New Spam Zombies Use ISPs' Mailservers 383
RMX writes "CNet's reporting
that the new
spam zombie PCs are no longer acting as their own mailservers, but cooperate with the ISPs' recommendation that instead of running your own mail server, to use theirs instead."
Why aren't they using SMTP-AUTH? (Score:4, Informative)
"The e-mail infrastructure is beginning to fail," Linford warned. "You'll see huge delays in e-mail and servers collapsing. It's the beginning of the e-mail meltdown."
This is why some isp's.. (Score:3, Informative)
It's just a hell and takes lots of time to go through contacting abuse-department of ISP's like AOL and Verizon who decide to block for very few spam-reports. Even though the damage of spambot-infested computers on your own network is limited.
Re:Why aren't they using SMTP-AUTH? (Score:5, Informative)
Re:Many ISP mail servers get blacklisted now? (Score:3, Informative)
The ISP I work for mandates the use of their mailserver for outgoing e-mails and limits the number of mails that can be sent in a certain timeframe.
Re:Global, realtime spamlist? (Score:3, Informative)
So... something like Vipul's Razor?
It's not quite as trivial to set up as you suggest, because of two things...
Fortunately, people are already working together to make this work. Pyzor is another similar effort.
Spamassassin has hooks built in to interface to both Pyzor and Vipul's Razor.
Maybe ISPs should just start running spamassassin (or something similar) on all outgoing email and blocking everything that scores too high... this would slow down their servers slightly, but would cut spam drastically across the board.
Re:Simple solution (Score:4, Informative)
I'm going to assume you mean "Outlook Express" when you say "Outlook", otherwise your argument has no merit. Even then, Outlook Express isn't as bad as you make it out to be. For example, both Outlook and OE support SMTP-AUTH, via SSL or not (as well as both POP3 and IMAP-v4 over SSL). That addresses your first problem, which at this point is an ISP issue rather than an MTA issue. Your second point is really only valid for OE, and then only if you've never bothered to use Windows Update (in which case you're asking for other problems anyway). Outlook has blocked bad attachments since a service pack for Outlook 2000 (there have been two versions of Outlook since then, XP/2002 and 2003). Outlook 2003 (which is the only version I have installed right now, so I can only speak to other versions on memory) will also block malicious content in the body of the message itself (scripts, images linked to external sites, etc). If you're still getting infected by email viruses while using Outlook, you're either running a ridiculously old version, or you're explicitly overriding Outlook's protection mechanisms.
Moving everybody back to pine (or better, mutt, but that's my own personal preference) via ssh is not an acceptable solution. Forcing everybody through a webmail interface is only slightly better, but even that is not very desirable (see the new Outlook Live [msn.com] service from Microsoft that lets you read your hotmail email via Outlook rather than the web page, or RPC over HTTP [microsoft.com] in Exchange 2003 that lets you access corporate email without a VPN rather than using OWA).
Re:Simple solution (Score:2, Informative)
Trust me, I've set it up.
Re:Authentication (Score:3, Informative)
It probably won't. Your e-mail client likely remembers your password for you, no? So if your mail client knows the password, what's to stop the Trojan from pulling the password out of where the mail client stored it? And since you're probably using Outlook Express, the Trojan knows exactly where to go. Thank you convenience features.
Re:We're winning (Score:4, Informative)
PS, blocking port 25 for customers is just plain dumb -- I have a lot of customers that go on the road and don't want to reconfigure their laptop to use the local dial-up access SMTP server for two hours, then do again in the next city.
They just leave the SMTP set to us, and we have secure logins. Voila. Oh, but we can't use port 25 because a lot of ISPs block it.
BREAKING NEWS!! (Score:3, Informative)
Spammers are using Microsoft's Hotmail servers as Spam servers, and sending out hundreds (of millions) of emails each day to unwilling recipients.
Come on, this is hardly news worthy on the front page of Slashdot...this kind of thing has been going on in one way or another for a long time.
Re:This is why some isp's.. (Score:4, Informative)
I tried this. I limited outbound emails to 1000 addresses at a time thinking that was very reasonable. Within a week there was a complaint from one of major companies that they couldn't send to all of thier remote offices. Sure enough, not only did they have more than 1000, they had 13,000.
I realize this isn't an everyday occurance, but this situation should show that using a limit fix is not a good solution.
Even doing a max-per-hour won't work. There are times when outbound email from a company can increase exponentially for legit reasons.
Re:Most ISPs have limits (Score:3, Informative)
Re:Not surprised.... (Score:4, Informative)
Re:Not surprised.... (Score:4, Informative)
I don't know if the login/password is stored there as well, but the server information sure is.
Story Time! (Score:1, Informative)
Hello, my name is the Constitution. I'm here to let you know that, indeed, my first ammendment (that very one that allows free speech) is still here in on the front of me. Uncle Sam and I thank you for your service. And remember, you still have the right not to read anything you don't want to.
Your pal,
The Constitution
RFC 2476 (Score:5, Informative)
I have a lot of customers that go on the road ... They just leave the SMTP set to us, and we have secure logins. Voila. Oh, but we can't use port 25 because a lot of ISPs block it.
You're using SMTP AUTH over TLS on port 587/tcp per RFC 2476, right? ISPs have fewer legitimate reasons (if any) to block 587/tcp out than 25/tcp out.
SBC Global / Yahoo has been doing this for 3 weeks (Score:3, Informative)
We had everyone doing authenticated SMTP through our server for outbound but SBC shut that down and forces them to do authenticated SMTP through their servers now.
I have absolutely no problems with this except two small issues...
1. They didn't let anybody know. (To my knowledge) There was no press release on the home page or any instructions emailed out to inform customers how to update their mail settings. Since of course they only officially support their email addresses any non-technical customers that called in to SBC royally messed up receiving mail from our servers.
2. There is no non-customer technical support period. You can't make your way through their automated system and they have no way to contact any body on an ISP to ISP level that I could find.
I even contacted some marketing person at their HQ that I managed to find contact info for and explained the situation. They even tried to contact support and couldn't figure out how to do it. Very sad. Glad it wasn't an emergency.
Re:Authentication (Score:2, Informative)
Forcing mail through the ISP's mailserver is a great first step; clearly enough ISP's are doing this that it's come to the attention of the malware writers.
The next step is to limit outbound mail at the ISP; 20 messages per day for ordinary home users should be plenty, and you can allow more (as many as you need, 20 messages at a time) by going to a webpage somewhere (no standard; leave it to each ISP to decide the best method for this).
Commercial accounts decide for themselves what's a reasonable limit; pay a deposit and you can have 'no limit' but if you get infected you forfeit the deposit..
Another idea might be to scan outbound mail for known viruses, likely virus attachments (who the hell legitimately mails screensavers and/or control panel components..?) and 'spam indicators' (large variety of different from addresses, etc). If it looks suspicious and/or there's an unreasonable amount of it, block all further mail until someone checks it out and turns it on again..
Re:violation of ISP contract? (Score:4, Informative)
The pages even have lovely pictures so the users can't(read: shouldn't be able to once they have removed their heads from their asses) make a mistake.
When the user think that they are clean we rescan their network traffic and if everything checks out we place them back on the standard network.
Last year almost the entire campus fell victim to adware, spyware, and virii... this year only a handful. It seems to work. If they get re-infected they lose their internet access again.
Law is the answer and the answer is law! (Score:5, Informative)
Just take a look at the statistics:
Europe has only had strict laws against junk communications for two years (Article 13 of Directive 2002/58/EC) [eu.int], they have only been in full force since November 2003 (and the provisions for criminal penalties are not even in place in each and every corner of the European Union yet) - but they mean pure and simple opt-in, and look how this continent's "spam output" already has become almost completely insignificant.
The U.S., I'm afraid to say, have put next to nothing in the way of these sociopaths: only a now-you-CAN-SPAM-more-than-ever Act that lives up to its name in the worst of ways, by legalizing most of the spam [slashdot.org], enacting an unworkable opt-out onus on the users, and putting anti-spam warriors at the legal risk of interfering with (and being taken to court by the operators of) what is considered a legitimate "business model" except for some of the worst abuses - and for however little it is, all of this even an entire decade too late.
Reliance on technical solutions and minimal government intervention is just fine for many things - but it's failed in the fight against spam.
Here is how to do it:
That's certainly nowhere near rocket science, and if the above looks a bit complicated, that's probably just becauseThere is nothing wrong with following an example that works so well, even if it is from Europe...
Call your congresscritter now to outlaw unsolicited commercial communications, place a hefty fine and jail time on the offenders, and put an end to these abuses before they put an end to eMail itself.
Re:violation of ISP contract? (Score:3, Informative)
Re:Simple solution (Score:3, Informative)
Most root CAs (at least the ones that are found in browsers' CA list) charge a fortune to let an ISP have an intermediate CA certificate that can signoff additional client CA certificates.
Plus, business sense forces the buyer of intermediate CA certificate to recoup the exhorbitant cost by charging all those who wants to have their CA tied to the intermediate CA server.
Not worth it. Just go self-signing and distribute the trusted root to the customer. A lot cheaper (its free).
Re:violation of ISP contract? (Score:3, Informative)
even those great ones with .scr's from v1agra@sh0p0ur31337store.ch.
Why does everyone pick on Switzerland as being the source of spam? I would have thought .cn (China) would be more appropriate...
Re:Eh? (Score:3, Informative)
The throttling is another issue, however.