Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Spam Education The Internet Your Rights Online

University Capitulates, Switches Off Spam Filters 470

Heraklit writes "As reported on German news site Heise, the system administrators of the Technical University of Braunschweig have temporarily given up the fight against spam. Because of the legal obligation to deliver all mail and of the delay time exceeding critical 5 days(!), they decided to switch off all filter mechanisms. Before, the 20 servers dedicated to processing e-mail alone had been breaking down under a load of 100000 unprocessed mail messages, ca. 98% of which had been spam or viruses. ... A similar e-mail jam occurred recently at the IT central of the German Federal Government. Is this the beginning of the end of e-mail?" (The Fish may be useful.)
This discussion has been archived. No new comments can be posted.

University Capitulates, Switches Off Spam Filters

Comments Filter:
  • Question? (Score:5, Insightful)

    by untouchable ( 615727 ) <abyssperl@@@gmail...com> on Sunday May 23, 2004 @08:11PM (#9233984) Journal
    Does anybody know the filtering methods they were using before they decided to toss everything to wind?
    • Re:Question? (Score:4, Interesting)

      by Nasarius ( 593729 ) on Sunday May 23, 2004 @08:18PM (#9234032)
      Good question. I would think that 100,000 emails is really not a lot, even for 20 low-end PCs.
      • Re:Question? (Score:4, Insightful)

        by Donny Smith ( 567043 ) on Sunday May 23, 2004 @08:31PM (#9234114)
        >Good question. I would think that 100,000 emails is really not a lot, even for 20 low-end PCs.

        I'm sure that's not the point - it's easy to deliver 100K mails, but the problem is that you've got to manually check for false positives and un-mark them as good email.

        • Re:Question? (Score:5, Interesting)

          by slashdot_commentator ( 444053 ) on Sunday May 23, 2004 @09:18PM (#9234340) Journal

          No one (sane) *manually* checks for false positives, just the end user. You do need manual personnel to follow up on end user inquiries, but it should be moot. If you have the right spamblocking service/setup, you're not going to get false positives...
          • Re:Question? (Score:4, Insightful)

            by Pieroxy ( 222434 ) on Monday May 24, 2004 @01:30AM (#9235355) Homepage
            It looks to me that they were not delivering spam mails. Otherwise their obligation to deliver everything would have been fulfilled.

            Hence, a difficulty for the end users to mark themselves the false positives....
            • Re:Question? (Score:4, Insightful)

              by techno-vampire ( 666512 ) on Monday May 24, 2004 @02:01AM (#9235433) Homepage
              Unless you don't care about false positives, you don't block spam at the server by sending it to /dev/nul. You put it in a special folder that the end user can check. That way, false positives can be received, and you can adjust your filters as needed. Presumably, their spam filters were getting so overloaded that they couldn't even do this much.
              • Re:Question? (Score:4, Interesting)

                by andy landy ( 306369 ) <aplandellsNO@SPAMhotmail.com> on Monday May 24, 2004 @03:52AM (#9235804) Homepage

                I work at a UK university and we're introducing a new system to deal with spam. We've already got an in-house product, MailScanner [soton.ac.uk] which does the detection job pretty well, but our mail servers are quite loaded with junk.

                We're about to offer a "delete at gateway" option, so our users don't have to filter their email and lessen the load on the mail servers at the same time. This service is optional, so our users can choose whether they want it, but we'll be strongly encouraging them to use it.

                Additionally, they can set their spam threshold, so they can delete most spam, but review the borderline cases.

        • Re:Question? (Score:5, Informative)

          by Seumas ( 6865 ) on Sunday May 23, 2004 @11:42PM (#9234917)
          Simple problems have simple solutions.

          You can increase the threshhold at which you declare spam to be spam. Allows for more misses, but reduces the false positives to, essentially, nothing.

          Or, you can just tag likely spam with ***SPAM*** in the subject and let the user deal with it.

          Or even better, you can direct likely spam into a specific IMAP folder on the server that the user's client can subscribe to and they can glance at their personal SPAM folder on the server whenever they want without having to download all the bodies.

          As someone who personally uses postfix+procmail+spamassassin+razor and recieves 4,000 emails per day, I am currently filtering out 98% of the spam on the server and have had ZERO false positives in two years and 2.9million messages.

          Statistically, you will eventually get some false positives - especially if you have a large userbase (as opposed to just one or two accounts). But if one out of every few million messages isn't acceptable, you can just use one of the previously suggested methods.

          The worst you can do is nothing at all.

          • by grahamsz ( 150076 ) on Monday May 24, 2004 @01:35AM (#9235365) Homepage Journal
            How can you know you've had no false positives.

            Have you personally reviewed the 2.9M messages which were filtered out... if you have then i'd question the value of your filtering.

            I know i've occasionally had false positives and i get nowhere near your message volume. My personal favorite is the UK paypal-esque service NoChex which sends emails with the subject line "YOU'VE GOT CASH!!"...
            • by Reziac ( 43301 ) on Monday May 24, 2004 @02:58AM (#9235593) Homepage Journal
              The sysop of a local BBS grew his own spam filter, based on all sorts of header criteria, as observed in actual spam. It fails very rarely, maybe once or twice a year (either a false positive or a spam let through) and yes, he DOES hand-vet the results (did so every day for months, until he was absolutely sure it could be trusted, and still checks it on a regular basis).

              Anyway, if an amateur could do that well, I'm sure close enough to 100% accuracy *can* be achieved by a professional solution. In fact, it's made me wonder why some solutions don't perform better than they do.

    • by dont_think_twice ( 731805 ) on Sunday May 23, 2004 @08:32PM (#9234118) Homepage
      Does anybody know the filtering methods they were using before they decided to toss everything to wind?

      They had a team of 20 monkeys that would read the emails and determine if they were spam. Unfortunately, the monkeys are easily distracted, so anytime they got spam about banannas, they would lose focus. This lead to the backlog.

      What? you have never gotten bananna spam before?
  • by Anonymous Coward on Sunday May 23, 2004 @08:12PM (#9233987)
    Just white list known good addresses. Hand out auth tokens (X-Not-Spam: md5 digest here) and white list those temporarily. And white list known good PGP keys.

    Byebye, spam.

    Byebye, email.
  • by chrispyman ( 710460 ) on Sunday May 23, 2004 @08:13PM (#9233990)
    If you don't filter out any of the spam, then some mail server somewhere is gonna have to store all that junk mail. Even with a quota system I'd expect that there'd be a whole bunch of people just "giving up" on e-mail.
    • by dealsites ( 746817 ) on Sunday May 23, 2004 @08:31PM (#9234117) Homepage
      Yeah, you'd think even if you you had sorry filters in place, some filetering would be better than none. Giving up is just the wrong thing to do. Many people have had good success with Spam Assassin, even if you have to fine-tune it by hand it should help with the obvious and common spam emails. Some of the spam will always get though, but it shouldn't be too had to catch the majority of spam.

      --
      New deal processing engine online: http://www.dealsites.net/livedeals.html [dealsites.net]
      • SpamAssassin's pretty heavyweight; a purer statistics based system like dspam [nuclearelephant.com] is probably more suitable for large scale systems like this; you don't want a perl script chugging over every single email for seconds at a time. I wouldn't be suprised if they needed 20 mail servers if they were using SA...
      • by quinkin ( 601839 ) on Monday May 24, 2004 @01:07AM (#9235277)
        My approach has been to use spamd (avoid thread creation overheads) and run a base spam assessment on all mail. The assesment is stored in the header of the mail and the users can then filter/sort accordingly. Any "evil" attachments are automatically toasted, although the heuristic is very lax due to a high number of techie users.

        If required they can also set a spam level on the mail server in a MySQL user/account database to automatically delete mail over the specified threshold (for accounts receiving oodles of obvious spam).

        It has a nice balance between performance, security, and leaving most of the control in the hands of the users. We haven't faced extreme loads but it hasn't even raised an eyebrow over the load so far. Most importantly, no unhappy usres complaining of missing emails...

        Q.

    • by hammock ( 247755 ) on Sunday May 23, 2004 @08:36PM (#9234149) Homepage
      Strip all attachments.
      All of them. Don't process them, just ban them.
      If you want to send a file, use ftp or send a link to a read-only http or smb/nfs share.

      Using email server blacklists instead of filters on the spam will work a lot better too. Hopefully they aren't using a brain damaged email server like Exchange.
  • Finally (Score:3, Funny)

    by Anonymous Coward on Sunday May 23, 2004 @08:13PM (#9233993)
    "they decided to switch off all filter mechanisms"

    Finally, I can get my "male enhancement" emails again.
  • I wonder... (Score:5, Funny)

    by BeneathTheVeil ( 305107 ) on Sunday May 23, 2004 @08:13PM (#9233994) Journal
    what sort of awful sound the servers made as soon as the filters were turned off? ...I imagine it would be akin to someone who 'just' made it in a mad dash to the bathroom.
  • Spam And Viruses (Score:5, Insightful)

    by FiberOpPraise ( 607416 ) on Sunday May 23, 2004 @08:14PM (#9233996) Homepage
    Perhaps just disabling spam filters and leaving virus blocks in place would be a less drastic approach. Detecting spam is non-trivial, but detecting viruses is not. They are easily found and the email should be blocked. This is implemented by my ISP (Road Runner NYC). Emails containing viruses are replaced by a text message warning that a virus was sent to the email address.
    • Re:Spam And Viruses (Score:5, Interesting)

      by slamb ( 119285 ) * on Sunday May 23, 2004 @08:34PM (#9234130) Homepage
      Emails containing viruses are replaced by a text message warning that a virus was sent to the email address.

      And that warning is so useful. Who do you send it to?

      • The recipients? They don't care.
      • The "senders"? They don't care. (The From: address is forged!)

      These messages are a waste of everyone's time. I get hundreds of worms daily...but I never see them, because they're easy to filter. What I do see are these damned "helpful" messages that "I" sent someone a virus. Those are much harder to filter.

      Much better way: reject viruses in the SMTP transaction. The SMTP client is then responsible for notifying the sender. If that client is a virus or worm, it will do nothing; no one is bothered. If it's a false positive, the sender will get the bounce. Reliable, unobstrusive.

      If you want to filter email politely, you must follow these rules [advogato.org]. People who don't cause the rest of us constant headaches. The worst thing is that they don't even realize it.

      • Re:Spam And Viruses (Score:5, Interesting)

        by tomstdenis ( 446163 ) <tomstdenis.gmail@com> on Sunday May 23, 2004 @09:12PM (#9234314) Homepage
        Oh common, the 100s of daily "message has virus" emails I get are very useful. It makes me keep my Gentoo box win32 virus free!

        I once confronted a sysop about this and they told me "if we don't email them back people won't know the message was rejected". Apparently the idea of checking while reading the message never crossed his mind.

        As another poster suggested I just filter out all "warning" emails as junk which helps.

        Tom
      • Re:Spam And Viruses (Score:4, Informative)

        by Burning1 ( 204959 ) on Sunday May 23, 2004 @10:09PM (#9234551) Homepage
        Permanant Failure (5xx SMTP) codes are not safe either.

        There are many cases where email is relayed before being sent to a system that does virus scanning. (Consider what happens when you use sendmail aliases and virtual domain entries that contain somthing on the order of "user: user@someotherhost.com".)

        Your SMTP 5xx error will cause the relaying server to generate a bounce. The bounce will go to the person listed by the forged "To" headers, and will even include a copy of the Virus.

        The proper way to deal with email worms is to quietly delete them.
      • by RovingSlug ( 26517 ) on Sunday May 23, 2004 @11:40PM (#9234909)
        If you want to filter email politely, you must follow these rules.

        One small quibble about a final point in those rules:

        I reject almost any MIME attachment that could be Windows malware. Even .zip files now. I politely ask them to arrange with me another way to send it. (Sending binaries through email isn't such a good idea anyway; it's indirect, and base64 bloats files 50%.)

        It's indirect? What's a good way to transfer binary files that is both direct and secure? ... and archived with a personal note. One handy thing I do for large attachments is to upload them to a http server and send the link. But this is a pain in the ass for anything other than the biggest files. What are the good options otherwise?

      • Re:Spam And Viruses (Score:5, Informative)

        by Wastl ( 809 ) on Monday May 24, 2004 @02:01AM (#9235432) Homepage
        Much better way: reject viruses in the SMTP transaction. The SMTP client is then responsible for notifying the sender. If that client is a virus or worm, it will do nothing; no one is bothered. If it's a false positive, the sender will get the bounce. Reliable, unobstrusive.

        Two things:

        • in many countries (e.g. Germany) you are actually obliged to deliver a message, regardless of whether its a Virus or not, or at least send the recepient a message that he received an email and can fetch it by some means.
        • your proposal is short-sighted: most viruses are already relayed via several systems before they reach my mail server, so a bounce would be generated in any case; I suspect that this is true for most other systems as well.

        The approach that we take is the following: We mark virus messages with a special header and deliver them in a dedicated folder in the user's mailbox. Most users simply delete all messages in this folder, but then it is their choice, we abide to all laws and do not generate bounce messages.

        Sebastian

  • Mirror (Score:3, Informative)

    by karmatic ( 776420 ) on Sunday May 23, 2004 @08:14PM (#9233998)
    Site's a little slow -
    Akamai Mirror [akamaitech.net].
  • ...is to inform the students how to install their own software, like Spam Assassin. That would distribute the processing to the people who actually would use it.
    • by xixax ( 44677 )
      OK, you could tell the end users to find their own tools and just cope.

      However, I work in a large organisation, and with a 98% spam ratio, the mail infrastructre would need to be much larger (and more expensive!) than it actually neeeds to be. Let alone the (*&&^$@# junk traffic and bounces caused by auto-responses to forged addresses. Plus we have a significant number of staff who are clueless who would be excluded from communicating effectively because they do not have the time or skills to learn
      • by AftanGustur ( 7715 ) on Monday May 24, 2004 @12:54AM (#9235222) Homepage


        Plus we have a significant number of staff who are clueless who would be excluded from communicating effectively because they do not have the time or skills to learn how to train a spam filter. in such a situation, no-one could no-longer *rely* on email to contact/inform our staff, reducing its value as a tool.

        True, I also work in a large international organisation, but our Spam/Ham ratio in "only" about 40%..

        I am handling the Spam problem and we have been running SpamAssassin, as a pilot project, for the last year.

        The SpamAssassin project almost got replaced by a commercial solution when people started asking themselves, "what good is it if we still deliver, the Spam to the users inboxes ?". Our users may be experts in other fields, but for many, computers are not their thing.

        Some commercial solutions have "Quarantine" system where you can send a report once a day to the recipients, with a list of all spam they received the day before, with a link for each email the user can click if he wants it delivered to his inbox.

        It took me 4 days, but I wrote my own Quarantine system that does exactly that, and got permission to release it under the GPL.. [biodef.org]

        That way the Spam doesn't constantly flow in the user's inboxes and takes up the users time. (And, 'no' manually creating a filter rule for thousands of users is not an option)

  • It's done. (Score:4, Interesting)

    by jrockway ( 229604 ) * <jon-nospam@jrock.us> on Sunday May 23, 2004 @08:14PM (#9234005) Homepage Journal
    > Is this the end of email?

    Yes. When one university decides to stop filtering SPAM the entire world's infrastructure has effectively been shut down. Oh wait... no.

    My UIC account gets NO spam (because I don't give it to anyone :), so I think that responibility is the key to keeping email working. Adding some numbers (*sigh*) helps guard against random address guessing.

    Anyway I don't see anyone stopping you from using your own SPAM filter. Let's not blow this out of proportion, please.
    • by Dizzle ( 781717 ) on Sunday May 23, 2004 @08:17PM (#9234028) Journal
      Since you give it to no one, do you have an empty inbox all the time?
    • by shadow_slicer ( 607649 ) on Sunday May 23, 2004 @08:29PM (#9234100)
      "Adding some numbers (*sigh*) helps guard against random address guessing."

      Exactly! That's why I require all my users to use multi-case letters, symbols and numbers as their email address. I also require them to change the address every couple of weeks to a value different than any previous value (in case some spammer has managed to brute force it, or the user has leaked it). This has practically eliminated spam and reduced the mail server's storage usage by 99.9% (though the mail server still has to work really hard sending all those 550's).

    • I have several accounts that I have given to nobody -- not friends, relatives, or even my wife -- for the purposes of testing whether or not they would get spam. Several of them are receiving spam. Even my root account is getting spam (though that's not so hard to guess). I'm not sure how the spammers' guessing algorithms work, but they do a pretty good job.

      In addition, I have two accounts that I use regularly -- one that I give to everyone (web registration forms, etc) where I don't care about spam, a

  • blacklists (Score:4, Interesting)

    by sumdumass ( 711423 ) on Sunday May 23, 2004 @08:15PM (#9234011) Journal
    Maybe they should just blacklist the most common spam and virus adresses by subnet then filter on a lower percentage. It would seem that if they got rid of china or some other area like what happend recently with spain, it would send a message to those networks to stop things and bear some of the weight.
    • They can't do that. As the synopsis says, they are legally obliged to deliver all legitimate mail; if they just blacklist a whole subnet then they run the chance of blocking real mail. They just can't afford that.
    • Re:blacklists (Score:5, Insightful)

      by AtomicBomb ( 173897 ) on Sunday May 23, 2004 @08:41PM (#9234181) Homepage
      It is a common misunderstanding. While most web server these spams are pointing to may be located overseas [slashdot.org], most of spams are originated from US. Mostly likely from hijacked fast cable/DSL connected home machines.

      You may think it is okay to block email from China or even the whole Asia because you don't know some Asians in person, but please check again where your RAM, mobo, anime etc come from... A lot of companies and university have collaborations overseas as well...

      We don't really have much options left... Basically, you will have to blacklist all the high boardband provider's IP range (rr, earthlink etc)... Sorry, geeks, your email server will no longer work... It is not really an ideal solution. The other idea is kind of similar to secured DNS, ie, mail server retrieves "good IPs" from a central server. Email originated elsewhere are assigned with very low priority or filtered out altogether.

      Everyone needs to be registered with their mail server with the governing body (similar to the domain name idea), say for $100 per IP. It is not that expensive if you really need that... But, prohibitive for spammer... Yes, it makes home run email server more expensive... But, you cannot get a domain name for free anyway. Why should we expect email server to be free? It may be the solution to get the economy of spamming right again.
    • Re:blacklists (Score:5, Insightful)

      by 1u3hr ( 530656 ) on Sunday May 23, 2004 @09:05PM (#9234297)
      It would seem that if they got rid of china

      As someone who lives in China I get more than a little tired of being filtered out because of the continent I live in. (Especially since the vast majority of spam I get is selling products from America, regardless of what server they're sending them through.) And in this particular case, being a university it's very likely that they have a sizeable number of students from China, and many staff with academic links.

      • by 1010011010 ( 53039 ) on Sunday May 23, 2004 @09:22PM (#9234359) Homepage
        Call your elected representatives! Get them to outlaw spam!
      • Re:blacklists (Score:3, Insightful)

        by Dimensio ( 311070 )
        As someone who lives in China I get more than a little tired of being filtered out because of the continent I live in.

        Then bitch at the Chinese ISPs who allowed the problem to exist in the first place.
  • end of email? (Score:4, Interesting)

    by randomized ( 132106 ) on Sunday May 23, 2004 @08:16PM (#9234022)
    Excuse me? One university gives up on spam filtering for questionable reasons and you declare death of email? Weird, I still do most of my communication via email. My servers all run spam marking services and my client filters out the junk as soon as it's retrieved.

    Of course more bandwidth is wasted on spam mails, but since I don't see much of it, it doesn't bother me so much.

    What do you propose to use instead of email? instant messaging? Talk about waste of time :)
    • Re:end of email? (Score:5, Insightful)

      by LostCluster ( 625375 ) * on Sunday May 23, 2004 @08:29PM (#9234098)
      I don't think e-mail is dead, but e-mail as we know it, specificially the SMTP protocol, is long overdue for a retirement party.

      Afterall, the "from" field is a total free-response section in SMTP with no need to authenticate that you're really associated with the address you claim to be. That and other weaknesses are why spam is so hard to kill in the first place.

      We'd be in a much better place if our e-mail system at least had a trustworthy traceback facility so that we affirmatively know who sent the message by default.
      • Re:end of email? (Score:3, Insightful)

        by log2.0 ( 674840 )
        One problem is: who will make this specification? MS? They certainly want to.

        Once this new email2 protocol is invented, how long would it take to be implemented around the world by every admin?

        What happens when that protocol gets hacked (probably by the spammers)?

        I think its the right direction to make an email2 protocol but it wont be easy.
      • We'd be in a much better place if our e-mail system at least had a trustworthy traceback facility so that we affirmatively know who sent the message by default.
        No doubt, but that's a classic Hard Problem. How do you authenticate the entry point without a central credential clearing house? And who runs that clearing house? VeriSign? (hint: that would be a bad choice)

        I agree that SMTP needs a makeover, but what to replace it with is still very much an open question.

    • Re:end of email? (Score:5, Insightful)

      by bcrowell ( 177657 ) on Sunday May 23, 2004 @08:57PM (#9234262) Homepage
      Of course more bandwidth is wasted on spam mails, but since I don't see much of it, it doesn't bother me so much.
      What's OK for you may not be OK for other people. Personally, I get about 200 spams a day, versus about 1-2 real e-mails. When the ratio of spam to good mail is 100:1, it gets hard to implement spam filtering that's accurate enough to do the job. And are you under the illusion that you aren't paying your ISP for the bandwidth they waste dealing with spam?

      There are some basic problems here:

      1. The e-mail protocols were never designed with the spam problem in mind.
      2. Any method for eliminating spam just encourages the spammers to look for countermeasures, viz. the current crop of spams with "pen1s" in them, or subject lines ending in "hekatomb spastic euphorbia malleus."
      3. There is no limit whatsoever to the number of spams that the spammers can generate. Any countermeasure that's based on the current protocols will break down once you hit it with a large enough volume of spam. Either it will be too slow, or it will produce too many errors.
  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Sunday May 23, 2004 @08:16PM (#9234024)
    Comment removed based on user account deletion
    • by Alan Hicks ( 660661 ) on Sunday May 23, 2004 @09:23PM (#9234366) Homepage
      I seriously doubt e-mail will ever die.

      I would agree, but only on a few stipulations. E-mail as we know it will almost certainly die sooner or later, to be replaced with something else that better fits our future needs. Like gopher and http, smtp, pop, and imap will all sooner or later be replaced by another set of protocols. Perhaps they will require something like SPF to reduce spoofed "From" headers. Perhaps they will support or even require encryption? Face it. Sooner or later, e-mail as we know it will die, but only when something else is able to take its place.

  • by whizkid042 ( 515649 ) on Sunday May 23, 2004 @08:17PM (#9234027) Homepage
    Here at the university where I am a sysadmin [clarkson.edu], we get approx. 100K emails per day and we have no problem pushing them through spamassassin on a single server with dual 2.8 xeon processors. How in the world could this place possibly need 20 servers to process this much mail?!
  • by edoc ( 772148 ) on Sunday May 23, 2004 @08:18PM (#9234039)
    "Because of the legal obligation to deliver all mail and of the delay time exceeding critical 5 days(!)"

    Is it just me or is this another ridiculous law? The University is providing free email services to those that are students at this establishment and they obviously need to filter out spam in order to be able to offer this service with there current hardware requirements. Spam is a legitimate problem and people that are offering free email services should be allowed to attempt to filter it as it can be extremely taxing on a busy mailserver. They can filter the spam without being intrusive or breaking privacy laws so I see no reason that it should be prevented by law.
  • by OldMiner ( 589872 ) on Sunday May 23, 2004 @08:19PM (#9234043) Journal

    Personally, if it were my universtiry, I would prefer they started to use a RTBL. The fact of the matter is, if the likely spam isn't sorted out first, I have to try to discern the stuff entirely by hand. And although I can easily pick out Viagra ads, I have relatives and the occasional acquaintence who send mail that looks awfully like spam. Didn't want to type a subject. Used "hello" as the subject. Didn't configure their mail client properly, so their "replyto" looks crazy. Without some initialy spam filtering, I would miss at least some of these -- in fact, I'd probably miss more mail with no filtering than with a judicious blackhole in front of me.

    Love or hate SPEWS [spews.org] and other kinder [spamhaus.org], gentler RTBLs [spamcop.net], they're better than the present choice. It would certainly reduce the load of these email servers to where it could be more easily handled. And, if nothing else, they couldbe used to prioritize mail. Use Spam Assassin or something else to do some initial tag and filter so that mail coming from Asian IPs or originating from mail servers on cable/ADSL networks gets put into the "slow" processing queue while everything else gets sent down the faster pipe.

    </spouting with little to no knowledge>

  • by cbreaker ( 561297 ) on Sunday May 23, 2004 @08:20PM (#9234048) Journal
    The students and other users of their mail system will just have to use their own spam filters now.

    It's not the end of the world. There's a few good spam filters for outlook and outlook express, and some really awesome free ones for linux/unix.
  • by MikTheUser ( 761482 ) on Sunday May 23, 2004 @08:24PM (#9234070)
    www.spamgourmet.com has always worked well for me. Give your adress to whom you want, receive just as much mail from them as you want.
  • by nurb432 ( 527695 ) on Sunday May 23, 2004 @08:24PM (#9234072) Homepage Journal
    No, but its one more nail in the coffin..

    Something has to be done soon or email just wont be practical to have. Between Spam and viruii its overloading a lot of comanines network feed and servers..

    And don't forget the cost of having to maintain antispam and antiviral solutions..

    I know personally where I'm at, we are hitting over 2/3 of all email is spam/virus. ( i hear we drop 10k a day from the black hole list alone )

    At home its 98%...
  • Parasites (Score:3, Interesting)

    by Merlisk ( 450712 ) on Sunday May 23, 2004 @08:24PM (#9234073)
    One would think that even spammers would realize that if things go too far, businesses might not carry emails at all anymore.

    I mean, even parasites usually try to not kill the host.

    *sigh*
    • Re:Parasites (Score:4, Insightful)

      by dougmc ( 70836 ) <dougmc+slashdot@frenzied.us> on Sunday May 23, 2004 @08:47PM (#9234226) Homepage
      One would think that even spammers would realize that if things go too far, businesses might not carry emails at all anymore.
      Yes, but suppose you're a spammer. A big-time spammer, but still just a single person. You're worried about killing the goose that lays the golden egg, so you cut the spam that you emit by 90%. Your income drops by 90%, but the total spam sent world wide drops by, oh, 0.5%?

      Even if the spammers band together and make a big organziation to self organize and police, spammers by almost by definition dishonest (no honor among theives!), and as soon as one realizes that he can make more money by ignoring the organzation (i.e. almost immediately), he will.

  • by E-Prime ( 101087 ) on Sunday May 23, 2004 @08:26PM (#9234081) Homepage
    I run Exim with an ACL extension called Exiscan, which runs SpamAssassin and virus checker during the SMTP dialogue.

    Rejected mails thus don't generate any undeliverable bounce messages to fill up the local mail queue, and the sender gets an immediate response.
  • by wheels4u ( 585446 ) on Sunday May 23, 2004 @08:32PM (#9234122)
    University capitulates. /. visitors break down apache server. Oh .. i mean IIS server.
  • No filter day (Score:3, Interesting)

    by reynaert ( 264437 ) on Sunday May 23, 2004 @08:37PM (#9234154)
    Maybe there should be an n-monthly day on which spam-filters are disabled. That way the public may realize the extent of the spam problem. Can you expect that they know it when they only get a few spams because all the rest is blocked at the server?
  • by kraemer ( 637938 ) on Sunday May 23, 2004 @08:40PM (#9234170)
    Why dont these people start using reverse DNS to MX record verification? It checks to make sure the machine sending you email has a real reverse DNS that matches their MX record. If not, it disconnects. Combine that with the real time black hole list and you'll never see spam again! This mail package does it: Icewarp [icewarp.com]
  • by DeadPrez ( 129998 ) on Sunday May 23, 2004 @08:40PM (#9234175) Homepage
    The university probably doesn't pay much but there are many unemployed American citizens such as me who would welcome the opportunity to visit Germany and solve your spam problems. All the facts of this article suggest the problem is in implementation, not in technical feasiblity.
  • by foidulus ( 743482 ) * on Sunday May 23, 2004 @08:47PM (#9234225)
    I go to Penn State, but since the university feels it has to protect dumb windows users from themselves, I cannot even send or recieve email with the subject, "Hi such-and-such"(Try explaining to a friend overseas who has almost never in her life touched a computer, in her language, why she can't send you mail with that subject) because it might contain the bagle virus. This is the same university that put in a firewall because supposedly too many people on campus had a butt-load of viruses and spyware.
    Yet this same university loves to publish my email address on the web; ensuring I get tons of spam(some even in Chinese!)
    I hate when the community at large has to pay for the transgressions of a few slimeballs and the idiocy of some(not even most) gullible windows users.
  • by rice_burners_suck ( 243660 ) on Sunday May 23, 2004 @09:10PM (#9234310)
    Is this the beginning of the end of e-mail?

    I would say this is probably not the end of email, nor is it the end of the Internet as a whole. However, it is probably the end of the protocols currently used to send and receive email.

    I believe that spam is ultimately a security issue, because it slows down systems and creates problems for users and system administrators. Sometimes, security problems are caused by buffer overruns and other programming errors. However, in this case, I think the entire protocol is faulty. It may have worked wonderfully before spammers, but it's time to introduce something new that will make it extremely difficult to send spam.

    I don't know exactly how the new protocol needs to look. But I have some ideas. Paying for "postage" is not one of them, as I think it is a very bad idea. Unless some payment system could be set up whereby the recipient of the mail receives the payment, not some 3rd party, like Microsoft, which would profit incredibly from garbage spam mails going all over the place. In fact, if that were the setup, then each recipient could state a price per email and/or per kilobyte of the mail message for receiving an email from a source, which the source would pay to the recipient as postage. A whitelist could be set up to allow certain senders, like one's friends, family, coworkers, etc., to send emails without paying the recipient. A blacklist could be set up to disallow all emails from specific senders and/or domains, as we have today, and if you read further in this post, you'll see my ideas for making sure that addresses are not spoofed. But I digress...

    Perhaps first of all, the mail headers need to include digital signatures based on the source and destination domain names, email addresses, and other identifying information that is unique to each email sent. To avoid address spoofing, for example, people sending junk with a 'yahoo' or 'hotmail' address, when in fact it originates elsewhere, each such domain would have a private key, which upon sending, would be used in the computation. A valid signature could not be computed when the address is spoofed, and so all spammers would need to use their own valid domain name. Further, the need to make computations would make it more costly for spammers to send mail in high volumes. The algorithm should be designed so that recipients of email will have a much lower cost to verify the key. Further, the signature system could, should, and would be used to verify that each bit of the contents of the email, including all attachments, arrived correctly and without being tampered with or corrupted in transit.

  • by kbsingh ( 138659 ) on Sunday May 23, 2004 @09:17PM (#9234338) Homepage
    the numbers dont add up, Loads of people have already raised the issue about the fact that 20 servers ( even decently mid spec single CPU machines ) will handle 100k emails an hour ( about 80 emails per min per machine is very achieveable ... ).

    But there are some other issues you need to look at, with these emails not being scanned - do you know how much of storage you need to have online to have a mailstore this size and developing by the hour at 100k msgs ? not everyonce will use pop3 to get their emails, and not all the users will check email every day. Were talking about a very very large and very well setup Mail Store for this kind of volume. What about network bandwidth ?

    A few basic things can reduce the work of those servers : Duplicacy level across these emails is going to be very high - all 100k emails per hour cannot be unique, there are going to be loads and loads of dupes, that dont even need to be scanned.

    Creating a small database in-house with bad MailSender's list ( kind of like an in house RBL ), and flushing that list on an 6 hour interval will slow the inflow as well to quite an extent - in some tests done, i have seen it go down by almost 15 - 18% when there is a heavy load. Since most 'real' mailservers tend to retry, even if a genuine mailserver is blacklisted for 6 hours - it wont make much of a difference, however most 'hijacked PC's sending spam' dont have any retry or resending mechanism - and will just not be able to send into your server.

    Another issue that helps stem the tide of bad email is to check for Virus infections before checking for spam. A lot of cases the tides of mail coming in can be virus infections ( which are easier and faster to check against - compared to rules + logic based spam checkers ).

    However, all this is said and done without knowing of what system and what kind of a setup they use, there is no way anyone can really know what happened and why.

    In the end, classic case for Linux and Unix based technologies to come into the frame I think.
  • Solution: (Score:5, Interesting)

    by The Master Control P ( 655590 ) <ejkeever@nerdshac[ ]om ['k.c' in gap]> on Sunday May 23, 2004 @09:32PM (#9234414)
    Spam people with ads for viagra. If someone is stupid enough to buy, send them a cyanide capsule :)

    Joking aside, it boils down to economics. Spam is profitable. If something is profitable, people will do it. Selling drugs is profitable, and the war on some drugs hasn't changed that. The answer to spam (and drugs) is not to try and stop them, but to make doing them unprofitable.

    What makes spam profitable is the presence of people on the internet who are SO incredibly stupid that they fall for it. (See Junkie loves his spam [slashdot.org]) Remove them, and you shoot spam through it's purtid heart. I can think of several methods of doing do:
    • If you respond to spam, you've probably got shitloads of viruses on your computer. Beyond any shadow of a doubt some of them are spamming people. If you ISP detects lots of mystery traffic from you on known virus ports, you're given one warning. Then you get kicked off without ceremony and not allowed to reconnect until you can prove to them that all computers using your connection are malware-free. No more malware, no more spam zombies.
    • (You, the ISP) Send test-spams. Specify in the header that it is NOT a real spam so you don't get blacklisted. Anyone who responds to them loses all services except port 80 until you prove to a professional who visits your house that you know enough not to buy from spam. Do it again and you will never be allowed to use your ISP's mail servers again.
    Neither of these can possibly be routed around or hacked by spammers, because they are not involved in any part of the process. If you are not in the habit of perpetuating malware with your computer, you needn't worry of getting caught up in it all. Neither of these requires a major invasion of your privacy
  • Disc space vs. CPU (Score:3, Informative)

    by darnok ( 650458 ) on Sunday May 23, 2004 @09:51PM (#9234492)
    It seems that they've decided to provision potentially 50x their existing disc space for email (as 98% of the email is currently spam, which is presumably filtered out at the moment), instead of deploying additional resources for filtering before it gets to the users.

    Good luck with that approach! If their primary constraint is budgetary, as it would seem, it would make more sense to invest *more* in filtering so that the crap didn't get to users' mailboxes where it will doubtless stay indefinitely in some cases.

    Note: I'm assuming that, because they have some apparent requirement that all mail gets delivered, that they cannot effectively enforce email quotas that would result in non-delivery of email.
  • by bruthasj ( 175228 ) <bruthasj@yaho[ ]om ['o.c' in gap]> on Sunday May 23, 2004 @10:14PM (#9234571) Homepage Journal
    > /dev/null.

    Report that all emails are stored in an infinitismally small location that only future, advanced technologies will be able to restore email upon request. Requests will be queued until the technology has been developed.
  • spamd [openbsd.org] is a new approach to blocking spam. Its called greylisting. It rejects all email with a temporary failure notice in the hopes that the large volume spam senders don't have the resources to wait 30mins and send the same email again. Apperently this method works quite well and uses little resources.
  • I wonder (Score:5, Insightful)

    by BCW2 ( 168187 ) on Sunday May 23, 2004 @10:39PM (#9234690) Journal
    Does Germany have a law that I'm not familiar with? Email is free not a paid service, why is there some obligation to deliver? Snail mail is normally Govt. run and delivery is what you pay for with a stamp.

    No one has to or could guarantee anything for email. With the amount flowing because of SPAM the dropped packets must be astronomical.
  • Won't Last (Score:5, Interesting)

    by fdiskne1 ( 219834 ) on Sunday May 23, 2004 @11:10PM (#9234805)

    Being the person that blocks spam is a lose/lose situation. They don't understand how bad the problem is when you do your job right. They complain when spam gets through and complain when legit email gets blocked, but don't want you wasting all your time on it.

    I predict that this school will be forced back into filtering spam by their students (customers).

    [rant]See, 3 years ago, as spam was beginning to get bad, I began filtering spam on the email system I manage. Over 2.5 years, I developed a rather intensive filter, but since I knew I was not perfect, I had to scan blocked email for false positives. It got to the point I was spending 25% of my time scanning for false positives and the boss didn't like that. He also didn't want me to spend time trying to figure out how to set up Spam Assassin. (I'm not a Linux guru. Sorry!) The board didn't want to spend the money on a purchased system and didn't want me wasting my time with spam. They didn't think it was a problem so they told me to just stop blocking spam. My boss told them that spam was a BIG problem, but they never saw it so they didn't believe him. I asked my boss 10X "Are you sure you want me to stop blocking spam? They won't like the results." He confirmed. I stopped blocking spam and about 50,000 additional spams per week came flooding into the system. The 50,000 were what was being blocked previously. I was flooded with phone calls until everyone realized what was happening. Then, just 2 weeks ago, I was instructed by the board to go back to my filtering, but only spend 30 minutes a day on it. RIIIIGGGHHHHHTTTTT! Ever try scanning for legit email among the trash, adjusting filters to make it better and taking calls and emails from people that want you to be sure an email is blocked and only spend 30 minutes a day on it? I managed to put together a Spam Assassin box and it blocks 10,000 per week, but there's a lot that doesn't get blocked. I don't know enough about it to make it better.[/rant]

    • dsbl.org (Score:4, Informative)

      by DreamerFi ( 78710 ) <john.sinteur@com> on Monday May 24, 2004 @01:04AM (#9235269) Homepage
      Make your boss happy, and block on these three DNS based lists: dsbl.org, spamhaus.org, dnsbl.org. Everything coming from IP addresses in these range is basically garantueed not to contain false positives. It'll clear your inbox quite effectively. (I'm one of the volunteers helping out dsbl.org, so feel free to mail me with questions)

      -John
  • by KalvinB ( 205500 ) on Monday May 24, 2004 @12:58AM (#9235238) Homepage
    This isn't even the beginning of the end of email. It's simply becomming less and less workable to run a single mail server system with a large amount of users. Small time mail servers aren't targeted by spammers. Universities are heavily targeted because there are lots of users all going to a common domain.

    It's the same reason users of major ISPs are more likely to be probed for vulerabilities.

    I've found the method of filtering based on the "Click-Me" domains to be the most effective with virtually no false positives (zero is a realistic number).

    I've found that setting up a secure public mail system is cake. Mercury Mail is free and handles well. A single check box set by default is all it takes to keep it from being an open relay. Students of the university could probably do rather well offering their own e-mail services to students. Mercury Mail's filtering system is quite robust.

    MM supports IMAP/POP3/SMTP and alternate ports as well as SSL on all them. Adding a web-based front end also isn't that difficult if you know what you're doing. There's actually one built in and a more robust version coming.

    I already have a few hundred users on Indie-Mail [icarusindie.com] and the amount of bandwidth used per day is pretty negligable.

    Ben
  • by MagicFab ( 7234 ) on Monday May 24, 2004 @01:18AM (#9235311) Homepage
    Linux Journal recently featured an article on How HEC Montréal's new mail installation handled the spam and virus explosion of early 2004 [linuxjournal.com].

    The measured UBEs over a 3 moth period were 172,887 - only for their top-25 most spammed employees!

  • by urdak ( 457938 ) on Monday May 24, 2004 @02:22AM (#9235502)
    I've seen this happen in my local University too.

    Take a university that has thousands of people actively using email, and thousands of computers, probably a hundred of which function as mail server. Now, decide that "we need a central mail server to filter viruses and spam". Take a few useless machines lying in the computer center, and make them the mail server that's supposed to replace the hundred you had previously. Then slow down the new mail server by applying every concievable virus and spam filtering.

    What do you get? Incredibly slow service (sometimes mails get stuck for hours or more in the queue), single point of failure, and officially-mandated false positives (noone in the university can avoid them). AND, you still get a lot of spam.

    Computer centers must know that if they want to centralize a service that was previously decentralized (different departments and individual running their own mail servers and filters), they must be prepared. Prepared to handle the load (Google had to buy 100,000 machines to handle their load!), prepared to handle the humans who use their service, and prepared to handle exceptions (a person or department that doesn't want the centralized filtering). Often, these computer centers don't think of these issues in advance, causing things like described in this article.

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...