Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ISP Responsibility in Fight Against Spam

samzenpus posted more than 9 years ago | from the no-more-spam dept.

Spam 314

netpulse writes "Over at CircleID, John Levine shares a letter by Carl Hutzler, AOL Postmaster and Director, blaming irresponsible ISPs as key part of the problem in the long-term fight against spam. Hutzler says: "Spam is a completely solvable problem. And it does not take finding every Richter, Jaynes, Bridger, etc to do it (although it certainly is part of the solution). In fact it does not take email identity technologies either (although these are certainly needed and part of the solution). The solution is getting messaging providers to take responsibility for their lame email systems that they set up without much thought and continue to not care much about when they become overrun by spammers. This is just security and every admin/network operator has to deal with it. We just have a lot of providers not bothering to care.' To which John Levine adds: 'What do we have to do to persuade networks that dealing with their own spam problem, even at significant short term cost, is better for the net and themselves than limping along as we do now?'"

cancel ×

314 comments

Sorry! There are no comments related to the filter you selected.

The problem (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11463067)

Is that some of the worst offenders are the biggest. Do you want to cut off your customers from another ISP because the other ISP is an idiot? Maybe, until your own customers get upset because they no longer receive mail from their friends at the other ISP.

Re:The problem (5, Interesting)

scooby111 (714417) | more than 9 years ago | (#11463103)

It's not even necessarily the ISP. I know that my mail servers aren't being used by spammers because I monitor them carefully. We have corporate customers that run their own email servers on our IP blocks that are overrun. We try to work with them to close down open relays or even suspend accounts when they seem unwilling or unable to stop spamming, but there's only so much we are able or willing to do to shut down a clueless netadmin's mail server.

In the end, they'll go somewhere else to spam and we'll lose the revenue.

Re:The problem (0)

Anonymous Coward | more than 9 years ago | (#11463137)

Well tough shit for your bottom line asshole. It's your attitude shared by many others that have us STILL dealing with this retarded issue. Don't allow them to run their own servers unless you configure for them etc etc....fucking prick!

Re:The problem (2, Insightful)

scooby111 (714417) | more than 9 years ago | (#11463197)

Thanks. Do you honestly think that any ISP's admin gets to make revenue decisions. If I started shutting off customers because they are inept netadmins, I'll get fired. What good will that do. The only way that it's going to change is if the government makes the ISP liable for spam sent from it's ISP block. When that happens, technologies that can stop the spam cold will finally start to seem cost effective and rational. I suspect that many small ISP's will simply go out of business if it happens. In the end you'll be able to have AOL, Earthlink, or Comcast. Is that what you want?

Re:The problem (0)

Anonymous Coward | more than 9 years ago | (#11463260)

%*#&!@(!)!!! First time I was bitten by the timeout. Full comment below....

Re:The problem (2, Insightful)

MightyMartian (840721) | more than 9 years ago | (#11463262)

Look, you have your IP block, and it's your damn responsibility to make sure that it isn't being abused. The problem is there are too many revenue hungry ISPs out there who refuse to take any damn responsibility for the crap being puked out of their networks, and when guys like me, suffering joe jobs and distributed dictionary attacks try to contact you guys, we either get no response, or just "we're merely the upstream provider, you'll have to talk to them".

Quite frankly, I think IANNA and the other IP provisioning authorities should start threatening guys like you with loss of your subnets if you don't start policing the traffic. Guys like you have cost my company thousands of dollars as we try to protect our customers (and in some cases our equipment) from attacks coming from lazy, greedy networks filled with simpering yes men and bloated CEOs and CIOs. Your attitude is typical of the irresponsible twits who have allowed this poison to screw things up.

Re:The problem (2, Insightful)

scooby111 (714417) | more than 9 years ago | (#11463351)

I agree, it is my responsibility. Do you have any idea how to accomplish that? We monitor connections for suspicious activity. We watch logs of bouncebacks. When we get abuse reports, we investigate them thoroughly. We forward the abuse reports to the admin in question and they either ignore it or have no idea how to fix the problem. If they ask for help, we give them what help we can. If we keep getting abuse reports, we shut the account down.

Usually at this point, someone in management gets an angry email from the account threatening to quit and I get the directive to re-enable the account and I can't convince them other wise. Rinse, repeat.

What exactly would you have me do differently? We've discussed the ability to block outgoing port 25, but nobody in the front office wants to go for it. I for one welcome a law that finally allows me to enforce some filtering without getting fired for it.

Re:The problem (2, Insightful)

techno-vampire (666512) | more than 9 years ago | (#11463461)

In the long run, outbound port 25 blocking saves money. Instead of having to pay for the bandwidth used by a zombie to relay spam, all you get is a bunch of outgoing requests dropping on the floor. Suggest this to your PHB's and see if it helps.

Re:The problem (4, Insightful)

sjames (1099) | more than 9 years ago | (#11463559)

Look, you have your IP block, and it's your damn responsibility to make sure that it isn't being abused.

Actually, the more attention you pay to what your customers' customers are sending over your network, the more legally liable you might be held for anything that slips through. The phone company isn't held responsable if a bank robbery is planned over the phone only because they make no effort to control what is said. (In other words, because they are a common carrier).

As soon as you start controling what your users can put out on the net, you lose common carrier protections.

Keep in mind that the same tactics that help you clamp down on spam will keep you from playing dumb when the Scientologists or others want to SLAPP your customers.

Other things that hinder spam prevention include pointy headed morons who report legitamate mails as spam because they can't be bothered to unsubscribe to double opt-in lists that they DID subscribe to, blackhole lists that carpet bomb large groups of people everytime one unrelated abuser sends a spam (even if that abuser is null routed), or who include sites that somehow offend their political or social values, or might have said something bad about them. There's a reason spamasassin doesn't just take any blackhole list's word for it. Anyone who can't be bothered to check if the From: field is forged before badgering half the world's postmasters, etc.

The last thing we need is to make sure the above foolishness becomes fatal to all but AOL and Earthlink.

Ultimatly, spam will go away when people stop buying things from spammers. Nothing else will likely manage it.

The natural extension to your argument is that automakers are liable for drunk drivers, the phone company is liable for telemarket scams, and of course, the post office is liable for mail fraud.

ISP's over-sell their lines, use that knowledge. (5, Insightful)

khasim (1285) | more than 9 years ago | (#11463552)

Do you honestly think that any ISP's admin gets to make revenue decisions.
They would if they phrased it correctly.

Suppose you are an ISP with a single T1.

You don't just sell the available bandwidth. You over-sell it. You might sell 2x your bandwith or 3x or 4x or 5x.

You do that because you know that each of your customers will not be using their entire bandwidth all the time.

But spammers use up a lot more bandwidth than the average customer.
If I started shutting off customers because they are inept netadmins, I'll get fired.
You don't do that. You show your boss how that idiot is using 10x the average bandwidth but only paying 1x the average fee.

That should be easy to do.
The only way that it's going to change is if the government makes the ISP liable for spam sent from it's ISP block.
There isn't one government. I get a ton of crap from .ch domains now.
In the end you'll be able to have AOL, Earthlink, or Comcast. Is that what you want?
I don't think that will happen. There is a market for the small, local ISP.

The key here is money. The people who behave irresponsibly use more bandwidth than the responsible people (yet pay the same monthly fees).

If you want to clean your own house, that's the way to do it.

That's the carrot. The stick is when your entire block is blacklisted because you did NOT deal with the problem that you knew about.

In terms you might understand... (1)

Local ID10T (790134) | more than 9 years ago | (#11463553)


Thanks. Do you honestly think that any ISP's admin gets to make revenue decisions. If I started shutting off customers because they are inept netadmins, I'll get fired. What good will that do. The only way that it's going to change is if the government makes the ISP liable for spam sent from it's ISP block. When that happens, technologies that can stop the spam cold will finally start to seem cost effective and rational. I suspect that many small ISP's will simply go out of business if it happens. In the end you'll be able to have AOL, Earthlink, or Comcast. Is that what you want?

The problem isnt you -the individual employee. No one is advocating you go cowboy and start changing configurations all on your own. Its you -as in the company you represent. The money hungry, backstabbing, lying, cheating, shortsighted, assholes who see to it that the rest of us spend part of our day deleting spam.

If you want to talk revenue, if you need the "big picture", think of it in these terms:

When I recomend an ISP to an individual or a business, I first check that neither their name nor any portion of their IP range is associated with anything on my prefered spam-block lists.

I have no problem telling a client, a friend, or some random person that I would not recomend you as their ISP choice because it might be on some spam-block lists.. I will take the time to explain that this could mean that their website or e-mails may be blocked -that their customers may not be able to see their site, that they may not be able to send e-mails to their friends and family.

Is that good for your business?

Re:The problem (1)

scooby111 (714417) | more than 9 years ago | (#11463232)

Thanks. Do you honestly think that any ISP's admin gets to make revenue decisions? If I started shutting off customers because they are inept netadmins, I'll get fired. What good will that do. The only way that it's going to change is if the government makes the ISP liable for spam sent from it's ISP block. When that happens, technologies that can stop the spam cold will finally start to seem cost effective and rational. Only then will the bigwigs that get to make the decisions start allowing admins like me to block the spam directly of disable the offender's account.

I'm not talking dialup users, we already disable their accounts when we see suspicious activity, I'm refering to big corporate customers. You know, the type that should know better. The ones that pay over $1000/month for their internet access.

I suspect that many small ISP's will simply go out of business if they're held responsible. How about holding the spammers themselves responsible? In the end you'll be able to have AOL, Earthlink, or Comcast. Is that what you want?

Re:The problem (3, Informative)

Zocalo (252965) | more than 9 years ago | (#11463255)

Or, to turn that on its head, when your RFC breaking "spamblocker-challenge" doesn't work (because it's an ill thought out hack) would you want to cut your customers off from receiving email from Europe and Asia just so you have less spam to deal with? Further more, despite numerous complaints from both your own customers, people trying to communicate them and the threat of a class action lawsuit, would you continue that practice for more than a month?

If you answered "yes" to those questions, then a career at Verizon is waiting for you, because that is exactly what they are doing [theregister.co.uk] . If ISPs are going to take responsibility for blocking spam and the prevention of the creation of BotNets that originate most of it then they need to take more care than these idiots.

Re:The problem (1)

flibuste (523578) | more than 9 years ago | (#11463434)

That is true, but one way or the other users will whine.

How about voting laws to send spammers to long-term jail?

Yes, I'm stupid the answer is obvious...PROFIT

Dear every ISP in the world, (5, Funny)

Anonymous Coward | more than 9 years ago | (#11463070)


Dear every ISP in the world including the ones in your parent's basement,

Please rid your servers of spammers.

Sincerely,
The Internet

ps Yeah, right.

Re:Dear every ISP in the world, (1)

thoughtcr1mes (815081) | more than 9 years ago | (#11463151)

Hmm, what kind of further motivation will these people require to lend a hand in fighting spam? Until they see why, they won't.

Re:Dear every ISP in the world, (0)

Anonymous Coward | more than 9 years ago | (#11463522)

Dear Internet,

We have a crack team of experts working on the problem. As a result of having to hire people who actually know what they are doing, your monthly bill will double.

With Love,
Your ISP.

PS What did you expect when you paid $14.99 for dialup?

Re:Dear every ISP in the world, (0)

Anonymous Coward | more than 9 years ago | (#11463182)

Here is the reply, Dear AOL, Please Shut The F*CK UP. You can speak after you stop claiming that AOL is faster than 'regular internet' Sincerely, The Internet 2 ps, we will stop rooting your users if our demands are met.

Re:Dear every ISP in the world, (0)

Anonymous Coward | more than 9 years ago | (#11463236)

Deer f#llo AOL user,

Yuo forg0t too pr3vu, u fAgot.

Sinc3r3ly,
count3r_srtykemast3r883712@aol.com

ps r u loking for a clan?

More Law Suits (3, Insightful)

XtremeGod (811594) | more than 9 years ago | (#11463079)

So when will the law suits start coming out against the ISP's that Spammers are getting their Internet connections through?

Re:More Law Suits (1)

ahodgson (74077) | more than 9 years ago | (#11463375)

Mmmm .. never. They bought themselves a CAN-SPAM act that accomplishes exactly that.

They actually are (0)

Anonymous Coward | more than 9 years ago | (#11463080)

These admins that set up these enterprise mail systems are quite smart. It just takes one bad [but intelligent] seed, however, to ruin it for everyone.

Not caring? (3, Interesting)

ZiZ (564727) | more than 9 years ago | (#11463087)

Or perhaps just 'getting paid extremely well to host spammers'?

Re:Not caring? (1)

Neil Blender (555885) | more than 9 years ago | (#11463110)

Don't forget 'not knowing'.

He seems to miss.. (3, Informative)

Anonymous Coward | more than 9 years ago | (#11463096)

..that nearly all spam emails nowadays aren't sent over open relays but over 0wn3ed i.e. trojaned PCs on high speed (cable, xDSL) connections.

Re:He seems to miss.. (3, Insightful)

CrankyFool (680025) | more than 9 years ago | (#11463129)

No. He doesn't. There's a reason why responsible ISPs (there's that word again) don't allow normal l0ser users to connect to port 25 outside their network.

The days of "Oh, here's your static IP and full internet access" are bhind us. I'm all for "if you demonstrate clue, you may have unfiltered unbound access; otherwise, no port 25 for you!"

(also: Port 587 is your friend).

Re:He seems to miss.. (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11463231)

you missed the OPs point my friend its point was YHBT

Re:He seems to miss.. (1)

Everleet (785889) | more than 9 years ago | (#11463274)

Guilty until proven innocent, eh? I don't think so.

Re:He seems to miss.. (2, Insightful)

pthomsen (68685) | more than 9 years ago | (#11463278)

...nearly all spam emails nowadays aren't sent over open relays but over 0wn3ed i.e. trojaned PCs...

Really?

How do you know this? I'd love to see the stats that support this. I'm not trying to be facetious, I'd really like to get hard data like that.

I agree 100% with Carl. Forcing admins to get a clue about the state of their outbound mail is key. And as he says, there are ways to control all this stuff. Even trojaned PCs can be controlled, by limiting the number of outbound messages from that machine to something reasonably low (like 5/hour). If the machine goes over that, you have (most likely) found a trojaned machine.

Of course, there are going to be significant costs to this approach in the beginning, because of the (presumably) large number of pwned PCs in the world. However, the ongoing cost of keeping up with spam complaints, storage requirements, and bandwidth costs should exceed the price of handling a large load of complaints over a relatively short term (giving a quick ROI), which all PHBs (including myself) like to use to sell it to higher-ups.

Re:He seems to miss.. (0)

Anonymous Coward | more than 9 years ago | (#11463356)

obviously you dont have a clue about the various protocol layers. or do you really want your isp to filter your access on this layer thus also being able to transparently filter your web access etc?

Blacklisting them publically. (4, Interesting)

strredwolf (532) | more than 9 years ago | (#11463101)

For every listing backed by proof, post a large ad in the New York Times saying "THIS ISP SUPPORTS SPAMMERS" with the proof behind it. Enforce the PR leverage.

Re:Blacklisting them publically. (2, Insightful)

sexistentialist (684258) | more than 9 years ago | (#11463259)

I don't think that the average individual cares that ISP XYZ hosts spammers. If you were to take out an ad that told me the top 50 ISPs in Korea that supported spamming, not only would I not care, but Koreans wouldn't see your ad. Who should fund the advertisements?

Re:Blacklisting them publically. (1)

IO ERROR (128968) | more than 9 years ago | (#11463283)

For every listing backed by proof, post a large ad in the New York Times saying "THIS ISP SUPPORTS SPAMMERS" with the proof behind it. Enforce the PR leverage.

I'll kick money into this project. Is there a PayPal page up yet? Has anyone even made a project out of it yet?

a touch of psychology, a brickbat of capitalism (2, Insightful)

ChipMonk (711367) | more than 9 years ago | (#11463106)

What do we have to do to persuade networks...?

How about putting them on an RBL? When their customers can't send emails, and threaten lawsuits for breach of contract, the ISP operators tend to start paying attention.

Re:a touch of psychology, a brickbat of capitalism (1)

sqlrob (173498) | more than 9 years ago | (#11463266)

I agree with that, but not an RBL for mail. That's being used now by many ISPs, including AOL with little to no effect.

Drop their packets. ALL OF THEM. Have the border router use the list, not the mail server.

And before someone yells "collateral damage", I've been on the receiving end of that before (I'm on RoadRunner), so I know damn well the issues.

Re:a touch of psychology, a brickbat of capitalism (2, Insightful)

sexistentialist (684258) | more than 9 years ago | (#11463363)

The problem with _this_ solution is with the validation of the complaints. Some people complain because they get emails from companies that they purchased items from after checking or not unchecking the "please keep me informed" box on the order form. User stupidity doesn't warrant blacklisting an entire ISP's network.

In my tenure as a network administrator at various locations I've seen the full scope of offenses, from those which are blatant violations of the AUP to those which are users complaining about emails they requested. I've seen one offender result in the blacklisting of an entire /19 netblock, and then I watched the RBL admins ignore all requests to have the block removed from the RBL.

RBLs with no oversight provide no real value to their subscribers. Again, it comes back to the issue of validation - who validates the complaints, and then who validates that the behavior of the ISP has changed, or that they've removed the offending party? This is no more than vigilantism, and the argument is that the RBL isn't doing anything other than providng something that their users have asked for.

In the same line as users being stupid and admins implementing mail systems with no real security, many people will subscribe to an RBL because they think it will solve a problem, failing to understand the ramifications and negative repurcussions associated with its use.

If the system generates a single false positive, then the system itself has failed.

Re:a touch of psychology, a brickbat of capitalism (1)

gregmac (629064) | more than 9 years ago | (#11463444)

How about putting them on an RBL? When their customers can't send emails, and threaten lawsuits for breach of contract, the ISP operators tend to start paying attention.

That works both ways. How about when a customer/employee compains they can't receive any email from some user @domain.com? What happens when it's an extremely important client and they're getting messages "sorry, your address has been rejected from sending mail to this system"? When you're talking about money vs network politics, guess which one is going to win the majority of the time?

Drop the ISPs connection (0)

Anonymous Coward | more than 9 years ago | (#11463109)

Fairly forward and would elicit an immediate response. Too bad everyone who makes this call is a panzy.

Block port 25 outbound? (0, Redundant)

redelm (54142) | more than 9 years ago | (#11463115)

Throttle users mail through a SMTP server? Why take advice from AOHell? They're "The Internet on Training Wheels" (TM).

Re:Block port 25 outbound? (5, Insightful)

CrankyFool (680025) | more than 9 years ago | (#11463192)

Why take advice from AOL?

Because their userbase is:
A) Enormous; and
B) Very, very stupid.

What does this mean?

Look, my ISP -- whose co-owners I've got on speed-dial, and is incredibly clueful -- doesn't have a user spam problem, because pretty much only geeks use them (we pay a bunch extra for the privilege, too). AOL, on the other hand, has the saddest, most pathetic users in the world -- people who are the prime target for PC-p0wning software. Add to that the fact AOL is, like, pretty much the easiest ISP to sign up for. In other words, they're the biggest, fattest, juiciest spam target out there.

And yet, having looked at the 23,507 spam messages I've gotten over the last 303 days, do you know how many came from AOL?

Zero.

I know Carl (not personally, but I'm on some mailing lists with him). He's pretty damn smart. He has to be. Same thing about the rest of the anti-abuse folks at AOL. They're smart, and they're dedicated, and they're very, very, very good.

Re:Block port 25 outbound? (1)

redelm (54142) | more than 9 years ago | (#11463263)

Smart? And trust spam filters? He must be ignoring his false-postives. Or those who just give up. I don't try to mail AOL users. It's just not worth the bother since the mail fails unpredicatably 2x more than anyone else.

Re:Block port 25 outbound? (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11463472)


And yet, having looked at the 2,000 BOUNCE messages I've gotten over the last 30 days, do you know how many came from AOL?

Approximately 400.

Oh yeah, the bounces come because a SPAMMER is using my spoofed email addresses in my domain.

AOL bounces SPAM from back to SPOOFED "From:" email addresses.

Re:Block port 25 outbound? (1)

Rizz (33500) | more than 9 years ago | (#11463534)

Sounds like you need to get a better ISP if you have to keep any of their numbers on speed dial. 8P

Re:Block port 25 outbound? (0)

Anonymous Coward | more than 9 years ago | (#11463215)

> Why take advice from AOHell?

When was the last time you got spam from AOL users? You have Carl to thank.

Scoffing at AOL's network infrastructure because you don't like their marketing and user interface betrays a total and willful lack of understanding. It's ignorance, stupidity, and smug righteousness all in one -- all these asinine qualities that most geeks pretend to despise. AOL handles more mail in a second than you will ever see in your lifetime.

Re:Block port 25 outbound? (1)

redelm (54142) | more than 9 years ago | (#11463300)

Touched a nerve, did I?

AOL's marketing and UI are fine for their customer base. But extremely limited and really only suitable for beginners. Like MS-Win*.

I fear an expansion of their 80/20 mentality will shut the 'net down for the minority. And with it, much of what has made the 'net interesting. Freedom matters, and there's a price to be paid in disorderliness.

Creds (2, Insightful)

Transdimentia (840912) | more than 9 years ago | (#11463118)

For as much as AOL stunk way back where this was concerned you have to give them props for mostly wrangling in their millions of lusers. I with some other cable and dsl providers would take this charge.

AOL r t3h 4nt1-sp4|\/| d00dz!!11oneone (1)

irokie (697424) | more than 9 years ago | (#11463127)

reads a little bit like an AOL is great, look at our 1337 Anti-Sp4m sk1llz sort of thing to me and not so much like a letter...

How about "accountability" (2, Interesting)

digitalgimpus (468277) | more than 9 years ago | (#11463136)

Accountability is the only thing that will stop spam:

- don't want your mail servers to be blocked? Secure them so spammers can't use them.

- don't want to be considered a "spamvertising company"? choose a legitimate ad agency.

IMHO a multi-level effort is needed:

- ISP's need to have a blacklist of customers who are known spammers. They need to share info.

- Consumers need to have a website where they can check the legitimacy of a website, and see if it spams to advertise.

- Registrar's need to stop issuing a bazillion domains to known spammers. When a dozen of a person's domains are referred to as spam sites... no more registration. Share data among registrars.

The problem now is that there are no consequences for spamming. An extremely low chance of a lawsuit or jail. Extremely low.

Spam is cheap, and apparantly somewhat effective.

Until you make it not worth the time... people will do it.

Nobody holds the companies who advertise in spam responsible. Nobody holds ISP's who turn a blind eye to it responsible.

Re:How about "accountability" (1)

sfjoe (470510) | more than 9 years ago | (#11463299)

- ISP's need to have a blacklist of customers who are known spammers. They need to share info.


That's like putting up a sign saying, "please sue me for libel". It would also probably put you afoul of anti-trust laws.

MOD LAMER DOWN FOR FREE SIG (0)

Anonymous Coward | more than 9 years ago | (#11463326)

I find that pretty ironic, you're posting in a comment section about SPAM, badmouthing people who use underhanded advertising, yet your sig contains a pyramid scheme just so that you can get a "free" computer.

You need to be modded down until that sig gets removed, bottom line. I'll be blowing my points accordingly.

Re:How about "accountability" (0)

Anonymous Coward | more than 9 years ago | (#11463334)

... Accountability blah blah ... -- Help me get a mini mac! [freeminimacs.com]

What?

Accountability - HELP ME GET A FREE MINIMAC (1)

sinner0423 (687266) | more than 9 years ago | (#11463440)

Accountability is the only thing that will stop spam.

Yeah it is. So, I'm holding you accountable for that lame, unwanted, advertisement in your slashsig. Get a job, or something you can do to make the few hundred it takes to buy a minimac.

How many people have you emailed or bothered with that lame "free stuff" link?

Somebody mod this clown down.

Sigh (3, Interesting)

Anonymous Crowhead (577505) | more than 9 years ago | (#11463139)

Longing for the good old days of when you got spam you fired off an email to postmaster, abuse and operator....

The problem is (1)

tabkey12 (851759) | more than 9 years ago | (#11463148)

with 2 things: Disreputable ISPs who are willing to sell bandwidth for 'evil' purposes at a premium (e.g. spam) Everyone's favourite Zombie botnets, which cannot easily be stopped at the ISP level (lots of low level activity). To fix that problem, get people to patch [linux.org] their Windows systems with the latest 'hotfix' for all their software problems!

Re:The problem is (1)

MightyMartian (840721) | more than 9 years ago | (#11463288)

If it was just disreputable ISPs, they'd be out of business in a year. Since ISPs generally have a permanent (or at least semipermanent) lock on an IP block, they'll enter the RBL and tarpits soon enough and disappear for good. I wish that that was the only way the enemy operated.

Clue in to human nature (4, Insightful)

Ryan C. (159039) | more than 9 years ago | (#11463157)

Wonderful solultion. So if people would just stop crashing cars we could get rid of all the safety features. If nations could just get along we could save billions in military spending.

The current email system does not take into account human nature and is therefore broken beyond all hope of an easy solution. It needs to be replaced with a system designed from the ground up with accountability in mind. Period.

Re:Clue in to human nature (0)

Anonymous Coward | more than 9 years ago | (#11463316)

Oh please, comparing spam to those issues is just plain retarded. Why don't you come right out with your World Peace comparison instead of just half assing the comment down to a military spending issue. Oh I know why, because you would appear even MORE retarded. Sorry for the names but trying to use the excuse that it's the email systems fault speaks volumes to your knowledge of the topic...so....STFU and let the parents get back to work.

Re:Clue in to human nature (1)

pthomsen (68685) | more than 9 years ago | (#11463381)

Wonderful solultion. So if people would just stop crashing cars we could get rid of all the safety features. If nations could just get along we could save billions in military spending.

RTFA! While Carl seems to rip on most established techniques for stopping spam, that's only because they don't work very well. If they did, why would huge masses of people still be complaining about loads of spam in their inboxes? He also does say that many of the techniques should still be used, but that they won't solve the problem. Quoth: They are a band-aid...

Messenger spam (1)

sn0wflake (592745) | more than 9 years ago | (#11463159)

Why doesn't mail work like MSN, ICQ, etc? I've never received a single piece of spam that way :|

Re:Messenger spam (1)

Neil Blender (555885) | more than 9 years ago | (#11463177)

Why doesn't mail work like MSN, ICQ, etc? I've never received a single piece of spam that way :|

What? ICQ spam irrated me right off of ICQ forever more than 6 years ago.

Re:Messenger spam (1)

tabkey12 (851759) | more than 9 years ago | (#11463180)

because you don't want to whitelist everyone who can email you. Really (and if you do, then there are solutions to do this)

responsibility and the expectation thereof (1)

The Kow (184414) | more than 9 years ago | (#11463174)

It's interesting that people both complain that ISPs are too lax in what they let their users do, but when big companies come along with usage policies that restrict their customers' ability to set up things like their own mail server (read: open relay ahoy!), we gripe and start wondering if there should be a YRO post about it.

I worked support at Speakeasy Networks for a little while. Speakeasy is well-reputed for letting users do whatever they want with their connection (sans the obviously illegal/unsavory) and you would not believe how many people set up email servers and then leave relays wide open for anyone to utilize. Then they would get mad at Speakeasy for shutting them down until the relay was closed.

Port 25 (1)

mboverload (657893) | more than 9 years ago | (#11463185)

I just hope they dont block port 25. I run my own SMTP server for privacy (I'm sure ISPs keeps logs, even if they are unaware their programs do) and control. I would be ok for the default blocking of port 25, but if I was allowed to call in and have the block removed that would be fine.

That solves the problem of bot nets (only 100 people are going to run their own SMTP on a regular size ISP and they are too smart to get a bot program anyway). However, to keep the spammers at bay a "limit" on the number of mails going through that port would be enforced. 100 or so would be fine, and special exceptions for people who really need it (at home mailing lists).

I completely agree with the article, this is the ISP's problem, and anyone so stupid to not monitor for spam activities should not be an ISP anyway. Hell, I run a mini-ISP (remote location, not at home where this would apply) and I bet I do better than the all-powerful Comcast at this spam stuff.

Another revenue source for ISPs? (1)

Locke2005 (849178) | more than 9 years ago | (#11463336)

Block port 25, and charge subscribers a higher monthly fee for unblocking it? Stands to reason that anybody running their own SMTP server is probably using more bandwidth, no?

Re:Port 25 (0)

Anonymous Coward | more than 9 years ago | (#11463350)

While I agree with you 100% I think the size of the ISP makes a difference as to how fast one can fix these issues. I'm sure it is PLENTY easier for you at your mini ISP then comcast with how many subscribers? Still, they should have to do the same thing you are which is securing their network....if more ISPs treated it as a security violation and not just a nuisance we'd (cic) all be better off

AOL's spam policy is unreasonable (5, Informative)

ables (174982) | more than 9 years ago | (#11463196)

On the surface, AOL looks like the good guys here. However, their draconian spam policy can be as harmful as the span it's trying to prevent.

Here's how it works: AOL receives N complaints calling something spam after users click on the "mark this as spam" button. So AOL looks at the previous link in the received-from chain and blocks that entire network.

Sounds good right? Wrong.

Say Joe User works at my company part-time from home. Instead of another pop account, he has a forwarding address with our company that forwards to his AOL account. Joe gets spam, and reports it to AOL. AOL looks to see who sent it, sees my company in the "received-from" chain, and blocks not only us, but every other company hosted with our ISP. Thousands of legitimate emails now can't get to AOL addresses.

It gets worse. Many people use the "spam" button like the "delete" key to get rid of stuff they just don't want right now. AOL doesn't educate its users to realize that reporting something as spam has real consequences, and so people mark real email they requested as spam just because it's easier than deleting around it.

Our fabulous domain host FutureQuest [futurequest.net] has had to ban forwarding to AOL addresses as a result. AOL has been completely unreasonable in accepting any responsibility for intelligent spam blocking, and their users and legitimate businesses are suffering.

At least they're trying, but they're far from the good guys here.

How the presentation will go (3, Insightful)

SamMichaels (213605) | more than 9 years ago | (#11463200)

You: "What do we have to do to persuade networks that dealing with their own spam problem, even at significant short term cost---"

Boss: "Thanks for your concern."

Try #2...the CTO...

You: "What do we have to do to persuade networks that dealing with their own spam problem, even at significant short term cost---"

Director: "Cost? My hands are tied...shareholders are disappointed and the board needs convincing anyway."

Try #3...the board...

You: "What do we have to do to persuade networks that dealing with their own spam problem, even at significant short term cost---"

Board: "What is this 'spam' nonsense you're talking about? You know, when I was your age we never had all these technology woes. I don't see how this will benefit anybody. Next on the agenda....."

Only Part of the Problem (1)

MightyMartian (840721) | more than 9 years ago | (#11463214)

Misconfigured mail servers are only a part of the problem, and a diminishing one at that. A huge amount of the spam we now see is generated by zombies, and the only way I know to stop that is block all consumer port 25 traffic heading outside the network. The ISP I work for had to do this a couple of months ago, even though it created problems for some customers who send email via outside SMTP servers. Worse, SPF-enabled scanners will flag a problem for these customers if they send the mail through our mail server. The only solution is to use port 587 which was originally designated for non-MTA mail traffic. Couple it with SMTP auth to block open relay attacks, this is the only clean way to solve the problem. While I agree that anybody running misconfigured or older servers should clean up their act, if networks don't start cutting off non-MTA SMTP traffic being sent out of their networks, the problem will remain. If this is done, then even if Linux and Mac boxes become big targets for virus writers in the future, at least attacks will be contained within networks.

Caution (2, Insightful)

Anonymous Coward | more than 9 years ago | (#11463216)

Lets be careful about what ISPs have a "responsibility to fight". Today its spam, tomorrow it could be "terrorism" (read: your privacy).

Spam is annoying for those who get any but it doesn't justify the hysteria, IMHO.

Many ISPs just don't/won't care. (1)

mjensen (118105) | more than 9 years ago | (#11463222)

Tell him to start with the big email ISPs (including Hotmail, Yahoo, ....)
Getting accounts is sometimes too easy, and becomes a game of whack-a-mole with 3 million holes and one hammer.

Checking for valid email addresses and routes has been brought up many times. ISPs (sometimes justifyably) don't want to implement the changes necessary to stop spam.

Sorry to whine here, but if big ISPs haven't changed yet, why should small ones.

Re:Many ISPs just don't/won't care. (1)

kerrle (810808) | more than 9 years ago | (#11463330)

Actually, sometimes small ones are the ones that do it right. Certainly, the one I work for does.

Think about it - small ISPs have to fight for their customers any way they can - any way that they can add value to the service, they will.

We are very good about preventing spam from ever coming from our network, and we provide very extensive spam reporting and blocking services for our customers - because if we don't, they'll go somewhere else.

He's right (1)

portwojc (201398) | more than 9 years ago | (#11463234)

He's right and it's not anything new. Anyone with half a brain knows that the real problem lies in enforcement of the policies. Not just haing the policies. You just have to want to do it.

Of course they can only start saying this now since they fixed their spam problem.

The pot has been sand blasted from black to silver. What's the kettle going to do now?

Spam from home users? (3, Interesting)

trawg (308495) | more than 9 years ago | (#11463242)

Does anyone have any figures that detail how much spam come from zombie home user PCs? I thought the amount was significant, but the quote in this post seems to imply that the vast majority of it comes from less scrupulous service providers.

(aside: we host a few websites, one of which we discovered was running an exploitable version of PHPNuke - but not before a spammer did and pumped ~20,000 emails into our queue. I noticed it pretty quickly and deleted them and blocked this webmail software across all these sites lest it happen again - but it was an interesting demonstration to me that spammers look for any and every leverage they can get. I keep a much closer eye on our mail queue statistics now!)

Re:Spam from home users? (2, Interesting)

sqlrob (173498) | more than 9 years ago | (#11463302)

The number I last saw was 80+%.

I've seen known compromised machines spewing for over a month after abuse@ was notified, so it's still an ISP issue.

Re:Spam from home users? (1)

nacturation (646836) | more than 9 years ago | (#11463429)

Isn't the fix for this quite easy? Identify the machines which are connecting out over port 25 to more than X separate IP addresses per unit time. Maybe it's a power-user running his/her own mail server. More than likely, it's a trojaned PC spewing out spam. So block off port 25 access to anything but the ISP's mail server until the user either cleans up their system or demonstrates that they're running a responsible server, if that's even allowed by the TOS.

Re:Spam from home users? (1)

Peyna (14792) | more than 9 years ago | (#11463430)

90% of abuse@ addresses store their mail in /dev/null

I find blocking ports 1-65535 TCP/UDP in/out (1)

Polarism (736984) | more than 9 years ago | (#11463246)

usually fixes all internet related problems.

Re:I find blocking ports 1-65535 TCP/UDP in/out (0)

Anonymous Coward | more than 9 years ago | (#11463364)

Much easier than that - just cut that stupid cable hanging out of the back of your PC. Studies show that 99.44% of all internet related problems can be traced to that network cable!

Sasktel, I love you! (2, Informative)

Txiasaeia (581598) | more than 9 years ago | (#11463251)

"The solution is getting messaging providers to take responsibility for their lame email systems that they set up without much thought and continue to not care much about when they become overrun by spammers."

My ISP, Sasktel [sasktel.com] in Saskatchewan, Canada has recently implemented a spam filtering service that has so far resulted in 2 false positives and no delivered spam. It completely blocks all virused emails as well. Finally, it sends out an email every once in a while to remind me to check the status of spam at the online message centre, where you can look at all email sent to me that is "suspicious."

They also have a fairly comprehensive policy against hosting spammers, which is nice to hear. I know that many of my friends who use other ISPs have been recently flooded with spam, but I've not had any problems thus far. It's nice to have an ISP that cares about its customers!

If they make enough money spamming... (3, Interesting)

VernonNemitz (581327) | more than 9 years ago | (#11463267)

Then why aren't spammers already their own ISP outfits? Obviously if spamming is their business, getting obstructive middlemen out of the way is a priority!

Re:If they make enough money spamming... (2, Interesting)

rawg (23000) | more than 9 years ago | (#11463385)

Because they would be blocked instantly. By using everyone else, they have a better chance of getting their junk out. It's hard to justify blocking all of Earthlink, AOL, and MSN.

Re:If they make enough money spamming... (2, Informative)

fimbulvetr (598306) | more than 9 years ago | (#11463432)

Because mini-isps generally have their own legit cidr blocks. It also implies some type of permanence. These are the two things that keep spammers out of our hands:
#1. They hide behind real isps cidrs, meaning we'd have to block that isps ip range to stop them, and most of the time they have legit users and this is bad.
#2. Their ability to pick up and move about. They can move as soon as they are blocked, and are constantly pulling up roots and moving to the next provider that they can suck on for the next 60 days until they are kicked off.

Evolution of Spam (1)

alpha_foobar (820088) | more than 9 years ago | (#11463271)

Currently, very good software exists for preventing Spam from entering my inbox. I used to collect a message from my CompSci university email server indicating why such and such a message was spam.. more images than text in html, message claims to be outlook 5 mail but missing ms outlook header properties.. etc. So it seems to me spam is poorly developed software. If all ISP's intergrate good anti-spam solutions, then wouldn't this encourage SPAMMERS to improve the quality of their solutions? I say long live the ISP's that don't care about SPAM... and leave it to the individuals to pick better ISP's or implement their own Anti-SPAM solutions... this way those who know how to avoid SPAM, can with little or no consideration or effort.

AOL doesn't check complaints before banning (0)

Anonymous Coward | more than 9 years ago | (#11463304)

My problem is that AOL doesn't actually check reported spam before banning sites. See for reference: http://www.aota.net/Forums/showthread.php?t=18645 [aota.net]

Re:AOL doesn't check complaints before banning (4, Informative)

MightyMartian (840721) | more than 9 years ago | (#11463399)

We managed to get into AOL's blackbooks after one of our dialup customers (of all things) got a worm that was firing out SPAM at an impressive rate for a 56k modem, and doing it over a four or five hour period. That's what finally tipped the balance and lead us to block port 25 traffic to everything but our mail servers. Any customer wanting to run a mail server has to get permission from us, and it's rightly understood that they will go down before we get into trouble again.

At any rate, once we cleaned up the problem, I emailed AOL and let them know we'd dealt with it and all was good.

If you want to talk about an ISP that was tough to deal with, it's RoadRunner. Somehow we got on their block list. They wouldn't respond to my emails to their abuse address, just a standard email with instructions. Even managed to get someone down in Florida who knew a friend of a friend of mine to call and complain, the technician got me a phone number to their security center in Virginia (or wherever it was), and all I got was a recorded message to email them, and then it hung up without even giving me a chance to leave a message.

I eventually gave up, blocked all RoadRunner addresses going in. Six months later I checked, and we were off the blacklist.

Evidence? (1)

AnotherBlackHat (265897) | more than 9 years ago | (#11463322)

Lot's of people make lots of claims about how to stop spam, but I never see evidence that any of it works.
Supporting (or contradictory) data is in short supply.
The article mentions AOL has "all but solved" their spam problem, but doesn't give any real numbers.

Right idea, wrong execution. (1)

msauve (701917) | more than 9 years ago | (#11463338)

The backbone ISP's need to cut peering/links to ISP's supporting spammers. That will never happen, because money talks, and spammers have money. AUP/TOS are for little guys, not spammers.

Blacklists could be the answer (0)

Anonymous Coward | more than 9 years ago | (#11463376)

The problem is that the wrong people are implementing the blacklists. They need to be implemented by the backbone providers (for a whole downstream). Soon to follow would be downstream providers (to get their access to the backbone opened back up), until it would become necessary to actually fix your spambot system, if you want to get back on the Internet.

There are too many destinations for blacklists to be implemented at the destination. They need to be implemented as close to the source as possible.

Re:Blacklists could be the answer (1)

fimbulvetr (598306) | more than 9 years ago | (#11463529)

They'd have to filter TCP/IP. That's a _tremendous_ amount of resources for the upstream providers. Think of the boxes they will need to have on *every single* oc-3 (or whatever) they run.

(This is of course assuming you meant upstream bandwidth providers.)

IRL, blacklists operate by checking to see if the incoming smtp server is on a blacklist, and 90% of the time (pulled that out of my ass), this will be on the downstream providers caching server (if they are smart enough to have one).

I.R. Confused. (1)

Luke727 (547923) | more than 9 years ago | (#11463379)

Blame the people, not the technology, right? If dipshits are using their ISP to spam people, aren't you supposed to go after the dipshit and not the ISP? Because if you force the ISP to lockdown spam, it's just a small step to lockdown p2p (until they push it over port 80, at least). God forbid the **AA force ISPs to infringe on our right to infringe on their copyrights.

Offtopic: I am posting this using iCab in MacOS 7.5.5 in BasiliskII on Windows 2000. Nostalga...

ISPs need to do more to stop spam zombies (1)

jonwil (467024) | more than 9 years ago | (#11463395)

In particular they need to do more to stop the vectors used for the spammers to get the zombies on their users macine in the first place.

ISPs should all be running good email virus scanners to remove viruses and infected attachments (including spam and DDOS zombie bots)
They should be blocking ports used by these zombies (i.e. things like MSRPC, windows file sharing etc and also ports used to send control messages to the trojans)
They should be educating users about how not to get infected with trojans.
And they should be taking steps to shut off zombies when they are detected (i.e. if a users machine is spewing out SPAM, block port 25 immediatally and point the user at tools to remove the trojan)

Something that would be usefull is a page (run by the people who do spam blocklists and other spam research) that shows the ISPs around the world that host spammers. At least that would enable the clued-in to avoid those ISPs where possible.

group apathy (1)

rock_climbing_guy (630276) | more than 9 years ago | (#11463396)

This looks like a textbook example of what is called "group apathy." No one wants to have to be the first one to put anything on the line.

Gonna have to come from the top down... (2, Interesting)

HEMI426 (715714) | more than 9 years ago | (#11463398)

Unfortunately, one of the only things that's going to force most ISPs to start caring about the amount of spam coming from machines living on their netblocks is going to be the ISP's providers threatening to cut the lower-tier ISPs off if the lower-tier ISPs don't do something about their spam problems.

I used to be completely against ISPs blocking port 25 from non-MX machines to the outside world. Unfortunately, I've had to change my opinion. The vast majority of the spam that ends up in my spam mailbox (thanks, SpamAssassin and procmail!) and the mailboxes of my users comes from zombied/trojaned machines on residential, always-on internet connections (read, cable and DSL). Most of the e-mail gets tagged properly by SA, however if the ISPs themselves blocked outbound e-mail not relayed through the ISP's mail machines, things would work out much more nicely, the total volume of e-mail hitting other MTAs would drop, etc. There would be much rejoicing.

SPF is nifty, but it doesn't fix the underlying problem...It just allows for easier identification of mail that's coming from machines it shouldn't come from, etc. Actually getting lots of ISPs to adopt SPF is proving to be a slow process as well.

In short, ISPs aren't going to do anything to fix the problem unless they have to. Buying a few more boxes to handle the e-mail load (a huge generalization, but you get the idea) of the rampant spam is less of a problem for them than actually sorting out their mail systems to help fix the problem. A good place to start would be some method of making the top-tier connection providers responsible.

SPAM can be Beneficial. (0)

Anonymous Coward | more than 9 years ago | (#11463417)

If you are paranoid about privacy as I sometimes am, then I can think of at least one benefit for spam and that is, it lowers the signal to noise ratio and makes prying harder. In other words, it increases the amount of garbage that prying eyes have to sift through to get to any "real" personal user data.

Granted spam filtering technology has come a long way, but even so, the time/cpu/bandwidth used to filter garbage leaves less resources to analyze everything else. On my own PC, i get about 50 pieces of spam for every legitimate piece of email. If that ratio is typical, then that has to make spying more difficult/slower.

Ok fine, if im really concerned about privacy then I should encrypt every email I send, never post to newsgroups, bulletin boards *cough* slashdot *cough*, or talk in chat rooms, buy groceries using those "club cards," pay for everything only with cash, and never REPEAT never take off my tin foil hat.

LOL, ok playtime is over. Back to coding.

Re:SPAM can be Beneficial. (1)

rock_climbing_guy (630276) | more than 9 years ago | (#11463448)

Actually, in a previous /. discussion, someone mentioned the idea of hiding a secret message in spam. As it has been said before, often times the best way to keep a secret message from prying eyes is to make it look as though no secret message has been sent.

irresponsible ISPs (1)

bani (467531) | more than 9 years ago | (#11463471)

a huge number of networks out there are completely irresponsible. they have no working postmaster@ (required by rfc) and abuse@ (optional, but generally expected). quite often the email address on their webpages, phone numbers on their webpages, and email addresses/phone numbers in whois are wrong.

others have retarded / broken "content filters" making it impossible to report to them any abusive emails originating directly from their customers.

just a few of the 500+ irresponsible networks i track, who originate spam/viruses/etc directly from ip addresses owned and operated by them, but who can't be bothered to accept complaints:

rima-tde.net
charter.com
dsl-verizon.net
army .mil
asu.edu
ecu.edu
charterga.net
vic.gov.au
cwpanama.net
charterpipeline.net
telekom.at
to ronto.edu
faa.gov
cableaz.net
ncyu.edu.tw
cgoc able.ca
choiceone.net

it's really sad because most of them should really know better. though some of them do know better, and deliberately choose to ignore complaints as a matter of official corporate policy (eg exodus, now dead...).

so yes, network operators do bear a huge burden of responsibility for spam, and a lot of spam is due to these network operators ignoring complaints and ignoring repeated and constant network abuse originating directly from their customers.

but what about the users? (1)

blew_fantom (809889) | more than 9 years ago | (#11463481)

when i used to work for an ISP way back, initially, it was SysAdmin's inablity to admin the box - our email SERVER was open relay fer' crying out loud... which led to our domain be blacklisted. that wasn't fun trying to clean up. a couple of years later, we implemented spam filters and such but the USERS wanted it off. we'd have MRTG action going to monitor traffic and look for anomalies and such... but when it comes to joe blow user who doesn't want his email filtered... what's a small ISP to do? then, as many have said already, there's always the false-positives to deal with, and entire domains being blocked... its a tuff call. current email system wasn't designed to deal with spam so is building a system from the ground up a solution? or is user education more effective? AOL is huge because your grandma' just wants to see cute pictures of you. and sign up for her free ipod. no harm done right? i think its a multi-tiered, multi-solution effort with multiple parties involved...

BGP (0)

Anonymous Coward | more than 9 years ago | (#11463516)

the answer is BGP, AOL = BIG ISP with lots of customers, along with that comes ATDN (time warner etc). Instead of blacklisting, ignore routes from anyone hosting spammers. Vote with your customers, if joe blow won't clean up his ISP, shitcan his traffic they most likely don't want it anyway. When their customers can't get to time warner's content, and their customers can't benfit from those time warner/aol users who spend money online, and their customers leave the spam stops as a matter of course, and they go out of business. Of course they can also wise up and request that you accept their traffic again. YOU DO NOT HAVE TO ACCEPT TRAFFIC FROM EVERYONE ON THE INTERNET. We would be much better off without China and several other international feeds. (dirty little secret, MCI, sprint and glbx make a FORTUNE off of china's spam empire by providing peering). It's called cutting the money flow, when/if we do it, it will stop spam. Richter, Ralsky, Atriks etc can't spew if noone will provide them with connectivity. It's up to blacklist providers, and concerned companies who are being financially hurt daily by these spammers to simply drop their providers in the bgp blackhole and leave them there to rot.

yu0 Fail It!? (-1)

Anonymous Coward | more than 9 years ago | (#11463548)

posts. Due to the chosen, 3hatever hot on the heels of

Not Just Open Relays! (0)

Anonymous Coward | more than 9 years ago | (#11463556)

It's not just open relays that spammers use, but also "spamware" trojans much like adware/spyware. Also, big time spammers have been known to run their OWN ISPs in order to maintain control over the servers. I've also heard of spammers using tons of dial-up accounts in parallel and in conjunction with their own spam-servers. These will still be thorns in our sides even IF all the open relays are closed.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?