|
WHAT DO WE DO ABOUT SPAM? Jerry Pournelle Wednesday, September 03, 2003 |
This is clearly an on-going inquiry. |
|
The topic has been around a long time, and is unlikely to go away soon, but the event that triggered starting a new topic on the subject came when I was at WinHEC during the week of May 4 - 8, 2003, in New Orleans. I had two methods of accessing the Internet: I could connect to the high speed access Microsoft made available in the press room, or I could use dial-up at about 24 KB/s. The high speed access worked fine for downloading information and mail: but I found I couldn't send mail through it. I have two email accounts. One is a regular Earthlink account, and it works, so long as you are logged on to Earthlink itself. In theory there is a way to send through Earthlink when you are logged on thr0ugh another service (such as the Microsoft press room's service) using the smtp authorization, but I have never been able to make that work. I was able to send mail through my own ISP where this web page is hosted. Again I told Outlook that my service requires authentication, and gave my user and password, and all was well. That was the first day. On the second day I could not send mail.
Attempts to send mail got the message that
The following recipient(s) could not be reached: 'James Siddall jr' on 5/7/2003 10:45 AM 554 Service unavailable; [68.152.107.90] blocked using
relays.osirusoft.com, reason: [1] send-safe, see http://spews.org/ask.cgi?S1062 The 68.152 etc address was what Bellsouth assigned to Microsoft, either the Press Room or the whole show. Whether someone tried to send spam from the show -- unlikely -- or someone with an address near to that one decided to send spam, or just what happened, I don't know, but the anti-spam people decided this was a bad address and added it to their black hole list. Apparently all they have to do is list something and a lot of placed slavishly and automatically incorporate their list and stop all communications from the blacklisted addresses. So. I got a similar message about everything I tried to send. EVERYTHING I tried to send. Inquiry discovered that this organization had decided to put the Microsoft Press Room or at least the Microsoft Internet Connection from WinHEC on their Spam Black Hole List. One of the things we will discuss here is the practice of BLACK HOLES: is this a good idea? In my case, my own ISP was doing this to me: they were rejecting anything sent from Black Holed sites BEFORE checking to see if it came from an authenticated user. Since they were absolutely certain and sure they were NOT doing that, things got very interested, since I frantically tried to change settings, and invoke evil and potent magic, and get help from fellow journalists and Waggener Edstrom sympathizers and passing janitors. Nothing worked. Eventually I used a telephone connect Microsoft provided and I was able to send mail through Earthlink since I could log on to Earthlink by dialup. This was a slow way to send out the column to Istanbul and Tokyo and Brasilia and other places, but it did the job. And the next day my own ISP discovered what they were doing wrong, and fixed it, and I was able to use high speed communications from the Microsoft Press Room, just like the other journalists, who were doing exactly what I was doing only their ISP hadn't set things to reject EVERYTHING from the SPEWS-condemned addresses. A couple of morals to this story. First, if you're an expert you can convince me I am wrong even when I am not. It's not entirely easy, since I know what I know, and what I have done, but it can be done. Second, if you run an ISP, and you decide to go alone with the Black Hole Philosophy, for God's sake be sure that you're doing it in the right order so you aren't rejecting your authenticated users and driving them nuts. Now for the questions. First: is black holing a good idea?
Next topic: when I am at home, the amount of spam that gets to my system isn't entirely relevant, because I have a reasonably fast connection to the Internet, and I have fast machines and I can use fairly good filtering systems. I Hate Spam works very well (and I have to install it on Roberta's machine and I haven't and that is my fault). I also have some complex Outlook Rules that deal with other spam. Spam isn't a big problem here at Chaos Manor. [After I wrote that I installed I Hate Spam on Roberta's machine. It caught about 40 pornographic offers within the first hour. She's feeling a little better about the Internet now. Me, I want to find some of those people and admonish them. Adjust their attitudes with a small machete...] But at home Spam isn't such a big problem, here, given my resources. On the road it is different for two reasons. First, laptops aren't so fast as desktops, so using an elaborate filtration system isn't so good an idea because it adds enormous delays to mail processing. Outlook is a pig when it comes to using machine resources while it is out gathering mail; prolonging that process is a BAD idea, and filters prolong that process. So the spam gets into my inbox. Second, even if it got filtered out, it had to be sucked down through a dialup connection and that takes a lot of time, and typically when on the road you're in a hurry: and again, Outlook is a pig, and really eats resources when it's out getting mail, meaning that you can't do a heck of a lot else with your laptop while it is out sucking down text, meaning that spam really hurts under those circumstances. Inquiry: how can you stop spam on the road?
Third: the advice I usually get is that I ought to have my own mail server, generally a Linux box. That might work, but I do NOT have a fixed IP address. I have sort of been waiting to run a mail server here after I get improved Internet connections. For the moment my connection is either through the DirectPC satellite, or through megapaths IDSL. Neither is anything I want permanently, but I still can't get cable modem here. The satellite uses Net Address Translations of enough complexity that most game servers can't follow them. Anyway, while I could run a mail server and spam filters at the mail server, it is a good bit of work, and I have been waiting until I get a fixed IP address. It may be worth discussing whether this is a good strategy.
Finally, there is the general question of spam and public policy. I found some enthusiasm in the press room for taking up a collection and hiring the Mafia to go deal with spammers. And one wonders, doesn't the Mafia use the Internet? And surely they are annoyed by spammers too... But as a serious proposition, you can't go about encouraging organized crime as a means of solving social problems. So why can't our government with all its enormous bureaucracy do something? I am told that < http://www.spamhaus.org/rokso/index.lasso > will give names and addresses of known spammers with their history. Some of them live not all that far from me. Should those people be treated as wolves are? Or is this dangerous since it in essence allows the proprietors of the Spamhaus operation to declare people outlaw without trial? And for that matter, doesn't SPEWS do that, but with less drastic consequences of the declaration? Spam is destroying the internet; what shall we do about it? ========================================== When acting as a mail administrator, I maintain a manual "block" list of addresses that my mail servers refuse to accept connections from. Obviously general users don't always have the luxury of blocking connections, but your comments got me thinking: What if someone built a "spam tarpit" server add-on? The specs would be very simple: Whenever a spammer sent mail, the server would decrease its apparent bandwidth to (say) 300 baud for that connection. Normal mail would be accepted at full bandwidth. Meanwhile, some poor spammer has a "jammed" connection . . . . Cheers, Stephen Wales I am not sure how to accomplish that, but it would be pretty good. I note that some spammers defend their right to spam in today's LA Times, which has a front page Sunday article on Spam. I'm sure someone will send me the URL for it; it's not bad. Jerry, I thought your readers might find this an interesting addition to your new spam page. Best regards, John Kenny Thanks. ============ On your "What Do We Do About Spam?" page, you say that you are waiting on a Linux server until you can have a static IP address. You can get the benefits of a static IP address without actually having one. http://www.dyndns.org/services/dyndns/ You install DNS updating software on your server. Whenever your ISP changes your server's dynamic IP address, the updating software notifies the dyndns.org server. Your dyndns.org server name thus always points correctly to your home server, whatever its actual dynamic address is at the moment. dyndns.org provides this service free for up to 5 hostnames. I think your iDSL is all you need to run a useful home server. Remember that your Linux server doesn't actually have to be in your home to benefit you. It could literally be anywhere in the world, as long as it has a good connection to the Internet. You could pay an ISP for colocation, but you might have a friend or loyal reader who would host a server for you. There are also "vserver" services, which rent virtual servers (as far as you can tell it is your own server, but it is really a server image running with other server images on a powerful and reliable hardware server). Also, I will renew my offer: you may have one or more email addresses on langri.com just for the asking. The langri.com server has the spam checker described in my article. It does not yet have a web mail interface, but that will happen sometime in the near future. If you would like to experiment with spam filtering, say the word and I'll create an email account for you on langri.com. Then you can arrange to have your email auto-forwarded from one of your email addresses to the new langri.com address, and you can see how well it works for you. If you at any point want to end the experiment, you simply turn off the auto-forwarding, and download any mail that is on the langri.com server, and you are once again fully independent of langri.com. You don't have to change your email address to try this. Stay well. Keep writing fiction! -- Steve R. Hastings "Vita est" Well, I really do want to have control of something as vital as email. And while I have the resources to do special solutions, most readers do not. Jerry, Although you don't have a fixed IP address, it's still possible to utilize a mail server to some good effect. If you set up your own mail server at Chaos Manor, (probably a linux box) you can use the "fetchmail" program to download mail from your ISP to your mail server. Once there you can run Bayesian filters or apply other anti-spam measures and then forward the mail that has been screened to an account that exists only on your own mail server. At least this will take the anti-spam measures "off-line" and reduce the amount of work that resource-hungry Outlook needs to do on your own workstation. As for your "on-the-road" needs, well a couple of things occur: 1. If you can spare a phone line, why not set up your own RAS (dial-in) connection? You can then dial in to your own network and connect to your email server at Chaos Manor. 2. Set up an "out-of-office" condition on your mail server which will forward your screened mail to a totally anonymous email account with your ISP (one that only you know about). Make the email address on this account something that spammers are unlikely to ever stumble across. If they do, get yourself a new email address, then change your "out-of-office" script accordingly. Repeat as necessary. Of course this doesn't help those of us without the resources you have at Chaos Manor. It's difficult for single-PC households (mine is such because of limited space in my London flat) or those without the technical ability. But I'm also sure that it's a much bigger problem for you than it is for most of us. The ultimate solution must surely be to encourage governments to pass anti-spam laws which make spamming a capital (and extraditable) offence. Regards Craig Arnold Roland has proposed a couple of measures, and I'll probably adopt one prior to getting a fixed IP address. But as you say, I have resources most don't have. And the problem needs legal solutions. Or extra-legal solutions, otherwise known as Direct Democracy. When criminals have the organization and resource to bribe the government through extensive lobbying, they can if nothing else block new legislation and relegate it to committee for study. Forever. Which the spammers seem able to do. Dear Dr. Pournelle, My $0.02 worth on the topic: > First: is black holing a good idea? Yes, _if_ used with caution. A blackhole filter should at least save the "from" and "subject" lines for inspection for false positives (more on that later). > Inquiry: how can you stop spam on the road? This depends on a cluefull ISP. A lot of ISP's offer configurable mail filtering services on the _server_ these days. So the spam is stopped before reaching you. This is especially good when you're on a dial-up connection, like I am. :-) IMHO the best kind of ISP lets you configure your own filters. My ISP gives me a shell-account, so I can run any kind of mail filter via the forward mechanism. I use procmail (http://www.procmail.org/), in combination with a shell-script to give me a summary of the "from" and "subject" lines of deleted mail messages. I have configured the blackhole lists provided by xs4all.nl to add a header to suspected spam messages. My procmail filter later on in the mail-chain deletes those messages after logging the aforementioned details for my inspection. This allows me to check and correct for false positives. Next to catching blacklisted stuff, my procmail filters has additional rules for catching: - viruses (KLEZ & YAHA) - anything larger than 1000 kB - HTML-only messages - anything not adressed or cc-ed to me personally (instead of a mailing list) - and anything that got through these filters As soon as a spammer or virus gets through the filter, I update my ruleset, and all is well again. I've put up a webpage explaining this in more detail: http://www.xs4all.nl/~rsmith/spamblock.html With kind regards, Roland -- R.F. Smith /"\ ASCII Ribbon Campaign r s m i t h @ x s 4 a l l . n l \ / No HTML/RTF in email http://www.xs4all.nl/~rsmith/ X No Word docs in email / \ Respect for open standards ===== Subject: Confessions of a spammer. http://www.oregonlive.com/business/oregonian/ Roland Dobbins The path to spamming success requires expensive investments in software and the agility to adjust to the technological warfare between spammers and companies that try to block their messages. It also requires the stamina to withstand daily hate mail and even death threats. Shiels decided a spamming career wasn't worth the personal cost. ... He spent about $10,000 on software to harvest e-mail addresses, to disguise his online identity and to send millions of messages a day. The Poor Man got death threats. Awww.... And yes, I agree, death threats are a bit extreme. On the other hand, what is fitting for someone who has wasted a million seconds a day of other people's time? That's more than 200 hours a day of time eaten up by this chap. Sure, it's spread across a large spectrum, and maybe I am an order of magnitude off and he only wastes 24 hours a day of other people's time. It's still rather a lot. Subject: Spam > Home. Tons of mail. Much of it spam of course. It is time to think > hard about what to do about spam. Seriously. I am told that there are > about 100 spammers who account for 80% of the spam. Their names are > known. Their addresses are known. They have declared themselves our > enemies. Why is there no way to treat them as such? The question is not "what can we do?" but "what are we willing to do?" the thrilling and frightening truth is we can do anything. Internet Based Attacks in a Physical World Posted by Hemos on Monday May 12, @09:31AM from the too-bad-it's-not-internet-based-attacks-on-The-Real-World dept. scubacuda writes "In light of the /. backlash against Spam King, Alan Ralsky, (in which /.ers published his info online--including an overhead shot of his house--and signed him up for junk) Simon Beyers, Aviel Rubin, and David Kormann have written a report entitled Defending Against an Internetbased Attack on the Physical World. Complete Story: http://slashdot.org/articles/03/05/12/ Build Your Own Cruise Missile Posted by michael on Friday May 02, @10:35PM from the super-scud dept. WegianWarrior writes "Bruce Simpson, the man behind one of the more interesting site about pulsejets on the web, has launched a project to build a US$5000 DIY cruisemissile - just to prove that it can be done, since some said his earlier article about it was off the peg. Bruce has also designed and placed on his site a non-weld pulsejet you can build with simple tools, a 2D airflow modeling rig and a new valve/injector design for conventional pulsejets (according to the first page on his site, this new design is placed in the public domain)." We linked to his pulsejet pages about two years ago. Complete Story: http://slashdot.org/article.pl?sid= -=Skip Which sounds really drastic. It is of course a matter of will, not capability any longer. Will the law bail us out? Or will the Direct Marketing Association lobby be able to stall, delay, kill, relegate to committee, water down, to the point that nothing happens? === "NEW YORK (Reuters) - The man known as the "Buffalo Spammer," who has allegedly sent 825 million unwanted e-mails, has been arrested and arraigned, New York Attorney General Eliot Spitzer said on Wednesday." Henry Stern Dayton, OH ==================== Stephen Wales thinks it would be a good idea to build a "spam tarpit". I agree, and here it is: http://marc.merlins.org/linux/exim/sa.html . Teergrubing (tar-pitting) is but one of the things this piece of "glue" software does. It allows SMTP-time integration with SpamAssassin, which means you can reject spam right to the spammer's face *while he's sending it*. No messing about with trying to send reject messages to bad From: addresses and such. I use it and love it. It's as close as I can get to slamming the door in the spammers' faces. I mean it -- I *really* love it. :-) It does require running your own mail server, but I do anyway. The bonus is that I don't have to mess about with complex rules in my email client . Spam that doesn't reach the threshold for outright rejection has the Subject: header rewritten and prepended with "SPAM:" and the spam score. I have a single rule that puts these messages in a separate folder where I can review them. The other thing that I do to avoid ISP problems is connect with my mail server over an SSH tunnel (I do this for both POP3 and SMTP). By using compression, mail is fast, even on my dial-up connection. Plus, my ISP (Earthlink: "The Real Internet, Unfiltered") filters (sigh) port 25 (SMTP). I'm sure more ISPs will start doing this. The SSH tunnel bypasses all that, so that wherever I am, I can talk directly to my mail server. One final thing. I have no hope whatever that the government will help. None. I mean, c'mon, can you imagine a "War on Spam"? No thanks. Just as I don't count on the government to protect me from physical criminals, I don't count on them to protect me from "cyber" criminals (or pests). The most likely outcome of government "help" would be to disarm us in the face of our attackers, just like they tend to do in the physical realm. We must look to our own security. Regards, Gordon Runkle -- "Far and away the best prize that life has to offer is the chance to work hard at work worth doing." -- Theodore Roosevelt Spam Assassin works well at my ISP, but it doesn't filter my Earthlink mail, which is very full of very awful spam. The Spam Assassin filtered stuff isn't onerous: so long as I am home. But it still labels the stuff and I have to have rules that read headers, and that can take time.
Jerry, Slashdot had a link to an interesting insight into the British House of Lord's discussing what to do about Spam. -Dan S. =================== State of New York Attorney General Eliot Spitzer and staff have decided to use old laws to have spam distributors convicted as felons. Details at http://www.wired.com/news/politics/0,1283,58939,00.html . It couldn't happen to a more deserving bunch, and the last time I heard about New York prisons their ambience was terrible. regards, William L. Jones wljones@dallas.net Hurrah!
|