Re: Spammers hapless fate = ISP toil and sweat
- Date: Wed, 17 Sep 1997 13:44:57 -0700
- Organization: Network Computer Systems Ltd
- Resent-date: Wed, 17 Sep 1997 17:33:24 +0200
- Resent-message-id: <9709171533.AA09223@localhost
The Internet needs unforgeable addresses, IP and "caller ID" equivalent.
Nii
Luis Miguel Sequeira wrote:
>
> Hello,
>
> I normally just lurk around this mailing list, but I think I'll
> contribute my two cents this time...
>
> Spamming is a serious problem. Here at Esoterica where I am,
> unsolicited email was about one half of total email traffic -
> which is quite a lot. Thus, our postmaster has dedicated
> all his available time to implement anti-spamming measures.
>
> What he found out is this:
>
> Firstly, far from being "mindless robots", the companies in the
> spamming business are cold-hearted professionals. They have teams
> of professional programmers spending all their time just to develop
> new and more effective ways of illegally sending out unsolicited email -
> using several clever relaying mechanisms. They work full-time on the
> job. They are a strong force which will easily overthrow any basic
> measures taken against spamming - like simply filtering up domains,
> or blocking traffic from relaying machines.
>
> Secondly, they are vindictive and protect their own jobs. This means that
> if an ISP tries to agressively implement anti-spamming mechanisms,
> they will fight back! And how they do this? For instance, they send out
> forged emails with these ISP's addresses. What happens? Entities receiving
> the forged emails will complain to the ISP in question. The ISP replies
> telling that the emails are forged, trying to make them understand that
> this is the "spammer's revenge". Most of these entities either don't care
> or don't believe, so they just shut the ISP off their firewall (especially
> if on the next day they get a new lot of unsolicited email apparently coming
> from the same forged addresses...). This forces the ISP to open up themselves
> to spamming from this particular company, hoping that they won't forge
> spamming attempts in the future...
>
> As you see, they're quite clever. Their businesses and jobs depend on their
> cleverness.
>
> How can ISP's successfully "fight back"? First, and foremost, they need to
> assume that the "threat" is serious. Secondly, allocate resources to the job -
> this means a *lot* of time. But thirdly, and I think that's the major issue
> here, by sticking together. While a single postmaster probably won't be able
> to do much work single-handedly, having a group to coordenate the work is
> helpful. Some free time taken from a group of postmasters adds quickly up
> to a "task force" of some magnitude...
>
> Basically, what our postmaster found out is that denying access is not a good
> measure - spamming companies will try every trick of the trade to get through
> or else they will try to hurt the blocking ISP in some way. UUNet, for instance,
> has publicly announced their "zero tolerance" towards spammers - it's no wonder
> that perhaps half of the spammers use now forged emails (and dial-up accounts)
> coming from UUNet to spam the net. Their hope is getting enough ISPs blocking
> UUNet's traffic so that UUNet is "forced" to "open" their machines to spamming
> again... (in our case, as a transit customer of UUNet I obviously can't block
> traffic through them :-) )
>
> Better is just to difficult their action. Remember that their jobs depend on
> getting as many messages through as possible (using third-party relayers).
> If a sendmail configuration just lets a few messages through, or selectively
> blocks some domain for a while, this means that this machine will only
> deliver a few messages - when spammers rely on tens of thousands to be
> delivered. This is uninteresting to them. They will thus use other machines as
> relays. Of course, this also means that your own users will see a delay on
> the sending of their own, legitimate messages. It's a tradeoff.
>
> By using a combination of these tricks one can try to keep the spammers away for
> a while - until they develop a new creative method for spamming again. We have
> seen all sorts of very clever and ingenious methods to get through. Who knows
> what else they will invent next?
>
> By keeping a mailing list with several postmasters' contacts it's possible not
> only to exchange domains from where the spammers usually attack, but
> anti-spamming techniques and tricks. There are some steps being taken at
> a national base here in Portugal (from where I'm writing :-) ) but, as shown by
> the traffic generated on this list on this topic of spamming, I'm going to make
> the suggestion again, at this level...
>
> Do you think that there is some interest in mantaining a mailing list for
> all postmasters from the LRs for the sole purpose of discussing anti-spam
> techniques and listing spamming domains and relay machines?
>
> Would RIPE be interested in "sponsoring" this mailing list?
>
> BTW, searching through the RIPE's Web site, the only mention to spam is on
> RIPE-162, chapter C2.1. This basically states the commitment of RIPE to mantain
> the mailing lists spam-free. I wonder if there is already a "task force" in
> place for anti-spamming measures. We're aware of some efforts on an
> international basis - mostly some Web sites with interesting information and
> data on anti-spamming measures, with associated mailing lists - but to my
> personal knowledge, there is no such coordinated effort at RIPE (so far :-) ).
>
> There is also an issue of local laws. Filtering out spam *could* be illegal
> on some countries (it violates freedom of speech). In Portugal, spamming is
> actually illegal - it's "unsolicited email", and this is an abuse of a third
> party's infrastructure, ie. using computational (and telecommunications)
> resources that you aren't allowed to. This makes it a crime according to
> Portuguese law. There is a case of mail bombing (a particular kind of
> spamming...) brought to court - it will take ages to be ruled and probably the
> offender will get away with some community work :) but it will be judged in
> court. Of course, on other countries, freedom of speech may be more important
> than using others' telecommunications resources. I wonder if local laws will
> actually work *against* a RIPE-based global effort across Europe.
>
> On 12-Sep-97 "Scott A. Marlin" wrote:
> >Which basically means that any customer is free to spam. The ISP is
> >there to take the rap and clean up afterward. I think for such matters,
> >the "spammer" should be held responsable ... like being charged a flat
> >or hourly rate for the cleanup job.
>
> This is the case around here. Of course, catching the spammer and actually
> condemning him/her in court in order to charge him/her that rate is
> another story, especially if we're talking about an international
> incident.
>
> Better to prevent him/her to spam on the first place.
>
> >Incidently, in the cited case, I sent a mail to an address mentioned in
> >the ad asking them to stop sending the ads. What I got back was another
> >mail from another source (obviously from a blind mail-robot) with *lots*
> >of info about their services.
> >
> >At the bottom of the e-mail was an URL address for those who wished to
> >stop the ads from being sent. Waaaay down at the bottom of this web site
> >plugged full of promotional information was the opportunity to
> >"register" my name in the database of those who didn't want to receive
> >any more spam (the name of the link was a baby crying "mommy ... they
> >thpammed me again".) Really !
>
> One of the major issues about spamming customers is knowing how many people
> were actually reached by a spamming effort. Spamming companies have found
> out that these two tricks - "send email here to be deleted from our database"
> and "click here to remove yourself from our database online" - are the best
> to know if you're reaching people. Also, many postmasters will contact the
> spamming company in order to complain. Based on all this feedback, spamming
> companies can determine a "success rate" for their spamming efforts. This keeps
> their own customers happy...
>
> A better way to deal with this is simply ignore the message, and make sure that
> all your users ignore the spam, too. In the long end, this means a lower
> "success rate" for a particular domain/spamming technique, so the spamming
> companies will probably try somewhere else.
>
> >The entire operation took about 30 minutes. I haven't heard from them
> >since. But I have recieved at least 10 unsollicited e-mails since then.
>
> My bet is, they will try again and again and again. The problem is, each
> time your address is found on a Usenet post, on a subscription web site or
> on a mailing list, there is a high probability of someone "selling" your
> email address to a spamming company. For instance, I'm receiving spam to
> addresses that have been disconnected 2 and 3 years ago... DejaNews and
> other public sites with lots and lots of addresses are a perfect place
> to get all those addresses for the spamming lists...
>
> - Luis Sequeira
>
> ____
> \ Esoterica - Novas Tecnologias de Informacao, SA
> :-) Luis Miguel Sequeira
> /___, lms@localhost http://www.esoterica.pt/
