Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Spam IT

ISP Responsibility in Fight Against Spam 314

netpulse writes "Over at CircleID, John Levine shares a letter by Carl Hutzler, AOL Postmaster and Director, blaming irresponsible ISPs as key part of the problem in the long-term fight against spam. Hutzler says: "Spam is a completely solvable problem. And it does not take finding every Richter, Jaynes, Bridger, etc to do it (although it certainly is part of the solution). In fact it does not take email identity technologies either (although these are certainly needed and part of the solution). The solution is getting messaging providers to take responsibility for their lame email systems that they set up without much thought and continue to not care much about when they become overrun by spammers. This is just security and every admin/network operator has to deal with it. We just have a lot of providers not bothering to care.' To which John Levine adds: 'What do we have to do to persuade networks that dealing with their own spam problem, even at significant short term cost, is better for the net and themselves than limping along as we do now?'"
This discussion has been archived. No new comments can be posted.

ISP Responsibility in Fight Against Spam

Comments Filter:
  • The problem (Score:5, Insightful)

    by Anonymous Coward on Monday January 24, 2005 @07:27PM (#11463067)
    Is that some of the worst offenders are the biggest. Do you want to cut off your customers from another ISP because the other ISP is an idiot? Maybe, until your own customers get upset because they no longer receive mail from their friends at the other ISP.
    • Re:The problem (Score:5, Interesting)

      by scooby111 ( 714417 ) on Monday January 24, 2005 @07:30PM (#11463103)
      It's not even necessarily the ISP. I know that my mail servers aren't being used by spammers because I monitor them carefully. We have corporate customers that run their own email servers on our IP blocks that are overrun. We try to work with them to close down open relays or even suspend accounts when they seem unwilling or unable to stop spamming, but there's only so much we are able or willing to do to shut down a clueless netadmin's mail server.

      In the end, they'll go somewhere else to spam and we'll lose the revenue.
      • Re:The problem (Score:5, Insightful)

        by geminidomino ( 614729 ) * on Monday January 24, 2005 @08:46PM (#11463712) Journal
        In the end, they'll go somewhere else to spam and we'll lose the revenue.

        So it's better for you to profit from the spammer than for someone else to, since someone is going to?

        Congratulations, you are part of the problem.
        • Re:The problem (Score:2, Interesting)

          by Anonymous Coward
          We just have a lot of providers not bothering to care...In the end, they'll go somewhere else to spam and we'll lose the revenue.

          Well I lost one two weeks ago for this very reason. The customer is a prominant business (one of the largest in one of the communities we service, in our area of about 1/4 of a state). They left for Qwest after a year of absolute refusal to address their IT disasters, leading up to the final "last straw" incident in December.

          In typical "smaller business with bigger infrastruct
    • Re:The problem (Score:4, Informative)

      by Zocalo ( 252965 ) on Monday January 24, 2005 @07:45PM (#11463255) Homepage
      Or, to turn that on its head, when your RFC breaking "spamblocker-challenge" doesn't work (because it's an ill thought out hack) would you want to cut your customers off from receiving email from Europe and Asia just so you have less spam to deal with? Further more, despite numerous complaints from both your own customers, people trying to communicate them and the threat of a class action lawsuit, would you continue that practice for more than a month?

      If you answered "yes" to those questions, then a career at Verizon is waiting for you, because that is exactly what they are doing [theregister.co.uk]. If ISPs are going to take responsibility for blocking spam and the prevention of the creation of BotNets that originate most of it then they need to take more care than these idiots.

      • by bani ( 467531 ) on Monday January 24, 2005 @08:23PM (#11463570)
        ...at customer request. we give customers switches on their webpage-control-panel and they can block anyone and anything they want. a huge percentage of customers block china, korea, russia, etc. because they dont speak mandarin, cantonese, or read BIG5 or EUC-KR or KOI8. customer's choice. boo hoo for the spammers.
      • Why does anybody's choice of connectivity provider have anything to do with their choice of email provider? Sure, my DSL ISP gives me a mailbox and a shell account, but all I do with that mailbox is set it to forward to my real email to handle occasional administrative messages from the DSL folks.

        Blocking whole countries by default, without giving the users a choice about it, is rude, stupid, xenophobic, and a good reason for your customers to leave en masse.

        On the other hand, *offering* email blockin

        • I couldn't agree more with your sentiment about enabling the *optional* blocking of entire countries and character sets en-masse; I do it myself on my home mailserver via my own DNSBL and SpamAssassin. Verizon has apparently decided that it knows best however and its customers will just have to deal with it as best they can, which makes them fair game for being used as the poster child for my point. To paraphrase Spiderman; ISPs potentially have a great power to wield against spam, but with that power com
        • Why does anybody's choice of connectivity provider have anything to do with their choice of email provider? Sure, my DSL ISP gives me a mailbox and a shell account, but all I do with that mailbox is set it to forward to my real email to handle occasional administrative messages from the DSL folks.

          Don't worry, Verizon is working hard to prevent you from doing that! They and BellSouth have petitioned the FCC to allow them to cut off all other ISPs' access to their raw DSL services. They're also making it
    • That is true, but one way or the other users will whine.

      How about voting laws to send spammers to long-term jail?

      Yes, I'm stupid the answer is obvious...PROFIT

  • by Anonymous Coward on Monday January 24, 2005 @07:27PM (#11463070)

    Dear every ISP in the world including the ones in your parent's basement,

    Please rid your servers of spammers.

    Sincerely,
    The Internet

    ps Yeah, right.
  • More Law Suits (Score:3, Insightful)

    by XtremeGod ( 811594 ) on Monday January 24, 2005 @07:28PM (#11463079)
    So when will the law suits start coming out against the ISP's that Spammers are getting their Internet connections through?
  • Not caring? (Score:4, Interesting)

    by ZiZ ( 564727 ) * on Monday January 24, 2005 @07:29PM (#11463087) Homepage
    Or perhaps just 'getting paid extremely well to host spammers'?
  • He seems to miss.. (Score:3, Informative)

    by Anonymous Coward on Monday January 24, 2005 @07:30PM (#11463096)
    ..that nearly all spam emails nowadays aren't sent over open relays but over 0wn3ed i.e. trojaned PCs on high speed (cable, xDSL) connections.
    • by CrankyFool ( 680025 ) on Monday January 24, 2005 @07:32PM (#11463129)
      No. He doesn't. There's a reason why responsible ISPs (there's that word again) don't allow normal l0ser users to connect to port 25 outside their network.

      The days of "Oh, here's your static IP and full internet access" are bhind us. I'm all for "if you demonstrate clue, you may have unfiltered unbound access; otherwise, no port 25 for you!"

      (also: Port 587 is your friend).
      • by DraKKon ( 7117 ) * on Monday January 24, 2005 @08:22PM (#11463568) Journal
        the ISP I use, DSLExtreme, blocks port 25 for all DSL/Dailup users..

        "By default we filter port 25 to only allow outbound email through our mail servers."

        You can request to unblock port 25 if you have a static DSL account... an on top of that...

        "In addition, we will periodically scan port 25 over your DSL line to make sure your mail server is not an open relay. If we find an open relay on your mail server, the port 25 filter will be reinstated and you will be notified by the contact email address entered above."

        If more ISP's were like that.. there wouldn't be as many z0mbi3z...
        • Uh, that doesn't help much. A lot of the spam these days are coming from hacked computers on cable/dsl connections.
          • Uh, that's exactly what it helps with! Most of the people with hacked computers don't need to/want to run a mail server, so blocking port 25 connections will eliminate these zombie machines as sources of spam. For those few who actually want to run direct mail services, the ISP allows it (which is very nice), but they make you ask for it specially, and they monitor for open relays. Which is really (IMO) the only sensible way to deal with it.

            All in all, one of the most clueful ISPs I've heard of.
            • Ok, I'll let you read what the parent poster said:

              "By default we filter port 25 to only allow outbound email through our mail servers."

              This means that outgoing port 25 connections are still allowed. All a hacked computer needs to do is be connected to on another port (besides 25) and then send the mail through the DSL providers mail server. This is in effect what is happening.

              You probably thought he meant the other way around, but any ISP that blocked outgoing port 25 certainly would be extreme, but
      • I think that IPV6 and static addresses for everybody will go a long way toward stopping spam.

      • Blocking Port 25 outbound for everybody is irresponsible, mean, nasty, evil, and a bad idea, just as blocking Port 80 inbound or Port 25 inbound is mean, nasty, evil, and greedy. It's breaking the end-to-end model that the Internet is based on. Port 587 is a partial workaround - it lets you take your perfectly capable well-administered machine and connect to some service provider who may or may not be more competent than you just to get around a broken ISP.

        However, there are ISPs with a middle-ground app

    • by pthomsen ( 68685 )

      ...nearly all spam emails nowadays aren't sent over open relays but over 0wn3ed i.e. trojaned PCs...

      Really?

      How do you know this? I'd love to see the stats that support this. I'm not trying to be facetious, I'd really like to get hard data like that.

      I agree 100% with Carl. Forcing admins to get a clue about the state of their outbound mail is key. And as he says, there are ways to control all this stuff. Even trojaned PCs can be controlled, by limiting the number of outbound messages from that machine to

      • A normal Sendmail implementation will create a separate Port 25 connection to each destination mail server, and may group a message to multiple users at the same destination domain or MX together into one transmission. If you send mail to more than 5 people in any hour, that would probably incorrectly nail you as a spammer. Even mail to all of my family would blow through this - a recent family reunion message went to about 30-50 people. I also run a couple of mailing lists for small social groups; one o
    • Carl is the antispam dude for AOL, and you're an Anonymous Coward. Carl understands that the problem is trojaned PCs. THAT is what he's talking about ISPs taking responsibility for.
      -russ
    • Nearly all spam that gets past baysian filtering maybe, open relays are still key, in fact botnets will actively probe for open relays, they're just another t00l in the spammers armada. it's just as easy for them to use an open relay as a botnet, and some spammers* might even feel that using an open relay is akin to using an open wifi access point, while creating a botnet is actual hacking...
      *= remember there are a LOT of spmmers people sell kits on how to spam in newspapers etc --;
  • by strredwolf ( 532 ) on Monday January 24, 2005 @07:30PM (#11463101) Homepage Journal
    For every listing backed by proof, post a large ad in the New York Times saying "THIS ISP SUPPORTS SPAMMERS" with the proof behind it. Enforce the PR leverage.
    • I don't think that the average individual cares that ISP XYZ hosts spammers. If you were to take out an ad that told me the top 50 ISPs in Korea that supported spamming, not only would I not care, but Koreans wouldn't see your ad. Who should fund the advertisements?
    • For every listing backed by proof, post a large ad in the New York Times saying "THIS ISP SUPPORTS SPAMMERS" with the proof behind it. Enforce the PR leverage.

      I'll kick money into this project. Is there a PayPal page up yet? Has anyone even made a project out of it yet?

  • by ChipMonk ( 711367 ) on Monday January 24, 2005 @07:30PM (#11463106) Journal
    What do we have to do to persuade networks...?

    How about putting them on an RBL? When their customers can't send emails, and threaten lawsuits for breach of contract, the ISP operators tend to start paying attention.
    • I agree with that, but not an RBL for mail. That's being used now by many ISPs, including AOL with little to no effect.

      Drop their packets. ALL OF THEM. Have the border router use the list, not the mail server.

      And before someone yells "collateral damage", I've been on the receiving end of that before (I'm on RoadRunner), so I know damn well the issues.

    • The problem with _this_ solution is with the validation of the complaints. Some people complain because they get emails from companies that they purchased items from after checking or not unchecking the "please keep me informed" box on the order form. User stupidity doesn't warrant blacklisting an entire ISP's network.

      In my tenure as a network administrator at various locations I've seen the full scope of offenses, from those which are blatant violations of the AUP to those which are users complaining ab
    • How about putting them on an RBL? When their customers can't send emails, and threaten lawsuits for breach of contract, the ISP operators tend to start paying attention.

      That works both ways. How about when a customer/employee compains they can't receive any email from some user @domain.com? What happens when it's an extremely important client and they're getting messages "sorry, your address has been rejected from sending mail to this system"? When you're talking about money vs network politics, guess whi
      • What happens when it's an extremely important client and they're getting messages "sorry, your address has been rejected from sending mail to this system"?

        You can bet that any client or potential client will take note if you complain to them about spam coming from their mail server. If they refuse to take action, making a case for "breach of contract" won't be too difficult.

        Besides, if they're really that clueless, how bad do you want to do business with them? Do you really want someone that hazardou
  • Creds (Score:2, Insightful)

    For as much as AOL stunk way back where this was concerned you have to give them props for mostly wrangling in their millions of lusers. I with some other cable and dsl providers would take this charge.
  • Accountability is the only thing that will stop spam:

    - don't want your mail servers to be blocked? Secure them so spammers can't use them.

    - don't want to be considered a "spamvertising company"? choose a legitimate ad agency.

    IMHO a multi-level effort is needed:

    - ISP's need to have a blacklist of customers who are known spammers. They need to share info.

    - Consumers need to have a website where they can check the legitimacy of a website, and see if it spams to advertise.

    - Registrar's need to stop iss
    • - ISP's need to have a blacklist of customers who are known spammers. They need to share info.


      That's like putting up a sign saying, "please sue me for libel". It would also probably put you afoul of anti-trust laws.
    • Accountability is the only thing that will stop spam.

      Yeah it is. So, I'm holding you accountable for that lame, unwanted, advertisement in your slashsig. Get a job, or something you can do to make the few hundred it takes to buy a minimac.

      How many people have you emailed or bothered with that lame "free stuff" link?

      Somebody mod this clown down.
    • Domain registration companies will never blacklist spammers -- that's how they make their money. Everyone knows selling domains leads to a big fat wallet at the end of the day, why would they want to reduce their profit forecast for some lowsy spam? ..and to those that see signatures: Go disable them. There's never anything useful anyway.
    • I find it ironic that you're offering your opinion on how to fix the spam problem at the same time as you're spamming us with the "free mini" link in your sig.
  • Sigh (Score:3, Interesting)

    by Anonymous Crowhead ( 577505 ) on Monday January 24, 2005 @07:33PM (#11463139)
    Longing for the good old days of when you got spam you fired off an email to postmaster, abuse and operator....
  • by Ryan C. ( 159039 ) on Monday January 24, 2005 @07:34PM (#11463157)
    Wonderful solultion. So if people would just stop crashing cars we could get rid of all the safety features. If nations could just get along we could save billions in military spending.

    The current email system does not take into account human nature and is therefore broken beyond all hope of an easy solution. It needs to be replaced with a system designed from the ground up with accountability in mind. Period.

  • It's interesting that people both complain that ISPs are too lax in what they let their users do, but when big companies come along with usage policies that restrict their customers' ability to set up things like their own mail server (read: open relay ahoy!), we gripe and start wondering if there should be a YRO post about it.

    I worked support at Speakeasy Networks for a little while. Speakeasy is well-reputed for letting users do whatever they want with their connection (sans the obviously illegal/unsavo
  • by ables ( 174982 ) on Monday January 24, 2005 @07:38PM (#11463196)
    On the surface, AOL looks like the good guys here. However, their draconian spam policy can be as harmful as the span it's trying to prevent.

    Here's how it works: AOL receives N complaints calling something spam after users click on the "mark this as spam" button. So AOL looks at the previous link in the received-from chain and blocks that entire network.

    Sounds good right? Wrong.

    Say Joe User works at my company part-time from home. Instead of another pop account, he has a forwarding address with our company that forwards to his AOL account. Joe gets spam, and reports it to AOL. AOL looks to see who sent it, sees my company in the "received-from" chain, and blocks not only us, but every other company hosted with our ISP. Thousands of legitimate emails now can't get to AOL addresses.

    It gets worse. Many people use the "spam" button like the "delete" key to get rid of stuff they just don't want right now. AOL doesn't educate its users to realize that reporting something as spam has real consequences, and so people mark real email they requested as spam just because it's easier than deleting around it.

    Our fabulous domain host FutureQuest [futurequest.net] has had to ban forwarding to AOL addresses as a result. AOL has been completely unreasonable in accepting any responsibility for intelligent spam blocking, and their users and legitimate businesses are suffering.

    At least they're trying, but they're far from the good guys here.
    • Someone (Joe) inside your company sends email to another account of their's.

      Joe then reports that email as "spam" to a blacklist.

      BAM! You're identified as a spammer.

      You see the reject comments on your mail server.

      You check the blacklist and look up the emails that were reported.

      BAM! Joe is fired.

      You show the blacklist site that you're not an open relay or proxy or whatever and you get removed from the blacklist.

      If it's coming through YOUR network, it is YOUR responsibility. You can filter spam/viruse
    • Our fabulous domain host FutureQuest has had to ban forwarding to AOL addresses as a result. AOL has been completely unreasonable in accepting any responsibility for intelligent spam blocking, and their users and legitimate businesses are suffering.

      I used to run a virtual webhosting server and had to do the same thing. Customers would have mail to person@legitimatebusiness.com forwarded to same_person@aol.com. Naturally, they would get spam to their business mailbox which would be dutifully forwarded to

    • See Joe St. Sauver's The Impending End of Traditional .forward-style Forwarding [campus-technology.com]. This is a growing problem, and traditional .forward is dead.

      Joe [uoregon.edu] runs network ops for University of Oregon, and has a good set of for-the-public articles at his website.

      These days, however, how your mail gets routed is a very important issue for one simple reason: deliverability.

      "Deliverability" is a term that has been coined to capture the problem that sites increasingly face trying to get legitimate mail through anti-

  • by SamMichaels ( 213605 ) on Monday January 24, 2005 @07:38PM (#11463200)
    You: "What do we have to do to persuade networks that dealing with their own spam problem, even at significant short term cost---"

    Boss: "Thanks for your concern."

    Try #2...the CTO...

    You: "What do we have to do to persuade networks that dealing with their own spam problem, even at significant short term cost---"

    Director: "Cost? My hands are tied...shareholders are disappointed and the board needs convincing anyway."

    Try #3...the board...

    You: "What do we have to do to persuade networks that dealing with their own spam problem, even at significant short term cost---"

    Board: "What is this 'spam' nonsense you're talking about? You know, when I was your age we never had all these technology woes. I don't see how this will benefit anybody. Next on the agenda....."
  • Misconfigured mail servers are only a part of the problem, and a diminishing one at that. A huge amount of the spam we now see is generated by zombies, and the only way I know to stop that is block all consumer port 25 traffic heading outside the network. The ISP I work for had to do this a couple of months ago, even though it created problems for some customers who send email via outside SMTP servers. Worse, SPF-enabled scanners will flag a problem for these customers if they send the mail through our m
  • Caution (Score:2, Insightful)

    by Anonymous Coward
    Lets be careful about what ISPs have a "responsibility to fight". Today its spam, tomorrow it could be "terrorism" (read: your privacy).

    Spam is annoying for those who get any but it doesn't justify the hysteria, IMHO.
  • by trawg ( 308495 ) on Monday January 24, 2005 @07:43PM (#11463242) Homepage
    Does anyone have any figures that detail how much spam come from zombie home user PCs? I thought the amount was significant, but the quote in this post seems to imply that the vast majority of it comes from less scrupulous service providers.

    (aside: we host a few websites, one of which we discovered was running an exploitable version of PHPNuke - but not before a spammer did and pumped ~20,000 emails into our queue. I noticed it pretty quickly and deleted them and blocked this webmail software across all these sites lest it happen again - but it was an interesting demonstration to me that spammers look for any and every leverage they can get. I keep a much closer eye on our mail queue statistics now!)
    • The number I last saw was 80+%.

      I've seen known compromised machines spewing for over a month after abuse@ was notified, so it's still an ISP issue.
      • Isn't the fix for this quite easy? Identify the machines which are connecting out over port 25 to more than X separate IP addresses per unit time. Maybe it's a power-user running his/her own mail server. More than likely, it's a trojaned PC spewing out spam. So block off port 25 access to anything but the ISP's mail server until the user either cleans up their system or demonstrates that they're running a responsible server, if that's even allowed by the TOS.
      • 90% of abuse@ addresses store their mail in /dev/null
  • Sasktel, I love you! (Score:3, Informative)

    by Txiasaeia ( 581598 ) on Monday January 24, 2005 @07:44PM (#11463251)
    "The solution is getting messaging providers to take responsibility for their lame email systems that they set up without much thought and continue to not care much about when they become overrun by spammers."

    My ISP, Sasktel [sasktel.com] in Saskatchewan, Canada has recently implemented a spam filtering service that has so far resulted in 2 false positives and no delivered spam. It completely blocks all virused emails as well. Finally, it sends out an email every once in a while to remind me to check the status of spam at the online message centre, where you can look at all email sent to me that is "suspicious."

    They also have a fairly comprehensive policy against hosting spammers, which is nice to hear. I know that many of my friends who use other ISPs have been recently flooded with spam, but I've not had any problems thus far. It's nice to have an ISP that cares about its customers!

  • by VernonNemitz ( 581327 ) on Monday January 24, 2005 @07:46PM (#11463267) Journal
    Then why aren't spammers already their own ISP outfits? Obviously if spamming is their business, getting obstructive middlemen out of the way is a priority!
    • Because they would be blocked instantly. By using everyone else, they have a better chance of getting their junk out. It's hard to justify blocking all of Earthlink, AOL, and MSN.
    • Because mini-isps generally have their own legit cidr blocks. It also implies some type of permanence. These are the two things that keep spammers out of our hands:
      #1. They hide behind real isps cidrs, meaning we'd have to block that isps ip range to stop them, and most of the time they have legit users and this is bad.
      #2. Their ability to pick up and move about. They can move as soon as they are blocked, and are constantly pulling up roots and moving to the next provider that they can suck on for the next
    • A nation of zombies. (Score:3, Interesting)

      by khasim ( 1285 )
      Distributed processing is where it is at.

      If you own your own ISP, you're limited to the bandwidth that you're paying for (and you can be blocked easily).

      With a bunch of zombie machines, you have TONS more bandwidth and you're not paying for it!

      Plus - all those processors sending spam.

      Just 10 zombies on 256K upload cable modems is 2.5Mb.

      A regular T1 is only 1.54Mb.

    • Then why aren't spammers already their own ISP outfits?


      They are.
      Top five spammers based on spams-per-ip to hit my spam traps this year;

      #1 1.73413 AS25957 (ACETE-1 Acetech USA, Inc)
      #2 0.89844 AS24734 (ASN-TECHMEX Techmex SA Autonomous System)
      #3 0.38965 AS33012 (EMC-67 Expedite Marketing Corporation)
      #4 0.15137 AS11677 (ITESM Rectoria Universidad Virtual)
      #5 0.11523 AS34061 (GEDOMAX-AS SC Gedomax Pro 2003 SRL)

    • Every big spammer knows about AGIS, the big ISP that lost all its connections to the rest of the Internet when their spammer-friendliness became well-known enough that they not only couldn't get peering with other ISPs, but couldn't even buy transit from anybody and their last few upstream providers kept getting pressured by the rest of the world. Lots of smaller spammers try the smalltime fake-ISP-front game - the ecology of hosting centers is sufficiently dense, with colocation companies renting rack s
  • Lot's of people make lots of claims about how to stop spam, but I never see evidence that any of it works.
    Supporting (or contradictory) data is in short supply.
    The article mentions AOL has "all but solved" their spam problem, but doesn't give any real numbers.

  • In particular they need to do more to stop the vectors used for the spammers to get the zombies on their users macine in the first place.

    ISPs should all be running good email virus scanners to remove viruses and infected attachments (including spam and DDOS zombie bots)
    They should be blocking ports used by these zombies (i.e. things like MSRPC, windows file sharing etc and also ports used to send control messages to the trojans)
    They should be educating users about how not to get infected with trojans.
    And t
    • According to his presentation at the HOPE conference, John Draper (aka Captain Crunch) recently implemented a honey pot system connected up to an automatic mailing program.

      When his honey pot receives mail it tracks down the mail to the sending machine, works back to the ISP and mails a report to the ISP admins in realtime. If the PC is own3d then the admins usually disconnect it from the net fairly soon until the owners have fixed it, so the machines can only be used for a short time.

      Because the admins wo

  • Unfortunately, one of the only things that's going to force most ISPs to start caring about the amount of spam coming from machines living on their netblocks is going to be the ISP's providers threatening to cut the lower-tier ISPs off if the lower-tier ISPs don't do something about their spam problems.

    I used to be completely against ISPs blocking port 25 from non-MX machines to the outside world. Unfortunately, I've had to change my opinion. The vast majority of the spam that ends up in my spam mailbox (t
  • a huge number of networks out there are completely irresponsible. they have no working postmaster@ (required by rfc) and abuse@ (optional, but generally expected). quite often the email address on their webpages, phone numbers on their webpages, and email addresses/phone numbers in whois are wrong.

    others have retarded / broken "content filters" making it impossible to report to them any abusive emails originating directly from their customers.

    just a few of the 500+ irresponsible networks i track, who orig
  • You can blame ISPs all you want, but it ignores the fact that Spam is a worldwide problem because the internet is worldwide. If some miracle happens and all US and European ISPs start shaping up, there's nothing stopping Chinese ISPs from offering a spammers paradise. If your money is green they'll certainly take it and let you spam. Think China is going to outlaw ISPs from taking spammers? I highly doubt it when there's money to be made and little to lose. Even if they do there's plenty of other count
  • He is basically saying "if *everyone* did what we did, there would be no spam". That sounds good in theory, but in the real world, and especially on the internet, you cannot get 100% compliance on *anything*.

    Any solution to spam (or, for that matter, any annoyance in life) which relies on 100% cooperation is doomed to fail. The successful solution will be one that allows a customer to stop receiving spam entirely regardless of what everyone else does.
  • What my ISP does is block all incoming TCP/IP access to Port 25. They also block all outgoing port 25 access to everything except their own mail server. If you are using their service then you can freely relay mail through their SMTP servers, however then they can easily track the volume of messages being sent.
    I initially found this pretty restrictive (eg: I wanted to run my own mail server, quite in violation of their TOS) however now I have my mail server running on another ISP. I can send directly throu
  • Just a thought (Score:2, Interesting)

    by okorpheus ( 852979 )
    Before the flames roll in, let me say I'm not advocating a view, just throwing it out for thought. Let's say someone tries to draw some conclusions about the general opinions of slashdot posters. How do we reconcile the beliefs that ISPs are responsible for spam going through their systems, but not pirated files.
    • Re:Just a thought (Score:2, Interesting)

      by divot2001 ( 758678 )
      If a group of terrorists armed to the teeth managed to break into a building monitored by a single security guard would we draw the conclusion that security everywhere is useless? Of course not, just that for this particular situation some highly trained criminals exploited a poorly guarded target.

      It's the same with mail servers, fix one problem and another appears, ad infinitum. Bottom line; SMTP is useless and should be relegated to the dark ages when only scientists and soldiers used email.

      SMTP requir
  • by LullySing ( 164221 ) on Monday January 24, 2005 @09:07PM (#11463838) Homepage
    You know what? When that dude talks about how the problem is solved, maybe he should stop pretending he's above us, and maybe start looking at the kind of system he's got.

    here's a post i made in my blog about a situation that arived because of AOL's "system". Ever since that episode, i haven't been impressed at all by these people.

    --------(start idiotic message from AOL)----------
    Date: Mon, 5 Apr 2004 09:04:13 -0400 (EDT)
    From: postmaster@aol.com
    Subject: AOL email concerns for isp-where-i-work-abuse.net
    To: abuse@isp-where-i-work-abuse.net
    X-Scanned-By: MIMEDefang 2.39

    Dear isp-where-i-work-abuse.net,

    You are receiving this message via our automated "Report Card" process (which helps analyze AOL's Internet inbound mail) because our available data indicate that isp-where-i-work-abuse has risen above the acceptable threshold for complaints:

    Total number of AOL member complaints: 186

    AOL takes proactive steps to contact owners of mail servers whose e-mail transmissions are impairing the functioning of AOL's proprietary e-mail system, or causing significant levels of AOL customer complaints.

    AOL requests that you take immediate steps to resolve the issues identified in this AOL Report Card. In the absence of a satisfactory resolution, AOL reserves the right to take measures to protect its email network and its member goodwill from any possible damage. These measures may include declining to accept e-mail transmissions from isp-where-i-work-abuse.net through AOL's proprietary e-mail network.

    AOL strives to provide the best online experience possible for our members, and we pride ourselves on being intensely focused on consumers and their needs. Email is a core feature of the AOL service, and the proper functioning of AOL's e-mail system is vital to our members' goodwill.

    Please review AOL's e-mail policies and guidelines, as well as other technical details concerning e-mail on the AOL network, at http://postmaster.info.aol.com
    ------------(end message)--------------

    Ooohhh, AOL's proprietary e-mail network. No information that is gonna be any use in determining WHY people are complaining at all. I guess this should not be a surprise, considering this crap is coming in from AOL! So i do the next available thing , i go to the website. Result : No information that is gonna be any use in determining WHY people are complaining at all. But there's a phone number.

    Result of calling 1-888-212-5537:
    *dials phone*
    "The holding time for the next available consultant will be more than ten minutes." ...( silence )
    "Thank you for calling America online ..."
    *spits water all over desk, workdesk and papers*
    (musak)
    (an hour later)
    Hello, this is postmaster helpdesk, can i help you? ...And here i am explaining to the bloke on the phone the situation, namely that we are getting "Report cards" without any kind of information as to why people are complaining, with no headers or anything at all to help us.

    REP:"oh, that's because you don't currently have a feedback loop with us."
    ME : "huh? but we received your report cards in the abusemail box."
    REP:"Yes, but you don't have a feedback loop with us"
    ME :"You know, there are databases on the net where you can get the abuse contact information for ISPs and things like that."
    REP:"Yes, but we made our own database"
    ME :"Couldn't you have used those as a base for your own database?"
    REP:"I cannot comment on that" ... and here are some other juicy interesting tidbits of information from this conversation...

    REP: So what are your mail server's IP adresses.
    ME : We have several : we're an ISP.
    REP: Alright, then give em to me.
    ME : That's why we use DNS names for our mail servers : if one breaks, we change the IP to another server while we fix the previous one.
    REP: So you can't give me the IPs? ...
  • I get probably about 40 spam messages a day. However I don't see a single one thanks to spamassassin. I think i've gotten about 1 false positive in the past year. There are good filters out there. Just because people don't know how to block spam doesn't mean it's impossible. People just need to wise up. Maybe ISPs should offer real spam protection as part of their service, instead of whatever crappy protection the are offering.
  • Spews [spews.org] -- love it or hate it -- is all about making hosting spammers more expensive to ISPs.

    Personally, I find that as a side effect it it an incredible tool for moving spam from my inbox to my junk mail folder.

  • a serious problem (Score:2, Insightful)

    by cg0def ( 845906 )
    Spam has been a huge problem for quite some time and the way that AOL deals with it is just shameful for them. I can't send emails to aol users from my sendmail server because AOL recognizes it as junkmail and refuses to accep it. Come on what's next blocking all OSS mail server just because people that uses them pay no royalties? AOL needs to seriously adjust their filter or maybe their spam strategy.

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...