Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Name and Shame Spam Senders With OpenBSD

timothy posted more than 5 years ago | from the sounds-like-a-cool-infomercial dept.

Spam 166

Peter N. M. Hansteen writes "Once you've identified spam senders, OpenBSD provides all the tools you need to take one step further: exporting their addresses and publishing the evidence. You can even trap them yourself using known bad addresses. It's easy, fun and good netizenship."

Sorry! There are no comments related to the filter you selected.

"netizenship" (5, Funny)

Anonymous Coward | more than 5 years ago | (#26767809)

...NO!

Here's some cool information (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26767849)

A video where an eagle throws a goat off a cliff! [videosift.com]

Re:"netizenship" (2, Insightful)

Dan541 (1032000) | more than 5 years ago | (#26767889)

How can we be expected to take someone seriously when they invent more bullshit.

Re:"netizenship" (0)

Anonymous Coward | more than 5 years ago | (#26768031)

Does anyone else find the subtle irony in the parent post amusing?

Re:"netizenship" (1)

buswolley (591500) | more than 5 years ago | (#26768489)

I think that the topic is so boring that it has dampened by subtle sarcasm antennae. Explain?

Wife is gone on a trip t mother-in-law, drinking a dead guy ale, contemplative and bored.

Hmmm? (4, Interesting)

BCW2 (168187) | more than 5 years ago | (#26767819)

Wouldn't it be more fun to go to their house and either serve them with a civil suit for a $Million+ or just beat their computer into a cube with a sledge hammer?

Re:Hmmm? (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26767855)

Wouldn't that require beating a million computers into a million cubes to take down their bot net? Perhaps hammering their toes would be better.

Re:Hmmm? (2, Insightful)

cp.tar (871488) | more than 5 years ago | (#26770455)

Couldn't we do both?

Re:Hmmm? (1)

Zarluk (976365) | more than 5 years ago | (#26768065)

I would rather suggest using the sledgehammer on themselves... then, we could use their computers to do some useful stuff ;-)

OK, just kidding, but there is a hole in my brain that would like to to do it anyway ;-)

Re:Hmmm? (0)

Hordeking (1237940) | more than 5 years ago | (#26768417)

Wouldn't it be more fun to go to their house and either serve them with a civil suit for a $Million+ or just beat their computer into a cube with a sledge hammer?

Wouldn't it be more fun to just beat the spammer to death with said sledgehammer? And since there would have to be millions with a motive to kill him, they'd have a lot of trouble pinning it on you.

Re:Hmmm? (0)

BCW2 (168187) | more than 5 years ago | (#26769227)

Not painful enough. But if his knees, elbows, wrists, and ankles got in the way of the server getting pounded?

Re:Hmmm? (0, Offtopic)

Hal_Porter (817932) | more than 5 years ago | (#26770013)

What about the First Anendment? Surely spammers have free speech rights?

Re:Hmmm? (2, Funny)

cyphercell (843398) | more than 5 years ago | (#26770359)

your quite right. The sledge hammer should be used to bust their jaw first.

Missing a few addresses (0, Troll)

damn_registrars (1103043) | more than 5 years ago | (#26767847)

The list should have these five as well:
  • xsalsa@gmail.com
  • domains@locu.st
  • domains@surink1.com
  • domains@nosnos.com
  • domains@suremoon.com

These have all been used by Leo Kuvayev (often under his alias "Alex Rodrigez" (note the last name spelling)) in his spamming operations. I'm sure there are more recent ones as well.

Re:Missing a few addresses (4, Funny)

Anonymous Coward | more than 5 years ago | (#26768187)

You forgot a couple of his aliases:

dmcbride@sco.com
bgates@gatesfoundation.org
steveb@microsoft.com
jackpeace@comcast.net

the known bad addresses part seems dangerous (5, Interesting)

Trepidity (597) | more than 5 years ago | (#26767851)

I agree the vast majority of email sent to "known bad" addresses will be sent by spambots, and that'll probably be the exclusive source for never-published addresses. But in the case where they publish these known-bad addresses on a page that they hope spambots will index, it seems blacklisting based on them is vulnerable to abuse. If I want to get some server blacklisted, and I have any sort of access to send mail from it, I can just send mail to the known-bad addresses. For example, good way for mischievous students to cause mayhem by getting their university's mail servers blacklisted.

Re:the known bad addresses part seems dangerous (1)

lukas.mach (999732) | more than 5 years ago | (#26768055)

And you don't even have to have access to send mail from that server - you can just fake the headers, the server on the other side has no way of knowing.

that I think he's avoiding (4, Informative)

Trepidity (597) | more than 5 years ago | (#26768153)

I could be misreading, but I think he's using the IP of the server that actually connects to his server and attempts to deliver mail, not the IP reported in the mail headers.

Re:the known bad addresses part seems dangerous (1)

djmurdoch (306849) | more than 5 years ago | (#26768161)

The logs aren't based on trusting the headers in the spam. They're based on which machine tried to deliver the spam.

Re the GP: You could cause mayhem at a university by getting bsdly.net to block all mail from them? I don't think so.

Now, if there was actually any value to this name and shame list it might cause trouble, but there isn't. It's just a bad idea. There are lots more spambots than addresses in that list.

Re:the known bad addresses part seems dangerous (1)

amirulbahr (1216502) | more than 5 years ago | (#26769211)

$ man 2 accept
ACCEPT(2) Linux Programmerâ(TM)s Manual ACCEPT(2)

NAME
accept - accept a connection on a socket
...
int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen);
...
The argument addr is a pointer to a sockaddr structure. This structure
is filled in with the address of the peer socket, as known to the com-
munications layer.

netizenship? (4, Funny)

thermian (1267986) | more than 5 years ago | (#26767853)

Sorry, I'd never claim citizenship on the internet, after all, who'd want to live in a place that was almost entierly composed of porn?

Oh wait...

Re:netizenship? (0)

Anonymous Coward | more than 5 years ago | (#26770457)

Obligatory Chappelle skit.. [comedycentral.com]

Not Really (5, Interesting)

IsMyNameTaken (1362911) | more than 5 years ago | (#26767879)

I think someone tried the latter approach [washingtonpost.com] already and it didn't end up helping her much

Re:Not Really (3, Insightful)

Ethanol-fueled (1125189) | more than 5 years ago | (#26768267)

Are you kidding? She got to beat the shit out of a Comcast office while scaring away everybody inside!

Shaw received a three-month suspended sentence for disorderly conduct, a $345 fine in restitution and a year-long restraining order barring her from the Comcast office.

I assure you that if I could get away with that kind of punishment I'd do the same thing! Only I'd use a bat instead.

Re:Not Really (1)

cyphercell (843398) | more than 5 years ago | (#26770423)

perhaps the judge was a comcast customer?

Form response (5, Funny)

carou (88501) | more than 5 years ago | (#26767885)

Your post advocates a

( ) technical ( ) legislative ( ) market-based (X) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
(X) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(X) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Form response (-1, Redundant)

timmarhy (659436) | more than 5 years ago | (#26767931)

mark poster as redundant, his 2 page response contains about 2 lines of opinion. you must work in some kind of public service office pushing paper to think a form is a good way to express an opinion.

Re:Form response (5, Funny)

SSpade (549608) | more than 5 years ago | (#26767953)

Summarhy for timmarhy: x x x xx xx x x xx x x x x

Re:Form response (4, Insightful)

Jurily (900488) | more than 5 years ago | (#26767979)

Whoosh.

That form is older than I am, and it still works perfectly.

Re:Form response (1)

Slur (61510) | more than 5 years ago | (#26768523)

I've never seen or heard of this form before, but as a fan of the Jargon File (got it in hardback, baby!) I figured it had to be part of the lore and lexicon of the net. The fact that it's hilarious also gives it away.

Re:Form response (0)

Anonymous Coward | more than 5 years ago | (#26768091)

h.o.l.y. c.r.a.p.

you're STUPID.

This is the oldest form ever.

Re:Form response (4, Interesting)

thePowerOfGrayskull (905905) | more than 5 years ago | (#26768639)

Perhaps it drew some inspiration from this one [kk.org] .

Re:Form response (5, Funny)

pyrrhonist (701154) | more than 5 years ago | (#26768111)

Dear Slashdot poster,

We're sorry to hear that you do not approve of the Universal Crackpot Spam Solution Rebuttal Form [craphound.com] . As you are no doubt aware, per Slashdot rules this form must be posted in all articles pertaining to a spam solution. This form was carefully crafted by leading experts in their field, and has been serving the community well for almost a decade.

Your opinion is important to us, but please be advised that we cannot answer all inquiries or complaints personally. If you have questions concerning the Universal Crackpot Spam Solution Rebuttal Form or its use, please feel free to pipe your inquires to /dev/null. All inquiries will be processed in the order in which they are received.

Sincerely,
The Slashdot Community

Re:Form response (4, Insightful)

Dogtanian (588974) | more than 5 years ago | (#26768125)

mark poster as redundant [..] you must work in some kind of public service office pushing paper to think a form is a good way to express an opinion.

On the contrary. The fact that someone's argument can be criticised and/or refuted via such standardised means (*) shows that it fails in one or more now well-defined areas that previous "solutions" have exhibited and should have been considered this time round. And/or that this is merely an inadvertant repackaging of an older idea.

The slightly tongue-in-cheek form makes the point well, and far from being longwinded is shorthand compared to having a tedious and pointless rehash of previous discussions.

(*) As another poster mentioned, this "form" has been around for ages.

I go with the unpopular GP comment (2, Interesting)

DiegoBravo (324012) | more than 5 years ago | (#26768219)

That form looks like a wise and economical approach, but what in the earth could pass clean that form? phone calls? SSL channels with certs? SMTP-Ajax(?)?

Re:I go with the unpopular GP comment (0)

Anonymous Coward | more than 5 years ago | (#26768295)

Nothing, you idiot. That's why there's still spam.

Re:I go with the unpopular GP comment (4, Insightful)

techno-vampire (666512) | more than 5 years ago | (#26768341)

what in the earth could pass clean that form?

Currently, nothing. If somebody ever does come up with something that will, it will spell the end of spam. I'm not holding my breath.

Re:I go with the unpopular GP comment (2, Interesting)

DiegoBravo (324012) | more than 5 years ago | (#26768627)

Maybe this is correct: a scheme that passes that "antispam-form", implies the end of spam.

But nobody has demonstrated that the end of the spam does require passing such form.

What protocol/scheme/solution is so perfect in that way? look at the imperfect (but working) TCP/IP. Maybe some people is precluding deployment of acceptable solutions because of that dogma-form.

Re:Form response (3, Insightful)

ivoras (455934) | more than 5 years ago | (#26768359)

As Bill Gates and others have noticed previously, a very obvious solution to the whole spam and e-mail viruses problem would involve removing just one single line from this form:

( ) Sending email should be free

Though it is next to atrocious to admit for anyone who's using e-mail now, setting a $$$ cost to each message sent is probably the only way both first-level spammers and owners of infected machines would be forced to go off-line. This doesn't necessarily mean establishing a central authority - ISPs could simply analyze sent traffic.

But a "solution" like that will dramatically change the nature of Internet. It's really tough come up with a working solution that's not worse than the problem.

Re:Form response (1)

hardburn (141468) | more than 5 years ago | (#26768589)

Not only will it dramatically change the nature of the Internet, it'll do so with no benefit at all. Most spammers send their mail with botnets. The people paying won't be the spammers, but the people who's machines have been infected.

Re:Form response (1)

Koby77 (992785) | more than 5 years ago | (#26769297)

Not only will it dramatically change the nature of the Internet, it'll do so with no benefit at all. Most spammers send their mail with botnets. The people paying won't be the spammers, but the people who's machines have been infected.

It could also be argued that those who don't maintain their machine properly enough to allow it to become infected by a botnet deserve to pay for some of the cleanup costs of the damage (spam, DDOS, ect.).

But I'm certainly not that vindicitive, so another solution would be to require email postage to be prepaid. A small account cap for individuals would limit the cost, and also make their machines less desirable as targets for botnets if the spammers can only send a few hundred emails before depleting the account and getting cutoff until the next billing cycle.

Re:Form response (0)

Anonymous Coward | more than 5 years ago | (#26769339)

This seems like a feature, not a bug. Maybe they'd finally be motivated to clean up their disease-ridden pesthole computers, or at least stop using computers altogether.

Re:Form response (5, Insightful)

Tubal-Cain (1289912) | more than 5 years ago | (#26768625)

As Bill Gates and others have noticed previously, a very obvious solution to the whole spam and e-mail viruses problem would involve removing just one single line from this form:

( ) Sending email should be free

(x) Users of email will not put up with it
(x) Requires immediate total cooperation from everybody at once
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
(x) Unpopularity of weird new taxes
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Countermeasures must work if phased in gradually

(x) Sorry dude, but I don't think it would work.

Re:Form response (0)

Anonymous Coward | more than 5 years ago | (#26768637)

That "should" is not a "we would like it to be" kind of should. It's the kind of should which implies "or else email is going to be replaced by some other free messaging system, which doesn't solve the spam problem."

Re:Form response (2, Insightful)

dgatwood (11270) | more than 5 years ago | (#26768807)

Actually, if email gets replaced by some other messaging system, it very easily could eliminate spam. The sole reason email spam can't be taken care of with a technological solution is that the infrastructure changes would be too massive and you couldn't get 100% opt-in for any new scheme by such a large number of players.

If SMTP were replaced by something else entirely, that whole problem goes away and you can design proper security into the protocol. All you really need is a protocol that enforces end-to-end authentication (and possibly encryption) and requires that every host involved in the transaction except for client machines sign every message that passes through and include a public key in their DNS record that can verify that signature. This would completely eliminate any possibility of endpoint forging, which would mean that spammers would have to keep registering domains to get new non-blocked source domains. Eliminate domain tasting, and those new domains = $$$ that the spammers would have to pay... frequently... all without introducing any per-message costs. If you take it one step further and require an SSL cert (not self-signed), that action by itself would be pretty much be the end of bulk spam as we know it, but would have the advantage of not harming legitimate business-to-user communication, email discussion lists, etc. like a per-message cost would.

Such a change would radically alter the balance of power in the spam wars. It would ensure that a spammer, once identified, could be trivially blocked, and would make it much harder and more expensive for the spammer to recover from such blocking. Unfortunately, while it would be possible to retrofit this onto SMTP, that compatibility with legacy systems would ultimately make it a waste of effort to do so; spammers would merely continue using the legacy compatibility mode to deliver the spam. It really has to be a clean break from SMTP for this to work and gain any traction whatsoever, and has to be 100% spam-free by design from day one.

Re:Form response (1)

snaz555 (903274) | more than 5 years ago | (#26769807)

The end-to-end signature scheme, while a good idea in general, won't help with spam. They'll just sign their spam using the signature of the owners of the machines in their botnet used to send it. This is assuming you don't have to regularly reauthenticate when you send email, to unlock your keys, but that will never be acceptable to end users.

It is, however, a very good idea for banks and others to start signing their mail. The signature should be an SMTP header, and it should be a legal requirement for banks and other trust corporations to use it in their communications. (Why they don't already at least sign their correspondence beats me, but I guess without a standardized header UMAs won't have automatic verification built in, making it a feature practical only to a small number of users.) This would be effective against phishing, although of no use against spam. PGP as usual is massive overkill (internal platform syndrome) for what is a simple problem.

Re:Form response (0)

Anonymous Coward | more than 5 years ago | (#26768773)

Seems to keep my text messages relatively spam-free. My gmail and aim mail account seem to work fine at blocking spam, at least for the moment... though I'd probably be willing to pay a small fee per message if my inbox had enough ads for penis pills. Maybe we will move towards forms of paid premium messaging, I wonder where the money will go though.

Re:Form response (0)

Anonymous Coward | more than 5 years ago | (#26768233)

Thats the most options checked on that form that I have seen.

Either this plan will fail disastrously, or it will just fail. I have not yet decided on which.

One more, actually... (1)

T0t0r0_fan (658111) | more than 5 years ago | (#26768415)

I do believe OP missed one more, namely:

(X) Blacklists suck

But really,

(X) Why should we have to trust you and your servers?

sums up the failure quite nicely.

Re:Form response (0)

Anonymous Coward | more than 5 years ago | (#26768465)

...
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once

Wrong

( ) Many email users cannot afford to lose business or alienate potential employers
(X) Spammers don't care about invalid addresses in their lists

Wrong, this is not about killing addresses

(X) Anyone could anonymously destroy anyone else's career or business

[why?]

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email

This is advice for every mail admin, whether or not they are going through it. Also contradicts your "Requires immediate total cooperation from everybody at once"

(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems

Care to explain? ... skipping the rest ...

I like the form as it covers most misunderstandings, but you are doing it wrong.

Specifically, you failed to
(X) RTFA
(X) consider that not one plan will solve all the issues.

Re:Form response (0, Redundant)

Jeff DeMaagd (2015) | more than 5 years ago | (#26768481)

This spam checklist meme has been overdone. Why don't you go and help beat the skeleton of the LOL Cats meme instead? Then it might be funny.

Re:Form response (0)

Anonymous Coward | more than 5 years ago | (#26769079)

If it's been overdone, then why is there now another miracle cure for spam? I'd say it hasn't been done enough.

Easy, fun... (5, Insightful)

subreality (157447) | more than 5 years ago | (#26767939)

They can call it easy, fun, and good netizenship... But I say they're just putting a friendly face on vigilanteism.

From a technical perspective this isn't that different from other collaborative filtering systems (though since the listing criteria is based on secondary sources, it's going to be susceptible to confirmation bias and other sampling errors, so this isn't likely to be a good one). I take big issue with the naming, though: Other collaborative filters say that "This machine is listed because it met these criteria", which you then make your own decisions on.

It crosses a line when you're saying they should be "shamed", especially when you're not taking extensive precautions to make sure you're not listing innocents.

Re:Easy, fun... (0)

Anonymous Coward | more than 5 years ago | (#26768227)

Why not pipe the output of this into a script that sends a canned email to abuse@whatever? Then it actually does something productive. Is that still problematic?

Re:Easy, fun... (1)

subreality (157447) | more than 5 years ago | (#26768263)

Yes, that creates unnecessary backscatter, and facilitates joe jobs.

Re:Easy, fun... (2, Interesting)

Blakey Rat (99501) | more than 5 years ago | (#26768443)

That's why they do it.

Seriously, it's almost trivial to completely avoid spam now. All of the three major free email vendors, Yahoo, Microsoft and Google, all have excellent spam filters. Every mail client has excellent spam filters. In a world of streaming video being one of the most popular internet uses, the bandwidth consumed by spam isn't a huge deal anymore. (Bittorrent on the other hand...)

Point is, these "spam vigilantes" basically have to go out of their way to even see spam. They enjoy seeing the spam, because then they can get outraged and do stuff like this. It's basically a hobby at this point.

Re:Easy, fun... (1)

subreality (157447) | more than 5 years ago | (#26768665)

Seriously, it's almost trivial to completely avoid spam now. [...] They enjoy seeing the spam, because then they can get outraged and do stuff like this.

I wouldn't attribute that much malice to it.

Sure, the big players have great spam filtering, but the work it takes to get there isn't trivial. And there are a lot of us who don't use webmail. Having configured a few mail systems, it takes a lot of poking and prodding and fine tuning to get an anti-spam configuration that works really well. In the course of doing it, you see these strong spam signals, and get drawn into them. "Hey, what if I just turn up this setting here? That'd catch a ton of spam!" And upon doing it, you find you've walked right into one of the many pitfalls of spam filtering... You're silently rejecting legit mail, or running your false positives way up, or creating backscatter, or generating inappropriate reject codes, or in this case creating an exploitable avenue to harass innocent people...

But at first blush, when you're in there watching your logs and tweaking your configs, these ideas sound great. There's a reason the form letter [craphound.com] exists. People get excited about their great new spam solution, and go to publish before they've thought it through, or realized that their idea's already been tried and failed. (I don't like the form because it's used to dismiss *any* new anti-spam idea, even the very few that are good and original, but that's beside the point.)

Anyway, I don't think it's out of a need for outrage. I think it's just people get caught up in what they're doing, and lose track of the implications.

That's a really bad idea (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26768001)

If you want to "name and shame" someone, you need to be 100% sure you got the right person. E-Mail is such a vague and diverse system that you really need to know your network technologies to be able to find who's spamming you with any certainty. There's no automatism which can do it for you. Besides, you don't want to turn into one of those bitter and overzealous anti-spammer types, do you? Work with people who operate or host compromised computers which send spam, improve your spam classification systems, get on with your life.

Really? (4, Informative)

Darkness404 (1287218) | more than 5 years ago | (#26768017)

Really is spam that big of a problem anymore? Ever since I've switched to Gmail all my spam has been blocked by it or blocked by a simple mail filter. Now then again, I don't give my real e-mail address to everyone and their brother, but individual spam blockers have come a long, long ways.

Re:Really? (0)

Anonymous Coward | more than 5 years ago | (#26768573)

When spam is blocked at your ISP or mail server, most of the damage has already been done. They have wasted the bandwidth on most of the paths from the zombie that originated the message to your system. Only the last few hops from the server to you were spared; the rest of the network and especially the net backbone links had to carry it (plus any bounce messages sent in response).

While the idea of choking the spam servers with a 1-byte-per second response sounds cute, it won't work for long (the bot-herders are clever, and will learn to work around it), and causes collateral damage. Their "one byte per second" means sending "one packet per second, with a one byte payload. It still has all the TCP/IP overhead needed for every packet, so they're wasting far more bandwidth than the spam message. In other words, they're making themselves another part of the problem (the problem being wasting the shared bandwidth on the network). So yes, I do agree with checking the "vigilante action" box on the obligatory form response.

Re:Really? (4, Insightful)

John Hasler (414242) | more than 5 years ago | (#26768603)

> Really is spam that big of a problem anymore?

For people who actually run email servers the fact that 99% of their traffic is spam is a problem, yes.

Re:Really? (5, Insightful)

Brandybuck (704397) | more than 5 years ago | (#26769201)

Really is pollution that big of a problem anymore? Ever since I've switched to BigAssFilter air conditioning system, all of the pollution has been filtered out of my home.

gmail is broken (1)

Something Witty Here (906670) | more than 5 years ago | (#26769351)

> Really is spam that big of a problem anymore? Ever since
> I've switched to Gmail all my spam has been blocked by it

Spam is annoying, no question. Having legit email blocked
by braindead antispam filters SUCKS. Gmail blocks legit email.
Yes that is a BIG problem when a gmail address is the only
contact info you have for someone.

Re:Really? (2, Informative)

subreality (157447) | more than 5 years ago | (#26769631)

You don't get spam because of a combination of anti-spam techniques similar to this one. We have to keep developing them, or else the spammers will get ahead.

YOU may not have much of a spam problem, but mail admins everywhere - including google's - most certainly do.

Shame!? (5, Insightful)

Dahamma (304068) | more than 5 years ago | (#26768053)

What's the point of trying to *shame* a spammer? You can't shame someone who has no shame.

Naming them is pointless, too. "Oh, hey, I found out it's a guy named Viktor in the Ukraine sending me all this spam!" Now what?

Re:Shame!? (0)

Anonymous Coward | more than 5 years ago | (#26768081)

Hire an Ukrainian hitman?

Re:Shame!? (0)

Slur (61510) | more than 5 years ago | (#26768531)

Publish naked pics of his sister on the net?

Oops, nevermind, that's her side job.

Re:Shame!? (0)

Anonymous Coward | more than 5 years ago | (#26768575)

How do you know the spammer is a He? It could be female activists trying to give penis enlargements to the whole world!

Re:Shame!? (0)

Anonymous Coward | more than 5 years ago | (#26769161)

It could be female activists trying to give penis enlargements to the whole world!

Well, if they're willing to help me put such enhancements to good use, I could get behind some female activism...

Re:Shame!? (0)

Anonymous Coward | more than 5 years ago | (#26768539)

You have their IP. The provider should block it. If it doesn't react, a spam detection system could set this provider "spam-friendly" and have a higher default-spam-score for this IP-range.

Re:Shame!? Send in a Tomahawk Missile? (1)

davidsyes (765062) | more than 5 years ago | (#26769513)

But, that is the sledgehammer-to-the-mosquito solution, hehehe. But, then again, if it werks....

Re:Shame!? (0)

Anonymous Coward | more than 5 years ago | (#26769651)

I have NOTHING to do with it!

Re:Shame!? (1)

LearnToSpell (694184) | more than 5 years ago | (#26770117)

Nuke it from orbit?

"Vigilanteism" (0)

Anonymous Coward | more than 5 years ago | (#26768159)

I agree that being a vigilante can be risky business. Report spammers to your local branch of the Internet Police.

Re:"Vigilanteism" (1)

omnichad (1198475) | more than 5 years ago | (#26768375)

You have to be a "netizen" of a web jurisdiction that takes this seriously... I, for one, don't live on the web.

It's too bad (1)

kkrajewski (1459331) | more than 5 years ago | (#26768249)

That spammers couldn't just be very selective in their targeting. "Oh, sweet, I just got an e-mail about cheap Canadian b33r!"

Somebody explain to me please. (0)

Anonymous Coward | more than 5 years ago | (#26768303)

What's with all these recent stories on Slashdot which have nothing to do with Australia?

I don't come to this site to read anything except self-indulgent promos about how amazing and sophisticated Australia is.

Could it be that with kdawson's absence other Slashdot editors are sneakily slipping in stories which have absolutely no connection with or relevance to Australia?

I think we're all in agreement that the sooner kdawson returns the better!

Asking for trouble (3, Insightful)

EdIII (1114411) | more than 5 years ago | (#26768313)

Most of the article is about grey listing. That's nearly suicidal for most mail server administrators. When I tried it, it did make a difference.

Of course, while it is working..........

Executive A, "This guy just sent me a contract 60 seconds ago. I keep clicking the damn send/receive button but it's not coming in. Are you a fucking moron or something? What the HELL is going on?!!"

Either paranoia, or people trying to send email with attachments to each other while *on the phone*, makes grey listing a huge hassle for the administrator. You just can't force a delay in email of 10 or 20 minutes for most users. The pitch forks and torches come out.

Once you do use it, you cannot control the duration of the delay either. The other mail server has its own settings on how often it retries mail as well. So yours is set to 3, theirs is set to 20. The delay is 20.

I also find it hard to believe that the spammers have not figured this out. It's not like they are stupid. They try very hard to deliver their payloads. It would be trivial to update their software to retry messages that receive those codes.

Oh, and if you have high volume get ready to drain some resources. Keeping track of thousands and thousands of IP addresses in a grey list to determine which one can communicate at what point is resource intensive.

Re:Asking for trouble (1)

omnichad (1198475) | more than 5 years ago | (#26768389)

Worse, yours is set to 10, theirs is set to 11. The delay is still 20.

Re:Asking for trouble (1)

unitron (5733) | more than 5 years ago | (#26770317)

Worse, yours is set to 10, theirs is set to 11. The delay is still 20.

Which is why only highly trained professional musicians should be allowed machines that go as high as 11. :-)

Re:Asking for trouble (1)

value_added (719364) | more than 5 years ago | (#26768479)

Most of the article is about grey listing. That's nearly suicidal for most mail server administrators.

That would depend on a lot of things

Executive A, "This guy just sent me a contract 60 seconds ago. I keep clicking the damn send/receive button but it's not coming in. Are you a fucking moron or something? What the HELL is going on?!!"

Chances are high that anyone sending contracts has already sent previous messages, so the receipt of the contract would not be subject to any delay. That's assuming that you haven't already whitelisted folks in the habit of sending you contracts. From the spamd manpage

whitelisted hosts do not talk to spamd. Their connections are instead
sent to a real mail server, such as sendmail(8).

greylisted hosts are redirected to spamd, but spamd has not yet decided
if they are likely spammers. They are given a temporary failure message
by spamd when they try to deliver mail.

When spamd is run in default mode, it will greylist connections from new
hosts. Depending on its configuration, it may choose to blacklist the
host or, if the checks described below are met, eventually whitelist it.
When spamd is run in blacklist-only mode, using the -b flag, it will con-
sult a pre-defined set of blacklist addresses to decide whether to tarpit
the host or not.

Re:Asking for trouble (2, Interesting)

troll8901 (1397145) | more than 5 years ago | (#26769031)

Chances are high that anyone sending contracts has already sent previous messages, so the receipt of the contract would not be subject to any delay.

I did not have such luxury.

  1. The mail daemon was proprietary, supported manual whitelist only.
  2. Adding to the whitelist didn't seem to solve the problem.
  3. The mail server was under the control of a third-party company. I was not supposed to touch it.
  4. Due to some issues between the two companies, they've stopped providing support.
  5. I can't route the mails to my own mail server, because the DNS record and server were under their control too.

So yes, I received Executive A's anger sometimes while not being able to do anything about it.

Re:Asking for trouble (1)

ewhac (5844) | more than 5 years ago | (#26768509)

Executive A, "This guy just sent me a contract 60 seconds ago. I keep clicking the damn send/receive button but it's not coming in. Are you a fucking moron or something? What the HELL is going on?!!"

BOFH: "What the hell is going on is that the message is currently working through our anti-spam measures -- the ones that filter out all the \/!Agr/\ ads because you keep visiting pr0n sites -- and if you really wanted it right now dammit, you would have had him FAX it.

"But, for a modest rise in salary, I can add his domain to our whitelist..."

Schwab

Re:Asking for trouble (1)

LodCrappo (705968) | more than 5 years ago | (#26769239)

Most of the article is about grey listing.

Not really. Maybe you just saw what you wanted to see.

That's nearly suicidal for most mail server administrators.

Not really. There are many thousands of administrators who have the skill to implement it properly.

When I tried it, it did make a difference.

Of course, while it is working..........

Executive A, "This guy just sent me a contract 60 seconds ago. I keep clicking the damn send/receive button but it's not coming in. Are you a fucking moron or something? What the HELL is going on?!!"

You must not have been one of the competent admins.. sounds like executive A knows it too

Either paranoia, or people trying to send email with attachments to each other while *on the phone*, makes grey listing a huge hassle for the administrator.

Again, not for admins who implement greylisting in a sane way.

You just can't force a delay in email of 10 or 20 minutes for most users. The pitch forks and torches come out.

True, and greylisting (when implemented correctly) does not do this.

Once you do use it, you cannot control the duration of the delay either. The other mail server has its own settings on how often it retries mail as well. So yours is set to 3, theirs is set to 20. The delay is 20.

I also find it hard to believe that the spammers have not figured this out. It's not like they are stupid. They try very hard to deliver their payloads. It would be trivial to update their software to retry messages that receive those codes.

Some have, most haven't. Despite your beliefs, evidence of greylisting's effectiveness is quite easy to come by.

Oh, and if you have high volume get ready to drain some resources. Keeping track of thousands and thousands of IP addresses in a grey list to determine which one can communicate at what point is resource intensive.

No, it isn't. Compared to almost every other test used in detecting spam, greylisting is incredibly efficient.

Re:Asking for trouble (2, Interesting)

LackThereof (916566) | more than 5 years ago | (#26769955)

also find it hard to believe that the spammers have not figured this out. It's not like they are stupid. They try very hard to deliver their payloads. It would be trivial to update their software to retry messages that receive those codes.

Most spam-sending agents are very simple, and don't even bother looking at the SMTP error codes. Which is pretty sensible, given that most of what they get is probably 550 for bad addresses in their lists. Why even bother spending the time parsing these errors - there's going to be a whole lot of them, and it's mostly trash because your mailing list is mostly trash.

But lets say a spammer does make a spambot that looks for 451 errors and properly tries again later. Many sites recommend a greylist delay of 1 hour, but many others recommend a super short one of 1 minute or less. The spambot will have to figure out what to do - it could simply hammer the mail server until the message is accepted, which would have the added bonus of simultaneously DDOSing every mail server that implements greylisting. It would also tie up the spambot, though, attempting to resend messages to what might actually be a mail server that's not greylisting, but isn't accepting any mail at all right now. This stuff works on high volume, you don't want to slow down your rapid-fire spamming with all these retries. So they'd probably rather queue up retries to go out after their initial batch is done.

That means they have to keep track of all this crap. Spambots use randomized From: addresses, but most greylisting implementations use the unique triplet of from address, to address, and senderIP to distinguish connections. If you just try and run the send again, you get a different random From:, and you're a new customer to the greylist again. So you have to start remembering the addresses used for every single mail until the error parsing is done, and then you have to store all the info for the retries somewhere. As you pointed out

Keeping track of thousands and thousands of IP addresses in a grey list to determine which one can communicate at what point is resource intensive.

You increase the size and complexity of your spambot, you increase the chance of it getting noticed. A spambot that the user notices is an uninstalled spambot. And that doesn't just mean less spam that you can send, that means your botnet just got smaller. You never want that. You want to protect the botnet at all costs. After all, it's not your spam, it's your client's spam, and there's no need to risk your botnet in order to get 1% more messages out for your client.

What a bad idea! (1)

jtara (133429) | more than 5 years ago | (#26768331)

Wow, what a stupid idea. He is just adding to the problem.

Most spammers never look at return mail. The return address is usually bogus, or, worse, somebody ELSE's legitimate email address.

As a one-time victim I can attest to the potential damage of the approach this idiot is advocating. (My domain name was used in a prolific spammer's return address - the resulting deluge shut-down my ISP for a few hours. My domain at the time was live.net - the spammer was advertising a phone service with "live girls"...)

Spam return addresses are generally MEANINGLESS and by publishing them you are potentially harming an innocent third-party.

You're an idiot. (2, Informative)

Narcocide (102829) | more than 5 years ago | (#26768391)

Wow you're an idiot and you don't understand email. He's using the TARGET address to blacklist the IP ADDRESS from the SMTP CONNECTION. That's the envelope sender, not the mail header's return address.

Do your research before you start casting wild allegations around.

Not so fast... (1)

T0t0r0_fan (658111) | more than 5 years ago | (#26768459)

Don't be so quick to call someone an idiot. Look at the last link in the summary.

If I understand correctly from a quick scan of the explanation, the list you see there is what they have supposedly seen as fake "From:" addresses (which they happen to know to be undeliverable).

So while it's not quite as bad as what GP thought, it's (IMHO) dangerously close.

Re:You're an idiot. (1)

troll8901 (1397145) | more than 5 years ago | (#26769049)

He's using the TARGET address to blacklist the IP ADDRESS from the SMTP CONNECTION.

As said by another poster, "good way for mischievous students to cause mayhem by getting their university's mail servers blacklisted."

Re:You're an idiot. (1)

snaz555 (903274) | more than 5 years ago | (#26769965)

As said by another poster, "good way for mischievous students to cause mayhem by getting their university's mail servers blacklisted."

It takes a significant number of reports for an IP address to be blacklisted. By the time you've gotten that many messages out you're by definition spamming, and if the university lets you send it without throttling they're permitting its students to spam. The fix is to throttle individual send rates and caps to prevent automated mail senders - whether legit or not. If you run a legit newsletter or some such you should obtain permission. Once the university has fixed its servers so students can't use them for spam it takes about a minute to get themselves delisted.

But... (3, Insightful)

Sigvatr (1207234) | more than 5 years ago | (#26768463)

... is it good Nietzscheanship?

Re:But... (0)

Anonymous Coward | more than 5 years ago | (#26769103)

It's fine ... the ships were capable of in-place patching (called slipstreaming).

I wonder if the ships receive e-mail?

One nice feature... (1)

incripshin (580256) | more than 5 years ago | (#26768515)

spamd has been around since OpenBSD 3.3. Not news at all. Anyway, I probably read this on undeadly.org, but one feature is particularly funny. When a probably spammer is connecting to your server, the greeting is sent with a TCP window size of 1 byte and a rate of 1 byte per second. Most spammers won't expect a connection to be so incredibly slow, so you end up wasting their time. It isn't meant to stop spam, but you can make spammers frustrated.

Re:One nice feature... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26768633)

Unfortunately these days all you are wasting is 1 computers bw of someone who doesnt care enough or know enough about what is going on in there computer.

Never underestimate the power of 500k in computers all sending at once. So even if you are wasting time on every connection say making it take 30 seconds to complete a transaction. The effective BW of the the bot is still 500k every 30 seconds. Not shabby... That is 1.4 billion a day.

While it is only marginally satisfying. But you are really just wasting your own bandwidth.

Re:One nice feature... (1)

narcberry (1328009) | more than 5 years ago | (#26770237)

That "frustration" can stop spammers. If they cannot deliver spam quickly and cheaply, they cannot be profitable.

But is it worth the consequences of slowing down legitimate traffic? No.

Poison (1)

fragMasterFlash (989911) | more than 5 years ago | (#26769051)

greytrapping hosts at the University of Alberta generates a downloadable blacklist based on the greyptrap data, updated once per hour, ready for inclusion in spamd setups elsewhere.

What stops the badguys from flooding the U of A email domain via gamed accounts (hotmail, yahoo, etc) and poisoning the list to block an unacceptable amount of legitimate traffic?

Project Honeypot (1)

macraig (621737) | more than 5 years ago | (#26769591)

I'm a contributing member of Project Honeypot, having been responsible for "catching" several spammers with my little honeypot, and I'm also contributing an MX record for its use. I think that's good enough. If everyone who had even a simple blog contributed to the Project, there'd be no place left for spammers to hide. Its http:BL [bl] database exists as a free resource for anyone to use. Not only do I contribute to Project Honeypot, I also use http:BL [bl] to help keep the comment spammers out of my blog:

http://vulcantourist.info/media/PivotSpamLog.pdf [vulcantourist.info]

The attack factor (1)

Demonantis (1340557) | more than 5 years ago | (#26769815)

Great thing to do to people that you hate.

Two Words (0)

Anonymous Coward | more than 5 years ago | (#26770069)

Joe Job, if you have to look it up, you shouldnt be suggesting anti spam solutions.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?