IBM Unveils Anti-Spam Services to Stop Spammers

bblazer writes "CNN Money is running a story about a new IBM service that spams the spammers. The idea behind the technology is that when a spam email is received, it is immediately sent back to the originating computer - not an email account. From the article, ""We're doing it to shut this guy down," Stuart McIrvine, IBM's director of corporate security strategy, told the paper. "Every time he tries to send, he gets slammed again."""

spamd

[Anonymous Coward]

I think I'll stick with spamd. It doesn't waste my bandwidth.

works great for honest spammers

[JUSTONEMORELATTE]

... but what about the vast majority of spam that's sent from zombied PCs and open relays instead of from the spammer's own mail servers?

With all the spam zombies, how will this help?

[lintux]

How does this exactly help solving the spam problem when the machine sending the spam is not owned (but "0wned") by the spammer?

Or do they plan to DDoS the spam-zombies?

The UNITED STATES of LARD

[Anonymous Coward]

The United States of Lard

by Mark Driver

We are a fat, fucking country. We're also lazy, complaining, selfish,
hypocritical assholes, but today, I'm just gonna focus on the fat part.
More than half of Americans are obese. Not just overweight mind you,
OBESE, meaning there is so much blubber on your bones, it's unhealthy.
Your lard encrusted heart pumps your greasy blood through tightening
arteries and brittle veins. Unsightly fields of poisonous cellulite dot
the noxious landscape that is your body. Our chubby children can barely
pry their fat engorged bodies out of bed. There are even reports of these
little butterballs suffering from adult diabetes, a condition that used to
take dozens of years of abuse to manifest. Like a pod of sleepy whales
sucking pure lard out of a generically mutilated mother hog covered from
snout to tail in teats, we just feed and breed. It doesn't matter what the
fuck we put into our bodies. It can be uranium soaked dog feces sprinkled
with live baby tarantulas, tapeworm eggs, cigarette buts and diesel fuel
causing impotence, baldness, spontaneous abortion, and premature death -
as long as it's battered, fried, and salted: it's dinner.

New National Anthem (sung to the tune of anything by N' Sync)

Suck and sleep,
Mate and eat.
Breed and feed,
Breed and feed.
Don't lather.
or rinse,
or chew,
just repeat.

How did everyone get so fat? Our grandparents weren't fat. Most senior
citizens aren't fat (maybe the fat ones die off early). George Washington
wasn't fat. Abe Lincoln wasn't fat. Ben Franklin was fat, but he made up
for it in charm (from what I hear). In random snapshots of history, most
people aren't fat. They didn't have the luxury of a life where you spent
15 hours a day laying on your back. They didn't have the luxury of a
purely sedentary lifestyle. If they wanted to eat something disgustingly
unhealthy, they didn't have the luxury of waddling over to Wendy's for a
bacon triple cheese burger - they had to make it themselves by scratch.
Luxuries have their costs, don't they fatty?

So are you one of these fat asses? One of these obese, bacon-grease
drinking Americans that make up more than half of our population? Do your
rotund children roll around on the floor in their own drool, playing video
games, suffering from high blood pressure and hemorrhoids because you feed
them processed crap and never make them go outside?

It's easy to stop off at the store or pull up to the drive through window,
but if it came down to it, would you be able to provide any of the foods
you consume for yourself? Would catching a pig leave you breathless and
huffing like a broken bag pipe? Could your short, fat fingers fit around a
cow's udder for milking? Could you even climb into the seat of tractor to
dig a trench to seed some corn? Could you pull a stalk of wheat out of the
ground? Could you run after a chicken? Can you even run?

I'm not saying this to be deliberately mean, I'm saying it because you
fat, lazy, pieces of shit piss me off. What is it, like a third of the
world that's starving to death? In countries worldwide, there are human
skeletons with gaping eyes trying to make bread out of tree roots and
dust, swollen joints and bloated, empty stomachs. 5' 3" and forty pounds.
Now that's a fucking weight problem. Imagine reaction of one of these poor
souls watching American late night TV. Picture them, ribs showing through
their stained rags, broken teeth jutting out of their shrunken heads,
trying to find a place to sit on your fast food wrapper papered couch. You
hit "on", and the TV shows images of fat asses just like yourself, crying
with Richard Simmons, saying things like "I just can't stop myself from
eating! Pies! Fried Chicken! Cake! Pizza! Hamburger! I just eat and eat
and eat! I can't stop! And now look at me! I'm fat." You try to explain to
your new, malnourished

AOL and MSN

[justforaday]

Watch as AOL and MSN/Hotmail now mark IBM as a spammer...

Re:works great for honest spammers

[aardvarkjoe]

You end up shutting down the zombied PCs. I don't see how that's a bad thing.

Re:works great for honest spammers

[jarich]

... but what about the vast majority of spam that's sent from zombied PCs and open relays instead of from the spammer's own mail servers?

What's the problem? If you are participating, on purpose or not, you should be stopped.

Being subject to this form of retribution might make people aware of the problems on their machines. It seems to be a Good Thing to me.

Re:works great for honest spammers

[FlyByPC]

If it helps knock the zombie effectively offline, the user is more likely to notice that there's a problem.

christ on a cracker...

[Rodney L Caston]

Completely pointless exercise, most big spammers are going to be using a outbound only load balanced relay of some kind, they won't be accepting the mail in from the same exit point.

This is complete crap. ...

take it from me, someone who sends out roughly 5 million emails daily.

Doesn't sound very effective

[dfn5]

This kind of assumes that the machines that are sending spam are also listening for SMTP. IMHO I would doubt that. Also, what about all the hijacked Windoze boxes out there that are sending spam on behalf of spamers. Granted I wouldn't feel bad about them getting their hacked machines hosed, but I don't see how that would help the overall situation.

Re:works great for honest spammers

[gl4ss]

massive extra traffic to all isp's, traffic that doesn't even end up shutting the real source of the spam down.

so.. double the money wasted on spam on total and no cure.

e-mails coming from a computer on the spam list

[bagofbeans]

"e-mails coming from a computer on the spam list" are treated this way. Great. So when a variable-IP zombie pc power cycles and I get their old IP address next, it becomes my problem. Time to buy a fixed IP service, people.

Re:works great for honest spammers

[MetalliQaZ]

I don't see any way that this would shut down zombified PCs. DSL/Cable usually has much more downstream bandwidth that upstream, assuming that its even open for receiving mail, I don't think that they would effectively be shut down at all.

Better to slam the websites advertised, like the slashdot effect, I reckon.

-d

Re:What about the zombie PCs

[coyote-san]

I doubt it. What average user is going to understand the problem, much less the solution?

Re:Yes, but what about the network traffic?

[Hinhule]

All the more incentive to the "innocent" ISPs to do something about the spammers on their network.

Heres what happens in order

[dalewj]

1) Person on comcast gets zombie-fied
2) starts sending out spam to say IBM
3) IBM sends back spam to the zombie
4) IBM gets put on every RBL list because it actually is sending spam, think about it
5) comcast and every major company using that RBL and every user in comcast can no longer get mail from IBM
6) IBM yells and screams to RBL list owner that they really arent sending spam, just well sending back email to people who didn't ask for it, or didn't want it or didn't sign up for it. OK they are sending spam... just not bad spam.

Only positive I see is maybe ISPs like comcast might wake the hell up and start cleaning up the problems and stop ignoring their users.

How does it hurt spammers?

[Elixon]

Suppose the spammer's machine that sends 200k e-mails per hour. This machine is for sending only. It does not have any port for receiving e-mails opened. So - the throughtoutput must be high to send out 200k of e-mails, and what they will do to the spammers? If all servers (it is not likely to happen) are having IBM soft then they will receive 200k attempts per hour to connect to blocked ports on spammers machine while trying to hit back... And this is going to stop them? :-) Their specialized machines tuned for sending with no receiving capabilities against high-performance spam-analyzing machines that will waste CPU by identifying spam and waste bandwith while trying repeatdly pass e-mail to some blocked ports on spammers machine... Hm. I don't understand it. Just another way how to hurt people afected by spam by selling the useless software/hw to them.

useless tactic

[msblack]

IBM's tactic is utterly useless because the vast majority of spam originates from zombie PCs. Those zombie system may have an SMTP engine to generate spam, but they most likely do not have port 25 open. Bouncing the spam back will be futile. It is more likely to generate a new denial-of-service attack: send a spam to IBM and watch them fight in vain attempting to bounce back the message.

Re:works great for honest spammers

[Anonymous Coward]

If an ISP notices the extra traffic, might they not be motivated to get the zombies that are used for spamming off their network?

My small local ISP sends techs to help their customers when these things happen - and, yes, I realize that's not viable in most cases.

Re:Not a good idea.

[Triumph The Insult C]

spamd(8) gives you additional capabilies above that of a packet filter ... greylisting, automatic whitelisting, etc. plus, you don't have to run it on your mail server and it will still function correctly. 3.7 will also have greytrapping

Re:agreed

[Anonymous Coward]

I hope you invest for retirement, instead of saying "what's the point of spending money to make money later?"

Re:agreed

[the_bard17]

Sounds more like undergoing chemo to kill cancer... just gotta hope that it kills the cancer before it kills you.

Or so I've heard, anyhow.

Re:What about the zombie PCs

[slashrogue]

They don't really need to. Hopefully they can be smart enough to take it somewhere to have it fixed, even if they have to pay some outrageous fee to do it.

If your car stopped running because of some complicated issue in the engine, you don't have to understand the problem or the solution to take it to a mechanic.

Re:More me too bullshit

[Zocalo]

But you don't have to abandon SMTP completely. Something as simple as hashcash could essentially eliminate spam.

Actually, you don't have to abandon SMTP at all. The protocol has already undergone a fairly major revision with the change to ESMTP and there are very few servers left that are still SMTP only. Technically, it wouldn't be very hard to bolt a much more robust mail transfer mechanism onto SMTP in the same manner we use to deliniate SMTP and ESMTP - the mail server banner and client "HELO/EHLO". For instance you could change the ESMTP banner to include the string "ESMTP v2" instead of just "ESMTP" and compliant servers could sign on with "ALLO", while older clients can still resort to "EHLO" or even "HELO" while the deployment is underway.

Simple, huh? Unfortunately not, because politically, it would probably be a complete nightmare to actually do anything like this. The whole idea would almost certainly break apart under the weight of competing agendas from the various parties involved. I think the whole MARID fiasco [circleid.com] proved that beyond any doubt.

The ONLY thing that will stop Spam

[crovira]

is the law and the fines that will be applied internationally and enforced (collected) by the local authorities on the SOURCE.

If there was no Spam senders there would be no problem with Spam. Right? The problem is that we keep going after the carrier, not the beneficiary.

Fine the people for whom and on whose behalf the Spam is sent. Make it for one dollar per spam message received. Instead of sending for free, the messages end up costing more than the Post Office.

Re:spamd

[cyngus]

While that is a short-term solution, I'd rather have a long-term solution that has the potential to eliminate the problem entirely.

Re:works great for honest spammers

[MrPC81]

You know, some customers on the entry level ADSL plan at one of the ISPs I work for are on a plan that gives them 500MB of data transfer a month, with excess at 15c/MB. It's a pretty standard arrangement here in Australia.

If this sort of plan counts as a DDOS attack, I wonder if those users will start sending their excess usage bills to IBM.

Re:works great for honest spammers

[Oriumpor]

Then don't complain when ISPs start blocking port 25 at their head end.

Re:works great for honest spammers

[rpozz]

I really don't know why ISPs don't just suspend the accounts of PCs with zombies/viruses. In the same way that you get your driving licence revoked/suspended for driving like an ass, people should get their internet accounts suspended too.

And it's not like it's hard to tell who the culprits are. Anyone who has logging enabled on their firewall will know exactly what I mean.

Flamebait my ass

[Oriumpor]

Can you say Comcast?

How the hell do you expect ISPs to react to this kind of retalitory behavior?

You start attacking major networks automatically and you're going to see port blocking come up faster than you can say Postfix.

Re:works great for honest spammers

[stilwebm]

SMTP requires two-way communication, so spoofing is nearly impossible. As mentioned in the article, this isn't a system of returning mail to the From email address, as everyone knows that is forged nearly 100% of the time in spam. It is returning the message to the SMTP server it arrived from. If spam is coming from your IP, you either have an exploited host or open relay.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Well, duh...

[AndroidCat]

The "news" story is pretty much completely wrong. You might want to read the actual technical details [ibm.com] and refactor. (Sadly, a lot stays the same, I think.)

Re:works great for honest spammers

[Anonymous Coward]

Great, I can't wait to have my dynamic IP switch to one of a zombie pc and get dos attacked.

Re:I'm rubber, you're glue...

[AppyPappy]

" What if the spammer had this same technology? Would the internet get stuck in an infinite loop and go to 100% usage?"

No more calls, we have a winner.

Why not just offer a service that acknowledges to spammers that they have reached a viable recipient? This is better than the old "Click here if you want to get off this mailing list".

For every 3 spam messages, I get a user saying they aren't getting their legitimate mail because the spam filter is blocking it.

The British had the right idea. Find the spammers and coil their intestines on a bobbin in broad daylight.

Re:Interesting

[Rodney L Caston]

damn.. 100% overrated...

story of my life. heh

Sounds like an early version of SpamCop

[Animats]

I read the IBM article. Sounds like the early days of SpamCop. SpamCop traces headers back to the originator or the first phony header, to validate the source. Mail with tracing problems used to get a challenge from SpamCop, but they gave up on that. Challenge-response effectively does a denial of service attack on joe-job victims. It's also incompatible with too many legitimate autoresponder systems that send mail confirmations of transactions.

Re:The net result is quite similar

[Scarblac]

but it will almost always bring the spammer down as a (nice) side-effect.

No, it will bring whoever is in the From: address down. It's extremely rare that that is an address that the spammer has anything to do with.

Re:To save bandwidth, how about being pro-active?

[onepoint]

While the idea of pinging to death sounds great, it's also a DOS, Which, I think might be agaist some law here in the USA. Returning the mail to the sender seems to be legit.

onepoint

Re:Lies in the CNN story title.

[ciscoguy01]

5. Don't all those challenges take up unnecessary bandwidth? A little bit, but it takes the server much less time to send out a small challenge than it does for the user to look at it in the spam folder, no matter how fast he presses the delete key. Legitimate senders know immediately that a user hasn't received their email, and they can click a button to have it delivered. Meanwhile, the emails sit in the queue for only an hour if they can't be delivered.

The problem with this scheme is the "click a button" aspect. This would require HTML mail.
The spam problem would be 80% solved if HTML mail were not used at all.
1. Spammers wouldn't be able to track mail opening with tagged image links.
2. Spammers wouldn't be able to propagate their custom programmed spamming trojans and viruses nearly as effectively.
3. HTML mail is not needed. When was the last time you got email with a remote loaded picture in it (not attached) that actually interested you? Almost never in my case.

Hey! I got it, the FUSSP! Just ban HTML mail!

It won't work

[macdaddy]

I haven't seen a spammer's box in the last couple of years that's used to send spam also listen on tcp/25. That's because they don't have a SMTP server listening. When you try to send the spam back to the originating computer you're going to get your TCP connection rejected simply because they aren't running a SMTP server. Who's resources are they planning on wasting? Good grief. This isn't rocket science.

This absolutely sucks!!!

[AaronW]

Challenge response does not work well. In my case, there is a spammer out there who uses random email addresses at my domain name. Every time he sends a spam run I get anywhere from tens of thousands to over a hundred thousand bounced emails at my mail server. This server is for personal use only and is not designed to handle huge amounts of email, though Postfix doesn't seem to mind too much even though it's a 333MHz Pentium II box running Linux (uptime now at 595 days).

While my mail server doesn't seem to mind too much (other than huge log files), my Netgear firewall goes nuts from time to time forcing me to reboot it.

What would stop this type of DDOS I'm under? The gateway mail server should validate the recipient and return an error code right away instead of sending a bounced email later.

Why challenge/response won't work either.

[edunbar93]

This basically makes the assumption that:

a) spammers give a rat's ass about receiving e-mail, and thus actually *have* incoming mail servers, and
b) that spammers aren't spamming through botnets.

Since both these assumptions are false, this suddenly becomes a spectacularly stupid idea.

Re:The net result is quite similar

[freeweed]

Good thing the summary already covered this:

when a spam email is received, it is immediately sent back to the originating computer - not an email account

Unless you know of a way to mass spoof TCP handshaking, that is...

Re:With all the spam zombies, how will this help?

[BranMan]

Anyone want to bet how long until a spammer sets up a zombie to hit IBM with emails from "joe@ibm.com"?

If this description of how IBM built their system is accurate, they'll DOS themselves.

My bet is one week, or until the first spammer gets ticked off by their zombies being slowed down, whichever comes first.