Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Spam United States

FTC vs. Open Relays, round 2 255

Posted by michael from the drop-in-the-bucket dept.
mbrain writes "PC World is reporting on a new federal program run by the FTC to close relays and proxies that serve as spam gateways. It's called 'Operation Secure Your Server'. The FTC will publicize this program by... sending tens of thousands of emails." I think it's a continuation of this program.
This discussion has been archived. No new comments can be posted.

FTC vs. Open Relays, round 2 More

FTC vs. Open Relays, round 2

Comments Filter:

  • How many can they find? (Score:5, Interesting)

    by digitalvengeance ( 722523 ) * on Saturday January 31, 2004 @12:18AM (#8141920)
    I have to wonder how many owners they will be able to successfully contact. It has been a long time since I've actually seen a WHOIS record listing a valid email address. Plus, popular registration services like Dotster [dotster.com] now offer email masking as a standard part of domain registration.

    I think this is mostly due to the trend of spammers attempting to "steal" domain registrations by doing thousands of WHOIS searches and contacting domain owners.

    • Why not postmaster@[offending IP ADDRESS] (or a nslookup of that IP address) or simular role accounts. Also, the registars do have their contact information. I doubt if most registars would not honor a FTC "request" (if they know what's good for them). ISPs would stand in line to give up contact information for Open Relays on their network, as they are a network problem.
    • I host a domain name which has been rumpled for the past 3 years. I developed a script to detect open relays and block them. This list is currently 25,000+ entries in my fire wall. They don't need to send out emails, just ask for a list of open relays from host providers. Just a basic website with a frontend to a database storage would suffice. This would allow host providers to input lists of open relays which can be verified by automated scripts.

    • They may 'just' be the FTC, but they are still feds. They can tracert the relays and contact the upstream to find out who's paying.

  • Oh man (Score:4, Funny)

    by Sarojin ( 446404 ) on Saturday January 31, 2004 @12:19AM (#8141925)
    What I'd give to get that list

  • I foresee some problems with this... (Score:5, Interesting)

    by bc90021 ( 43730 ) * <bc90021 AT bc90021 DOT net> on Saturday January 31, 2004 @12:19AM (#8141927) Homepage
    People who have open relays (in most instances) are either too stressed or too ignorant to understand what that means, and getting a letter from the FTC won't change that (in most instances.)

    The FTC can only suggest that the relays be closed. Until they have some form of enforcement, there is nothing preventing those with open relays from ignoring the emails (assuming this is the rare situation where the above does not apply).

    This doesn't take into account that some of those relays may be there on purpose, as in ISPs possibly colluding with, and also possibly profiting from, spam.

    • Re:I foresee some problems with this... (Score:5, Insightful)

      by koreth ( 409849 ) * on Saturday January 31, 2004 @12:26AM (#8141975)
      I disagree, depending on how the letter is presented. Getting a "your server is attracting the attention of our investigators" letter from a federal agency is probably enough to spur a lot of stressed, ignorant people into hiring someone who's able to tell them what it all means and/or fix it.

      Not everyone, of course -- I agree that some relays are open on purpose, and some people will disregard any official notice short of a search warrant delivered by a squad of riot cops. But I think this can't hurt.

    • There is nothing to prevent me from operating an open relay, intentionally or accidentally. There is nothing to stop you from blocking mail from my relay, by using a trustworthy, and hopefully accurate RBL.
      We need a new, or better, or replacement for, the current protocols.
      The whole internet experience is being ruined by the barrage of SPAM, adware, spyware, popups. Why the heck should we have to deal with this?
      A brand new (Windows) computer is polluted all to hell within an hour of connecting to the net. T

    • Re:I foresee some problems with this... (Score:4, Interesting)

      by dev11 ( 635413 ) on Saturday January 31, 2004 @12:46AM (#8142084)
      This doesn't take into account that some of those relays may be there on purpose, as in ISPs possibly colluding with, and also possibly profiting from, spam.

      Just a minor nit. There probably still are ISP's that profit from so called pink contracts, but I don't see a spammer purposely running an open relay. Spammers are more interested in finding open relays and servers than running them. Operating an open relay serves no purpose to a spammer, and would likely draw attention. One of the reasons (aside from free bandwidth) of using an open relay is to hide your identity.

    • getting a letter from the FTC (Score:5, Insightful)

      by frovingslosh ( 582462 ) on Saturday January 31, 2004 @01:25AM (#8142255)
      and getting a letter from the FTC won't change that (in most instances.)

      Actually, if I got a letter from the FTC I might well look into what it said. But if I got an email supposedly from the FTC, I would likely just ignore it without even opening it (after forwarding a copy to uce@ftc.gov).

  • Shouldn't the FCC be handling this? (Score:2, Interesting)

    by Anonymous Coward
    Should the U.S. government be "handling" it at all?
    • No branch of the U.S. Government has the power to actually stop spam, but just like the FDA puts out nice public relations campaigns about what we should be eating, the FTC puts out campaigns about what businesses should be doing. The FTC can't exactly stop open e-mail relays, but they can label that as a bad idea.

  • Oxymoronic (Score:4, Insightful)

    by qw(name) ( 718245 ) on Saturday January 31, 2004 @12:21AM (#8141938) Journal

    Stop SPAM by sending thousands of emails? That's funny. ;-)

    • Re:Oxymoronic (Score:5, Funny)

      by secolactico ( 519805 ) on Saturday January 31, 2004 @12:42AM (#8142057) Journal
      Stop SPAM by sending thousands of emails? That's funny. ;-)

      How did that joke go? "Fighting for peace is like fscking for virginity"?

      • Re:Oxymoronic (Score:3, Insightful)

        by Grayraven ( 95321 )
        No, I believe the quote is "Fighting for peace is like fucking for virginity."

      • Re:Oxymoronic (Score:5, Funny)

        by prockcore ( 543967 ) on Saturday January 31, 2004 @02:25AM (#8142474)
        How did that joke go? "Fighting for peace is like fscking for virginity"?

        I'm sure a lot of virgins run filesystem checks.

      • Re:Oxymoronic (Score:3, Interesting)

        by RedSynapse ( 90206 )
        Ok I'm going to give up my mod points to nit pick.

        Fighting for peace is a PARADOX not an oxymoron.

        PARADOX: a : a statement that is seemingly contradictory or opposed to common sense and yet is perhaps true.

        Sometimes you really do have to fight to achieve peace. Sometimes you have to kill to save lives. For example, it's posssible that by dropping atomic bombs on Hiroshima and Nagasaki that more lives were saved overall because the Japanese were forced to caputulate immedately instead of fight a long dr

        • Re:Oxymoronic (Score:3, Insightful)

          by lonesome phreak ( 142354 )
          Actually, the Japanese would have surrendered before that happen had we agreed to allow them to keep their emperor in the "deity" status. We refused, they refused.

        • Paradoxically Oxymoronic (Score:2, Funny)

          by Anonymous Coward
          This sentence is a lie.

          Sometimes you really do have to fight to achieve peace.

          Never. Surrender is always an option, even if it means suicide. It might not be a good option, but it's there.

          Fucking for virginity is an oxymoron because fucking will never achieve virginity

          Nonsense, your parents fuck and about 9 months later you are born a virgin. fucking -> virginity.

    • Stop SPAM by sending thousands of emails? That's funny. ;-)

      Well yes, but since the FTC is using IPs they have identified as being open relays, it's really no different to the script that many of people (myself included) are running to shut down IIS on a Code Red/Nimda server along with a pop-up message.

      If, on the other hand, the FTC were sending emails to tens of thousands of mail servers simply because they were there... that's another thing.

      (disclaimer: Yes I do see the funny side of it - it's wor

  • hmmm (Score:2, Funny)

    by crazycrazy ( 730886 )
    If they send the mail to the address of an open mail server, they will be sending most of them to the hackers that have taken over the machines, won't they?
  • What happend about the EFF exec that keep losing his internet connection because he insisted that he be allowed to run an open relay?
  • Because there's so many viruses, worms and scams that spoof other email addresses, including the scam that claimed to be about the Patriot Act [slashdot.org], recipients might think it's a virus, a worm or a scam. I still think fake relays [slashdot.org] would be a good spam deterent vs trying to close all the open relays.

  • Create liability (Score:3, Insightful)

    by www.sorehands.com ( 142825 ) on Saturday January 31, 2004 @12:33AM (#8142007) Homepage
    If the people who leave open servers open are on the hook to be sued, they will wise up very quickly.
    • Nah.. people who run open relays do it because they don't know or haven't gotten around to fixing it. The threat of getting sued won't be any more of a deterrent than having their machines swamped by spammers.

  • Well it could be worse ... (Score:5, Funny)

    by SuperDuG ( 134989 ) <<kt.celce> <ta> <eb>> on Saturday January 31, 2004 @12:35AM (#8142020) Homepage Journal
    I remember when I was a kid ... My dad had an operation similar to this ... it was code named. "Close the damned door, we ain't air conditioning the whole damned neighborhood." That program was affective, dont see why this one won't be. They couldn't come up with a better name, I mean isn't the whole point of government projects to confuse people as to what the the intent of the program is while tying in some patriotic theme. Perhaps I might offer a bit of suggestion. "Operation Cage the Free Eagle" See, you got no idea what it really means, but it says Operation and includes "FREE and EAGLE", it must be good.

  • Problem... (Score:4, Interesting)

    by The Master Control P ( 655590 ) <ejkeever@nerdshacFREEBSDk.com minus bsd> on Saturday January 31, 2004 @12:38AM (#8142036)
    Once all/most/many of the relays that they can use without *overtly* breaking the law close up, spammers will simply turn to *overtly* breaking the law, as in creating zombie networks. And as soon as those poorly maintained computers are cleaned up, they will simply use the same virus/worm/exploit to 0wn more poorly maintained computers (These computers will coincedently tend to be crawling with malware already).

    Though any such move would doubtlessly be controversial, I suggest writing a "white hat" virus what would:

    1) Check if a machine was unpatched/0wned (Probably meaning "it could infect it in the first place")
    2) Once loading itself, download and run anti-spyware/-adware/-spamware/-malware applications to clean up the computer
    3) Contact and infect other hosts, but NOT at such a rate as to bring down networks.

    I omitted suggesting that it download the latest patches, because (as is oft pointed out) one reason many people and organizations DON'T download the latest patches for Windows is that they often break other things.

    Although, again, this would be extremely controversial, I am suprised at never having seen it suggested before.
    • If Norton Anti Virus is able to block SMTP traffic when it is not running (errr... yes this is true, if NAV doesn't run the traffic is blocked, if it runs it is scanned), then the white-hat virus could block the SMTP traffic too.
      • That might be a good idea in *most* cases, but unfortunately, I don't think that a virus could both be small enough not to clog a network and complex enough to discriminate between valid/spam SMTP traffic with acceptable reliability (Which businesses often define as 100%).

    • Re:Problem... (Score:3, Insightful)

      by zcat_NZ ( 267672 )
      I omitted suggesting that it download the latest patches, because (as is oft pointed out) one reason many people and organizations DON'T download the latest patches for Windows is that they often break other things.

      Cleaning up the computer and closing off exposed services is just as likely to break things as downloading the latest patches is. And it doesn't teach the admin anything. The best solution for fixing the problem involves the admin learning about security.

      Leave the machine alone, and hope the a
      • Or trash the machine; don't just make it unbootable, completely wipe it clean.

        You don't need to trash a machine to make it unusable by spammers and DDoS kiddies. Just knock it off the net. Maybe disable and patch the network drivers with something that merely looks like a virus. The less clueful admin's will eventually learn that running anti-virus software is the only easy way to fix their machines and get them back on the net.

    • Re:Problem... (Score:4, Informative)

      by Caveman Og ( 653107 ) on Saturday January 31, 2004 @02:59AM (#8142570) Homepage Journal
      Once all/most/many of the relays that they can use without *overtly* breaking the law close up, spammers will simply turn to *overtly* breaking the law, as in creating zombie networks. And as soon as those poorly maintained computers are cleaned up, they will simply use the same virus/worm/exploit to 0wn more poorly maintained computers (These computers will coincedently tend to be crawling with malware already).
      You're behind the curve. Spammers have actually already run out of machines they can use without *overtly* breaking the law, and starting about TWO YEARS ago, began exploiting security vulnerabilitys and employing professional virus-writers in Russia and the Ukraine.

      There have now been four or five generations of proxy-trojan backdoor worms, with features such as randomized port listening, making them next to impossible to detect until the spam begins.

      Several dozen "zombie networks" already exist, along with hijacked netblocks of companies which went under during the "dot-bomb" in 2001.

      In fact, there are places on the web where you can buy lists of exploited machines. As someone who investigates spam for a living, it's been nearly two years since I've seen spam through an open relay mailserver. Almost everything now comes from infected home PCs on cable or DSL lines.

      Though any such move would doubtlessly be controversial, I suggest writing a "white hat" virus what would:
      This "white-hat" in particular disagrees with your use of the word "controversial" and suggests you substitute "liable to land one in prison for 10 years". Recommendations of "hacking the hackers" and "spamming the spammers" are sophmorish, unprofessional, and when implemented, tend to attract the attention of law enforcement onto your ass rather like sticking a lightning rod up it.

      Happily, spammers still don't know how to write a proper SMTP client. Most spamware only approximates a real SMTP transaction (usually well enough to work). Without going into detail (for obvious reasons), this can be detected.

      See the Composite Block List [abuseat.org] as an example of the practical application of passive detection of spammer malware.

      Here's a hint for those running their own mailservers: Spamware tends to time out very quickly. Add a short delay before your MTA presents an SMTP banner (oh, 30 seconds is fine). Most spamware will start behaving as if you don't even exist. The SMTP RFCs say clients should wait for the initial banner for five minutes before timing out .

      4.5.3.2 Timeouts

      Initial 220 Message: 5 minutes

      An SMTP client process needs to distinguish between a failed TCP connection and a delay in receiving the initial 220 greeting message. Many SMTP servers accept a TCP connection but delay delivery of the 220 message until their system load permits more mail to be processed

      There are a few places which set their timeouts ridiculously short, like Yahoo, and UUNet, and if you do a lot of business with them you'll need to whitelist. Otherwise, go to town.

      --Og

    • The Nachi worm [symantec.com] and Code Green [theregister.co.uk] were attempts to fix Blaster and Code Red. They caused more damage than they fixed - especially Nachi which is still flooding everyone with ICMP echo requests. I am also surprised that you have never seen it suggested before - hint use Google

      Closing open relays is a great first step and I hope this program has some effect.

      If spammers are driven to using trojaned home computers to send their junk then there will be much more pressure bought to bear on ISPs to do port 25 egre
    • Once all/most/many of the relays that they can use without *overtly* breaking the law close up, spammers will simply turn to *overtly* breaking the law, as in creating zombie networks. And as soon as those poorly maintained computers are cleaned up, they will simply use the same virus/worm/exploit to 0wn more poorly maintained computers (These computers will coincedently tend to be crawling with malware already).

      Though any such move would doubtlessly be controversial, I suggest writing a "white hat" vir

  • open relays today, licensed email tomorrow? (Score:4, Interesting)

    by twitter ( 104583 ) on Saturday January 31, 2004 @01:08AM (#8142183) Homepage Journal
    Can someone tell me the difference between an internet with open relays and one of peer machines where everyone is free to run mail transport agents. ? If my open MTA records your IP address, don't I know who hijacked me to spam? Isn't that the same as being spammed in the first place? Is this just another step towards an internet of legaly privileged "servers" broadcasting emsil and the rest of us "clients" soaking up whatever Corporate America decides we should? What's the practical benifit of cracking down on open relays when the world is full of hijacked Windoze boxes on cable modems that are serving kiddie porn while blasting us all with DDoS and spam attacks?

    • Is this just another step towards an internet of legaly privileged "servers" broadcasting emsil and the rest of us "clients" soaking up whatever Corporate America decides we should?

      Yes.

      KFG
    • Can someone tell me the difference between an internet with open relays and one of peer machines where everyone is free to run mail transport agents.

      Traceability. If you use your own host to send spam, the recipient of the spam is more likely to be able to trace the spam back to you and complain to your provider (assuming you care). If you use somebody else's misconfigured server, the recipient of your spam may only be able to see that it came from some open relay belonging to an unknown third party.
      • You call for two "very simple" solutions: The problem of hijacked home computers can be reasonably solved through the use of firewalls (hardware and/or software), virus scanners, mal-ware checkers, etc.

        This has been done and it is not working. Significant design flaws in Microsoft's OS continue to defeat band-aids like this as the myDumb worm proves. Insuficient control of execution by the continued use of filename extentions and insuficient privilidge seperation make continued explotation a reality. E

  • Good news for ISPs (Score:5, Interesting)

    by Spazmania ( 174582 ) on Saturday January 31, 2004 @01:15AM (#8142207) Homepage
    As a sysadmin at an ISP, this is good news for me. Getting customers to close their open relays has always been a hassle. "We really need you to take care of this; its against our terms of service" is often followed by "Well, maybe we'll just find another ISP."

    "We expect you to take care of this; you're operating in violation of Federal Trade Commission policy" has a much nicer ring to it. One less likely to generate argument.
    • Yes, even if it's a toothless government standard, it's a government agency's name that can be dropped. Maybe this project should have a clever-sounding acronym so ISPs can say "It's a violation of the FTC's SPAM-SEAL standards... no ISP in their right mind will tolerate you if you don't change your settings."

    • Every other ISP out there firewalls port 25, so they have to use your relay. If you have customers who need port 25 (but really you should have them relay on the other port through their other ISP then... I forget what, something in the 500 range) run a login script for them that turns this off in the firewall (not easy to do right, but you can do it).

      Ideally your mail relay would log the email address of whoever was loged in (the one they signed up for, even if they use a different one), but that sound

      • Every other ISP out there firewalls port 25

        Yeah, that's nice in theory but the thing is I'm not serving $30/mo cable modem customers, I'm serving business customers whose payments start around $200/mo. Business customers expect business grade service which includes the ability to run their own servers.
    • If they are violating your terms of service, maybe they should find another ISP??? Are individual elements of your policy weighted differently? Whats the point?
      • What's the point?

        The point is to stay in business when the majority of our competitors have gone bankrupt. It is true that once in a while you get a customer who costs you more than he pays and its just better for him to go away. The rest of the time a company that wants to stay in business actually has to provide a little thing called Customer Service -- that means pleasantly working with all the fools who get hacked or get viruses, not just locking them out of the system.

  • protocol (Score:2, Interesting)

    by Sase ( 311326 )
    I'm wondering. Was there talk about changing the SMTP protocol a while back? I know it would a major overhaul, something along the lines of revamping IPv4 to IPv6 (well, not that major..)

    This flys right around there with 'taxing every email' which would be an interesting debate indeed.

    I've noticed that a bunch of mail servers out there are now doing creative mail filtering, making sure that the mx record corresponds to the actual relay that the mail is coming through. But not everyone has smtp auth over p

  • Open Relays (Score:2, Insightful)

    by Fenis-Wolf ( 239374 )
    I'm not sure this is a great idea. On one hand, I really want open relays shut down so that people stop blantently misusing them. On the other, I know some companies I've done work with, use open relays completely legitimately, and I don't believe that the open relays are the big problem anymore. I think that most spam comes from
    A) Over-seas servers in countries that have abudant bandwidth and few laws governing their usage (ie India)
    B) Hijacked machines here in the good ol' US of A that have become

    • Re:Open Relays (Score:3, Informative)

      by Junta ( 36770 )
      Actually, I can't think of a single good reason for anyone to have a fully open relay on a mail server. I can see relays for IP networks, I can understand authenticated relay, but what possible justification is there for a fully open relay these days? Even ISPs restrict SMTP servers for their IP subnets. If you need to support road warrior configurations, give those users a username and password and tell them how to configure SMTP with TLS and authentication. The most flexible mail server I have right n
  • Will this do anything about the zombie problem?
  • Of course, the reason that they can send all this spam^H^H^H^H important advisory information is the CAN-SPAM act itself. Their "advice" may be mass mailed and unsolicited, but it sure isn't commercial, so breaks no laws - I wonder if they even put an appropriate label in their subject lines (maybe GOV: rather than ADV: ?) even though they don't need to.

  • What about the DEVELOPERS? (Score:4, Insightful)

    by Grym ( 725290 ) on Saturday January 31, 2004 @01:38AM (#8142308)
    What boggles my mind is how hostile people get towards end users of fairly complicated Mail hosting programs. Personally, I've had to deal with the people at ordb.org, and let me tell you, they're a bunch of jackasses about the whole thing. If you had a chance to read their old FAQ (they've since changed it), you could tell that whoever wrote it was getting off on forcing people to change their server settings as he saw fit. So, while I'm getting barked at by customers who's "e-mail won't work," I've got to sit through childish comments about how I suck as an admin. The whole thing really pissed me off.

    I understand that many of you uber-users expect that every admin should know all the ins and outs of every server/program, but I'm afraid that's just not possible sometimes. Our Wireless ISP consisted of 3 technically-capable people. Between setting up people's connections, repairing relay sites (using both proprietary and OTS equipment), setting up servers, setting up routing, technical support, providing network content shaping, hosting/designing websites, setting up policy enforcement, documenting it all, securing the network, AND providing e-mail to boot, there's just not enough time to do everything and get it right the first time. BESIDES, what's so wrong about expecting things to work when you do a regular install?

    Since when has default == basically broke?

    -Grym

  • E-mail needs to be "closed" (Score:3, Interesting)

    by LostCluster ( 625375 ) * on Saturday January 31, 2004 @01:47AM (#8142347)
    The Internet's greatest strength is also its greatest weakness. At a technical level, everything with an IP address is a peer to all other devices with IP addresses... no special license is needed to make somebody a server. When it comes to e-mail, the same SMTP protocol that your favorite e-mail program uses to reach your outgoing mail server is the same SMTP that server is going to use to relay the message to the next server. You don't need anything special if you want to set up a mail server for your organization... but that also means nothing prevents a virus-infected PC from being an e-mail relay that starts spewing Spam on behalf of the virus writer.

    Any "secure" system needs a "root of trust", someone or something that is a trustworthy party from which all other relationships can be traced back to. Most things on the Internet don't have a central authority, and that's by design to prevent censorship. However, e-mail is one thing that we want censorship for... we want abusers of the system thrown out.

    However, to reliably kick out abusers, there needs to be a central authority. In short, there needs to be some sort of approval body for e-mail servers to prove that they're trustworthy operators, so that any e-mail that passes through them is sure to not be spam, with reprocussions for the server operators who do let spam through their system. In short, a closed system, where membership for servers is by approval, and therefore those who operate e-mail services have to enforce limits on their customers.

    Unfortunately, that's so incompatable with the e-mail system we have today... any dreams of creating a No-Spam-Allowed e-mail system can go sit between IPv6 and the Devorak keyboard design in the pile of ideas that look good on the drawing board but will never be put into widespread use.

    • Re:E-mail needs to be "closed" (Score:5, Informative)

      by bigberk ( 547360 ) <bigberk@users.pc9.org> on Saturday January 31, 2004 @02:24AM (#8142470)

      NO. A central authority-based communications system is not going to accomplish much... it will, however, put the power of communications in the hands of few companies (probably monopolies)... it will let them charge fees... and it will ruin the versatility, adaptability, and reliability that we have because there is a great diversity of small hosts handling all their own email.

      You want to stop spam? Grab spamprobe [sourceforge.net] or something and watch your spam disappear. You want a more efficient and scalable solution for a big organization? Install DCC [rhyolite.com] and be done with spam for your whole site. Seriously, spam is no longer a problem because both user-side and server-side tools with near perfect accuracy exist. If you're seeing spam, it's because your ISP isn't taking advantage of the filtering solutions that are available.

      I'm not talking out of my ass... I've been keeping a close eye on mail and spam issues for the past decade. Spam is dead, so if spam still bothers you force your ISP to employ modern filtering. My university did, and the flood of spam dropped from 100/day to 0 in my account (they're using DCC). At home I employ spamprobe and again I see next to 0 spam.

      • Unfortunately, unless the world of geekdom pulls it together and figures out a way to stop this spam problem on its own, guess what, a centralized controlled network is what your going to get. We've been able to tweak Spam Assassin to catch about 98% of spam comming to our server and then we use Mac Mail's Junk filter for the rest and the number of spam we get is extremely low. Usually one or two get past all that a day, but I used to get at least 150 spams a day. Now we error on the side of caution and

    • Sounds Great! (Score:3, Insightful)

      by twitter ( 104583 )
      Go ahead, make that secure messaging system, just make it a new service and leave normal email alone. It will quickly be abused by the people who own it and will suffer from single point of failure a centeral authority requires.

      In short, there's nothing but practical issues keeping you from doing this right now. If you can overcome those issues, more power to you. If you want to keep me from running a mail server with well configured free software, go away.

  • Does anyone recall that MS Exchange patch... (Score:3, Interesting)

    by myowntrueself ( 607117 ) on Saturday January 31, 2004 @01:47AM (#8142348)
    the one that when you apply the security update, it turns your server into an open relay?

    IIRC, even if you went to the trouble to ensure that it was *not* an open relay, the patch would change the settings and, voila, open relay.

  • China (Score:2, Interesting)

    by certsoft ( 442059 )
    I noticed the conspicuous absence of China in their list of countries participating.
  • This is a very dangerous thing they are trying to do. Basically it boils down to the gov't telling people how they need to have their servers configured. Granted open relays are a bad thing, but having some gov't body tell someone running a private server that they have to change how their system is setup? No thanks. I'd rather have open relays.

  • We already know, and admins already know (Score:3, Informative)

    by bigberk ( 547360 ) <bigberk@users.pc9.org> on Saturday January 31, 2004 @02:15AM (#8142443)
    There are several projects out there that are detecting and blocking open relays [ordb.org] (quite effective... I have used this and similar blocklists [dsbl.org] on my mail server). FTC wouldn't be doing anything groundbreaking, except more formally contacting the owners. Not that mail server admins don't notice when millions of sites start bouncing their mail because they're listed on such places as ordb and dsbl! After all, that is part of the effect of blocklists... puts pressure on people who run improper mail servers.
  • For those not literate enough to read the linked story (yet apparently compulsively posting here) let me quote the second sentence(emphasis mine):
    The FTC and 36 other government agencies from 26 countries have launched Operation Secure Your Server.
    All of those who have already posted inane comments about the US's FTC not having extra-territorial jurisdiction, and the fools who moderated them up, are now asked to read the original article out loud to themselves and in the future refrain from posting until they're sure they're not making public asses of themselves.

  • I get the open mail relay stuff.. obviously spammers can abuse those to hide their tracks and avoid IP address filters & spam lists.

    But, they say that spammers use open proxies too. Sure, you don't want to leave your proxy open for various reasons.. But, I didn't think spam was one of them. It's not like they're spamming through some webmail service or something. And, with the way the document is worded, mixing the MTA & proxy issues, it makes the doc less clear.

  • Reminds me of British police (Score:3, Funny)

    by serutan ( 259622 ) <snoopdoug@RABBIT ... minus herbivore> on Saturday January 31, 2004 @03:38AM (#8142678) Homepage
    in the days when they didn't carry guns.

    Stop, or I'll yell, "Stop" again!
    • Reminds me of British police in the days when they didn't carry guns. Stop, or I'll yell, "Stop" again!
      The huge majority of British police still don't carry guns, and don't wish to. They're probably right. After all, contrast the USA and the UK; in the USA 230 policemen died in the line of duty in 2001, compared to about 70 in Britain in the last 30 years. No wonder 79% of British police are opposed to routinely going armed.

    • This isn't TV. Few real cops ever draw their gun in the line of duty. "Stop or I'll shoot" is for the movies, when a real officer shoots it is more than just a criminal running away, it is a criminal who has proven to be too dangerious to let run. Every cop I know tells me that if you run they will let you go. (With all the body armor and equipment they wear there is very little chance the cop can catch you). Much easer to get on the radio and get help, and/or make sure that when you are caught yo

  • One of the solutions to malaria is to breed trillions of sterile mosquitoes, and release them into the wild. The chances of a fertile mosquito mating with another fertile mosquito is therefore very small, and the population is virtually wiped out - but for a few weeks, you have an insufferable amount of mosquitoes.

    Maybe sending out masses of junk email is the cure for spam. The chances of someone replying to a *genuine* spam is therefore reduced, so the spammers might stop trying.
  • It's not *servers* where I'm getting spam from -- it's mainly 0wn3d home PCs that are sending them now. If you look at the Received: headers of the vast majority of the spam, you'll find your MTA got it from a system on a residential cable, DSL or dialup connection.

    I've been adding SpamAssassin rules to score heavily against email from *.client.comcast.net (one of the worst offenders, so I've called the rule RECEIVED_FROM_SPAMCAST), and score against anything received from with .dsl. or .adsl. or .dialup.

  • FTC misses the point (Score:3, Interesting)

    by swb ( 14022 ) on Saturday January 31, 2004 @11:01AM (#8143629)
    Open relays, while enabling spamming, aren't the real problem. The real problem is the total unwillingness of the FTC to crack down on email based crime. Almost all spam is pretty much openly fraudulent -- either the products don't work, you don't get a product, or you're not supposed to get the product in the first place.

    Why hasn't the government initiated a crackdown on the crime WITHIN the spam? Why is their such a willingness to accept that but be mad that someone is spamming about it? I sometimes wonder if most Americans (and I'm one as well) don't have some kind of built-in huckster or a total absence of ethics that they don't have a problem with the fact people are committing fraud.

    If the government would bother following the money trail over some spam transactions, they'd not only get a much better idea what's "behind" spam (my theory is a fairly small number of people are responsible for a lot of it), as well as catch the same people comitting the same fraud, over and over, which becomes a possible RICO prosecution -- lots of jail time for anyone even tangentally involved. Which might actually do more to end spam by getting rid of its clients than some lame relay closing enterprise -- haven't they moved a lot of their operations to zombies and cracked proxies anyway?

  • Waste of time and effort... (Score:4, Interesting)

    by Kjella ( 173770 ) on Saturday January 31, 2004 @11:44AM (#8143771) Homepage
    There'll be more than enough hosts compromised somewhere, instead try to fix the damn system with proper certificates, "soft" blocking like hashcash or similar, easy feedback of SPAM, easy whitelisting of mailing lists etc.

    Hell, I just recently discovered that my RHL9 box has been somehow compromised. Don't ask me how, but those sendmail spam zombie processes weren't mine. And on this Win2k PC I run anti-virus, firewall, the works. Still, a few things slips through the cracks, at least for a time.

    But see how, my Linux box if routed shouldn't get a domain. It would be @[IP] @???.bb.online.no (dns of that IP) or @[spammer-provided domain], not @aol.com. And even if I wanted to run a mailserver here on a residential DSL - it's reasonable to limit my delivery speed by hashcash or some such measure.

    If I wanted to do mass mailings (opt-in, the good kind, they exist, remember?) there should be a whitelisting system. Some kind of cryptographic token or similar, as proof of the opt-in. But noone seem to be doing anything like that.

    Damage control is the way to go. Running around chasing the latest compromising trojan and whatever is futile, at least to cure the problem, not just the symptoms.

    Kjella

Slashdot Top Deals

Beware of Programmers who carry screwdrivers. -- Leonard Brandwein

Close