Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?

[Dave Holland]

On Thu, Nov 20, 2003 at 10:09:37PM -0800, Jeff Breidenbach wrote:
> In theory, I don't have to pay anything because Mail-Archive is a
> hobby project.

Good luck with trying to get a hobbyist subscription... I tried about 18
months ago, and despite asking MAPS repeatedly, they never set it up for
me. I think they were understaffed and concentrating on the paid
subscriptions, which is understandable.

Dave

___
Gossip mailing list
[EMAIL PROTECTED]
http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip

Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?

[Tony Sleep]

Patrick J. LoPresti wrote:

> The solution?  Block all cable/DSL/dialup address ranges.  (This is
> what dialups.easynet.nl is for.)  Done.

Thanks for the explanation, Pat. Indeed I am running  a POP proxy, but send 
 SMTP direct via MX record instead of via my ADSL provider's SMTP. 
 
The reason for that is not wanting to congest their mailserver through 
volume of mail, which has sometimes exceeded 40,000/day. Running a 
local DNS proxy also relieves the load on their DNS, and is far faster. 
I've a fair bit of historical reason to want to do  it this way, having 
been variously flung off or had list traffic tarpitted  by various ISP's. 
This works, causes the ISP (and me:) no trouble.

I'm on fixed IP, behind a NAT router with all ports blocked except the few 
I have opened to run SMTP, POP, FTP & HTTP. There's up to date virus 
checking and spam filtering on incoming mail, and a software firewall to 
nail any trojan activity on the LAN side. Never had a virus nor distributed 
a spam, despite endless  I merely mention all  this  to demonstrate that I 
try  to do things responsibly :)
 
I'd far prefer to do it all  from a co-located box on a 'proper' 
connection, but it's a non-commercial, enthusiast list which  costs me 
money, and I can't afford that level of expense. Nor do I fancy my chances 
with trying to configure a 'proper' Linux installation to do all this.

But, I DETEST spammers, so I do understand the logic of what you are 
saying,  and the need to intervene with  effective strategies.  However, 
the sort of use I'm making of ADSL is not uncommon, and is likely to become 
 increasingly prevalent. I can't help feeling that heavy-duty techies who 
setup and run big, proper machines with fat pipes  are perhaps just a 
little dismissive or contemptuous of the trickle-down of these technologies 
to the know-nothing hoi-polloi. They'd be furious, I suspect, to find 
themselves stuck in a blocked IP range because of someone else's 
misdemeanours. Really, an IP address is as good as any other, what goes on 
behind it should surely be the test?

An academic point, really ;) since Jeff indicates the problem lays  with my 
header 'to:' field bearing the mail-archive address rather than my list 
address. I'm not sure I can change that, will have to do some digging, but 
that's fair enough. I very much appreciate the mail-archive service.


Regards 

Tony Sleep - http://www.halftone.co.uk

___
Gossip mailing list
[EMAIL PROTECTED]
http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip

Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?

[Earl Hood]

(Note, do not cc me on messages sent to the list.  My action of replying
 to list messages assumed I am subscribed.)

On November 21, 2003 at 12:13, "Patrick J. LoPresti" wrote:

> > ADSL and cable are very economical for ISPs and small organizations
> > to get connected to the Net.
> 
> Some would argue that spam exists precisely because running a mail
> server is so economical.  Perhaps it should be more expensive.

And risking alienating lower income entities.  There is a common
mistake that the Net is just another market.  In today's society,
it is becoming more the de-facto communication media, and those
that cannot afford to be on it, are left behind.

> Small ISPs and organizations can relay mail via their DSL provider's
> servers, just like individuals do.  Larger organizations can pay for a
> real Internet connection.  I see no problem.

Politics and democracy.  Again, you must look beyond money.

And even if looking at money, ISPs have a finanicial interest in
using DSL and cable to connect businesses.  It is cheaper for them
intead of laying out dedicated network cables.  Heck, I have regular
home cable modem service, and my download speeds are better than
most companies I worked for.

It is not hard to envision that all "wiring" will be the same
for everyone, from large businesses to individual users.

Therefore, the distinquish is bandwidth, and ADSL and cable
already do this. 

> > If ISPs have policies about not running servers on personal home
> > systems and/or restricting mail traffic to only route through their
> > mail server, they can enforce such policies via router
> > configurations.
> 
> And the rest of us can help encourage such policies by blocking direct
> mail from dynamic ranges :-).

I find this view naive.  See


You must be careful of the slippery-slope of anti-spam measures to
where many can be be abused and inhibit valid uses of the Net.  Many
measure typically have side-effects of punishing the little guy.

I also recommend you check out IETF's Anti-spam Research Group (ASRG)
and their list archives.

> > However, such configuration would not stop worm-based spam.  I.e. A
> > worm designed to send spam could easily send mail through the ISP
> > MTA by checking the systems outbound MTA setting.  Of course, such
> > worms would get the attention of ISPs since their servers will be at
> > risk of being blacklisted, requiring them to be more proactive at
> > contacting customers with infected systems.
> 
> It is actually better than that, because most ISPs now do some sort of
> antivirus filtering on their mail servers.

Mail viruses is only one attach vector.  Many worms attack systems
directly (e.g. MS RPC exploits) or through browser (IE) defects.
Therefore, mail filtering will not stop these kind of attacks.

BTW, mail virus filters only work "after-the-fact".  Ie.  Systems must
get infected, and the detected, for anti-virus vendors to provided
updated dat files.  And then, it becomes a race condition on how
soon people and organization update their dat files before they are
infected.  Since I am still receiving Swen messages (i.e.  the bogus
"Microsoft patch" updates), it is clear to me that relying on people
to update their dat files is doomed to failure.

--ewh

___
Gossip mailing list
[EMAIL PROTECTED]
http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip

Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?

[Earl Hood]

On November 21, 2003 at 10:20, Dan Kegel wrote:

> > Some would argue that spam exists precisely because running a mail
> > server is so economical.  Perhaps it should be more expensive.
> > 
> > Small ISPs and organizations can relay mail via their DSL provider's
> > servers, just like individuals do.  Larger organizations can pay for a
> > real Internet connection.  I see no problem.
> 
> I'm with Pat on this.   As someone who's had occasion to
> worry about security since 1992 or so, I fully support
> the idea that ISPs should by default block outgoing SMTP
> from customers by default (and encourage customers to
> use the ISP's SMTP relay).

Then you start getting into some potentially political and legal
problems.  I.e.  What is the nature of the service?  Typically, your
service provides a Net connection allow TCP/IP traffic with a notice
that you would not abuse the service.

Now, you advocate that blocking specific protocols are okay, but that
is not what many people sign up for.  Such logic backs ISPs that start
blocking other traffic (like IPSec) to force customers to purchase
more expensive service agreements (which I believe some ISPs have
done).

With that said, blocking SMTP may be good policy, BUT ISPs must
clearly indicate this behavior to customers and make sure it is
mentioned in the service agreement.

Also, such policy will probably only be enforced on home users.
Those that choose to pay for better services will be exempt of such
rules; ISPs want more money and they are happy if there servers
receive less of a load.

Remember, ISPs are in business to make money, and they play both
sides of the field on the spam debate.  For example, spammers use
a lot of bandwidth, and the ISPs get money for such usage.

BTW, does anyone have stats on the number of spam messages that
come from dynamic address ranges?  Especially U.S.?  It seems
to me that much spam is relayed through foreign countries.

Also, how do you know a range is dynamic?  Whois database does not
formalize such information, and such policies can change at any
time for whomever owns a specific range.

> The situation now is terrible, and somewhat analogous
> to how operating systems used to ship with all services
> on by default.   It was a big improvement when OS's
> started shipping with services off by default, and
> doing the same thing with outbound SMTP at ISPs would
> bring a similar improvement.

As I noted in a previous message, it will not stop spam.  Spammers
that use worms to infest other systems, will just adjust tactics
by using the outgoing SMTP server settings to send out spam.

Someone suggested that ISPs may filter outgoing mail, but personally,
I find this worrisome on privacy grounds, and technically, it doubles
the load of ISPs.  Plus, for it to work, ISPs will eventually have to
notify their customers when they detect questionable out-bound mail,
which will raise a political firestorm about privacy and PR problems
for ISPs.

If you really want to defeat spam, educate the idiots that actually
respond to spam messages to stop responding.

--ewh

___
Gossip mailing list
[EMAIL PROTECTED]
http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip

Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?

[Tony Sleep]

Patrick J. LoPresti wrote:

>  as the little guy can always use his ISP's
> mail server.

If only it was that easy!

c.1998 I set up the filmscanners list using local s/w sending BCC through 
my domain host/ISP, cix.co.uk. 

c.1999 they asked me to make other arrangements as mail volume was 
contributing to congestion on their permanently iffy server. What they 
really  meant was 'you're using more than you're paying for'. After a lot 
of looking around at commercial hosting services, I handed over 600GBP 
(~1,000USD) for them to host it via Majordomo for a year. I found a few 
commercial services which were cheaper, but none which answered email!

2000  - renewal time, I just didn't have another 600GBP spare. Opened an 
additional business a/c with Plusnet. 30 day 'refund if not happy' trial 
was fine. On day 31 list delivery slowed catastrophically. Two weeks of 
badgering tech  support later, they told me they had  a policy (undeclared 
anywhere) of only  allowing 12 mails to be sent per hour and mine were  
being tarpitted because I was 'obviously sending spam'. Proved that I was 
not. They refused to lift the tarpitting anyway.

Asked around a number of ISP's specifically asking if a list generating up 
to 40,000 mails a day would be a problem. One, vispa.net, said no problem, 
then promptly shut my new(expensive, business) a/c within  24hrs. without 
telling me. Deja vu. 'You're sending spam'. Again, I demonstrated it was 
purely an opt-in, authenticated hobbbyist list, and they responded that 
anyway, no way would they allow that sort of volume through their server. 
Bye bye.

Next was Clara.net. Again I asked in advance, and they were absolutely fine 
with me sending via MX record. But the cost of the account and  
channel-bonded ISDN was high. A few months later they revised their tariffs 
and it became much more expensive than ADSL, which was 55GBP/m at the time, 
so...

2001 - talked to Alcom (now Astra) about running my list over ADSL through 
their SMTP. They thought it would  'probably' be OK. But rather than risk  
more upheaval and  disaster, I decided I'd just DIY  and take them out of  
the loop.

Now this is just a small list, and in the great scheme of things 
unimportant. It has been *the* global source  of specialist info on 
prosumer filmscanners to thousands of pro photographers. But like an awful 
 lot of the non-shopping-mall net, it has no business model, no sponsors, 
no revenues, and the resources I can expend on it are extremely limited. If 
it was commercial, it would be running off a shiny fast co-lo server 
instead  of a knackered Celeron400 on my darkroom floor. And it would 
probably have its own fancy dedicated archive too, and have no need of a 
pro-bono service like mail-archive.

Why not use Yahoo! groups? It's bl**dy Microsoft world domination, 
administratively awkward, the intrusive ads I find as annoying as spam, and 
they keep revising the T&C's and changing the service.

Regards 

Tony Sleep - http://www.halftone.co.uk

___
Gossip mailing list
[EMAIL PROTECTED]
http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip

Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?

[Dan Kegel]

Tony Sleep wrote:
as the little guy can always use his ISP's
mail server.
If only it was that easy!
How many subscribers do you have?  If it's under 1,
maybe pair.com's service would do.
http://www.pair.com/pair/pairlist/
I've been using them for some low volume stuff for years,
and I suspect they wouldn't turn up their noses at
40,000 messages/day.  Their prices are low but not
so low they can't run things well.
- Dan

___
Gossip mailing list
[EMAIL PROTECTED]
http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip

Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?

[Kristian Köhntopp]

On Wednesday 19 November 2003 08:58, Jeff Breidenbach wrote:
> Well, it's not quite that bad. I can't computationally afford to put
> SpamAssassin on the existing primary server. 

I am running a Celeron 1200 with 256 MB RAM and a single IDE disk. The machine 
is running Suse Linux 8.1 with sendmail, to which I added 
spamassassin-milter, spamassassin and milter-sender.

The usage stats are at 

http://vvv.koehntopp.de/rrd

The system is not handling overly much mail, up to 8000 messages a day, but 
the load is close to 0 as well 
(http://vvv.koehntopp.de/rrd/index.php?scale=1+day&data=allmail, 
http://vvv.koehntopp.de/rrd/index.php?scale=1+day&data=load)

The key problems when setting up this machine were a) using a milter for 
spamassassin. I am using spamassassin-milter (available from 
http://www.runestig.com/osp.html) to drive my spamassassin process, and I am 
using milter-sender before that 
(http://www.snert.com/Software/milter-sender/). Milter-sender does exim-style 
sender verification before accepting a message. That is, the sender of a 
message must have a working reverse lookup, and the primary mx for the 
senders domain must be able to accept an error message ("MAIL FROM: <>") for 
the presumed senders address ("RCPT TO:  " must not 5xx out). This cuts out a lot of spam before it even hits the 
SpamAssassin.

Kristian


___
Gossip mailing list
[EMAIL PROTECTED]
http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip

Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?

[Patrick J. LoPresti]

Earl Hood <[EMAIL PROTECTED]> writes:

> ADSL and cable are very economical for ISPs and small organizations
> to get connected to the Net.

Some would argue that spam exists precisely because running a mail
server is so economical.  Perhaps it should be more expensive.

Small ISPs and organizations can relay mail via their DSL provider's
servers, just like individuals do.  Larger organizations can pay for a
real Internet connection.  I see no problem.

> If ISPs have policies about not running servers on personal home
> systems and/or restricting mail traffic to only route through their
> mail server, they can enforce such policies via router
> configurations.

And the rest of us can help encourage such policies by blocking direct
mail from dynamic ranges :-).

> However, such configuration would not stop worm-based spam.  I.e. A
> worm designed to send spam could easily send mail through the ISP
> MTA by checking the systems outbound MTA setting.  Of course, such
> worms would get the attention of ISPs since their servers will be at
> risk of being blacklisted, requiring them to be more proactive at
> contacting customers with infected systems.

It is actually better than that, because most ISPs now do some sort of
antivirus filtering on their mail servers.  Merely by updating the
virus definition files on their mail servers, they immediately stop
ALL of their customers from spreading the latest worms.  This is why
the worst Email worms (like Sobig) tend to use their own DNS and SMTP
engines to bypass the configured outbound mail relay.

 - Pat

___
Gossip mailing list
[EMAIL PROTECTED]
http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip

Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?

[Dan Kegel]

Patrick J. LoPresti wrote:
Earl Hood <[EMAIL PROTECTED]> writes:


ADSL and cable are very economical for ISPs and small organizations
to get connected to the Net.


Some would argue that spam exists precisely because running a mail
server is so economical.  Perhaps it should be more expensive.
Small ISPs and organizations can relay mail via their DSL provider's
servers, just like individuals do.  Larger organizations can pay for a
real Internet connection.  I see no problem.
I'm with Pat on this.   As someone who's had occasion to
worry about security since 1992 or so, I fully support
the idea that ISPs should by default block outgoing SMTP
from customers by default (and encourage customers to
use the ISP's SMTP relay).
The situation now is terrible, and somewhat analogous
to how operating systems used to ship with all services
on by default.   It was a big improvement when OS's
started shipping with services off by default, and
doing the same thing with outbound SMTP at ISPs would
bring a similar improvement.
- Dan



___
Gossip mailing list
[EMAIL PROTECTED]
http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip

Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?

[Patrick J. LoPresti]

(Hm.  I wonder how far off topic we can go before Jeff pulls the plug
on us.)


Earl Hood <[EMAIL PROTECTED]> writes:

> Politics and democracy.  Again, you must look beyond money.

In the end, everything is economics.

But I do not advocate kicking poor people off of the Net.  I do
advocate making them send their mail through their ISP's server.  If
their ISP is too irresponsible for that to work well, I advocate
telling them to change ISPs.

> > And the rest of us can help encourage such policies by blocking
> > direct mail from dynamic ranges :-).
> 
> I find this view naive.

"Naive"?  I thought I understood this stuff pretty well.  I have
certainly heard most of the arguments before...

> See
> 

...like this one.  While I respect the EFF, this piece was clearly
written by someone with no experience managing a network in the modern
world.

My favorite sentence:

  "In addition, Netizens should express their dismay at spam by
   boycotting products advertised with spam."

Oh yeah, that'll help.  You say *my* view is naive?

Reality check: The spam problem has gotten bad, far worse than most
users realize.  Talk to someone who does net ops for AOL, or Yahoo, or
(in my case) Juno.  Ask them how many millions of messages they block
every day.  Show them your EFF article and see what they say.  (I do
not work for Juno; I have a friend who does.  He was the one who
ultimately convinced me on these points.)

End-user solutions are useful for sophisticated end users.  But anyone
who can configure a personal mail filter would never buy anything
advertised in spam anyway.  Ergo, such filters do nothing to reduce
the financial incentive for sending spam.  Ergo, they do nothing to
reduce the amount of spam.

So yes, I want to see spam filtering done without the user's knowledge
or consent, as the intended targets for spam have no knowledge and are
not qualified to consent.  Because the sheer volume of spam (in Juno's
case, over 80% of all inbound mail) is posing a real problem for
networks and their admins.

> You must be careful of the slippery-slope of anti-spam measures to
> where many can be be abused and inhibit valid uses of the Net.  Many
> measure typically have side-effects of punishing the little guy.

If the "little guy" is paying money to a spam-friendly ISP, then he
deserves to be punished.

Um, by the way, we have drifted pretty far from our discussion of
blocking dynamic ranges, as the little guy can always use his ISP's
mail server.  So even if I sound like a raving lunatic now, it should
not cloud the earlier point :-).

As I mentioned, most blocklists are run by idiot children and are
therefore awful.  But that is very different from saying that all
blocklists are awful.  Some have decent policies, rigidly followed,
and we would all be better off if we all used them.

> I also recommend you check out IETF's Anti-spam Research Group
> (ASRG) and their list archives.

Anything in particular you recommend?

> > It is actually better than that, because most ISPs now do some sort of
> > antivirus filtering on their mail servers.
> 
> Mail viruses is only one attach vector.  Many worms attack systems
> directly (e.g. MS RPC exploits) or through browser (IE) defects.
> Therefore, mail filtering will not stop these kind of attacks.

It will not stop the schoolyard bully from stealing your little
brother's candy bar, either.  We were discussing Email worms.

> BTW, mail virus filters only work "after-the-fact".  Ie.  Systems
> must get infected, and the detected, for anti-virus vendors to
> provided updated dat files.

Yeah, the real solution is to eliminate Microsoft.  But for now, we
must work with what we have.

> And then, it becomes a race condition on how soon people and
> organization update their dat files before they are infected.  Since
> I am still receiving Swen messages (i.e.  the bogus "Microsoft
> patch" updates), it is clear to me that relying on people to update
> their dat files is doomed to failure.

I was once receiving over 500 copies of Swen every day.  Believe me, I
sympathize.

However, an ISP is much more likely to keep its machines
update-to-date than an end user is.  And Swen volume has gone way down
for precisely this reason.

 - Pat

___
Gossip mailing list
[EMAIL PROTECTED]
http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip