Sobig Worm Attacking RBL Lists? 260
Ubi_NL writes "According to the Register there is a close correlation between the DDOS attacks on a number of anti-spam lists and the presence of the Sobig virus. Now that Monkeys.com is gone, and spamhaus.org is taking heavy blows, are the spammers actually winning the battle by using viruses?"
taking have blows (Score:2, Funny)
Re:taking have blows (Score:2)
What about Aattacking (Score:3, Funny)
DDoS (Score:2, Interesting)
Maybe they were creating a network of DDoS zombies.
Re:DDoS (Score:2)
Of course, maybe it should be done in such a way that the central repository makes the RBLs and hands them out to clients. And clients can query eachother for the file, using some sort of crypto signatures of course, for authenticity. In this case if the central repository cannot be reached, you can query other clients or something.
Or perhaps it's not possible...
Re:CvD's .sig (Score:2)
If you look at the statement in a truly logical way, yes, you are correct.
Re:DDoS (Score:2)
Yes, people are thinking about that. Check NANAE.
Useless links (Score:2, Insightful)
No point in providing useless links..
And how could they win? (Score:3, Insightful)
Re:And how could they win? (Score:5, Insightful)
do you actually think SMTP would get supplanted in the near term (>5 years) with an incompatible solution?
Do you think there won't be new and better anti-spam solutions before SMTP is supplanted?
(if you answered yes to either of the above, your world view is distorted and you need to stop drinking so much
Re:And how could they win? (Score:3, Interesting)
If the spammers are able to shut down spamfiltering services in this way, there will be a significant demand towards getting SMTP replaced by a smater protocol, that will not allow spamming in the form we see it today = spammers lose.
To install new software on all mailservers is quite a task. This is likely to take time, and be quite an interruption = everyone lose.
There's also a great danger that Microsoft would take advantage of the situation, and try to create a new propritary mail protocol based on Palladium, for Windows users only = everyone not using Windows lose.
Re:And how could they win? (Score:3, Insightful)
We're not talking about spamfilters, we're talking about RBLs, which are usually more of a problem than a solution.
Granted that spamhaus provides more services than an RBL does (like providing names of those who should be crucified), but both the original parent of this thread and the article summary are refering to RBLs.
Granted, that if there was no way to filter spam there would be a strong demand for the replacement of SMTP. ignoring Bayesian filtering for the moment (which generally has less false positives, less false negatives, and does not usually trash anything outright), it would be MUCH simpler, and easier to implement spam filtering on top of smtp, or to mearly require that all mail be signed, (etc, ad nausium) than it would be to write a new protocol, and have it implemented, especially if it is incompatible with the existing protocol (which has 100% market penetration)
Very good! you've covered one of the reasons that this ISN'T GOING TO HAPPEN.
This wouldn't happen because Microsoft is not entirely stupid. This would be akin to Windows Media Player only playing WMA, or Internet Explorer only working with IIS sites.
Re:And how could they win? (Score:2)
This wouldn't happen because Microsoft is not entirely stupid. This would be akin to Windows Media Player only playing WMA, or Internet Explorer only working with IIS sites.
It would also be akin to Windows supporting Win32 instead of POSIX applications, or to new versions of MS Office having new file formats that other suites can't read. The main difference between your examples and mine are that my two are Microsoft's cash cows, and two of the three programs in your list have to be given away free.
Comment removed (Score:3, Insightful)
Re:And how could they win? (Score:3, Insightful)
However, these will only address the issue of a website or online store passing your email address around when they shouldn't (or idiots like Lycos and Yahoo who think sending emails to registered users is cool even when they have not opted in for any). It will not cope with the hardcore spammer who uses spiders to pull addresses from webpages/usenet postings or those that use random-garbage@yourdomain.com (I have been seeing a couple of these). It also does not address the waste of bandwidth/mailserver storage space imposed by delivering unwanted spam (which means higher access fees for everyone). For these, blacklisting is the only palliative - and the fact that spammers are now resorting to DDoSing the blacklist servers should be the best testament to how effective they have been (not to mention some of the pro-spammer AC postings here).
Ultimately, the only long-term solution is to make spam unprofitable - and given that most of it is generated by US businesses (as covered in this MSN article [msnbc.com]), this would be best done by imposing heavy fines on companies using, or profiting from, spam.
Re:And how could they win? (Score:2)
--jeff++
Where's the hard evidence? (Score:4, Interesting)
OTOH, I have no friggin' idea what I'm talking about...
Re:Where's the hard evidence? (Score:5, Interesting)
I was trapping infected workstations by monitoring perimeter firewall logs for DNS calls to the root servers, as this is a feature of its activity. Pity I didn't have time to find out what it wanted to resolve, because that could have been interesting.
Re:Where's the hard evidence? (Score:2)
Kristian
Not really surprising, is it? (Score:5, Funny)
With the efficiency of spam filters and widespread use of blacklists and such, how can the spammers actually make any money? It's logical that they (the spammers) should try to bring attrition to the defenses of mail servers.
Btw, I have a novel idea for bringing spammers out of business. OK, here goes: spammers want to sell you penis enlargement programs, viagra, and pr0n right? Well, what if someone sets up a company solely dedicated to selling these things at the lowest price possible? People could just go to AllMyPerverseNeeds.com and get their fix cheaply and securely. Obviously we can't compete with Nigeria type spams, but it would bring down a lot of spam I think. So, anyone in favor of starting a non-profit Viagra depot?
Re:Not really surprising, is it? (Score:2, Informative)
Re:Not really surprising, is it? (Score:2)
Great. They could then send emails to everyone on the internet so that they know not to buy from the spammers...
Re:Not really surprising, is it? (Score:3, Funny)
As an example, I would never say to one of my co-workers "Y'know Bob, my penis is kind of small. The wife is really having problems with it lately. And it's just too difficult to get hard. I'm under too much stress, what should I do? I don't want to buy pills that won't work, and I'm afraid of getting ripped off."
"Well, why don't you try www.penispillsattheabsolutelowestpriceeverywhere.
And it works! My wife has never been happier, if you know what I mean..."
That conversation would freak the hell out of me. Spam preys on people because they are scared of their problems going public. They won't even ask their doctor. I doubt that this will ever become water cooler conversation.
Re:Not really surprising, is it? (Score:3, Funny)
And it works! My wife has never been happier, if you know what I mean..."
"well, I tryed that, but I just got some kind search engine."
Re:Not really surprising, is it? (Score:2, Funny)
Maybe we could pool our money and "sponsor" couple of articles in Cosmo entitled Geeks: They know which buttons to push and Computer Scientists: Should you upgrade your current RAM (wink wink, nudge, nudge)
Re:Not really surprising, is it? (Score:2)
Re:Not really surprising, is it? (Score:2)
Attempted slander against anti-spam services also (Score:5, Insightful)
---- quote --------------
Dear Internet user.
We are an organization dedicated to stopping spam. Please help us as we are
funded solely by private donations.
visit www.spamcop.net for full details. Or you can send your donations to:
Julian Haight
PO Box 25732
Seattle, WA
98125-1232
As you can see by this message unsolicited e-mail is an invasion of your
privacy. As you can also see it can be sent anonymously
We will continue our efforts until all spam is eliminated.
To join please visit www.spamcop.net or contact
jkdom@mail.julianhaight.com
We will continue to send out this message until we convince all ISP's to
stop all spammers.
!!!Stop low-lifes from invading your inbox with their junk!!!
---- end quote ------------
If they spew out fake spam which can only be meant for slanderous purposes, would you really expect them to *not* be in the virus game. Almost all these Windows viruses, if you hexdump them, have smtp capability. It's quite thinkable that a fair amount of them are really experiments rather than 'bad things done to innocent users because the virus writer likes doing that'.
There must be a lot of money involved in the art of spamming still. I wouldn't be surprised if spamhauses are partially means of laundering money as well (think about it). Either way, these people *are* criminals and one should consider them as such.
Re:Attempted slander against anti-spam services al (Score:2)
If they spew out fake spam which can only be meant for slanderous purposes, would you really expect them to *not* be in the virus game. Almost all these Windows viruses, if you hexdump them, have smtp capability.
Then it is suitably ironic that SpamCop does not allow reporting of virus-originated spam. If there is some connection between Sobig (and other Windows virus email) and spam fighting sites being attacked, then I would also think that SpamCop isn't that much farther down on the list of attacks, too. I never understood why these block lists were so against regular spam but allowed messages containing much more damaging exploits to flow freely in exponentially increasing amounts. Looks like that policy is biting them all in the ass now; time to change your battle plan, guys, and shithammer all abusive email.
Re:Attempted slander against anti-spam services al (Score:2)
Nothing new (Score:2, Funny)
Just look at the godawful appearance of the meat, and smell the nasty stench from the can : how can you *not know* there are viruses in spam?
Yuk
What about netstat? (Score:2, Insightful)
Re:What about netstat? (Score:2)
DNSBL queries are cached, which is a big part of the reason for using DNS. Secondly, I would think the DNSBL administrators would know the difference between usage of their own service and a DDOS attack.
Anyway, spamhaus's DNSBL seems to still be going strong, but the website is pretty much unreachable these days. Which renders it completely useless for my particular purposes, since much of my job is to narrow down the thousands of spamming netblocks to the organizations and individuals sending them, something spamhaus does very well, and no one else.
Anyone want to start a DNSBL that contains spamhaus's very useful CONTENT (including records like ROKSO) in a distributed fashion? Using a different domain for the annotations with CNAME records to point to the authoritative annotation would allow it to distribute and cache well (I'm aware of problems with CNAMEs in DNSBL's, I'm only suggesting it for the annotations).
Anyone even want to dare to run a DNSBL now?
Re:What about netstat? (Score:2)
Note that OpenRBL [openrbl.org] is back up, using a distributed proxy system to weather the DDOS (which I'm currently trying to find more info about, it is technically very interesting). You can search spamhaus records (among many others) from there.
Re:What about netstat? (Score:2)
If openrbl is rotating between mirrors, that's great. However, the issue remains: spamhaus's actual web content is what's very valuable to me, and it's not mirrored anywhere. I concede that there's good reasons for centralizing the content, but it also creates a single point of failure. SPEWS does a good job with evidence and tracking spam to the organizational level, but it just isn't as readable as spamhaus because it's all raw data (plus there's credibility problems). Spamcop is useless unless you like playing whack-a-mole by IP address or small block.
SBL and ROKSO web content seems to be reachable now
Re:What about netstat? (Score:2)
Just trying to look at every possibility. I'll concede it's (rather) unlikely, but I suspect that the sobig doing the ddos is probably equally unlikely.
Realtime RBL updates? (Score:2)
Of course, I could be wrong, so I'll look forward to being corrected (flamed) soon
Simple solution (Score:2, Informative)
This would mean that Spammers are Terrorists: (Score:4, Funny)
MOD PARENT UP (funny!) (Score:2)
Re:This would mean that Spammers are Terrorists: (Score:2)
Re:This would mean that Spammers are Terrorists: (Score:2)
Do they go after the companies that use spammers (Score:3, Interesting)
Spammers as cyber-terrorists (Score:3, Insightful)
Outlaw spammers, put an end to spam. Sometimes it's as simple as that. (And it works: Haven't seen much fax spam for years...)
Just be "Mr. Concerned Citizen" for once and send articles like this [theregister.co.uk] to your congresscritter [loc.gov] now. Let them know what spammers have already done "to your kids" (rather omit the "to your p...s" part even if you've ordered their pills and pumps) "and to your computers".
"Secure" network.. (Score:2, Informative)
It is unfortunate, however, that the majority of the spam I am receiving is from low lives who run a virus and now I get 143K size attachments being rammed to me.
If they are going to do something there has to be a concerted effort by ISPs to work together to kill of open relays and people who spam rather than getting a real job; 8 to 6, crappy holidays and unreasonable pay. If 95% of people out there can live their lives like normal adults, I think that these spammers can too.
Re:"Secure" network.. (Score:2)
Re:"Secure" network.. (Score:2)
There are always going to be ISPs who are in the grey zone, claiming they are serving only legitimate customers but doing not enough to keep out the spammers.
E.g. ISPs that offer free dialup accounts, or even anonymous dialup.
There is no simple "kicking them out", there will have to be a time-consuming procedure of warning, warning again, and finally maybe a disconnection that will be subject to appeal etc.
A "secure network" could be practical with 10 or 100 parties, but not with 100.000 or 1.000.000
Re:I get 143K size (Score:2)
Re:I get 143K size (Score:2)
Spam, delete before reading.
What do spammers have to loose. (Score:2)
Huh ? (Score:3, Insightful)
English ?
And if such a site is under attack, why on earth are you linking it on slashdot's front page ?
Sunny Dubey
How cool?! (Score:4, Funny)
Only in my dreams...
They killed news groups and email's fading fast. (Score:2)
My main corporate email account is bloated with spam and with moron viruses sent to "all Microsoft Customers," of which I am not. It has got so bad that I just let the account bump against its mail box limit and bounce messages off.
Unfortunately, I have to use email for the auditability otherwise...
If it wasn't for spam, I'd have no traffic at all most days.
just respond in kind (Score:2)
How the attack works (Score:5, Informative)
Before the SoBig virus, each mail server receiving mail would, in the course of a day (about how long DNS black list records would be cached), get SMTP connections from a certain set of other mail servers. Most of those mail servers would be the ones from which email regularly comes in. Although people would have lots of email addresses in their address books, and even more in other files, most only regularly exchange mail with a small subset.
Enter the SoBig virus. It gathers up email addresses, not only from the address book, but also from email contents, web cache, documents, and just about everything else. Then it sends email to them in a probably uniform distribution of selection. The number of different domains being sent to from one computer in a day is now much larger than normal (in addition to the increased traffic). At the receiving mail servers, the number of different mail servers the SoBig spam is coming from is also much larger than normal. Now mail servers are getting mail from just about every mail server that has any user with any instance of a user email address that names that receiving server.
With the same mail servers sending mail over and over, the receiving server's DNS cache will have hits very frequently. With an increase in diversity of mail servers trying to deliver the SoBig spam, the number of cache misses goes up. Each cache miss means a query that recurses back to the DNS blacklist servers. Thus the query load on those servers goes up, effectively a DDoS.
Additionally, most DNS servers out there are "open recursive name servers". That means they let anyone, anywhere, do a recursive lookup. Spammers can drive even more load on the DNS blacklists by sending out DNS queries (with forged source addresses, of course, so they don't have to deal with the bandwidth of the answers) to those open recursive name servers, forcing more and more queries to focus in on the authoritative servers for the DNS blacklists.
This attack can be successful because spammers have far more network access from a wide variety of places than there are authoritative name servers for DNS blacklists (the ultimate target). And since recursive DNS lookup only has that server for a source address, all the DNS blacklists will see are queries from those open servers.
One way to address some of this problem is to close off recursive lookups. But given that millions of networks are run by incompetent or non-existant administrators, that isn't likely to happen on the scale needed to prevent the abuse. And it won't stop lookups by the receiving mail servers trying to check out all the different SMTP connections due to the spam from the viruses.
Blacklists will most likely end up having to be done by a means other than DNS, unless blacklist operators can manage to acquire sufficient bandwidth and server power to ride out the loads (which could very well be even greater than the GTLD servers that host "com" and "net" would see). Some form of distributing a static list file will probably happen. And, unfortunately, that means whoever gets listed will have a much harder time getting out of all those distributed lists, as many people won't be updating them as often as they should. The original reason to use DNS was to have a relatively quick means to remove a listing and have it take effect throughout the internet. By breaking the DNS mechanism, the ability to remove a listing is what suffers the most.
What I hope will end up happening is that spammer networks and generic (dialup, cable modem, DHCP, etc) addresses get listed in distributed files, and the more transient cases still get handled by DNS. The listings in DNS would be the ones that won't be so important to big time spammers, so they would be less attractive targets of attack, and if attacked anyway, would not open up the major points spammers find easy to use (e.g. their own networks and the generic networks where open proxies are found all over the place).
Re:How the attack works (Score:3, Insightful)
There is no evidence that the SoBig virus was written by spammers, or even that the RBL DDOS is intentional. To me it looks like the RBLs simply can't handle the load from trying to filter out this virus, plain and simple.
Perhaps an improvement to filtering tools would be to rely as much as possible on bayesian and rule-base filters, and only contact an external RBL (or other rule) if the score is borderline. Right now they're hitting the RBLs for every single message even if it would fail the most simple filter. I imagine the problem is just that everyone's mail server can easily handle 1000x the current level of crap, but the RBLs can't.
Re:How the attack works (Score:2)
The original MAPS RBL is also availible as a BGP feed. Most people find this too painful (especially when MAPS and Tier-1 ISPs are slugging things out) but maybe a return to something like that would be the next step if DNSBLs become unworkable.
Another, possibly random thought: If the FBI told the victims of DDOS attacks to go away, and it later turned out that this was the lead they needed to find the authors of some virus/worms.... would heads roll? Policies be changed? It seems that, if they find fraudsters and emezlers by following the money, they should be following the zombies to find out who wrote the worm.
I've said it before... (Score:5, Insightful)
The main problem here is that we have millions of hosts connected to the Internet that just aren't robust or secure enough to be connected to a public network (I'm mostly talking about Windows machines here, if you hadn't guessed).
There was a discussion last week on slashdot about ISP's doing egress filtering home users's connections and I'm all in favour of that.
Unless you're hell-bent on running a mailserver on your DSL line, there's no reason for you to go out on port 25. Even if you do run a mailserver, you should have your box forward all outbound mail to your ISP's mail relay. AOL and some other large ISPs won't accept mail from you if you don't anyway.
IMHO ISPs have a responsibility to protect the backbones from their lame-ass customers with compromised machines.
Reply rather than mod if you think I'm talking out of my outbound relay.
Re:I've said it before... (Score:3, Insightful)
Re:I've said it before... (Score:3, Insightful)
Well, the above mentioned switched on users and small businesses with satellite offices using consumer DSL circuits to save money, that's who. I'd also be unhappy about the prospect of this being a slippery slope. Let's say we start by forcing SMTP through the ISP's server (which kills SoBig) and also block DCOM and NetBIOS (which probably shouldn't be on the Internet outside a VPN anyway). Fine, but what happens when we get a major exploit on another non-core protocol? Do we block that too? Who decides?
Are you sure you will feel that way when one of the protocols *you* rely on gets firewalled by your ISP to "protect the Internet"?
Well stop saying it. (Score:2)
I like to run sendmail on my cable modem. Don't give my ISP any ideas about blocking this port. They have screwed with me enough already (i.e. AT&T @Home blocking port 80).
I run OpenBSD, and I'd really rather not be punished for some Win32 idiot that opens every EXE in Outlook.
Conspiracy theory seems implausible (Score:2)
More likely that crackers want to target Spamhaus and the like because it's a big target, just as Slashdot attracts trolls.
What is the motivation for one individual spammer to start launching attacks? Or is there some spammers' guild where they band together?
Re:Conspiracy theory seems implausible (Score:2)
Having been involved with a company that was incorrectly put on a blacklist (suspected of distributing spyware, with no proof or even attempt at proof, just one individual's speculation), I can certainly understand someone getting frustrated enough to retaliate.
We figured it out this summer (Score:5, Interesting)
You may mistakenly believe, as I did in the past, that spammers are just a bunch of unemployed losers that sit around late night bulk mailing ads for scams. It turns out that in fact they're well funded losers engaged in such a lucrative industry that they can afford to hire good programmers.
The series of windows worms we've seen this year had preset expiry dates -- ending each of the carefully released wild tests. The most recent versions (swen) have very efficient SMTP engines built-in; these are not amateur projects.
Thanks to Microsoft's monopoly of operating systems, spammers can easily deploy software around the world that relays spam. swen demonstrated the power of this software; many people were DDoS'd off the net. I alone received over 40,000 emails carrying the worm.
Except an all-out-spamwar to break out in 2004.
Re:We figured it out this summer (Score:3, Funny)
How about an all out virus war? Write a virus that stealth installs AVG and let it run loose. I can't wait to see the Symantec advisory on that:
"This trojan installs a competitor's product. Here is the remove tool and a link to buy our product."
Off the wall time (Score:2)
SPAM is successful because of a simple formula:
(Number of messages sent + cost of sending) / time = $$
Why not simply slightly revise the SMTP standard to only permit a fixed number of messages per sender over a period of time? For example only allow say 20 recipients per message per day? If you need more than that, then perhaps have some form of payment system? Isn't it a bit ridiculous to permit an unlimited number of messages? Obviously the SMTP standard was written without abuse in mind.
Coupled with other methods (such as verifying that originating domain exists (thanks a LOT verisign morons) then if the core ISP's implemented something like this it could seriously put a dent in the spammers ability to function.
Proposal for a DDOS-immune RBL (Score:4, Interesting)
The list is a re-emplementation of a DNS-dased RBL, so to allow current MTAs to access it without modification.
The RBL servers are distributed, PRIVATE AND SECRET, in order to avoid being DDOSed. The servers are ordinary BIND, whose zone file is updated by a process to be implemented.
Those willing to use the RBL service have to run their own DNS server - they are free, however, to allow other trusted people to use their services; only them are going to be affected by an eventual DDOS, but not other users of the DRBL.
The RBL information is distributed via USENET. USENET has proven it's ability to survive all sorts of attacks in the past. It has survived the church of scientology, therefore it will survive chickenboners. It's distributed nature makes it quite invulnerable to the kind of DDOS attacks that currently affect centralized DNS RBLs.
The list maintainer posts PGP-signed updates to USENET via a network of trusted volunteers who do it from dynamic IP addresses of disposable dialup accounts. For safety, the IP addresses are changed immediately following the posting of updates, in order to avoid being DDOSed.
Authentification agaisnt spoofing and flood attempts is provided by the PGP signature.
The RBL users then scan USENET for the updates, who, once authenticated, are used to update the zone files on their private and secret DNS servers.
Re:Proposal for a DDOS-immune RBL (Score:2)
Are you suggesting publishing entire lists of vulnerable hosts in the clear?
If I was a spammer, I wouldn't exactly be unhappy about that. No need to do port 25 scanning for open relays any more, just get 'em off Usenet where the good guys posted them!
Re:Proposal for a DDOS-immune RBL (Score:2)
That kind of defeats the anonymous/distributed purpose, I guess.
Re:Proposal for a DDOS-immune RBL (Score:2)
I am afraid the spammers are winning (Score:2)
So, in the face of this spammers' blatant endevour, what is the level of interest of
Re:I am afraid the spammers are winning (Score:2)
Re:I am afraid the spammers are winning (Score:2)
Re:Viruses - not necessarily. (Score:2, Informative)
Re:I tend to think that spam is a virus... (Score:2)
Re:going postal on spam (Score:2)
Damn, I'm lame today.
Comment removed (Score:5, Insightful)
Re:Spam ostrich (Score:2)
Re:Spam ostrich (Score:2)
There is at least one gaping hole in your argument, namely that blacklists are also suppressing free speech. You Suck.
Comment removed (Score:4, Interesting)
Who owns the First Amendment? (Score:3, Interesting)
But never mind all that, just suppose that we do allow owners of networks and servers absolute control of what passes over their wires. Is that something you really want? Sure, it gives them the power to shut down spam. But it also gives them the power to control what web sites their users can access. Or what their users can put on their own web sites. Now, if hardware is owned by a private company and all its users are employees who are supposed to be using the internet to do their jobs, I suppose you have to grant that company a large measure of control. But if we're talking about public ISPs, then we're talking about something very scary. These ISPs, if they coordinated their efforts, and were allowed to totally control whatever passes over their wires, could do something that governments have repeatedly tried and failed to do: censor the internet.
A few years ago, there was a site called blackdeath.org that offended certain parties with its anti-Christian rants. Who demanded that their ISP pull the plug. When the ISP declined, they went to the ISP's backbone provider [twtelecom.com]. Which happened to be owned by a major media company. Now, media companies are not fans of censorship, but they like offending people even less -- they might complain to the FCC, or worse, stop watching TV. So the backbone provider told the ISP to pull the plug on blackdeath.org, or else they'd lose their own internet service, and be forced out of business. Naturally they complied. Blackdeath.org went dark, briefly came back with a low-bandwidth provider, then finally disappeared forever.
This really scared me at the time, since the internet backbone had been consolidated into just a few big companies, most of them with the same censorship-prone connections as the Time Warner backbone. Since then, the backbone situation has gotten a little more competitive [isp-planet.com]. But with the trend to consolidate more and more communications into fewer and fewer companies, I wouldn't get to sanguine. And I'd look for solutions to the spam problem that emphasizes individual, not central, control over network traffic.
Comment removed (Score:3, Interesting)
Re:Who owns the First Amendment? (Score:3, Interesting)
Which I suppose support your basic argument: that the free market has a healthy ability to create alternate avenues of communication. Which would seem to make serious internet censorship more and more difficult. But by the same token, it also make spam harder and harder to control. In the end "free speech", whether it's "we hold these truths to be self-evident" or "i'm a nigerian banker with money to give away", seems not so much a right as a law of nature.
Comment removed (Score:2)
Comment removed (Score:2)
Re:Spam ostrich (Score:2)
Spamming isn't frea speach, it's theft of ressources. Nowhere in the world advertisements are considered frea speach; it is perfectly legitimate for PRIVATE NETWORK OWNERS to restrict traffic on THEIR OWN NETWORKS as they see fit. Hence the use of blocklists to cut access to the CRIMINAL PARASITES, RESSOURCE STEALING that SPAMMERS ARE.
Now, sock, why don't you eat shit and die???
Comment removed (Score:2)
Comment removed (Score:2)
Re:Spam ostrich (Score:2)
I don't agree with fmaxwell's assertion -- I think this is a good thing.
Comment removed (Score:2)
Re:Spam ostrich (Score:2)
Comment removed (Score:2)
Re:I hope so! (Score:2)
You're kidding, right? (Score:2)
You're kidding, right? Bayesian filtering is far from perfect. I've used Mozilla's built-in bayesian filtering as well as Spambayes' far-more-effective filtering system. There are still many spam messages let through in both instances. And there are still occasionally false-positives as well.
The big problem with ANY filtering solution (including Bayesian) is that false-positives are lost email. Unless you filter to a folder and then look through EVERY message (which kind of defeats the purpose) you will outright lose any false-positive message... and neither you nor the sender will know about it.
A well-run blacklist stops the message from even being delivered to your server AND the sending server is made aware of this at message send time. Thus, the sender receives a bounce message, and will know that their mail didn't get through. Unlike with filtering, where the message just disappears.
Comment removed (Score:4, Informative)
Re:More Harm Than Help (Score:2)
Yes, but people just don't know what to do anymore. I know bosses who go really mad at admins when spam gets into their mailboxes. It happened to me too. Of course it's not the right solution, but we need some solution, and we need it now. It's sad, but what can we do?
Also, think about people/small businesses who have a bandwidth cap, or those who pay for the connected minute. No matter what filter they use (including Bayesian), they'll be paying for spam. Blocklists will certainly help them.
Bayesian filtering has been very successful
Yes, but it depends on the filter being trained periodically. And it works better for individuals than for groups (because the ham stats are very different for different people).
Re:More Harm Than Help (Score:2)
Except for the bandwidth costs, which are a big part of the spam problem.
As for the rest of your comment, it's so outstandingly stupid that I won't even bother to comment. And now that I think of it, this is the second anonymous comment that I've seen in this thread slandering RBLs for no reason. What, do spammers read Slashdot too?
Re:More Harm Than Help (Score:2, Interesting)
Oh it's you again. You're still pissed off because your ISP harbors spammers and you think that you're not somehow supporting that by helping your ISP stay in business.
As to your statement about Bayesian filtering ... there are many negative effects. First, it works on the basis of content. What makes mail be spam is not what the content is; it's that the senders are using bulk methods to send to people who didn't want it. I do get some mailings that I have optted in to, which if they were sent to people that don't want them, would be spam to them. Bayesian filtering doesn't work on the basis of what spam really is. Secondly, to even use Bayesian filtering, it becomes necessary to let the spam arrive, using up network and server resources as it comes in. Then the Bayesian filtering has to be run which uses up even more server resources. And finally, if it is considered spam and rejected, then a bounce message has to be queued (taking up disk space), and delivery of it has to be attempted (which for most because it is from real spammers, cannot be delivered, and takes space and delivery attempts for several days). So I will never use Bayesian filtering because it is simply all wrong.
Re:More Harm Than Help (Score:2)
In the private sector (the internet is a network of PRIVATELY-OWNED NETWORKS, there is no place for a "justice system". Those network operators are perfectly allowed to BLOCK TRAFFIC THEY DON'T WANT FROM THEIR NETWORKS.
What part of MY NETWORK, MY RULES don't you get?
Re:no SMTP? (Score:2)