Solve real business challenges on Google Cloud and run workloads for free. For Slashdot users: Get $300 in free credits to fully explore Google Cloud. Get started for free today.
Posted
by
michael
from the unplug-the-ethernet-for-best-results dept.
Dru writes "Here's an article talking about the details
of implementing a network level spam defense
with Qmail. It also talks a little about a new site called
Trustic
which uses a trust system (like Advogato) for
nominating spammer/hostile IP's."
This discussion has been archived.
No new comments can be posted.
I propose that, rather than changing content, proxies simply add the evil bit to packets from sources that they know to be evil. This can be treated by applications as simply a suggestion, like CSS. Here is how we can set the evil bit---at the proxy level! Mark banner ad transmissions as evil!
I suggest buying the book [amazon.com] if you plan on implementing it. The online version [lifewithqmail.org] isn't enough (and covers about 1/3 what the printed version does).
Make sure you follow the relay-ctrl section very close. You could be a source of spam if you do it wrong!
Have a computer certified by another individual and create a public/private key for that computer. Do this step to create a network of ID's for the servers.
Now, have admins "Sign" a certain public text that allows servers to trust other servers.
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Of course, mail servers and clients would have to have different trust relationships ala ssh.
For them mail geeks: would this be feasible? I could see CPU load go rocket...
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Just curious, how is this different from a blacklist? It sounds like the same concept, just different technology.
Just curious, how is this different from a blacklist?
Blacklists are maintained by an authority, hence a hierarchial system. Web of trust (which this is based upon) can have a hierarchial system mapped on to it, but each user can act as its own blacklist/whitelist and share those properties either as a full weight or partial weight.
Essentially acts as the same thing...but not quite.
The idea would be that you could assign a special trust setting to either agencies or other admins that specifies that you trust them to make certain trust decisions for you (or, at least, that they'll weigh in on a trust decision).
The generating and spreading is not all that bad, and there is working art already (PGP keyservers).
by Anonymous Coward writes:
on Saturday July 26, 2003 @09:18PM (#6542393)
now all we need to ask is how long till this "community" service that they provide will take before they start charging $ for querying it just like every other blacklist, making blocking spam a privilidge for the rich (i believe MAPS is over a 1000$ a year)
You're probably right, they will eventually want to charge money, and, IMHO, thier solution looks overly complicated and manipulable (spammers pay for "trusted" members to list them as "trusted").
It would be better if ISPs participated in services like the ORDB [sordb.org], SORBS [sorbs.net] and Monkeys [monkeys.com] that have simple network testable criteria for listing open relays. Spews [spews.org], Spamhaus [spamhaus.org], and DSBL [dsbl.org] have reputable lists of usernames and addresses that send spam. If ISPs and admins would participate in projects like these, the spam problem would be greatly reduced. And it seems that these projects are mostly run by admins who are interested in blocking spam, not selling a service.
By the way, MAPS [mail-abuse.org] is currently free for individual use [mail-abuse.org] (look at the bottom of the page).
Your spam may be my correspondence -- I may want to get mail from those whose conduct you find abhorrent. Today, a network may responsibly be censoring only unwanted and unsolicited commercial e-mail. Next week, the powers-that-be-in-the-networks start censoring geek news.
To protect our liberties, spam control should be decentralized -- as close to the last mile as possible. Yes, of course, this means that the supposed great harm of spam -- huge volume transmissions through the network -- will not be interdicted closer to the source. In my view, an effective end-point spam model is as likely to reduce volume as a network centered model: the idea is to reduce the INCENTIVE to spam -- that will reduce the volume.
Centralized technical measures simply invite the spam wars to continue, provide centralized points of failure, will not diminish spam, and will assure that powers-that-be have ample new abilities to censor speech.
problem is too many of you are deciding TO use it. AOL, Hotmail, MSN to name a few.. the 'want' to filter spam at the server level hurts legit email marketers, inconveniences recipients of legit email marketers, and to the parent's point - creates a target for spammers.
server side email filtering is BAD, BAD, BAD!
what if the US Post Office started throwing out your clearing house sweepstakes and credit card applications before you ever got them? problem is theres two kinds of people in the world.. those that say alright no more junk mail, and those that ask, how do you do that without getting a false positive once in a while?
So add something like the "evil bit" to a mail header, server side. Then if the end user wants, they can filter it out or not, based on that extra header info.
fact is, its impossible to determine if an email destined for your mail box is solicited or not. the server could tell you it just received 100,000 that look just like it.. but that doesn't change the fact that somebody sent you an email and you may or may not want to look at it.
unless you know for a fact that your not subscribed to any mailing lists so anything coming in bulk most definately isn't for you, then sure use the server's insight to filter those messages - but seriously there aren't many who fi
You're describing a naive, trust-or-don't approach to the "evil bit" suggested, which is stupid. All a system like the bulk marker would do is add more information to use to improve an existing filtering system, with baysian analysis, whitelisting, etc.
Clearly, there are many people willing to risk false positives to filter out the crap, so why shouldn't a system which helps them at no risk to those who don't filter be implemented?
As someone pointed out... if this is voluntary, why should anyone upset abo
if your going to get a false positive why filter? as the hate for spam rises more people are saying fuck the false positive rate - which is a HUGE mistake.
why should I care of somebody is filtering THEIR email? because if im sending them a message, that is MY message.. if they don't see it then suddenly I have no voice.
spam is a real problem and filtering is not the solution.
> if your going to get a false positive why filter?
My spam folder gets several hundred messages each day. It is _impossible_ for me to read every one of them to determine if it is really spam. I glance over the subject lines and read the occasional borderline one, but I _guarantee_ you that I am already getting false positives. If I dropped spamassassin and allowed the spam into my other folders I would get even more false positives as I impatiently deleted every other message as obvious spam.
of course I would expect someone who knew enough to download and install the software to use it responsibly, but again this is not most people.
I'm not worried about myself or most people who know a few things being bothered by spam. Personally I dont get but a couple a week because I know how to prevent from getting it in the first place.
the problem is the public, ie family, friends, _customers_ who I want to communicate to via email. when my message shows up in the possible spam box instead of the inbox,
I have had to change two of my best known addresses to explicitly allowed senders only. They get simply too much spam. Once I've allowed only certain senders, I made a new address for new people, with no filtering, and isn't linked or displayed anywhere. (A web form to a back end processor sends mail to the address, and of course I give it out to people who need it in person.)
So far the new address has gotten a single spam message, which I traced back to sender who got infected with a virus.
spam is a real problem and filtering is not the solution.
And what is a real solution? If you say legislation, I'll just laugh.
if your[sic] going to get a false positive why filter?
What do you recommend for people who's time is too costly to read everything at the insanely high noise/signal ration? Stop using email? You talk about false positives like they happen all the time... do you have any idea how low the false positive rate is for a good filtering system? You might as well say that no-one
You might as well say that no-one should use mail, because your letter might get lost en-route
mail not reaching its destination is a lot different than taking a letter and throwing it away, or worse.. having a machine throw it away for you. btw, do you how often mail gets lost? its pretty damn rare, which brings me to my next point. theres a reason the us post office has a good reputation, its because when you send something, it goes where you sent it. would you have that assurance if devices were becomi
If you want to receive the junk, don't use one of those services, but I fail to see how someone else choosing -to- is a problem.
Your analogy is flawed. I have a choice to use AOL|Hotmail|MSN|spamassasin|etc and I pay for the connection to download, view, respond and delete my email (not to mention the time it takes out of my day). I don't have a choice whether or not to use the USPO and it takes FAR less of my time to sort out my real mail than it does email.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO analogy and would be throwing an utter FIT. But it isn't possible (is that a web page or a webmail, is that IMAP, is that secure IMAP, is that POP3, is that email tunnelled over SSH... no way).
Until there is legislation with -teeth- and a way for the little guy to prosecute you are not going to see many people agree with you about server side filtering.
you have a choice to use aol.. a million aol members using aol as an ISP do not have a choice who is hosting their @aol account, nor should they need to care.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO
exactly, its not possible.. but thats not stopping more and more companies from trying. and more and more people are starting to not get all their email, spam is bad but when I can't send my parents an email because they are on aol (or msn, or hotmail,...)
Where do I sign up to have the post office throw out the clearing house sweepstakes and credit card applications before I get them? Along with all the other stuff sent out to >1000 people?
As far as I care, anything sent to "Resident" can go straight into the trash can.
Spam control with RBLs is, in fact, decentralized. There are many RBLs to choose from, and any that are too severe will not be used for long if they generate too many false positives. As a system admin, I have my choice. I use 4 RBLs right now:
spamhaus.relays.osirusoft.com
(this is a mirror of the Spamhaus Block List [spamhaus.org]) Well known spam operations, and is checked hourly.
dialups.relays.osiruSoft.com
(details at OsiruSoft [osirusoft.com]) This list is of DHCP IP addresses of home users (DSL, cable, dial up).
dnsbl.njabl.org
(extensive details [njabl.org] of what's on this list)
rbl.restongeek.com
I maintain this one myself for anything I want all my servers, primary and backup MX, to block
And there are many more [openrbl.org] to choose from.
I am very happy with my results, it is a pleasure to see the reports of the mail that is blocked (see my/. journal for a sample report). If I start to think maybe one of these lists is a little too severe, or someone lets me know that there are problems with one or more of the lists, I will delete it and pick another. Or maybe not. It is my choice, I want to keep down the spam on my system, for my sake as well as my clients'.
Thats why I would recommend SpamAssassin [spamassassin.org]. All spamassassin does is label the mail with a "spam level" it is then up to each individual user to filter out the spam at the user level, not at the server level.
A much better method for letting your 'correspondence' get through while other users spam doesn't.
> Your spam may be my correspondence -- I may want > to get mail from those whose conduct you find > abhorrent.
You _want_ to receive mail from the bastards that are forging my domain in their penis-enlargement ads and fake PayPal confirmation requests?
> Today, a network may responsibly be censoring > only unwanted and unsolicited commercial e-mail. > Next week, the powers-that-be-in-the-networks > start censoring geek news.
I'm the only power that is on my network.
> To protect our liberties, spam control should be > decentralized -- as close to the last mile as > possible.
Can't get any closer to the last mile then right here in my office.
> Yes, of course, this means that the supposed > great harm of spam -- huge volume transmissions > through the network
"Supposed"? More than half my email is spam. And that's on a shared dialup.
But not mine. People who want anonymous and spam-like email should invent their own protocol, opt-in, and find a way to pay for the network bandwidth used by it. Maybe you can pay extra for email forwarding to an address with "spamMe" embedded in your user-name. The rest of us (probably 99% of all email users) should get the stuff filtered as close to the senders as possible to help unclog network traffic.
Have you thought to ask WHY webmasters.com was dropping the replys? Sounds like YOUR hosting company was doing something bad and wanted to hide it from you - like hosting a spammer. To block a bounce message from getting back to you takes Special configuration. Why would they do that if they had nothing to hide?
I have manually blacklisted MANY companies, netblocks, and even entire countries (china and korea come to mind) for bad behavior of various types. My bounce message is usually a little more informat
I'm canadian . Will rifles work?:-) JK See : we have very restrictive hand gun control , but a minor can buy a shotgun/rifle if it is for "hunting" purposes . They never said hunting what....
Your forged headers are noted and factored in when determining whether you are spam or not. But by themselves they are not sufficient to mark you as spam.
Your e-zine will tend to have the same format and similar content from issue to issue. The Bayesian filter can detect this and let it through.
I'm running this setup at work for our offices and it works very well. The only real problems we've had is monster.com's resumes. But even that seems to be working now.
have you considered using an asp marketing service? you could upload your templates/e-zines and your mailing list and schedule the deployment. depending on how much you send its probably cheaper than hosting your own server, plus you dont have to worry about being filtered or black listed. check out www.dynamicsdirect.com
Spam Arrest [spamarrest.com] works pretty well for avoiding spam. It costs money (as much as $3.33/month) but it works well. When somebody sends you e-mail, it replies with a confirmation link. The user must click on the link and type in a simple computer-generated text code to be whitelisted. They only have to do this one since once they are whitelisted they can send as many e-mails as desired. Stops nearly all automatic mass mailers and spam from fake e-mail addresses. Not free and perhaps lacks in geek factor, but
Why would you use something like this when there are several existing software packages that do this for free? Hell, I did this kind of thing YEARS ago with a trivial procmail script.
There are many reasons why confirmation style whitelisting systems suck and are not workable in the REAL world that I could tell you about, but I find it much more entertaining watching people use such stupid systems, crow about how great they are, and then end up abandoning them a few months down the road when they figure it
I have no interest in joining such a group. How long until they post $insanely_large_num of members as a way to try and prove the validity of their method? Bet they'll forget to mention how many members were dragged in kicking and screaming just to appeal placement on the list.
Please remember that the service is beta and will start charging for advanced features once it is out of beta. As usual, worth waiting to see if it goes totally commercial. Looks like they plan to charge to allow listing multiple "trusted" servers.
A fair number of the spams I submitted came from servers that had already been voted on as TRUSTED by other users. In other words, my credability went down by reporting them as spammers.
http://www.trustic.com/ip/219.94.114.6 for example and I've got a fair number of others. Folks are either polluting the space intentionally or being very very sloppy in reporting trusted servers.
Groups like spews have a very nice evidence file, and it gets reviewed by a person. I've generally been impressed with the real community blacklist sites.
Technically the site works great and is super fast. But wouldn't follow the O'Reilly recommendation and pick it as my primary blacklist just yet (even through the guy doing the site worked with the author of the article to make changes.)
I initially thought spews was completely over the top. My first encounter with them was due to a client's server getting blocked when he inherited some new ip's that had previously belonged to a spammer. I couldn't believe that these people had so much control over so many networks (almost zero mail got out) and that there was NO official or standardized removal procedure. But after reading the FAQ, joining the newsgroup and asking a few polite questions - my client was delisted within a day. Also, the evi
I think your experience mirrors that of many around spews.
If an ISP ignores / cans complaints they can get the runaround trying to get off. Once an ISP's abuse dept has developed and ongoing working relationship with net-abuse and a timely response to complaints things usually go much more smoothly.
The folks at spews are agressive no question (I happen to be blacklisted currently through zero fault of my own, netblock block). And some of the folks reporting (not spews admins) can describe things with a bi
Why do n't the big players come together and come up with a better protocol instead of people trying these elaborate schemes?
Have a period where you have a parallel system going and then have a cut off time where SMTP servers die.
All it will take is the top ISP's in each country and large corporations to stop accepting SMTP mail and you'ill be sure that everyone else will then fall inline.
your forgetting the 'last mile' so to speak. in other words, the actual email clients and end user's computers. not to mention countless hardware and embedded devices programmed to send email via smtp
Why not? Is n't there a time where we envisage the whole 'net will be IPv6? And thats every machine, not just servers. Eventually IPv4 will die so I dont see how SMTP deing would be a big deal.
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
Just like gopher with http? You can also add a plethora of validation ontop of SMTP. SMTP, as a protocol, isn't bad. It's possible to add validation, to only accept from SMTP servers that use some sort of valid key.
Then you get to keep SMTP, and slowly migrate servers. Setup a non-profit organization for distributing SMTP authentication keys that are unique to the mail server (think SSL) and if the mail comes from that server is spam, you just block that servers key. If the server doesn't have a key, put it into a validation list or send backa response saying they need to use a mail server that supports signed-SMTP.
Easy solution, not a complete overhaul of SMTP. The problem comes in with who signs the certificates, because then you have to trust the source that delivers them. Like Verisign, et al.
I know a local business that was hurt badly because the subnet that their ip addresses belonged to was added to a blackhole list. They only bought a few ip addresses and there happened to be a spammer on the same subnet. They never participated in sending spam and were never told that their ip address was blocked. Many of their emails simply did not arrive at their destinations, for no clear reason. They write and sell network security products, intended to help detect and identify hackers or even spammers looking for open relays so that they can be investigated and possibly prosecuted. This was a case where anti-spam technology hurt the near opposite of the kind of people it was meant to. I don't think they ever succeeded in getting their addresses removed from the list. All the time that went by before they knew they were on the blackhole list nearly led them to bankrupty.
I find it hard to believe that there was no indication that they were being blocked. In my experience, most ISPs that use blacklists are more than happy to send bounces proclaiming quite clearly in no uncertain terms why the mail is being blocked. To simply drop the message in/dev/null without a bounce would do nothing to stop the flow of spam, as all email would appear to have gone through without trouble. ie: it was received, therefore keep spamming.
I've turned down some attractive deals with large, key providers for *years* precisely because they blatantly tolerated spammers.
As far as I'm concerned, if the netblock in question was blacklisted with the RBLS that are taken more seriously, it was precisely because the provider didn't take any sort of action to contain or prevent spamming. And if you sign up with a provider like that, well, don't come crying to me when you're affected, too.
All the time that went by before they knew they were on
1. If you purchase IP's (actually "lease") in this day and age, you better damned well check them first... SPEWS and most of the other DNSRBL's will let you do so easily.
2. The idea of listing all or part of a class of IP's is intended to pressure the provider to change their habits of hosting/supporting spammers. Your case is a good example of why they would want to do so.
When spammer friendly ISP's stop allowing spammers to jump from IP to IP within their netblock, and start being a bit responsive to
I had made some assumptions on the "didn't know" part. I know it plagued them for months. They have probably 4-5 employees, if you include the owner and his wife.
There are many problems with using RBLs to block connections. A very good description can be found here [whirlycott.com]: I've found SpamAssassin a fairly good, rather than block messages from RBLs it analysis message content, adds points to messages in RBLs and checks known Spam databases such as Razor and Pyzor. Rules matches are given a score, and messages with a total aggregate score are tagged in the message headers, allowing users to filter these if they want to. A main advantage of this method is that no single rule can flag a message as spam, hence legitimate mail sourcing from the badly configured mail relay has a chance of getting through, and in my mind it's probably a particularly bad idea to block any email unless it's actually addressed to you.
Yeah, lots of drivel at that link, but it misses the point. Completely.
Don't get me wrong, I use spamassasin too, and it does work, but it also doesn't solve the problem. If an ISP harbors spammers, they have ZERO incentive to stop. None. Nada.
Spews RBL on the other hand INTENDS to be used to block mail outright. It will even block legit mail, again by intent. The idea is to piss off an ISP's legit customers who should be going back to their ISP and DEMAND that they get spammers off their network. If an I
Here's an article talking about the details of implementing a network level spam defense with Qmail
Or, you could just use Postfix, which:
is almost entirely compatible with sendmail. It's pretty much drop-in-and-go.
adheres to RFCs(and there's a warning for any configuration option which would violate said RFCs)
has builtin anti-spam tools- you can turn on, individually, any of a dozen-plus different checks, such as making sure the claimed hostname in the HELO matches the IP the connection is coming from(you can do this several ways), or that the claimed hostname matches the mail-from user@hostname(ie, if you're coming from spammer.com, you're not gonna be able to claim to be joe@yahoo.com), etc. It's also one builtin command to check an RBL.
has a really sharp cookie of an author(the guy wrote tcpwrapper), who isn't widely regarded as an obnoxious twit
is completely free
Personally, I refuse to use any software written by DJB as a matter of principle. The guy flagrantly ignores RFCs because he simply feels like it and arrogantly thinks he knows better(and further that there is benefit to ignoring said RFCs).
I'm the first in line to point out that DJB has an ego the size of a larger continent, and has one of the most severe lack of personal skills I've ever had the displeasure to witness.
I've also dropped enough of my pride to look past that, and see that he has written some astoundingly fine code.
You can argue about his personal skills, egomania, and other deficiencies all you like but you just can't argue with the fact that qmail works, and works awfully well.
Why don't you try changing a single line of QMail source code and distributing your changes? Except you can't -- DJB explicitly prevents it. He's got a number of other weird clauses in there as well.
You clearly have a very different idea of free than most people. Thank goodness for Postfix!
You clearly have a very different idea of free than most people.
Unfortunately no, he shares the same idea of "free" that most people have: no immediate monetary cost to them.
The other day I got modded down as flamebait for pointing out that Opera isn't Free Software, and a reply similar to this one, angrily stating that yes it's free, you just have to view ad banners.
qmail is completely free and folks that claim it isn't are just trolls.
Qmail is NOT FREE. Last I looked it was distributed without a license; now apparently it has a license, but one with oddball restrictions. If you don't believe me, do a google search with the keywords "qmail debian legal" and spend 30 minutes or so going through the various discussions.
qmail is free, but the license is not GPL or on the list of licenses approved by the outfit that approves free licenses (OSI?).
You can download it without monetary exchange,
install it where you like, modify it, etc.
You cannot modify the source and distribute it. You can
distribute the unmodified source tarball with patches
that modify it, like an SRPM. You can distribute binary versions as long as the files are the same
as would be created by installing from an unmodified source tarball.
You're aware that rejecting mail based on HELO violates RFC 1123?
...which is why a)it's not turned on by default and b)the docs(including the docs in the config file) warn you as to such. The docs are very specific about WHICH of the checks violate the RFCs and which don't.
What RFCs does qmail not comply with?
Based on a very quick google search(so thus some of this might be outdated or simply wrong), pipelining, for one. RFC-2821 for another. RFC 2821 and RFC 1123 for two more.
I googled and followed a thread, don't know if it's the one you are referring to, where Matti Aarnio (Zmailer author) says
Arnt Gulbrandsen wrote:
> Uhm. If so, that would necessitate speedy reconfiguration of my
> boxes... so I tested it too, and qmail appears to handle pipelining
> okay. I verified with tcpdump that the dozen-odd RCPT TO commands in
Yes, I agree. Without knowledge of the qmail source, I have no
RFC-2821 for another. RFC 2821 and RFC 1123 for two mor
I run an SMTP server off my comcast cable connection... I've pretty much been learning as I go. Five weeks ago I began as a total novice, not knowing what an open relay was I spent 5 days with no authentication and as a result I was kind enough to forward some 22k messages offering investment advice.
As I've learned a little more about the process... I've found ORDB and MAPS to be pretty useful and successful when it comes to blocking open relays.
AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against.
There must be scope for a simple "Setting up your own mail server" FAQ.
5. Acceptable Use Policy; Prohibited Uses of the Service.
b. Prohibited Uses of the Service: Use of the Comcast Equipment or the Service for transmission or storage of any information, data or material in violation of any federal, state or local law or regulation is prohibited. In addition, unless you are subject to a Service plan that expressly permits otherwise, the Service is to be used, and you expressly agree to use it, solely in a private residence, living quarters in a hotel, hospital, dormitory, sor
"for any business enterprise"
This is purely home use... only me an my wife using it for email. I'm within the bounds of my contract.
As for the other comments, I was expecting some, I openly admit that I threw the box up with little or no understanding of the technology.
AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against.
AOL certainly aren't the only ones. I do it. And I'll tell you why: Exactly because of people like you.
For ever *legitimate* email message that comes from a dial-up IP address, I (honestly) get 10,000 + that are spam.
As long as there are (a) Distribution-installed MTA's that are open relays by default,
"For ever[y] *legitimate* email message that comes from a dial-up IP address, I (honestly) get 10,000 + that are spam."
I'm quite sure that this is true... however I feel that the "people like you" comment is a little unfair. I would have thought that the more people that go through the process that I have over the last few weeks the better.
I now understand a LOT more about SMTP, I understand a lot more about spam and I undestand a lot more about the tools that exist on the internet to help me combat the
ORDB offers such a service, actually -- they run quite a variety of tests against servers to see if they fall for any of a number of forms of relaying tricks. I, thankfully, fell into the opposite hole -- I couldn't relay from anywhere when I set up qmail, so I had to go back and figure out how to enable relaying for localhost and the local network.;-) I ran the ORDB test set against my server once I thought it was up, and again a month or so ago when I had a scare which *looked* as if someone had sent a
however I feel that the "people like you" comment is a little unfair.
A little perhaps, and it's great that you're no longer causing a problem, but the fact remains that for a brief period of time, you were part of the problem. Spam came through your server. There are many others like you - good intentioned, but making an honest mistake once, quite by accident, and then fixing the problem and never doing it again - and these people collectively make up a very significant source of spam. That's why AOL b
I would have thought that the more people that go through the process that I have over the last few weeks the better.
I'm not trying to be mean. Really. But that's not better. What's better is when more people search out and read the docs before they whip out the compiler and become part of the problem. It's really a great thing that you understand more about SMTP, but you could have gone about it in a much better way.
I don't think that the "people like you" was unfair. Harsh, but not unfair. I am g
I wrote a tiny little perl script that tails the maillog and firewalls (kinda teergrubes really) hosts who get a "554 Service Unavailable" more than 3 times.
I'm not coder, so it doesn't expire entries... I'm looking for someone to help make this work even better. I love the thought of causing spammers pain - and this could do that.
I have been using SPAMCop [spamcop.com] for the past 5
months at my work. I am also using QMAIL [qmail.org] as
my mail server and it took me about 10 minutes to get it hooked into the Spam
Cop Database. The best part it is free and it it blocks about %80 of SPAM that
gets delivered - I will just have to live with the other %20. Has anyone heard
of other Spam IP Databases that are available for public use?
it blocks about %80 of SPAM that gets delivered - I will just have to live with the other %20.
FYI, you don't have to just live with the rest. I use Spamcop's RBL, AND I also use BogoFilter. Or, you could use SpamAssassin or many other filters on your server.
My BogoFilter setup correctly marks about 98% of the spam IT SEES, with NO false positives. (This is NOT counting whatever gets rejected by the RBL.)
Be aware that SpamCop.com is not the same as SpamCop.net [spamcop.net] - I'm not sure who SpamCop.com is, but having worked in the abuse department at an ISP, as well as having been a paying subscriber for a couple of years now, I can say that SpamCop.net is absolutely wonderful. They're best known for automating spam reporting - you paste in your message with full headers, and they figure out where it came from and prepare an e-mail to be sent to the administrators of those networks. Upon your approval, the complaints
Anyone who thinks SpamCop is useful has never run a real web or email service.
We get about 3-4 SpamCop complaints a week forwarded by our hosting provider; many of them are for email our customers didn't even originate (and I mean in the colloquial, not technical sense), but just because one of their URLs is in some third-party spam and someone clicked the "Spam" button SpamCop figures that it's a spam-vert.
The other category of SpamCop reports is people who think SpamCop is their universal unsubscribe to
This is definitely a legitimate problem. The reason SpamCop sends reports based on URLs is, most spam includes a URL, and it may be the only link to the actual spammer (if the spam was sent through an open proxy, for example). So it is valuable to report these.
Of course, before the report is sent, SpamCop displays a list of each URL it found and th e-mail addresses that would be appropriate to send a complaint to; some are checked by default and some may not be. It's up to the user to double-check these
1. Default to no on the "this spam is spam-vertising the following URLs" though admittedly this may be rare; since our clients don't spam I only see false positives on spamverts.
2. Use some kind of collaborative filter - SpamCop must have enough users so that instead of acting on single reports, only escalate complaints if the same email is complained about by 20+ users.
I was just on the phone today witb AOLs postmaster team regarding our whitelist status, and the guy told me that only
I use SpamPal [spampal.org] with the Bayesian filter [i-r.co.uk] as my client-side spam filter on Win2K. It works well enough but I'm always looking to improve things, so this article gave me the impetus to see if SpamPal could be made to use Trustic's DNSBL in addition to its preconfigured lists. The answer, at least for SpamPal Beta 1.295 [spampal.org], is yes--using the "Extra DNSBL Definitions" section of the Options dialog. Here are the steps I used to add Trustic to the DNSBLs used by SpamPal:
Unless you have some way to identify dynamically assigned IP addresses, IP banning hits innocent parties too often.
Every time Joe Sixpack, running Windows XP Home Edition on a DSL line, gets a virus that spams, the next few people to get a lease on that IP address have mail blocked.
That specific example won't normally happen -- you have to repeatedly be the source of spam and do nothing about it to get on most RBLs. When you do get on it, it's more likely to be your entire ISP than just a single reassigned IP (because the ISP was a spamhaus).
HOWEVER, I dislike RBLs for the same reason you do, and I like Bayesian filtering because it prevents that problem. The problem is that the better filtering is at getting spam without killing valid use, the slower it gets. Bayesian filtering is r
If only it were so. It happens to me about once every two months, when somebody using SBC DSL sends out spam and I get their IP address later. There are a a few ISPs that set temporary IP blocks within their own network, and these persist for a day or so. I then get mail bounces for a few people I really need to reach, which is a pain.
Is but an attitude shift away. All you have to do is follow Hotmail's idea of an exclusive address list. Nothing comes through for any individual user except what's from addresses in that user's personal address list. Keep the filtering feature on the client side, so all the mail server does is essentially route mail traffic, like any router should. Keep the processing load on the client. If the users want an email from a certain source, they're going to have to add the address in manually. A little unique
That is a typical MS stupid solution! I e-mail Web sites for info about particular things. This idea cannot work for websites and those who use e-mail to develope ideas and share ideas. It is a typically Microsoft bone headed idea. The only way to eliminate spam and keep the net usefull is to knock the ISPs that make money from spammers off the net. It is very obvious that those that make bulk mailings from a single original source like spammers are easy to trace, because they are not legit businesses. And
I don't think email by invitation is a MS only idea, and there are ways to implement it for guest/anon/and unregistered people by using a turing test for one time email access. (this would not eliminate spam, but taking a 20 second turing test to send an unsolicited email would make it much less pratical to send 10 million emails/day)
Yes I see what you mean. It is something that could work. The problem with MS broadband zombies however is a different matter and could easily be addressed by changing the default behaviours of MS mail and core interfaces to block all non native scripts and exes. The average granny (like an Aunt of mine ) thinks that by simply running Norton AV she cannot be a target. So far I have deflected all sorts of crap coming from her. She just likes to be able to forward things to everyone with the click of a mouse.
I am the CTO at a company that provides hosted internet services, including email. We send around 3m pieces of email a week to our customers (opt-in only) lists. Speaking from the legitimate provider's viewpoint, I have a couple of observations:
1. RBL's don't work - community RBL's are used by relatively few mail systems out there; perhaps 1% of email addresses at most have RBL filtering on them at server or personal level, and the audience of any one RBL is just too small for it to have any value. Yes, using an RBL may stop *you* from receiving (some) spam, and in the short term that's all you care about, but it doesn't stop spam from being of value to the spammer. Just like the drug war, we will only win by making it unporfitable to send spam.
The biggest impact we see from RBL's is fielding individual "false-positive" complaints; we don't allow customers to send spam, so we get very few, but there's always the occasional idiot who signs up for a list and forgets, and who is too proud to click on the unsubscribe link.
What matters for delivery of my cleints' legit mailing lists, and what also a spammer cares about for delivering his spam, is delivery to the big guys - AOL, Yahoo, Hotmail, Earthlink, etc. If you're trying to email Joe Public, those guys have 50%+ of the market. Any successful spammer will have his energies focused on end-running their filters and will give a fig if RBL'ed.
2. IP-based filtering for consumer connections *does* work - ISP's and universities need to block port 25 outbound from consumer connections and desktops / 802.11 respectively. Spammers need a network connection; cut off their main source. This would stop not only transient spammers, but those who hack cable modem users.
AOL's efforts here on behalf of their users are commendable, but blocking these IP's *at source* where the blocker is making an informed decision and has the data to keep the filters accurate, is the way to go; a grassroots effort to inform ISPs about the benefits of this would be valuable.
This would leave spammers who are using business-class connections (where the ISP thus delegates the responsibility to run mail servers) which are much, much fewer in number and thus much easier to police.
Before anyone who runs their own SMTP server on tehir home Linux box cries foul, I should point out thay I do to, and I just have sendmail push everything through my ISP's SMTP relay. Big deal.
3. Money - money is they key to this. Make it uneconomic to spam, and the problem goes away.
I have one solution which I think wouls work well; like RBL's or source-end IP filtering, it suffers from the problem that it requires a large critical mass, so I think legal is the best route: I am speaking in terms of the USA, but this would work in other countries.
- anyone sending (pick a number, say 50k) pieces of email a month or more must register with the national email registry - this will cost $10k per year (this kind of price is essential to keep the spammers out, and it covers the cost of operating it). ISPs and email distributors are required both by law and defacto to sign up to be in business, and to them it's a modest cost.
- the registry will maintain an anti-spam policy and audit registrants against their track record of enforcing it; policy would need to include things like each email having clear unsubscribe info, info on where the address came from, etc.
- there will be a national "do-not-send-opt-out-mailings" list against which email marketers must clean lists which they buy; many countries have had this kind of list for phone and snail mail for quite some time, e.g. UK
- ISPs can then use the registry as a whitelist, and simply block every other IP address. Any business / individual too small to need to register can just forward their email via their upstream provider, who is then on the hook to manage their email behaviour.
Yes, it takes away some freedom to operate ones own email service, but equally I don't ru
Spam is not just about sending unwanted email from rogue servers. Even if the Internet email system consisted of a 100% controlled network that excluded spammers' systems, there would be a serious spam problem. Why? More and more spam is sent from systems infected by viruses and trojans, and as other avenues get closed, this most promising one will be used to the maximum. Let me race down the technology curve and predict some of the wonderful things that will happen in the war on spam:
- the majority of spam will originate from 'infected PCs'. - some smart person will cause email to be charged, and millions of innocent users will get incredible invoices for email they 'never sent' - as the number of infected PCs being remotely controlled by spammers increases, the volume sent from each PC will go random and low enough to be effectively undetectable. - spammers will start modifying real email to attach their own messages. - spammers will start modifying URLs in real email to point to their own websites. - spammers will find ways to infect MSIE to do the same thing. - anti-spam software will start to resemble anti-virus software, as spammers and virus writers hook-up into an organized (criminal) network. - anti-spam software will be the main thing targetted by new viruses.
and all this time, 80% of PC users will remain blisfully unaware that their PCs are sending shiploads of spam around the world.
The basic problem is that the (Windows) PC is simply too complex, too connected, and too vulnerable to use as a secure communications device.
There is an answer somewhere... but I don't believe it lies in technological solutions, nor does it lie in making email paid, nor does it lie in attacking the servers and networks used to send spam. It is rather to understand that simplicity and transparency is the key to security. In the case of PCs, this means arriving at a OS/application combination that is immune to trojans and viruses, not thanks to the latest anti-virus scanners, but thanks to an inherently uncrackable design.
My favorite solution is still TMDA [tmda.net], a free challenge-response auto-whitelist and complex filtering system for Linux. I realize you anti-challenege / response people won't hit the "R" key for me, but I consider that a useful filter...
What the hell does IPv6 have to do with spam?
Well it makes it much harder to scan for servers that are vulnerable, either for hijacking or open smtp services.
Im currently pushing all the spam SpamAssassin finds to my Trustic account with procmail, to register my negative recommendations.
IMHO, automatic reporting is a bad idea. SpamAssassin isn't perfect and might flag legitimate mail as spam. It happens rarely, but it does happen. If you submit manually, you'll (hopefully) notice this, but automatic submission will report the IP of an innocent party as untrusted...
Interesting that you comment on 218/8. APnic has assigned several largish blocks from this net as peering nets, which aren't meant to be advertised onto the net at large. Several other slices are assigned to china.
Definitely one to blackhole, as much of it shouldn't even appear on the net at large due to RIR policy
hostile IP's (Score:5, Funny)
and thereafter all packets from said IP's are market with the Evil Bit.
Re:hostile IP's (Score:5, Funny)
Wow! (Score:5, Funny)
I love qmail. (Score:5, Informative)
Make sure you follow the relay-ctrl section very close. You could be a source of spam if you do it wrong!
Sounds neat, but PGP'ed network sounds better. (Score:4, Interesting)
Have a computer certified by another individual and create a public/private key for that computer. Do this step to create a network of ID's for the servers.
Now, have admins "Sign" a certain public text that allows servers to trust other servers.
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Of course, mail servers and clients would have to have different trust relationships ala ssh.
For them mail geeks: would this be feasible? I could see CPU load go rocket...
Re:Sounds neat, but PGP'ed network sounds better. (Score:5, Insightful)
Just curious, how is this different from a blacklist? It sounds like the same concept, just different technology.
Re:Sounds neat, but PGP'ed network sounds better. (Score:2)
Just curious, how is this different from a blacklist?
Blacklists are maintained by an authority, hence a hierarchial system. Web of trust (which this is based upon) can have a hierarchial system mapped on to it, but each user can act as its own blacklist/whitelist and share those properties either as a full weight or partial weight.
Essentially acts as the same thing...but not quite.
Re:Sounds neat, but PGP'ed network sounds better. (Score:2, Insightful)
Re:Sounds neat, but PGP'ed network sounds better. (Score:5, Insightful)
Well, at least that would give some techies back their jobs, although I'm not too sure they would like their new job...
Regards,
--
*Art
Re:Sounds neat, but PGP'ed network sounds better. (Score:2)
The idea would be that you could assign a special trust setting to either agencies or other admins that specifies that you trust them to make certain trust decisions for you (or, at least, that they'll weigh in on a trust decision).
The generating and spreading is not all that bad, and there is working art already (PGP keyservers).
Re:Sounds neat, but PGP'ed network sounds better. (Score:2)
talk about pulling a solution out've your ass, gotta love slashdot
Hurrah for blacklists (Score:5, Insightful)
now all we need to ask is how long till this "community" service that they provide will take before they start charging $ for querying it just like every other blacklist, making blocking spam a privilidge for the rich (i believe MAPS is over a 1000$ a year)
Re:Hurrah for blacklists (Score:5, Informative)
It would be better if ISPs participated in services like the ORDB [sordb.org], SORBS [sorbs.net] and Monkeys [monkeys.com] that have simple network testable criteria for listing open relays. Spews [spews.org], Spamhaus [spamhaus.org], and DSBL [dsbl.org] have reputable lists of usernames and addresses that send spam. If ISPs and admins would participate in projects like these, the spam problem would be greatly reduced. And it seems that these projects are mostly run by admins who are interested in blocking spam, not selling a service.
By the way, MAPS [mail-abuse.org] is currently free for individual use [mail-abuse.org] (look at the bottom of the page).
Distrustful of Network Level Censorship (Score:3, Insightful)
Your spam may be my correspondence -- I may want to get mail from those whose conduct you find abhorrent. Today, a network may responsibly be censoring only unwanted and unsolicited commercial e-mail. Next week, the powers-that-be-in-the-networks start censoring geek news.
To protect our liberties, spam control should be decentralized -- as close to the last mile as possible. Yes, of course, this means that the supposed great harm of spam -- huge volume transmissions through the network -- will not be interdicted closer to the source. In my view, an effective end-point spam model is as likely to reduce volume as a network centered model: the idea is to reduce the INCENTIVE to spam -- that will reduce the volume.
Centralized technical measures simply invite the spam wars to continue, provide centralized points of failure, will not diminish spam, and will assure that powers-that-be have ample new abilities to censor speech.
Re:Distrustful of Network Level Censorship (Score:4, Insightful)
It is. I'm the one deciding whether or not to use this service.
Re:Distrustful of Network Level Censorship (Score:5, Insightful)
server side email filtering is BAD, BAD, BAD!
what if the US Post Office started throwing out your clearing house sweepstakes and credit card applications before you ever got them? problem is theres two kinds of people in the world.. those that say alright no more junk mail, and those that ask, how do you do that without getting a false positive once in a while?
Re:Distrustful of Network Level Censorship (Score:3, Insightful)
Re:Distrustful of Network Level Censorship (Score:3, Interesting)
unless you know for a fact that your not subscribed to any mailing lists so anything coming in bulk most definately isn't for you, then sure use the server's insight to filter those messages - but seriously there aren't many who fi
Re:Distrustful of Network Level Censorship (Score:2, Insightful)
You're describing a naive, trust-or-don't approach to the "evil bit" suggested, which is stupid. All a system like the bulk marker would do is add more information to use to improve an existing filtering system, with baysian analysis, whitelisting, etc.
Clearly, there are many people willing to risk false positives to filter out the crap, so why shouldn't a system which helps them at no risk to those who don't filter be implemented?
As someone pointed out... if this is voluntary, why should anyone upset abo
Re:Distrustful of Network Level Censorship (Score:3, Interesting)
if your going to get a false positive why filter?
as the hate for spam rises more people are saying fuck the false positive rate - which is a HUGE mistake.
why should I care of somebody is filtering THEIR email? because if im sending them a message, that is MY message.. if they don't see it then suddenly I have no voice.
spam is a real problem and filtering is not the solution.
Re:Distrustful of Network Level Censorship (Score:4, Insightful)
My spam folder gets several hundred messages each day. It is _impossible_ for me to read every one of them to determine if it is really spam. I glance over the subject lines and read the occasional borderline one, but I _guarantee_ you that I am already getting false positives. If I dropped spamassassin and allowed the spam into my other folders I would get even more false positives as I impatiently deleted every other message as obvious spam.
Re:Distrustful of Network Level Censorship (Score:2)
I'm not worried about myself or most people who know a few things being bothered by spam. Personally I dont get but a couple a week because I know how to prevent from getting it in the first place.
the problem is the public, ie family, friends, _customers_ who I want to communicate to via email. when my message shows up in the possible spam box instead of the inbox,
Re:Distrustful of Network Level Censorship (Score:2)
So far the new address has gotten a single spam message, which I traced back to sender who got infected with a virus.
I'm not sayi
Re:Distrustful of Network Level Censorship (Score:2, Insightful)
spam is a real problem and filtering is not the solution.
And what is a real solution? If you say legislation, I'll just laugh.
if your[sic] going to get a false positive why filter?
What do you recommend for people who's time is too costly to read everything at the insanely high noise/signal ration? Stop using email? You talk about false positives like they happen all the time... do you have any idea how low the false positive rate is for a good filtering system? You might as well say that no-one
Re:Distrustful of Network Level Censorship (Score:2)
mail not reaching its destination is a lot different than taking a letter and throwing it away, or worse.. having a machine throw it away for you. btw, do you how often mail gets lost? its pretty damn rare, which brings me to my next point. theres a reason the us post office has a good reputation, its because when you send something, it goes where you sent it. would you have that assurance if devices were becomi
Re:Distrustful of Network Level Censorship (Score:5, Interesting)
If you want to receive the junk, don't use one of those services, but I fail to see how someone else choosing -to- is a problem.
Your analogy is flawed. I have a choice to use AOL|Hotmail|MSN|spamassasin|etc and I pay for the connection to download, view, respond and delete my email (not to mention the time it takes out of my day). I don't have a choice whether or not to use the USPO and it takes FAR less of my time to sort out my real mail than it does email.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO analogy and would be throwing an utter FIT. But it isn't possible (is that a web page or a webmail, is that IMAP, is that secure IMAP, is that POP3, is that email tunnelled over SSH
Until there is legislation with -teeth- and a way for the little guy to prosecute you are not going to see many people agree with you about server side filtering.
Re:Distrustful of Network Level Censorship (Score:2)
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO
exactly, its not possible.. but thats not stopping more and more companies from trying. and more and more people are starting to not get all their email, spam is bad but when I can't send my parents an email because they are on aol (or msn, or hotmail,
Re:Distrustful of Network Level Censorship (Score:2, Insightful)
As far as I care, anything sent to "Resident" can go straight into the trash can.
Re:Distrustful of Network Level Censorship (Score:4, Insightful)
Spam control with RBLs is, in fact, decentralized. There are many RBLs to choose from, and any that are too severe will not be used for long if they generate too many false positives. As a system admin, I have my choice. I use 4 RBLs right now:
(this is a mirror of the Spamhaus Block List [spamhaus.org]) Well known spam operations, and is checked hourly.
(details at OsiruSoft [osirusoft.com]) This list is of DHCP IP addresses of home users (DSL, cable, dial up).
(extensive details [njabl.org] of what's on this list)
I maintain this one myself for anything I want all my servers, primary and backup MX, to block
Re:Distrustful of Network Level Censorship (Score:3, Interesting)
Thats why I would recommend SpamAssassin [spamassassin.org]. All spamassassin does is label the mail with a "spam level" it is then up to each individual user to filter out the spam at the user level, not at the server level.
A much better method for letting your 'correspondence' get through while other users spam doesn't.
Re:Distrustful of Network Level Censorship (Score:5, Interesting)
> to get mail from those whose conduct you find
> abhorrent.
You _want_ to receive mail from the bastards that are forging my domain in their penis-enlargement ads and fake PayPal confirmation requests?
> Today, a network may responsibly be censoring
> only unwanted and unsolicited commercial e-mail.
> Next week, the powers-that-be-in-the-networks
> start censoring geek news.
I'm the only power that is on my network.
> To protect our liberties, spam control should be
> decentralized -- as close to the last mile as
> possible.
Can't get any closer to the last mile then right here in my office.
> Yes, of course, this means that the supposed
> great harm of spam -- huge volume transmissions
> through the network
"Supposed"? More than half my email is spam. And that's on a shared dialup.
Re:Distrustful of Network Level Censorship (Score:2)
My thoughts. [phroggy.com]
Re:Distrustful of Network Level Censorship (Score:2)
Your spam may be my correspondence
But not mine. People who want anonymous and spam-like email should invent their own protocol, opt-in, and find a way to pay for the network bandwidth used by it. Maybe you can pay extra for email forwarding to an address with "spamMe" embedded in your user-name. The rest of us (probably 99% of all email users) should get the stuff filtered as close to the senders as possible to help unclog network traffic.
Re:Distrustful of Network Level Censorship (Score:2)
I have manually blacklisted MANY companies, netblocks, and even entire countries (china and korea come to mind) for bad behavior of various types. My bounce message is usually a little more informat
my spam defense: (Score:5, Funny)
Right here. [sigarms.com]
Re:my spam defense: (Score:2, Funny)
JK
See : we have very restrictive hand gun control , but a minor can buy a shotgun/rifle if it is for "hunting" purposes . They never said hunting what....
Re:my spam defense: (Score:2)
I know that canadians do alot of farming, and are allowed to buy explosives to blow up stumps on their property,
So what you do is you fill up the back of the pinto in the garage (that you didn't know what to do with anyway) with explosives, and buy a long fuse.
Then you drive it over to this guy's house [freep.com] and park it in the driveway.
Then light the fuse and walk away.
Not as straightforward as a rifle, but you don't have to aim.
Great (Score:5, Interesting)
Another blacklist (with an appeals process). Run by a guy that made his millons selling eGroups to Yahoo!.
Dunno, this doesn't look too promising.
Here's my question. (Score:4, Insightful)
I manage paid-for e-mail e-zines which I mail using PHP and sendmail (read:forged headers until I'm big enough to run my own server).
Wouldn't most server-layer anti-spam measures catch my very suspicious HTML e-zines, even if paid for?
That depends upon their methodology. (Score:3, Informative)
Your forged headers are noted and factored in when determining whether you are spam or not. But by themselves they are not sufficient to mark you as spam.
Your e-zine will tend to have the same format and similar content from issue to issue. The Bayesian filter can detect this and let it through.
I'm running this setup at work for our offices and it works very well. The only real problems we've had is monster.com's resumes. But even that seems to be working now.
Re:Here's my question. (Score:3, Informative)
Spam Arrest (Score:2)
Re:Spam Arrest (Score:2)
There are many reasons why confirmation style whitelisting systems suck and are not workable in the REAL world that I could tell you about, but I find it much more entertaining watching people use such stupid systems, crow about how great they are, and then end up abandoning them a few months down the road when they figure it
Must be a member to appeal? (Score:2, Interesting)
Not too impressed (Score:4, Informative)
A fair number of the spams I submitted came from servers that had already been voted on as TRUSTED by other users. In other words, my credability went down by reporting them as spammers.
http://www.trustic.com/ip/219.94.114.6 for example and I've got a fair number of others. Folks are either polluting the space intentionally or being very very sloppy in reporting trusted servers.
Groups like spews have a very nice evidence file, and it gets reviewed by a person. I've generally been impressed with the real community blacklist sites.
Technically the site works great and is super fast. But wouldn't follow the O'Reilly recommendation and pick it as my primary blacklist just yet (even through the guy doing the site worked with the author of the article to make changes.)
My two cents.
Re:Spews (Score:3, Informative)
Re:Spews (Score:2, Interesting)
If an ISP ignores / cans complaints they can get the runaround trying to get off. Once an ISP's abuse dept has developed and ongoing working relationship with net-abuse and a timely response to complaints things usually go much more smoothly.
The folks at spews are agressive no question (I happen to be blacklisted currently through zero fault of my own, netblock block). And some of the folks reporting (not spews admins) can describe things with a bi
Just junk SMTP? (Score:5, Funny)
Have a period where you have a parallel system going and then have a cut off time where SMTP servers die.
All it will take is the top ISP's in each country and large corporations to stop accepting SMTP mail and you'ill be sure that everyone else will then fall inline.
Or am I just being too radical?
Re:Just junk SMTP? (Score:2)
Re:Just junk SMTP? Not Possible (Score:3, Insightful)
Re:Just junk SMTP? Not Possible (Score:5, Interesting)
Just like gopher with http? You can also add a plethora of validation ontop of SMTP. SMTP, as a protocol, isn't bad. It's possible to add validation, to only accept from SMTP servers that use some sort of valid key.
Then you get to keep SMTP, and slowly migrate servers. Setup a non-profit organization for distributing SMTP authentication keys that are unique to the mail server (think SSL) and if the mail comes from that server is spam, you just block that servers key. If the server doesn't have a key, put it into a validation list or send backa response saying they need to use a mail server that supports signed-SMTP.
Easy solution, not a complete overhaul of SMTP. The problem comes in with who signs the certificates, because then you have to trust the source that delivers them. Like Verisign, et al.
Just like /.! (Score:2, Funny)
IP banning (Score:5, Interesting)
Re:IP banning (Score:2, Insightful)
Spammers and the ISPs who facilitate them need to
Re:IP banning (Score:3, Informative)
As far as I'm concerned, if the netblock in question was blacklisted with the RBLS that are taken more seriously, it was precisely because the provider didn't take any sort of action to contain or prevent spamming. And if you sign up with a provider like that, well, don't come crying to me when you're affected, too.
All the time that went by before they knew they were on
Re:IP banning (Score:3, Insightful)
2. The idea of listing all or part of a class of IP's is intended to pressure the provider to change their habits of hosting/supporting spammers. Your case is a good example of why they would want to do so.
When spammer friendly ISP's stop allowing spammers to jump from IP to IP within their netblock, and start being a bit responsive to
Re:IP banning (Score:2)
Relying on RBLs (Score:5, Informative)
I've found SpamAssassin a fairly good, rather than block messages from RBLs it analysis message content, adds points to messages in RBLs and checks known Spam databases such as Razor and Pyzor. Rules matches are given a score, and messages with a total aggregate score are tagged in the message headers, allowing users to filter these if they want to.
A main advantage of this method is that no single rule can flag a message as spam, hence legitimate mail sourcing from the badly configured mail relay has a chance of getting through, and in my mind it's probably a particularly bad idea to block any email unless it's actually addressed to you.
Re:Relying on RBLs (Score:2)
Don't get me wrong, I use spamassasin too, and it does work, but it also doesn't solve the problem. If an ISP harbors spammers, they have ZERO incentive to stop. None. Nada.
Spews RBL on the other hand INTENDS to be used to block mail outright. It will even block legit mail, again by intent. The idea is to piss off an ISP's legit customers who should be going back to their ISP and DEMAND that they get spammers off their network. If an I
Or you could use a better mailer... (Score:5, Informative)
Or, you could just use Postfix, which:
Personally, I refuse to use any software written by DJB as a matter of principle. The guy flagrantly ignores RFCs because he simply feels like it and arrogantly thinks he knows better(and further that there is benefit to ignoring said RFCs).
Re:Or you could use a better mailer... (Score:2)
I'm the first in line to point out that DJB has an ego the size of a larger continent, and has one of the most severe lack of personal skills I've ever had the displeasure to witness.
I've also dropped enough of my pride to look past that, and see that he has written some astoundingly fine code.
You can argue about his personal skills, egomania, and other deficiencies all you like but you just can't argue with the fact that qmail works, and works awfully well.
Re:Mod down (-1) Flamebait (Score:2)
Why don't you try changing a single line of QMail source code and distributing your changes? Except you can't -- DJB explicitly prevents it. He's got a number of other weird clauses in there as well.
You clearly have a very different idea of free than most people. Thank goodness for Postfix!
Re:Mod down (-1) Flamebait (Score:2)
Unfortunately no, he shares the same idea of "free" that most people have: no immediate monetary cost to them.
The other day I got modded down as flamebait for pointing out that Opera isn't Free Software, and a reply similar to this one, angrily stating that yes it's free, you just have to view ad banners.
Qmail is NOT FREE (Score:5, Insightful)
Qmail is NOT FREE. Last I looked it was distributed without a license; now apparently it has a license, but one with oddball restrictions. If you don't believe me, do a google search with the keywords "qmail debian legal" and spend 30 minutes or so going through the various discussions.
Re:Qmail is NOT FREE (Score:2, Insightful)
You can download it without monetary exchange, install it where you like, modify it, etc.
You cannot modify the source and distribute it. You can distribute the unmodified source tarball with patches that modify it, like an SRPM. You can distribute binary versions as long as the files are the same as would be created by installing from an unmodified source tarball.
RFC violations (Score:2, Informative)
...which is why a)it's not turned on by default and b)the docs(including the docs in the config file) warn you as to such. The docs are very specific about WHICH of the checks violate the RFCs and which don't.
What RFCs does qmail not comply with?
Based on a very quick google search(so thus some of this might be outdated or simply wrong), pipelining, for one. RFC-2821 for another. RFC 2821 and RFC 1123 for two more.
The difference is
Re:RFC violations (Score:2, Insightful)
I googled and followed a thread, don't know if it's the one you are referring to, where Matti Aarnio (Zmailer author) says
RFC-2821 for another. RFC 2821 and RFC 1123 for two mor
Re:RFC violations (Score:3, Insightful)
No, it does not. In fact, you don't even need a HELO with qmail.
Also, take a look at djbdns some time- it violates RFC's left and right.
Which ones and how?
Blackists (Score:3, Interesting)
Read Your TOS. (Score:3, Informative)
b. Prohibited Uses of the Service: Use of the Comcast Equipment or the Service for transmission or storage of any information, data or material in violation of any federal, state or local law or regulation is prohibited. In addition, unless you are subject to a Service plan that expressly permits otherwise, the Service is to be used, and you expressly agree to use it, solely in a private residence, living quarters in a hotel, hospital, dormitory, sor
Re:Read Your TOS. (Score:2, Interesting)
Re:Blackists (Score:2)
AOL certainly aren't the only ones. I do it. And I'll tell you why: Exactly because of people like you.
For ever *legitimate* email message that comes from a dial-up IP address, I (honestly) get 10,000 + that are spam.
As long as there are (a) Distribution-installed MTA's that are open relays by default,
Re:Blackists (Score:2, Interesting)
Re:Blackists (Score:2, Informative)
Re:Blackists (Score:3, Informative)
A little perhaps, and it's great that you're no longer causing a problem, but the fact remains that for a brief period of time, you were part of the problem. Spam came through your server. There are many others like you - good intentioned, but making an honest mistake once, quite by accident, and then fixing the problem and never doing it again - and these people collectively make up a very significant source of spam. That's why AOL b
Re:Blackists (Score:2)
I'm not trying to be mean. Really. But that's not better. What's better is when more people search out and read the docs before they whip out the compiler and become part of the problem. It's really a great thing that you understand more about SMTP, but you could have gone about it in a much better way.
I don't think that the "people like you" was unfair. Harsh, but not unfair. I am g
When Spam Attacks! (Score:2)
RBL's and Firewalling (Score:2, Interesting)
I'm not coder, so it doesn't expire entries... I'm looking for someone to help make this work even better. I love the thought of causing spammers pain - and this could do that.
You can get the script from my webpage at http://www.jasonjordan.com.au [jasonjordan.com.au]
Other choice than Trustic - SPAMCOP (Score:2, Informative)
I have been using SPAMCop [spamcop.com] for the past 5 months at my work. I am also using QMAIL [qmail.org] as my mail server and it took me about 10 minutes to get it hooked into the Spam Cop Database. The best part it is free and it it blocks about %80 of SPAM that gets delivered - I will just have to live with the other %20. Has anyone heard of other Spam IP Databases that are available for public use?
Re:Other choice than Trustic - SPAMCOP (Score:2)
FYI, you don't have to just live with the rest. I use Spamcop's RBL, AND I also use BogoFilter. Or, you could use SpamAssassin or many other filters on your server.
My BogoFilter setup correctly marks about 98% of the spam IT SEES, with NO false positives. (This is NOT counting whatever gets rejected by the RBL.)
WARNING: Not the same SpamCop (Score:3, Informative)
No, just overzealous idealists (Score:2)
We get about 3-4 SpamCop complaints a week forwarded by our hosting provider; many of them are for email our customers didn't even originate (and I mean in the colloquial, not technical sense), but just because one of their URLs is in some third-party spam and someone clicked the "Spam" button SpamCop figures that it's a spam-vert.
The other category of SpamCop reports is people who think SpamCop is their universal unsubscribe to
Re:No, just overzealous idealists (Score:2)
Of course, before the report is sent, SpamCop displays a list of each URL it found and th e-mail addresses that would be appropriate to send a complaint to; some are checked by default and some may not be. It's up to the user to double-check these
Re:No, just overzealous idealists (Score:2)
1. Default to no on the "this spam is spam-vertising the following URLs" though admittedly this may be rare; since our clients don't spam I only see false positives on spamverts.
2. Use some kind of collaborative filter - SpamCop must have enough users so that instead of acting on single reports, only escalate complaints if the same email is complained about by 20+ users.
I was just on the phone today witb AOLs postmaster team regarding our whitelist status, and the guy told me that only
A cheap and simple solution for a SPAM defense. (Score:2)
Dolemite
_____________________
Using Trustic with SpamPal (Score:2, Informative)
IP banning is bad (Score:5, Insightful)
There's got to be a better way.
Re:IP banning is bad (Score:3, Insightful)
HOWEVER, I dislike RBLs for the same reason you do, and I like Bayesian filtering because it prevents that problem. The problem is that the better filtering is at getting spam without killing valid use, the slower it gets. Bayesian filtering is r
Re:IP banning is bad (Score:3, Informative)
If only it were so. It happens to me about once every two months, when somebody using SBC DSL sends out spam and I get their IP address later. There are a a few ISPs that set temporary IP blocks within their own network, and these persist for a day or so. I then get mail bounces for a few people I really need to reach, which is a pain.
A spam free world... (Score:2, Insightful)
Re: For A spam free world..Dump Windows first. (Score:2)
Re: For A spam free world..Dump Windows first. (Score:2)
Still For A spam free world..Dump Windows first. (Score:2)
No, it's a numbers and money game (Score:3, Insightful)
1. RBL's don't work - community RBL's are used by relatively few mail systems out there; perhaps 1% of email addresses at most have RBL filtering on them at server or personal level, and the audience of any one RBL is just too small for it to have any value. Yes, using an RBL may stop *you* from receiving (some) spam, and in the short term that's all you care about, but it doesn't stop spam from being of value to the spammer. Just like the drug war, we will only win by making it unporfitable to send spam.
The biggest impact we see from RBL's is fielding individual "false-positive" complaints; we don't allow customers to send spam, so we get very few, but there's always the occasional idiot who signs up for a list and forgets, and who is too proud to click on the unsubscribe link.
What matters for delivery of my cleints' legit mailing lists, and what also a spammer cares about for delivering his spam, is delivery to the big guys - AOL, Yahoo, Hotmail, Earthlink, etc. If you're trying to email Joe Public, those guys have 50%+ of the market. Any successful spammer will have his energies focused on end-running their filters and will give a fig if RBL'ed.
2. IP-based filtering for consumer connections *does* work - ISP's and universities need to block port 25 outbound from consumer connections and desktops / 802.11 respectively. Spammers need a network connection; cut off their main source. This would stop not only transient spammers, but those who hack cable modem users.
AOL's efforts here on behalf of their users are commendable, but blocking these IP's *at source* where the blocker is making an informed decision and has the data to keep the filters accurate, is the way to go; a grassroots effort to inform ISPs about the benefits of this would be valuable.
This would leave spammers who are using business-class connections (where the ISP thus delegates the responsibility to run mail servers) which are much, much fewer in number and thus much easier to police.
Before anyone who runs their own SMTP server on tehir home Linux box cries foul, I should point out thay I do to, and I just have sendmail push everything through my ISP's SMTP relay. Big deal.
3. Money - money is they key to this. Make it uneconomic to spam, and the problem goes away.
I have one solution which I think wouls work well; like RBL's or source-end IP filtering, it suffers from the problem that it requires a large critical mass, so I think legal is the best route: I am speaking in terms of the USA, but this would work in other countries.
- anyone sending (pick a number, say 50k) pieces of email a month or more must register with the national email registry - this will cost $10k per year (this kind of price is essential to keep the spammers out, and it covers the cost of operating it). ISPs and email distributors are required both by law and defacto to sign up to be in business, and to them it's a modest cost.
- the registry will maintain an anti-spam policy and audit registrants against their track record of enforcing it; policy would need to include things like each email having clear unsubscribe info, info on where the address came from, etc.
- there will be a national "do-not-send-opt-out-mailings" list against which email marketers must clean lists which they buy; many countries have had this kind of list for phone and snail mail for quite some time, e.g. UK
- ISPs can then use the registry as a whitelist, and simply block every other IP address. Any business / individual too small to need to register can just forward their email via their upstream provider, who is then on the hook to manage their email behaviour.
Yes, it takes away some freedom to operate ones own email service, but equally I don't ru
OS flaws make technical solutions difficult (Score:3, Insightful)
Let me race down the technology curve and predict some of the wonderful things that will happen in the war on spam:
- the majority of spam will originate from 'infected PCs'.
- some smart person will cause email to be charged, and millions of innocent users will get incredible invoices for email they 'never sent'
- as the number of infected PCs being remotely controlled by spammers increases, the volume sent from each PC will go random and low enough to be effectively undetectable.
- spammers will start modifying real email to attach their own messages.
- spammers will start modifying URLs in real email to point to their own websites.
- spammers will find ways to infect MSIE to do the same thing.
- anti-spam software will start to resemble anti-virus software, as spammers and virus writers hook-up into an organized (criminal) network.
- anti-spam software will be the main thing targetted by new viruses.
and all this time, 80% of PC users will remain blisfully unaware that their PCs are sending shiploads of spam around the world.
The basic problem is that the (Windows) PC is simply too complex, too connected, and too vulnerable to use as a secure communications device.
There is an answer somewhere... but I don't believe it lies in technological solutions, nor does it lie in making email paid, nor does it lie in attacking the servers and networks used to send spam. It is rather to understand that simplicity and transparency is the key to security. In the case of PCs, this means arriving at a OS/application combination that is immune to trojans and viruses, not thanks to the latest anti-virus scanners, but thanks to an inherently uncrackable design.
TMDA (Score:3, Informative)
Re:Just like always... (Score:5, Funny)
Or at least that is my interpretation of how IPv6 would affect spam.
Re:Just like always... (Score:2, Insightful)
Well it makes it much harder to scan for servers that are vulnerable, either for hijacking or open smtp services.
Automatic Reporting (Score:2, Informative)
IMHO, automatic reporting is a bad idea. SpamAssassin isn't perfect and might flag legitimate mail as spam. It happens rarely, but it does happen. If you submit manually, you'll (hopefully) notice this, but automatic submission will report the IP of an innocent party as untrusted...
Re:That ain't working, that's the way you do it .. (Score:2)
Definitely one to blackhole, as much of it shouldn't even appear on the net at large due to RIR policy