Re: IBM to offer service to bounce unwanted e-mail back to the
Anne P. Mitchell, Esq. wrote: On Mar 23, 2005, at 12:37 PM, RSK wrote: On Tue, Mar 22, 2005 at 10:24:37AM -0800, Andreas Ott wrote: http://money.cnn.com/2005/03/22/technology/ibm_spam/ If this write-up is accurate, It's not. From the http://www.aunty-spam.com website: IBM Not Spamming Spammers! FairUCE is About Fair Use, Not Abuse! Did you hear? IBM is spamming spammers! Its all over the Internet, and tongues are awagging! Except, it aint so. IBM is not spamming spammers. Whether you think that spamming spammers is right or wrong, IBM aint doing it, and shame on CNN for getting it so wrong, and making IBM look so irresponsible, and in league with the likes of Lycos Make Love Not Spam DOSsing Screensaver program, and the notorious Mugu Maurauder bandwidth sucking program. You cant really blame the folks who read CNNs horribly wrong piece for spreading the rumour, after all it was quite sensationalist: Spamming spammers? IBM to offer service to bounce unwanted e-mail back to the computers that sent them. March 22, 2005: 12:22 PM EST NEW YORK (CNN/Money) - IBM unveiled a service Tuesday that sends unwanted e-mails back to the spammers who sent them. The new IBM (Research) service, known as FairUCE, essentially uses a giant database to identify computers that are sending spam. E-mails coming from a computer on the spam database are sent directly back to the computer, not just the e-mail account, that sent them. Wrong, wrong, wrong. About the only thing which the article got right is that the program is called FairUCE. FairUCE, according to IBMs own FairUCE website, readily available for anyone to read (coughCNN reporters..cough), is a spam filter that stops spam by verifying sender identity instead of filtering content. Lets say that again: FairUCE is a spam filter that stops spam by verifying sender identity instead of filtering content. If FairUCE cant verify sender identity, then it goes into challenge-response mode, sending a challenge email to the sender, to which the sender must reply, to demonstrate that it is not a spambot sending the mail in question, but a real live person. Here is IBMs explanation of how the FairUCE system works: Technically, FairUCE tries to find a relationship between the envelope senders domain and the IP address of the client delivering the mail, using a series of cached DNS look-ups. For the vast majority of legitimate mail, from AOL to mailing lists to vanity domains, this is a snap. If such a relationship cannot be found, FairUCE attempts to find one by sending a user-customizable challenge/response. This alone catches 80% of UCE and very rarely challenges legitimate mail. Now, being kind, its possible that the good folks at CNN mistook the sending of the challenge for spamming the spammer (Rest at http://www.aunty-spam.com/ibm-not-spamming-spammers-fairuce-is-about- fair-use-not-abuse/) Anne While I wholeheartedly agree with much of the Aunty-Spam article, I also have to note that it appears the original erroneous claim was made by an IBM spokeperson. In the CNN/Money article, the following appears: IBM has previously offered anti-spam filter technology, but this is the first time the company has developed technology to send spam back to the spammer, according to IBM spokeswoman Kelli Gail. IBM is not concerned about liability, even in cases where innocent senders might be misidentified as spammers, because all the technology does is bounce back the e-mails, said Gail. That paragraph seems to be the basis for the entire articles claim--and attributes the sending back to the spammer idea to IBM. Perhaps we should expand the Just one more example of why people who are not technically knowledgable should not, you know, report on technology. statement to include technology company's non-technology-literate marketing people;) -- -- -Susan -- Susan Zeigler | Phairos Technologies [EMAIL PROTECTED] | 515.965.5338 I'm all in favor of keeping dangerous weapons out of the hands of fools. Let's start with typewriters. -- Frank Lloyd Wright
Fun new policy at AOL
Sometime mid last week, one of my clients--a state chapter of a national association--became unable to send to all of their AOL members. Assuming it was simply that AOLs servers were inundated with infected emails, I gave it some time. The errors were simply delay and not delivered in time specified errors. Well, it was still going on today. So, I went on site and upped the logging on the server. What to my surprise did appear but a nice little message informing us that I'm sorry, your IP is dynamically assigned and aol doesn't accept dynamic IPs. WTF. This IP is NOT dynamic. The client has had it for about two years. I just looked on their website to file a complaint and ask how they determined what was dynamic and what was static and couldn't find a contact email address. I did find the following statement: AOL's mail servers will not accept connections from systems that use dynamically assigned IP addresses. It was on the following page: http://postmaster.info.aol.com/standards.html So, since I know someone from AOL does lurk on this list, what's my recourse. Feel free to email me offlist. Thanks. On a side note, my client is also curious who's going to help pay the bill that they shouldn't have needed to pay me due to AOL changing policy and blocking them needlessly. Unless AOL is downloading the entire routing pools from all ISPs on a daily basis, how do they know which IPs are dynamic and which are static;) And, since static IPs can actually be assigned out of a DHCP pool as well, even that won't work. -- -- -- -Susan -- Susan Zeigler | Technical Services [EMAIL PROTECTED] | Spindustry Systems 515.225.0920 | You cannot strengthen the weak by weakening the strong. -- Abraham Lincoln Spindustry Systems, Inc. DES MOINES / CHICAGO / INDIANAPOLIS / DENVER CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message including any attachments.
Re: Fun new policy at AOL
Mike Tancsa wrote: At 02:34 AM 8/28/2003 -0500, Susan Zeigler wrote: WTF. This IP is NOT dynamic. The client has had it for about two years. What is the IP address they are rejecting ? Unless AOL is downloading the entire routing pools from all ISPs on a daily basis, how do they know which IPs are dynamic and which are static;) What would BGP tables tell you about internal routing and DNS ? ---Mike Mike Tancsa, tel +1 519 651 3400 Sentex Communications,[EMAIL PROTECTED] Providing Internet since 1994www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike It's 216.161.123.79 IP does match forward and reverse. As a few others have mentioned, the mail server behind their firewall is handling outbound mail only. It pops their inbound mail from another source. We've chosen this solution due to how their membership database is integrated with the address books in their Exchange server and due to the limitations that their mail service provider has put on them--not to mention the fact that their mail service provider has been unstable in the past for sending. Internet service provided is great, they just can't do mail well. I've got an external server I can relay through if need be--and since their IP _IS_ static, it's not really a problem. It just ticks me off because I know there are a lot of others who will be in this boat. -- -- -Susan -- Susan Zeigler | Technical Services [EMAIL PROTECTED] | Spindustry Systems 515.225.0920 | You cannot strengthen the weak by weakening the strong. -- Abraham Lincoln Spindustry Systems, Inc. DES MOINES / CHICAGO / INDIANAPOLIS / DENVER CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message including any attachments.
Re: Fun new policy at AOL
Bob Bradlee wrote: Road-Runner pulled the same stunt with a chain of radio stations I have as clients. We went ON-AIR with a NEWS story, and recomended that everyone effected should call Roadrunner or AOL. AOL contacted me, verified the problem, and had my IP's whitelisted in a matter of hours. Both SBC and WOW were happy to sign up the few that switched before AOL woke up. Good luck, I hope for your sake that your national association has a national name and is ready to black list AOL in their news letter for this. We dont care, we dont have to, were AOL Back to lurking... Bob ps: I dont think I have posting rights, or I would have sent this to the list, back when it happened. I am sure there are a lot of people out there who dont know they are Blacklisted by AOL/Timewarner yet. Thanks Bob!!! Someone else has sent me the right phone number and I'm working on that. I'm forwarding this to the list as well so others can see we're not alone:) -- -- -- -Susan -- Susan Zeigler | Technical Services [EMAIL PROTECTED] | Spindustry Systems 515.225.0920 | You cannot strengthen the weak by weakening the strong. -- Abraham Lincoln Spindustry Systems, Inc. DES MOINES / CHICAGO / INDIANAPOLIS / DENVER CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message including any attachments.
Re: email virus == over the top
neal rauhauser wrote: No one loves me and I don't get much email from the folks who tolerate me. I just got back from having lunch with some guys who tolerate me and I found scads of messages from all over -the funniest among the bunch for our Nanog readers: user@cisco.com user@tacnet.com user@wcom.com user@sprint.com Looks like my internetwork equipment vendor and my two favorite peers have their Windoze stuff in a complete state of 'higgledy piggledy' - a technical term from Bloom County cartoons, for those not old enough to remember. --snip-- Aww, Neal, you know that I still love you and send you email from time to time;) In some cases you can determine the infected machine from the IP in the header. Of course, if it's that IP is dynamically assigned it's a little harder. If the volume of email from one source IP gets too high, a friendly call to their company or ISP might get results--a lookup of the IP at whois.arin.net should give you the contact info you need. This virus has been a royal pain for me. My personal, work, postmaster and webmaster accounts have finally dropped off receiving it, but if anyone wants the more than several thousand I received Tues. and Wed., they're welcome to it. Anyway, just a note on the consequences here. Each time one of these silly things hit that forge sender addresses, the number of possible future infectees who have your email address increases. Let's say that your brother was infected by Klez. His computer sent out a bunch of emails as other people--some of them as you. One of those folks gets infected. Their computer sends out a bunch of emails as other people--some of them as you. Now you've got people that are friends and co-workers of other friends that were infected. Each time that circle gets larger and the number of folks who potentially have your email address somewhere on their system widens. THIS SUCKS! The postmaster account is by far the worst one as far as receiving. If anyone ever finds out where to send the bill and the firing squad, I'll be at the front of the line;) -- -Susan -- Susan Zeigler | Technical Services [EMAIL PROTECTED] | Spindustry Systems 515.225.0920 | You cannot strengthen the weak by weakening the strong. -- Abraham Lincoln