Spammers hapless fate = ISP toil and sweat
Dr. Nii Narku Quaynor quaynor at ghana.com
Wed Sep 17 22:44:57 CEST 1997
The Internet needs unforgeable addresses, IP and "caller ID" equivalent. Nii Luis Miguel Sequeira wrote: > > Hello, > > I normally just lurk around this mailing list, but I think I'll > contribute my two cents this time... > > Spamming is a serious problem. Here at Esoterica where I am, > unsolicited email was about one half of total email traffic - > which is quite a lot. Thus, our postmaster has dedicated > all his available time to implement anti-spamming measures. > > What he found out is this: > > Firstly, far from being "mindless robots", the companies in the > spamming business are cold-hearted professionals. They have teams > of professional programmers spending all their time just to develop > new and more effective ways of illegally sending out unsolicited email - > using several clever relaying mechanisms. They work full-time on the > job. They are a strong force which will easily overthrow any basic > measures taken against spamming - like simply filtering up domains, > or blocking traffic from relaying machines. > > Secondly, they are vindictive and protect their own jobs. This means that > if an ISP tries to agressively implement anti-spamming mechanisms, > they will fight back! And how they do this? For instance, they send out > forged emails with these ISP's addresses. What happens? Entities receiving > the forged emails will complain to the ISP in question. The ISP replies > telling that the emails are forged, trying to make them understand that > this is the "spammer's revenge". Most of these entities either don't care > or don't believe, so they just shut the ISP off their firewall (especially > if on the next day they get a new lot of unsolicited email apparently coming > from the same forged addresses...). This forces the ISP to open up themselves > to spamming from this particular company, hoping that they won't forge > spamming attempts in the future... > > As you see, they're quite clever. Their businesses and jobs depend on their > cleverness. > > How can ISP's successfully "fight back"? First, and foremost, they need to > assume that the "threat" is serious. Secondly, allocate resources to the job - > this means a *lot* of time. But thirdly, and I think that's the major issue > here, by sticking together. While a single postmaster probably won't be able > to do much work single-handedly, having a group to coordenate the work is > helpful. Some free time taken from a group of postmasters adds quickly up > to a "task force" of some magnitude... > > Basically, what our postmaster found out is that denying access is not a good > measure - spamming companies will try every trick of the trade to get through > or else they will try to hurt the blocking ISP in some way. UUNet, for instance, > has publicly announced their "zero tolerance" towards spammers - it's no wonder > that perhaps half of the spammers use now forged emails (and dial-up accounts) > coming from UUNet to spam the net. Their hope is getting enough ISPs blocking > UUNet's traffic so that UUNet is "forced" to "open" their machines to spamming > again... (in our case, as a transit customer of UUNet I obviously can't block > traffic through them :-) ) > > Better is just to difficult their action. Remember that their jobs depend on > getting as many messages through as possible (using third-party relayers). > If a sendmail configuration just lets a few messages through, or selectively > blocks some domain for a while, this means that this machine will only > deliver a few messages - when spammers rely on tens of thousands to be > delivered. This is uninteresting to them. They will thus use other machines as > relays. Of course, this also means that your own users will see a delay on > the sending of their own, legitimate messages. It's a tradeoff. > > By using a combination of these tricks one can try to keep the spammers away for > a while - until they develop a new creative method for spamming again. We have > seen all sorts of very clever and ingenious methods to get through. Who knows > what else they will invent next? > > By keeping a mailing list with several postmasters' contacts it's possible not > only to exchange domains from where the spammers usually attack, but > anti-spamming techniques and tricks. There are some steps being taken at > a national base here in Portugal (from where I'm writing :-) ) but, as shown by > the traffic generated on this list on this topic of spamming, I'm going to make > the suggestion again, at this level... > > Do you think that there is some interest in mantaining a mailing list for > all postmasters from the LRs for the sole purpose of discussing anti-spam > techniques and listing spamming domains and relay machines? > > Would RIPE be interested in "sponsoring" this mailing list? > > BTW, searching through the RIPE's Web site, the only mention to spam is on > RIPE-162, chapter C2.1. This basically states the commitment of RIPE to mantain > the mailing lists spam-free. I wonder if there is already a "task force" in > place for anti-spamming measures. We're aware of some efforts on an > international basis - mostly some Web sites with interesting information and > data on anti-spamming measures, with associated mailing lists - but to my > personal knowledge, there is no such coordinated effort at RIPE (so far :-) ). > > There is also an issue of local laws. Filtering out spam *could* be illegal > on some countries (it violates freedom of speech). In Portugal, spamming is > actually illegal - it's "unsolicited email", and this is an abuse of a third > party's infrastructure, ie. using computational (and telecommunications) > resources that you aren't allowed to. This makes it a crime according to > Portuguese law. There is a case of mail bombing (a particular kind of > spamming...) brought to court - it will take ages to be ruled and probably the > offender will get away with some community work :) but it will be judged in > court. Of course, on other countries, freedom of speech may be more important > than using others' telecommunications resources. I wonder if local laws will > actually work *against* a RIPE-based global effort across Europe. > > On 12-Sep-97 "Scott A. Marlin" wrote: > >Which basically means that any customer is free to spam. The ISP is > >there to take the rap and clean up afterward. I think for such matters, > >the "spammer" should be held responsable ... like being charged a flat > >or hourly rate for the cleanup job. > > This is the case around here. Of course, catching the spammer and actually > condemning him/her in court in order to charge him/her that rate is > another story, especially if we're talking about an international > incident. > > Better to prevent him/her to spam on the first place. > > >Incidently, in the cited case, I sent a mail to an address mentioned in > >the ad asking them to stop sending the ads. What I got back was another > >mail from another source (obviously from a blind mail-robot) with *lots* > >of info about their services. > > > >At the bottom of the e-mail was an URL address for those who wished to > >stop the ads from being sent. Waaaay down at the bottom of this web site > >plugged full of promotional information was the opportunity to > >"register" my name in the database of those who didn't want to receive > >any more spam (the name of the link was a baby crying "mommy ... they > >thpammed me again".) Really ! > > One of the major issues about spamming customers is knowing how many people > were actually reached by a spamming effort. Spamming companies have found > out that these two tricks - "send email here to be deleted from our database" > and "click here to remove yourself from our database online" - are the best > to know if you're reaching people. Also, many postmasters will contact the > spamming company in order to complain. Based on all this feedback, spamming > companies can determine a "success rate" for their spamming efforts. This keeps > their own customers happy... > > A better way to deal with this is simply ignore the message, and make sure that > all your users ignore the spam, too. In the long end, this means a lower > "success rate" for a particular domain/spamming technique, so the spamming > companies will probably try somewhere else. > > >The entire operation took about 30 minutes. I haven't heard from them > >since. But I have recieved at least 10 unsollicited e-mails since then. > > My bet is, they will try again and again and again. The problem is, each > time your address is found on a Usenet post, on a subscription web site or > on a mailing list, there is a high probability of someone "selling" your > email address to a spamming company. For instance, I'm receiving spam to > addresses that have been disconnected 2 and 3 years ago... DejaNews and > other public sites with lots and lots of addresses are a perfect place > to get all those addresses for the spamming lists... > > - Luis Sequeira > > ____ > \ Esoterica - Novas Tecnologias de Informacao, SA > :-) Luis Miguel Sequeira > /___, lms at esoterica.pt http://www.esoterica.pt/
[ lir-wg Archives ]