ISP Responsibility in Fight Against Spam 314
netpulse writes "Over at CircleID, John Levine shares a letter by Carl Hutzler, AOL Postmaster and Director, blaming irresponsible ISPs as key part of the problem in the long-term fight against spam. Hutzler says: "Spam is a completely solvable problem. And it does not take finding every Richter, Jaynes, Bridger, etc to do it (although it certainly is part of the solution). In fact it does not take email identity technologies either (although these are certainly needed and part of the solution). The solution is getting messaging providers to take responsibility for their lame email systems that they set up without much thought and continue to not care much about when they become overrun by spammers. This is just security and every admin/network operator has to deal with it. We just have a lot of providers not bothering to care.' To which John Levine adds: 'What do we have to do to persuade networks that dealing with their own spam problem, even at significant short term cost, is better for the net and themselves than limping along as we do now?'"
He seems to miss.. (Score:3, Informative)
AOL's spam policy is unreasonable (Score:5, Informative)
Here's how it works: AOL receives N complaints calling something spam after users click on the "mark this as spam" button. So AOL looks at the previous link in the received-from chain and blocks that entire network.
Sounds good right? Wrong.
Say Joe User works at my company part-time from home. Instead of another pop account, he has a forwarding address with our company that forwards to his AOL account. Joe gets spam, and reports it to AOL. AOL looks to see who sent it, sees my company in the "received-from" chain, and blocks not only us, but every other company hosted with our ISP. Thousands of legitimate emails now can't get to AOL addresses.
It gets worse. Many people use the "spam" button like the "delete" key to get rid of stuff they just don't want right now. AOL doesn't educate its users to realize that reporting something as spam has real consequences, and so people mark real email they requested as spam just because it's easier than deleting around it.
Our fabulous domain host FutureQuest [futurequest.net] has had to ban forwarding to AOL addresses as a result. AOL has been completely unreasonable in accepting any responsibility for intelligent spam blocking, and their users and legitimate businesses are suffering.
At least they're trying, but they're far from the good guys here.
Sasktel, I love you! (Score:3, Informative)
My ISP, Sasktel [sasktel.com] in Saskatchewan, Canada has recently implemented a spam filtering service that has so far resulted in 2 false positives and no delivered spam. It completely blocks all virused emails as well. Finally, it sends out an email every once in a while to remind me to check the status of spam at the online message centre, where you can look at all email sent to me that is "suspicious."
They also have a fairly comprehensive policy against hosting spammers, which is nice to hear. I know that many of my friends who use other ISPs have been recently flooded with spam, but I've not had any problems thus far. It's nice to have an ISP that cares about its customers!
Re:The problem (Score:4, Informative)
If you answered "yes" to those questions, then a career at Verizon is waiting for you, because that is exactly what they are doing [theregister.co.uk]. If ISPs are going to take responsibility for blocking spam and the prevention of the creation of BotNets that originate most of it then they need to take more care than these idiots.
Re:AOL doesn't check complaints before banning (Score:5, Informative)
At any rate, once we cleaned up the problem, I emailed AOL and let them know we'd dealt with it and all was good.
If you want to talk about an ISP that was tough to deal with, it's RoadRunner. Somehow we got on their block list. They wouldn't respond to my emails to their abuse address, just a standard email with instructions. Even managed to get someone down in Florida who knew a friend of a friend of mine to call and complain, the technician got me a phone number to their security center in Virginia (or wherever it was), and all I got was a recorded message to email them, and then it hung up without even giving me a chance to leave a message.
I eventually gave up, blocked all RoadRunner addresses going in. Six months later I checked, and we were off the blacklist.
Re:If they make enough money spamming... (Score:3, Informative)
#1. They hide behind real isps cidrs, meaning we'd have to block that isps ip range to stop them, and most of the time they have legit users and this is bad.
#2. Their ability to pick up and move about. They can move as soon as they are blocked, and are constantly pulling up roots and moving to the next provider that they can suck on for the next 60 days until they are kicked off.
Re:He seems to miss.. (Score:5, Informative)
"By default we filter port 25 to only allow outbound email through our mail servers."
You can request to unblock port 25 if you have a static DSL account... an on top of that...
"In addition, we will periodically scan port 25 over your DSL line to make sure your mail server is not an open relay. If we find an open relay on your mail server, the port 25 filter will be reinstated and you will be notified by the contact email address entered above."
If more ISP's were like that.. there wouldn't be as many z0mbi3z...
Re:Spamblocking Whole Countries and DSL ISPs (Score:3, Informative)
Don't worry, Verizon is working hard to prevent you from doing that! They and BellSouth have petitioned the FCC to allow them to cut off all other ISPs' access to their raw DSL services. They're also making it harder for CLECs to offer DSL in competition with them. So you will get Verizon Online or nothing on DSL. If you don't like this, go the http://www.fcc.gov/ , go to e-filings, ECFS, read the comments and then leave one of your own on "04-440" (Verizon) or a Reply Comment (closing later this week) in "04-405" (BellSouth). SBC and Qwest will no doubt get the same privileges that the other Bells get.
I don't know if Verizon Online blocks Port 25, but if you use their mail server, you must have "@verizon.net" in the From: field. If you try to use your own domain, you commie terrorist spammer punk, your mail will be blocked. And if you want mail from foreigners, you commie terrorist, they will tell you to use Hotmail.
And if the FCC accepts their Petition, you won't have a choice if you want DSL. At least Comcast has a smart Port 25 filter (passes a limited number of mails, blocking spam blasters) and allows From: whatever.
Re:He seems to miss.. (Score:1, Informative)
You can get through from anywhere not firewalled up tight
You can control email sizes
You can control sniffers on hostile networks (wifi, client sites, etc)
You can control number of retries
Etc etc etc
My cable provider blocked 25 and I did exactly that, works great.
Re:Corner pay phones don't accept incoming calls. (Score:3, Informative)
Can you help us understand why you cant test your email server from remote location when your ISP is blocking OUTBOUND email ( unless you relay it through them ). If you are from linuxlabs I am guessing you know how to use sendmail's "smarterhost", or postfixes "transport" to make your email go through a upstream provider.
Because the email server in question is not on my machine here, it resides on an unrelated network. I would very much like to telnet to it on port 25 and manually step through a transaction (in part to make sure it correctly refuses to relay without authentication). How in the HELL would my configuring my home machine to use my ISP here as a smart host help with that? In other cases, I may want to see specifically how it is responding to inbound mail. Once again, to do that, I need a telnet connection to port 25, not a smarthost. In other words, to test an INBOUND connection to my remote mail server, I'd need an OUTBOUND connection from home (which is blocked).
Nahhhhh.. Even if you know what AC & DC mean. It keeps the rest of us safe that you are not allowed to tap directly into generators.
In a sense, we all have such a tap, it's just that it's shared. The only thing keeping me from pulling the whole neighborhood down is common sense, responsability, and lack of need for that much power.