Spam Blackhole Lists Redux 329
tsu doh nimh writes "Are spam blackhole lists good, bad or indifferent? That appears to be the question they're tackling in this Washington Post story. It has some interesting back and forth between supporters of the lists and those who claim they condone censorship."
J adds: Brad Templeton recently
offered some comments
on the most extreme pro-blacklist position.
Counter to the spirit of the Internet (Score:5, Interesting)
And they're not. They go against the spirit of the Internet. What makes it great is that everybody HAS a voice, and when we start talking about who should have a voice and who shouldn't we start to sound a lot like fascists. Doesn't matter that it's speech we don't agree with, because it's just a matter of time before the whole thing is so watered down that nobody in their right mind will bother to use it (like amateur radio nowadays...)
I still don't understand... (Score:5, Interesting)
Certainly a good thing (Score:2, Interesting)
To RBL or Not RBL... (Score:4, Interesting)
Spamassassin and the like do a decent job of helping the spam problem, but my users still complain that their SPAM box has 80 messages a day...even if they get no false positives.
Personally, I'd rather have control over this than my ISP...as at least I can control how I choose to filter or not to filter. And I think the brute-force nature of an RBL often offers piece of mind but without adequate logging or reporting to guarantee you're only blocking what you intend. I'll settle for a full SPAM box any day...
Vary Simple Solution - Use with Discretion (Score:3, Interesting)
As for the consequences for the sender, of sending to a recipient who may not recieve the mail, due to the appearance of the sender's IP address on the SBL or other such lists; the sender is responsible to insure that they recieve service from a reputable ISP who does not cater to spammers. This presumes that due diligence was performed before any IP is added to an SBL list. This also asumes that any mail recipient using such lists is responsible for using a reputable list provider where they are confident of the due diligent performed in generating the list. The whole system (not unlike many other elements of internet architecture) depends on the good faith / good will of the participents.
The primary responsibility lies with the email recipient who selects an SBL type list that is as lax or stringent about the content of the list, as the email recipient is comfortabe with, since the relative levels of stringency maps directly to how much legitimate mail that recipient will have rejected.
--CTH
Reply with a DOS (Score:2, Interesting)
So Every time a mail server receives a suspected spam, it would fork() off this script against the server that sent the spam. With enough receiving servers configured to do the same, *poof*! The offending mail server is, almost instantaneously, effectively taken off the Net.
Blackholes don't really work anymore for me... (Score:4, Interesting)
When i first tried it 6 months ago, it magically worked, 99% of spam ended up in my spam folder.
Now the blocking ratio is down to about 10%... and here's why. There are 3 MX records for us:
A - linux server - MX = 10
B - msexchange server - MX = 20
C - isp's server - MX = 30
messages delivered to A are tagged (if spam) and forwarded to B. B exists in the MX records for redundancy. C is used because A and B are on the same site.
What i'm finding though, is that spammers send emails to B or C. When A receives the email, it has come from B or C, not the original spammer, so suddenly the blocking doesn't work anymore.
dammit.
It can only work if everyone in your MX record list does it, and my isp is the biggest in Australia so it's an awfully large machine to move.
I have tried adding in more dummy MX records, so that A is first, middle, and last. That seemed to work for a bit but not for long. I might have more success adding different ip addresses for A and peppering the MX list with those... but it's a bit messy.
d. None of the above (Score:4, Interesting)
Still, how effective can a blacklist, however well implemented & maintained, really be? Isn't this one of the easier types of blocks for spammers to get around?
If everyone would just stop trying to grow their penises, turn $5 into $5000, and visit XXChristyXX in her all-nude sorority, spam would wither and die. Lately, I've received some very helpful emails about how to stop spam and make money in the process, secrets I will be sharing with about 16 million fellow computer users very shortly.
--MichaelRe:I still don't understand... (Score:3, Interesting)
Not to mention making mailing lists completely useless.
Re:against free speech (Score:2, Interesting)
Re:Counter to the spirit of the Internet (Score:2, Interesting)
I disagree. The difference between anti-spam address lists and the RIAA tactics is that anti-spam address lists are utterly and completely voluntary. There's a problem when ISPs start ignoring traffic from certain segments.. But to say that everyone has free speech and then say that you don't have the freedom to plug your ears is hypocrisy. Just don't plug my ears for me.
Re:No (Score:1, Interesting)
then when you have thousands of dronez moving ads, sending back updates to databases, creating hubs....
wasted bandwidth from spam will look like a joke.
Ever wonder? (Score:3, Interesting)
Blacklists suck, they don't work. Blacklist an ip address or range and a new guy gets it and can't send mail, real fucking smart and real fucking frustrating to be the admin, use the reverse domain name all you want, but don't involve the ip address.
Do you think ISPs want spammers, spammers are a pain in the ass to deal with, they are the squeeky wheel at an ISP and they rarely pay their bills after bitching about everything.
An extension to smtp and pop3 is needed, smtp stopped working years ago and people now ignore their email, often you need to call someone to check their email and search for you amongst all the spam in their box.
I'm an admin, not a programmer, but I would do it this way if I was a programmer.
mail is received, the host starts out with a zero rating and the user does as well.
A global bayesian filter then ranks this piece of email, the email is then delivered to a users box with the rating attached for the domain and the user.
The user may sort by this rating to filter out spam from non spam, it is optional at this point, but if the user is using software with the necessary extension, the user can then check if the email is spam or good and have the domain's rating adjusted slightly, and the user's rating fully in the negative or positive, if negative the sending user will not have mail accepted again unless someone uprates the user.
If enough complaints arrive from the sending domain, the domain is blackballed and cannot escape since multiple users have decided that this domain is sending inappropriate email according to the TOS of the receiving ISP.
So, to be more specific, sorry to make this so long, but maybe it will inspire someone.
Connection established with port 25, reverse checked for presence on blackball list, if present drop connection silently. No reverse also gets dropped.
Check for from line with specific user name, if user is on blackball list drop connection silently.
Receive email and grade with bayesian filter using global ruleset, this filter cannot blackball domain or user no matter how much it looks like spam, but can make it nearly so.
Deliver mail, if user confirms mail is spam, blackball user and downgrade domain further, this may actually blackball the domain if enough mail is sent and the filter grades it badly enough (based upon average grade).
Since Dialup and DSL connections do not control their own reverses, it would be trivial to add a simple filter that would refuse mail delivery from these sources, except from their own isp, and then the outgoing mail would be run through a filter, if the rating dropped for the user into negative territory as reported by receiving servers the user would lose their bulk smtp privledges and have thier outgoing mail throttled in a severe fashion with all mail containing bcc and cc mail rejected, and the number of emails per hour limited to stave off potential damage.
The SMTP extension comes into play with a network of these mail servers, blackballed domains would be automaticlly sent to a neighbour in p2p fashion, but ratings would only be accepted if the neighbour server had a valid key, that would be exchanged amongst admins and a network of trust would form.
If a domain becomes blackballed, a user/domain notification takes place alerting that site to the fact mail from their domain/user is not being accepted, at this point an admin could get involved, but my guess is that more often than not the domain will remain there.
Anyhow flame away, my asbestos suit is on
We can fix the open relays... (Score:3, Interesting)
Re:It's not exactly counter... (Score:5, Interesting)
You know, I've seen some really good posts from you that get undeserved hostile replies based solely on who you are and what your unpopular political positions represent. (I know you're only karma whoring to keep your score above 0, but that's sort of irrelevant, really.) You recently wrote this excellent post [slashdot.org] about calculating bolometric luminosity- and the discussion quickly degenerated into a brawl about racism, with people inappropriately screaming at the moderators for marking your post as Informative, followed by Anonymous Cowards putting in their own racist two cents. I even defended you once, and pointed out that a moderation applies to a post and not its author. (Thus whoring some karma for myself in the process, and making it onto your friends list- so if anyone looks at my fans list now, they'll see "I'm a racist" listed there.)
You're certainly a character- a racist with a degree in astrophysics- in fact you seem like you'd be an interesting person to know in real life. But if people start screaming "mod this racist down" this time, I cannot defend you. Your actual post was needlessly and purposefully offensive, which is sad because otherwise it does bring up a valuable and subtle point. You just had to spoil it.
Besides, I can't imagine getting an email saying "niggers are great". It simply makes no sense. Unless it's a white supremacist being sarcastic. And it doesn't fit this situation, since it's political speech. Spam is inherently commercial speech. For your analogy to work, the spam would have to be offering them for sale, not simply saying they were "great".
Kudos for simultaneously karma-whoring and slipping the words "nigger" and "porch monkey" into your post. I rarely see anyone pull that off.
DOS-E-DO (Score:3, Interesting)
After all, in some way the spammers are DOS'ing the internet as a whole, increasing the demand and use of potentially shared resources such as bandwidth, mail servers and so on. As often happens there does not seem to be any reasonable way to actually charge them for these resources. Legal solutions seem unlikely to work - and given the legal solutions we've seen proposed recently, are likely to even make things worse.
So, what can the average user do? Things like spam filtering on the client don't solve the whole problem.
So, do what you can. Go to any website mentioned and order a dozen or dozen dozen of their product. Don't use your own credit card or real name or address - after all they don't. Send them a couple hundred emails complaining. (Though you'll notice that most spammer products don't have accessible email addresses.) If they're in China send email to each new spammer with addresses of all the previous Chinese spammers and talk about support for Free Tibet and the Falun Gong.
Do such actions feel unethical to me? Yup. And I'll admit that I don't usually do such things myself - although between spammers and telemarketers I'm getting closer and closer to serious nastiness. But do we have a choice? If the choice is to respond to spam with DOS or the recently proposed sleazy way to legalize mass email marketing, which choice will make email usable for people?
Its the prisoner's dilemma (or the tragedy of the commons) over and over again, sadly. The best solution must be to make the payoff for "defectors" lower or make their cost higher.
Re:RBLs are not effective at all. (Score:4, Interesting)
Our small ISP hosts email and web sites for about 40 domains. Our mail servers send me a message every time they bounce a message, for ANY reason, with transcripts of the exchange and the error that caused the bounce. We use SpamCop, Blitzed, Monkeys and ORDB to suppliment our internal lists.
A typical day has 500-1000 messages reach the SMTP ports of our various servers. Lately, 80% or more of them (over 3000 in the last 4 days) are attempts by spammers to hit addresses that don't exist, usually arriving from open relays, proxies, and dial-up lines. And only 50% of those test positive against the RBLs... the rest are blocked by those internal lists.
Why is this? I suspect it's because the spammers are finding those open relays and proxies faster than the RBLs can catch up. And some open relays specifically block the test software from ORDB and others, trying to stay off the lists without actually fixing their problems.
Lately, though, it's the open proxies that have taken the lead. We added over 1800 NEW open proxies to our internal lists in the last week. Sometimes, one spammer will try dozens of proxies within hours to get through... Kind of makes it easy to spot them... B-)
Stolen idea (Score:3, Interesting)
Adjust the RFC such that a mail type header is mandatory and define the mail types. Personal, bulk, subscribed, non subscribed, comerical, non comerical, etc. Define these in a technical sense. Then pass a law that says it's illegal to lie in the headers of an email. The law only has to say that it's illegal to go against the standard. The standard says it must be included to be legitimate email, and the standard can be changed and adjusted without lengthy legal processes (but there should be *some* process) to meet loopholes people find.
This makes it easy to identify spam, and provides penalties for lying.
Your still going to have spammers who lie, and you can identify these somewhat easily from the parts of headers they can't fake and the government should go after them. The spammers who want to operate within the bounds of a system and think people want their Bulk comerical email will have to identify it as such, and it's easy to dump it at any place in a network that you own. An IMAP client should be able to read the header and delete before ever downloading.
It doesn't solve all the problems, but it provides a solution without government censorship.
And why hasn't anyone made it a technical standard that there are no open relays and that relay by MX is not legal.
Speaking as "collateral damage"... (Score:2, Interesting)
Because of black lists and a dial-up connection, I can not use my home server to send email to a friend of mine who uses earthlink or to subscribe to a number of SourceForge mailing lists. At work, I can not receive email from my wife or daughter, because they use web.de addresses
Neither my wife, my daughter nor I have had anything to do with spamming, yet we are limited in our ability to use the internet to communicate with each other or with our friends. This limitation is due to conditions which are almost completely out of our hands to control or to correct. Who is going to compensate us for our loss of use? Why are our rights sacrificed and written off as a necessary part of gaining a greater good?
Some here will no doubt argue that I should pressure my ISP to stop supporting spam. They want the anti-spammer's denial of service and use to rouse me to take up their cause. I should join them on the barricades. I am not going to do this because:
1) I don't have the time or resources to fight this.
2) I don't think my ISP has violated my rights. I think Julian Haight, et al. have violated my rights by taking from me functionality I have a valid reason to expect from my ISP.
3) I think that the anti-spammer's have held a huge kangaroo court in which I have been injustly tried and jailed.
Re:Black-lists, white-lists, they both are flawed (Score:2, Interesting)
Right, and if poor old Joe only got one legit message in a hundred, then the service would block ALL his legit mail. Or your math could be wrong. My money is on the latter.
If a service has a 1-in-100 false positive rate, then it will incorrectly block one in one hundred legit messages, regardless of the spam/legit ratio. If poor old Joe is getting about 50 spams for each legit email, then he's probably missing more legit email than that simply because he makes mistakes whilst wading through all the cruft. Filters don't have to be perfect; they just have to be better than not filtering.
Depends on who is doing the punishing (Score:2, Interesting)
Your local mall rents space to the Ku Klux Klan.I can boycott the KKK store, but it's pretty meaningless, since I already have a defacto boycott against them. Should the mall be forced by law to kick out the Klan? No, why should the goverment be involved in this private transaction? Will I want to be seen entering a mall that has a Klan store? Will I feel safe there? Will I want my family to visit that mall? No, no, and no. Boycotting the mall hurts the taco stand in the food court, but I still wouldn't visit.
Boycotting the ISP is the same as private citizens boycotting the mall.They enable something I feel is immoral. There are people in the world who would boycott an entire ISP for hosting a pr0n site. More power to 'em. I disagree, but they have the right to do it.
Re:Problems with lists (Score:3, Interesting)
Remember, _you_ are sending bulk email using a prior relationship as an indication you have their consent to send them an email. The burden of proof rests on you.
Re:I still don't understand... (Score:3, Interesting)
Re:Certainly a good thing (Score:2, Interesting)
As it is now, the process for getting onto spews is this:
Ignore emails to abuse@
Get a level 1 listing on spews
Ignore further complaints from users to your abuse@
Get more parts of your network listed
etc...
In the end you end up with your entire ISP listed.
In some cases, where you (the ISP) has allowed a known spammer to sign up with you, you probably end up getting a very broad listing right away.
Once you've cleaned up your act and removed spammers from your system, all of them, you can send a note to NANAE, ignore the trolls, and read the replies to see whether you still have abusers on your systems.
ANd of course, during each stage, CHECK your abuse@ and enforce your AUP!
Reacting quickly and swiftly to complaints is the way to stay off blocklists.
In my ISP experience... (Score:3, Interesting)
First, if an e-mail is not delivered, the recipient receives a notice of the fact, as long as he is properly identified as the source of the e-mail.
Second, I have had a number IP addresses in our range blocked by a whole host of different DNSBL, for many different reasons. The *ONLY* blacklists I never got removed from were those which block ranges for a whole region (like South America or Brazil).
Moreover, the process might take two or three days (though it's seldom more than 24 hours), but it's always VERY clear.
That article reads more as a pro-spam article in disguise.
Re:RBLs are not effective at all. (Score:2, Interesting)
In that respect, even though RBL's do make mistakes, and apply collateral damage tactics, it's easier to clean up your act and prove it to two dozen RBL's, than to convince a few thousand sysadmins that you're no longer bad.
Reminds me of that ISP I can't remember the name of... That openly condoned spam at one point, and got their entire network on tens of thousands of enraged sysadmins' lists. Well the ISP eventually went bankrupt, and was bought out by, ISTR, Telia. Telia quickly found out that the newly acquired IP range was essentially useless, since half the internet shunned it, and getting it removed from the blocks on every ISP in the world was just not feasible. Anyone remember this story in greater detail?
No offence to the poster of the parent, we all do what we have to to keep Spam at bay.
Re:It's not exactly counter... (Score:3, Interesting)
> Nonsense. Spam is unsolicited bulk email.
Well, it's both (usually). It's unsolicited bulk email that is hawking garbage.
But the fact that it's commercial speech undercuts the idiotic First Amendment arguments that spammers make when they send email that's trying to sell stuff. Many of the laws attempting to shut it down hinge on its commercial speech aspect.
Non-commercial spam is still rare. Although I've seen it too. I even got a spam once from someone who was complaining about spam. It was so weird I kept it:This is probably just someone collecting email addresses, but in itself it's not commercial speech and spam like it wouldn't be affected by some of the laws that are floating around in state legislatures and Congress. I wonder how many email addresses they got for their "petition".
Regardless, the KKK idiot isn't worth your time, or mine, and I'd recommend ignoring him.
I suspect you may be right.