from the 99.9% of residential broadband (l)users who have neither the desire nor the intention to talk SMTP through anything other than their ISP's central mail server.
You're a user, not a (l)user? You wanna run an SMTP server on your own? Call your ISP and ask for the block to be removed, and voila, it's removed.
The ISPs had a choice: Block port 25 and hire 100 call center serfs to unblock on request, or not block port 25 and hire 10000 abuse desk serfs to deal with the deluge of spam. (Result: ISP pays to hire 100 people, and you do get to run your own mail server, because traffic from your netblocks is still worth listening to.)
The ISPs choose poorly - With a budget to hire 100, they hired a woefully inadequate number of abuse desk serfs, and ignored the rest of the complaints.
The result - your ISP is still out the costs of hiring 100 drones, but I'm deluged with spam, and 4.0.0.0/8, 200.0.0.0/6, 12.0.0.0/8, and 24.0.0.0/8, along with others, are netblocka-non-grata. You wanna talk to my port 25? Talk to the 550, man, because your ISPs negligence (in protecting my inbox from the predictable cluelessness of your neighbors) ensured that my MTA ain't gonna be listening.
> > I do not know what the language of the year 2000 will look like, but it will be called FORTRAN. >
> FORTRAN programmers can ONLY write FORTRAN in any language. > Real programmer write real programs in languages that fit the task.
So we'd all better start using
feckfeck today, huh?:)
> there's no way in hell the parent post is real. none. nada. nil. zip. zilch. zero. the big goose egg.
Perhaps it is, perhaps not. I just know that a large proportion of my spamload is coming from residential broadband users.
I don't care if they're running open proxies or just having their open WLANs hijacked, but I know where the spam's coming from.
Just as with dialup, the overwhelming majority of residential broadband users have no business talking to port 25 on anything other than their ISP's mail server.
By default, port 25 should be blocked. Anyone who cares, should be able to call their ISP up and say "I want to run my own mail server. Please unblock me."
At the rate we're going, anyone running their own mail server under the current system isn't likely to be sending mail to anyone, ever.
> But I work for a scumbag who does precisely that. Yes, drive by spamming is becoming very real. Think about it. You're a spammer, buying your own bandwidth is tricky and expensive. Every time you commit to a year's worth of T1 pipe your ISP wants to shut you down after the complaints against your first campaign come in. Your IP range is blacklisted in no time, and you've got to move again. > > Instead of going through this process, scumbag spammer takes his laptop with him, has a map printed out of open WAPs, parks near one, and blasts out 10,000 emails. Before you figure out something is amiss, he's long gone. > > Even if you intend to provide free access, you need to secure your WAP against mail abuse. My boss could get your broadband connection shut off if you don't.
I'm a guy who blocks all traffic from 200.0.0.0/6 (LACNIC and a chunk of APNIC) at the router. I also filter out everything from 12.0.0.0/8, 4.0.0.0/8, and 24.0.0.0/8 as spam. (attbi.com, verizon-dsl.whatever, and cable modems), plus a bunch of cable modems in smaller than/8 increments from ass clowns like Cogentco and Cogeco. One false positive over the past few months.
You're a clued geek running your own mail server on your broadband link? Got everything locked down tight? No flies on you, right, buddy? You rule!
Wanna email me from your own mail server? Well, because the rest of the customers at your ISP (who have no interest in running a mail server) won't secure their fucking open proxies and have become 2/3 of my inbound spamload, and because your ISP won't block outbound port 25 (with the option to have it re-opened by customer request), you end up talkin' to the 550 too, baby, 'cuz my mail client ain't listening. Go through your ISP's mail server like the rest of the plebes.
The scumbag boss of the guy I'm replying to isn't just threatening the connectivity of dr00ling n00b fuckwits who can't secure their proxies.
Even if you're secure, he's threatening your connectivity too.
> For those who are interested in details, here's the almost useless blurb I get when telneting to port 25 on any random AOL MX host:
Considering that 75% of my email every day is spam, and considering that about 90% of that spam is from clueless fucking idiots on DSL or cable modems who can't secure their fucking proxies (or who are deliberately leaving them open for $10/month from some fucking spambag), tough tittie.
Don't like being lumped in with those fuckwits? Take it up with your ISP. Because it's your ISP's unwillingness to deal with aforementioend fuckwits that's resulted in the unfortunate situation you describe.
I block 200.0.0.0/6 (200, 201, 202, 203) - LACNIC and a chunk of China - at the router. I also tag all inbound SMTP from 4.0.0.0/8, 12.0.0.0/8 and 24.0.0.0/8 as spam. To date, only one false positive from a company that had the misfortune to reside in AT&T netspace.
Collateral damage sux0rz, but face it. 99% of residential broadband users have no intention of ever running their own MTA. The right thing is to have residential broadband port 25 blocked by default. Just like it is on dialups.
For the 1% of residential broadband users that do wanna run a mail server, that's cool, but you should have to send email to your ISPs "oh shit we just realized the rest of the world is fed up with our bullshit and is blocking all of our customers in self-defense" desk, asking for the block to be removed .
The longer your ISP takes to set that up, the more MXs are going to tell you (and anyone who looks like you) to 550-GFY.
> A friend has a IIISi. It's built to handle *millions* of pages.
Testify, brother.
First job out of college involved h4x0r1ng print queueing software for a print farm of HP Laserjet IIISi printers. We killed trees all night - we bought the extra 1500-sheet "big-azz external tray" module, and the night operator had to refill them during the print jobs. Even with air conditioning and ventilation, the farm reeked of toner and ozone, and we probably filled a small pickup truck every day with unused reports on their way to the shredding company.
We conservatively estimated that these printers were doing 5000-7000 pages per night, 5 nights a week. No failures even under that kind of load, and the only maintenance we did was the preventative stuff every quarter-million-pages.
(For us, that was roughly every three months, but unless you own stock in a paper producing company, or just have a pathological hatred of trees, your mileage should vary:)
They sure as hell don't make 'em like they used to. But if you've got a chance to pick up a IIISi on the cheap, (and you have enough space to put it!), get one.
"Since we'll never have women, now we have a use for all those frickin' diamonds!"
And if you *do* have a woman, all you have to do is say "Honey, there's a Slashdot posting that says diamonds can be room-temperature superconductors. Can you hand me my, uh, I mean your engagement ring for a few minutes? Yes, honey that is a 1kV supply and a vaccuum pump", and you'll be back in bachelorhood with the rest of us.
Re:Let's hear it for legacy free!
on
Legacy-Free PCs
·
· Score: 1
> Speak for yourself. Without PS/2 connectors I couldn't use my homebuilt arcade controller with
Mame. Without RS232 I couldn't have built my custom button to control a camera at work. Without EPP my Parallel only printer wouldn't connect to my computer.
<AOL>Me Too</AOL>
I also still need an ISA port for my EPROM/PAL/GAL/FPGA burner, which - were I to buy it "new" and "legacy-free", would probably cost more than the rest of my "legacy-free PC". Feh.
But it's a losing battle. *sigh* I'd pay around $100-200 to have something to plug into a USB port... that contained a set of legacy ports and one ISA slot. (Power could be supplied from within the case or from an external P/S. I'm not a purist:-)
> Even in the article, Symantec accuses him of advertising warez.
Yeah. I've gotten spams for warezed Symantec and Norton products from George Alan Moore's operation, too.
So where the fuck has the BSA been for the past year and a half? Where the fuck have Symantec's lawyers been for the past year and a half?
Why is it that when I hear about the FTC shutting down a spammer, or the BSA thuggin' an office building, it's usually some two-bit podunk operation that I've never heard of. Why can't they target the bigger fish and actually make a dent in our spamloads?
Now I'm the first one to admit that "making a dent in our spamloads" isn't part of the FTC's - or BSA's - mandate. But it would sure as hell help their PR image. Imagine being able to issue a press release, three or four "big fish" down the road, saying "Our spamtraps were getting 400 spams a day before we started Operation Big Fish, and are now down to 100", and having everyone else reading the press release seeing a similar reduction, as one by one, the Spam Kings fall.
I want to see spam eliminated. The only way to do that is to eliminate it at the source - the spammers who run the spamhausen and sell spamming services to the warez d00dz, prescription meds "consultants", pr0n hawkers, MMFools, coral calcium / cancer quacks and other assorted dirtballs.
As long I'm ranting here, if that means a few ISPs have to go down on Federal racketeering charges for aiding-and-abetting (ignoring abuse reports, listwashing, and otherwise knowingly continuing to provide services to people breaking the law), so much the better. Yes, Rackspace, that means you.
> U.S. military satellite accident in 1964 (carrying two pounds of plutonium on-board) that burned up on reentry and spread plutonium worldwide = 17,000 curies released into global environment >Chernobyl Nuclear Power Station accident, 1986 = 810 curies released
>(above figures from www.space4peace.com) >
I believe the next series Martian probe launches are all slated to carry fissionable materials. So we are looking at potentially poisoning the entire population of central Florida as opposed to just a couple of places like Chernobyl and Kiev. That is an order of magnitude higher. A significant improvement.
And how many curies from atmospheric nuclear testing in the 50s?
Answer: several billion which has now decayed to around 400K.
And how much was Pu-239? About 225,000, from the first link.
We've already had your famed civilization-ending release of nasties into the environment. We did it deliberately (We didn't know any better. D'oh!). And yet, we're still here.
We've learned how to make RTGs safe for re-entry so the incident of 1964 doesn't happen again. But more to the point, nuclear power is the only technology with a high enough power density to allow us to extract fuel from the Martian environment for a "Mars Direct" plan.
If you wanna see men (or even long-term surface probes/rovers) on Mars for more than a couple of weeks, it's the only way to go. You can engineer your way around the risks of RTGs. You can't engineer your way out of using 'em.
I'd trust Kevin Mitnick with my network before I'd trust anyone from Doubleclick with my privacy.
The difference between Mitnick and Doubleclick? Only one of 'em is a lying shitweasel whose sole reason for existence is to the invasion of your privacy through clever social engineering.
If Baghdad Bob hanged himself the other day, he obviously made it to heaven, and God must have left the Reality Machine unattended.
Goddamn Eukaryotes.
We methanogenic Archaea had a perfectly good thing going until one of our experiments got out of hand and ruined the whole damn planet for everyone. Now the last habitable space is around these frickin' deep-sea vents.
Payback's comin', and it's gonna be a bitch, man. Just you wait until a few billion years when that frickin' yellow star of yours starts to heat back up again! Oh yeah, just you wait...
>
> "Some experiments could conceivably threaten the entire Earth," he writes. "How close to zero should the claimed risk be before such experiments are sanctioned?"
>
> He isn't talking about research that has potentially dangerous applications if it falls into the "wrong" hands, he's talking about potentially dangerous experiments. The kind of experiments where something going wrong could, say, create a minature black hole and thus destroy the planet.
>
> When you're talking about an experiment going that wrong then you don't really give a damn who's performing it, "them" or "us".
Hey, if you look at cave paintings then you would grok Shaman Roa's big think for banish Caveman Og:
"Og's big fire think scary. Fire could burninate entire grassland where tribe hunt all meat things", Roa speak. "Fire come from Gods, not tribe! Roa know Gods, Roa eat happy mushrooms, talk to Gods every day! Og not talk to Gods, he too busy with fire think. Roa not want Og make Gods angry with two stick rubbing thing! Tell Og put sticks down!"
Og's fire think not scary-but-good because fire keep tigers away at night. What if Gods angry, make Og drop fire? Og burninate all grass! No grass, no antelope, no fruit! Whole world burninate! Like three rainy season ago when Gods sent fire from sky, burninated grassland! Half of tribe starve!
Og's fire think bad. Roa know! If Og not care what Roa think, Shaman Roa say send Og away forever!
The best "multiplayer" RPGs, plot-wise, were the single-player Wizardry series. One player commands six people. The first week, it always seems weird - these guys are cannon fodder, these guys are generic spellcasters. The second week, it sorta gels that they're working together. Fred's the guy who's mean with the sword, Zapp's workin' on the polearm. By the end of the third week, all six have their own (imaginary) personalities and the party just wouldn't be the same without 'em.
If I'm gonna play an online multiplayer RPG, let it be with three of my friends from meatspace, the four of us taking on the world, to emerge as heroes a month later... only to re-roll and do it all over again as another party if the adventure was good enough the first time.
The idea of being an anonymous luzer scraping out a living killing orcs in a vast countryside teeming with 100,000 other anonymous orc-killing luzers... shit, if I wanted that, I'd play The Sims Online... or I'd just drop the RPGing and stick to real life.
> Do you have a favorite story, either because of the people involved, the tech (high tech or low tech) used, or the problems solved along the way?
Along those lines:
What do you consider the most outrageous hack you *did* perform, and likewise, what's the most outlandish hack you *didn't* do, but the media falsely ascribed to you out of fear and ignorance?
(For instance, Mitnick would probably list one of his many feats of social engineering as his "greatest hack", and his mythical ability to start World War III by whistling into a telephone as the most amazing ability falsely ascribed to him.)
P.S. I was born too late to even think about getting into boxing, but you were still an inspiration. *waves soldering iron* Thanks for being one of the guys whose ideas got me started on my way to a great career in tech.
As opposed to, say, Worldcon (uu.net), Verio, Rackspace, XO, and Level3. Nope, none of those fine upstanding companies would knowingly host spammers or have questionable accounting, no sirree!
(It's a lie! The SEC investigators are not in the corner office! Our glorious accountants have shredded everything! Our boss was just play-acting some sort of role-playing-arrest thing at the corner office, that's why he had those fake plastic handcuffs on...)
Y'know, I think we've got a job for you after the war. As part of the terms of ceasefire, you'll be required to make good on just one of your pronouncements. Please, God, let it be that one. *g*
99% of your users have neither the intention nor the desire to run their own SMTP server. They'll use your mail server - that is, they'll talk POP or a similar protocol to whatever server you set up for them. That's enough for them - they just want email, and they'd rather not have to provide it for themselves.
The other 1% of your users are smart and clued enough to set up their own mail servers, and probably have legitimate reasons to do so.
Now, back to your 99% who have no intention of talking on port 25, anywhere. Of them, 10% of your users probably will set up an open proxy, or run an open wireless node. Whether they do so with malicious intent (unlikely) or out of ignorance (highly likely!!) doesn't matter.
What matters is the fact that these nodes will be abused by spammers.
So, if you want the 1% of your geeky-and-clued customers to be able to send email to the rest of the world from their own MTA, it's up to you to make sure that the 10% of your clueless customers can't.
Otherwise, expect your users - clued and clueless alike - will be talkin' to the 550 like 24.0.0.0/8, 4.0.0.0/8, 12.0.0.0/8, and 200.0.0.0/6, four big chunks of netspace I - and others - don't wanna hear from, because they have a million open proxies spewing spam for every legitimate customer.
I'm not saying block outbound port 25 for everyone. I'm saying block it by default, and lift the block for anyone who calls the support center and says "I can't send mail. Yes I'm running my own mail server, and I need to run my own mail server for $REASON", where $REASON is basically anything other than "The guy who sold me the Millions Of Addresses CD said port 25 blocking was censorship!" :-)
>
>You can't expect Ma & Pa to even know these issues exist. The providers have failed in a very fundamental way to give their users what they've been promised.
A very valid point.
The optimal solution would be to educate Ma & Pa and tell them how to secure their boxen. That's likely to be viewed as cost-prohibitive by the ISPs.
The next-optimal solution would be to not educate Ma & Pa, but to portscan them and to warn them if and only if they're running an open proxy/relay/WAP point (because Ma & Pa might just leave a Win9x box up, running no services, which is pretty harmless), and/or to transparently proxy outbound port 25 traffic from their box to the central mail server a'la AOL. Ma & Pa can remain clueless, and the expense of this is minimal.
My "solution" of blocking port 25 is yet-more-suboptimal, but it has the one virtue of being even cheaper for the broadband ISP to implement. That makes its likelihood "1%" as opposed to "0%". :)
The current solution - which is no solution at all - is to let the broadband luzers spam with imputiny. That's the truly zero-cost solution for the ISP in the short term, but has a great long term cost. I only hope that AOL's action serves as a wakeup call - if you sell broadband, your failure to police your users makes your product less valuable.
For the record - I've got assloads of rr.com, comcast.com, sbcglobal.net, pacbell.net, verizon-dsl.net, and attbi.com spew. Unless speakeasy is leasing their lines from the above and reporting that as their rDNS, someone's doing it right.
Ad nauseum.
Some interesting threads on rackspace listwashing reveal an interesting pattern.
Basically, when identifying information is not munged out of the abuse report, sometimes the spam stops. When identifying information is munged, the spam continues.
Picking just one spammer as an example, googling on rackspace 1514 reveals a pattern of spam support on a SPEWS-listed spamhaus as far back as June 2002. Their abuse department cannot possibly claim they're unaware.
I conclude that for some of Rackspace's customers, reporting spam is counterproductive, in that for these customers, Rackspace appears to be more interested in helping the spammers listwash in order to cut down on the volume of complaints received in the future - not in cutting down on the volume of spam gushing forth from Rackspace's netblocks.
> The really funny thing is that I got Slashdot's email-notification of your post, and there was a Rackspace ad in it
Hey, if Rackspace is paying the freight to keep /. up and running, that's fine. Doesn't mean I'm gonna accept SMTP connections from them, though :)
No, those are the top 10 domains forged into the From: or Reply-To: headers of your spam.
Look at the IP address in the first Received: line of your spam.
Betcha most of it's from 24.0.0.0/8 (rr.com and other cablemodems), 4.0.0.0/8 (BBN/Genuity/LVLT/dsl-verizon.net or whatever residential broadband slumfest inhabits there this week), 12.0.0.0/8 (attbi.com and more AT&T stuff), or 200.0.0.0/6. (200,201 = South America / LACNIC, mostly DSLuzers, 202,203 = some of China)
Betcha a good chunk of the rest is also from residential broadband in smaller netblocks with cogeco, cogentco, or other rr.com / AOLTW, and/or attbi.com references in the rDNS.
Rackspace?
Probably the only chunk of netspace that's even more blocked than AOL. Check their SPEWS records - Rackspace is blocked on my box because they've been in the spam-hosting business for as far back as I can remember.
Despite months of 550s, I still get dreck from Rackspace-supported spammer S1514 every day or so
*applause*
It's partially the fault of the residential lusers, but it's largely the fault of their ISPs' negligence/
If ISPs had blocked outbound port 25 from residential broadband from Day One -- the same way they were already blocking outbound port 25 for residential dialup cusomters -- we wouldn't have this problem.
By default, port 25 should have been blocked on residential DSL and cable modems.
That would rid the world of spam bounced off open proxies from the 99.9% of residential broadband (l)users who have neither the desire nor the intention to talk SMTP through anything other than their ISP's central mail server.
You're a user, not a (l)user? You wanna run an SMTP server on your own? Call your ISP and ask for the block to be removed, and voila, it's removed.
The ISPs had a choice: Block port 25 and hire 100 call center serfs to unblock on request, or not block port 25 and hire 10000 abuse desk serfs to deal with the deluge of spam. (Result: ISP pays to hire 100 people, and you do get to run your own mail server, because traffic from your netblocks is still worth listening to.)
The ISPs choose poorly - With a budget to hire 100, they hired a woefully inadequate number of abuse desk serfs, and ignored the rest of the complaints.
The result - your ISP is still out the costs of hiring 100 drones, but I'm deluged with spam, and 4.0.0.0/8, 200.0.0.0/6, 12.0.0.0/8, and 24.0.0.0/8, along with others, are netblocka-non-grata. You wanna talk to my port 25? Talk to the 550, man, because your ISPs negligence (in protecting my inbox from the predictable cluelessness of your neighbors) ensured that my MTA ain't gonna be listening.
2004: :-)
"I'd be happy to see tech jobs double by 2010, let alone return to their former level!"
>
> FORTRAN programmers can ONLY write FORTRAN in any language.
> Real programmer write real programs in languages that fit the task.
So we'd all better start using feckfeck today, huh? :)
Perhaps it is, perhaps not. I just know that a large proportion of my spamload is coming from residential broadband users.
I don't care if they're running open proxies or just having their open WLANs hijacked, but I know where the spam's coming from.
Just as with dialup, the overwhelming majority of residential broadband users have no business talking to port 25 on anything other than their ISP's mail server.
By default, port 25 should be blocked. Anyone who cares, should be able to call their ISP up and say "I want to run my own mail server. Please unblock me."
At the rate we're going, anyone running their own mail server under the current system isn't likely to be sending mail to anyone, ever.
>
> Instead of going through this process, scumbag spammer takes his laptop with him, has a map printed out of open WAPs, parks near one, and blasts out 10,000 emails. Before you figure out something is amiss, he's long gone.
>
> Even if you intend to provide free access, you need to secure your WAP against mail abuse. My boss could get your broadband connection shut off if you don't.
I'm a guy who blocks all traffic from 200.0.0.0/6 (LACNIC and a chunk of APNIC) at the router. I also filter out everything from 12.0.0.0/8, 4.0.0.0/8, and 24.0.0.0/8 as spam. (attbi.com, verizon-dsl.whatever, and cable modems), plus a bunch of cable modems in smaller than /8 increments from ass clowns like Cogentco and Cogeco. One false positive over the past few months.
You're a clued geek running your own mail server on your broadband link? Got everything locked down tight? No flies on you, right, buddy? You rule!
Wanna email me from your own mail server? Well, because the rest of the customers at your ISP (who have no interest in running a mail server) won't secure their fucking open proxies and have become 2/3 of my inbound spamload, and because your ISP won't block outbound port 25 (with the option to have it re-opened by customer request), you end up talkin' to the 550 too, baby, 'cuz my mail client ain't listening. Go through your ISP's mail server like the rest of the plebes.
The scumbag boss of the guy I'm replying to isn't just threatening the connectivity of dr00ling n00b fuckwits who can't secure their proxies.
Even if you're secure, he's threatening your connectivity too.
<oldjoke>
Who the hell do you think you are, Mayor Daley? :-)
</oldjoke>
Considering that 75% of my email every day is spam, and considering that about 90% of that spam is from clueless fucking idiots on DSL or cable modems who can't secure their fucking proxies (or who are deliberately leaving them open for $10/month from some fucking spambag), tough tittie.
Don't like being lumped in with those fuckwits? Take it up with your ISP. Because it's your ISP's unwillingness to deal with aforementioend fuckwits that's resulted in the unfortunate situation you describe.
I block 200.0.0.0/6 (200, 201, 202, 203) - LACNIC and a chunk of China - at the router. I also tag all inbound SMTP from 4.0.0.0/8, 12.0.0.0/8 and 24.0.0.0/8 as spam. To date, only one false positive from a company that had the misfortune to reside in AT&T netspace.
Collateral damage sux0rz, but face it. 99% of residential broadband users have no intention of ever running their own MTA. The right thing is to have residential broadband port 25 blocked by default. Just like it is on dialups.
For the 1% of residential broadband users that do wanna run a mail server, that's cool, but you should have to send email to your ISPs "oh shit we just realized the rest of the world is fed up with our bullshit and is blocking all of our customers in self-defense" desk, asking for the block to be removed .
The longer your ISP takes to set that up, the more MXs are going to tell you (and anyone who looks like you) to 550-GFY.
Testify, brother.
First job out of college involved h4x0r1ng print queueing software for a print farm of HP Laserjet IIISi printers. We killed trees all night - we bought the extra 1500-sheet "big-azz external tray" module, and the night operator had to refill them during the print jobs. Even with air conditioning and ventilation, the farm reeked of toner and ozone, and we probably filled a small pickup truck every day with unused reports on their way to the shredding company.
We conservatively estimated that these printers were doing 5000-7000 pages per night, 5 nights a week. No failures even under that kind of load, and the only maintenance we did was the preventative stuff every quarter-million-pages.
(For us, that was roughly every three months, but unless you own stock in a paper producing company, or just have a pathological hatred of trees, your mileage should vary :)
They sure as hell don't make 'em like they used to. But if you've got a chance to pick up a IIISi on the cheap, (and you have enough space to put it!), get one.
You misunderstand.
"Since we'll never have women, now we have a use for all those frickin' diamonds!"
And if you *do* have a woman, all you have to do is say "Honey, there's a Slashdot posting that says diamonds can be room-temperature superconductors. Can you hand me my, uh, I mean your engagement ring for a few minutes? Yes, honey that is a 1kV supply and a vaccuum pump", and you'll be back in bachelorhood with the rest of us.
<AOL>Me Too</AOL>
I also still need an ISA port for my EPROM/PAL/GAL/FPGA burner, which - were I to buy it "new" and "legacy-free", would probably cost more than the rest of my "legacy-free PC". Feh.
But it's a losing battle. *sigh* I'd pay around $100-200 to have something to plug into a USB port... that contained a set of legacy ports and one ISA slot. (Power could be supplied from within the case or from an external P/S. I'm not a purist :-)
Yeah. I've gotten spams for warezed Symantec and Norton products from George Alan Moore's operation, too.
So where the fuck has the BSA been for the past year and a half? Where the fuck have Symantec's lawyers been for the past year and a half?
Why is it that when I hear about the FTC shutting down a spammer, or the BSA thuggin' an office building, it's usually some two-bit podunk operation that I've never heard of. Why can't they target the bigger fish and actually make a dent in our spamloads?
Now I'm the first one to admit that "making a dent in our spamloads" isn't part of the FTC's - or BSA's - mandate. But it would sure as hell help their PR image. Imagine being able to issue a press release, three or four "big fish" down the road, saying "Our spamtraps were getting 400 spams a day before we started Operation Big Fish, and are now down to 100", and having everyone else reading the press release seeing a similar reduction, as one by one, the Spam Kings fall.
I want to see spam eliminated. The only way to do that is to eliminate it at the source - the spammers who run the spamhausen and sell spamming services to the warez d00dz, prescription meds "consultants", pr0n hawkers, MMFools, coral calcium / cancer quacks and other assorted dirtballs.
As long I'm ranting here, if that means a few ISPs have to go down on Federal racketeering charges for aiding-and-abetting (ignoring abuse reports, listwashing, and otherwise knowingly continuing to provide services to people breaking the law), so much the better. Yes, Rackspace, that means you.
>Chernobyl Nuclear Power Station accident, 1986 = 810 curies released
>(above figures from www.space4peace.com)
> I believe the next series Martian probe launches are all slated to carry fissionable materials. So we are looking at potentially poisoning the entire population of central Florida as opposed to just a couple of places like Chernobyl and Kiev. That is an order of magnitude higher. A significant improvement.
And how many curies from atmospheric nuclear testing in the 50s?
Answer: several billion which has now decayed to around 400K.
And how much was Pu-239? About 225,000, from the first link.
We've already had your famed civilization-ending release of nasties into the environment. We did it deliberately (We didn't know any better. D'oh!). And yet, we're still here.
We've learned how to make RTGs safe for re-entry so the incident of 1964 doesn't happen again. But more to the point, nuclear power is the only technology with a high enough power density to allow us to extract fuel from the Martian environment for a "Mars Direct" plan.
If you wanna see men (or even long-term surface probes/rovers) on Mars for more than a couple of weeks, it's the only way to go. You can engineer your way around the risks of RTGs. You can't engineer your way out of using 'em.