The solution to spam

Story: This week at LWN: Fighting image spamTotal Replies: 16
Author Content
Sander_Marechal

Aug 25, 2006
4:02 AM EDT
The solution to spam is easy, but ISP's won't hear of it: Any box detected to be sending out spam would (forcefully) be disconnected from the network if no action is underatken to stop it. User doesn't want to disconnect it or clean it? Too bad, the ISP will disconnect it for him. The ISP won't do that? Fine, we'll disconnect the entire ISP. Hell, we'll disconnect the whole of China if we have to.

No ISP wants to be disconnected, so they'd start cracking down on spammers and zombie boxes. End users and corporations would invest in malware protection and actually keep up to date, out of fear for being disconnected.
Scott_Ruecker

Aug 25, 2006
6:54 AM EDT
Your solution is Draconian, I like it. Your right though, it would work but who would be in charge of deciding what is spam?

If M$ was in control, I know what they would do..No M$? it must be spam!
Bob_Robertson

Aug 25, 2006
10:10 AM EDT
My ISP blocks all outgoing port 25 packets. All standard email must be sent through their mail relay. I consider this a reasonable compromise, so long as they are reasonable. No limits on personal mail, I can run high-use mailing lists that aren't spam, I don't even mind if they scan for viruses, so long as they return any such mail for me to verify.

I would object if they keep my mail, if they give it to the NSA for tracking, etc, but they could do all that anyway just by copying the outbound packets without going through their server.

But the one and only solution to the real spam problem may only be solved by Assassination Politics. http://www.outpost-of-freedom.com/jimbellap.htm
jeickal

Aug 26, 2006
8:16 AM EDT
Interesting suggestion, however I believe hardly appliable. Countries have different laws, ISP have have different practices and having all (most of) the world's ISP agree on sth is an utopia. Even locking out of the Net one ISP would require international synchronization. And as mentioned above, I don't see who could take such decisions, nor what would an unacceptable threshold be. Furthermore, I believe the Internet should stay as open as possible, in the name of the freedom it provides. Even though some folks are using this freedom for illegal activities, I don't think it's fair to impact many honest users because of them. I personally consider spam as the price to pay for all that freedom I enjoy as a Internet user.
tuxchick2

Aug 26, 2006
10:56 AM EDT
"I personally consider spam as the price to pay for all that freedom I enjoy as a Internet user."

Where's the freedom in being forced to subsidize spammers? It's a tax forced on all Internet users. We pay for the 80%+ wasted email bandwidth stolen by spammers. We pay for abuse departments, crashed servers, additional storage, filtering software and devices, identity theft, botnets, and so forth. I agree with Sander- ISPs have the power to cut off spamming customers. They always have. Unfortunately, these days most spam comes from botnets, so ISPs would be cutting off pwned windoze customers, which is a nightmare of a different sort. It's not a speech issue, but a theft issue. You can call theft freedom if you want, I'm not going to. :)

dinotrac

Aug 26, 2006
1:09 PM EDT
tc -

I believe in freedom. I believe in the freedom of spammers. Absolutely would not wish to interfere with the freedom of spammers.

But I also believe that freedom comes with responsibility and actions come with consequences.

I believe in the freedom to apply consequences for the actions of spammers. I believe that spammers should be gathered together in a huge room, wined, dined, and entertained. Slowly, the crowd would thin.

Think Soylent Green.



jeickal

Aug 26, 2006
5:22 PM EDT
Tuxchick2, I do understand your point and agree to some degree, except that when you say:

"Where's the freedom in being forced to subsidize spammers?"

I may be "forced" to deal with spam, but if my ISP gets lock out of the Net because my neighbor is a spammer, then the person who took that decision would remove my freedom to access the Internet. This is what I don't agree on. I don't call theft freedom, I'm just saying that taking such draconian action as locking ISP would affect many honest users' freedom to access the Internet. And I believe this would be unfair.
Sander_Marechal

Aug 27, 2006
8:27 AM EDT
If your neighbour is a spammer then your ISP should simply disconnect him after giving your neighbour a chance to fix the problem (e.g. pwned Windows zomie box). There would have been various rounds of notices and verifications to the user and the ISP before disconnection would ever be talked about. Disconnecting an ISP would be a draconian measure only reserved for ISP who refuse to deal with the problem themselves.

Think of it this way: The zomie problem would largely go away since zomie boxes would only be short lived and so called bulletproof hosts would disdappear overnight. That should cut spam by about 90-95%.
Bob_Robertson

Aug 27, 2006
10:55 AM EDT
Sander, that's why I consider the outgoing blocking of port 25 packets to be a rational compromise. The spambot would simply not be able to send, problem solved.

Yes, getting all ISPs to agree is impossible. But all ISPs use SMTP mail, so maybe it's not actually impossible (just unlikely).

tuxchick2

Aug 27, 2006
10:58 AM EDT
jeickal, I think you're talking about blocklists, which is different than an ISP cutting off an offending customer. RBLs are better for individuals to use; for ISPs they are much too crude.

Sander, that makes too much sense. :)

dek

Aug 27, 2006
12:08 PM EDT
Is anybody here on Qwest for isp services? My understanding is they have a policy where they say they can charge $5.00 (corrected from 5000!! My Bad!!) per spam email if they determine it is coming from your machine.

Say your machine gets compromised and spits out 1000 spammed messages. That means you are liable under qwest policies to pay them $5,000. They do kick a machine off after some point. However, what's a good definition of spam??? They could pad their bottom line with legitimate (to you) emails that they claim are spam.

I was going to switch my ISP to qwest until they instituted this policy.

I much prefer Sander's method!!!! Good way to go.

Don K.
Sander_Marechal

Aug 27, 2006
2:37 PM EDT
The problem of what is and what isn't spam is a tough one. If I click the "e-mail me" link on your website and tell you about my new products, is that spam? Probably not. If I surf the web al send mail all day, is it?

But we're not fighting that kind of spam here. We're fighting the kind of spam that gets generated by machines and sent out in the millions. That kind of spam is really easy to classify. Cutting out only that obvious portion of the spam market will reduce spam to maybe 1-5% of current levels. The spam market that's left simply wouldn't be profitable.
jeickal

Aug 28, 2006
1:39 PM EDT
I wonder why ISPs are not simply blocking port 25 packets as suggested above? Sounds like few access-lists on fews of their routers.. That would be less disruptive than locking people out and still would block mass mailing from botnet. I wonder if they are afraid of blocking some legitimate emails as well (like, it sounds simple but may actually not be..), or if they believe that the overhead managing this sort of screening would (financially) not be worth the bandwidth saving... How about presetting all ADSL router with port 25 blocked as factory-default? That way spammers would not only need to send some stupid windows troyans, they would also need to crack in victim's router to allow SMTP traffic.
jdixon

Aug 28, 2006
1:52 PM EDT
> I wonder why ISPs are not simply blocking port 25 packets as suggested above?

Some do. Unfortunately, some users have legitimate reasons for connecting to mail servers other than that of their ISP, so it's not a universal solution for everyone.

> How about presetting all ADSL router with port 25 blocked as factory-default?

The router is normally purchased, not leased, and is the customer's property, not the ISP's. Again, most customers wouldn't mind, but some definitely would.
Bob_Robertson

Aug 28, 2006
2:18 PM EDT
> some users have legitimate reasons for connecting to mail servers other than that of their ISP, so it's not a universal solution for everyone.

Indeed, and I see an opportunity for tiered service (or at least agreements).

For instance, port 80 inbound is blocked for all except "business" customers, and of course that costs more. There's no reason that port 25 outbound need be open by default, so simply close it by default. Put it in the contract where people like you and I can find it, that port 25 will be opened for $1.50 a month + a contract element that makes spam abuse a disconnecting offense.

It *can* be done. The problem is dedication and commitment from the ISPs themselves. Cox Cable, ahem, I mean SuddenLink, has at least part of that commitment and I respect their decision to block outbound 25 as well as inbound 80 (so Code Red and Nimda types can't worm their ways into Windows boxes).

Put the packet filter on the routers that accept packets from customers at the cable head. These routers are doing not much actual "routing", they have the time to do it, and you know exactly where to make the change to enable those special customers.
Sander_Marechal

Aug 28, 2006
10:10 PM EDT
jdixon & Bob: And what do we do about ISP's that don't cooperate? Chineese bulletproof hosters and ISP's? Cracked servers? Zomie boxes on corporate networks?

Besides, I would change ISP the very minute trey'd try to charge me extra for port 80 inbound or port 25 traffic. I chose my current ISP expecially because they allow running anything you want off your home line. They do disconnect BTW. You get a two week notice to clean up if they find your boxes have been hijacked and used for spamming. They are also happy to help you fix it, or simply test the network. When I enabled port 25 inbound and outbound services on my server, I mailed them and asked them to test if I didn't accidentally set up an open relay. They did some testing and gave the all clear sign, tanking me for the heads-up note. BTW, I'm using xs4all in the Netherlands. Best ISP ever.
Bob_Robertson

Aug 29, 2006
7:54 AM EDT
"And what do we do about ISP's that don't cooperate?"

What is done in any free market: Don't buy from them, tell others why you won't buy from them, publicize their error.

Ask your ISP to blacklist the address blocks of the ISPs who don't do the blocking. Or set up your own router with those blacklists, which already exist and have for at least 6 years.

Indeed your ISP sounds like a good service. Reward them by buying their product. The competition will eventually take notice.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!