Spammers hapless fate = ISP toil and sweat

Hello,

On 18-Sep-97 "Keith C. Howell" wrote:
> If someone could suggest how to identify a spammer *before* they start
> sending out email, then I am sure every person who has to deal with the
> spam would be most gratefull, it will save them alot of time and money.
> 
> When an ISP sells a connection to a company, they have no idea what the
> customer will use the connection for. Certainly, here at UUNET, our AUP is
> enforced. But if the spammer just buys another connection, how would we
> identify them? All the outside world will see is "another UUNET connected
> spammer", but to us, this is a separate customer.

I think this is exactly the same problem with requests for domain names
which are never payed and will never be, whose whole purpose of existence
is giving an email message a "real existence" for a while for the purposes
of getting feedback. If the InterNIC were able to know *beforehand* that
these addresses would be used for spamming, they probably wouldn't
ever consider registering the requested domains.

So, knowing who is a spammer *beforehand* is unpractical and almost
impossible.

However, here is an idea for you: limit the number of email messages per
user that may be able to be sent at a time; limit the number of
email messages with the same subject that may come from the same address;
and finally, restrict the number of cc:'s or bcc:'s per message (for
legitimate users, offer them to set up their own, private mailing list -
this will impress your customers with superb customer service :) and
the time taken to set something up with majordomo would be neglegible
when compared with the wasteful bandwidth).

Remember that spammers generate the same message for multiple users
during a very short time period (or have messages with multiple cc:'s) and will,
for the duration of a session, be mostly flooding port 25 with several
messages. This kind of usage pattern should be easily detected by
a few scripts (just by looking at the mail logs...) and you could
temporarily block port 25 for that user's particular IP address for a
while...

This will mean that -

a) legitimate users, who just send a few messages at every time of the day,
would not notice any difference;
b) private mailing lists (ie. people in dire need to contact a large,
legitimate base of users on a regular basis) would be implemented using
the correct way, ie. a majordomo/listserv/whatever solution (bcc's just
waste CPU power)
c) spammers, while still being able to spam, would give up as your mail
server would be "too slow" to process tens of thousands of messages,
forcing them to drop you as a provider and try elsewhere (additional
accounts would be useless for the same reasons).

Of course, in an ideal world, every ISP would implement exactly the
same anti-spamming measures and spam would be controlled in a matter of 
days :-)

But look what it means if a LARGE group os ISPs (say, all of those in Europe)
implement similar measures. You could actually claim, as a block, that
spamming will not be tolerated on a large geographical region (or for large
group of users). This means that spamming companies will be unable to offer
their customers service into those areas. That's why it's so important to
implement a common set of rules and standard practices (an Internet draft,
a RFC, something like that) against spamming: if you're actually blocking
a large percentage of the Internet from spamming attacks, the spamming
companies will lose customers. And will go broke.

After a while, you can invert the tendency: ISPs *permitting* spamming (ie.
those not actively implementing anti-spamming techniques) will be avoided
by potential customers. The active implementation of anti-spamming techniques 
would become a commercial advantage...


> The other unfortunate thing is that the law enforcement agencies will not
> assist ISP's in tracking down spammers. If the culprit has a dial-up
> account and dials into a network, you can get all sorts of information on
> them. But even if the caller is stupid enough not to suppress caller ID (or
> make the call from a payphone), the phone companies will not release the
> address that matches the phone number.

Around here you can easily get the address based on the phone number unless
it's confidential, but I think that the issue here is implementing anti-
-spamming techniques (ie. making the spammers' life so hard that they will
give up your ISP and find another one) that will keep them away.

Mind you, I live in a country where issues at court take AGES (several
years) to solve, so the only legal considerations we usually have is
if the measures we're taking against spammers (or any other kind of
abuse) are legal, ie. making sure that *they* wouldn't sue *us* for
anything. Once that issue is clear, the only think we need to think about
is how we are going to stop them from pestering us. The police is always
quite helpful and exchanges some emails about the issue, but we perfectly
know that the *courts* will take too long to react to a spamming attack
(I shudder from the thought of actually defining "spam" on court in front
of a judge...).

So I really think that it's more important to prevent spamming than take
any legal action against spammers. Even in countries with a good and fast
legal system you have the problem of international law - which will take
ages even if both countries have excellent legal systems. :-( Again, this
view comes mainly from having to live under an ugly, painfully slow legal
system (which has some very nice laws if you just could find someone to
enforce them in useful time...).

As a conclusion: if I can't know who is a spammer *before* the act, and
if I can't convict him of that crime at once, the only solution left to me
is *preventing* him to commit this crime.

I hope that at least the simple techniques described before will help
you out with the spammers...

        - Luis

____
\       Esoterica - Novas Tecnologias de Informacao, SA
:-)     Luis Miguel Sequeira
/___,   lms at esoterica.pt         http://www.esoterica.pt/