Walling off Asian E-mail to Prevent Spam 665
SomeoneYouDontKnow writes: "Seems there's been lots of spam news lately. This piece from Wired describes how frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world. As anyone who's ever reported spam to Asian ISPs can attest, getting a response of any kind is almost impossible, so some ISPs are simply giving up on receiving any mail from them. Setting up barriers like this is regrettable, but when the originating ISPs refuse to take responsibility for the actions of their users or close their open mail servers, there would seem to be no other choice. Has anyone ever had any kind of constructive conversation with one of these ISPs to see why they are unable or unwilling to do anything?"
Ban Asia??? (Score:5, Funny)
Re:Ban Asia??? (Score:4, Funny)
When I contact a French ISP... (Score:5, Funny)
Re:Ban Asia??? (Score:4, Informative)
I can't disagree more (Score:5, Interesting)
On the other end, if many of those domains are in the Orbz [orbz.org] or other blacklists, maybe just using those would be better.
Re:I can't disagree more (Score:2, Funny)
after i tried removing myself from a mailing list, this is what i got:
--------
This Message was undeliverable due to the following reason:
The following destination addresses were unknown (please
check
the addresses and re-mail the message):
postmaster@i.com.cn
Please reply to postmaster@i.com.cn
if you feel this message to be in error.
--------
um, i guess they don't know they don't exist ?
Re:I can't disagree more (Score:5, Informative)
Do the reading. Despite the shrieking tone of the article, what we are talking about here is Spamhaus [spamhaus.org] blacklisting China Telecom, not "all Asian ISP's". That's the entire story. And Spamhaus themselves suggest that their list should be used in conjunction with an open relay list.
Sadly, this is the only way to go (Score:5, Insightful)
Strange as it is to say, this 'denial of service' is one that I think may actually have some future positive effect. The way the world seems to work is that no one will bother to do anything unless you threaten them with the loss of their service, and then they take action. Sad, but true.
Re:Sadly, this is the only way to go (Score:4, Insightful)
Re:Sadly, this is the only way to go (Score:5, Insightful)
**Like actually bothering to translate your contact messages into various non-English languages. After all, when was the last time You, as a sysadmin, responded to an informative message to postmaster@your.org that was written in an Asian language?? I didn't think so...
Re:Sadly, this is the only way to go (Score:3, Informative)
Re:Sadly, this is the only way to go (Score:3, Funny)
I usually have no problem getting replies from foreign ISPs in English. For some reason though, they all seem to keep telling me about some postmaster account being over quota...
Re:Sadly, this is the only way to go (Score:3, Interesting)
The bottom line is that if asia doesn't want to get firewalled, they need to get agressive about closing open relays. Note that I don't descriminate against asia, I descriminate against EVERYONE that sends me spam. This include many european and south american netblocks / TLD's too.
Basically I don't get ANY legit email from these countries. Not blocking them would be silly.
Re:Sadly, this is the only way to go (Score:4, Insightful)
Re:Sadly, this is the only way to go (Score:5, Interesting)
The international language of snail mail is French. That's why air mail is par avion. It's like that all around the world and no one really complains. If the admin knows enough to postmaster@ he knows it should be in english. English is *the* offical language of email. Just look at the headers, I don't see a 'Od: instead of 'From:' or 'Temat:' instead of 'Subject:'.
Admins speak english, you can't really be a good admin if you can't communicate with your computer and 90% of software - even software created in non english speaking nations - is in english.
jedrek
Re:Sadly, this is the only way to go (Score:3, Informative)
This isn't cultural imperialism, it's a recognition of the fact that we need a shared language - *any* shared language - and English is a good choice for it. It uses a simple alphabet, has simple conjugation rules, and a well-known "international English" subset that's sufficient for most routine interactions.
It's also important to remember the flip side of this - native English speakers need to be able to understand the heavily accented and mangled English of non-native speakers. In some ways this is harder than learning Int'l English - the non-native speakers only need to learn one language, we have to learn dozens of varients.
Bottom line: any ISP larger than a 2-person shop should have employees able to understand the gist of these complaints and to respond. Their English may be broken, but that's sufficient for communications to occur.
Re:Sadly, this is the only way to go (Score:3, Interesting)
The other poster just had the wrong imperialist country. =-)
-Paul Komarek
Re:Sadly, this is the only way to go (Score:3, Insightful)
Working knowledge of English, both reading and writing, should be mandatory for anybody administrating an internet connected system. The key word is communication - people have to understand each other. There is no "equal right for every fucking language" in such a setting. Our only chance at universal mutual understanding (which is required here) is a universal mutually understood language.
BTW - have you noted that the RFCs are written in English ? Are you aware that all major programming languages are modeled after English ? Did it occur to you that up-to-date security information is dealt in English only ?
FWIW, I'm not a native English speaker (as you should know by now
f.
No response to complaints after receiving spam ... (Score:4, Insightful)
How to fight joe-jobs in case of uncooperative ISP (Score:2)
This technique worked wonders last time I had that problem at Bellsouth. N.B. When you do this, it is important that you don't forward the mail directly, or else they'll just firewall you off. If you use the spammer's own open relays, either:
Re:No response to complaints after receiving spam (Score:3, Informative)
My favorite part... (Score:2, Insightful)
I've considered doing the same thing but... (Score:4, Insightful)
Re:I've considered doing the same thing but... (Score:3, Funny)
Won't *somebody* think of the children?
Filtering email (Score:5, Interesting)
Watch out with that scheme (Score:5, Insightful)
I don't generate unique reply addresses per news post, but change addresses a few times a year. I have a bunch of old addresses that mostly get spam, so my filters dump incoming mail to them into a mailbox file that I look in every now and then. That's much less annoying than seeing the spam as it arrives, but still, it's better to keep the volume down.
I think I'll completely stop putting replyable email addresses on news posts. I'll just have a URL for my web site where people can leave me messages through a CGI. That lets me make another political statement too, since my web site runs SSL so any incoming messages I get from the CGI will be encrypted while in transit. We tell people to use ssh instead of telnet--we should also try to avoid sending email in the clear without a reason.
Re:Watch out with that scheme (Score:2)
Then all you do is create email aliases to your hearts content. I create a unique email address for any mailing list/website I sign up for so I instantly know when a mailing list/website has sold my email addy to someone else and I can shut it down straight away.
Re:Watch out with that scheme (Score:5, Informative)
Other things you can do with TMDA include:
Good luck.
Re:Watch out with that scheme (Score:4, Funny)
Hmm, what about this?
Run your own DNS and mail servers, and use your own domain name. Generate a unique hostname every time you need an e-mail address, and use yourname@00001.yourdomain.com as the address. After you're done with that e-mail address, delete the hostname from the DNS, or change it to resolve to 127.0.0.1 or something. You might still get DNS queries, but that shouldn't take much bandwidth at all, especially since DNS is cached.
Re:Watch out with that scheme (Score:3, Interesting)
education is the solution (Score:4, Insightful)
I think that the way to shut them down once for all is to educate people about what spam is and why it should be reported, and above all, not responded to. This way, the market that spammers will target will dry up and then they will stop sending their UCE out.
Re:education is the solution (Score:3, Informative)
goto http://www.goto.com and do a search for bulk email then click the links to cost spammers big bucks
Re:education is the solution (Score:3, Interesting)
Culture differences, etc. (Score:2, Redundant)
never mind the chinese open relay problem, which is also a real hassle.
Re:Culture differences, etc. (Score:3, Informative)
Cultural homogeny is one of the most fascinating aspects of the internet. Sure, in much of Asia, it's traditionally a sign of respect to give an individual a hard copy of your business card. But that in itself is just the most recent evolution of a long tradition of formalised introductions and determining of relative position, and there's no reason to believe that spam will continue to be tolerated by users there (assuming this claim is true) once the novelty value wears off.
I'll go out on a limb to suggest that while UCE within Asia is perhaps currently viewed as synonymous with a business card, given time, when it is viewed in its own light (rather than as just being considered analogous to a traditional activity), it will be viewed with the same contempt and hatred that the rest of the world already has for it.
I'll draw a parallel with email in general in the US and Europe. For those coming late to the party, many early (80's and early 90's, and by the way, I was a Prestel user in the 80's, using my ZX Spectrum and breeze block modem) home and business users of email initially tended to treat it as a letter, starting with "Dear Bob", and taking care with spelling and punctuation. (Don't confuse this with academic users or l33t h4x0rz coming to the medium with a fair idea of what it was and why they wanted it). It took a while to evolve in popular consciousness into more of a informal and disposable post-it note or phone call analog, although really it's in a category all of its own.
So while it's easy for us to scoff in disbelief at the naievete of Asian users now, let's not forget those Dear Bob days. Global consensus will take a while to arrive. And lest we get too high and mighty, it might very well involve a shift in our perceptions as well.
You see, the thing that really bugs me about spam is that it's so moronic and illiterate. "!!!MAKE $$$ FAST!!!" it shrieks, and "you have, nothign to loose!". Call me strange, but if I were (ever, in theory) to receive a small, literate and polite spam that didn't lie about remove options or oversell itself, it just advertised a product, then I'd be far less inclined to spamcop it. The idea of a "business card" type spam is far less loathesome to me than yet another two hundred line "THIS IS NOT A PIRIMID SKAM!!!!!" monstrosity.
Re:Culture differences, etc. (Score:3, Insightful)
Block 'em! (Score:2, Insightful)
I'm actually looking forward to my @home email address dying at the end of this month because that's where nearly all of them come to. Hopefully they won't be smart enough to simply replace @home.com with @comcast.net.
An interesting counter point... (Score:5, Interesting)
The usual ip tracing ensued and I tracked it back to a small ISP. Hoping that I would reach someone who spoke (or wrote) English, I sent a copy of my logs and an explanation to "postmaster@", "abuse@", "webmaster@", and any other address I could think of. Amazingly enough, after about 12 hours, I received a reply (in somewhat broken English) asking for more logs, and a confirmation of the time zone I was using in my logs (UTC, for what it's worth). After I replied, I received an appology that one of their "clients" had bothered me and assured me it would be taken care of.
To this date, I have not received another piece of spam that I have attributed to that ISP. I realize that this is the exception and not the rule, but I thought it was worth noting that there really are reasonable sysadmins "over there".
Re:An interesting counter point... (Score:5, Funny)
Re:An interesting counter point... (Score:2)
Re:An interesting counter point... (Score:3, Insightful)
No direct response, but the spam stopped immediately, and I've never received another from that source.
Remember UUNet's "Death Sentence" (Score:5, Interesting)
The action represented the response of a group of responsible internet members that had finally tired of both the activity and the lack of response from a greedy company who seemed to have no respect for bandwidth and privacy issues.
It seemed to work then and maybe it's just what's needed now.
It's about time that some of these ISP's discover what happens when the fecal matter hits the oscillator.
In other news... (Score:4, Insightful)
Obviously, nothing useful comes from Asia, huh?
Even in its simplest form=Those cheap DVD players will never get sold to Best Buy when the Asian maker can't reply back to the buyer. Geeks everwhere revolt...
Constructive dialogs (Score:5, Interesting)
The response was "without full e-mail headers, we can't do anything."
Hmmm. It's not e-mail.
I am discussing with my employer the option of blocking all 202/8 203/8 210/8 211/8, all of Road Runner but the MX'es, *.cn, *.tw, *.ru, *.pl, and *.mx domains too. I don't know the ip range assigned to the domains, so if you do, post a follow up! (I have Road Runner netblocks, there are just too many to put them here.)
Re:Constructive dialogs (Score:2)
To me, the story here isn't that Spamhaus list China Telecomm, but that they don't also list Roadrunner, who give exactly the same "It didn't originate from us" lie to any abuse report. Any ideas?
Walling off Asian email?! (Score:4, Funny)
Is this why my mail order bride isn't writing back to me?
Screw Asia... I blocked Hotmail (Score:5, Interesting)
Hotmail
Yahoo
MSN
USA.net
When those folks learn how to close their relays and strip a virus then we can deal with the Asians....
I Can go One Better! (Score:2)
Re:Screw Asia... I blocked Hotmail (Score:2)
Re:Screw Asia... I blocked Hotmail (Score:3, Interesting)
I also filter message bodies for the common remove sites like autoremoveemail.com and others. That's garunteed to work.
Re:Screw Asia... I blocked Hotmail (Score:3, Insightful)
Over reacting (Score:2, Insightful)
Just because I don't like getting junk mail credit card offers, doesn't mean I refuse all mail from Delaware to teach them a lesson. Here's a tip--throw it away. I get nowhere near enough spam in my inbox to interfere with legitimate mail (although I don't doubt there are exceptions that do....) and I don't even use a filter!
Lucky bastard (Score:4, Insightful)
At one time I was spending a couple hours a week configuring filters and deleting spam. Now I have a list of known addresses I accept mail from. Everything else goes into the spam folder. I check that once a week, takes about half an hour to go through it and move real messages to the appropriate places. Then I delete the rest.
Re:Over reacting (Score:2)
I get nowhere near enough spam in my inbox to interfere with legitimate mail (although I don't doubt there are exceptions that do....) and I don't even use a filter!
Ever heard of small number statistics? Just because its not a problem for you, doesn't mean its not a problem for everyone else. Either you don't have much of an online presence on USENET, or the web, or you've been extremely lucky. I get a couple of hundred spam mails a week, ninety nine percent of these are automagically junked by my custom filters. The remaining one percent is still an pain in the backside...
Al.Re:Over reacting (Score:2)
Honestly, what percentage of Internet users do you suspect get hundreds of spam-mails weekly? I'd bet it's very few.
Like I said in my original post (which you quoted) there are exceptions. I believe you're one of them. And I'm sure it pisses you off to no end, I'd be pissed off too. But because you're pissed, we should block a continent?
Re:Over reacting (Score:2)
Again, I don't think you're the majority, by any means...But because you're pissed, we should block a continent?
I'm not asking you to block a continent. A bunch of people are pissed off, and are doing something about it. You're free to accept mail from Asia if you want, but the people that get bucket loads of spam from Asia have had enough and are going to black hole them until they've learned manners. Why is this a problem?
This is the internet showing its true colours, if you don't want mail from Asia, you don't have to accept it...
Al.Re:Over reacting (Score:2)
It's not the exception, it's the rule. 30-50% of the inbound mail to AOL's mail gateways is spam, and even after massive filtering we all know that AOL users still see a lot of spam. You're the exception.
Jay the ex-Mail Guy
Re:Over reacting (Score:2)
No, I'm not. Probably 30 to 50 percent of my email is spam, too. But, like I said, I throw it away. More than 50 percent of my snail mail everyday is junk mail, I throw that away too. That sound like a lot of junk mail/spam email, but you know what? It's not as big of a deal as people make it out to be. I feel sorry for the guy who gets 200-300 messages a day from Usenet, and has to dump half of it, but that's why I don't use my email on Usenet, I read follow-ups in the group.
If you ask 100 people on the street if they get more than 30 emails a day, what do you think the result will be? I'm willing to bet 95 of them get well under that. And how hard is it, really, to delete 15 messages you don't want? People do it everyday will snail mail... and to re-state my original point: it's annoying, but not a reason to refuse mail from a huge geographic location.
Re:Over reacting (Score:3, Informative)
Spam, while annoying, is not the end of the world.
Maybe for you. But read the article. There are mail admins who receive more than a hundred spam requests per second from chinese ip addresses. That adds up to REAL money, really quickly. Adding the addresses to this database still costs bandwidth, since you have to receive all the headers before you can run your spam check.
Global blocking of the connecting IP range means you can do it from the first SYN packet.
Re:Over reacting (Score:2, Informative)
Remember that the next time your connection seems a little slow.
Good spam blockers don't just filter the email, it's already wasted bandwidth and resources at that point. Good spam blockers such as rblsmtpd from the qmail package drop the connection as soon as a black listed IP connects, with an error message for those sending legitimate mail.
For example, a black listed IP hitting my mail server sees:
"553 <see http://www.vh.org/rbl.html> Email not accepted from IP address:61.99.120.39"
SPAMMERS, who typically use FRAUDULENT Reply-to headers, will never see this error, while legitiment email senders will and will be able to plea for the email to be delivered.
I like this quote: (Score:5, Interesting)
I dunno, but I think a moral hacker would find it quite rewarding to screw up a spam creaters cash cow.
I have done my bit for mankind! (Score:5, Insightful)
The situation was dreadfull, with no abuse department and no way of detecting/stopping abusing customers, or even stopping customers being abused.
I killed 99% of the Spam by warning all customers we were testing for open relays, and offering to actually help them if they didn't know.
I then spent 2 weeks trying to configure about 30 different mail servers I had never even heard of, and one which didn't even return 1 result on Google!!
We got there in the end, especially once we firewalled port 25 for those customers who didn't want to listed.
The next step was to write belt-and-braces Terms of Service for the client and ensure the abuse@isp address was checked and actioned on a daily basis by a full-time member of staff. If abuse went unchecked, then we pulled the plug on the customer and banned them from coming back, or we'd prosecute (sometimes tricky in HK)
I *always* check who sends me spam, and I'm pleased to say none has originated from that ISP since I did my work there.
We tried to re-sell the solution to all other ISPs in the region, but they didn't bite due to a) expensive consultant fees, and b) not really caring.
I pointed out they were large ISPs who fully deserved their
okay, fine - so we block (Score:5, Insightful)
I agree that the 'no response' from many of these places is frustrating, but has anyone offered to train[1] some of these people in setup and configuration of their servers?
Has anyone who is bilingual offered to translate the user manuals into Japanese, Chinese, or Korean?
Has anyone taken the time to explain to them that by lax secuitry / improper setup on the EMail server usually points to more problems with in their network?
Education is the answer to this problem, and we need to take the lead.
[1] Okay, it might be impractial to fly halfway around the world to train someone in server configurations just to stop spam, (although a cost
Education is only the answer to ignorance (Score:3, Insightful)
Education is the answer to this problem, and we need to take the lead.
Education is the answer to ignorance. Are we sure ignorance is the problem? With so many reports of mails to abuse@ going ignored, so many open relays reported and yet remaining open, I have to wonder whether it's not often an attitude problem (not that Far Eastern ISPs have a monopoly on those), and that's much harder to know what to do about.
"Cultural Issues" (Score:2, Funny)
"It's a sign of respect that someone sends you an electric business card. It means he wants you as a customer," said Zhao Peng, owner of a computer store in Hong Kong.
So what does it mean when they hammer your firewall all day long?
They're just being considerate in checking you for exploits? (Most scans originate from asia in my logs.)
Sad but true. (Score:2)
I think we've just found the first... (Score:3, Funny)
Like I said, I know this is inherently flawed, but it is nice to dream. Mmmmmm, vigelante justice on the net...
my ISP just did this (Score:5, Interesting)
rather than refusing email from the offending ISPs, they are going to the rather extreme measure of refusing connections entirely (at the router, i guess, though i'm not certain how the network is set up...) from the entire IP ranges of a number of the offenders.
so, now all my domains (and all those colo'd at my ISP) will basically be inaccessible to anyone in china. big deal. all the traffic i get from china is either spam or nimda requests. woo friggin hoo.
it has yet to go into effect, but i expect it will make a big difference in my monthly bills, as i pay for bandwidth, even if it's spam sent to people on my mail server.
as some folks are bound to say, it's more than a bit presumptuous to basically say "play by my rules or get off the field" where "my rules" are typically those of the mostly american, english speaking internet population, but in this case it's more a case of "play nice or go home"
Re:my ISP just did this (Score:2)
What they'll be doing is redirecting the eBGP route (ie. bit that says "go here to get to their IP block") for the ISP concerned to the routers equivalent of /dev/null. We use this technique a lot to dump traffic from problem areas until the problem is fixed as it's quick and easy (usually a one liner in the config) and 100% effective. It's a good way of bringing people into line, although usually just the threat of this is enough to prompt any action that is going to happen since it's about as extreme as one ISP can be to another.
Chinese ISPs need to think globally (Score:5, Insightful)
Some Chinese and Korean systems administrators said documentation for the software they use is often available only in English, which complicates securing their systems.
This is an honest problem, because it's not the the ISP's fault that they can't get native-language documentation for the software. But if they're running the software at all, it becomes their problem. Why would any responsible system administrator install software when he can't read the documentation? Educated English speakers aren't such a minority in the far East. It's the ISP's responsibility to hire them, or else get software documented in their own language.
Cultural issues also contribute to the problem. Many spammers in Asia say they do not understand why spam is a problem. "It's a sign of respect that someone sends you an electric business card. It means he wants you as a customer."
This is just willful naivete on their part. If they think that sending an electronic business card is a "sign of respect", that's fine. But they need to understand that in the West, unsolicited advertising is an overwhelming inconvenience and is not welcome by the vast majority. Cultural relativism swings both ways.
Piracy is free and open and common in the far East, which irritates Western corporations and makes poor Western college students and hackers giggle with glee. It's rampant and unpoliced because the notion of information ownership and copyright just don't exist over there. But here's the flip side to that coin: unrestricted dataflow from the West into the East also means unrestricted dataflow from the East to the West. As music, movies and software comes in, spam goes out. Like it or not, they're both travelling through the same door.
If the Chinese ISPs want to provide their people a gateway to the free world, then it's their responsibility to cooperate with how the free world works and act responsibly within that setting. If they don't, then they get blacklisted like this and lose their right to be a gateway.
Rather than 1/4 of the world (Score:3, Informative)
[1] Bye bye Yahoo, AOL, Hotmail for a start.
The only way to go... (Score:3, Interesting)
The Asian nations would not be in this situation if they understood the proper way to run a mailserver and dropped the insane cultural notion that obnoxiously shoving a business card in someone's face is courteous and expected. I worked in Asia during the early 90s (mainly Singapore, Hong Kong and Taiwan) and from my experience of working with Asian businesses, this problem will not go away. Unless it's not hurting their bottom line, it doesn't matter if its hurting ours.
Worked for Me (Score:2)
-Waldo Jaquith
SHOCK! HORROR! journalism (Score:5, Informative)
- frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world [says Slashdot]
Anti-spam activists confirm that a growing number of beleaguered systems administrators are now blocking all e-mail originating from Asia from their systems [says the article]Bollocks, says anyone reading it with a critical eye. There are no references or sources for this sweeping "all Asian email" statement. The single reference is to Spamhaus [spamhaus.org] which implements selective listing of domains that persistently generate or carry spam and decline to respond to spam reports. Most of their listed ISP's are currently US based. There is specific mention of two Chinese ISP's, and none from any other Asian nation.
To make a story out of this, you have to cite metrics. The fact that Spamhaus are currently blacklisting China Telecomm no more proves that "the west" is blocking "the east" than a story about anyone temporarily blacklisting AOL (again) proves that there is some mass move to block "the west".
Without giving metrics, you're just providing anecdotes. Persuasive anecdotes, sure, that probably appeal to our personal experiences, but those are the most dangerous kind, because they stop you looking for the real story and asking the real questions.
The real question here isn't "Why do Spamhaus currently blacklist China Telecomm?" but "Why don't Spamhaus currently blacklist Roadrunner?" or any of another half dozen ignorant ISP's that deny that they are injecting spam even in the face of unequivocable header evidence. Perhaps we in the "west" (sweeping-generalisations-r-us) could go about cleaning up our own house before we go gunning for those coming late to the party.
Wall em off....and let me know how.... (Score:2)
Are there any sample sendmail configurations out there to reliably do geographic filtering ?
Procmail (Score:3, Interesting)
:0:
* (^From:.*\.kr |\
^.*ks_c_5601)
SPAM
It catches about 95% of the spam from Korea. It's sad that I've had to resort to filtering email from an entire country.
What has amazed me about the whole thing is the spam I receive from there is usually written in the ks_c_5601-1987 character set. Since Korean is not a really popular language throughout the world, the chances of someone understanding the spam is very slim (I haven't been about to find a good Korean to English translator that actaully works). IMHO, the spammers are just wasting their time.
Considering that 95% of all my spam comes from USA (Score:2)
...
Blime...
Evidence of overseas spam (Score:2)
Well, there's always this tactic [netfunny.com]...
Maybe they would respond if they could read it? (Score:2, Informative)
Dealing with Chinese spam ;-) (Score:5, Funny)
email for subversive phrases and the like, so just reply to
Chinese spam with little replies of the form at the end of this spam.
Might be a useful tactic on companies who think that unsolicited
email is "just regular advertising".
Bill
"Jack(export manager)" wrote:
>
> Dear Sir
> How are you
>
> We are a lighting factory in China
> to introduce ourselves to you:
>
> I am XUBIN (Jack) , XUBIN is my chinese name , you can just
> call me Jack !! , I am export manager of [deleted]
> China, our group have four factory
[snipped]
>
> Here is our company profile
>
[Rest of sales talk snipped]
(And now, the reply)
Thank you for your coded order. The weapons and ammunition
will ship by way of the usual route in ten days, and you
already know our secret Swiss bank account number to
wire the payment to.
It is a pleasure doing business with you for so long,
and I hope your cause will prevail. I am new to this
particular computer, so I hope the encryption is
working and the monitoring authorities cannot read
what I am sending you.
Long live the Falun Gong! Free Tibet!
Best regards,
Your arms supplier
I'm all for it! (Score:4, Insightful)
There are those who are uneasy about blocking off access to a free and open medium. But if the medium is truly free, then you should also be free to block traffic that you don't want. Seriously, if you carry that point of view to its logical conlusion you shouldn't be trying to avoid spam to begin with and reading it should be compulsory. Just because everybody has a voice doesn't mean you have to listen.
Should ISPs be held accountable for the actions of their users? No. But they should be held accountable for their own actions, and one of their actions is aiding and abetting known spamers. They've received the warnings and complaints, they've seen their own mail server traffic and have access to their own logs, and their decision to do nothing implicates them. If a bartender can be held accountable for letting a known drunk drive home and if a gun store owner can be held accountable for selling a gun to a known felon, why shouldn't ISP's be held accountable for selling service to a known spammer?
And as for the legitimate mails that may get blocked by firewalling off Korea or whatever, why should we be held accountable for the foolish choices made by these customers? If anything, blocking their e-mails should be seen as a benefit, allowing the user to learn first-hand the despicable pro-spam tactics of their ISP and make an informed decision. If they don't jump ship after that they deserve what they get.
They're our routers, our mail servers, as long as our actions don't abuse other peoples' resources (like spammers) why shouldn't we do whatever we damn well please with them?
Filtering Idea, comments requested (Score:3, Interesting)
The idea goes like this:
Why not have a sort of "Name" tag in email. This tag could be an MD5 Hash of anything you want. If the people who sent you the email knew your name, or any valid name tag that you gave them (Multiple Name tags would be simple, just sort them into folders) You could just supply the "Name" with your email address, something like "Yeah, email me at prudan@example.com, name tag (prudan)" Anything that doesn't have your name tag would be sorted into a spam / unknown folder, or you could even bounce it back saying that the name was invalid.
Some pros and cons to the idea:
Pros:
It will require more processing power for spammers to send out lots and lots of spam. Each message would need its own checksum if they are guessing at a valid name tag.
This would really make it so that you have different email addresses, without all the aliasing. You want to use a business address? Make one of your name tags "Business", and assign that nametag to a folder just for that.
Adding this to email clients would be a trivial task.
Done at the client level, so it adds no server processing overhead.
Cons:
Spammers will start trading name tags too, so changing your MAIN name tag every so often would probably be necessary.
Getting this to be accepted everywhere would be quite a chore.
Maybe this won't work. I don't know.
Perhaps we should add Asian ISP's? (Score:3, Funny)
Some first hand expirence. (Score:3, Informative)
About 1.5 years ago I was working for iPlanet as a backline support person. The summer of 2000 we had a rash of Asian telecos running our e-mail server and crashing and burning.
So I got sent to Asia to try and figure out what was going on at our three largest telcos there, Unitel [unitel.co.kr] and Hanaro Telecom in Korea and Jiangsu Telecom (can't find their homepage at the moment) in China.
What I found in both cases was frightening. Pro-Serv had done a good job of implementing a mail system that would handle a normal user load just fine. But, in both cases the load was 5 times what was planned for. So the servers we're dying under the load.
After very little investigation it found out that several of the subscribers were spamming via their ISP. When I first pointed this out to the powers that be there I got a blank reply along the lines fo "So?".
As management and I delved into it the opinion that the ISP was forming was that these are customers, we can't just cut them off, they will leave and we will lose money.
I tried the normal counters like, "The abusers are bringing down the service for your normal subscribers. The normal subscribers are getting mad (some even started anti Unitel sites) and they're going to leave in droves if this keeps up. And then all you're going to be left with is a few subscribers who are costing you more in the long run. Bandwidth costs associated with the spamming, hardware upkeep for a few users, etc.
The sysadmins and techs got all this but management was so scared of losing a customer and that customers money that they would not dare do a thing about it.
I ended up leaving both sites having accomplished stabilizing the systems as much as I could but not solving the actual problem, getting the ISP to come up with and enforce some terms of service.
So to me what it comes down to is capitalism run amok, espically in Korea. Management is so blinded by "making it big" they fail to see the real disaster looming on the horizon.
Don't blame uncaring techs, blame the top level for driving this thing into the ground.
At least I can say I had a great time visiting those countries and taking in the other parts of their real culture. But, July in Seoul is miserable.
fight spam (Score:3, Informative)
Re:Setback for the net? (Score:3, Interesting)
I get roughly 100 messages or so of SPAM a day on my Hotmail account -- I can't give an accurate number because I keep blocking entire domains (some jackhole, and I think I know who, decided to add me to various coupon and ad sites, which becomes a deluge as they share mailing lists). Of the 150 or so blocked domains, about 10% of them are Asian (surf to xyzzy.net and note that entire webpage is in a font I don't have installed).
Make a law? Sure. In which country? Or do you mean you want to outlaw SPAM in the US, and then somehow think you're going to be able to prosecute a company located entirely in North Korea under US Law? Things just aren't that easy. I'd like to see a reasonable way to legislate SPAM to be illegal, even if it only did affect the US, but I'm yet to see anything that has teeth AND makes logical sense.
Re:Setback for the net? (Score:2)
Where are you going to pass the law, and how are you going to enforce it in Asia? The only hope would be an international treaty, and even then, it's up to the participating countries to pass and enforce laws dictated by the treaty, and even then, nothing's forcing them to even sign it, and it would also present an opportunity for power grubbing government types to steal even more rights.
There is no good solution, except maybe a good international asskicking. (Not like war, I mean like physical asskicking of the people involved.)
Re:Setback for the net? (Score:2, Insightful)
"unsolicitated mail is illegal" (Score:2)
Re:"unsolicitated mail is illegal" (Score:2)
Commercial email isn't the problem, bulk, untargeted email is the problem.
Re:Setback for the net? (Score:3, Interesting)
How much time do you expect a Chinese bureaucrat to spend prosecuting a fellow countryman because he made 1000 foreigners delete a bothersome message?
I hate spam, but the last thing I want is a bureaucratic solution. The free market will find a way grasshopper....
Re:Setback for the net? (Score:2)
We could pass all the laws in the West we want but they would be completely unenforceable in Asia.
Perhaps an international body of enforcers could be set up similar to the WTO where fines or punishment could be meted out with the full backing of each nation. But that's not likely to happen seeing as there is little money involved- unlike trade.
Re:Setback for the net? (Score:2, Informative)
I guess this affect Asian businesses more than the local folks. When businesses start to complain to their ISP why they can't send any mails to their western counterparts, maybe the ISP will start to listen.
Some ISPs there have very under qualified admin (the good ones moved here to the US
Re:Setback for the net? (Score:2)
Re:Setback for the net? (Score:2)
In the 1994 days, when the net boomed, lots of people got onlne and there was a chaos of newsgroup/email spamming. These people have largely learned. Then MS internet users got online in 1995. Same thing. Then AOL users. Each one of them will learn...
Actually it's still September '91 as far as I'm concerned, and if you don't know what that means, you're part of the problem...
If I remember correctly alot of us did exactly the same thing to mail, and usenet posts, originating from AOL back when if first gave its users full internet access. We blocked it, entirely, eventually the news filtered through that they'd more or less learned manners and we unblocked them. Although I still know of a couple of small academic sites that block all incoming mail from AOL and MSN. Go figure...
This isn't new, people have been doing it since we first started hooking all the various networks together in the first place. Admittedly I can't remember it ever happening to an entire continent before. Personally I think its a reasonable idea...
Al.Re:Setback for the net? (Score:2)
"Wed Sep 3095 14:56:00 GMT 1993", to be exact.
Re:Setback for the net? (Score:5, Funny)
And while we're at it, we should make it illegal to respond sarcastically to extremely simplistic solutions to complex problems! Yeah!
--
Damn the Emperor!
Re:Setback for the net? (Score:2)
Spammers and the ISPs that support them have reasons not to do that. And while they may or may not be good reasons, they have money and they have lobbyists, so don't hold your breath for such legislation unless this becomes a big issue this November.
Re:Setback for the net? (Score:2)
There are really only two solutions that could work and are similar to what you are proposing. First, a treaty between the United States (Canada/UK/EU/...) and the Asian countries banning UCE sent between the signing countries. However, allowing UCE brings currency into the economies of the countries that condone it, so I don't think they'd sign something like that unless the alternative was worse. (Cutting off their country's email might qualify as worse.)
Second, declaring that the UN or some other international governing body has jurisdication over this matter and can set criminal penalties. Personally, I despise the thought of giving more power to any international governing body; if you can't abide by what a country's government is doing, you have the option of leaving that country and moving to another. What could you do if you couldn't stand the world government? (I hear the nights are cold on Mars...) I would prefer to avoid anything that looks like it's taking us closer to this possibility (such as enforcing US laws on citizens in another country...)
All that said, I don't think that the final solution to this problem will be resolved in the legal arena. This is a technology problem, and will most likely be resolved with a technical solution, such as a total re-working of the internet mail protocols. The black-listing of entire Asian regions is just a stop-gap measure that probably won't really work for long.
Chris Beckenbach
Re:Why are open relays used at all? (Score:3, Informative)
I hope this has answered your questions.