Anti-Spammers DDoSed Out Of Existence 677
Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"
The Heavy Hitters Are Still Around (Score:5, Informative)
I'd never even hear of the two sites that closed down. Personally, I use Spamcop's DNSBL [spamcop.net], DSBL [dsbl.org], and ORDB [ordb.org].
-Lucas
Re:Double-edged sword (Score:5, Informative)
Re:massive Joe jobs? (Score:4, Informative)
So, when will we see a distributed RBL... (Score:3, Informative)
Re:massive Joe jobs? (Score:1, Informative)
A "joe job" is the term used when someone deliberately blackens the victim's name by false pretences. An example would be if I sent out millions of spam offering "cheap medications and porn and university diplomas, just contact MacBrave at www.accs.net/users/macbrave". You'd get outraged complaints from the recipient, and despite your protestations of innocence your online reputation would be irreparably damaged. That's a "joe job".
Re:The Heavy Hitters Are Still Around (Score:3, Informative)
Re:The Heavy Hitters Are Still Around (Score:5, Informative)
Re:massive Joe jobs? (Score:5, Informative)
Re:massive Joe jobs? (Score:2, Informative)
Naturally, the "Joe" selected gets a bit abused. Naive recipients of the spam send him hate mail. Naive anti-spammers put him on blacklists. And he gets bounces from all the bogus addresses in the database.
There's spam, and then there's spam. Clearly, actions like Joe jobs cross over into small-time identity theft and fraud, which goes way beyond merely annoying people with commercial email they don't want. Spammers are hated because they employ underhanded tactics, not just because they're annoying. And they know that their "service" is unwanted, or they wouldn't go to such lengths to disguise their identity.
IMO, part of the technical and legal solution to spam will need to be a requirement for a traceable signature so that you can locate the spammer and apply appropriate remedies for abuse. Another part has to be be a requirement for an "On-Behalf-Of" header so that the company paying for the spam can be located, and thus force them to take responsibility for the actions conducted on their behalf. Cockroaches will swarm all over as long as we stay in the dark.
I won't miss email black lists. (Score:5, Informative)
As you might have guessed I have no love for RBL type services. I think their hearts are in the right place, but I'm tired of getting caught in the cross-fire. Since at some point, in order to benefit spammers have to be contacted by consumers, law enforcement should be able to track them down. I'd love to see that sort of thing become common. I can't see a technological solution even with a complete overhaul of how email works. I like the fact that a stranger can email me if they like. I just want to see legal limitations on that contact to prevent spam.
Re:Sorry sir, your wallet is too thin (Score:3, Informative)
Ron Guillemate (sic?)
compu-net
Steve Linford
Where's the hiding there?
The FBI (Score:3, Informative)
Re:Sounds like a good use for Freenet (Score:1, Informative)
Re:Here's what cracks me up (Score:5, Informative)
From a google groups post here [google.com]:
If this is correct, I have no indication that it should not be, it looks like a total FBI fuck up.
(more info here [google.com])
Re:distributed.net rides again? (Score:2, Informative)
Re:Sounds like a good use for Freenet (Score:3, Informative)
It doesn't need to be anonymous, just available. SpamCop isn't anonymous. Spamhaus isn't anonymous. SPEWS is anonymous, but they probably don't need to be, and they already have someone who is *NOT* anonymous distributing their lists via PGP signed e-mail (see http://groups.yahoo.com/group/spews [yahoo.com]).
ISPs that use these lists to reject mail are being irresponsible, and are most likely doing it without the knowledge of their users. One false positive that gets dropped is one too many when your users don't know it is happening.
I agree with you there 100%. ISPs *maybe* should offer it as an option, but shouldn't filter by default. I've seen some ISPs do some pretty stupid things with the blocklists (i.e. add the IP ranges to their core router's ACLs). Those admins should be shot.
Admittedly, though, I'm not nearly as concerned about false positives as most people. People tend to forget that e-mail in it's very nature is unreliable, and should never replace a phone call or good old fashioned face time.
Re:probable cause (Score:2, Informative)
There are a number of "members only" spammer resources on the net. You hear about them every now and again in NANAE [google.com]. While I can't say for certain what goes on in those places, you can bet they aren't swapping recipes...
Re:Excellent idea! (Score:3, Informative)
All you need to do is put a PGP signature on the list.
Re:Sounds like a good use for Freenet (Score:3, Informative)
And you would trust this file enough to block email based on it's contents??? Accountability is the biggest problem with RBLs, and moving it to a completely anonymous system would loose the last level of trust that they currently have...
Freenet is not a "completely anonymous system" in the sense you seem to be using it. While you can not trace a file back to the owner necessarily, it is possible through the use of the SSK mechanism that sahalx mentioned to establish that a file came from the same source as another file.
Therefore, in conjunction with some of the other features of Freenet, once you decided you trusted a particular blocking list, perhaps one specifically mentioned on the former website of the blocking site, you can be reasonably confident that only that person is posting a block list to that file, short of someone breaking into their computer and stealing their key. (Which if they are good enough to not store the private key in their computer, perhaps by writing it down and typing it or eventually even just memorizing it, isn't possible either.)
Therefore, Freenet is perfectly capable of filling this role. You may not know that "Person X" is accountable, but you can know "Key 7ch3babf83jcn1qws9c://rbl.txt is reliable, and by extension the owner of key 7ch3babf83jcn1qws9c is reliable." and that's good enough for all but the most paranoid folk... and even if it DOES go bad, you tell your software to ignore it and move on to something else.
In fact, Freenet is probably superior to HTTP because of the signing, esp. w/ memorized or physically written keys. (Hopefully conventional RBLs are already signing their lists and hopefully you're using the signitures; I don't know what the state of the art is because I believe RBLs are censorship [jerf.org] and do not use them. But I recognize not everyone agrees with this so discussing how to do them better and more securely doesn't give me too much cognitive dissonance.)
Also see the Freenet FAQ [sourceforge.net]. (Freenet's documentation seems to come and go; right now it seems to be at a low period. I remember better discussion pages for "What is an SSK?" but I can't seem to find them from the site now and Google searching for it gets swamped by references to actual SSK-addressed files.)
Anti-spam is Not rocket science .. (Score:3, Informative)
Our institution has a central broadcaster for corporate info. Any email for the general worker population is sent via that broadcaster. That's one filter. Coworkers another filter. Personal address book another filter.
That's it. Anyone else goes to Junk and that is checked every couple of days in a dedicated time slot. Nothing gets missed. And time isn't a factor because when was the last time you received some kind of deadline item from someone you didn't know?
Maybe a business has a few machines that really can't implement such a filtering scheme (eg. sales) but not everyone in a business has to be subject anonymous email solicitations. But at home it makes no sense that you have to be inconvenienced by spam. Just look at it statistically, how many emails have you had from addresses you didn't know, that mattered? OK maybe that Nigerian general with the account
Re:distributed.net rides again? (Score:2, Informative)
Freenet implementation is downright *trivial* (Score:3, Informative)
You're not short of time; creating the system you describe (assuming good client software) hardly takes longer then typing your post did.
A Freenet implementation is not a pipe-dream that would take months of highly-skilled developer time to implement, it's something anybody could do in about half-an-hour, if the RBL clients are configurable enough to take the RBL lists from varying sources like a shell script and not just HTTP. I don't believe in RBL lists because I believe they are censorship [jerf.org], so I'm not going to do this, but it would take so little effort you'll be astounded. You could do it over a lunchbreak.
Re:Can't ISPs do something? (Score:3, Informative)
Yeah, that's what we expect, but what the hell, the ISP's are part of the problem, they don't mind raking in the extra bux from the spammers to keep them connected. It's just *business* after all. **spit**
ISP's make money hosting spammers so ergo to put spammers out of business cuts them out of a goodly sum of cash to keep their already failing businesses alive. It's all *so* much bullshit.
Wrong, get your facts straight. Joe Jared runs Osirusoft. Matthew Sullivan runs SORBS.org. The only thing he gave was a general derision for all the Average Joe's who thought they could run mail servers competently by opening a Microsoft Exchange box and installing the CD, or any other software, without giving any thought to reading the friggin' manual, no thought for whether or not that software was set up securely or whether their systems were fully patched.
Yeah, we should automatically assume everyone on the 'net is as competent as Matt Sullivan. Yeah, that's the ticket!