Re: increase in spam and what to do about it

Bill Gunshannon wrote:
In article <1164209725.524594.74340@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
davidc@xxxxxxxxxxxx writes:
Not to mention all the legitimate emails that your server will reject
because your potential customer is using an ISP that happens to get
itself "blacklisted".

Which is the same set of "potential customers" - I'm just testing the
RBL at a different place.

There are technical solutions that can help quite a bit.

As fast as you can come up with a trechnical solution the spammers will
come up with a way around it. It has to be stopped at the source, and
there is no technical way of doing that. There is a social way.

SPF is one of the social ways (setting up a trust relationship), but
spammers are getting around that, too.

Both of these can be fixed with my social solution. Right now there
is no incentive for any ISP to fix any of this while there are many
incentives not to.

Then the social solution (valid or not) is socially unaccepted.

The big social problem is that just enough people BUY from these scams
to make them profitable enough (even if only the gambling sense - I
almost won all my money back, so just one more spam run and I should
finally hit to big one!).

Actually, I saw an interview on the news with a commercial spammer. he
said all it took was .1% return for him to make a profit. Of course,
that leaves the other 99.9% (us) having to deal with it. It will always
be profitable for the spammer, which is why it must be stopped at the
source. Right now it costs them nothing to send out 100,000,000 emails.
The only solution is to remove that conduit so they can't send them.

Unless you charge per e-mail, there's nothing removing the conduit or
preventing its abuse. But then you penalize good people just for the
sake of banning the bad people.

And yes, the response rates don't have to be big when you can case that
wide of a net.

How do you stop it at the source? Which is the spammer, himself?

Personally, I doubt that the useful base of legitimate mailhosts is
"orders of magnitude" larger. The actual number of users has little
if any effect on the "trust relationships". It is the admins of the
mailhosts themselves that establish the trust. Much like what is done
Usenet News today.

Well, given the size of the internet, number of attached companies, it
much larger than it was back when I first go my internet connection.
What what's to keep a spammer from signing on an ISP and violating that
trust, causing other mailhosts to block them? Years ago panix, epoch,
and many other ISP's played constant whack-a-mole against spammers
creating accounts on their networks. Many of the current RBL's already
do this kind of "trust relationship" with known mail hosts, too. We've
already done that.

But that would be much easier to do today as basicly anyone can talk
to anyone, from the technical standpoint. We could have central hubs,
like what was done by seismo in the old days, but they would be more
of a conveninece than a necessity. I am not saying everyone has to
have an explicit agreement with everyone else with whom they wish to
exchange emial. I am saying that there needs to be an explicit agreement
drawn up that everyone who wishes to take part must sign (as a legally
binding document) in order to exchange mail with anyone in the Email
network. Once you join the network, peering is can be left to the
individual admins. Again, much like Usenet News, but with a much
stricter and enforcable AUP.

So, how do you get everyone that wants to send email to sign an AUP,
and who do they sign it with? After all, who would the enforcing body
be? We have ISP's and providers with AUP's today.

Usenet news isn't good example, since it's been rampant with spam even
before e-mail (remember the Brierbart Index and Cancelmoose? Canter
and Seigel?).

If only it were so. While much of the spam coming into my mailserver
comes from the proverbial "rogue" PC I get a considerable amount from
ISP's who really have no problem with spammers. The profit currently
outweighs the potential cost.

True, but those ISP's can be (and likely are) RBL'd against.

Even early in the battle with Walt Rines and
Sanford Wallace, there was substantial blackholing of the entire AGIS
backbone (a very string social statement) against spam and their
support to two of the worst known offenders.

And who paid the price? What effect did this have on AGIS legitimate users?

Wasn't pretty. But that was the "social solution" at the time. Since
people didn't know where they would appear on AGIS networks, more and
more places blackholed all AGIS networks. AGIS eventually was forced
to drop them, and they then promised to create the "SPAM-bone" so they
could run all the spam on it they wanted. Getting peers proved to be
problematic.

Sorry, ISP's don't see it that way. It's all about the money.
As long as there is money in spam they will support the 0.1%.

Sometimes it's not the money, but the expense. Chasing and terminating
spammers takes time and effort. Then they just get a new account or
you end up with a new batch. Eventually, it just cost less to ignore
it.

There are some major ISP's that show up on RBL's and do nothing
to get back off them. Why? Because there are still lots of
email servers that don't use RBL's or can't because of the very
reason you cite above. That leaves lots of potential targets
and, anyway, as long as the spammers are willing to pay for the
connection and service, why would the ISP care if the email ever
gets delivered?

But they typically do. That's why far fewer SMTP servers allow relays
anymore, and the defaults are now to NOT relay. I.e. sendmail has been
that way for many years now. And some of the older RFC allow relay
tricks are now disabled, such as the percent-hack.


That
doesn't mean they can't identify and isolate that 0.1%, but the problem
is getting harder and more frequently occuring than ever before (i.e.
the new SpamThru trojan).

Which comes back to why it has to be stopped at the point of origin.
And we won't even get into the load on the whole infrastructure of
rejecting at the destination rather than stopping it at the source.

But how do you reject it at the source? You get a customer to sign an
AUP? As I mentioned, we've already gone through that whack-a-mole
tactic of dealing with spammers years ago.

And why is that? Because right now, under the current system there
is no penalty for allowing it and a percieved penalty for stopping it.

Exaclty - if a spammer spams through your mail server, and it gets
blocks (i.e. you socially disagree to accept their email traffic), all
your customers are punished. Not good for your business. You can't
stay in business when you treat all your customers like crooks.

I don't agree on two points. I don't beleive that "The technical
ability to zombie a box has got to be eliminated/reduced". And,
moreover, I don't beleive that "The technical ability to zombie a box
can be eliminated/reduced".

No, it has to be. There is just too much damage via phishing, identify
theft, DDoS, and more to allow hundreds of thousands of Billy boxes on
the network. The cost is too high, and currently Microsoft does not
have the pressure to to substantially fix it, despite the financial
loss caused by zombied machines. Either they need to be hardened or
more isolated. Maybe Microsoft can't do it, but eventually some
government or business is going to take a huge loss (probably a
lawsuit) due to damage caused by one or more Windows boxes.

Eventually, someone is going to get an identity theft class-action
lawsuit against a company, and will win because they can demonstrate
that the data on their Windows boxes was exploited because they either
didn't update their virus definitions enough, or missed a service pack.

I just want the utility of email that I had in the
original Usenet days back.

And frankly, I was around in the old Usenet days, too, but I never
signed an AUP to prevent me from spamming or any such thing. Email was
just a poor medium to spam, so it wasn't used that way. Your
"original Usenet days" weren't socially or technically better than
before, just not viewed as a target of abuse. Usenet News was where
the spamming problem started due to it's more "broadcast" nature.
E-mail didn't become prevelent until the middle 1990's once the
Internet started to gain mindshare and more people had e-mail
(Compuserve, Prodigy, AOL).

Your sysadmin choice of social "trusts" have been implmented by public
and private RBL lists, spamassasin, Bayesian and other filtering
methods, but most can't just whitelist the rest of the world, either,
since many people NEED to be contacted by previously unknown places
(i.e. me). And until you get that first spam (or subscribe to an RBL
or other service to look at it for you), you really can't tell if it's
spam yet.

But as the whack-a-moles at ISP's worked (socially terminating their
connectivity for AUP violations), spammers just used different tricks,
like third party SMTP relays, exploitation of WinGate firewalls,
exploitation of formmail.pl scripts (which I have a spammer attempting
to do that off the Hobbyist web form for the past few days -
topcopl2@xxxxxxx), abuse of SOCKS4 proxies, and the growing tide of
bot-nets. And forget just e-mail, IM spamming and web forum/blog
spamming is on the increase, too. The problem is whatever the social
contracts are, the spammers will violate them and bypass them, as they
have for years. Spammers have been fined, sued, terminated, blocked,
and more (which is about as strong of a social solution statement you
can make), yet they still persist.

There is no one solution. There may not be a solution. But you also
can't turn back the clock to the good ole days, either. Profiteers
will try anything they can to exploit the system for a measly buck.

.

Relevant Pages

  • Re: increase in spam and what to do about it
    ... because your potential customer is using an ISP that happens to get ... As fast as you can come up with a trechnical solution the spammers will ... doesn't stop spam but is very likely to make the innocent pay for it. ... organization, ie. ISP - include hefty fines in your customer contract, ...
    (comp.os.vms)
  • Ethics of Deterrence
    ... against spammers' sites. ... community really was involved in a DDoS. ... complain about spam you receive. ... just complain about spam messages reaching us. ...
    (comp.dcom.telecom)
  • Re: How I killed spam without TMDA
    ... spammers in here, somewhere". ... configuration) is having the effect of "all mail from here is spam". ... own customers send out on 25 much less run a mail server. ... I had narrowed it down to Managed.com and ServerPronto. ...
    (Debian-User)
  • Re: increase in spam and what to do about it
    ... RBL at a different place. ... but I can assure you there is no way for spammers ... doesn't stop spam but is very likely to make the innocent pay for it. ... You put serious penalties in the contract. ...
    (comp.os.vms)
  • Re: Why not virus/worm blocklist?
    ... to do with the connection between virus writers and spammers. ... spam until they were thrown off the site. ... Turning now to virus and worm writers. ... The method of distribution is now thousands of Windows computers, ...
    (comp.os.linux.security)