Anti-Spammers DDoSed Out Of Existence 677
Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"
probable cause (Score:5, Insightful)
Lack of community... (Score:3, Insightful)
Like it or not... they work (Score:5, Insightful)
Using a spamtrap that using weighted scoring, like SpamAssassin or the like, you can use the data they provide combined with your other heuristics (and whitelists and bayes) to provide a much more accurate view of the overall picture.
--D
Wasn't it the anti-spam service that got hit? (Score:2, Insightful)
got hit here. The spammers won, or am I missing something?
Magnus.
massive Joe jobs? (Score:2, Insightful)
It seems sad on the surface, but I won't miss 'em (Score:3, Insightful)
Most (all?) of the "anti-spam" systems out there are very poorly thought out. The ratio of "collateral damage" to actual spams stopped is way too high. And who appointed these guys worldwide "email cops" anyhow? I know I didn't.
There has to be a better way to block spam than blackhole lists and the like! Maybe making it a Federal crime to buy anything from a spammer? Voila, no one buys from spammers, so spammers stop spamming the US...
Re:distributed.net rides again? (Score:3, Insightful)
If you can have distributed attackers, why not distributed targets?
Two Wrongs Make a Right (Score:3, Insightful)
Now, knowing that law enforcement WON'T do anything against this, what happens when we decide on vigilante justice and return the favor onto the spammers who DDOoSed them (it's an assumption)? Will the law suddenly perk up and seek those who struck back?
And what sort of example is this proving? That Law Enforcement doesn't matter/work with technology as the internet? Is this foreshadowing for the California Anti-Spam bill?
This is your typical example of hitting your little brother/sister back after s/he hit you and your mom catching you only citing "It's always the second person who gets caught."
ANOTHER problem (Score:5, Insightful)
A lot, if not the vast majority of infected zombie attackers out there are located in asia pacific. Trying to track down the responsible admin, and then trying to get a response is -near impossible-. Language barriers, general apathy, it's all there. On top of that a lot of hosts in Korea have awesome pipe.
Seriously, people keep bandying about the idea of using freenet for distribution of blackhole lists, but it's probably absolutely THE best solution to the problems we're facing. The ISPs can only do so much, and when the lists are distributed from a central, known source.. well, we've seen the results of this.
I suggest one of us take up the cause of creating this freenet distribution system. It could revolutionize the way trusted data is passed if it works successfully for an RBL. I'd do it myself, but I'm beyond short of time, and brains for that matter :)
Here's what cracks me up (Score:5, Insightful)
We've had a succession of Washington suits yakking on about Information Security, and Cyber War and The Great Potential Threat To Our Infrastructure, and yet when DDoS attacks actually happen, what do they do?
You guessed it. Squat.
There's no votes and no budget in actually fighting crime. There's plenty of capital to be made in selling up the threat, and in promising that you'll fix it, given just a little more time in office, and a slightly larger personal empire.
What I'd like to see is our Dictator of Homeland Security pinned down and made to explain why he's not doing something about the attacks that are happening now. If we can't defend monkeys.com from a DDoS from malicious assholes, how does he expect to believe that we're able to defend safety or economic critical infrastructure from the same kind of attack launched by the truly malevolent?
Comment removed (Score:3, Insightful)
What are we going to do? (Score:5, Insightful)
How can we take it back? If we can't, how can we replace it with something more resistant to these electronic malignancies?
I want instant communication with friends and colleagues all over the planet, but I don't want UCE. I want instant access to the world's knowledge on all topics, from crucial news to movie trivia, but I want it without viruses, interstitial ads, popups, spyware, and all that other crap.
By using Linux with some other specialized software, I have erected a defensive perimeter around my internet existence, so the tidal wave of garbage largely passes me by. But the walls need maintenance, and there always seems to be some new leak that needs plugging.
It's regrettable that we need to take such drastic measures, but what really worries me is that the need is increasing with time. Can you imagine the situation where 99% of your email is spam? Is there an alternative to giving up email entirely at that point?
Sorry sir, your wallet is too thin (Score:5, Insightful)
If a MMORPG gets cracked and the rich owners get inconvenienced for half a day, the FBI flips out and immediately mounts an investigation.
However, these guys are repeatedly DDoS'd and nobody cares.
It would seem that the government only cares about cybercrime when big cash is involved.
Re:It seems sad on the surface, but I won't miss ' (Score:5, Insightful)
I myself had a runing with Anti Spam sites. For some bizzare reason the IP of my mail server was listed as a spam server. Which is BS as it's only ever used for personal mail.
It took 5 emails and 3 days to get my server IPs of the list.
It's a real bitch. Your mail bounces, you call the ISP that bounced your mail and they tell you that "such and such list", now you got to go to that list and request a removal. The problem is that many of the lists mirror additions but NOT removals. So you get added to one list and tada you're in 20 and got to remove yourself one by one...
Re:Sounds like a good use for Freenet (Score:4, Insightful)
Equality under the law (Score:3, Insightful)
But I understand that, especially now during our war against terrorism, law enforcement must prioritize, and go after bigger threats to our well-being.
I applaud John Ashcroft for realizing this, and using our scarce law enforcement resources to attack the real threats: Tommy Chong, the bong seller [dangerouscitizen.com], and porn that personally offends him [tvbarn.com].
If these anti-spammers were serious, they'd do the right thing and incorporate as for-profit companies and make the campaign contributions that would purchase them real police protection. That they haven't makes it clear to me that they have no reason to expect law enforcement to take them seriously.
Re:Sounds like a good use for Freenet (Score:2, Insightful)
Re:The Heavy Hitters Are Still Around (Score:5, Insightful)
The blacklister provides information to various people who choose, on their own, to say "I do not like what you are doing, Mr. Spammer, and I will not allow you to use MY system to do it."
The DDOSer says "I don't like what you're doing, and I will not allow you to use YOUR system to do it."
Re:distributed.net rides again? (Score:4, Insightful)
Re:So, when will we see a distributed RBL... (Score:3, Insightful)
Re:So, when will we see a distributed RBL... (Score:3, Insightful)
A digital signature on the RBL seems like an obvious solution? I'd trust a list signed by monkey.com but not by I'm-a-big-bad-spammer.com
Of course how the initial trust of the signer (not of the digital signature which would be chained) is established is a question but that question exists today.
I will act! (Score:2, Insightful)
We are the complacent ones. We are responsible. We must no longer sit in our chairs and point at each other. If we don't like what's happening we must stand up and act!
Spamassassin is good. Rating systems are good. Distributed early detection of spammer hosts is good. P2P distribution of anti-spam intelligence is good. Rate-limiting spammer hosts is good.
If we really care, we will create the defense and save the 'net. If we really care, we will act.
I will act.
I fight spam!
Re:Sounds like a good use for Freenet (Score:4, Insightful)
If you don't trust it, don't use it.
Why is this concept so damn hard for people to understand? These lists are VOLUNTARY. Mail server admins are not forced to use them. They CHOOSE to use them because they are EFFECTIVE.
Your arguement about putting these lists on freenet hold no water. There's no way these files would go online without a PGP signature, and people downloading them would be stupid not to verify that signature. So long as you trust the signer, you're fine. If you don't trust the signer, don't use the file.
The distribution of the files can be completely automated to the point where an automated script can download the file, verify the signature, and load the contents of the file into a locally running DNS server (I'll even be so bold as to suggest rbldns, which comes with the djbdns distribution). The distribution network would be all but impervious to denial of service, since the only way to bring it down would be to DDoS anything running the freenet client.
Funny how people conveniently forget about these little details when it doesn't suit their arguement...
Re:massive Joe jobs? (Score:5, Insightful)
Think of spending all your time, energy, heart and soul developing a business (or organization), providing for it, gaining credibility and referrals, making a name and niche for yourself, however small. Imagine you're attempting to support and educate a family via that business.
Now imagine it all wiped away with no thought at all by anonymous monsters of greed.
That's precisely what happened to me. I'm actually not illiterate. I exercised care in building my site, selecting a host for it, making sure it ran Linux
Then I made the mistake of becoming ill. Over Christmas I spent six days in the hospital, and when I came home, a corresponding several days downstairs. They struck during that time. I returned to hundreds and hundreds of bounced messages, angry complaints, bitch-outs, whatever.
A call to the tech support people actually put a stop to the whole thing rather quickly. The spammers were using Sprint, and apparently Sprint lacks tolerance for these issues. I wrote to each and every person who'd bitched, swallowed my pride and explained who I was and what had happened. Some wrote back.
On the practical side, I have now a trusted friend who will look after things for me if I ever become ill again, and I will do the same for him. In fact the two of us may lease a server from a reputable company. That's a huge cost, but it may well be worth it.
On the emotional or impractical side, even eight months later I have an enormous amount of anger. Anger is often un-helpful, but I entertain visions of finding ways to inujure these people (not physically or by violence, but in their ability to do this). I visualize them financially ruined, humiliated in public, hounded out of their neighborhoods. I visualize attacks on their servers. That's all quite counterproductive. In order to deal with the anger part, I spend my spare time writing a novel in which a spammer is murdered. It's not half bad.
Regards,
Anne
No surprise (Score:2, Insightful)
What I don't understand is, why can't the government go after the people who enlist the spammers' services? For example, I've gotten spam from some "financial services" companies that want me to take their investment advice. They have obviously hired a spammer to spew emails on their behalf. Why can't that company be fined or sued? If we make it too expensive for the ADVERTISER to use spamming services, then I believe that will reduce spam overall. Or am I completely naive?
Re:Two Wrongs Make a Right (Score:5, Insightful)
Does anyone know if law enforcement was even CONTACTED?
As a state prosecutor, I can charge DDoSers with felonies, but I need to be able to track them down, and I need a victim to report the crime.
Re:I have the solution to spam. (Score:3, Insightful)
Instead of outlawing spamming, outlaw the purchace of products advertised with spam.
Sounds like a great way of killing competition - companies would just send spam pretending to be from companies with similar products.
Re:Sounds like a good use for Freenet (Score:4, Insightful)
By the way, I don't have any beef with RBL lists. But I have a big problem with ISPs using these lists to reject mail. They should be used by end users, or perhaps by a mailadmin to reject mail to an entire domain. Or they should be used to mark mail as possibly being spam.
ISPs that use these lists to reject mail are being irresponsible, and are most likely doing it without the knowledge of their users. One false positive that gets dropped is one too many when your users don't know it is happening.
High time for MTA licensing. (Score:3, Insightful)
I think we need to implement a system where operators of MTA software need to be licensed, just like radio operators. The licensing should be open to anyone. The rules need to be:
1. The licensee's MTA is only allowed to receive email from their own network to forward, and only receive email from other licensed MTAs from outside their network.
This means that licensed MTAs will reject email from adsl-1-2-3-4.somebigisp.com, but will accept email from mail.somebigisp.com. A cryptographically signed list is distributed containing the list of MTAs that are licensed.
2. If a licensed MTA operator's MTA is used to send spam or viruses, the MTA operator has their license suspended. Egregious violations can be punished by fines, or in extreme cases, imprisonment.
3. ISPs (as opposed to an MTA run by an individual or a small company) would have to be licensed themselves to send email, and hire only licensed MTA operators to run the mail gateway. If an ISP is guilty of allowing spam or malware through their MTA, they can lose their MTA license, and in egregious cases, be fined.
Licensing exams must relate to MTA operation best practise, rather than the specifics of operating a particular piece of MTA software. Licensees will be expected to learn how to properly configure and test their software before putting it online. Hopefully, the risk of a license suspension/revocation will provide ample incentive to ensure the MTA is configured correctly.
Licensing rules would have to be agreed by international treaty. The licensing authority should probably be national governments, but could be the administrator of the DNS TLD for the full DNS name of the MTA in question.
Effectively, licensing will be a big whitelist of mail server operators who have a minimum mandated level of clue, and a code of conduct enforced by the rule of law.
In the early days of road vehicles, there were no drivers licenses. However, you'd have to be nuts to argue that driver's licenses (and most are internationally recognised) are a bad thing these days. The same really needs to go for mail servers - doing nothing at all is no longer an option. In the last 48 hours, Exim on my server has rejected just under 3000 instances of the Swen worm and SpamAssassin has canned 400 spam emails. Indications are that it will ONLY get worse. Rewriting SMTP won't help - we need proper rules about email, and proper remedies that can be applied (license revocations, fines, imprisonment) when people fail to follow those rules. With proper MTA licensing, ISPs will ensure they can properly identify all users and can so punish people who try and abuse their MTA, instead of just ignoring the problem like they do now. I'm beginning to wonder if email is worth it any more unless measures like this are put in place.
In the short term, ISPs can help by blocking all outbound port 25 access apart from their mail gateway. Slashbot whiners who don't like this can stump up for a business broadband account and a static IP if they really must run their own MTA.
Distributed RBLs (Score:3, Insightful)
More to the point, given that it's certainly doable with plain old DNS: why don't we have one already?
Let's say I run a DNSBL server on a domain I own, "bl.dnsblacklist.com" say. How hard would it be to allow volunteers, preferably at large corporates and ISPs to download the entire zonefile contents via DNS AXFR (or whatever), in return for hosting a mirror server complete with another A record for "bl.dnsblacklist.com"?
I would get to vet the applicants, because they would need to contact me first to acquire the necessary permissions required get access to the zonefile. If I don't trust the applicant to be 100% legit, or get evidence they have misused the data (which, at then end of the day is just a list of IPs that have sent spam), then it's access denied. There are some potential problems with this that I can see though. We still have a limited number of IPs for the distribution of the zone files to the slaves, so it would possible to DDOS those, unless that role could be safely distributed too.
Note: this occurred to me while reading the article, so I almost certainly have missed some potential holes. Still, it does seem a way for a DNSBL provider to gain some resiliance for free if those holes can be plugged. Comments?
won't miss email black lists, but miss the point (Score:2, Insightful)
The point is there're people (spamming scum) taking down anything they don't like about using DDOS attacks and the law enforcement agencies and ISPs are doing NOTHING to stop it.
Whether you like blocklists or not, the fact is a lot of other people do like them. They are being denied a valuable resource (to them) by people who oppose to what blocklists do. The opposition is using clearly illegal means to achieve their goal of runnign down all and every blocklist out there. This is a very definition of censorship.
Wait till some scumbag doesn't like what you do on your server and DDOSes it to hell and back. You try to contact the FBI about it and they don't want to hear about it. I'm confident you'll see what the point is then.
Proletariat of the world, unite to kill spammers
Re: SpamCop paying $30K / year (Score:5, Insightful)
The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.
And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.
And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.
Nice going.
It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.
Proletariat of the world, unite to kill spammers
Law enforcement. (Score:3, Insightful)
Re:Excellent idea! (Score:5, Insightful)
And then there's the nuisance factor...script kiddies chucking up their enemys' domains as spammers, adding aol.com, etc.
In order to establish trust, you'd have to have one of two things: 1) a trust authenticator, which is a central organization which can be shut down using DDOS and invalidated or 2) a web of trust, requiring admins to opt in to certain zone administrators' records, which would take quite a bit of time and would be very fallible.
Neither is that great an idea.
What IS a good idea is a distributed network of blocklists not like Kazaa, but like an IRC network or DNS. Trusted submitters are given powers like unto moderators to push information to a core set of servers, from which other servers pull their spam blocklists.
We could do this now, using the server mirroring system that already exists for things like Linux kernels. Hell, we could even maintain versioning, to back off mistakenly blacklisted domains.
Of course, the best idea will always be not to publish your email address and to guard it like a hawk. I get maybe 5 spam emails per day and that doesn't bother me at all.
Re:Good riddance (Score:3, Insightful)
Hey buddy, I did not take away anything from you... You don't really believe what you are saying, do you? I think your statement is missing the element of reason.
I just hope you remember this the day someone steps in and forces it upon you what you can and cant do with your system.
The spam blockers already did, and that is what my message is all about. Did you know, for example, that some business are hosted by Earthlink and Earthlink blocks spam to those hosted domains by using some blacklists? That's all fine, but what happens when the blacklist is wrong and critical business communications cannot get through even though *both* sender and receiver are constantly trying to contact Earthlink to resolve the issue... Where does your "it's my choice, dammit" argument fit into this? Should we switch ISP because the blacklist people are not responsive? Or perhaps we should ask our suppliers and customers to switch ISPs instead of us? BUT WAIT!!!! You are talking about NOT forcing people to do anything!
Both people that want to get your email, and those that want to send it, can do so VERY easily with no problems at all from blacklists, if you just choose to not deal with blacklists.
Well, your world might just be small enough for this to hold true, and this would be a solid argument. In my world, where there are many different people e-mailing each other critical communications, and not everyone has direct control over their own servers, and often one depeneds on intermediaries to do the right thing, your argument has been proven dead wrong.
But whatever, to each his own. I did not shut down any blacklist servers myself, so if you feel you have lost something, you are directing your anger at the wrong person. All I know is that life became a lot better when we liberated ourselves from having anything to do with blacklists.
Now, I respect your right to your opinion, just remeber I have a right to have my own (wrong?) opinion too.
Re:Good. (Score:3, Insightful)
A lot of the mail I sent out was comming back with notes that it was sent from a black-listed server and therefor was not going to be delivered. As it turned out my host company, was guilty of having open ports and had at one time hosted a spam site. The result was that every IP in their IP block ended up on a black list including mine.
Since my host won't fix their servers, and I can't get my IP removed from the black lists, I'm moving the website to a better host.
Do what I did, and move your site. Chances are, if enough of their clients leave them they might start thinking about closing their open ports and stop relaying spam.
-Goran
Monkeys.com/Ron Guilmette did TWO useful things (Score:5, Insightful)
Ron made periodic posts to news.admin.net-abuse.email in which he listed the top 40 proxy abuse-source IPs. He also contacted the ISPs from which the abuse originated and was successful in getting many of these to boot the spammers (which is a big reason spammers wanted to put him out of business, it would seem.)
Ron was making real and substantial progress toward ridding the net of spam - even if you never heard of him he was helping you, and the help I speak of had none of the flaws of blocklists.
Spammers look about everywhere on the net, seeking abusable open proxies. That means proxypots will succeed almost anywhere on the net. Just about anyone can help identify spammer IPs and get the spammers thrown off their ISPs. Ron's Top 40 list was a nice bonus and it helped show which ISPs were responsive and which protected spammers. Similar information from a single site (yours, if you'd do it) would be also have great value.
I'd direct you to the Bubblegum proxypot web page but that, too, seems to be down. There's still something you can do even if you don't run a proxypot. If you have a software firewall on your system you can find the log entries for rejected proxy connection attempts. Chances are great that those were made by a spammer. Report the attempt to the appropriate ISP. I'd also suggest letting your ISP know: if spammers are looking in your ISP's space for abusable proxies the ISP can take protective actions. Your ISP also may have greater clout with the spammer's ISP - at least it's worth a shot.
DDoS proof System to get rid of spam (Score:2, Insightful)
There is a way to fight of spam, with a p2p like system!
You first have to get rid of the 'blacklists' idea to detect spam. As already mentioned by many people, they have downsides and moreover in a p2p net there is no 'authority' and so they could do anything, but noithing what is intended.
You even have to forget about all 'traditional' ways to identify a certain mail to be spam.
A p2p is the most powerful tool against spam, I can imagine. It offers the strongest method to detact spam, because only a _network_ and distributed computing offers the possibility to reveal information unique with spam.
Unique to spam is that a huge amount of mails are sent over the net in 'short' time, with almost identical (i.e. identical in parts of the content, not header fields) content.
If we get to know, that many mails with almost identical content are sent over the net in a short time, than we know, that spam is going on. and viola, spam>/dev/null
0. If the sender is on the whitelist, the mail is treatened normaly! (To avoid declaring mailinglist, newsleters and the like to spam, if they are not.)
1. We need to use common p2p technology to inter connnect mailservers, relays and mailclients.
2. When revieving a mail it gets queued in a verification queue.
3. For each mail in this queue, checksums of different parts of the mail are calculated. This 'checksum-sets' of received mails are stored and keept for some time. (Let's call that, the mail servers own checksums)
4. The checksum-set ist sent out to a handfull other participants on this p2p for 'confirmation'.
5. If such a 'confirmation' request is received, the checksum-set is stored too. (For a shorer time)
6. All checksum-sets (the own ones an the ones from _different_ hosts requesting 'confirmation' are now compared to each other using Bayesian statistical approach.
7. If to checksum-sets indicate a very similar, both checksums-sets get bundeled together and sent out as an 'alert notification' to all hosts connected. (The host IP's recieving such a mail are very important to avoid checking one hosts copies of his checksum-set temporarily stored on other servers!)
8. When receiving an 'alert notification' the mailserver checks similarity against all checksum sets, he has stored. If further similarities are detected, the are added to this 'alert notification' and again sent out to all connected machines.
9. Once the a 'alert notification' reaches a critical number of 'host' that received such a mail, they sent this package to all of these hosts and theyl delete the mail. (Of course this 'alert notification' will not be deleted, it will, again, be stored for further checks, as a 'spam notification'. (Mailservers that recive such spam mail some time later, should not start the whole process all over, since spamcase is already clear. Of course they'll receive this 'alert notification' withn an indicator, that all included hosts have already received this package.
10. The mails that 'survive' for more than an hour in the veryfication-queue are valid and leave the queue.
11. We're done with it.
The critical number should not be high enough, to avoid droping mails with multiple receipents or 'false positives'.
(Maybee I have forgotten one or the other detail, but I hope you can understand the priciple
Re:Excellent idea! (Score:2, Insightful)
So why are you compounding the disincentive? (Score:4, Insightful)
Who wants to become a volunteer in a world where if your efforts fail you will be seen as a failure and if they succeed you will be seen as an entitlement?
Re:It seems sad on the surface, but I won't miss ' (Score:3, Insightful)
Hear, Hear. Effective blacklists with no practical collatarate damage actually exist, even if all the attention seems to gather around the overzealous(SPEWS) and stupid(AOL) blocklists.
dsbl.org [dsbl.org] open proxy/relay list, easy to get out once you fix the problem. very effective.
spamhaus.org [spamhaus.org] lists IP addressess known to belong to spammers. Not as effective as dsbl, but a nice compliment in case spammer decides to send mail directly instead of raping a relay.
with those two, 60-80% of spam will stop at gates, so you will still need a content based filter for the rest.
Distributed Spammer List Network IS possible (Score:2, Insightful)
Re:See guys, (Score:3, Insightful)
I have an uncle who is a trucker. He was amused by this comment. He said the worst time on CB in his memory was from ~1977 to ~1982 or so, before that, truckers primarily used it, with respect for each other and some unwritten "rules". Then it became popular culture and was destroyed. After it "died", you would find it used primarily by truckers, with respect for each other......
Anyone use USENET or IRC before 1997? Gee, it would suck if the Internet died like this.
The problem is not spammers (Score:2, Insightful)
And if the spammers lose most of their customers, they will have to raise the prices to a able to pay for their access, and become far less appealing as a means of communication.
Just my thoughts,
Willy
Re:The Heavy Hitters Are Still Around (Score:3, Insightful)
Sure, and from a crook's point of view, the police are a DDOS. Conversely, if you find that argument reasonable, you are probably a crook.
The notion that providing information that individual ISP's are free to use as they choose is in some how equivalent to illegally hacking into private computers and using them to shut down somebody else's internet access is one that only a criminal would take seriously.
Re:I'm taking my ball and going home (Score:4, Insightful)
1) While his servers are under a DDoS attack, nobody can use them, which means the blacklist is basically useless. This is why it's called "denial of service" - the ability to use the service is being denied.
2) The only technical way to withstand a DDoS attack while still continuing to provide service is to increase your bandwidth so you have enough to handle both the attack and legitimate requests. This costs a LOT of money. Another poster mentioned that SpamCop spent $30,000 on this. SpamCop has paid subscriptions (I'm a subscriber myself); Monkeys.com does not. Do you have an extra $30,000 lying around that you could donate? I don't.
3) The non-technical solution is to go through law enforcement. He contacted the FBI, and they didn't know what he was talking about. Perhaps he should keep trying, but due to the nature of the attack, I'm not sure the FBI could help if they wanted to - there's no way to track who is responsible for the attacks, so there's nobody to prosecute for a crime.
I want X, but I don't want Y (Score:3, Insightful)
The unstated (but pervasively implied) follow-up to the above statement is "... but I don't want to actually have to pay for any of it".
Sure it's sad to see a service that you're familiar with and like to use (like these anit-spam services) suddenly fold up shop. However, I'm curious why none of the comments anywhere in this thread bring up the idea of some type of for-profit approach (i.e. a subscription-based service).
If there really is no one who is willing to pay for these types of services... well, you get what you pay for. If you believe that "the internet becomes more worthless every day", maybe that's because when it comes time to put your money where your mouth is, you consider its worth to be $0.00.
Just my $0.02 (figuratively speaking, of course)
Peer-to-Peer approaches to DNS-RBLs (Score:3, Insightful)
such as Usenet and Freenet and Gnutella and probably Kazaa, and it's not too hard to develop efficient data formats for baseline and incremental update and detail records (easier for IPv4 blocking than IPv6
There are some problems with broadcasting the list as opposed to doing transactional interaction - a list of "mis-configured open relays or proxies with updates" is not much different from the spamware spammers' products of list of new still-usable open relays. (It's a bit less useful, because they know that some people are blocking them, but they also know that lots of people aren't.)
The other half of the communications process is harder - getting the information on spammers to the list maintainer without exposing the list maintainer to attack. A simple usenet group or IRC channel can be flooded, and email can be mailbombed, and the obvious way to do it is with bogus spam reports to reduce the integrity of the information. And some of it's an arms race, e.g. spammer submits a purported open relay to list-manager the list-manager's tester tests the "relay", and the "relay" captures the tester's IP address for DDOSing.
There are spam-reporting reputation systems - Cloudmark and Vipul's Razor do some of that, if imperfectly, or simple subscriber-only systems can stay below the radar (even though they'll have some spammers subscribing...) and you could probably build one that was P2P for a bit more safety. Vipul's distriuted approach lets users mark messages as spam, and distributes hashes, rather than killing whole sites, but you could adapt it.