Fighting the Hydra -- A Spam Warrior's Tale 333
Selanit writes "Salon has an interesting article about the battle against spam from the viewpoint of Suresh Ramasubramanian, a sysadmin working in Hong Kong. His most interesting complaint concerns the fragmentation of anti-spam forces: not only does he have to deal with spammers, but also with anti-spammers who assume because his company is Chinese that he isn't doing anything about spam. Hmm ... decentralized opponents striking from the shadows against quarreling allies. Does this sound familiar to anyone else?"
Fight the good fight (Score:5, Insightful)
rus
Welcome to the life of a helpdesk worker. (Score:5, Insightful)
Like that is different from working in any other kind of helpdesk!
Whitelisting is the answer (Score:5, Insightful)
Many legitimate machines and users - even whole ISPs - unfairly end up on blacklists, while the spammers just find another way through.
The spamblocker tools and their heuristics get smarter, but don't forget that spammers keep up with these tools and constantly find new ways around them.
I was using Razor and SpamAssassin for months. Formidable combination - networked blocklists plus pattern matching. Gave me a bit of peace. Very few false negatives. But in the last month, I've seen a whole new generation of spam coming through that the filters don't even touch.
Peace has finally come from a package called Active Spam Killer [paganini.net], a package which works from a white list, and provides a convenient way for new correspondents to get themselves onto the whitelist.
There are other whitelist-based packages, such as TMDA, but ASK is simple and painless to set up.
Result?
Spams to my mailbox have gone from 40 a day to zero.
Re:Another world group? (Score:2, Insightful)
75 million? (Score:4, Insightful)
So if 15 million messages is 20% of what they get, they receive 75 million individual messages a day? That seems a little high...
Simple solution (Score:4, Insightful)
Get organized and form a plan but first, get organized on a global level.
Then kick some ass and pool for legal action against the thieves.
Anti-chinese bias (Score:3, Insightful)
I mean, I guess it'll help cut down on the spams they get, but it won't help stop the problem.
Anyway, the true way to stop spam is challange-response for the first message from a new person. Easy to implement, and it dosn't require any software for the sender.
Whitelist "black holes" (Score:3, Insightful)
Alice sends email to Bob.
Bob's mail server sends a challenge to Alice.
Alice's mail server challenges the challenge and sends a challenge to Bob.
Bob's mail server challenges the challenge of the challenge and sends a challenge to Alice.
Ad infinitum.
How is this resolved without allowing SPAM through the same mechanism?
Re:Yeah, but (Score:3, Insightful)
You are correct. It doesn't have to be standardized.
Now prepare yourself. Microsoft will implement a system whereby you get the challenge mail that contains a link to a page with a Palladium enabled ActiveX control that you must cope with to get authenticated. It will stop spam and be highly successful, popular and integrated with Outlook version 32.010155a and beyond. Defacto, Windows only, "standard."
Wouldn't it be better to have a standard, non-proprietary system?
Re:Welcome to the life of a helpdesk worker. (Score:2, Insightful)
Like that is different from working in any other kind of helpdesk!
It's not different from not not working in any helpdesk either, but being the one most your colleguas call because the helpdesk "refuse" to help them... like if I can help them recover they didn't save before shutting down the day before by pulling out the powercord.
That aside, I think there would be a lot less stress overall for the people working for any sort of helpdesk if we users remembered to be polite, and that in turn would mean better service in return (less stressed out helpdesk-staffers would be more willing to give us good service).
Re:disgusting (Score:3, Insightful)
The economics of spam work because of the huge imbalance between what a spammer pays, and the price of the products bing sold. One sale per million messages probably makes the whole undertaking feasible. I think it was PT Barnum who said no-one ever went bust underestimating the intelligence of the public.
Re:Welcome to the life of a helpdesk worker. (Score:3, Insightful)
Hell yeah. Only problem is, one bad user can ruin a tech for everyone else.
One user didn't like it when I told her that I couldn't send her a Win98 CD, so she called up Customer Service and told them I insulted her and made her cry and demanded that I be fired on the spot. The call wasn't recorded, and my company's policy is to belive the customer before the employee, so when I came into work the next day all my stuff was packed up in a box. Only after poking holes in her lies with other evidence, timestamps, previous calls, etc., AND treatening legal action against the company did I save my job. I wanted to punch each and every user I talked to in the face for the next month.
This kind of thing happens on a daily basis. Well, maybe not to that level, but enough to keep our supervisors busy anyway. Half of the people that come on leave of their own free will within a couple weeks to go back to a job that pays half of what this one pays. Then again, I work for a shitty ISP whose main userbase is the scum of the earth from every backwoods trailer park in the US that other ISPs won't touch. This allows us to provide terrible service that customers continue to pay for because there isn't any other choice.
I've gotten over that, but I've also gotten over thinking of the people I talk to as human beings, because they certainly don't think of me as one. I couldn't give less of a fuck what someone calls me over the phone. I also couldn't give less of a fuck when someone wishes me a nice day, because I know the second I tell them something they don't want to hear they're either going to turn hostile or try to get me to feel sorry for them. I smile a little when some retard deletes something important, but I'm careful not to let it show in my voice.
It's all monotone now.
Re:Whitelisting is the answer (Score:4, Insightful)
I spent five years working for ISPs, and during that time the only case of blocking I can think of that you could even possibly argue is unfair is the case of a certain major telco in the western United States which was (and AFAIK still is):
This led to the situation of us blocking their entire DSL pool based on reverse DNS.
You could make the argument that it was unfair to said telco's business DSL customers to have their legitimate mail blocked, but I would then ask you, "Who was it that was being unfair to them? My employer, when we had no way to distinguish legitimate from illegitimate mail in that DSL pool from which most mail was illegitimate, or said telco, which was not providing proper service to its business DSL customers, who were paying a large premium over what residential DSL customers were paying and apparently getting little in exchange for their money?" My answer, of course, would be "Not my (then) employer."
Please note that we did not consider blocking of residential DSL customers to be unfair in any way, ditto for ordinary dial pool customers. It is normal for ISPs (and the telco in question did so) to provide outbound SMTP hosts for use by their customers. All those affected, including the business DSL customers, could make use of them either directly or as a smarthost. It is not unfair to tell a residential customer "Use your provider's outbound SMTP hosts. That's what they are their for." I'm not convinced that it's unfair to say that to a business DSL customer either, although I understand how they would like to be able to send mail directly instead of smarthosting through their provider. However, if the telco's position is essentially that a DSL line, because it doesn't cost like a leased line, does not include the normal services that come with a leased line (such as reverse DNS service), that is an issue to be settled between the telco and the customer.
I also question whether or not it is "unfair" to anyone to refuse their mail, on the grounds that delivering mail to any domain is a privilege, not a right. It is, of course, customary to extend that privilege to anyone who has not violated it or is not a member of a group of IP addresses where violation of that privilege is the norm (as in the case above), but no domain can be ordered to accept mail from any other domain. Refusing mail may have consequences for the refuser, of course, but that is their choice to make.
Re:One way to slow a specific flood (Score:2, Insightful)
A quick nmap of those two IPs leaves me fairly convinced that they are being used for spam relay without the permission of their owners. Mailbombing them would not be terribly productive, and would almost certainly get you in trouble with your upstream if anyone complained, and wouldn't really help the situation. I don't consider inadvertant open proxy operators to be totally innocent victims, but attacking their machines won't help anything.
Putting spammers in jail and fining them the value of what they made off spam + a punitive fine would help, but in most places, spamming isn't even a violation of civil law yet, let alone criminal law. We're a long way from giving spammers what they deserve.
Not my helpdesk (Score:3, Insightful)
The other half is that people tend to hire tech support based on technical knowledge without considering communication skills. During my relatively short tech support stint (5 years with different companies) I went to half a dozen communication classes. Validate, empathize, assert. Solves most problems and diffuses even the wrost attitude.
Re:Yeah, but (Score:2, Insightful)
If you actually need it to be multilingual, you probably ARE multilingual. Problem solved!
However, if you're someone (like me) who only knows enough of any other language to order beer, what good will it do you if you can't communicate with that person in a language you both understand? (assuming Babelfish-type translations are inadequate).
But besides all that...do you really need email from a person who can't figure out "put this character in the box" regardless of the language the instructions are in?
Re:Fight the good fight (Score:4, Insightful)
Another point that brings up -- just because someone doesn't KNOW their system is being used for spamming doesn't mean they don't CARE. It pays to notify before you condemn.
Re:Yeah, but (Score:3, Insightful)
Why would it have to be multilingual? I speak English; why would I want to receive mail in a foreign language? (Hell, maybe it'd help block the Brazilian spam I've been getting lately...)
Re:Whitelisting is unethical - hardly (Score:3, Insightful)
Then you can forget about my patronage, because I do not expose my email address in this manner.
(My slashdot-published email is a blackhole, so don't bother.)
And you can also forget about asking me to use my email address as a userID.
"Everybody who asks for my email address is a spammer until proven otherwise."
Yes, I have no problem isolating myself from the rest of the outside world, especially spammers, telelmarketers, and other advertizers of all types: "If you're one of my friends, relatives, or aquantiances, leave a message, preferably including your number, and I'll get back to you. If you're trying to _sell_me_something_, I either don't want it, can't afford it, or I've already got one."
It's MY email box, dammit. I'll accept or reject anything I please, from whomever _I_ choose!
Email, as it stands today, is useless as a business contact medium. A hundred spams a day forces one to dig a moat and lower the drawbridge only for known friends. Sorry if this interferes with your "business model". Tell it to the spammers who've ruined email.