Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam Your Rights Online

Another Side-Effect of Spam 84

Posted by timothy from the blame-spammers dept.
ghostie writes: "According to this article on news.com.au Telstra (Australias largest Telco) is having some problems with email blacklist operators. They claim that large (previously unused) portions of it's IP range have been black-listed even though they have never been used before. It seems the direct-action approach to stopping spam is having a detrimental effect as well. When will it all stop?"
This discussion has been archived. No new comments can be posted.

Another Side-Effect of Spam More

Another Side-Effect of Spam

Comments Filter:

  • Spam will not stop until the current SMTP system is replaced. The main reason the current SMTP system can't be eliminated is all the current registration systems which send an email confirmation. Admittedly, my own site is part of the problem in this regard.

    A system like passport would go a long way toward stopping spam. But I honestly don't see how to convince both consumers and content providers to join in on that system.

    • Re:Email is broken (Score:3, Insightful)

      by DrSkwid ( 118965 )
      A system like passport would go a long way toward stopping spam.

      Apart from "selected partners" of the passport provider.

      They just cant help themselves.

      • Apart from "selected partners" of the passport provider.

        Well, first of all, I said a system like passport.

        But even with passport, you use an email address once, to sign up, then you never have to check it again. Sounds pretty spam-free to me.

        • eh?
          the solution to spam is "don't check your email?"

          • the solution to spam is "don't check your email?"

            No. That's not even remotely close to what I said.

            • Sorry, I see what you're saying now. I just read the thread from the start.

              However, I hardly think that the way one registers with web sites has *any* bearing on replacing SMTP with a system that hinders spamming and spoofing.

              Any more than not giving your phone number to your doctor will stop double-glazing salespeople calling.

              • However, I hardly think that the way one registers with web sites has *any* bearing on replacing SMTP with a system that hinders spamming and spoofing.

                The problem is that web site registrations are automated. It's really easy for me to block spam from automated senders. I just set up a capatcha [captcha.net] for first time senders, and put people with whom I have ongoing correspondence into an allow list. Mailing lists could be set up the same way, or even better mailing lists could be done by only pushing the notification of the new message, and then downloading the actual content from a well-known server (either in advance or at the time you read it).

                Any more than not giving your phone number to your doctor will stop double-glazing salespeople calling.

                It's much easier to regulate the phone system, because phone calls are by their very nature non-anonymous. Giving a central authority access to the identity of every single caller and call receiver would enable laws to be useful, but who wants that?

                • Too bad if you're blind.... I was thinking of a simalar system, first time senders are sent a confirmation url they must open, and if it's not opened I get sent a mail saying email@dress tried to send you a message with a subject of 'subject', do you wish to discard, deliver, or deliver and whitelist?

                  • Too bad if you're blind....

                    There are audio capatchas, or you could just give your blind friends a special address.

                    I was thinking of a simalar system, first time senders are sent a confirmation url they must open, and if it's not opened I get sent a mail saying email@dress tried to send you a message with a subject of 'subject', do you wish to discard, deliver, or deliver and whitelist?

                    Yeah. I don't like that particular solution, because it requires waiting round-trip for the reply and everything, it eliminates anonymous sending, it bothers the people whose addresses were faked in the From:, etc. Most importantly, it's not scalable. Once the confirmation url method becomes widespread, so will automated spam systems which confirm. You have to use some form of capatcha, or put some cost on the sending of the email. Or you have to make email non-anonymous, which is what the folks pushing the spam laws in congress want the solution to be.

                    • My sugguestion only requires a valid from or reply-to address, and I did intend to use some sort of capatcha, but not an image based one. A text based capatcha would be easy, i.e. "parrots, bluejays, robins and sparrows are all what? (birds)" Additionaly once someone correctly responds to the capatcha they would be added to a whitelist. Optionaly a system like spam assassin [spamassassin.org] could be used to decide in an email is "spammy" enough to bother requiring a capatcha response.

                    • Oh, I see what you're saying. Yeah, that'd work fairly well. Except of course for signing up for websites, which is probably the biggest impediment to implementing most of these systems.

                      You can use different email addresses for every site, and maintain them all, like I do, but I don't think most people are going to go through all that trouble just to save a few minutes a day of hitting the delete key.

                    • Except of course for signing up for websites, which is probably the biggest impediment to implementing most of these systems.



                      That's why I'd have a web front end set up to deal with messages that haven't been confirmed by the sender.

                    • That's why I'd have a web front end set up to deal with messages that haven't been confirmed by the sender.

                      You aren't by any chance willing to release the source code for that front-end, are you?

                    • You aren't by any chance willing to release the source code for that front-end, are you?



                      If I set it up, I'll GPL it, but that's assuming I ever get around to it. My idea is only an idea at this point. This stuff shouldn't be too hard to do in perl...

                    • once someone correctly responds to the capatcha

                      But what's to keep a pair of capatcha's from getting into an endless ping-pong match?

                      -
                    • But what's to keep a pair of capatcha's from getting into an endless ping-pong match?


                      X-Loop mime headers, and resonable limits on the number of verification requests

                      I'd have to think about how to go about making things go smoothly when both sender and reciver addresses are protected.

                    • X-Loop mime headers, and resonable limits...

                      I should have been more specific in my post. My own "ping-pong" metaphor distracted me :)

                      I realize there are ways to prevent the programs form looping. The real problem is how do you resolve it at the user level? How do you keep messages from vanishing into a black hole while keeping spammers from abusing the resolution mechanism as a back door into the mailbox?

                      -
                    • Well, first is the assumption that spamers almost always use a fake from and replyto address, and if they don't, it won't last long. Second, the whitlisting function can make the user aggree to some terms and have a visible threat of suit if the software is abused. It would easy to show that a spammer made effort to circumvent an antispam effort, and I would easily be able to sue. The other thing is I don't expect they'd bother with going to the effort confirming thier address. This setup will clearly need a lot of planning.
                    • This setup will clearly need a lot of planning.
                      I hope it works, but I still don't see how you deal with the bounce going to another protected mailbox. You want to "make the user agree to some terms", but only the filter is seeing that message.

                      If you have 2 protected mailboxes, I can't think of a way to avoid displaying an untrusted message to a human at one end or the other.

                      -
                • finally I get your point, you should have expanded to start with ;)

                  I tried TMDA but I needed to be running my own SMTP server but I'm not on a fixed IP and getting my ISP to put TMDA in place at their end is a no-no too.

                  Giving a central authority access to the identity of every single caller and call receiver would enable laws to be useful, but who wants that?

                  Can't see as its much different from my telco having my number. They publish opt-outable directories etc. They sell them in electronic form to cold-callers.

                  it's going to be a long time before our in boxes are safe, i know that much

                  • finally I get your point, you should have expanded to start with ;)

                    Yeah, I do tend to do that too often - assume that the other person can read my mind and everything. Sorry about that.

                    I tried TMDA but I needed to be running my own SMTP server but I'm not on a fixed IP and getting my ISP to put TMDA in place at their end is a no-no too.

                    It could also be done quite easily using a website. The only problem is that most people aren't used to seeing "email me at http://youmightbeaspammer/so/use/this.form". Well, that and the fact that you can't sign up for any services. I really need to modify my phpnuke to make email address optional. But first I need to get rid of all the ugly security holes.

                    Can't see as its much different from my telco having my number. They publish opt-outable directories etc. They sell them in electronic form to cold-callers.

                    But laws against telephone solicitations do work. Ever since I've gotten my cell phone I've used it to sign up for everything. I've gotten 2 phone solicitations so far (in a year and a half), from companies which I already had a pre-existing business relationship (one was my credit card company, I forget who the other was). I told them both that I was on a cell phone, and not to call me any more, and I haven't gotten any phone solicitations since.

                    I don't think laws against spam would be effective though. For one thing, calling people costs money, so you have to be a somewhat reputable business to engage in phone solicitations. Secondly, as I mentioned earlier, telephone calls are by their very nature easy to trace. Email is not.

                    • It could also be done quite easily using a website.

                      that's an interesting solution.

                      hehe I just expanded the idea to sending HTML email with a form to fill in to send info back!

                      nooooooo
    • This is saying that cars are broken because there are car theifs.


      SPAM will stop when SPAMMERS are jailed and bankrupted!


      If you track down a few spammers, get large judgments against them, and take their houses, they may realize spamming is not cheap.

      • This is saying that cars are broken because there are car theifs.

        No it's like saying that cars are broken because the doors don't lock.

        SPAM will stop when SPAMMERS are jailed and bankrupted!

        No it won't. No law will stop spam. You have to lock the doors first.

        If you track down a few spammers, get large judgments against them, and take their houses, they may realize spamming is not cheap.

        Nor is tracking down spammers and getting judgements against them. Spammers are stupid. Do you think they're actually raking in the money from their "Enlarge your penis" ads? No. They're stupid idiots trying to make a quick buck the easy way.

      • This is saying that cars are broken because there are car theifs.

        And saying that we shouldn't fix obvious problems with the current mail system is like saying that there's no need to install locks, because theft is caused by criminals and not lack of adequate safeguards. If you want to fix a problem rather than simply assign blame, you can't work on just one side of the problem. You have to address every part, or at least as many parts of the problem as you can.

        It's true that there would be no spam if there were no spammers. It's also true that there would be much less spam if it weren't so easy to send. Addressing the technical issues may actually be easier than the legal ones just because of the difficulties of legal jurisdiction, difficulty in getting legislation passed, etc.

        • Set up stocks for spammers in major cities.


          The spammers get 1 minute for each spam that they send (up to 2 weeks).


          Then people can purchase rotten produce to throw at them. This provides punishment, entertainment, and a source of funds for the cities.

    • Spam is a social problem - not a technical problem.
      You can implement all the technical measures you want and it won't stop spam. Granted there are some technical measures that exist that will help such as eliminating open relays, but spammers just change their methods to get spam through.

      A good analogy would be to tell a woman that she can expect to get raped and have no legal recourse. She can wear a chastity belt, but that's just a weak technical measure that a determined rapist will get around. So shall we require all our women to wear titanium suits to protect themselves and go through all the pain and hassles that go along with it? Doesn't this sound stupid as hell?

      You need to educate that it's morally wrong to cost shift advertizing onto others, and have legal means to go after those who spam. An international "known spam offender" database can help ISP's stop selling access to those who flaunt the law.

      Back to the main topic, Telstra is probably having problems because people block 211.*.*.* which is mostly asian / china. A small part is allocated to Australia. This MAY be what is going on...
      • Spam is a social problem - not a technical problem. You can implement all the technical measures you want and it won't stop spam.
        I use spamassassin, use my real email address freely in newsgroups and on public mailing lists, and I get about one spam a week. It's that effective.

        If it's not a technical problem, it's damned close.

      • A good analogy would be to tell a woman that she can expect to get raped and have no legal recourse.

        Actually, that's a terrible analogy.

        But you know what. I've changed my opinion. I hope they do pass a spam law. Just so everyone can see that it won't do a single bit to stop spam. And then I can say "I told you so".

        • Glad you explained WHY it's a bad analogy. Kinda like the "because I said so" response.

          It's rape because you are violated. Nobody want's spam. It's forced upon you. It frequently offends you. You are forced to pay for it either directly or indirectly in higher ISP prices, lower email server performance, your time dealing with it, etc.

          The chastity belt is akin to block lists / filtering software. They are a pain where legit email can get blocked and some spam still gets through. It's something YOU have to deal with because of the lack of morals of someone else.

          Since there is no law, we have no recourse. I want recourse. I KNOW it won't stop all spam, but at the current rate that it is increasing, email will be unusable in 2 years. In the past 6 months I've logged a 10 times increase in spam.

          There are those that think that we should just change the email protocol. When should we do this? How long of grace period do we let old email work? 2 years? Look how fast IPv6 is being implemented...

          To suggest that we can implement a new secure email protocol in less than several years shows a major lack of understanding of business, economics, IT infrastructure, etc.

          • Glad you explained WHY it's a bad analogy.

            It's not worth wasting my time explaining why. Being raped and receiving spam are two completely different things.

            • Spam is the internet's version of rape. It's an ANALOGY [m-w.com], and a DAMN good one which is why you can't come up with a rebutal to it. Of COURSE "rape" and "spam" are different. They also share similar characteristics which I have explained in detail.

              • Reading your replies is the internet's version of rape. Nobody wants your replies. They're forced upon us. They frequently offend us. We are forced to pay for it either directly or indirectly in higher slashdot subscription, bigger fucking ads, lower slashdot performance, your time dealing with it, etc.

                The chastity belt is akin to slashdot's karma system. It is a pain where legit posts can get blocked and some shit like what you post still gets through. It's something WE have to deal with because of the lack of morals of YOU.

                Since there is no law, we have no recourse. I want recourse. I KNOW it won't stop all stupid idiotic posts, but at the current rate that it is increasing, slashdot will be unusable in 2 years. In the past 6 months I've logged a 10 times increase in idiot posts.

                There are those that think that we should just improve the karma system. When should we do this? How long of grace period do we let the old karma system work? 2 years? Look how fast IPv6 is being implemented...

                To suggest that we can implement a new secure karma system in less than several years shows a major lack of understanding of business, economics, IT infrastructure, etc.

              • Spam is the internet's version of rape.
                Bullshit. You have obviously never been raped. At worst, spam is a milder form of sexual assault. A grope in the subway, or an indecent and unwelcome proposition from a shady character. "Rape" would be reserved for somebody cracking your firewall.

                Let's keep the hyperbole down to something reasonable, shall we?

    • A system like passport

      How is a system like passport going to stop mail? You lost me totally when you made that statement. As for the referances to the current SMTP system being the issue I would have to say I DISAGREE, you are blaming a system for its abuse, stop the abusers, don't change the system. Enact laws to prohibit spammers, just like states have enacted laws to curtail phone solicitaion. Once it becomes unprofitable to send spam, via legislation to control or outlaw it, SPAM will slowly stop.

      • Once it becomes unprofitable to send spam, via legislation to control or outlaw it, SPAM will slowly stop.

        It already is unprofitable to send spam. There already are laws against sending spam. Nothing has changed.

        In any case, it doesn't change the fact that email is broken.

        • Where are there laws against spam? I belive there is some minor state level legislation in Oregon or Washington or something? But nothing national and nothing that outlaws it outright. If you can site some actuall laws I might agree with you. But just says there are laws and we need passport doesn't make it so.

          As for examples of what I am talking about, I live in Texas which resently enacted an "Opt out telemarketing" approach, basically for a couple bucks you can get on a state conrtolled "do not call list" which ALL telemarketers are required to buy, if they call you and you are on the list, they get like a 500 dollar fine, suffice to say I used to get several calls a day, now I get NONE!!! We just need to do the same for spam, and I know for a fact that no similar law exists for spam.

          • Where are there laws against spam? I belive there is some minor state level legislation in Oregon or Washington or something?

            Here [spamlaws.com]'s a list. There are also laws against trademark infringement (which many spammers engage in), trespass to chattel (which many ISPs could use against certain methods of spamming), ponzi schemes (I still get a lot of those), etc. I currently have a spammer using my email address as the From address in his/her spams. So I get all the bounces, not to mention many of the angry complaints. That's clearly illegal, as it is trespass to chattel at the very least (probably many other laws). But I don't have the money to sue them in court, and you can't sue John Does in small claims court, and you can't even begin investigating who the spammer is without a subpeona. Then on top of that, they're probably using computers outside the U.S. jurisdiction anyway. I really don't think laws are going to help. But at this point I'm willing to let the government waste my tax money trying. Then maybe after a few years of that failure we can start spending our time and efforts on solutions which will actually fix the problem.

            But just says there are laws and we need passport doesn't make it so.

            Wait a second... We don't need passport. Passport is a bad implementation. It's a horrible implementation. But we do need a better way to sign up for things over the web. We shouldn't be using email addresses as a unique identifier for people. It's just not a good solution.

            As for examples of what I am talking about, I live in Texas which resently enacted an "Opt out telemarketing" approach, basically for a couple bucks you can get on a state conrtolled "do not call list" which ALL telemarketers are required to buy, if they call you and you are on the list, they get like a 500 dollar fine, suffice to say I used to get several calls a day, now I get NONE!!!

            I've explained this in another one of my posts, but I'll briefly get into it again. These laws work for telephone calls because it's easy to trace telephone calls. They won't work for email because it's very difficult and expensive (and in many cases impossible) to trace email. Most of my spam doesn't come from legitimate companies. Next time I get a chance I'll go through my mail and put up a website with statistics on exactly where my spam does come from.

            • It doesn't take a rocket scientist to trace back a spammer, where is it coming from? There really aren't too many blind relays left so unless there is one of those puppies involved and the spam is fresh it is a simple matter of tracing back IP's. If that isn't good enough and you are getting an in ordinate amount of mail, either change emails (sure it isn't fair, but what can you do), do you own the domain that is getting spammed? how is your sendmail setup configed?

              As for needing money to sue, you really don't, you can go to court without a huge lawyer, you just need to follwo protocol, there are many books on representing yourself in court.

              Most spam doesn't come from things you sign up for either, most spammers (not all) scrap the web, news groups, buy lists etc etc etc etc.

              On a final note, this is how I handle spam:

              1. I own my own domain which I have funneled into another email account I don't give out, all email not matter what address gets funneled.
              2. I have my own mail server, locked down all nice so it can't be a spam box, and to further prevent that I monitor the logs and such (admin 101 type stuff).
              3. when it comes to signing up for things I enter an email of siteIamsigningupfor@mydomain.com, so if and when I get spam I know who sold my info and I either A: email them and get rectification, B: if they don't work with me I block that address in my sendmail config
              4. I have found most spam doesn't come from sites I have signed up from, it is randmly dumped on domains, or it is from email addresses I have used on websites or within usenet.

              In conclustion, at least from my experiance, passport really wouldn't help, since the majority of my spam doesn't come from sites I have signed up from.

              • It doesn't take a rocket scientist to trace back a spammer, where is it coming from?

                To an IP address, sure, but how does that help me? You can't sue an IP address.

                If that isn't good enough and you are getting an in ordinate amount of mail, either change emails (sure it isn't fair, but what can you do), do you own the domain that is getting spammed?

                To use someone else's analogy (which I don't agree with), that's like asking a rape victim to stop walking down a certain street.

                As for needing money to sue, you really don't, you can go to court without a huge lawyer, you just need to follwo protocol, there are many books on representing yourself in court.

                If you know of any books on obtaining a subpeona when suing a John Doe defendant, let me know. I've looked around on the internet and the library, but I couldn't find anything.

                In conclustion, at least from my experiance, passport really wouldn't help, since the majority of my spam doesn't come from sites I have signed up from.

                First of all, let me reiterate that I don't think passport is a good thing. I just think it attempts to solve a problem which is useful to solve.

                In any case, I do the same thing as you do (although I've been forced to block postmaster@ and abuse@ since I get hundreds of viruses, spam, and people complaining about the idiot who put my domain in the from address every day. But my point about passport is that passport allows this to be done by the masses, without owning a domain name, and without maintaining allow/block lists. You just set up one email address once, get yourself authenticated, and never check that email account again.

                In any case, I think you misunderstood me. I'm not complaining about spam. I was simply pointing out that laws against spam are not effective.

                • I guess my point is there aren't really any true "Anti-Spam" laws, there are ones that dance around the topic, but nothing that comes out and says that if you send unsolicited email then you are liable for something. Maybe you are right and maybe that woldn't even be effective.

                  As for getting the IP, you can go back to the ISP and work with them, if that doesn't work you initiate action against the ISP (if they are unwilling to help or stop). Where is the spam you are getting coming from? Is the person still using your domain? Have you kept track of the time and server resources it has cost you? What type of communications have you had with the offending ISP's?, I don't mean emails, have you written any letters? (since for the most part leagally emails mean nothing, though I am not a lawyer, that is just what a friend who is a lawyer has told me).
      • Where are there laws against spam? I belive there is some minor state level legislation in Oregon or Washington or something? But nothing national and nothing that outlaws it outright. If you can site some actuall laws I might agree with you. But just says there are laws and we need passport doesn't make it so.

        As for laws and other type of spam (ie telemarketing), I live in Texas which resently enacted an "Opt out telemarketing" approach, basically for a couple bucks you can get on a do not call list which ALL telemarketers are required to buy, if they call you and you are on the list, they get like a 500 dollar fine, suffice to say I used to get several calls a day, now I get NONE!!! We just need to do the same for spam, and I know for a fact that no similar law exists for spam.
  • Given the lack of technical details in the article, it's a bit difficult to see who's in the wrong. The customer in question was a DSL customer, which is essentially a glorified "always-on" dial-up account, not a leased line equivalent, and as such it's quite possible that the IP space was on a DUL blocklist, rather than an open relay blocklist. So, putting two and two together, if Telsta has designated a series of class C IP blocks for use with DSL with ARIN, it's quite likely that these would find their way into a DUL list before they are assigned to an actual user. Of course, that might just be a "2+2=5" scenario.
    • My cable IP address is in the DUL, and it's moderatly annoying, especially since other IPs in the same pool are not. In any case, isn't the point of the DUL to stop people from using throwaway accounts? It's not nearly as trivial to get a working cable or DSL account as it is to sign up with Yet Another Dialup Provider with Yet Another Credit Card. So what exactly is the rational for blocking these addresses?
      • From the large installation sysadmin point of view, cablemodems are like dialups, only faster. It's is virtually universal that cable IPs (and a growing number of DSL IPs) are handed out dynamically. That doesn't mean that they change frequently (some don't change for months.) Because of this, it's standard practice to to treat them like dial-up IPs. It's also a frequent problem that home machine are not secured very well, frequently running open relays and proxies. The concensus is that people on dynamic addresses should use their ISP's mail servers.

        I'm not saying that I 100% agree with this, just relaying the views of several people I know that run block lists such as MAPS, Orbs, etc.
    • DSL/Cable Lines are not put in DULs because you gotta give out your address to get the line, and they take a while to get set up. They are used for spam much less often.

  • Telstra, at least some time back . . . (Score:3, Informative)

    by vegetablespork ( 575101 ) <vegetablespork@gmail.com> on Wednesday May 15, 2002 @08:29AM (#3522946) Homepage
    . . . was notorious for hosting spamvertised sites. Spammers would make a spam run on a throwaway account, while their make money fast, penis enlargement, multilevel marketing, or what have you site safely operated in Telstra's IP space.

    Writing to Telstra would get you an auto-ignore saying that the spam didn't originate from Telstra, and thus they would do nothing. If they still operate this way, they have it coming, and it serves them right.

  • For many years, Telstra allowed Email and News spamming from within their address space, because they would only take action on abuse originating from their own machines.

    You could set up a news spew on one of their ISDN links, or misconfigure Exchange and leave it accepting external connections, and Telstra would shrug and say "Not our problem"

    Telstra has been listed by ORBS and MAPS in the a few times in the past, so I'm not the least bit suprised at a little bit of pre-emptive defense.

  • An idea (Score:2, Interesting)

    by NorthDude ( 560769 )
    It mith be stupid, but here it is...
    My idea is that emails protocols should not be replaced, they shoul be enhanced to support identification of the sender.
    When someone knocks on your door, you look at who it is before letting them enter your house, no?

    So a standard could be put in place which would enable you to filter the sender at the relay level instead of in your mail box. Well known address from you would be allowed to enter your mail box freely, while other one would have to identified themself well before being allowed. Just like when a rep of some phone company ring at my door, they have to identify themself well, and then, only then, if I'm interested in what they have to say, I let them enter. (Which is never the case hehe). So email protocols would need to be added a very complete identification section. There is no obligation to fill it for sure, but if you don't, people can always filter you out at the source. Once this ID is filtered out, it is put on your "black list". Then, when you connect to your mail server, it would send you the ID's of all the mail they have for you, and you would send them back a list of the emails you want to reject. This way, you get only what you want, and you save bandwith on unwanted spam. Am I crazy, or is it possible anytime?
    • If you run a sendmail [sendmail.org] server, you can block anyone / anything you want, and you can use some pretty strong authentication methods - strong enough to be sure you know who you're talking to.

      Unfortunately, that's not the whole solution to the problem; while it works fine for businesses, it doesn't scale to large ISPs that have the moral fiber of two-dollar whores. Telestra is not alone in being willing to do anything for a couple bucks, and how would an ISP know who you want (or don't want) to talk to anyway?
      • I've explained it in my previous post. The burden of kipping the "blak list", would be on the client side. The mail server which belongs to the ISP would only retreive your list and then decide if they send you a specific mail or not.
    • Problem is that spammer won't fill it in with related info. Look at how many spam msgs you get with a subject line that pretends they are replying to a message that you sent etc.


      Basically the only people who will put in anything that would help would be the ones you don't need to block.

      • So, it would work. If the spamers sending you the unrequested email aren't filling proper informations, you can already filter them out, without having to receive one before. When creating a mail account, or 10 or even 1000, they should (optionally) ask for specific informations, which could create you a key or somehing like it. Then, people could filter mail based on: if the info is there or not (they could actually want spam ?!?), then, filter on other identification which could be in there. If they ever receives an email (it passes first filter set) then they just add the sender's signature to their black list. Next time you connect to your Pop3(.5) account, before sending you the msg, the server sends you only minimal identification for every mail(much less bandwith then the whole msg). And your client app. automatically accept or reject wanted/unwanted emails.

        So, my point is exactly that, those who will enter those information are the legitimate ones, and I could accept only those, not the other way around...
        • Sorry, don't think I understood clearly or expressed myself clearly the first time.

          To make sure I understand what you're saying:
          someone would send you an email, which would arrive at your inbox at your ISP. You would then connect to it with your email client and it would send you just the headers(which would include additional identification information about the user who sent it, say name, maybe their address, and some key generated when they created the account). You could then (delete/blacklist/allow/whitelist) based on this info.

          I think the problem is that spammers will enter the required identification information (but probably not their own details). For example if I tell an ISP my name is Steve Williams (it's not) and I live at 405 Murray Hill Parkway NJ 07073 (I don't) and they use these details to create my account and generate a key. What will you do if a msg comes in saying that this person at this address with this ident key(and any other identification that I have lied about) has sent you an email?

          Most ISP's will cancel the account for spamming, so they create a new account, with new details, get a new ID key and go again.

          I would think that most of the emails coming in without the identification fields filled in would not really be the spammers, but people who were with an ISP that didn't care enough about spam to upgrade their systems(although ISP's like that tend to be the spammers favourites).

          It would cut some of the bandwidth being used, since not every spam would be so hard to pick out, you'd be able to delete all the horny teens and penis enlargement, but others you may not be so sure about and will want to look at to make sure, and it still means that you are dealing with each msg even if you don't have to download them.

          • You are right, but it all depends on how hard it is to create fake email addresses. Maybe if the system is rigourous enough, it could be done. But well, I'm not a specialist in this field :)

            Thanks for taking time to reply!

    • The latest versions of sendmail already have this enabled by default, with an MSA (Message Submission Agent) listening on port 587, as defined in RFC 2476. Now if only client programs would start allowing the use of it, ugly hacks like having to change your mail server depending on what network you're connected through, or else the ISP having to run the even uglier hack to have SMTP only allow connections from someone who has authenticated through POP recently, could be eliminated. Then SMTP servers could block messages with return addresses that don't match the server it is coming from. It wouldn't be perfect, of course, but it would help with accountability and probably make it easier to block the right servers without affecting innocent ones.

  • I am currently trying to get a couple of my mail servers off of the SPEWS list. My ISP terminated an offending spammer customer of theirs at least 6 weeks ago. 4 weeks ago a HUGE address block of their space (including my servers) was placed on the SPEWS list due to this spammer. My ISP has been trying to get the block (and me) delisted for a MONTH with no success.

    The only thing they have been able to do is offer to move me to another IP range on their network. Or I could find a new ISP. At any rate, it has cost me quite a lot of $$/time to try and remedy the situation- it should not be this difficult.

    How long does it usually take to get off the SPEWS list? Especially if you were put there wrongly in the first place.
    • How long does it usually take to get off the SPEWS list? Especially if you were put there wrongly in the first place.
      Welcome to Hell. You'll be released from the SPEWS list as soon as your sentence here in Hell is complete. Like everyone else in SPEWS^h^h^h^h^hHell, your sentence is Eternity.

  • Telstra is a blackhat and some DNS blacklists will list every Telstra netblock until they get their shit together. I personally don't wait for a large DNS blacklist to list spam-supporting ISPs. I blacklist them on my MTAs myself. Broadwing is my favorite example of this in action. I've blacklisted every single IP they own. I blacklisted /19s or bigger at a time and didn't hesitate doing it. If my experiences with Telstra become similar, I'll do the same to them. I choose not to communicate with spam-supporters. Sometimes listing an entire provider is the only way to make them extract their heads from their asses (which happen to be so far up there that the lumps in their throats are their noses). Pressure from their customers is the only way to affect them.
  • Idea
    1. Have a government sponsored nospam server that will keep a list of emails to opt out of any sort of advertising campaign.
    2. When a company wishes to send out a mass email campaign, it first sends a secure authorization to this nospam server.
    3. The user enters in the emails in which it is sending the agreement. If any of the emails match the nospam list, it therefore does not send email to the person on the list.
    4. Opt-In email: If the user chooses to opt in for a particular service/email. A sample of the person's DNA will be taken. The md5sum of the sequences will be compared to the md5sum stored on file at a secret government location, where other human tissue samples are stored. If the md5sum on file is a match, the company is then allowed to send the person and email.
    Issues
    1. What if the company obtains the md5sum from someone other than you? That's easy. All you have to do is change your genetic sequencing and submit a new copy of your DNA to the government! This way, when the government tries to clone you, they will be cloning a correct copy of you as well.
    2. What if you don't want to be on the company's mailing list anymore? In that case, you download the source to the database that they're using (mysql or postgres). Find a security hole, and log in as root to the database. Delete your record from the database. Do other people a favor and wipe out their records.
      Alternate Plan: Get 20 of your friends and hire Kevin Mitnick [everything2.com] to wipe out the database for you.
    3. What if the spammer is from a country outside the jursidiction of the nospam policy? That's easy too.
      1. Go onto Yahoo Games.
      2. Go into the chess spot
      3. Go into room #defcon
      4. Say that you would rather play Global Thermonuclear War.
      5. Spoof nuclear missles launching from the country of your choice.
      6. Repeat spoofing of missles from countries where other spam messages you receive originate from.
      You could also form a world government specifically for the purpose of stopping spam, but then that's kind of like going through the horse's ass to reach its mouth. :)
    Conclusion My bill is currently being argued in front of the Senate by the remaining members of Monty Python, who in a high pitched voice complain to the congressmen that they "don't like spam".

    Whether it passes the Senate after seeing 5 men dressed as either Vikings or Women is anyone's guess.

Slashdot Top Deals

Can anything be sadder than work left unfinished? Yes, work never begun.

Close