Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam The Internet Your Rights Online

Anti-Spammers DDoSed Out Of Existence 677

Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"
This discussion has been archived. No new comments can be posted.

Anti-Spammers DDoSed Out Of Existence

Comments Filter:
  • by ansak ( 80421 ) on Wednesday September 24, 2003 @11:02AM (#7044729) Homepage Journal
    Is there a way to use the technology behind distributed.net or SETI@Home for this kind of application?

    just wondering...ank
    • You mean creating a distributed RBL list? That might work and would alleviate some of the problems with DDOS attacks, but Distributed.net and SETI@Home technologies are really designed for distributed _processing_, and RBLs are just not that processer intensive. I suspect that we will start seeing more distributed RBL type lists in the future though, it's about the only defense one has against massive zombie based DDOS attacks.
      • by ansak ( 80421 ) on Wednesday September 24, 2003 @11:13AM (#7044859) Homepage Journal
        Yeah. I thought it was restricted to calculation, but perhaps there's something in the way of thinking that got us to distributed.net and SETI@Home that could help us get a distributed RBL (dare I say, "DRBL"?).

        How about a DNS name that resolves to one of 20 (50? 100? 1000?) different machines all of which are kept synchronized between themselves with RBL lists. Anyone who asks for RBL information, gets any one of the machines in the cluster. Including the DDOSers. How many machines can they DDOS simultaneously? (that's why I kept cranking up that number in the first parentheses) Not all of them, I hope, but the way to find out is to build up a DRBLnet. There has to be a positive use for all those Linux/BSD boxes attached to DSL and cable lines :).

        Then if the RBL-client side is modified so that if it doesn't get a response very quickly it asks again (probably getting a machine that isn't currently being attacked...).

        just spouting ideas...ank
        • by Camulus ( 578128 ) on Wednesday September 24, 2003 @11:29AM (#7045052) Journal
          They wouldn't have to dos all of the thousands of machines. All they would have to do is DOS what ever is doing the redirecting. Remember when Microsoft.com was taken down a year or two ago? The script kiddiots took down the router that was the only path way to Microsofts DNS servers. You would have to build a really robust network with all kinds of redundancy. While it is possible you could make something that could with stand most DOS's, it would cost an ass load (even with people volunteering mirrors), which is still a big problem.
    • Excellent idea! (Score:5, Interesting)

      by DukeyToo ( 681226 ) on Wednesday September 24, 2003 @11:12AM (#7044849) Homepage
      Thats actually an *excellent* idea. Not really SETI@Home though, more like peer 2 peer technology.

      Why not kill 2 birds with one stone - promote a valid use of p2p, which removes some of the RIAA threat, while simultaneously frustrating spammers.
      • Re:Excellent idea! (Score:5, Insightful)

        by dasmegabyte ( 267018 ) <das@OHNOWHATSTHISdasmegabyte.org> on Wednesday September 24, 2003 @01:01PM (#7046434) Homepage Journal
        Well, the problem here is again one of trust. In many ways, an untrusted P2P spam blocklist would be easier to invalidate...all spammers have to do is access the P2P net and start spewing out BS and the whole list becomes worthless.

        And then there's the nuisance factor...script kiddies chucking up their enemys' domains as spammers, adding aol.com, etc.

        In order to establish trust, you'd have to have one of two things: 1) a trust authenticator, which is a central organization which can be shut down using DDOS and invalidated or 2) a web of trust, requiring admins to opt in to certain zone administrators' records, which would take quite a bit of time and would be very fallible.

        Neither is that great an idea.

        What IS a good idea is a distributed network of blocklists not like Kazaa, but like an IRC network or DNS. Trusted submitters are given powers like unto moderators to push information to a core set of servers, from which other servers pull their spam blocklists.

        We could do this now, using the server mirroring system that already exists for things like Linux kernels. Hell, we could even maintain versioning, to back off mistakenly blacklisted domains.

        Of course, the best idea will always be not to publish your email address and to guard it like a hawk. I get maybe 5 spam emails per day and that doesn't bother me at all.
      • Distributing an RBL list is the easy part. There are a variety of methods in place that can provide sufficient reliability and are sufficiently anonymous or difficult to attack,
        such as Usenet and Freenet and Gnutella and probably Kazaa, and it's not too hard to develop efficient data formats for baseline and incremental update and detail records (easier for IPv4 blocking than IPv6 :-), and you can use PGP or other digital signatures to protect the integrity of the transmission. A Simple Matter of Program
    • by Anonymous Coward
      I would like to see a Kazaa-like service whereby people can choose to mirror a site (or page or resource) and the site itself becomes distributed among many locations, accessed by using a Kazaa-like browser client. It'd be a nice thing and stop a lot of this stuff from happening. Sure, I can see people using it for bad things too, but as a system, or a concept, it stands up for itself.

      If you can have distributed attackers, why not distributed targets?
  • See guys, (Score:3, Funny)

    by Trigun ( 685027 ) <evil&evilempire,ath,cx> on Wednesday September 24, 2003 @11:03AM (#7044742)
    Vigilante Justice does work!

  • by Nintendork ( 411169 ) on Wednesday September 24, 2003 @11:05AM (#7044750) Homepage
    So, when will we see a distributed RBL that can stand up to distributed attacks?

    I'd never even hear of the two sites that closed down. Personally, I use Spamcop's DNSBL [spamcop.net], DSBL [dsbl.org], and ORDB [ordb.org].

    -Lucas

    • Yeah, but look at OpenRBL [openrbl.org], DSBL references them..

    • by frankie ( 91710 ) on Wednesday September 24, 2003 @11:20AM (#7044947) Journal
      SpamCop is currently alive [google.com], but Julian had to blow a bunch of cash on upgraded servers after getting knocked down a couple months ago. Pretty much every site which offers any sort of blocklist has had several months of continuous DDoS [pcworld.com].
      • by gorbachev ( 512743 ) on Wednesday September 24, 2003 @12:31PM (#7046039) Homepage
        It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.

        The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.

        And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.

        And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.

        Nice going.

        It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.

        Proletariat of the world, unite to kill spammers
        • by irc.goatse.cx troll ( 593289 ) on Wednesday September 24, 2003 @01:21PM (#7046717) Journal
          "And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue."

          Uh, No.

          RoadRunner here in austin is now blocking spoofed packets, I'm sure they arnt the only one.
          Most big name bandwidth providers are now rate limiting icmp.

          Before anyone cries about this not being enough, I never said it was, I'm just arguing that they are doing something.

          I'd rather they do too little than too much, and everyone here(slashdot, specificly your rights online section) should feel the same way. Which would you rather have, DDoS kiddies or every isp limiting you to port80 connections that arnt allowed to stay open longer than a minute and no more than 5 connections/min allowed?

          Give us the choice and let the few abuse it and the many enjoy it.
          • I'm kinda wondering, if I, as a lowly cable modem user, can easily identify hundreds (if not thousands, I haven't completely gone through my firewall logs) of zombies on the same netblock I'm on (68.0.0.0/8).

            But the ISPs on that netblock (Cox, Charter, Bellsouth, Adelphia, Verizon, et.al.) can not.

            You should see my firewall logs...day after day, the same IPs from the same ISPs are hammering me. It is CLEAR nothing's being done.

            Proletariat of the world, unite to kill spammers
  • by Matey-O ( 518004 ) * <michaeljohnmiller@mSPAMsSPAMnSPAM.com> on Wednesday September 24, 2003 @11:05AM (#7044754) Homepage Journal
    Distributed, hidden, can't tell who registerd the file...freenet could fulfill the 'DDOS tolerant' needs here.
    • by Mr Bill ( 21249 ) on Wednesday September 24, 2003 @11:21AM (#7044960)
      And you would trust this file enough to block email based on it's contents??? Accountability is the biggest problem with RBLs, and moving it to a completely anonymous system would loose the last level of trust that they currently have...
      • by lx805 ( 701970 ) on Wednesday September 24, 2003 @11:40AM (#7045197)
        And you would trust this file enough to block email based on it's contents??? Accountability is the biggest problem with RBLs, and moving it to a completely anonymous system would loose the last level of trust that they currently have...

        If you don't trust it, don't use it.

        Why is this concept so damn hard for people to understand? These lists are VOLUNTARY. Mail server admins are not forced to use them. They CHOOSE to use them because they are EFFECTIVE.

        Your arguement about putting these lists on freenet hold no water. There's no way these files would go online without a PGP signature, and people downloading them would be stupid not to verify that signature. So long as you trust the signer, you're fine. If you don't trust the signer, don't use the file.

        The distribution of the files can be completely automated to the point where an automated script can download the file, verify the signature, and load the contents of the file into a locally running DNS server (I'll even be so bold as to suggest rbldns, which comes with the djbdns distribution). The distribution network would be all but impervious to denial of service, since the only way to bring it down would be to DDoS anything running the freenet client.

        Funny how people conveniently forget about these little details when it doesn't suit their arguement...
        • by Mr Bill ( 21249 ) on Wednesday September 24, 2003 @12:02PM (#7045632)
          Good point, but if it is signed, then it is not anonymous is it. But you are correct that this would be much harder to DDOS if signed files were released in this way.

          By the way, I don't have any beef with RBL lists. But I have a big problem with ISPs using these lists to reject mail. They should be used by end users, or perhaps by a mailadmin to reject mail to an entire domain. Or they should be used to mark mail as possibly being spam.

          ISPs that use these lists to reject mail are being irresponsible, and are most likely doing it without the knowledge of their users. One false positive that gets dropped is one too many when your users don't know it is happening.

          • Good point, but if it is signed, then it is not anonymous is it.

            It doesn't need to be anonymous, just available. SpamCop isn't anonymous. Spamhaus isn't anonymous. SPEWS is anonymous, but they probably don't need to be, and they already have someone who is *NOT* anonymous distributing their lists via PGP signed e-mail (see http://groups.yahoo.com/group/spews [yahoo.com]).

            ISPs that use these lists to reject mail are being irresponsible, and are most likely doing it without the knowledge of their users. One false
            • ...ISPs *maybe* should offer [spam filtering] as an option, but shouldn't filter by default...

              Now there I disagree. It think it should be on by default, but with an easy way to turn it off, and the customer should be informed. Why? Simple, spammers spam because it is profitable. It is profitable because a small fraction of a percentage of lusers are stupid enough to send money for whatever product is being pitched. Those that are stupid enough to buy said products will probably not be able to figur

      • sahalx partially replied to your point but to someone not already familiar with Freenet I'm not sure they'll understand why (s)he's right.

        And you would trust this file enough to block email based on it's contents??? Accountability is the biggest problem with RBLs, and moving it to a completely anonymous system would loose the last level of trust that they currently have...

        Freenet is not a "completely anonymous system" in the sense you seem to be using it. While you can not trace a file back to the owner
    • Hardly. Freenet, in its currently incarnation, would be nearly trivial to DDOS out of existance.

      Performance and robustness was evidently Waaaaaay down on the list of immediate goals for freenet.

      I like the idea of freenet, but its got along way to go before it can withstand any kind of intelligent attack.
  • probable cause (Score:5, Insightful)

    by poison_reverse ( 647609 ) on Wednesday September 24, 2003 @11:05AM (#7044756)
    why cant the goddamn authorities tie in motive with these attacks and go after the spammers who are obviously promoting/funding these attacks?
  • by BJZQ8 ( 644168 ) on Wednesday September 24, 2003 @11:07AM (#7044780) Homepage Journal
    If you read his notice, you'll observe that his biggest beef is that he got no support from any of the big ISP's that probably used his services anyway. The /. blurb is right...until there is some sort of distributed, un-DDOS-able method of tracking spammers and their ever-rotating servers, we will continue to be blanketed with spam. By the way, has anyone noticed a particular surge in spam just today? I've gotten dozens of very similar messages in just the past three hours.
    • ANOTHER problem (Score:5, Insightful)

      by Nijika ( 525558 ) on Wednesday September 24, 2003 @11:16AM (#7044889) Homepage Journal
      And this is a huge one. I've dealt with DDoS attacks in the past, large scale ones like the ones that hurt the anti-spam lists.

      A lot, if not the vast majority of infected zombie attackers out there are located in asia pacific. Trying to track down the responsible admin, and then trying to get a response is -near impossible-. Language barriers, general apathy, it's all there. On top of that a lot of hosts in Korea have awesome pipe.

      Seriously, people keep bandying about the idea of using freenet for distribution of blackhole lists, but it's probably absolutely THE best solution to the problems we're facing. The ISPs can only do so much, and when the lists are distributed from a central, known source.. well, we've seen the results of this.

      I suggest one of us take up the cause of creating this freenet distribution system. It could revolutionize the way trusted data is passed if it works successfully for an RBL. I'd do it myself, but I'm beyond short of time, and brains for that matter :)

      • It could revolutionize the way trusted data is passed if it works successfully for an RBL. I'd do it myself, but I'm beyond short of time, and brains for that matter :)

        You're not short of time; creating the system you describe (assuming good client software) hardly takes longer then typing your post did.
        1. Download, install, and run Freenet.
        2. Download and install fcptools [sourceforge.net].
        3. Instead of having your RBL list sourced from the HTTP net, have the RBL-client download the list periodically by running a quick invocati
  • by emacnabber ( 682085 ) on Wednesday September 24, 2003 @11:07AM (#7044781)
    ... atleast they didn't blow up blow up [byu.edu] their servers.
  • by dspyder ( 563303 ) on Wednesday September 24, 2003 @11:07AM (#7044784)
    I'm a big advocate for as few (i.e. none) false positives as possible. I consider them way more dangerous than a false negative.... but used in moderation, these services are quite effective in reducting a large number of spam.

    Using a spamtrap that using weighted scoring, like SpamAssassin or the like, you can use the data they provide combined with your other heuristics (and whitelists and bayes) to provide a much more accurate view of the overall picture.

    --D
  • by sixteenraisins ( 67316 ) <tomorrowsconsonant.yahoo@com> on Wednesday September 24, 2003 @11:08AM (#7044796)
    From Article II: "A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed."

    Are we now supposed to "take up arms" against the SPAMmers ourselves?

    William
  • massive Joe jobs? (Score:2, Insightful)

    by MacBrave ( 247640 )
    What exactly is a 'massive Joe job'?

    • Re:massive Joe jobs? (Score:4, Informative)

      by beady ( 710116 ) on Wednesday September 24, 2003 @11:11AM (#7044835)
      A Joe Job is where some unsuspecting innocents email is placed as the "from" address in the email headers. Headaches ensue
    • Re:massive Joe jobs? (Score:5, Informative)

      by Rogerborg ( 306625 ) on Wednesday September 24, 2003 @11:23AM (#7044985) Homepage
      Where your send email purporting to be from someone else [techtv.com], or in this case when spammers send spam purporting to be from the anti-spam orgs. SMTP servers don't validate the From: field, you can put anything in there. Most lusers and a shocking number of clueless sysadmins don't realise this.
    • by annielaurie ( 257735 ) <annekmadison@hotmai[ ]om ['l.c' in gap]> on Wednesday September 24, 2003 @11:45AM (#7045297) Journal
      Not to be overly-dramatic, but when it happens to you it's a nightmare and one of the blackest pits you can imagine.

      Think of spending all your time, energy, heart and soul developing a business (or organization), providing for it, gaining credibility and referrals, making a name and niche for yourself, however small. Imagine you're attempting to support and educate a family via that business.

      Now imagine it all wiped away with no thought at all by anonymous monsters of greed.

      That's precisely what happened to me. I'm actually not illiterate. I exercised care in building my site, selecting a host for it, making sure it ran Linux :), and installing such watchdogs and filters as I could. I cultivated good relations with the folks who supported the server. I did all I could, short of purchasing a server for myself, which I could never have afforded.

      Then I made the mistake of becoming ill. Over Christmas I spent six days in the hospital, and when I came home, a corresponding several days downstairs. They struck during that time. I returned to hundreds and hundreds of bounced messages, angry complaints, bitch-outs, whatever.

      A call to the tech support people actually put a stop to the whole thing rather quickly. The spammers were using Sprint, and apparently Sprint lacks tolerance for these issues. I wrote to each and every person who'd bitched, swallowed my pride and explained who I was and what had happened. Some wrote back.

      On the practical side, I have now a trusted friend who will look after things for me if I ever become ill again, and I will do the same for him. In fact the two of us may lease a server from a reputable company. That's a huge cost, but it may well be worth it.

      On the emotional or impractical side, even eight months later I have an enormous amount of anger. Anger is often un-helpful, but I entertain visions of finding ways to inujure these people (not physically or by violence, but in their ability to do this). I visualize them financially ruined, humiliated in public, hounded out of their neighborhoods. I visualize attacks on their servers. That's all quite counterproductive. In order to deal with the anger part, I spend my spare time writing a novel in which a spammer is murdered. It's not half bad.

      Regards,
      Anne

      • by _xeno_ ( 155264 ) on Wednesday September 24, 2003 @12:36PM (#7046111) Homepage Journal
        In order to deal with the anger part, I spend my spare time writing a novel in which a spammer is murdered. It's not half bad.

        I'm half-wondering how you're going to work that out. My first thought was "murder mystery" but I found myself thinking that it would wind up something like this:

        "And then I found him like this, strangled by several dozen feet of Ethernet cable, stabbed at least twenty-seven times, shot at least forty-three times, and then buried under several thousand printed copies of an e-mail," a rather distraught neighbor told the detective.

        "Hmm... it would appear to be an e-mail that offers - to enlarge your, er, member. Wait a minute - I think I can almost recognize what's left of his face. Yes, this is the notorious spammer I-Like-Watching-Kittens-And-Puppys-Die," the police detective responded, pushing pages away from the body's face.

        "Oh. Well, I guess that's about it then."

        "Wait, we have a mad murder around! Forty-plus shots? You'd have to reload multiple times to do that. We should do something!"

        "Yeah, you're right. His body'll start to smell soon."

        "I'll call the mortician."

        "I guess that's it then."

        "Yup."

        "Yup."

        "I better get the mortician over hear. You're sure you're going to be all right?"

        "Of course - I should be down at least twenty spams!"

        - The End -

  • by JessLeah ( 625838 ) on Wednesday September 24, 2003 @11:09AM (#7044814)
    These "anti-spam" guys have been a thorn in my side, and I HATE spam. They will list you in their list for the slightest of insecurities in your email system, and keep you there for days, weeks, or months after you've patched them. They will assume you are a spammer, even if you swear to them up and down how much you hate spam (and mean it!). They will block whole subnets based on the activities of a few.

    Most (all?) of the "anti-spam" systems out there are very poorly thought out. The ratio of "collateral damage" to actual spams stopped is way too high. And who appointed these guys worldwide "email cops" anyhow? I know I didn't.

    There has to be a better way to block spam than blackhole lists and the like! Maybe making it a Federal crime to buy anything from a spammer? Voila, no one buys from spammers, so spammers stop spamming the US...
    • by FileNotFound ( 85933 ) on Wednesday September 24, 2003 @11:21AM (#7044955) Homepage Journal
      This is definetly true.

      I myself had a runing with Anti Spam sites. For some bizzare reason the IP of my mail server was listed as a spam server. Which is BS as it's only ever used for personal mail.

      It took 5 emails and 3 days to get my server IPs of the list.

      It's a real bitch. Your mail bounces, you call the ISP that bounced your mail and they tell you that "such and such list", now you got to go to that list and request a removal. The problem is that many of the lists mirror additions but NOT removals. So you get added to one list and tada you're in 20 and got to remove yourself one by one...
    • The ratio of "collateral damage" to actual spams stopped is way too high

      Hear, Hear. Effective blacklists with no practical collatarate damage actually exist, even if all the attention seems to gather around the overzealous(SPEWS) and stupid(AOL) blocklists.

      dsbl.org [dsbl.org] open proxy/relay list, easy to get out once you fix the problem. very effective.
      spamhaus.org [spamhaus.org] lists IP addressess known to belong to spammers. Not as effective as dsbl, but a nice compliment in case spammer decides to send mail directly inst

  • The zombie machines have been compromised by any number of holes or emails. It cold take quite a long time to build a solid network that could send out such coordinated attacks.

    However, /. geeks, I'd love to hear the possible countermeasures for such a thing. Is there any recourse in sending the zombie's ISP a notification of infectino? Do Anti-spam laws apply in the form of a DDOS? Perhaps there truely is no way to alleviate such an attack. You tell me.
  • by LostCluster ( 625375 ) on Wednesday September 24, 2003 @11:12AM (#7044857)
    I think the bottomline failure in the "War on Spam" is that there's no central "root of trust" authority in the e-mail system... that is, no sactioning body regulating the use of e-mail in the way that we can have regulations about use of the PTSN that actually stick.

    What I think is going to need to happen eventually is that e-mail is goin gto have to become a closed-system where ISPs have to pay to gain admission and risk ejection if the fail to control the Spam or other abuses coming out from their sources.

    The fact is, any time you have an open unregulated communication system, the lowlifes are gonna be the ones who take it over...
  • by ticklemeozmo ( 595926 ) <justin,j,novack&acm,org> on Wednesday September 24, 2003 @11:13AM (#7044861) Homepage Journal
    I hate to sound like the typical crybaby, but why do the good guys always get screwed? If we (the spam-hating/fighting collective) were to do this, I can almost guarentee there would be media and probably law-enforcement backlash against us (as proven by the story of the spammer whose information was leaked by someone).

    Now, knowing that law enforcement WON'T do anything against this, what happens when we decide on vigilante justice and return the favor onto the spammers who DDOoSed them (it's an assumption)? Will the law suddenly perk up and seek those who struck back?

    And what sort of example is this proving? That Law Enforcement doesn't matter/work with technology as the internet? Is this foreshadowing for the California Anti-Spam bill?

    This is your typical example of hitting your little brother/sister back after s/he hit you and your mom catching you only citing "It's always the second person who gets caught."
  • by LostCluster ( 625375 ) on Wednesday September 24, 2003 @11:16AM (#7044884)
    Never. Fact is, for a blacklist to have any credibity it has to come from a central source. If it doesn't, then how are you going to authenticate the real blacklist from a fake claiming to be the blacklist but actually blocking legit ISPs and letting spammers by. P2P isn't the solution to everything.
    • You could always sign the blacklist received, so unless the actual distributed blacklist client is compromised, the authenticity of the list can be validated. You still have one publisher, but everyone who wants to use the blacklist would have to run their own distributed client. Really not a bad idea.
    • If it doesn't, then how are you going to authenticate the real blacklist

      A digital signature on the RBL seems like an obvious solution? I'd trust a list signed by monkey.com but not by I'm-a-big-bad-spammer.com

      Of course how the initial trust of the signer (not of the digital signature which would be chained) is established is a question but that question exists today.

  • by Rogerborg ( 306625 ) on Wednesday September 24, 2003 @11:16AM (#7044891) Homepage

    We've had a succession of Washington suits yakking on about Information Security, and Cyber War and The Great Potential Threat To Our Infrastructure, and yet when DDoS attacks actually happen, what do they do?

    You guessed it. Squat.

    There's no votes and no budget in actually fighting crime. There's plenty of capital to be made in selling up the threat, and in promising that you'll fix it, given just a little more time in office, and a slightly larger personal empire.

    What I'd like to see is our Dictator of Homeland Security pinned down and made to explain why he's not doing something about the attacks that are happening now. If we can't defend monkeys.com from a DDoS from malicious assholes, how does he expect to believe that we're able to defend safety or economic critical infrastructure from the same kind of attack launched by the truly malevolent?

    • by chabotc ( 22496 ) <(moc.liamg) (ta) (ctobahc)> on Wednesday September 24, 2003 @11:40AM (#7045201) Homepage
      Here's a thought..

      Suppose that the DDoS zombies used use a internet name instead of IP addresses.. Why not change the DNS for monkeys.com & compunet to a nice NSA or FBI address range

      Then sit back and wait for this law-enforcement stuff to finaly kick in
    • by EinarH ( 583836 ) on Wednesday September 24, 2003 @11:50AM (#7045419) Journal
      Wheter this is the responsibility of the DHS or the FBI I'm not sure about, but Ron Guilmette who runs the now closed monkeys.com actually tried to contact FBI.
      From a google groups post here [google.com]:
      I was also on the phone to Ron just a few minutes ago.

      More specifically, the law enforcement issue is twofold:

      First, he tried talking to his city police. He had to fight them to even take a written report of the incident. That was to be expected, of course.

      Then, he tried calling the FBI. The receptionist who took the call apparently didn't understand a word of Ron's explanation of a "denial of service attack against his Internet servers" and asked him "Is that illegal?". Ron insisted that he must speak to somebody who is more capable of understanding the issue. The receptionist transferred the call to the duty officer, which turned out to be an answering machine.
      Ron left a message, expecting to be called back, but no call so far.

      If this is correct, I have no indication that it should not be, it looks like a total FBI fuck up.

      (more info here [google.com])

  • Good riddance (Score:5, Interesting)

    by PincheGab ( 640283 ) on Wednesday September 24, 2003 @11:16AM (#7044894)
    Having been unfortunate enough to be assigned an IP block from a previous spammer and having gone through the subsequent ass-kissing I had to do to a black list maintainer that absolutely refused to remove us from the the list, I say the less blacklists there are, the better.

    I'm sorry but some of these list maintainers are anal, (VERY) self-righteous, awful people who will not listen, not even when the person at the other end of the line is polite, patient, and takes a polite and amicable approach to the issue of getting removed from the blacklist (and punches a pillow after the phone calls and emails instead of being rude to the person).

    I'm sorry but with the hell I had to go through to get removed (too much unwarranted ass-kissing, too much putting up with the "I'm only a volunteer" crap) I am only glad to see these anal a-holes go.

  • by LMCBoy ( 185365 ) on Wednesday September 24, 2003 @11:19AM (#7044938) Homepage Journal
    The internet seems to become more worthless every day, as more and more of it is hijacked by spammers and other commercialization.

    How can we take it back? If we can't, how can we replace it with something more resistant to these electronic malignancies?

    I want instant communication with friends and colleagues all over the planet, but I don't want UCE. I want instant access to the world's knowledge on all topics, from crucial news to movie trivia, but I want it without viruses, interstitial ads, popups, spyware, and all that other crap.

    By using Linux with some other specialized software, I have erected a defensive perimeter around my internet existence, so the tidal wave of garbage largely passes me by. But the walls need maintenance, and there always seems to be some new leak that needs plugging.

    It's regrettable that we need to take such drastic measures, but what really worries me is that the need is increasing with time. Can you imagine the situation where 99% of your email is spam? Is there an alternative to giving up email entirely at that point?
    • It seems to me that the Web, Mail and IPv4 parts of the internet are broken.

      For the time being, why not ressurect gopher, archie and implement a new IPv6 and a new trusted mail system (or even UUCP *icky!*), and just not tell anyone about it?

      We're the geeks who run the mail servers. Who is to know if their MTA is changed, so long as users get their mail, they won't notice.

    • I want to go shopping at a mall without worrying about being robbed. I want to drive to work without dying in a car accident.

      The world isnt perfect. People certainly are not. If the biggest worry you have is virii, ads, spyware and other "problems" which are easily solved with a little common sense, go open a beer and enjoy your afternoon in the sunshine.

      While millions starve and havent heard of computers.
    • Can you imagine the situation where 99% of your email is spam?
      99% of my mail is spam, you insensitive clod!

    • The internet seems to become more worthless every day, as more and more of it is hijacked by spammers and other commercialization.

      While I agree about the effect spamming has had on the Internet, I cannot disagree more about commercialization. Many sites, including Slashdot, could not exist without advertising.

      For that matter, do you think access fees cover the cost of the backbone? If the entire Internet were paid for by access fees, everyone's connection would easily cost double or triple what it does n
    • "I want instant communication with friends and colleagues all over the planet, but I don't want UCE. I want instant access to the world's knowledge on all topics, from crucial news to movie trivia, but I want it without viruses, interstitial ads, popups, spyware, and all that other crap."

      The unstated (but pervasively implied) follow-up to the above statement is "... but I don't want to actually have to pay for any of it".

      Sure it's sad to see a service that you're familiar with and like to use (like the

  • by Phantasmo ( 586700 ) on Wednesday September 24, 2003 @11:20AM (#7044939)
    total lack of interest shown by law enforcement

    If a MMORPG gets cracked and the rich owners get inconvenienced for half a day, the FBI flips out and immediately mounts an investigation.

    However, these guys are repeatedly DDoS'd and nobody cares.

    It would seem that the government only cares about cybercrime when big cash is involved.
  • by Dr. Bent ( 533421 ) <ben.int@com> on Wednesday September 24, 2003 @11:21AM (#7044956) Homepage
    OK, IANAL, but I have an idea that so crazy it just might work.

    Instead of outlawing spamming, outlaw the purchace of products advertised with spam.

    You could enforce this in a similar way to recent online gambling regulations that prohibit credit card companies from honoring transactions for online gambling. So if you sell your products using spam, you can't collect on the payment.

    Also, you solve the jurisidction problem of outlawing spamming. Instead of just moving the spammers out of the country, you now discourage spammers from ever sending spam into the country because it would then become illegal for anyone to purchace their products.

    And finally, it would discourage the 0.001% of people who are idiotic enough to respond to this crap. "You'll go to jail if you buy this." is just the kind of simplistic message that would get through to these people. When spammers stop getting replies, they won't have anyone to sell thier service to.

    This is just an idea, so I'm sure there's a few problems with it. But maybe in order to combat spam, we need to stop trying to go after the spammers and start trying to just make it unprofitable for them to operate in the first place.
    • Instead of outlawing spamming, outlaw the purchace of products advertised with spam.

      Sounds like a great way of killing competition - companies would just send spam pretending to be from companies with similar products.

  • Monkeys.com (Score:5, Interesting)

    by BrookHarty ( 9119 ) on Wednesday September 24, 2003 @11:21AM (#7044957) Journal
    A friend of mine, who has a business class DSL had his ip block blacklisted. Seems someone on the ISP had a trojan and was sending out spam. So monkeys.com blocked the entire ISP. And monkeys.com response, contact your ISP. All the customers where in a deadlock, the ISP didnt know why they where blocked, the customers couldnt get unblocked, so every customer trys to contact Monkeys. The ISP couldnt contact monkeys either, monkeys email queue was full. So the ISP threatens to sue, customers threaten to break kneecaps, and the spammers win.

    Really, if RBL's can be tricked to block good ISPs, and you get get the IP blocks removed, its flawed and needs to end service.

    BTW, I know many people who are switching to whitelists, and even at work, whitelists for internal mail only cuts spam almost 100%. Even earthlink etc, sell whitelist features as a value added service.
  • by orthogonal ( 588627 ) on Wednesday September 24, 2003 @11:21AM (#7044964) Journal
    I wish law enforcement had the resources to go after whomever is DDOSing these ant-spammers.

    But I understand that, especially now during our war against terrorism, law enforcement must prioritize, and go after bigger threats to our well-being.

    I applaud John Ashcroft for realizing this, and using our scarce law enforcement resources to attack the real threats: Tommy Chong, the bong seller [dangerouscitizen.com], and porn that personally offends him [tvbarn.com].

    If these anti-spammers were serious, they'd do the right thing and incorporate as for-profit companies and make the campaign contributions that would purchase them real police protection. That they haven't makes it clear to me that they have no reason to expect law enforcement to take them seriously.
  • Good Riddance (Score:3, Interesting)

    by NDPTAL85 ( 260093 ) on Wednesday September 24, 2003 @11:24AM (#7045008)
    These anti-spam lists were notorious for ruining the good names of ISP's who went thru the trouble of eliminating spammers from their ranks only to continue to be listed on these lists.

    They couldn't run the damn things right, its probably disgruntled ISP's and not spammers who are DoS'ing them right now. And rightly so.
  • by messiuh ( 206505 ) on Wednesday September 24, 2003 @11:26AM (#7045031)
    The poor guy gets DDoS'd, and then we end up Slashdotting his "suicide note"!!

    This guy just can't catch a break.
  • by Vic Metcalfe ( 355 ) on Wednesday September 24, 2003 @11:29AM (#7045057) Homepage
    I'm sorry for the trouble these guys have had, but I've had more trouble with black lists then benefit. I've been black listed many times for stupid reasons. Like one of the sign-off's mentioned, I've had @mydomain.com used to send spams, had to handle the bounces and then been blacklisted on top of that. I've had spam link to a page I host even though the spam wasn't advertising the page, it was using the page to support the sale of its product. The page was about water safety, and posted by someone with no connection to the spammers. I've twice been blacklisted and once had UUNet filter my IP allocation because users had uploaded old vulnerable versions of FormMail.pl to their web sites and spammers found and abused the hole. Both times I had found and removed the offending script before getting shut down, only to be blacklisted/filtered AFTER fixing the problem.

    As you might have guessed I have no love for RBL type services. I think their hearts are in the right place, but I'm tired of getting caught in the cross-fire. Since at some point, in order to benefit spammers have to be contacted by consumers, law enforcement should be able to track them down. I'd love to see that sort of thing become common. I can't see a technological solution even with a complete overhaul of how email works. I like the fact that a stranger can email me if they like. I just want to see legal limitations on that contact to prevent spam.
  • The FBI (Score:3, Informative)

    by deblau ( 68023 ) <slashdot.25.flickboy@spamgourmet.com> on Wednesday September 24, 2003 @11:43AM (#7045259) Journal
    If RFG can show that more than $5000 worth of damage was done to his computers or business, he can get the FBI involved. If they can track down who did this, there could be jail time for some of these bastards.
  • by Alioth ( 221270 ) <no@spam> on Wednesday September 24, 2003 @12:13PM (#7045788) Journal
    It's high time for MTA operator licensing.

    I think we need to implement a system where operators of MTA software need to be licensed, just like radio operators. The licensing should be open to anyone. The rules need to be:

    1. The licensee's MTA is only allowed to receive email from their own network to forward, and only receive email from other licensed MTAs from outside their network.
    This means that licensed MTAs will reject email from adsl-1-2-3-4.somebigisp.com, but will accept email from mail.somebigisp.com. A cryptographically signed list is distributed containing the list of MTAs that are licensed.
    2. If a licensed MTA operator's MTA is used to send spam or viruses, the MTA operator has their license suspended. Egregious violations can be punished by fines, or in extreme cases, imprisonment.
    3. ISPs (as opposed to an MTA run by an individual or a small company) would have to be licensed themselves to send email, and hire only licensed MTA operators to run the mail gateway. If an ISP is guilty of allowing spam or malware through their MTA, they can lose their MTA license, and in egregious cases, be fined.

    Licensing exams must relate to MTA operation best practise, rather than the specifics of operating a particular piece of MTA software. Licensees will be expected to learn how to properly configure and test their software before putting it online. Hopefully, the risk of a license suspension/revocation will provide ample incentive to ensure the MTA is configured correctly.

    Licensing rules would have to be agreed by international treaty. The licensing authority should probably be national governments, but could be the administrator of the DNS TLD for the full DNS name of the MTA in question.

    Effectively, licensing will be a big whitelist of mail server operators who have a minimum mandated level of clue, and a code of conduct enforced by the rule of law.

    In the early days of road vehicles, there were no drivers licenses. However, you'd have to be nuts to argue that driver's licenses (and most are internationally recognised) are a bad thing these days. The same really needs to go for mail servers - doing nothing at all is no longer an option. In the last 48 hours, Exim on my server has rejected just under 3000 instances of the Swen worm and SpamAssassin has canned 400 spam emails. Indications are that it will ONLY get worse. Rewriting SMTP won't help - we need proper rules about email, and proper remedies that can be applied (license revocations, fines, imprisonment) when people fail to follow those rules. With proper MTA licensing, ISPs will ensure they can properly identify all users and can so punish people who try and abuse their MTA, instead of just ignoring the problem like they do now. I'm beginning to wonder if email is worth it any more unless measures like this are put in place.

    In the short term, ISPs can help by blocking all outbound port 25 access apart from their mail gateway. Slashbot whiners who don't like this can stump up for a business broadband account and a static IP if they really must run their own MTA.
  • Distributed RBLs (Score:3, Insightful)

    by Zocalo ( 252965 ) on Wednesday September 24, 2003 @12:21PM (#7045917) Homepage
    So, when will we see a distributed RBL that can stand up to distributed attacks?

    More to the point, given that it's certainly doable with plain old DNS: why don't we have one already?

    Let's say I run a DNSBL server on a domain I own, "bl.dnsblacklist.com" say. How hard would it be to allow volunteers, preferably at large corporates and ISPs to download the entire zonefile contents via DNS AXFR (or whatever), in return for hosting a mirror server complete with another A record for "bl.dnsblacklist.com"?

    I would get to vet the applicants, because they would need to contact me first to acquire the necessary permissions required get access to the zonefile. If I don't trust the applicant to be 100% legit, or get evidence they have misused the data (which, at then end of the day is just a list of IPs that have sent spam), then it's access denied. There are some potential problems with this that I can see though. We still have a limited number of IPs for the distribution of the zone files to the slaves, so it would possible to DDOS those, unless that role could be safely distributed too.

    Note: this occurred to me while reading the article, so I almost certainly have missed some potential holes. Still, it does seem a way for a DNSBL provider to gain some resiliance for free if those holes can be plugged. Comments?

  • by Champaign ( 307086 ) on Wednesday September 24, 2003 @12:42PM (#7046179) Homepage Journal

    *WARNING* If you're the type of person that can't handle any critism of the open-source/technical community, even from within, you might want to skip to the next message.

    There's a funny thing that's been going through my head for years now which these two closures seems to be a part of.

    Technical people don't make good administrators.

    Years ago when I was in high school I used to run a BBS (bulletin board service - pre popular internet networks of computers). Every few months a SysOp (System Operator, the people in charge) would have a meltdown, send out a message telling everyone how much he'd (there were no women ;-) suffered, how ungrateful the users were and that he was shutting down to teach everyone a lesson.

    Nobody ever learned a lesson, and I never felt the lesson they were trying to teach was particularly valuable.

    I'm suspicious that this is a natural weakness of any system that relies on volunteer labour. If people don't have a strong (unfortunately usually economic) incentive to continue something, they're more ready to throw in the towel when the seas get rough.

    We've all seen open-source projects die where the maintainer spits bile about no one contributing, no companies offering them cushy jobs where they can work on the project, etc, etc, etc. See the story about the Linux Router Project [slashdot.org] for an example of this.

    As a non-technical example, a friend of mine was a volunteer firefighter and he got into the profession when just about every firefighter in his small town quit and they needed to replace the force. A baby had died at a fire they were fighting, and none of them had been able to deal with it, so they quit. Professional firefighters have all undoubtedly had the experience of someone dieing in a fire they were fighting, but you wouldn't expect their whole department to give up afterwards...

    With both of these lists, sure denial of service sucks. Given. When you rovide a service for free you expect acolades, guys buying you beers and women offering you their virginity. Best case, sure. But sometimes things aren't going to go your way and it seems so easy to close up shop, which can really screw people there were relying on you.

    If Slashdot started suffering sustained dos attacks, you can be sure that they'd figure out a way to get through it, or just button down the hatches until the attacks end. They're earning their livelihoods from this site, so they aren't going to give up on it easily.

    Maybe this is something that we should be upfront about as a community. When a service/product is free (as in speech), future extension/maintenance/existance are never guaranteed, and the only thing you're actually getting of value is whatever is there right now. If the service is something necessary that becomes worthless the instant it stops being maintained (rare, but certainly the case in some instances, such as with these two lists or with things like BBSes), than maybe volunteer labour isn't the way to provide it.

    • by roystgnr ( 4015 ) <roy AT stogners DOT org> on Wednesday September 24, 2003 @01:58PM (#7047188) Homepage
      You're comparing the operators of these services to spoiled children, when they've done more for the anti-spam cause than nearly everyone who will ever read your comment. What did they do to deserve that? If they are being selfish for giving up their efforts, doesn't that make you and I even more selfish for never making an effort in the first place?

      Who wants to become a volunteer in a world where if your efforts fail you will be seen as a failure and if they succeed you will be seen as an entitlement?
    • by Phroggy ( 441 ) * <slashdot3@NOsPaM.phroggy.com> on Wednesday September 24, 2003 @05:00PM (#7049247) Homepage
      I think you're missing something. You seem to be implying that the Monkeys.com admin is giving up because he personally can't take the pressure anymore, and that he should try to persevere instead. While that sounds nice, you're forgetting reality:

      1) While his servers are under a DDoS attack, nobody can use them, which means the blacklist is basically useless. This is why it's called "denial of service" - the ability to use the service is being denied.

      2) The only technical way to withstand a DDoS attack while still continuing to provide service is to increase your bandwidth so you have enough to handle both the attack and legitimate requests. This costs a LOT of money. Another poster mentioned that SpamCop spent $30,000 on this. SpamCop has paid subscriptions (I'm a subscriber myself); Monkeys.com does not. Do you have an extra $30,000 lying around that you could donate? I don't.

      3) The non-technical solution is to go through law enforcement. He contacted the FBI, and they didn't know what he was talking about. Perhaps he should keep trying, but due to the nature of the attack, I'm not sure the FBI could help if they wanted to - there's no way to track who is responsible for the attacks, so there's nobody to prosecute for a crime.
  • Law enforcement. (Score:3, Insightful)

    by seebs ( 15766 ) on Wednesday September 24, 2003 @12:42PM (#7046182) Homepage
    Nothing we know of can stop DDoS attacks - except law enforcement getting off their asses and ACTUALLY PROSECUTING CRIMES. Remember, every DDoS attack is rooted in zombie machines. Unauthorized hijacking of someone's machine is a CRIME. The problem is, the law enforcement people don't care about this particular crime, so nothing we do can fix iit. http://www.seebs.net/log/archives/000071.html [seebs.net]
  • by autopr0n ( 534291 ) on Wednesday September 24, 2003 @12:43PM (#7046187) Homepage Journal
    For example, how about getting RMX (Reverse MX lookups) working. A lot RBLs are error prone. A distributed RBL would either not really be distributed (i.e. a central 'committee' that decides who's on the list and lots of mirrors), or a disaster (i.e. anyone on the net can block people). I'm not saying it couldn't be done, just that it would take a Herculean effort to prop up a technology that a lot of people think causes more harm then good.

    The ideal (in my mind) anti-Spam 'tool chain' would be RMX and Bayesian filtering along with per-user white listing for messages that are flagged by those systems. A per-domain blacklist of "sites vouch for Spam via RMX" could be created and done on a somewhat distributed system, rather then an IP based system.

    Anyway, here's how I would design a distributed blacklist type system. First of all, it would be based on RMX rather then IP space. That way people who are forced to share IP space with spammers don't get screwed. Users of the system could flag mail as 'legitimate' or they could flag it as 'Spam' legit email is sent in only as a counter, and actual Spam is forwarded to a central system. Unlike Kazza or whatever, we wouldn't need to worry about getting shut down by the RIAA so some centralization is OK.

    No one person would decide what to 'blacklist' rather, simple counts of spam/non-spam could be retrieved by users. People running mail servers could see the Spam that they supposedly sent and, erm, repent :P. Older entries would automatically loose 'weight' so that people who change their ways can send email again. People who send in bizarre reports would have those reports weighed lightly.

    How do you prevent DDoS? Well, honestly I think the best solution would be to have users pay a small fee going towards hosting on something like Akami. That would be a lot simpler then trying to setup and manage the security of a distributed redistribution system.

    We might also have an identity verification system to prevent spammers from faking thousands of accounts to fuck up the averages.
  • by minas-beede ( 561803 ) on Wednesday September 24, 2003 @01:35PM (#7046920)
    Apparently Ron is abandoning both but there were two related anti-spam things he did. One was to maintain a blocklist for open proxies. The other was to run a network of proxypots and to use these to discover the IP addresses from which proxy abuse originated. He trapped a lot of spam with those, as well.

    Ron made periodic posts to news.admin.net-abuse.email in which he listed the top 40 proxy abuse-source IPs. He also contacted the ISPs from which the abuse originated and was successful in getting many of these to boot the spammers (which is a big reason spammers wanted to put him out of business, it would seem.)

    Ron was making real and substantial progress toward ridding the net of spam - even if you never heard of him he was helping you, and the help I speak of had none of the flaws of blocklists.

    Spammers look about everywhere on the net, seeking abusable open proxies. That means proxypots will succeed almost anywhere on the net. Just about anyone can help identify spammer IPs and get the spammers thrown off their ISPs. Ron's Top 40 list was a nice bonus and it helped show which ISPs were responsive and which protected spammers. Similar information from a single site (yours, if you'd do it) would be also have great value.

    I'd direct you to the Bubblegum proxypot web page but that, too, seems to be down. There's still something you can do even if you don't run a proxypot. If you have a software firewall on your system you can find the log entries for rejected proxy connection attempts. Chances are great that those were made by a spammer. Report the attempt to the appropriate ISP. I'd also suggest letting your ISP know: if spammers are looking in your ISP's space for abusable proxies the ISP can take protective actions. Your ISP also may have greater clout with the spammer's ISP - at least it's worth a shot.
  • To the mattresses! (Score:3, Interesting)

    by simeonbeta2 ( 514285 ) on Wednesday September 24, 2003 @01:46PM (#7047057) Homepage Journal

    The only solution is all out war!

    The problem is that spammers have a significant financial motivation to act in the ways that they do.

    Spam fighters, on the other hand, are fighting back and providing services mostly out of the goodness of their hearts. (Check me if I'm wrong, but i've never seen an article on the lavish lifestyles built by opposing spam.) This means that unless we can come up with an *unbreakable* technological solution the spammers will always win the war: they have a financial motivation to fight harder than we do.

    The solutions I've heard proposed sound more like problems than solutions: central governing bodies, a regulated internet, pay-per-email, etc all make my crypto-libertarian instincts nervous. If we don't want our commons taken away, we have to defend it ourselves!

    So how can we win against an enemy with superior motivation? We need to take away their motivation! We can't ever win by fighting the spammers, so lets start fighting the people funding them!

    We need to (legally) DOS the resources of those who are benefitting from spam. This is going to require maturity and restraint in the heat of battle, but if we attack the wrong people, we will be no better than the spammers. Let me propose the following:

    • Someone of stature in the community (maybe not a first tier personality like ESR, but someone who commands unquestioned respect) must be the figurehead for this. In addition there will have to be actual real human intervention by members of the service to verify targets and avoid friendly fire.
    • Through conventional resources we identify single beneficiaries of mass quantities of spam who have an exposed point of contact: for example I currently have spam in my folder that wants me to buy the drug vicodin and provides a url. If it can be verified that this spam is widespread (ie really is spam) and that the resource in question really belongs to the person behind the spam (ie really does link to cheesy mail-order drug store) then
    • Our anti-spam service distributes the url of the target and everyone subscribing to the service attempts to view the page (command line recursive wget would be appropriate I suspect).
    • The target of the attack is now rendered unusable.

    Benefits and prerequisites...
    Speed is of the essence. Attack must respond to take down target before any profit is made. Scale is important as well. Volume of traffic must decimate servers even on fat pipes (or at least cause high bandwidth $$$ usage). It might even be possible to DOS 1-800 numbers if every subscriber was willing to place a call and complain.
    Would all this be illegal? Certainly as a whole the intent is to DOS the target and therefore is illegal. I could even imagine RICO coming into play (this is after all an organized conspiracy to commit a crime). However the actions of those subscribing to the service are not illegal (IANAL, someone else comment). After all, I (as subscriber) am just saving a highly recommended commercial resource for later perusal! :) This is where it is key to have high profile trusted and respected figurehead. If Joe Blow organises this on his dsl line, his access gets cut off and the feds disapprove. If an innocent party is wronged than he probably goes to jail. If, on the other hand, ESR organises it, public opinion on the net will massively oppose federal pressure against him and commercial pressure (ie his access being cut off) is much less likely.

    I realise that there is lots of hand waving going on here. But I firmly feel that this may be an instance to fight fire with fire, fight outlaws with vigilante justice, etc. We need to claim our space for our productive use and not for other's pollution and decimation. Fighting spammers directly is like "fighting terrorism". Attacking those who provide the incentive is like taking the battle to host countries of terrorism; a much more likely strategy.

  • by fygment ( 444210 ) on Wednesday September 24, 2003 @02:00PM (#7047211)
    ...really. How many unsolicited personal emails do you get that are important? Even if you're in an organization with a network, how many corporate emails are not from the company domain? Just filter out anything not from a known source be it your personal or business address book.

    Our institution has a central broadcaster for corporate info. Any email for the general worker population is sent via that broadcaster. That's one filter. Coworkers another filter. Personal address book another filter.

    That's it. Anyone else goes to Junk and that is checked every couple of days in a dedicated time slot. Nothing gets missed. And time isn't a factor because when was the last time you received some kind of deadline item from someone you didn't know?

    Maybe a business has a few machines that really can't implement such a filtering scheme (eg. sales) but not everyone in a business has to be subject anonymous email solicitations. But at home it makes no sense that you have to be inconvenienced by spam. Just look at it statistically, how many emails have you had from addresses you didn't know, that mattered? OK maybe that Nigerian general with the account ...

"Hello again, Peabody here..." -- Mister Peabody

Working...