Fighting the Hydra -- A Spam Warrior's Tale

Selanit writes "Salon has an interesting article about the battle against spam from the viewpoint of Suresh Ramasubramanian, a sysadmin working in Hong Kong. His most interesting complaint concerns the fragmentation of anti-spam forces: not only does he have to deal with spammers, but also with anti-spammers who assume because his company is Chinese that he isn't doing anything about spam. Hmm ... decentralized opponents striking from the shadows against quarreling allies. Does this sound familiar to anyone else?"

Fight the good fight

[rf0]

I think this article does bring up a good point that people do tar Asia with the same brush in that you can just block them and have no problems. Its nice to see someone doing a decent job. For more fun on fighting spam see NANA [google.com]

rus

Welcome to the life of a helpdesk worker.

[millwall]

No matter what he does, he can't please everyone. According to Tiffiany Mork, senior abuse engineer at Allegiance Internet, a very thick skin is a requirement for an abuse-desk worker. Her typical day includes verbal harassment, screaming, threats, and "all manner of nasty things."

Like that is different from working in any other kind of helpdesk!

Whitelisting is the answer

[heretic108]

This whole spammers versus spamblockers has proven to be a destructive arms race.

Many legitimate machines and users - even whole ISPs - unfairly end up on blacklists, while the spammers just find another way through.

The spamblocker tools and their heuristics get smarter, but don't forget that spammers keep up with these tools and constantly find new ways around them.

I was using Razor and SpamAssassin for months. Formidable combination - networked blocklists plus pattern matching. Gave me a bit of peace. Very few false negatives. But in the last month, I've seen a whole new generation of spam coming through that the filters don't even touch.

Peace has finally come from a package called Active Spam Killer [paganini.net], a package which works from a white list, and provides a convenient way for new correspondents to get themselves onto the whitelist.

There are other whitelist-based packages, such as TMDA, but ASK is simple and painless to set up.

Result?
Spams to my mailbox have gone from 40 a day to zero.

Re:Another world group?

[Anonymous Coward]

I don't see how anyone is going to trust the USA in an international treaty any time soon. The USA will simply opt out of any regulation as soon as it hampers their economic well-being. Since most of the spam originates in the USA, how likely is "USB"?

75 million?

[Lynn Benfield]

Every day, 80 percent of all incoming mail to Outblaze is rejected as spam and filtered out before Ramasubramanian and his team have to deal with it. Out of the remaining 15 million messages per day that do pass through Outblaze servers

So if 15 million messages is 20% of what they get, they receive 75 million individual messages a day? That seems a little high...

Simple solution

[azav]

Time for all responsible ISPs to assign their own anti spam reps, reach out, get a list of ALL isps, contact their anti spam reps and take action.

Get organized and form a plan but first, get organized on a global level.

Then kick some ass and pool for legal action against the thieves. :]

Anti-chinese bias

[autopr0n]

Yeah, these people blocking all mail from Chinese and korean subdomains are idiots. How are they supposed to work with anti-spammers there if they can't even talk to them?

I mean, I guess it'll help cut down on the spams they get, but it won't help stop the problem.

Anyway, the true way to stop spam is challange-response for the first message from a new person. Easy to implement, and it dosn't require any software for the sender.

Whitelist "black holes"

[Boss, Pointy Haired]

If this "whitelist" mechanism, with a challenge response requirement to get yourself onto the whitelist takes off, how is the situation where two people are using the same [or the same but different] systems handled?

Alice sends email to Bob.

Bob's mail server sends a challenge to Alice.

Alice's mail server challenges the challenge and sends a challenge to Bob.

Bob's mail server challenges the challenge of the challenge and sends a challenge to Alice.

Ad infinitum.

How is this resolved without allowing SPAM through the same mechanism?

Re:Yeah, but

[Tailhook]

But really it dosn't need to be standardized at all, since these things are going to have to be handled by real people, rather then computers.

You are correct. It doesn't have to be standardized.

Now prepare yourself. Microsoft will implement a system whereby you get the challenge mail that contains a link to a page with a Palladium enabled ActiveX control that you must cope with to get authenticated. It will stop spam and be highly successful, popular and integrated with Outlook version 32.010155a and beyond. Defacto, Windows only, "standard."

Wouldn't it be better to have a standard, non-proprietary system?

Re:Welcome to the life of a helpdesk worker.

[WegianWarrior]

Like that is different from working in any other kind of helpdesk!

It's not different from not not working in any helpdesk either, but being the one most your colleguas call because the helpdesk "refuse" to help them... like if I can help them recover they didn't save before shutting down the day before by pulling out the powercord.

That aside, I think there would be a lot less stress overall for the people working for any sort of helpdesk if we users remembered to be polite, and that in turn would mean better service in return (less stressed out helpdesk-staffers would be more willing to give us good service).

Re:disgusting

[sql*kitten]

How is spamming still profitable? Are there that many people out there that are into having sex with farm animals? Or believe their are pills that increase life span? Who the hell are these people?

The economics of spam work because of the huge imbalance between what a spammer pays, and the price of the products bing sold. One sale per million messages probably makes the whole undertaking feasible. I think it was PT Barnum who said no-one ever went bust underestimating the intelligence of the public.

Re:Welcome to the life of a helpdesk worker.

[eatdave13]

Hell yeah. Only problem is, one bad user can ruin a tech for everyone else.

One user didn't like it when I told her that I couldn't send her a Win98 CD, so she called up Customer Service and told them I insulted her and made her cry and demanded that I be fired on the spot. The call wasn't recorded, and my company's policy is to belive the customer before the employee, so when I came into work the next day all my stuff was packed up in a box. Only after poking holes in her lies with other evidence, timestamps, previous calls, etc., AND treatening legal action against the company did I save my job. I wanted to punch each and every user I talked to in the face for the next month.

This kind of thing happens on a daily basis. Well, maybe not to that level, but enough to keep our supervisors busy anyway. Half of the people that come on leave of their own free will within a couple weeks to go back to a job that pays half of what this one pays. Then again, I work for a shitty ISP whose main userbase is the scum of the earth from every backwoods trailer park in the US that other ISPs won't touch. This allows us to provide terrible service that customers continue to pay for because there isn't any other choice.

I've gotten over that, but I've also gotten over thinking of the people I talk to as human beings, because they certainly don't think of me as one. I couldn't give less of a fuck what someone calls me over the phone. I also couldn't give less of a fuck when someone wishes me a nice day, because I know the second I tell them something they don't want to hear they're either going to turn hostile or try to get me to feel sorry for them. I smile a little when some retard deletes something important, but I'm careful not to let it show in my voice.

It's all monotone now.

Re:Whitelisting is the answer

[gujo-odori]

Many legitimate machines and users - even whole ISPs - unfairly end up on blacklists, while the spammers just find another way through.

I spent five years working for ISPs, and during that time the only case of blocking I can think of that you could even possibly argue is unfair is the case of a certain major telco in the western United States which was (and AFAIK still is):

* Lumping its business DSL customers and home DSL customers together in the same pool;

* Not provding reverse DNS services to its business customers (their forward lookup might say mail.example.com, but the reverse still said host-aaa.bbb.ccc.ddd-spammydsl.sometelco.net)
* Doing, as far as we could tell, nothing at all about spammers in their DSL pool, which was a major source of spam;
* Doing, as far as we could tell, nothing about open relays & open proxies in their DSL pool.

This led to the situation of us blocking their entire DSL pool based on reverse DNS.

You could make the argument that it was unfair to said telco's business DSL customers to have their legitimate mail blocked, but I would then ask you, "Who was it that was being unfair to them? My employer, when we had no way to distinguish legitimate from illegitimate mail in that DSL pool from which most mail was illegitimate, or said telco, which was not providing proper service to its business DSL customers, who were paying a large premium over what residential DSL customers were paying and apparently getting little in exchange for their money?" My answer, of course, would be "Not my (then) employer."

Please note that we did not consider blocking of residential DSL customers to be unfair in any way, ditto for ordinary dial pool customers. It is normal for ISPs (and the telco in question did so) to provide outbound SMTP hosts for use by their customers. All those affected, including the business DSL customers, could make use of them either directly or as a smarthost. It is not unfair to tell a residential customer "Use your provider's outbound SMTP hosts. That's what they are their for." I'm not convinced that it's unfair to say that to a business DSL customer either, although I understand how they would like to be able to send mail directly instead of smarthosting through their provider. However, if the telco's position is essentially that a DSL line, because it doesn't cost like a leased line, does not include the normal services that come with a leased line (such as reverse DNS service), that is an issue to be settled between the telco and the customer.

I also question whether or not it is "unfair" to anyone to refuse their mail, on the grounds that delivering mail to any domain is a privilege, not a right. It is, of course, customary to extend that privilege to anyone who has not violated it or is not a member of a group of IP addresses where violation of that privilege is the norm (as in the case above), but no domain can be ordered to accept mail from any other domain. Refusing mail may have consequences for the refuser, of course, but that is their choice to make.

Re:One way to slow a specific flood

[gujo-odori]

Those netblocks are filled with open proxies. The problem is so widespread in (South) Korea that there are days when I think the number of machines that aren't open proxies is in the minority. This is particularly true about boxes at Korean schools.

A quick nmap of those two IPs leaves me fairly convinced that they are being used for spam relay without the permission of their owners. Mailbombing them would not be terribly productive, and would almost certainly get you in trouble with your upstream if anyone complained, and wouldn't really help the situation. I don't consider inadvertant open proxy operators to be totally innocent victims, but attacking their machines won't help anything.

Putting spammers in jail and fining them the value of what they made off spam + a punitive fine would help, but in most places, spamming isn't even a violation of civil law yet, let alone criminal law. We're a long way from giving spammers what they deserve.

Not my helpdesk

[Christopher Bibbs]

When I worked the PC support desk back in the late 90's, I never had a user give me lip. I think assuming that kind of behavior is normal or acceptable is half the problem.

The other half is that people tend to hire tech support based on technical knowledge without considering communication skills. During my relatively short tech support stint (5 years with different companies) I went to half a dozen communication classes. Validate, empathize, assert. Solves most problems and diffuses even the wrost attitude.

Re:Yeah, but

[Ayandia]

The problem is figuring out how to make it multilingual.

If you actually need it to be multilingual, you probably ARE multilingual. Problem solved!

However, if you're someone (like me) who only knows enough of any other language to order beer, what good will it do you if you can't communicate with that person in a language you both understand? (assuming Babelfish-type translations are inadequate).

But besides all that...do you really need email from a person who can't figure out "put this character in the box" regardless of the language the instructions are in?

Re:Fight the good fight

[Reziac]

Way back when, I used to get a ton of spam from one particular IP address in Taiwan. One day I took the trouble to whois it and noted that it belonged to a university. I forwarded one of the spams to the admin contact... and never got another spam from that server.

Another point that brings up -- just because someone doesn't KNOW their system is being used for spamming doesn't mean they don't CARE. It pays to notify before you condemn.

Re:Yeah, but

[ncc74656]

1. you would have their real email address and
2. you could use a 'what number is this a picture of' type questions. The problem is figuring out how to make it multilingual.

Why would it have to be multilingual? I speak English; why would I want to receive mail in a foreign language? (Hell, maybe it'd help block the Brazilian spam I've been getting lately...)

Re:Whitelisting is unethical - hardly

[BattyMan]

My business relies on average people emailing me.

Then you can forget about my patronage, because I do not expose my email address in this manner.
(My slashdot-published email is a blackhole, so don't bother.)

And you can also forget about asking me to use my email address as a userID.
"Everybody who asks for my email address is a spammer until proven otherwise."

Yes, I have no problem isolating myself from the rest of the outside world, especially spammers, telelmarketers, and other advertizers of all types: "If you're one of my friends, relatives, or aquantiances, leave a message, preferably including your number, and I'll get back to you. If you're trying to _sell_me_something_, I either don't want it, can't afford it, or I've already got one."

It's MY email box, dammit. I'll accept or reject anything I please, from whomever _I_ choose!

Email, as it stands today, is useless as a business contact medium. A hundred spams a day forces one to dig a moat and lower the drawbridge only for known friends. Sorry if this interferes with your "business model". Tell it to the spammers who've ruined email.