Australia's Largest ISP Redefines Spam 304
cpudney writes "According to this article in NEWS.com.au, Telstra BigPond, Australia's largest ISP will monitor its customers' e-mails and suspend the accounts of users suspected of sending spam, viruses or denial-of-service attacks. Under changes to its Acceptable Use Policy, BigPond will investigate cable and ADSL Internet customers sending more than 20 e-mails in a 10-minute period, and BigPond management "may suspend the (user's) account while the customer is contacted" if they are suspected of sending spam. Previously, BigPond's definition of spam was held to be 400 messages sent over a 15-minute period and now it's changed to 20 e-mails over 10 minutes. Internet Society of Australia president Tony Hill said BigPond's new definition of spam was very restrictive and he was concerned the limit had been set too low for legitimate e-mail users."
They are nuts - what about regular POP clients? (Score:3, Interesting)
Stupid (Score:3, Interesting)
This won't be good for Bigpond customers... (Score:5, Interesting)
This lecturer also has other responsibilities (I won't go into detail here) which require him to him to send out newsletters to all of the students in our department, plus international committees and a large number of university staff. We are a small department, but still have ~100 students. Sending out a student newsletter would trip the new email limit. I don't know how he's going to get around this from home (obviously he can send it using our uni mail server when he's at work).
Just another example of Bigpond not being up to scratch these days. I personally use a competing ISP, and have never had a problem. I don't know how Bigpond is going to keep its customers with shit like this.
Re:This does seem a bit restrictive. (Score:4, Interesting)
I hope there are some other triggers for this system, for example: Sending more than 20 email in 10 minutes The first time you log on to a new account would probably be more suspicious.
(Also, I think the comparison to /.'s two minute wait before posting is a very valid one.)
Isn't this rather pointless? (Score:2, Interesting)
I have an SMTP server running on my computer. I set it up a few years ago mainly to try to see how good a handle I had on how SMTP works, and I've continued to make use of it mainly so I can create my own Email aliases and help curb the amount of spam I get and keep track of its "real" origins... But setting it up was very little trouble for me. I grabbed a copy of sendmail, compiled it, spent a few hours figuring out how to configure it, registered an MX record with DHS International [dhs.org] and that's it... It's running. DHS was a free service the first few years I was with them -- now they charge me $5 per year.
For a brief period my ISP was filtering access to the SMTP port on my residential address, which meant I couldn't receive messages using my SMTP server... But I was still using it to send them out with no trouble! But at some point I contacted them and told them that I only want to have it running for my own usage, just to help curb the amount of spam I get, that I won't be giving anyone else accounts on it and that I understand how relaying works and have correctly restricted it... And a week or two later my SMTP port became accessible again. (Hopefully they actually reviewed my usage logs and tried to relay something through me before they did this... I'd hate to think they weren't careful.)
Sooooo... If I had no trouble setting up my own SMTP server, isn't it reasonable to assume that any halfway intelligent spamming organization would do the same -- set up their own server, then use that server to send out their spam, and avoid giving their ISP the chance to easily monitor their messages' content?
So isn't this really a more or less completely pointless violation of almost always legitimate Email users' privacy?
Solution: have the ISP host the lists (Score:1, Interesting)
In other words, welcome to 1993. Colorado Supernet used to host a bunch of majordomo-run lists on their machines - either teal or csn itself. You could have their machines do the work for you instead of trying to slam dozens or hundreds of mails out from your lightweight machine. I'm sure that many other ISPs offered the same services back in the days that shell accounts were the norm.
I welcome our new SPAM-throttling overlords (Score:2, Interesting)
This is what you get for being a sheep and supporting your local (ex)Monopoly. No surprises here, none whatsoever.
Pain for many normal users? Sure!
Likely to increase ISPs income? Sure!
Actually going to make a *real* difference to professional spammers? Not likely!
Not much more than the usual big company thinking It's not important to solve the problem. It is only important that we convince the public we're working hard to solve the problem. (eg Microsoft and Security)
Then again, perhaps it'll encourage a few % more people to seriously consider their Internet Access choices in Australia, and they'll be better off in the long run.
If it's not entirely obvious (read-my-sig), HELLstra is not my ISP.
Whoa! (Score:2, Interesting)
What I want to know is, how do they decide if you're sending spam or not? Do they read your email? If so, that's pretty serious - I'd be interested to know what the user policy is with regards to that sort of thing. And if they just disconnect you while they check, that's bloody dramatic! I guess they can monitor you for continued heavy use, and then make a decision, but I can't see any middle ground between those two alternatives.
Either way, yet again glad I'm not with Telstra!
J.
Re:This won't be good for Bigpond customers... (Score:5, Interesting)
Telstra has all sorts of ways to try keep their customers. For example, misleading advertisements - they were forced to take some of their TV ads off the air by the ACCC. Or abusing their monopoly on the phone lines by lying about the availability of ADSL - they told a customer he was too far from the exchange when he wanted to get ADSL through another ISP, but was close enough for Bigpond. Then they threatened him when he talked!
I think there is only so far they can slide, however, before even the most uninformed consumers see the light. Their recent run of email brown outs must have been hard for even the most tolerant of users to ignore. This article [whirlpool.net.au] at whirpool suggests that people are finally starting to wake up.
Well, this should be entertaining. (Score:2, Interesting)
If that happened here, I could only imagine the number of pseudo-mass-mailers that would have issues. You know, the people that send almost EVERYBODY WHOSE EMAIL ADDRESS THEY EVER HAD the greatest joke they read this morning, or funniest picture or....
Even I could get screwed over! After releasing a newsletter, which goes out upto 10 addresses (half in BCC), I get to hours old email, dashing through as much as I can, which tends to probably push the limit about once a month.
Besides, this problem could only be gotten around...oh, what, a dozen ways? Zombies, protocol switching, virii (have to write your own) and lets not forget remote accounts and any combinations you could come up with. Signal to noise is most certainly going to be difficult for Big Pond. As much as I dislike what they've done, I sincerily feel for their tech support.
Re:Oh telstra you dorks (Score:5, Interesting)
Road Runner seems to have this (Score:3, Interesting)
I object to this for several reasons:
Re:Stupid (Score:3, Interesting)
Spamassassin on outgoing email (Score:2, Interesting)
Then calculate the scores of each user. If a particular user is sending lots of email that Spamassassin is "scoring" highly, then it is likely that the user is spamming or at least sending out spammy emails, and would warrent a closer look.
This would increase the load on outgoing mail servers, but if they want to do this right, and do it much more automated than manually reviewing everyone that sends "X emails in X minutes", then this would be one good way.
Or even... hold user's emails that have a very high score in a "pending" queue, and have an admin go through the queue to make sure it isn't spam before actually sending it.
Of course, this depends on Spamassassin being able to correctly target spam versus ham (and recently spammers are getting better at getting around it) but each new version of Spamassassin gets better at this again, so as long as they keep upgrading, the above system would work pretty accurately, and would minimize intrusion into people's private emails.
Sounds familiar -- and not even bad (Score:4, Interesting)
There was an article, featured on Slashdot, quite some time ago, which could be applied here. The thought was that if an identified spammer tries to send to your SMTP server, the service would be slowed down.
To protect both the ISP and the innocent, they could implement a feature where after 20 mails in 10 minutes, mails would only be processed at the speed of, say, one mail per 30 seconds, and maybe slowing progressively after each 100 mails. When the mail pipe has been silent for a given amout of time, say ten minutes, the "mail slower" would be reset.
This wouldn't make much difference for the legit home user but for the spammer (and for a business connection) it would be a tar pit to avoid.
This could probably be implemented just by installing a crappier mail server ;)
~llauren
Re:This does seem a bit restrictive. (Score:2, Interesting)
Telstra are the ISP. They can see anything they want.
# tcpdump -i eth0 dst port 25
YAY! this is great! (Score:4, Interesting)
It's the number of recipients,not number of emails (Score:3, Interesting)
Granted, this is going to add some processing and storage overhead, but it could be done offline, and the statistics gathered used to suspend accounts once a day.
-josh
ISPs can act more proactively (Score:2, Interesting)
Right now three domains owned by members of my family have been chosen by spammers as the forged source domain for their spams, which are primarily sent to AOL, MSN, Yahoo. Working with AOL's postmaster team (which took a long time to find), we have determined these messages originate all over the world from a number of machines on many dozen ISPs and universities--directly from clients on those networks, not mail servers. AOL says there isnt a thing they can do about it (apparently even thousands of spam messages aren't a lot for them and no filtration process exists to, say, block any email which purports to originate from a domain but doesn't originate from the ip address of that domains email server) and I should contact each network directly (a daunting task since no one reads postmaster emails anymore).
Meanwhile, AOL's, MSN, Yahoo, etc. postmaster account sends hundreds of rejected messages to our domains daily.
The spammers' chosen method seem to be to create a relay on these public access networks. Chose a random source domain (which remains relatively constant) and then apply a number of random email account names to create a forged source. Then send to every possible subscriber at a major ISP in small but continuous batches.
Short of requiring authenticated emails, it would still seem relatively easy to detect this spam both leaving and coming in to an ISP:
-- mail is being sent directly from a client and not relayed either through the ISPs mail server or another relay which matches the reply to domain.
-- mail from the same machine continually iterates reply-to names
-- if 100s of messages are being rejected, then logically 1000s must be successfully sent--which means these machines should be more than a blip on ISPs server logs.
-- while messages come in waves, they continue throughout the day (and mail sent by humans is sent in small batches usually during waking hours)
What I would really like is a registry, perhaps tied to my domain registrar, wherein I can register the mail server(s) of my domain(s) and other ISPs can do a lookup for incoming mail and block email which isn't relayed through that mail server/IP address. This simple method would stop all my spam--at least until spammers find a new method.