Walling off Asian E-mail to Prevent Spam 665
SomeoneYouDontKnow writes: "Seems there's been lots of spam news lately. This piece from Wired describes how frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world. As anyone who's ever reported spam to Asian ISPs can attest, getting a response of any kind is almost impossible, so some ISPs are simply giving up on receiving any mail from them. Setting up barriers like this is regrettable, but when the originating ISPs refuse to take responsibility for the actions of their users or close their open mail servers, there would seem to be no other choice. Has anyone ever had any kind of constructive conversation with one of these ISPs to see why they are unable or unwilling to do anything?"
Sadly, this is the only way to go (Score:5, Insightful)
Strange as it is to say, this 'denial of service' is one that I think may actually have some future positive effect. The way the world seems to work is that no one will bother to do anything unless you threaten them with the loss of their service, and then they take action. Sad, but true.
No response to complaints after receiving spam ... (Score:4, Insightful)
Setback for the net? (Score:1, Insightful)
What about getting laws that say that unsolicitated mail is illegal? Shouldn't that do the trick? Anybody got some good reason for why laws like this shouldn't come true?
My favorite part... (Score:2, Insightful)
I've considered doing the same thing but... (Score:4, Insightful)
Block 'em! (Score:2, Insightful)
I'm actually looking forward to my @home email address dying at the end of this month because that's where nearly all of them come to. Hopefully they won't be smart enough to simply replace @home.com with @comcast.net.
In other news... (Score:4, Insightful)
Obviously, nothing useful comes from Asia, huh?
Even in its simplest form=Those cheap DVD players will never get sold to Best Buy when the Asian maker can't reply back to the buyer. Geeks everwhere revolt...
Re:Sadly, this is the only way to go (Score:4, Insightful)
Sure, it's a troll, but... (Score:1, Insightful)
A good thing when you're trying to stop spam, a bad thing when the MPAA is trying to stop piracy [slashdot.org]. Depends on what you do for a living, I guess.
Re:Sadly, this is the only way to go (Score:5, Insightful)
**Like actually bothering to translate your contact messages into various non-English languages. After all, when was the last time You, as a sysadmin, responded to an informative message to postmaster@your.org that was written in an Asian language?? I didn't think so...
Re:Setback for the net? (Score:2, Insightful)
Over reacting (Score:2, Insightful)
Just because I don't like getting junk mail credit card offers, doesn't mean I refuse all mail from Delaware to teach them a lesson. Here's a tip--throw it away. I get nowhere near enough spam in my inbox to interfere with legitimate mail (although I don't doubt there are exceptions that do....) and I don't even use a filter!
I have done my bit for mankind! (Score:5, Insightful)
The situation was dreadfull, with no abuse department and no way of detecting/stopping abusing customers, or even stopping customers being abused.
I killed 99% of the Spam by warning all customers we were testing for open relays, and offering to actually help them if they didn't know.
I then spent 2 weeks trying to configure about 30 different mail servers I had never even heard of, and one which didn't even return 1 result on Google!!
We got there in the end, especially once we firewalled port 25 for those customers who didn't want to listed.
The next step was to write belt-and-braces Terms of Service for the client and ensure the abuse@isp address was checked and actioned on a daily basis by a full-time member of staff. If abuse went unchecked, then we pulled the plug on the customer and banned them from coming back, or we'd prosecute (sometimes tricky in HK)
I *always* check who sends me spam, and I'm pleased to say none has originated from that ISP since I did my work there.
We tried to re-sell the solution to all other ISPs in the region, but they didn't bite due to a) expensive consultant fees, and b) not really caring.
I pointed out they were large ISPs who fully deserved their
okay, fine - so we block (Score:5, Insightful)
I agree that the 'no response' from many of these places is frustrating, but has anyone offered to train[1] some of these people in setup and configuration of their servers?
Has anyone who is bilingual offered to translate the user manuals into Japanese, Chinese, or Korean?
Has anyone taken the time to explain to them that by lax secuitry / improper setup on the EMail server usually points to more problems with in their network?
Education is the answer to this problem, and we need to take the lead.
[1] Okay, it might be impractial to fly halfway around the world to train someone in server configurations just to stop spam, (although a cost
Re:Ban Asia??? (Score:1, Insightful)
Watch out with that scheme (Score:5, Insightful)
I don't generate unique reply addresses per news post, but change addresses a few times a year. I have a bunch of old addresses that mostly get spam, so my filters dump incoming mail to them into a mailbox file that I look in every now and then. That's much less annoying than seeing the spam as it arrives, but still, it's better to keep the volume down.
I think I'll completely stop putting replyable email addresses on news posts. I'll just have a URL for my web site where people can leave me messages through a CGI. That lets me make another political statement too, since my web site runs SSL so any incoming messages I get from the CGI will be encrypted while in transit. We tell people to use ssh instead of telnet--we should also try to avoid sending email in the clear without a reason.
Lucky bastard (Score:4, Insightful)
At one time I was spending a couple hours a week configuring filters and deleting spam. Now I have a list of known addresses I accept mail from. Everything else goes into the spam folder. I check that once a week, takes about half an hour to go through it and move real messages to the appropriate places. Then I delete the rest.
Chinese ISPs need to think globally (Score:5, Insightful)
Some Chinese and Korean systems administrators said documentation for the software they use is often available only in English, which complicates securing their systems.
This is an honest problem, because it's not the the ISP's fault that they can't get native-language documentation for the software. But if they're running the software at all, it becomes their problem. Why would any responsible system administrator install software when he can't read the documentation? Educated English speakers aren't such a minority in the far East. It's the ISP's responsibility to hire them, or else get software documented in their own language.
Cultural issues also contribute to the problem. Many spammers in Asia say they do not understand why spam is a problem. "It's a sign of respect that someone sends you an electric business card. It means he wants you as a customer."
This is just willful naivete on their part. If they think that sending an electronic business card is a "sign of respect", that's fine. But they need to understand that in the West, unsolicited advertising is an overwhelming inconvenience and is not welcome by the vast majority. Cultural relativism swings both ways.
Piracy is free and open and common in the far East, which irritates Western corporations and makes poor Western college students and hackers giggle with glee. It's rampant and unpoliced because the notion of information ownership and copyright just don't exist over there. But here's the flip side to that coin: unrestricted dataflow from the West into the East also means unrestricted dataflow from the East to the West. As music, movies and software comes in, spam goes out. Like it or not, they're both travelling through the same door.
If the Chinese ISPs want to provide their people a gateway to the free world, then it's their responsibility to cooperate with how the free world works and act responsibly within that setting. If they don't, then they get blacklisted like this and lose their right to be a gateway.
Education is only the answer to ignorance (Score:3, Insightful)
Education is the answer to this problem, and we need to take the lead.
Education is the answer to ignorance. Are we sure ignorance is the problem? With so many reports of mails to abuse@ going ignored, so many open relays reported and yet remaining open, I have to wonder whether it's not often an attitude problem (not that Far Eastern ISPs have a monopoly on those), and that's much harder to know what to do about.
I'm all for it! (Score:4, Insightful)
There are those who are uneasy about blocking off access to a free and open medium. But if the medium is truly free, then you should also be free to block traffic that you don't want. Seriously, if you carry that point of view to its logical conlusion you shouldn't be trying to avoid spam to begin with and reading it should be compulsory. Just because everybody has a voice doesn't mean you have to listen.
Should ISPs be held accountable for the actions of their users? No. But they should be held accountable for their own actions, and one of their actions is aiding and abetting known spamers. They've received the warnings and complaints, they've seen their own mail server traffic and have access to their own logs, and their decision to do nothing implicates them. If a bartender can be held accountable for letting a known drunk drive home and if a gun store owner can be held accountable for selling a gun to a known felon, why shouldn't ISP's be held accountable for selling service to a known spammer?
And as for the legitimate mails that may get blocked by firewalling off Korea or whatever, why should we be held accountable for the foolish choices made by these customers? If anything, blocking their e-mails should be seen as a benefit, allowing the user to learn first-hand the despicable pro-spam tactics of their ISP and make an informed decision. If they don't jump ship after that they deserve what they get.
They're our routers, our mail servers, as long as our actions don't abuse other peoples' resources (like spammers) why shouldn't we do whatever we damn well please with them?
Re:Culture differences, etc. (Score:3, Insightful)
Re:Sadly, this is the only way to go (Score:4, Insightful)
Re:An interesting counter point... (Score:3, Insightful)
No direct response, but the spam stopped immediately, and I've never received another from that source.
education is the solution (Score:4, Insightful)
I think that the way to shut them down once for all is to educate people about what spam is and why it should be reported, and above all, not responded to. This way, the market that spammers will target will dry up and then they will stop sending their UCE out.
Re:I can't disagree more (Score:1, Insightful)
The core issue is that Asian admins won't close their open relays. (This is both incompetance and in some cases intentionally aiding and abetting the spammers.)
Although my Yahoo spamtrap account does get lots of mail with subject lines like "ôô¦æ¾PWűâ"
Re:Sadly, this is the only way to go (Score:3, Insightful)
Working knowledge of English, both reading and writing, should be mandatory for anybody administrating an internet connected system. The key word is communication - people have to understand each other. There is no "equal right for every fucking language" in such a setting. Our only chance at universal mutual understanding (which is required here) is a universal mutually understood language.
BTW - have you noted that the RFCs are written in English ? Are you aware that all major programming languages are modeled after English ? Did it occur to you that up-to-date security information is dealt in English only ?
FWIW, I'm not a native English speaker (as you should know by now
f.
Re:Screw Asia... I blocked Hotmail (Score:3, Insightful)