FTC Recommends ISPs Disconnect Spam Zombies 411
Mike Markley writes "CNN is carrying a story about the the FTC's plans and concerns around spam zombies. They say they will be identifying such zombie hosts and notifying ISPs, and are recommending that the ISPs disconnect indicated users. There's also a recommendation likely to raise the ire of the geekier sorts: that ISPs only permit users to send mail through their own servers (presumably by blocking port 25 outbound)." From the article: "Law enforcers in 25 other countries, from Bulgaria to Peru, are also participating in the campaign, the FTC said. Absent from the list of cooperating countries was China, where experts say rapid growth and a relative lack of technical sophistication have led to a large number of zombie computers."
Block 25 all you like. (Score:3, Interesting)
So nyah!
Oh. They just blocked tunnels, too. Shit.
Re:Block 25 all you like. (Score:3, Insightful)
Re:Block 25 all you like. (Score:3, Interesting)
Re:Block 25 all you like. (Score:3, Interesting)
(It would be no different from, say, driving a car that had failed - or not received - State safety checks, in those States that require them. If you do something reckless, but do so in a way that doesn't actually interfere with anyone, then there's no big deal, but it's on you - not them - to make sure of that.)
Re:Block 25 all you like. (Score:3, Insightful)
In other words, the customer is just as capable of stopping anything from attacking the Internet from their machine as they are capable of fastening a seatbelt or checking their tire pressures. Sure, it's "extra work" - so are the two above examples, but people are still expected to do th
Re:Block 25 all you like. (Score:3, Interesting)
Re:Block 25 all you like. (Score:3, Interesting)
I presume a similar thing could be configured for outbound port 25 if they wanted to, perhaps even with a "whitelist" of hosts your permitted to send to. Definitely food for thought
Re:Block 25 all you like. (Score:4, Insightful)
Both of these concepts have a potential flaw. Burden of Proof.
If someone is using my email address for fraudulent headers to make it appear that I am sending the spam, is that sufficient for them to shut me down? Do I have to prove that the email which I do not have a copy of, did indeed not come from me?
Based on how ISP's have behaved in the past, they would be more likely to arbitrarily shut someone down because their either triggered a spam filter erroniously (false positive) or got their email address put into the spam headers.
I do not agree that there should be a nominal fee applied to someone who is hosting their own mail server. On the contrary I should be getting refund on the basis of lower costs are realized against my account since I have zero email disk usage on their servers and have fewer help desk calls. The uber-geek types only need to call the ISP when the connection is down or blocked.
Re:Block 25 all you like. (Score:3, Informative)
If, OTOH, they look and you're sending a solid 30KB/sec over port 25 for the last six d
Re:Block 25 all you like. (Score:3, Insightful)
Go ahead, block 25 (Score:4, Interesting)
Home users SHOULD be blocked or disconnected, one or the other. I don't actually care which, but as someone who watches mail queues for busy hosting servers, home users infected with viruses become a huge annoyance.
Re:Go ahead, block 25 (Score:5, Insightful)
Problem solved, and everybody wins.
Re:Go ahead, block 25 (Score:3, Insightful)
Re:Go ahead, block 25 (Score:2)
It's already been happening. I thought there was even one that was grabbing smtp auth information from mail clients and using it..
Re:Go ahead, block 25 (Score:2)
What makes port 25 such a problem is that it is MTA to MTA, which means that for machines with dynamically-assigned IPs, there is almost no way to track it back to a given end user's machine short of grepping through piles of dhcpd/pump/bootpd/pppd logs.
Re:Go ahead, block 25 (Score:3, Insightful)
1. use static dhcp.
2. tie the ip address to the modem/account
3. cap the outbound bandwidth (like they already
do)
4. let anyone run a server.
Personal responsibility shouldn't end at your modem.
It doesn't end at your door.
Re:Go ahead, block 25 (vote for mod) (Score:2, Insightful)
Honestly, education starts with being burned. Its 2005 and we're still trying to convince people that driving without seatbelts or racing other commuters, or
It gains traction when folks who are spreading it are having their feet held to the fire.
I'm not being an elitist jerk, I'm sayin that owning a computer is as much a responsibility as any thing else in life. You own a car, you're responsible for what you do with it. If your car is blowing
Re:Go ahead, block 25 (Score:4, Interesting)
User:"I need you to um, 'Unlock Port 25'?"
Tech Support:"What seems to be the problem?"
User:"I can't get my email and I need you to unlock port 25."
Tech Support:"You'll have access in 30 seconds."
LK
Re:Go ahead, block 25 (Score:3, Insightful)
Not Everyone (Score:2)
I use it because when I'm jumping onto a friend's wireless network, my ISP of course any mail I'm trying to send (since I'm outside their network), and it's impractical to reconfigure for every five minutes I want to spend sending something from a friend's system.
So I always send it myself. This obvious won't work if port 25 is blocked by default, as I'm also not going to call the ISP to
Re:Go ahead, block 25 (Score:5, Funny)
Bet your last dollar on it.
Re:Go ahead, block 25 (Score:4, Interesting)
Or, when a user signs up, give them the option! Why ISPs haven't provided this yet is beyond me. Have a simple web form that lets users sign in and turn off port blocking, the only ones smart enough to know they need to turn it off are also the ones that most likely need to.
For that matter, why hasn't Microsoft implemented this as a "feature" of windows XP? If they are turning off raw socket access, they might as well also turn off sending from port 25 by default. It'd upset some of us who host websites on our XP workstations, but if they really want to promote Windows 2003 Server, then this would seem like a viable option.
Or maybe, just maybe, we could abandon the ridiculous email protocol altogether, and move to something that is built with trust in mind. Or we could all start implementing greylisting and actually increase the cost of spam.
Re:Go ahead, block 25 (Score:2)
Re:Go ahead, block 25 (Score:2)
Re:Go ahead, block 25 (Score:2)
Or... (Score:3, Funny)
Well, it does have the drawback that nobody uses it anymore, but that does mean you never have to worry about your mailbox being flooded AND you get an excuse on why you didn't turn up to that important meeting that was called electronically.
Re:Go ahead, block 25 (Score:3, Interesting)
I paid substantially more for a Comcast "business" account at my home address, then found I still had problems hosting my own domains because of their inability to provide a static address... or even a dynamic address within a "business class" block. (The latter meant I was blocked by RBLs listing all residential DSL/c
Re:Go ahead, block 25 (Score:2, Informative)
465 is SMTP over SSL. 587 is submission, AIUI it's basically the same as SMTP but without the moral obligation to accept all correctly addressed mail from anywhere, so you can put up various auth barriers and whatnot.
Re:Go ahead, block 25 (Score:2)
IANA's port number listings [iana.org]
Re:Go ahead, block 25 (Score:3, Informative)
China will play along (Score:3, Interesting)
Re:China will play along (Score:2, Flamebait)
What it is about China? (Score:2, Insightful)
Seller of the Gods! (Score:3, Funny)
I am Zeus, Seller of the Gods.
Opening bids up for Narcissus. He's in beautiful shape! Any takers for Narcissus? (Sorry, sir, but you cannot bid on yourself.)
What am I bid for this muse, Apollo? Anyone care to bid on Apollo? Slightly used, I'm letting him go for a paean.
We've got goddesses, too! Aphrodite is going fast! She always goes fast!
Oh, you meant "seller of the goods"? Never mind.
Re:China will play along (Score:2)
The article said, it was unsure if China would play along. I don't recall it saying "China, the leader in spam" or something. Also if those 25 countries agree to do something and China doesn't, what do you think happens to the percentages?
Have you ever been to the PRC? I've been numerous times. I
Spam Zombies? (Score:2, Funny)
but now spam from the undead?
Re:Spam Zombies? (Score:5, Funny)
compliments of the season to you. I am Barrister Urrrrrrrrrrrr Guurrrrrrrr. I represent Rrrrrrrr Rrrrrrrrrr, son of the late gen. Rrrrrrr Urrrrrrrgh, who was the former military head of state in Transylvania. he died in 1312. since his death, the family has been losing a lot of money due to vindictive church officials who are bent on dealing with the family. based on this therefore, the family has asked me to seek for a foreign partner who can work with us as to move out the total sum of us$75,000,000.00 ( seventy five million united states dollars ) in gold, presently in their possession. this money was of course, acquired by the late president and is now kept secretly by the family. the Swiss government froze all the accounts of the family in Switzerland in 1571, and some other countries would soon follow to do the same. This bid by some government officials to deal with this family has made it necessary that we seek your assistance in receiving this money and in investing it on behalf of the family.
This must be a joint venture transaction and we must all work together. since this money is very heavy, extra security measures have been taken to protect it from theft or seizure, pending when agreement is reached on when and how to move it into any of your nominated bank accounts. please contact me so we can arrange to meet you at a graveyard of your convenience in the Transylvania area to complete the transaction. as it is in a rather large box, please bring a chainsaw to assist in cutting it open.
Note: Please send your reply through (Urrrrrrrrrrrr.Guurrrrrrrr@sco.com)
Comment removed (Score:5, Interesting)
Re:25? Already blocked. (Score:3, Interesting)
Re:25? Already blocked. (Score:2)
Re:25? Already blocked. (Score:5, Insightful)
Wouldn't it be nice if you could just set up his account to use the company's ISP for SMTP all the time? You used to be able to do that, until the spineless CableCo decided they were just going to blanket-block port 25, no exceptions, instead of doing traffic analysis and chopping off the offenders. But that would take work, and effort, and nobody wants to do that, so just block 25 and call it a day!
Note: Some elements of this story might be based on real experiences, which may explain the negative bias towards blanket policies of any type as bandaids.
Re:25? Already blocked. (Score:2)
A better solution would be to separate out the ports used by MUA-MTA and MTA-MTA connections. This would stop th
Re:25? Already blocked. (Score:3, Interesting)
http://www.ietf.org/rfc/rfc2476.txt [ietf.org]
Re:25? Already blocked. (Score:5, Informative)
Since MSA requires him to *authenticate* (which most clients, even OE and ilk will do happily) when he connects on port 587, and the ISP only accepts *outbound* mail on that port (other ISP's wanting to delvier mail *to* your ISP still use 25) it isnt terribly attractive to spammers.
Re:25? Already blocked. (Score:2)
1) Configure his mail client to speak SMTP to mailhost.domainthatIcontrol.com, and to speak DNS to dnshost.domainthatIcontrol.com.
2) Configure bind on dnshost.domainthatIcontrol.com to give different answers to the forward lookup on mailhost.domainthatIcontrol.com depending on where the request comes from.
3) Profit!!!
Re:25? Already blocked. (Score:2)
Re:25? Already blocked. (Score:2)
why not use port 587, which is specifically intended for this purpose?
587 is the answer (Score:2)
Re:25? Already blocked. (Score:2)
The way to block zombies would be to block the customer from port 25 dst for all IP but the ISP.
Nothing the customer could do (short getting the receiver to accept SMTP on some other port) could change that.
If the customer decided to send to port 80, (and assuming they convinced the receiving end to run an SMTP server on 80)
Re: (Score:2)
Re:Well, how about this. (Score:3, Informative)
Why would there be conflicts? A TCP connection is defined by four things... source IP, source port, destination IP, destination port. So long as any one of those four things is different from all the other connections currently being handled by, well, anyone, then it's a unique connection and its not going to tread on any other's toes.
Getting a box to listen on port 80 for SMTP and HTTP
Re:Well, how about this. (Score:3, Insightful)
Mail that servers send to other server
Anyone got bandwidth for new venture? (Score:3, Funny)
2. wait for futility among the geeks to set in.
3. set up vpn server for aforementioned geeks.
(real verified reg required)(paid service but
(Real Cheap)
4. profit!!!
any takers?
But I thought SMTP was on port 26... (Score:2)
[0:0] -A PREROUTING -p tcp -m tcp --dport 26 -j REDIRECT --to-port 25
(You have to add that to your server machine, not your client machine)
I second! (Score:3, Informative)
Re:I second! (Score:2, Insightful)
What about VOIP/911 services? (Score:4, Interesting)
People use their broadband connections for phone and 911 services now -- cutting them off completely could literally cut them off from emergency services.
Re:What about VOIP/911 services? (Score:4, Funny)
Re:What about VOIP/911 services? (Score:2)
Re:What about VOIP/911 services? (Score:2)
Re:What about VOIP/911 services? (Score:2)
Re:What about VOIP/911 services? (Score:2)
Anyone who's not housebound is going to be carrying a cell phone - and a lot of us use it as our only line ... works fine. This 911 stuff is mostly alarmist BS. Your home line is useless for calling 911 when you're in the yard, or in your car, or walking the dogs, or anywhere else except in your house.
Obiquitous cell phone usage has already pretty much killed off OnStar renewals ... its hurting the old-line telcos ... and VoIP is just a
blocked ports (Score:3, Insightful)
I'm guessing most of the people who unwittingly harbour zombie machines wouldn't know wtf port 25 was anyway
Maybe a couple of basic networking questions to weed out the chancers?
I already do this on my home net (Score:5, Interesting)
This means that even if a worm gets through the NAT and manages to infect my patched-to current AV-running machines, it can't do what 90% of them want to. Thus, when the patch/AV database update arrives and kills it, I know I've not contribued to the problem.
Re:I already do this on my home net (Score:2)
Re:I already do this on my home net (Score:2)
Yes, and now it looks as though the "powers that be" are going to force everyone to do something similar. Either you are going to have to be smart enough to set up your mail so that these sorts of attacks are impossible, or you don't get to send email at all.
So what? (Score:5, Informative)
That ISPs only permit users to send mail through their own servers (presumably by blocking port 25 outbound)
My ISP doesn't block 25 outgoing but a few spam blacklists have my IP range on their "DSL/Cable/Dialup" listings so I send mail from my internal server through the ISP.
The result? No more "You're on a dynamic IP" bounce messages.
Small Business Users / external hosting (Score:2)
Guess that means the ISP gets a 'forced market' when it comes to email and hosting domains.
Re:Small Business Users / external hosting (Score:2)
Re:Small Business Users / external hosting (Score:2)
Also, some email servers reject mail thats been relayed from a different domain then its claiming to be ( antispam measure ).
Re:Small Business Users / external hosting (Score:2)
Re:Small Business Users / external hosting (Score:3, Informative)
http://www.ietf.org/rfc/rfc2476.txt [ietf.org]
This idea is to seperate 'a mailserver connecting to another mailserver to drop of mail that is addressed to a user at the destination server' from 'a user connecting to his own server, authenticating as such, and then dropping of outbound mail for that server to then send on to the final destination', and restrict the first to non-dynamic, non-'consumer', or any addresses where there isnt some reasonable expectation of a positively identifiable responsible party.
Re:Small Business Users / external hosting (Score:5, Interesting)
It doesn't matter what SMTP server you send outgoing mail from (so long as it's not blacklisted) -- SMTP doesn't check domain names or anything (which is also really the reason spam can exist so easily).
I had a situation that was really annoying a few years ago. We were on DSL with the incumbant phone company, and used our own co-located server to send mail. One day, I could no longer connect to SMTP. Called them, of course teir 1 tech support says "no, nothing has changed". I wait for a while to see if it'll go away, then call them back a couple hours later. This time, the guy says that they noticed one router wasn't blocking 25, so they "fixed" it. I decided just to use their server, since it was an easy fix (make a DNS entry in the office only that points to their IP instead of ours).
This was fine for a couple months. Then one day, we couldn't send mail again. I tried to connect to their SMTP, and it would either timeout, or VERY slowly connect. I call them, and they say they're being hammered by viruses, and it'll be fixed soon. Within half an hour it was back to normal. This happened about 3 more times, and I got really annoyed. I called and asked them to remove the port 25 block (just for my account -- even to only my mail servers IP), because it was rediculus we couldn't send email. They said they couldn't, I'd just have to wait. Well, it was several hours and still not working, so I called again, and asked to speak to a manager or supervisor. Basically, same deal "no, we can't take off the block. Maybe you can use webmail". Although it would work, I didn't want to tell everyone to use webmail instead of their email clients just because of this. I called another ISP, asked them how long it would take to get me DSL (and made sure I could use my mail server), ordered it, and called my ISP back and set to get rid of their connection.
Of course, this started another rediculus series of events. The DSL remove order and DSL add order (that get filed by old and new ISPs, respectively) got "mixed up", and a couple days after moving to my new ISP the DSL signal was lost. An angry call to the phone co had it back within an hour (yet it somehow still takes 5 business days normally).
The old ISP also decided that we actually couldn't cancel when we did - we were on a 1yr contract, and had to pay 50% of 8 months service or something for cancelling early. We had been a customer for 3 years, and none of our bills for the past year said anything about a 1year contract. They also couldn't produce the contract -- not even an unsigned version. In subsequent calls, they claimed that it was a verbal contract yet couldn't name who had supposedly made it. Eventually months later, in an effort to get our local phone service back (we had switched to a CLEC many years ago), they decided to "credit" our account for the charges. Of course, we remained with the CLEC.
Anyway, that got a tad off topic, but I felt the need to vent. Stay away from the big phone companies
Re:Small Business Users / external hosting (Score:3, Insightful)
Running an MTA is serious business these days. It's not just about blocking VRFY and ETRN. I'm battling bounce attacks, attacks on postmaster and make-baby-jesus-cry brute force attacks which are:
1. Difficult to stop.
2. Apparently increasing in popularity.
We process a bit over 100K emails/day. We reject about 15K emails/day.
Are these small businesses going to try to address th
Blocking port 25 only half bad (Score:3, Informative)
that ISPs only permit users to send mail through their own servers
I am a geekier sort, and this pisses me off. At the same time I'm kinda glad. I only really use my ISP mail server for everything. They relay on even if my From: address is set to something other than my ISP-provided email address.
Anything to bring the amount of SPAM down is good in my books. Even if it means a slight loss of accessibility to other mail servers... That said, SMTP has authorisation capabilities now. They should rethink the blanket block and block only those SMTP servers that don't force authorisation to send mail. At least that way you'd need an account on it to send mail.
Don't block 25 outbound! (Score:2, Insightful)
Re:Don't block 25 outbound! (Score:2)
Re:Don't block 25 outbound! (Score:2)
Re:Don't block 25 outbound! (Score:2)
A throwaway gmail, yahoo, hotmail, etc... account?
Nothing forces you to use anyone's servers (Score:2)
Wrong. You can use whatever mail server you want as long as you connect on a different port. Very few (if any) ISPs block 587.
When I am traveling and connected with a different ISP, I have to go into my email program's (Thunderbird) settings and change the outbound server (or not send mail).
If mobile email is important to you this is why it is an excellent idea to use an ISP independent mail server. You can get a cheap web hostin
Re:Nothing forces you to use anyone's servers (Score:2)
Earthlink (Score:2)
Luckily I can bounce my work email off the Earthlink server without it looking any different.
This is going to get someone killed. (Score:2, Insightful)
It wont be long before someone dies because their newly 911 enabled VOIP phone was disconnected because their machine was suspected of being a spam zombie.
Stupid policy. (Score:4, Insightful)
Closing port 25 is pointless because the owners of the botnet already know to use the ISP's SMTP server, just like the victim does, to send mail. You won't really stop the spam or DDoS this way, you will just stop normal users from doing something that's easy and useful.
There's nothing difficult about running a mail server. Exim comes with debian and has reasonable default values set in a script that tells you what it's doing. It's no harder to run than it is to use a GUI client. There are many advantages to it as well, such as custom mail addresses for registrations and other junk.
Reducing redundancy is bad for national security. In the end, it's much easier to DDoS email by targeting two broadband providers than it is to target thousands of individual users with a clue. The setback will be temporary. As email dies as a useful communication media, Jabber and others will rise in it's place.
Re:Stupid policy. (Score:4, Insightful)
Re:Stupid policy. (Score:5, Interesting)
port 25, zombies, DNS cache stuffing, debris (Score:3, Funny)
ISPs should block zombies. A simple auto-generated email aroused by traffic level and requesting an explanation should be sufficient. Blcok all except port 53and whatever the heck VOIP uses if there is no reply.
DNS cache stuffing is still a problem. Who needs an open proxy when you're a legal host?
A bounty on spammers perhaps? Outsource to Indonesia, Malaysia, Peru, Belarus, Ukraine, Pakistan, or any number of places.
Hell, my lawn guy in USA, and this is an honest to $deity(s) quote...
"Twenty dollah? TWENTY DOLLAH? I KEE a MAN FO TWENTY DOLLAH!"
Not the worst solution.. (Score:5, Interesting)
I do have to question the FCC's thinking though. Most people who get infected are not of a technical nature. If you disconnect them from the net, they are at a loss of how to fix the issue. Obviously they don't have uptodate protection on their machine. if they go out and buy a brand new copy of whatever virus software, it will need to download the latest definitions, which they can;t do because you shut them off.
It reminds me of the mid 90's where if your ds3 to one of the 6 or so backbones went down they would send you an email to notify you. Or sending them a letter telling them you shut their phone off and telling to call you to get it turned back on.
Re:Not the worst solution.. (Score:3, Insightful)
The user's PC can still connect to a small area of the ISP's network, but not to The Internet - surely that counts? (It's also a far better solution than just killing their connection completely, as you say)
FTC Does NOT Recommend Blocking SMTP / Port 25 (Score:4, Informative)
I immediately went to ftc.gov.
Here is a link to their actual press release:
http://ftc.gov/opa/2005/05/zombies.htm [ftc.gov]
They have a more detailed website at:
http://www.ftc.gov/bcp/conline/edcams/spam/zombie
This site appears to be geared for the people who actually understand what's going on. The very first bullet point on the site states very clearly:
"block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers."
In other words, under their proposal, can still send emails so long as we are authenticating to an SMTP server.
We can use our College email, our Google, Yahoo, etc. accounts.
This is how I interpret their idea:
- You want to send email? Connect to an SMTP server and log on.
- Incoming traffic is not interfered with.
- If you send SMTP traffic directly from your computer to someone else's computer, this is blocked.
I'm not sure exactly how one would implement this because one cannot know every "legitimate" mail server. Further, ISP's will not (should not) be scanning all of our SMTP packets to see what kind of traffic is coming from our computers. The easiest solution is something already in place, although it annoys me. I can still send SMTP from my computer (RoadRunner ISP, New York City) but if I send to an AOL user, for example, I get a reply back from AOL explaining that AOL will not accept emails from a Residential IP address. This is irritating, but it's no bother. Simply have all the ISP's say, these IP blocks are for our residential customers --- if you get email from them, it's probably a spam zombie, so you may wish to block such SMTP traffic if it becomes a bother.
I'm not proposing anything, just trying to piece together what the FTC is actually saying. Trust me, they're not so clueless; it's usually the papers, especially in these generic wire reports, that mess up the details.
The FTC is most certainly _not_ recommending that all port 25 traffic is blocked; they are not limiting anyone to their ISP's mail servers.How would the FTC people log in to their own FTC email from their homes? They'd have the same issues we'd have.
Anyway, since I *never* use my ISP mail server (mostly because Google is faster, has more storage, and is easier to access when I don't feel like carrying my laptop around; and because for professional stuff I tell people to contact me @honorscollege.cuny.edu (even though I SMTP back through Google).
Though less technical, I'm sure, most professional people require such a setup. Think things through. I see so many posts regarding outright and absolute SMTP / Port 25 blocking. That's too ridiculous to believe. Indeed, it's not even close to what the FTC actually says, as I cite above.
Read their site if you still have your doubts. Let it be said, however, that the government is not as stupid as some would like to believe.
A simple fix? (Score:3, Interesting)
Why not have built in software (firewall) that by default blocks port 25, and port 80 (inbound) irc in/out etc, and make the customer need to specifically allow those ports if they want them open.
That way, the 99% of the customers who never use those ports will have cleaner or safer machines, while the people who do run their own servers have the ability to use them.
Crap. (Score:4, Insightful)
Roadrunner, by contrast, doesn't do this. This is why I subscribe to their service now and dropped Mindspring.
Email I send goes over my LAN to my SMTP server, which then handles sending it out. 99% of the time I don't have a problem. When I do, it's usually for some shit like AOL or sending mail _to_ Earthlink or Mindspring, at which point they get a complaint email (whcih they of course ignore), and then a bunch of enraged calls from their customers (who don't understand the entire thing) saying that the ISP's email reception is broken (which it _is_). This wastes their time dealing with their enraged customers. If they don't like it, they can fix their fucking systems.
Of course, I could set a smart host to my ISP's mail server, which solves the problem, but grants me the problem I pointed out in the first paragraph.
If ISPs are going to block outgoing port 25 and effectively break the net that way, then they need to FIX THEIR FUCKING SMTP SERVERS FIRST. If they would do that, then I wouldn't give a rat's ass what the fuck they do aside from the principle of the thing.
All of this evades solving the real problem. The real solution is to filter spam using something like Spamassassin and, because that's a drain on resources, block the originating SMTP host automatically (and send an email to the technical contact) when X number of spams are received from the same IP address. When Y number of spams are received from an ISP, block that entire ISP. The IP mappings are available or, at least, could be made available. Then the ISP's resources are only tapped up to X (or Y) number of spams. This blocks zombies, but is a stopgap solution. The real solution lies with the originating ISP, which needs to map that back to an account and cut that account off. After that, the originating ISP which was used can send a bill back to the user and turn them into the FTC for violating anti-spam legislation. All this, of course, with forced banning of ISPs running zombies.
This, in turn, puts pressure on Micro$hit to fix their fucking operating system, and on users to keep their systems up to date.
Now the simplest solution? Wait for it, it's mind-numbingly simple. If you're going to block port 25, ALL ISPs should allow opening of port 25 with a no-questions-asked phone call with the understanding that if it's caught sending spam then, after a human review, the account will be cut off.
get a box hosted (Score:3, Informative)
Re:Blocking port 25 seems reasonable (Score:3, Informative)
You mean like this list of machines logged on my company's mailserver last night?
Re:Blocking port 25 seems reasonable (Score:5, Insightful)
Don't block my outbound port 25.
Don't block my outbound ANYTHING.
Block me off completely when my machine hurts the internet by spamming/flooding/whathaveyou.
I'm so sick of this "Let's surrender our internet because of Microsoft" bullshit. I'm sick enough of it to burn karma by posting this crap that's going to get modded into oblivion.
Not all of us know someone with a well connected server. Not all of us want to post mail from somewhere other than our box. I know that my box is working and isn't logging what I'm sending somewhere else. I know that the government isn't reading my email logs. I know that my server is MY SERVER and that's THAT.
If you don't like it, go back to AOL. Then you can have your little closed interface, able to email all of your little friends who use the same closed interface, and get charged for what I can get for free. All I have to pay for is my connection, whereas you'll have to pay for every "value-added" service you use.
Re:Blocking port 25 seems reasonable (Score:3, Insightful)
You're allegedly a hardcore geek, but you're whining about the fact that people on consumer-grade internet connections are treated like consumers?
Really, if you want to get treated like the big swinging dick you apparently think you are, you should probably get a real internet connection. Go get yourself a T1 or a colocated server. Or both. Christ, I know people who get hundred-megabit pipes for their hobby projects; if you can't afford the few h
Re:Blocking port 25 seems reasonable (Score:3, Insightful)
V-P-N. If they're that far up the tree what they're sending is probably confidential anyway.
Re:Wrong way around (Score:2)
The ultimate solution is, I'm afraid, blocking of outside port 25 hosts by anything other than actual mail servers. We finally bit the bullet early this year and put a total ban on our regular subscribers sending o
Re:Wrong way around (Score:3, Interesting)
Fail to route your customers packets at your peril. Period.
I already dropped Adelphia cable and went to Speakeasy when they purposely stopped routing ICMP packets. I made the decision in about 3 seconds once I found out what they had done.
There are no bad ports or protocols, just bad people and programs. You'll have to deal with the problem directly not with bandaids if you want to keep your best customers.
That said, if you are a low end provider you don'
Re:Who runs home mail servers? (Score:2)
Besides, did you read the article?