Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Spam The Internet

Major ISPs Publish Anti-Spam Best Practices 252

Posted by michael from the rules-to-live-by dept.
wayne writes "The ASTA, an alliance of major ISPs, has just published a set of best practices to help fight spam. The list of ISPs include the likes of AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast. The recommendations include such things as limiting port 25 use, rate limiting email, closing redirectors and open relays, and detecting zombies. For details, see the ASTA Statement of Intent (pdf) or any of the ISP's antispam websites."
This discussion has been archived. No new comments can be posted.

Major ISPs Publish Anti-Spam Best Practices More

Major ISPs Publish Anti-Spam Best Practices

Comments Filter:

  • Don't forget SPF (Score:4, Informative)

    by Anonymous Coward on Tuesday June 22, 2004 @01:06PM (#9497375)
    Several large ISPs are backing SPF [pobox.com]. I even noticed my ISP, Verizon, who tend to be quite lazy and stupid when it comes to spam (and other things), have added an SPF record.
    • Enabling SPF is only half of the battle. It isn't until online web services start understanding that they need to use reply-to instead of just putting a user's address in the from field that SPF will really work. I've had to disable my server's SPF checking because some services I use (like my bank - ingdirect.com) like to send things like referrals "from" me, rather than "from" themselves with a reply-to to me.

    • Re:Don't forget SPF (Score:4, Interesting)

      by Dimensio ( 311070 ) <[moc.uolgi] [ta] [ratskrad]> on Tuesday June 22, 2004 @02:03PM (#9498080)
      I even noticed my ISP, Verizon, who tend to be quite lazy and stupid when it comes to spam (and other things), have added an SPF record.

      I wouldn't call Verizon "lazy and stupid" when it comes to spammers on their network. I would call them "criminally negligent".

      They had a spammer's website on their network for over a month. The spammer was selling a product that was blatantly illegal (digital cable descrambler). The only possible way that their product could have been legal was if it did not function as advertised, and then they would have been committing advertising fraud, so either way they were breaking the law and Verizon was allowing it to happen on their network. After a MONTH of daily complaints about the site, it only disappeared AFTER I setup a webpage documenting Verizon's open support of criminal activity and started advertising it in my .signature file.

      No legal threats were ever issued to me. I guess that Verizon knew that I had truth on my side.
  • ...but the people that would really read these things are the one that know how to avoid most spam already, aren't they? I doubt my parents would even stumble across any of these resources in their daily submitting of their email addresses to every form they can find.
    • Seeing as how these are guides for system administrators, I don't see how your parents need to know any of this. Besides it isn't a knowledge problem that this solves, but a business problem.

      This is a loose agreement by ISP's about what they need to do on thier part to confront spam. These things would improve the situation, but ISP's are reluctant to implement them out of fear that the user will become angry with the tightened security problem and go to another ISP. And I am not talking about spammers, I
    • From the second paragrap of the FA:

      The proposal provides recommended actions and policies for Internet
      service providers (ISPs) and e-mail service providers (ESPs)       as well as large
      senders of e-mail including governments, private corporations and online
      marketing organizations.

      This isn't even intended for people like your parents.
    • I dont' want to sound pessimistic...

      but, people who need to read the articles to see what they say and who their intended targets are before they post, never actually read the freaking articles.

      Do you?

  • Spammers are like a retrovirus. The will adapt to any system you construct. Creating a list of what every major isp will do to combat them will only serve to accelerate their evolution and make them more effective spammers.

    • Re:Best practices,... published? (Score:5, Insightful)

      by AviLazar ( 741826 ) on Tuesday June 22, 2004 @01:10PM (#9497424) Journal
      And just like all crime, all we can do is fight back. We either find the weakness ourselves and fix it, or we find out that a criminal (spammer) found a weakness and we fix it. To sit and do nothing would be really bad (imagine windows XP with all the flaws dating back to windows 3.1) :)
    • one example of bad spammer behavior I've seen, which is totally new from the usual types is spammers sending email pretending to be my ISP, complete with legit-looking special offers from said ISP...

      but with a suspicious attachment or a spurious "click here if you don't want to receive such notices anymore".

      I shudder to think how many people will fall for those evil tricks.
    • One major reason that spammers are using zombies is that ISPs cracked down on spammers and closed a lot of open relays. Are you suggesting these weren't good ideas? Just because a spammer may find another way to spam doesn't mean we shouldn't shut down the known methods of spamming if we know how.
      • why dont ISPs just block internet access to the zombie PCs they detect, for violation of the terms of use?

        when the user calls up customer service, they can then follow the instructions on how to clear the malware.
        • Comcast has indicated they will be doing just that. Other ISPs are beginning to shut down port 25 for everyone. As many times as I have disagreed with Comcast in the past, I like their plan of action this time.

    • Re:Best practices,... published? (Score:5, Insightful)

      by surreal-maitland ( 711954 ) on Tuesday June 22, 2004 @01:20PM (#9497533) Journal
      just like we should not publish our source code because then hackers will find exploits, right?
    • Spam does not have to be made impossible to be eliminated; we just have to reduce response rates to the point where it's no longer profitable and wait for professional spammers to die off.

    • Re:Best practices,... published? (Score:4, Insightful)

      by deadmongrel ( 621467 ) <karthik@poobal.net> on Tuesday June 22, 2004 @01:25PM (#9497585) Homepage
      Spammers are like a retrovirus. The will adapt to any system you construct. Creating a list of what every major isp will do to combat them will only serve to accelerate their evolution and make them more effective spammers.
      Spammers always try to be one step ahead of the game. Just by keeping the best practices a *secret* wound't help to combat spam. Its the business model that needs to be attacked. Money is made somewhere and that is where we have to attack. Having said that, I think its important we keep these fighting techniques open. A lot of people would benefit from it. Also, just like security, obscurity would be of no help.

      • Re:Best practices,... published? (Score:5, Interesting)

        by LehiNephi ( 695428 ) on Tuesday June 22, 2004 @01:36PM (#9497705) Journal
        Attacking the source of the money--that, I believe, is the only way to kill spam.

        That's why I run Unsolicited Commando [astrobastards.net]. It fills the inboxes of companies that pay for spam with spurious form fill-outs. I guess it's kind of like giving them a taste of their own medicine.

        • That's why I run Unsolicited Commando [astrobastards.net]. It fills the inboxes of companies that pay for spam with spurious form fill-outs. I guess it's kind of like giving them a taste of their own medicine.

          Unfortunately, I don't agree with this way. I don't want to start a flame war or anything but just my thoughts. Yes! I said attack the very foundation that supports spammers, which should be achieved not by doing the same thing that spammers are doing to us. Money and paper are traceable so can be

    • Spammers are like a retrovirus. The will adapt to any system you construct.

      A retrovirus is just a virus that goes RNA->DNA. Since it usually goes DNA->RNA, they call it retro. It has nothing to do with adaptability.

  • Balance (Score:2, Insightful)

    by it0 ( 567968 )
    I hope they find the right balance between just providing the internet and locking it down so it can't harm the average consumer.

  • What about my personal mail server? (Score:4, Interesting)

    by tstoneman ( 589372 ) on Tuesday June 22, 2004 @01:09PM (#9497411)
    I am thinking about setting up my own personal mail server for my small business.

    Is there a guideline that can help me figure out what steps I need to take to harden my mail server?

    I will be using either Postfix or Microsoft Exchange.
    • Most of exchange problems occur when you have an exchange server being the SMTP gateway. IF I were you, find a product to be the SMTP gateway that doesn't use anything made by Microsoft. There are also serious problems using the IIS SMTP service to talk to exchange. So, in short, get another kind of SMTP gateway to run the SMTP service, and then run Exchange behind it forwarding all mail to your non-microsoft gateway.
    • Unless you need the groupware functionality of Exchange, go with postfix or courier [courier-mta.org]. Then install Spamassassin [spamassassin.org] and Rules du Jour [exit0.us] to keep your spamassassin rules up to date, and a good serverside antivirus program like Clam [sourceforge.net]. Also, configure some blackhole servers (I use dnsbl.sorbs.net, list.dsbl.org, dnsbl.njabl.org and relays.ordb.org).

      And then be prepared to continue filtering out spam (although with my setup, of the 100+ daily messages that would get into my inbox without filtering, I now get about 1

    • Re:What about my personal mail server? (Score:4, Informative)

      by thedillybar ( 677116 ) on Tuesday June 22, 2004 @01:22PM (#9497556)
      >Is there a guideline that can help me figure out what steps I need to take to harden my mail server?
      Basically don't relay mail for any user who you don't know (either by IP address or by SMTP authentication). Relaying is accepting mail for another domain and passing it on. If the server is the MX server for your domain, you must accept mail addressed to that domain regardless of whether or not you know the sending party.

      >I will be using either Postfix or Microsoft Exchange.
      I use sendmail, and I know that the "default" prevents unauthorized relaying. The latest version of Postfix or Exchange will almost certainly do the same. After you make any configuration changes, just verify that an outside machine can't send mail to another domain.

      Whichever SMTP software you run, I'd recommend joining some comp.mail.* newsgroups.

    • Re:What about my personal mail server? (Score:2, Funny)

      by Anonymous Coward
      To harden your mail server, heat it to 1000 degrees, then quench it in oil. This is guaranteed to block all spam.
    • I am thinking about setting up my own personal mail server for my small business

      I'm planning on doing the same thing. When I was hunting for information I found this link [newsforge.com], it has plenty of resource information. Maybe it will help you too.

    • I have my own mailserver running postfix.

      One thing I can't recommend highly enough: address extensions.

      You can turn them on in postfix easily. Then, it'll map anything that follows after the extension to your user mailbox. For instance, let's say you have stone@man.com

      With address extensions, you could have (without changing a config file) stone+getlost@man.com, stone+slashdot@man.com, etc. Anything after the "extension" is dropped for delivery purposes, so all that mail would go into the "stone" user
      • I doubt this would be very effective. I'm sure that spammers are probably all familiar with this trick by now, and just s/+.*@//g their spam list. I have postfix set up with an alternate domain, where everything goes to my primary email address.

        So, the email address I give to slashdot would be slashdot@whatever.com, etc. It all gets forwarded to another email address, and my email client has a rule that moves all email to the alternate domain to a separate mailbox.

        • How is that any different except you have to update your aliases file (or whatever config) anytime you wish to create a new ID?

          As least I can just log onto amazon and create me+amazon@myrealdomain.com without a thought.

          Or, are you saying that mail to whomever1@whatever.com, whomever2@whatever.com will always forward on you you@myrealdomain.com?

          It essentially is the same problem as having your "real" (final) e-mail address out there for the world to see... maybe worse, if you have it setup as a "catch-all

  • limit port 25 (Score:4, Insightful)

    by markan18 ( 718118 ) <sm@bigserver.hopto.org> on Tuesday June 22, 2004 @01:09PM (#9497416)
    As long as i still can run my own smtp server.
    They can limit outbound port 25 because i still can forward my email through their official smtp server. If they limit inbound port 25, it will suck big time.
    • Most ISPs don't block ports to prevent their users from doing something they don't want to do. Why? Because its trivial to move any given service to another port.

      Moderators, think before you mod.
      • Comment removed based on user account deletion
      • No, most ISPs don't block 25 because they don't want to deal with the time & effort necessary to educate all of their users strapped to Outhouse and Outhouse Express to switch to a different port.

        There's been a lengthy discussion on SPAM-L about this.
        My suggestion has been to create a virus which would do it. Turn it loose on Friday, then on Monday all should be switched over.

      • You are wrong. (Score:3, Insightful)

        by warrax_666 ( 144623 )
        Blocking outbound port 25 has the effect that zombies cannot send mail to SMTP servers listening on port 25. (Incidentally, it also has the effect that completely legitimate and well-behaving mail servers on the network cannot do so either -- unless there is some form of more or less manual unblocking which the customers can apply for/use)

    • Re:limit port 25 (Score:3, Informative)

      by FireFury03 ( 653718 )
      TFA says clearly that blocking port 25 is a problem for those of us who run our own SMTP servers (and no I won't be forwarding through my ISP's smarthost - it's pointless, adds another point of failure and like I trust an ISP to make services work right :). The article also says that ISPs must accommodate these people by allowing people to unblock port 25 if they have a legit use for it. IMHO the document is very well written - when I downloaded it I was expecting to see a "block everything except web" ty

  • Take what they say with a grain of salt (Score:5, Interesting)

    by Raul654 ( 453029 ) on Tuesday June 22, 2004 @01:10PM (#9497418) Homepage
    How many of those ISPs were caught in pink contracts? [catb.org]
    • Exactly...how many? Care to back this up?
    • You have to presume that it's far more common than anyone would suspect, and I think not only are the spammers/ISPs linked this way, but the sleazeballs behind the spam likely have similar arrangements with banks and credit card processors.

      Which is why we need a RICO investigation of spamming. As long as it's treated by law enforcement as merely unpopular, the otherwise legitimate providers of services necessary for spam (ISPs, banks) will just take extra money -- over OR under the table -- to provide the
      • You have to presume that it's far more common than anyone would suspect

        Actually, pink contracts aren't even necessary for spammers anymore. With major providers like MCI/UUNet, who will only kick off spammers if they spam from their space, and the wide availability of compromised systems to use as relays, spammers can have completely bulletproof hosting from the largest backbone provider without negotiating special contracts.
  • And I'm undecided as to whether that is good or bad. Sure, there have been a few new exciting tools out there- but as soon as they become common knowledge the spammers start working on circumventing them. So maybe it's best that this didn't mention any specific tools- just broad categories like virus checkers and firewalls.

  • Whatever... (Score:4, Insightful)

    by Bif Powell ( 726774 ) on Tuesday June 22, 2004 @01:10PM (#9497421)
    ...let's just all do something before the government really starts to regulate things. I'm stupid about such things, so out of curiosity why hasn't the w3c or the people who write the RFCs come up with some new SMTP spec?...please...

    • Re:Whatever... (Score:3, Interesting)

      by IamGarageGuy 2 ( 687655 )
      That would be the way to go... but unfortunately life doesn'r work that way. SMTP is so entrenched everywhere that writing a new spec is like making a new internet. In theory, it's easy, in reality everybody would bitch that their email doesn't work.

      • Re:Whatever... (Score:3, Insightful)

        by firewood ( 41230 )
        SMTP is so entrenched everywhere that writing a new spec is like making a new internet. In theory, it's easy, in reality everybody would bitch that their email doesn't work.

        New net protocols have always displaced old protocols without requiring a new internet. Like Gopher (et.al.), SMTP will soon fade away because it already doesn't work. At the current rate-of-increase of spam, allowing current SMTP email onto your network will soon become (if not has become already) the same as paying a gangster to DDo

  • Blocking outbound port 25 (Score:5, Interesting)

    by Bronster ( 13157 ) <slashdot@brong.net> on Tuesday June 22, 2004 @01:12PM (#9497447) Homepage
    Makes me really glad that I push all my email backwards and forwards through an openvpn [sf.net] connection to my mail server now. As long as my ISP doesn't block UDP port *mumble* I'll be fine.

    My wife was not so lucky. She was unable to send email a few weeks ago when our cable modem provider instituted outbound port 25 blocking. Luckily it's really easy to set postfix up to listen for smtp on another port as well - one quick config change and she was back in business. I'm planning to install openvpn for Windows on her box one of these days.
    • Makes me really glad that I push all my email backwards and forwards through an openvpn connection to my mail server now.

      Openvpn rocks! I have started to use it for clients that I relay mail for, and back their systems up remotly. It works with Win32-Linux,Windows-Win32, Linix-Linux.

      I run open VPN on my laptop and tunnel back to the mothership for access to all my local services at home too.

      I have converted a few people using remote laptops over to it for various applications and it is pretty solid

  • That's the only thing that will work on the long run. Everything else just reaches those who are already somewhat aware of the problem.

    Unfortunately, calling the customer and walking him through disinfection/reinstall costs too much money, so only very, very few ISPs do it at all.
    • Unfortunately, calling the customer and walking him through disinfection/reinstall costs too much money, so only very, very few ISPs do it at all.

      It's not really the ISP's job to fix their computer. It's a little like calling the phone company because your answering machine is broken.
      • I agree, but at the very least the ISP should cut connectivity. Allowing compromised boxes on the network allows criminals to use the network to facilitate acts of theft and fraud.

        This is like calling the phone company to report that someone's phone box has been compromised and is being used to make anonymous obscene phone calls. Yes, it might be the user's property that is broken, but that property is still being used to abuse the phone system.
        • but then the same kind of clueless user that allows his/her box to fester with viruses will switch to another ISP which wont cut the service off... because the clueless user might not understand the root cause of being cut off.
          • but then the same kind of clueless user that allows his/her box to fester with viruses will switch to another ISP which wont cut the service off...

            Hopefully most ISP's will do the same thing and the user will find it harder and harder to get internet service. Even if they do, it's still better than leaving the box connected continuously.

            because the clueless user might not understand the root cause of being cut off.

            Even the most clueless users understand that viruses are bad (it's usually the first th
          • but then the same kind of clueless user that allows his/her box to fester with viruses will switch to another ISP which wont cut the service off...

            And that ISP will quickly discover that no one wants their packets.

            because the clueless user might not understand the root cause of being cut off.

            That's why you explain it to the clueless user, as one would a child. If they still don't understand, have a contract clause that allows the ISP to confiscate the customer's computer and burn it.
        • I agree, but at the very least the ISP should cut connectivity. Allowing compromised boxes on the network allows criminals to use the network to facilitate acts of theft and fraud.

          Absolutely. But that should be the extent of what they are expected to do unless they have specifically sold computer tech support as part of their contract.

      • It's not really the ISP's job to fix their computer [the customer's].

        They make money by providing connectivity. Almost in the same way, you could argue that companies are not responsible for pollution.

        It's a little like calling the phone company because your answering machine is broken.

        Your answering machine isn't fooling with SS#7 and telephone switches. Compromised home systems are known to wreak havoc in many ways, some of them very nasty.
        • They make money by providing connectivity.

          The ISP should be expected to cut the connectivity of the zombied computer. But cleaning it up is not their responsibility.

          Your answering machine isn't fooling with SS#7 and telephone switches. Compromised home systems are known to wreak havoc in many ways, some of them very nasty.

          Well, to extend the analogy, if your modem is calling up people at 2am, the phone company is not expected to fix your modem, but is expected to turn off your phone if you won't fix

  • How about "no more delayed bounces" (Score:5, Insightful)

    by Anonymous Coward on Tuesday June 22, 2004 @01:15PM (#9497483)
    I'd be very happy if everyone could get their act together and reject undeliverable addresses during the SMTP transaction. Delayed bounces are responsible for most of the backscatter which pollutes my mailboxes and logs these days.

    Qmail, I'm looking at you. People who don't run something like LDAP on their secondary MXs, I'm looking at you.

    I'm almost to the point of blocking the null sender from certain hosts, just because they are nothing but crap. I know all about the RFC (and rfc-ignorant.org), but they're causing a serious problem for the rest of the world.

    The worst part is for people who run control panels like Plesk. They have to run qmail (no choice in the matter), and so they either become a delayed bounce source, or they enable the catchall and get to suck down all that mail. They can't win.
    • There are patches for qmail that will fix this, the server will check for the user at the SMTP stage and refuse if user doesn't exist.

    • I'd be very happy if everyone could get their act together and reject undeliverable addresses during the SMTP transaction. Delayed bounces are responsible for most of the backscatter which pollutes my mailboxes and logs these days.

      Sure it's best if the message can be refused during the SMTP transaction rather than bounced after the fact. But sometimes that's not possible - for example in the case where a message has already been accepted by a backup mail exchanger or when the message is detected as un

  • ISP's need to act (Score:5, Insightful)

    by nagora ( 177841 ) on Tuesday June 22, 2004 @01:19PM (#9497522)
    If someone has an open relay box because of some Trojan horse program surely their ISP are in the best place to notice the traffic patterns in and out of their port 25. Cut them off and when they call to complain tell them to sort their machine out or find another ISP.

    But, of course, that might cost the ISP's money. So instead we get a "best practice" document which preaches to the converted and achieves nothing.

    TWW

    • [blocking port 25 for people with owned machines] might cost the ISP's money. So instead we get a "best practice" document which preaches to the converted and achieves nothing.

      No, this it the beginning of legislative effort. They clearly state this at the end of their press release. The object is to get laws passed about what ISPs do and to make the net easy for them to control. It's everything the people who designed the internet fought against and what is left will more resemble broadcast TV.

      The goa

  • What about laptops (Score:2, Interesting)

    by Marrow ( 195242 )
    If port25 is being blocked and you dont want users to change their outgoing smtp servers all the time, what is the best way to have reliable email on laptops.

    Is VPN the only way to make mail reliable and consistent on laptops?
    • Why would users need to change their outgoing servers "all the time"? Why not just do it ONCE? Use port 587 (the submission port) and all will be fine.
    • VPN is indeed one choice (and a good one).

      I support my remote users by having an smtp server that only accepts authenticated TLS connections. It was listening on port 25, because THAT'S THE PORT THAT WAS ASSIGNED FOR SMTP, but I'm going to have to move it elsewhere.

      There doesn't appear to be a clear consensus for what port to use for authenticated smtp. Some people use 465 (assigned for SMTP over SSL), others seem to use 26, 2525, or 4025. I think I'm going to go along with stealing 26, because I want a

    • SSH Tunnel (Score:2, Informative)

      by santiago ( 42242 )
      I have a command-line alias set up to use SSH port reflection from port 25 on my laptop to port 25 on my server. My mail client is then configured to use localhost as the outgoing mail server. Whenever I need to send email, I just need to enter one command in a terminal window to enable it until I move elsewhere and the connection is broken.

      I used to just run sendmail directly on my PowerBook, but I got too many bounce messages from servers that refuse to accept mail from known dynamically allocated IP r
    • > If port25 is being blocked and you dont want users to change their outgoing smtp > servers all the time, what is the best way to have reliable email on laptops.

      Authenticated SMTP over SSL. The Auth part to be able to relay mail for users you trust, SSL to prevent their login details from being stolen by middlemen looking for relays.

  • *cough* *cough* (Score:3, Informative)

    by Anonymous Coward on Tuesday June 22, 2004 @01:24PM (#9497582)
    *COUGH* bullshit *COUGH*

    Out of this list of ISPs (AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast), AOL is the ONLY ISP who is actively working in the antispam community - seriously. They've got a single contact for dealing with it and they are keeping their ax sharp and swinging it whenever needed.
    All of those other 'posers are lying thru their teeth. Yahoo, MSN/Hotmail, Earthlink, Comcast? Antispam? They'd choke if they tried to say, "We're antispam". It's sad now that AOL has made a solic effort that they're going to be painted with the same brush as those other spam-havens.

  • it all works out for the ISPs (Score:3, Funny)

    by mr_z_beeblebrox ( 591077 ) on Tuesday June 22, 2004 @01:25PM (#9497587) Journal
    Spammers paid a lot to get their spam out and people like AOL and Earthlink cozied right up. Now it is unpopular so they pretend to be fighting spam. My guess is that then they will hold out for more profit from spammers, it is a cycle of blackmail.

  • Protect your own domain name (Score:5, Insightful)

    by Talking Toaster ( 695539 ) on Tuesday June 22, 2004 @01:26PM (#9497603)
    best practices to help fight spam. The list of ISPs include the likes of AOL, Yahoo, MSN/Hotmail, Earthlink and Comcast.

    Something that would really help is for these big companies to protect their own domain names by going after anyone who forges the headers as such. These days if someone isn't already in my whitelist they are probably going to get caught in my spam filters if they use any of these domain names.

    Under most circumstances I think it is a bad thing for a company to throw lawyers at someone until there is nothing left but a smoking hole in the ground, but I think I would make an exception for spammers. These companies not only have the resources to make spamming unprofitable, but they have a valid, and vested interest to do so.

  • Penalties (Score:2, Insightful)

    by Anonymous Coward
    If you want to kill spammers, kill thier source of income. Fine the hell out of the people ADvertising through them. Hit where it hurts (the bottomline) and spammers would be out of a job.

    • Re:Penalties (Score:5, Informative)

      by Animats ( 122034 ) on Tuesday June 22, 2004 @01:42PM (#9497770) Homepage
      Exactly. That's what California enacted as law, and what the Direct Marketing Association successfully blocked by pushing the CAN-SPAM act through.

      The California law made the "beneficiary" of the spam responsible for it. And anybody could sue. That would have made hiring a spammer very risky.

      Broadly defining the "beneficiary" could go even further. The credit card service provider, and the bank behind them, could be held responsible for spam if they processed a transaction resulting from spam. They profit from it, after all. A good lawyer could make the case now that they bear some responsibility, especially if they assist in any way in concealing the identity of the spammer.

      We really need to go after the payment end of spam, not the sending end.

    • If you want to kill spammers, kill thier source of income.

      Are you sure that a bullet to the head won't be more effective? I would certainly find such a solution far more satisfying.

  • Mail admin here, my solution was port 26 (Score:5, Interesting)

    by aardwolf204 ( 630780 ) on Tuesday June 22, 2004 @01:34PM (#9497696)
    As a mail administrator for a medium size company I've had to deal with residential broadband ISPs blocking access to port 25 a lot lately. It was a headache explaining to employees that work at home, at the office, and at customer sites, that they must change their outgoing SMTP setting in Outlook depending on their location. This is a true PITA as lots of times your not supplied with that information (or at least it is not obvious to the non-technical people), for example, internet access in hotel rooms.

    For a while the quick and dirty solution was to use webmail when in doubt but we needed something that people could live with and as much as I dislike M$ Outlook its a lot better than Horde, Neo, or Sruirrel Mail (IMO).

    My 80% solution now is to handle SMTP on both ports 25 and, hehe, 26. So far so good, I'm able to go between the office and home on my laptop with no problems where as before Cox Cable wouldnt let me get to our SMTP server.

    I'm wondering what other admins have had to do in this situation. I know I'm not alone here. And how do you think it will effect the propogation of spam in the future.
    • Why dont you get with the rest of the planet and use 587 for client mailers to connect to your server and run authentication??? It's a port that shouldent be blocked by anybody but a corperate system and if they are blocking it you shouldnt be trying to get around it :)

    • Re:Mail admin here, my solution was port 26 (Score:4, Interesting)

      by plcurechax ( 247883 ) on Tuesday June 22, 2004 @01:58PM (#9498011) Homepage
      As a mail administrator for a medium size company I've had to deal with residential broadband ISPs blocking access to port 25 a lot lately. It was a headache explaining to employees that work at home, at the office, and at customer sites, that they must change their outgoing SMTP setting in Outlook depending on their location. This is a true PITA as lots of times your not supplied with that information (or at least it is not obvious to the non-technical people), for example, internet access in hotel rooms.

      Um. Shouldn't you be fixing the problem, which is that you want these remote users to act as if they are part of your trusted corporate network? When you look at it this way, you realise that the best (and far more secure) solution is to be using an VPN into a DMZ that can access limited services needed for tele-commuters and road warriors.
  • might help if they publish these in korean and chinese
  • There's a fairly important and really simple improvement that I'm surprised wasn't covered by this list. Consumers: turn off the 'preview pane' in your email client. Vendors: set the preview pane 'off' as the default when you ship email clients.

    The preview pane gets people in so much trouble, especially with Outlook/Express. Without harping over the potential for automatically triggering viruses, a lesser known problem is web bugs. These little images are linked from the email, and when they are retrie
  • I think we should fast track those best of breed anti-spam practices and implemented to leverage our assets for an enterprise wide robust system. So that at the end of the day we'll all come to the table and be on the same page with a turn key solution.

    Oops... uh ... I forgot to take my happy pills. BRB

    OK. I feel better now. We'll I'm off to carve my initials in a Moose and then herd some cats.

  • target audience (Score:4, Interesting)

    by earlytime ( 15364 ) on Tuesday June 22, 2004 @01:59PM (#9498024) Homepage
    While the authors say the target audience includes "ISPs and mailbox providers", the list of recommendations reads like a wishlist for large ISPs and email hosters. These are the things that hotmail, yahoo and earthlink want us to do so they don't get as much spam. There is very little in there recommendations that will help me get less spam. If I could use spf to know where hotmail, msn and yahoo send mail from, I'd be able to reject 30% of the spammy organization recieves. This isn't on the list of recommendations, although aol, earthlink, and gmail all do publish spf records.

    It's very hard for any mail administrator to block mail from these large domains, because so much of the legitimate mail comes from their actual servers (wherever these are). I'd be happy to reject all mail addresses from msn.com or yahoo.com, but my users would see a huge increase in false positives. It's a no brainer to drop messages addresses from dailyoffers.com because I don't see any legit mail addresed from this domain anyway.
  • Its nice to see AOL, Yahoo, and Hotmail working to eliminate spam. Especially since for years they allowed the majority of spamming to take place on their networks...

  • Where are the best practices (Score:5, Interesting)

    by linuxwrangler ( 582055 ) on Tuesday June 22, 2004 @02:13PM (#9498187)
    This was just a bunch of fluff. I was hoping for some meat. The big ISPs have enough clout that if they force the issue of good practices everyone will have to adapt and the people who will have to adapt are those with broken non-RFC compliant servers.

    Best practices can encompass the RFCs and extend them to, well, best practices.

    For example:

    Per RFCs every place a domain is used it must be fully qualified and resolvable. In addition, the EHLO is supposed to be the primary hostname of the sending machine.

    Anti-spam best practice might say that the machine name must resolve back to the connecting IP. Even better, the reverse entry for the IP must include the correct hostname. This way a receiving machine can determine who the sender claims to be, that the DNS entry for that name matches the IP (anyone can spoof the header but it's lots harder to get to the DNS of a legit operation) and that the reverse DNS shows the correct hostname (which would be harder on those who have low-end connections where they don't have control over the reverse DNS entries but no problem for most IT operations - anyone with a small operation can send through their ISP anyway).

    If the major ISPs required just these items to match there would be a brief period of pain while everyone scrambles to fix broken systems but the gains from stopping viruses and spam would be enormous and tracing back to and blocking the remaining spam would be easier.

    I also saw nothing about information sharing among the large ISPs so they could quickly act against a spammer or quickly disable the web accounts to which the spam is directing people (carefully, of course, or fake spam could be a means of a DOS attack).

    Similarly, there was no mention of blocking email where the from address doesn't match the ISP. A couple years ago I dealt with massive backscatter from spam sent by an Earthlink customer THROUGH the Earthlink server. I tried to get an answer from them on why they were allowing someone to send out email "from" our domain when they have no relationship to us. Silence. Sure this is a pain for some people but people who want legitimate extra services can sign up for them. It's not so different than paying for a static extra IPs. If you want to send from a different domain we'll unblock it for you for a small monthly fee after determining that you are authorized to represent that domain.

    This just scratches the surface but all in all this "best practices" is a joke.

  • Earthlink != Best Practices (Score:3, Interesting)

    by Brandybuck ( 704397 ) on Tuesday June 22, 2004 @02:30PM (#9498378) Homepage Journal
    I get my DSL through Earthlink, but my domain is hosted elsewhere. So I don't ever use my Earthlink email address. The ONLY legitimate email coming to that address is my monthly billing statement. And for the last few years, that's pretty much all I got. Sometimes Earthlink itself would send me spam, but it was nothing an embarassing submission to abuse@earthlink.com couldn't handle.

    But they recently stopped their server-side spam filtering (Spaminator(tm)) and replaced it with client-side plugins. Overnight I started receiving thirty spams a day to an account that I have NEVER used. Besides the general annoyance that they are shuffling off anti-spam responsibilities to the customer, their plugins are for Windows Outlook and webmail only. (They say it's for Mac as well, but that's only a euphemism for "you must use webmail"). This is unacceptable.
  • One major question anyone reading this has to ask is -- what constitutes a "legitimate need" to run a mail server (people meeting this condition are those who ISPs should open port 25 for, according to the official doc). I run my own mail server, and have since 2000; additionally, I give out accounts to any of my friends and family that want them. The reason I do this, and the reason people get accounts on my box, is the lack of (unreasonable) restriction I impose on them: no mailbox size limit, no outbound mail size limit, as many aliases as they feel like (of course, I don't run an open relay, and I'd cancel an account instantly if I found someone spamming through it). If I were forced to move to some hosted solution, I would lose a lot of features, and have to pay to boot.

    So is it necessary for me to run a mail server? No, I could technically survive without my own. Would it be a travesty if I were forced to switch to cut off spammers? Hell yes!

    So until they draw the line on who "needs" to run a mail server, I can't possibly support this concept (or at least the port 25 restrictions piece of it).

  • Another point: web pages (Score:3, Interesting)

    by eaolson ( 153849 ) on Tuesday June 22, 2004 @03:36PM (#9499263)

    I understand that there is no silver bullet to end spam. But recommendation that this document does not address is the hosting of the web site advertised in the email. If spammers also could not find places to host their sites, the utility of spam (to the spammer) would significantly decrease.

    The irony is that Yahoo appears to be fairly spammer-website friendly. They kill abusive Geocities pages fairly rapidly, but paying users appear to be basically bulletproof.

    I've got one pet spammer (http://suburbanexpress.site.yahoo.net/) that's been hosted from Yahoo and spamming from an Ameritech DSL line since November, and neither will do anything about it.

Slashdot Top Deals

"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost

Close