Spammers hapless fate = ISP toil and sweat
Luis Miguel Sequeira lms at esoterica.pt
Thu Sep 18 21:16:00 CEST 1997
Hello, On 18-Sep-97 "Keith C. Howell" wrote: > If someone could suggest how to identify a spammer *before* they start > sending out email, then I am sure every person who has to deal with the > spam would be most gratefull, it will save them alot of time and money. > > When an ISP sells a connection to a company, they have no idea what the > customer will use the connection for. Certainly, here at UUNET, our AUP is > enforced. But if the spammer just buys another connection, how would we > identify them? All the outside world will see is "another UUNET connected > spammer", but to us, this is a separate customer. I think this is exactly the same problem with requests for domain names which are never payed and will never be, whose whole purpose of existence is giving an email message a "real existence" for a while for the purposes of getting feedback. If the InterNIC were able to know *beforehand* that these addresses would be used for spamming, they probably wouldn't ever consider registering the requested domains. So, knowing who is a spammer *beforehand* is unpractical and almost impossible. However, here is an idea for you: limit the number of email messages per user that may be able to be sent at a time; limit the number of email messages with the same subject that may come from the same address; and finally, restrict the number of cc:'s or bcc:'s per message (for legitimate users, offer them to set up their own, private mailing list - this will impress your customers with superb customer service :) and the time taken to set something up with majordomo would be neglegible when compared with the wasteful bandwidth). Remember that spammers generate the same message for multiple users during a very short time period (or have messages with multiple cc:'s) and will, for the duration of a session, be mostly flooding port 25 with several messages. This kind of usage pattern should be easily detected by a few scripts (just by looking at the mail logs...) and you could temporarily block port 25 for that user's particular IP address for a while... This will mean that - a) legitimate users, who just send a few messages at every time of the day, would not notice any difference; b) private mailing lists (ie. people in dire need to contact a large, legitimate base of users on a regular basis) would be implemented using the correct way, ie. a majordomo/listserv/whatever solution (bcc's just waste CPU power) c) spammers, while still being able to spam, would give up as your mail server would be "too slow" to process tens of thousands of messages, forcing them to drop you as a provider and try elsewhere (additional accounts would be useless for the same reasons). Of course, in an ideal world, every ISP would implement exactly the same anti-spamming measures and spam would be controlled in a matter of days :-) But look what it means if a LARGE group os ISPs (say, all of those in Europe) implement similar measures. You could actually claim, as a block, that spamming will not be tolerated on a large geographical region (or for large group of users). This means that spamming companies will be unable to offer their customers service into those areas. That's why it's so important to implement a common set of rules and standard practices (an Internet draft, a RFC, something like that) against spamming: if you're actually blocking a large percentage of the Internet from spamming attacks, the spamming companies will lose customers. And will go broke. After a while, you can invert the tendency: ISPs *permitting* spamming (ie. those not actively implementing anti-spamming techniques) will be avoided by potential customers. The active implementation of anti-spamming techniques would become a commercial advantage... > The other unfortunate thing is that the law enforcement agencies will not > assist ISP's in tracking down spammers. If the culprit has a dial-up > account and dials into a network, you can get all sorts of information on > them. But even if the caller is stupid enough not to suppress caller ID (or > make the call from a payphone), the phone companies will not release the > address that matches the phone number. Around here you can easily get the address based on the phone number unless it's confidential, but I think that the issue here is implementing anti- -spamming techniques (ie. making the spammers' life so hard that they will give up your ISP and find another one) that will keep them away. Mind you, I live in a country where issues at court take AGES (several years) to solve, so the only legal considerations we usually have is if the measures we're taking against spammers (or any other kind of abuse) are legal, ie. making sure that *they* wouldn't sue *us* for anything. Once that issue is clear, the only think we need to think about is how we are going to stop them from pestering us. The police is always quite helpful and exchanges some emails about the issue, but we perfectly know that the *courts* will take too long to react to a spamming attack (I shudder from the thought of actually defining "spam" on court in front of a judge...). So I really think that it's more important to prevent spamming than take any legal action against spammers. Even in countries with a good and fast legal system you have the problem of international law - which will take ages even if both countries have excellent legal systems. :-( Again, this view comes mainly from having to live under an ugly, painfully slow legal system (which has some very nice laws if you just could find someone to enforce them in useful time...). As a conclusion: if I can't know who is a spammer *before* the act, and if I can't convict him of that crime at once, the only solution left to me is *preventing* him to commit this crime. I hope that at least the simple techniques described before will help you out with the spammers... - Luis ____ \ Esoterica - Novas Tecnologias de Informacao, SA :-) Luis Miguel Sequeira /___, lms at esoterica.pt http://www.esoterica.pt/
[ lir-wg Archives ]