Walling off Asian E-mail to Prevent Spam 665
SomeoneYouDontKnow writes: "Seems there's been lots of spam news lately. This piece from Wired describes how frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world. As anyone who's ever reported spam to Asian ISPs can attest, getting a response of any kind is almost impossible, so some ISPs are simply giving up on receiving any mail from them. Setting up barriers like this is regrettable, but when the originating ISPs refuse to take responsibility for the actions of their users or close their open mail servers, there would seem to be no other choice. Has anyone ever had any kind of constructive conversation with one of these ISPs to see why they are unable or unwilling to do anything?"
I can't disagree more (Score:5, Interesting)
On the other end, if many of those domains are in the Orbz [orbz.org] or other blacklists, maybe just using those would be better.
Filtering email (Score:5, Interesting)
An interesting counter point... (Score:5, Interesting)
The usual ip tracing ensued and I tracked it back to a small ISP. Hoping that I would reach someone who spoke (or wrote) English, I sent a copy of my logs and an explanation to "postmaster@", "abuse@", "webmaster@", and any other address I could think of. Amazingly enough, after about 12 hours, I received a reply (in somewhat broken English) asking for more logs, and a confirmation of the time zone I was using in my logs (UTC, for what it's worth). After I replied, I received an appology that one of their "clients" had bothered me and assured me it would be taken care of.
To this date, I have not received another piece of spam that I have attributed to that ISP. I realize that this is the exception and not the rule, but I thought it was worth noting that there really are reasonable sysadmins "over there".
Remember UUNet's "Death Sentence" (Score:5, Interesting)
The action represented the response of a group of responsible internet members that had finally tired of both the activity and the lack of response from a greedy company who seemed to have no respect for bandwidth and privacy issues.
It seemed to work then and maybe it's just what's needed now.
It's about time that some of these ISP's discover what happens when the fecal matter hits the oscillator.
Never get a response (Score:1, Interesting)
I have resorted to blocking the offending network or ISP temporarily (until they get tired of getting no response from my networks and move on), but I really can't see blocking an entire segment of the world just to stop spam. It just goes against the grain of an "open" 'Net. I'd rather try something like SpamAssassin (no affiliation - I've just used it and it works great) than block nations for the actions of albeit many bad apples.
Constructive dialogs (Score:5, Interesting)
The response was "without full e-mail headers, we can't do anything."
Hmmm. It's not e-mail.
I am discussing with my employer the option of blocking all 202/8 203/8 210/8 211/8, all of Road Runner but the MX'es, *.cn, *.tw, *.ru, *.pl, and *.mx domains too. I don't know the ip range assigned to the domains, so if you do, post a follow up! (I have Road Runner netblocks, there are just too many to put them here.)
Re:Setback for the net? (Score:3, Interesting)
I get roughly 100 messages or so of SPAM a day on my Hotmail account -- I can't give an accurate number because I keep blocking entire domains (some jackhole, and I think I know who, decided to add me to various coupon and ad sites, which becomes a deluge as they share mailing lists). Of the 150 or so blocked domains, about 10% of them are Asian (surf to xyzzy.net and note that entire webpage is in a font I don't have installed).
Make a law? Sure. In which country? Or do you mean you want to outlaw SPAM in the US, and then somehow think you're going to be able to prosecute a company located entirely in North Korea under US Law? Things just aren't that easy. I'd like to see a reasonable way to legislate SPAM to be illegal, even if it only did affect the US, but I'm yet to see anything that has teeth AND makes logical sense.
Screw Asia... I blocked Hotmail (Score:5, Interesting)
Hotmail
Yahoo
MSN
USA.net
When those folks learn how to close their relays and strip a virus then we can deal with the Asians....
I like this quote: (Score:5, Interesting)
I dunno, but I think a moral hacker would find it quite rewarding to screw up a spam creaters cash cow.
Re:Setback for the net? (Score:3, Interesting)
How much time do you expect a Chinese bureaucrat to spend prosecuting a fellow countryman because he made 1000 foreigners delete a bothersome message?
I hate spam, but the last thing I want is a bureaucratic solution. The free market will find a way grasshopper....
my ISP just did this (Score:5, Interesting)
rather than refusing email from the offending ISPs, they are going to the rather extreme measure of refusing connections entirely (at the router, i guess, though i'm not certain how the network is set up...) from the entire IP ranges of a number of the offenders.
so, now all my domains (and all those colo'd at my ISP) will basically be inaccessible to anyone in china. big deal. all the traffic i get from china is either spam or nimda requests. woo friggin hoo.
it has yet to go into effect, but i expect it will make a big difference in my monthly bills, as i pay for bandwidth, even if it's spam sent to people on my mail server.
as some folks are bound to say, it's more than a bit presumptuous to basically say "play by my rules or get off the field" where "my rules" are typically those of the mostly american, english speaking internet population, but in this case it's more a case of "play nice or go home"
The only way to go... (Score:3, Interesting)
The Asian nations would not be in this situation if they understood the proper way to run a mailserver and dropped the insane cultural notion that obnoxiously shoving a business card in someone's face is courteous and expected. I worked in Asia during the early 90s (mainly Singapore, Hong Kong and Taiwan) and from my experience of working with Asian businesses, this problem will not go away. Unless it's not hurting their bottom line, it doesn't matter if its hurting ours.
Procmail (Score:3, Interesting)
:0:
* (^From:.*\.kr |\
^.*ks_c_5601)
SPAM
It catches about 95% of the spam from Korea. It's sad that I've had to resort to filtering email from an entire country.
What has amazed me about the whole thing is the spam I receive from there is usually written in the ks_c_5601-1987 character set. Since Korean is not a really popular language throughout the world, the chances of someone understanding the spam is very slim (I haven't been about to find a good Korean to English translator that actaully works). IMHO, the spammers are just wasting their time.
Not SPAM per se, but constant attacks! (Score:2, Interesting)
Re:Screw Asia... I blocked Hotmail (Score:3, Interesting)
I also filter message bodies for the common remove sites like autoremoveemail.com and others. That's garunteed to work.
I wouldn't like that (Score:2, Interesting)
Filtering on sender address is rude too. I wouldn't want to assign unique addresses to senders. People send from too many different addresses. If I email someone's personal account and they try to use my return address to email me from their work account, I don't want to bounce their mail.
I think if I quit publishing non-munged email addresses in my news posts and junkfile the incoming mail to the addresses I post news from, that should get rid of most of my spam.
Filtering Idea, comments requested (Score:3, Interesting)
The idea goes like this:
Why not have a sort of "Name" tag in email. This tag could be an MD5 Hash of anything you want. If the people who sent you the email knew your name, or any valid name tag that you gave them (Multiple Name tags would be simple, just sort them into folders) You could just supply the "Name" with your email address, something like "Yeah, email me at prudan@example.com, name tag (prudan)" Anything that doesn't have your name tag would be sorted into a spam / unknown folder, or you could even bounce it back saying that the name was invalid.
Some pros and cons to the idea:
Pros:
It will require more processing power for spammers to send out lots and lots of spam. Each message would need its own checksum if they are guessing at a valid name tag.
This would really make it so that you have different email addresses, without all the aliasing. You want to use a business address? Make one of your name tags "Business", and assign that nametag to a folder just for that.
Adding this to email clients would be a trivial task.
Done at the client level, so it adds no server processing overhead.
Cons:
Spammers will start trading name tags too, so changing your MAIN name tag every so often would probably be necessary.
Getting this to be accepted everywhere would be quite a chore.
Maybe this won't work. I don't know.
Two alternate solutions (Score:2, Interesting)
While I've been sorely tempted to wall off anything coming from the Pacific Rim or Latin America, it seems that there are two more constructive ways (OK, maybe only one :) to proceed:
1. Multilingual spam report generator. Seems as if there's already an autogenerator (which is probably English-centric). Why not add multilingual support to it, or build a new one? You don't have to add every language, just the major ones that affect spam traffic (Spanish, Chinese, Korean, and French and Japanese for good measure).
2. Enable open relay autoprobing for certain incoming SMTP requests. This may be slightly more problematic, but it'd be nice if I was to configure my MTA of choice to test the sender IP of an incoming messagefor an open relay hole. The check would only occur if the IP address was determined to be within the range for a certain group of countries. This might be a feasible solution for those who either can't or don't wish to subscribe to an RBL.
Re:Sadly, this is the only way to go (Score:3, Interesting)
The bottom line is that if asia doesn't want to get firewalled, they need to get agressive about closing open relays. Note that I don't descriminate against asia, I descriminate against EVERYONE that sends me spam. This include many european and south american netblocks / TLD's too.
Basically I don't get ANY legit email from these countries. Not blocking them would be silly.
Re:Sadly, this is the only way to go (Score:1, Interesting)
Re:Sadly, this is the only way to go (Score:5, Interesting)
The international language of snail mail is French. That's why air mail is par avion. It's like that all around the world and no one really complains. If the admin knows enough to postmaster@ he knows it should be in english. English is *the* offical language of email. Just look at the headers, I don't see a 'Od: instead of 'From:' or 'Temat:' instead of 'Subject:'.
Admins speak english, you can't really be a good admin if you can't communicate with your computer and 90% of software - even software created in non english speaking nations - is in english.
jedrek
Elcomsoft and spam tools (Score:2, Interesting)
Funnily enough, when I submitted a story about this, the Slashdot editors rejected it within minutes :-)
It's not new, and not just email (Score:2, Interesting)
I'd been reading about research at the big search sites that was working on the problem of "hidden" web pages; i.e., pages that are generated on the fly by scripts that read from databases. The idea was to learn what was in a site's databases by calling the CGI scripts to extract it all. I found myself thinking "Uh, oh; I'd better watch for this."
One day it happened. A search site suddenly started invoking my scripts, methodically trying to extract all the data that I had in all of the output formats that I supported. And it did this in parallel from a large number of machines. This brought my server down and kept it down.
So I added a "blacklist" to my code. Any requests from any of those IP addresses got only a small page saying that they were on my blacklist. I included my email address in case anyone wanted to discuss the situation. Over a few months, my blacklist grew to include a few dozen blocks of addresses.
I've never received any email from any of the search sites. However, a few weeks back I got a message from a person in Singapore who wanted to use my site, but only got a blacklist message. I checked, and sure enough, his address was an ISP in Singapore. No way of telling him apart from the search bot at the same address (but presumably on a different machine).
The ISP didn't respond sensibly to my query, so I have no choice but to continue the blacklist. All I have for identification is the ISP's IP address, so I have to block everything behind that address.
I don't like blocking everyone behind an ISP, but I can't think of any other way to prevent this sort of attack on my server.
(Yes, I do have a robots.txt file. And I know how to use it.
Another problem (Score:2, Interesting)
Now I get legal (non spam) mails to my Yahoo mailbox everyday. As I check, I figure its simply Korean mail advertising some t-shirts etc. Mail sent to MY e-mail, the one listed on Yahoo... I block it. Than next day I get mail from same company groups another company, of course, with another mail adress...
Guys aren't spamming me. Just they stupidly made a system easy to abuse. Like no verification like "Click YES or reply to this message" verification included.
I contacted them via Spamcop, they said they now figured I don't want those mails and they are investigating who subscribed me to that. The problem is, I believe those systems as Yahoo etc. has a system that after certain people click on "block e-mail adress" while reading mail, they a) automatically add them/their IP block to spammers list b) they investigate.
I don't think in such a closed country as China there aren'T people to abuse SMTP servers as they are owned by the goverment or companies really near goverment already.
anti-french sentiment (Score:2, Interesting)
In addition, DeGaulle snubbed Roosevelt on FDR's return from Yalta. Staggering ingratitude, considering the American death toll for the Normandy campaign was 29,000, another 106,000 wounded/missing.
In Ike's place, I would have liberated Holland and Belgium, and invited the Germans back into France.
Re:Sadly, this is the only way to go (Score:3, Interesting)
The other poster just had the wrong imperialist country. =-)
-Paul Komarek
Re:Watch out with that scheme (Score:3, Interesting)
Re:education is the solution (Score:3, Interesting)