Re: anybody else been spammed by no-ip.com yet?
On Fri, May 10, 2002 at 11:27:10AM +1000, Terence Giufre-Sweetser wrote: Now there's a good idea, and it works, I have several sites running a port 25 trap to stop smtp abuse. To stop port 25 abuse at some schools, the firewall grabs all outgoing port 25 connections from !the mail server, and to !the mail server, and runs then via the mail server, which stops header forging, mass rcpt to: abuse, and vrfy/expn probing. Anything that goes past the filters has a nice clear and traceable received by: line. I'm not sure what's so swell with this. I require SMTP AUTH over SSL with STARTTLS (exclusively), and this nice little hijack scheme makes for great support calls. They steal the SMTP connection, and then are enable to provide the SSL connection and our server certificate (obviously), so the connection fails. Yes, the solution is to pick a different non standard port, which comes with its own set of problems (not counting mail clients that are unable to use a different port), but I'd much rather that they do not hijack my client connections (blocking open relays and DUL IPs works just fine if you choose/need to do that) Marc -- Microsoft is to operating systems security what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger [EMAIL PROTECTED] for PGP key
Re: anybody else been spammed by no-ip.com yet?
Jim Hickstein wrote: My customers who reach me (a mail service) from Earthlink dialups are affected by this. Apparently it's still happening. I run a listener on another host and port, known only to this (so far) small subset of people, to be able to serve them. In general, we advise people to use their ISP's relay for outgoing mail, but Earthlink won't let them relay because the sender domain is not one that Earthlink knows about (i.e. is charging them for). Apparently. Something's weird here. My home DSL line is Earthlink. I send out mail through their server (specifically through smtp.mindspring.com), and I have my mail client cofigured to use my yahoo.com address as the return address. They don't seem to care about the message's sender address as long as it comes from an Earthlink link. Is the dial-up any different? Now, I do know that I can't send through the Earthlink/Mindspring server from outside their network. But that's not a big deal for me. When I'm away from home, I just use the server of whatever network I'm connected to at the time, which has never given me a problem. I think Earthlink has an SMTP-AUTH mail server as well. It's not the same one that the default dialups use, however. I think it's smtpauth.earthlink.com, but I haven't actually tried using it. -- David
Re: anybody else been spammed by no-ip.com yet?
Jim Hickstein wrote: One clarification: Can these users relay through that host, using SMTP AUTH, from anywhere, or only from within your network? I observe, for instance, that the instructions for Outlook 2000 (Windows) does not have them check my [outgoing SMTP] server requires authentication. If the former, great! I'll inform my affected customers. If the latter, they'll have to fool with settings as they move around -- which you no doubt already know is asking too much of 99% of the population. :-) According to a message posted to one of the EL support newsgroups a while back, they run a separate SMTP AUTH mail server that will work as you describe. It's not the same server that customers use from an EL line, however. I haven't actually used this server. I also don't know if it's a permenant thing or if it's just an experiment at this time. -- David
Re: anybody else been spammed by no-ip.com yet?
On Fri, 10 May 2002, David Charlap wrote: Jim Hickstein wrote: My customers who reach me (a mail service) from Earthlink dialups are affected by this. Apparently it's still happening. I run a listener on another host and port, known only to this (so far) small subset of people, to be able to serve them. In general, we advise people to use their ISP's relay for outgoing mail, but Earthlink won't let them relay because the sender domain is not one that Earthlink knows about (i.e. is charging them for). Apparently. Something's weird here. My home DSL line is Earthlink. I send out mail through their server (specifically through smtp.mindspring.com), and I have my mail client cofigured to use my yahoo.com address as the return address. They don't seem to care about the message's sender address as long as it comes from an Earthlink link. Not weird, this is the way most smtps are setup - not to verify sender address but only allow the ISP's IP addresses. (this is how not to be an open relay server which spammers use..) Steve Is the dial-up any different? Now, I do know that I can't send through the Earthlink/Mindspring server from outside their network. But that's not a big deal for me. When I'm away from home, I just use the server of whatever network I'm connected to at the time, which has never given me a problem. I think Earthlink has an SMTP-AUTH mail server as well. It's not the same one that the default dialups use, however. I think it's smtpauth.earthlink.com, but I haven't actually tried using it. -- David
Re: anybody else been spammed by no-ip.com yet?
2002-04-05 | 116 2002-04-04 | 125 2002-04-03 |91 2002-04-02 |88 2002-04-01 |97 (33 rows) go ahead and Just Hit Delete if you want. if this idiot idea (the `you can delete it' one) continues on, there's going to be a market for ultra long life, MILSPEC, DEL KEYS. --- Terence C. Giufre-Sweetser +-+--+ | TereDonn Telecommunications Ltd | Phone +61-[0]7-32369366 | | 1/128 Bowen St, SPRING HILL |FAX +61-[0]7-32369930 | | PO BOX 1054, SPRING HILL 4004 | Mobile +61-[0]414-663053 | | Queensland Australia | http://www.tdce.com.au | +-+--+
Re: anybody else been spammed by no-ip.com yet?
On Fri, May 10, 2002 at 11:27:10AM +1000, Terence Giufre-Sweetser wrote: Now there's a good idea, and it works, I have several sites running a port 25 trap to stop smtp abuse. To stop port 25 abuse at some schools, the firewall grabs all outgoing port 25 connections from !the mail server, and to !the mail server, and runs then via the mail server, which stops header forging, mass rcpt to: abuse, and vrfy/expn probing. Anything that goes past the filters has a nice clear and traceable received by: line. If a few of the larger pre-paid isp's could simply filter port 25 on their accounts, add some sanity checking (like, a user must be using a valid email address in the from:/return-path:/reply-to: lines, etc) and reject other abuse like rcpt to: stacking. Plus, add a anti-bulk email check, like razor or checksum clearinghouse, (yeah, seriously, checksum the outgoing emails, if some humans somewhere have said this is spam, then /dev/null or BOUNCE the outgoing email.) I'd even be inclined to place these filters at the border to smaller downstream isp's, let them register their valid email domains, any user from their network trying to send invalid email, or email that is listed in razor, just kill it or auto-refer to the abuse desk. [This may sound expensive, but on reflection, a US$2K box with BSD could handle 20Mbps of port 25, remember only port 25, nothing else, you would place one behind your dial up infrastructure, or several for a large site, and your transparent smtp proxy would pay for itself by killing off a lot of your abuse@ work. There was many ways of redirecting the port 25 packets, have a look at all the good work done on port 80 transparent proxies.] // :), patent pending? No, the concept is hereby commited to the public domain. // Earthlink was doing this for basically all of their consumer-grade (dialup, most of the ADSL, etc) customers in 1999 (well, almost certainly earlier than that, but I can only personally speak to it being in place then). It doesn't stop absolutely everything, but it's a very good 95% first pass filter. Don't forget to allocate support queue time for explaining to folks why they can't do SMTP relaying through their other provider where they have a hosting account, though... (Business customers were exempted, but paid hefty setup fees and monthly fees, and if I recall the contract correctly, forfeited all of them for AUP violations, which explicitly included UCE). Keeping the filters up to date is often a painful excercise in assignment coordination testing, too... -- *** Joel Baker System Administrator - lightbearer.com [EMAIL PROTECTED] http://users.lightbearer.com/lucifer/
Re: anybody else been spammed by no-ip.com yet?
--On Thursday, May 9, 2002 8:26 PM -0600 Joel Baker [EMAIL PROTECTED] wrote: Earthlink was doing this for basically all of their consumer-grade (dialup, most of the ADSL, etc) customers in 1999 (well, almost certainly earlier than that, but I can only personally speak to it being in place then). It doesn't stop absolutely everything, but it's a very good 95% first pass filter. Don't forget to allocate support queue time for explaining to folks why they can't do SMTP relaying through their other provider where they have a hosting account, though... My customers who reach me (a mail service) from Earthlink dialups are affected by this. Apparently it's still happening. I run a listener on another host and port, known only to this (so far) small subset of people, to be able to serve them. In general, we advise people to use their ISP's relay for outgoing mail, but Earthlink won't let them relay because the sender domain is not one that Earthlink knows about (i.e. is charging them for). Apparently. In principle, I endorse this practice. It seems to reduce abuse, which is all to the good. But in practice, it creates a problem I have to solve. Is there a way for these unfortunate people to register other domains with Earthlink as outbound relay only?
RE: anybody else been spammed by no-ip.com yet?
For more on EarthLink's Port 25 policy see: http://help.earthlink.net/port25/ Best regards, Al Rowland -Original Message- From: Joel Baker [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 09, 2002 7:26 PM To: [EMAIL PROTECTED] Subject: Re: anybody else been spammed by no-ip.com yet? On Fri, May 10, 2002 at 11:27:10AM +1000, Terence Giufre-Sweetser wrote: Now there's a good idea, and it works, I have several sites running a port 25 trap to stop smtp abuse. To stop port 25 abuse at some schools, the firewall grabs all outgoing port 25 connections from !the mail server, and to !the mail server, and runs then via the mail server, which stops header forging, mass rcpt to: abuse, and vrfy/expn probing. Anything that goes past the filters has a nice clear and traceable received by: line. If a few of the larger pre-paid isp's could simply filter port 25 on their accounts, add some sanity checking (like, a user must be using a valid email address in the from:/return-path:/reply-to: lines, etc) and reject other abuse like rcpt to: stacking. Plus, add a anti-bulk email check, like razor or checksum clearinghouse, (yeah, seriously, checksum the outgoing emails, if some humans somewhere have said this is spam, then /dev/null or BOUNCE the outgoing email.) I'd even be inclined to place these filters at the border to smaller downstream isp's, let them register their valid email domains, any user from their network trying to send invalid email, or email that is listed in razor, just kill it or auto-refer to the abuse desk. [This may sound expensive, but on reflection, a US$2K box with BSD could handle 20Mbps of port 25, remember only port 25, nothing else, you would place one behind your dial up infrastructure, or several for a large site, and your transparent smtp proxy would pay for itself by killing off a lot of your abuse@ work. There was many ways of redirecting the port 25 packets, have a look at all the good work done on port 80 transparent proxies.] // :), patent pending? No, the concept is hereby commited to the public domain. // Earthlink was doing this for basically all of their consumer-grade (dialup, most of the ADSL, etc) customers in 1999 (well, almost certainly earlier than that, but I can only personally speak to it being in place then). It doesn't stop absolutely everything, but it's a very good 95% first pass filter. Don't forget to allocate support queue time for explaining to folks why they can't do SMTP relaying through their other provider where they have a hosting account, though... (Business customers were exempted, but paid hefty setup fees and monthly fees, and if I recall the contract correctly, forfeited all of them for AUP violations, which explicitly included UCE). Keeping the filters up to date is often a painful excercise in assignment coordination testing, too... -- *** Joel Baker System Administrator - lightbearer.com [EMAIL PROTECTED] http://users.lightbearer.com/lucifer/
RE: anybody else been spammed by no-ip.com yet?
--On Thursday, May 9, 2002 8:37 PM -0700 Rowland, Alan D [EMAIL PROTECTED] wrote: For more on EarthLink's Port 25 policy see: http://help.earthlink.net/port25/ That's very helpful! Thank you! One clarification: Can these users relay through that host, using SMTP AUTH, from anywhere, or only from within your network? I observe, for instance, that the instructions for Outlook 2000 (Windows) does not have them check my [outgoing SMTP] server requires authentication. If the former, great! I'll inform my affected customers. If the latter, they'll have to fool with settings as they move around -- which you no doubt already know is asking too much of 99% of the population. :-)
Re: anybody else been spammed by no-ip.com yet?
On Sat, May 04, 2002 at 06:01:49PM -0600, [EMAIL PROTECTED] said: [snip] Passing laws and putting on filters don't work. Depending on each mail server admin to do the right thing doesn't work. We need to find something else that will. I'm beginning to think that fighting the spam itself is futile. What we should perhaps be focusing on is removing access to whatever is being spamvertised (frequently a get-rich-quick website, porn site, diet site, etc. - but generally a website somewhere, that can have the plug pulled). Most of the discussion so far has focused on fighting the spam, but most of the methods feel a bit akin to moving an object tied to a rope by pushing the rope. I may get 15 spams from 15 different originating points, with 15 different headers, but they will frequently _all_ be advertising the same site or service. Wouldn't it be simpler to focus efforts on cutting off service to whatever is being spamvertised? It's the single link in the chain that, if cut, will take away the point of the spam. Thinking out loud here ... I realize there are problems (free/throwaway hosting, non-responsive network/hosting providers in other parts of the world, etc. etc.), but I think focusing on removing the motivation for the spam would be easier than trying to stop spam directly. -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui msg01627/pgp0.pgp Description: PGP signature
Re: anybody else been spammed by no-ip.com yet?
On Mon, 6 May 2002, Scott Francis wrote: On Sat, May 04, 2002 at 06:01:49PM -0600, [EMAIL PROTECTED] said: [snip] Passing laws and putting on filters don't work. Depending on each mail server admin to do the right thing doesn't work. We need to find something else that will. I'm beginning to think that fighting the spam itself is futile. What we should perhaps be focusing on is removing access to whatever is being spamvertised (frequently a get-rich-quick website, porn site, diet site, etc. - but generally a website somewhere, that can have the plug pulled). Actually, my analysis of spam seems to indicate authentication of remote SMTP servers through a process similar to joining this list would remove 99+% of SPAM. i.e. the first email from a particular remote server that is received, requires the sender to take some action (respond with a password, click on a URL, etc.) before the mail gets through. One of these days I hope to write the procmail rules to do it (if I don't find someone that has done it already) -Ralph
Re: anybody else been spammed by no-ip.com yet?
On Mon, May 06, 2002 at 07:31:47PM -0400, Ralph Doncaster wrote: Actually, my analysis of spam seems to indicate authentication of remote SMTP servers through a process similar to joining this list would remove 99+% of SPAM. i.e. the first email from a particular remote server that is received, requires the sender to take some action (respond with a password, click on a URL, etc.) before the mail gets through. One of these days I hope to write the procmail rules to do it (if I don't find someone that has done it already) Such a beast lives already: Tagged Message Delivery Agent. http://software.libertine.org/tmda/ Yours, Luca -- Luca Filipozzi, ECE Dept. IT Manager, University of British Columbia Office: MacLeod 257 Voice: 604.822.3976 Web: www.ece.ubc.ca/~lucaf gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
Re: anybody else been spammed by no-ip.com yet?
On Mon, 6 May 2002, Ralph Doncaster wrote: Actually, my analysis of spam seems to indicate authentication of remote SMTP servers through a process similar to joining this list would remove 99+% of SPAM. i.e. the first email from a particular remote server that is received, requires the sender to take some action (respond with a password, click on a URL, etc.) before the mail gets through. One of these days I hope to write the procmail rules to do it (if I don't find someone that has done it already) Tagged Message Delivery Agent. http://software.libertine.org/tmda/ - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 -- Protect your personal freedoms - visit http://www.lp.org/
Re: anybody else been spammed by no-ip.com yet?
On Mon, 06 May 2002 19:31:47 EDT, Ralph Doncaster said: 99+% of SPAM. i.e. the first email from a particular remote server that is received, requires the sender to take some action (respond with a And the mailing list you just subscribed to clicks on the URL *how*? Across the hall we got a large Sun box that does some 2M POP3 checks per week, for a 70K+ user community. Explain how your scheme works in that environment OK.. said throw-away dialup tosses one piece of mail, has a little proggie that catches the response and automates the reply, and then proceeds to spam my 70K users. Wow, that slowed them down a lot. ;) msg01635/pgp0.pgp Description: PGP signature
Re: anybody else been spammed by no-ip.com yet?
On Mon, 6 May 2002, Scott Francis wrote: On Sat, May 04, 2002 at 06:01:49PM -0600, [EMAIL PROTECTED] said: [snip] Passing laws and putting on filters don't work. Depending on each mail server admin to do the right thing doesn't work. We need to find something else that will. I'm beginning to think that fighting the spam itself is futile. What we should perhaps be focusing on is removing access to whatever is being spamvertised (frequently a get-rich-quick website, porn site, diet site, etc. - but generally a website somewhere, that can have the plug pulled). The major problem I see with this is the need to verify that the spamvertised site actually requested or paid for the spam. After all, what's to prevent me from spamming in the name of xyz.com just so I can see them shutdown? More importantly, you need evidence to shut a customer and being spamvertised alone is not necessarily sufficient. -Mike
Re: anybody else been spammed by no-ip.com yet?
On Tue, May 07, 2002 at 01:13:34AM -0400, Mike Joseph wrote: The major problem I see with this is the need to verify that the spamvertised site actually requested or paid for the spam. After all, what's to prevent me from spamming in the name of xyz.com just so I can see them shutdown? More importantly, you need evidence to shut a customer and being spamvertised alone is not necessarily sufficient. Just to say that this is not hypothetical, before we eventually got permanently whitelisted on spamcop, I would routinely get spamvertised website complaints on open source projects hosted on sourceforge.net Spammers would either list open source projects URLs in their spams for various reasons, or the spam would contain the URL of an open source project (like razor.sourceforge.net, squirrelmail.org, or something like that) The most distressing part is that all those reports were supposedly reviewed and approved by humans before being sent. Sigh... Marc -- Microsoft is to operating systems security what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger [EMAIL PROTECTED] for PGP key
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Forrest W. Christian wrote: Anyone who thinks that government can pass a law and this will go away is hopelessly naieve. The spammers will go overseas. Besides, if you look The spammers already use non-US machines in various ways to disguise their (still predominately) US origin. been reported to the razor. rbldns lists are effective only against the worst offenders, as the rest don't get reported until it is too late. and so on. Hrm, I'm thinking that the focus is slightly off (ie, rejection doesn't have to occur solely at the message delivery stage); assuming that you had custom software, you could conceiveably get a real time feed of spam/open relays/other criteria and periodically check your mail that-you-have-received-but-not-yet-read against any new updates to further get rid of more spam. If you've got a few million subscribers who would be further annoyed at spam/your abuse desk in receiving spam, this would possibly be productive. I think the only other methods I can think of are best described as some sort of web of trust type method. These are essentially whitelist systems. In order to send me mail you have to *do* something. How long before mailing list exploders are forced to only accept pgp-signed/encrypted mail from its subscribers, and re-pgp-sign/encrypt it when sending to subscribers ? --==-- Bruce.
Re: anybody else been spammed by no-ip.com yet?
The only way to catch and stop spammers is with horsepower and proactive mail policies. Sendmail is capable of being configured in a rigid manner and filters put in place, the problem is that most system hacks are not capable enough to manage the overhead of enforcing a filtration rule on each piece of mail because of the complexity. What's needed is a turn-key solution really. Non of us want to have to play with email gateways and reception agents if we don't have to (well ok, so its only most of us...). For instance, we got a boatload of bad email last week locally at one of the local SF Bay Area University's I do work with, and our entire email gateway was shutdown dealing with actively filtering 3000 emails that had a contaminated attachment. The problem with email filters is that they are not smart. The cant tell you when they see 5 pieces of email that all have a bad return or source address/name and that have a contaminated attachment, that all came from the same place that they should create and manage their own little blacklist file... I also suggest that running sendmail on a single host is a mistake or any mail system for that matter. I have ours setup on a reception agent system which timestamps and logs all the email into a queue. The queue has a stand-alone engine that qualifies each piece of email and checks any attachments for evilness. Each stage also sends a response to the sender acknowledging receipt if Receipts are requested and the whole system works pretty well. The whole system cost less than 15K to put in place and is essentially 5 different computers all of which happen to be implemented on a SBC we have so the entire system fits into a single PCI based computer's footprint. If anyone is interested in the exact setup - email me offlist and we can continue this conversation. Todd Glassey, CTO ServerWerks Inc. http://www.serverwerks.cc - Original Message - From: [EMAIL PROTECTED] To: Forrest W. Christian [EMAIL PROTECTED] Cc: Eric A. Hall [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, May 04, 2002 4:33 PM Subject: Re: anybody else been spammed by no-ip.com yet? On Sat, 4 May 2002, Forrest W. Christian wrote: We're trying to discourage bulk emailers, not individuals. Then the way to do this is to make the cost of sending mass mail more expensive than sending only a few here and there. In short, we need a way to prevent the use of the $19.95 throw-away account that is used to send the vast majority of spam. Let's face it, only the biggest of the hardcore spammers are willing to pay out for dedicated lines. How about something along the lines of dial accounts having their outgoing SMTP connections rate limited to, oh, let's say 100 per day, and limiting the maximum number of recipients on any given email to some low number, say 5? A customer reaches the limit, the account auto-rejects all email for 24 hours. Someone bitches? Let them buy full rate dedicated services, with the first month, last month, and a security deposit up front before service is established. -- Yours, J.A. Terranson [EMAIL PROTECTED] If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place...
Re: anybody else been spammed by no-ip.com yet?
There will be a day when folks will need to pay to transit email (Paul Vixie, 1998). Still working on that better mouse trap? well, other than that i wish i could charge _you_ for the spam i get that's due to the several MAILTO:[EMAIL PROTECTED]'s on your www.dotcomeon.com site, no. it's not my mouse of choice.
Re: Per message costs of email (was: Re: anybody else been spammed by no-ip.com yet?)
In a message written on Sat, May 04, 2002 at 04:36:40PM -0400, Scott A Crosby wrote: So far, other than Jared Mauch [EMAIL PROTECTED]'s calculation where he neither confirmed nor disputed $.02/email, I've yet to see *one* quantified per-message price bandied about.. It doesn't matter. I will suggest that as long as the cost of e-mail advertisements is cheaper than the cost of snail mail advertisements you will get more e-mail advertisements than snail mail ones. Even at $0.18/message (or whatever the bulk rate is these days), plus the cost of paper, printers, machines/people to stuff envelops I still get 2-3 unwanted physical ads in my snail mail box every day. Even if spammers had to pay $0.05, $0.02, $0.0002, or whatever the cost is determined to be you will get spam. Lots of spam. In fact, if the spammers did have to pay it would eliminate the 'theft of resources' argument, and I bet spam would triple as more business consider it a legal and ethical way of doing business. Sadly, I don't see the virtual world working any better than the real world. The only real difference at the moment is the type of products being sold. In the end there will be a mechanism to make spam legal. It may be micro-payments, it may be something else; but business will find a way to do it. Then your spam will change from Viagra and Live Girls to Get your Capitol 1 No Hassel Card and Publishers Clearinghouse wants to award you $1 Million! Maybe that wouldn't be so bad, the spam would be less offensive. -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org
Re: e-postage yet again, was anybody else been spammed by no-ip.com yet?
On Sun, 05 May 2002 18:15:15 EDT, Nathan J. Mehl [EMAIL PROTECTED] said: people that this had happened to? I'd file a class-action liability suit against Microsoft for selling a defective product that lost my clients thousands of dollars. I suspect I'd have a good chance of winning, too. EULA. Computer software is unique in that not only are the producers not held liable for defects, but quite often manage to avoid any of the usual suitability for purpose requirements - there is a presumption that (for instance) a toaster is supposed to be able to actually toast a piece of bread - and that therefore any toaster that is unable to do so is inherently defective *and it's the vendor's problem to make it right*, whether via replacement, repair, or refund. Quite often, vendors of software manage to disclaim even the requirement that a word processor be able to process text, etc.
Re: e-postage yet again, was anybody else been spammed by no-ip.com yet?
In the immortal words of [EMAIL PROTECTED] ([EMAIL PROTECTED]): On Sun, 05 May 2002 18:15:15 EDT, Nathan J. Mehl [EMAIL PROTECTED] said: people that this had happened to? I'd file a class-action liability suit against Microsoft for selling a defective product that lost my clients thousands of dollars. I suspect I'd have a good chance of winning, too. EULA. Absent the passage of an SPCCA-esque Federal law, the enforceability of EULAs in the face of actual, quantifiable financial damage is untested at best, farcical at worst. This is, of course, entirely non-operational in content, so I'd like to take this moment to remind the list of the presence of: [EMAIL PROTECTED] Send email to [EMAIL PROTECTED] to be added to the list. Only you can prevent endless non-operational digressions on [EMAIL PROTECTED]! -n -[EMAIL PROTECTED] I used to think that the brain was the most wonderful organ in my body. Then I realized who was telling me this. (--Emo Phillips) http://blank.org/memory/-
Re: anybody else been spammed by no-ip.com yet?
I'm going to make a suggestion which I realize that today there isn't any easy way to do this. However, I want to throw this out because I think if we could figure out how to do it, I think the spam problem will go away. Anytime anyone sends a mail to my server, I want to be paid 2 cents. 2 cents is probably less than the combined costs of me recieving a mail message. (Maybe 3 is better). That said, even if it was 2 cents, then a spammer dropping 10,000 messages on my server would net us $200.00 - and better, cost the spammer $200.00. Normal email between two people would likely cancel out and be of no net cost. You would also want to be able to accept mail from certain senders for free. What I envision is some sort of micropayment protocol extension to SNMP. something like you exchange helo's, mail from, and rcpt to's, and the receiving server says to the sender That will be x cents please, at which point the server sends some sort of cert-signed digital cash. I'm not sure how you would bootstrap this or if it will ever be possible. I just think that if we could get even $0.02 per email from the spammers a lot of them would stop. - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 -- Protect your personal freedoms - visit http://www.lp.org/
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Forrest W. Christian wrote: What I envision is some sort of micropayment protocol extension to SNMP. - Make that SMTP :) I guess I've been working on network monitoring too much recently. - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 -- Protect your personal freedoms - visit http://www.lp.org/
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Forrest W. Christian wrote: I'm going to make a suggestion which I realize that today there isn't any easy way to do this. However, I want to throw this out because I think if we could figure out how to do it, I think the spam problem will go away. Anytime anyone sends a mail to my server, I want to be paid 2 cents. Apart from the various obvious problme with this (as elaborated by someone else already), this could make things worse overall. Its an interesting, but naive idea.. The moment there's money to be made in receiving email, someone will exploit it in ways you won't expect. Bandwidth is about a dollar/gig nowadays? Thus, thats about 50,000 emails/dollar of bandwidth, and that dollar is capable of making the smart entrepreneur $1000.[1] Now, how do I build a ``business plan'' so that many people send me short bits of email, and where I can act as an email sink? Off of the top of my head: Troll for cash? (Like I am right now! :) Make a zombie network that continiously sends me email? Lottery sites. (``Send an email for a chance to win! The more emails, the bigger the pot and the higher your chances.'') Subscribe to every mailing list under the sun? I don't remember my SMTP, but this may adjust economics so that bounce messages are a financial cost and are no longer sent and/or may be used to bankrupt an orginzation. And, will that business plan be worse than the current situation? Scott P.S. If you get what you want, I'm going to get a business method patent on the email lottery idea. I got college loans to pay off! [1] This raises an interesting question of how can you claim an email costs $.02 to receive, when the bandwidth to get it is about 3 orders of magnitude less, and diskspace costs 2 orders of magnitude less ($10/gig)? If your average user gets 10 emails/day, that means that each user gets 300 emails/month, and costs you $6.00 in resources? If you have dialup users paying $20/month, do you kick them off if they subscribe to a busyish mailing list and get over 35 emails/day? In terms of ISP resources, emails cannot be costing $.02 each to receive. In terms of the time to delete them, I could believe that they cost $.02 each. (If you value your time at $20/hour, $.02 is 3 seconds)
Re: anybody else been spammed by no-ip.com yet?
On Fri, 3 May 2002 [EMAIL PROTECTED] wrote: Do you have data on approximate amount of this extra mail bandwidth due to spam per user? Actually lets be more exact, can some of you with 10,000 real user mail accounts reply how much traffic your mail server is using and if you have spam filter, how much (in percentage) of mail were filters. And how big were the filterd spam in comparison to all other regular mails? And if possible how much in amount of disk space was it in comparison to all other emails? Since sendmail applies our dnsbl rules before accepting the message, I can't say how much bandwidth the blocked spam would have used. On a MX that handles mail for several tens of thousands of actual user accounts, it's not unusual for us to deliver ~400k messages and reject anywhere from 200k-500k messages. A few weeks ago we had a several day period during which we rejected 1,000,000 messages/day. The rejected numbers can be somewhat inflated though by the 'alphabet spammers'. I'm not sure what else to call them...but these are the people who try to send mail to every conceivable address @yourdomain. If you run a large mail server, you've probably seen them hit you. When they dump their random address spam on an open relay, that relay gets blacklisted pretty quickly, resulting in large numbers of dnsbl rejected messages that would have eventually bounced as 'no such user' bounces, and likely double bounced. Worse, IMO, than the bandwidth issue (mail from/rcpt to/571 doesn't use that much bandwidth), is the mail server load issue. A couple of open relays pounding on our mail servers trying to deliver a truckload of spam someone dumped on them will drive up the load in no time. I'm seriously considering adapting some existing code to watch syslog data and use kernel packet filtering to cut off connectivity for say 24h from IP's after N dnsbl caused rejections in Y minutes. This should reduce load considerably. While typing this I was just watching the log on one mail server and noticed several rejections/sec from mail.ignacio.k12.co.us. That system is an open relay (listed in several blacklists) and has been trying to deliver mail to atlantic.net since last wednesday. We've rejected from them the following numbers of messages: Wed: 82102 Thur: 286861 Fri: 215779 Sat (so far): 62128 -- -- Jon Lewis *[EMAIL PROTECTED]*| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: anybody else been spammed by no-ip.com yet?
[EMAIL PROTECTED] writes: It does not cost very little to recieve spam. It costs the end-user very little to recieve spam. I'll echo Paul's comments about the cost of my time. In my case, a half hour a day seems about right (compared to Paul's hour a day). I suspect you may have a very different perception about the value of your time than Paul and I have about the value of ours. I am sure that we have customers whose time is worth a lot and whose time is worth very little. Over half of our customers, however, are in countries where there is a per-minute cost to being off-hook on a dialup. They see a very direct cost to download spam, aside from the human costs. Whether we like it or not however, this is a cost of doing business now, and is a normal part of determining your cost of goods sold (at least it *should* be). Counting inventory shrinkage costs as part of the cost of doing business at a retail establishment does not change the fact that shoplifting is a crime. Spam is theft, plain and simple. Spam is a reality that none of us, either alone or in concert, will ever be able to eradicate. That makes the general gnashing of teeth == tilting at windmills. Your position is noted. Our time is probably the most expensive part of an ISPs spam cleanups budget - automating a filter system (for those who specifically ask for it, of course) via the purchase of services from Vixie or your favorite equivalent is likely to be a reasonably inexpensive alternative to having us spinning our wheels. asbestos underwear in place ;- You have incomplete information. That's all I'm going to say about it. ---Rob
Re: anybody else been spammed by no-ip.com yet?
At the moment I'm actually interested in statistics on size of spam messages as compared to average size of mail message to try to caclulate amount of mail bandwdith they really waste... My own calculations show around 27% spam email and I'v seen statistics from 20-30% from others (someone else also wrote me 1/3 of the email, this is a little inflated but shows generaly what is). But I'm interested in actual numbers on per size of email statistics if possible. On Sat, 4 May 2002 [EMAIL PROTECTED] wrote: On Fri, 3 May 2002 [EMAIL PROTECTED] wrote: Do you have data on approximate amount of this extra mail bandwidth due to spam per user? Actually lets be more exact, can some of you with 10,000 real user mail accounts reply how much traffic your mail server is using and if you have spam filter, how much (in percentage) of mail were filters. And how big were the filterd spam in comparison to all other regular mails? And if possible how much in amount of disk space was it in comparison to all other emails? Since sendmail applies our dnsbl rules before accepting the message, I can't say how much bandwidth the blocked spam would have used. On a MX that handles mail for several tens of thousands of actual user accounts, it's not unusual for us to deliver ~400k messages and reject anywhere from 200k-500k messages. A few weeks ago we had a several day period during which we rejected 1,000,000 messages/day. The rejected numbers can be somewhat inflated though by the 'alphabet spammers'. I'm not sure what else to call them...but these are the people who try to send mail to every conceivable address @yourdomain. If you run a large mail server, you've probably seen them hit you. When they dump their random address spam on an open relay, that relay gets blacklisted pretty quickly, resulting in large numbers of dnsbl rejected messages that would have eventually bounced as 'no such user' bounces, and likely double bounced. Worse, IMO, than the bandwidth issue (mail from/rcpt to/571 doesn't use that much bandwidth), is the mail server load issue. A couple of open relays pounding on our mail servers trying to deliver a truckload of spam someone dumped on them will drive up the load in no time. I'm seriously considering adapting some existing code to watch syslog data and use kernel packet filtering to cut off connectivity for say 24h from IP's after N dnsbl caused rejections in Y minutes. This should reduce load considerably. While typing this I was just watching the log on one mail server and noticed several rejections/sec from mail.ignacio.k12.co.us. That system is an open relay (listed in several blacklists) and has been trying to deliver mail to atlantic.net since last wednesday. We've rejected from them the following numbers of messages: Wed: 82102 Thur: 286861 Fri: 215779 Sat (so far): 62128
Re: anybody else been spammed by no-ip.com yet?
At 08:21 PM 03-05-02 -0700, Paul Vixie wrote: 456 05/03 Big Brother Protect your family on the InternetHTML BOD 457 05/03 Big Brother Protect your family on the InternetHTML BOD 458 05/03 Big Brother Protect your family on the InternetHTML BOD 459 05/03 Big Brother Protect your family on the InternetHTML BOD 460 05/04 FreeSampleCenter Win $20,000! Win $20,000 to RENOVATE your Home! 463 05/04 my_own_business20 If a 15 year old boy can earn $71,000 in just a 464 05/03 mikeYOUR HEALTH zNAUiqxgExThis is a multi-part mes 465 05/03 National Financia InvestorFacts: NasdaqNM: DSSI -Data Systems and 466 05/02 Pamila Binkley don't Pay another monthly Bill until you read th 469 05/04 [EMAIL PROTECTED] Large Annual Tax Savings!html head title remember, it would be ~4X higher without filtering, according to my syslogs. As an interesting aside, one of my filter rules to throw away spam was looking in the subject line for adv. Inadvertently, it ending up throwing away email from a lawyer who was trying to send me email since he signed his name as Joe Blow, Adv. :-) -Hank
Re: anybody else been spammed by no-ip.com yet?
On Sat, May 04, 2002 at 11:57:04AM -0700, Gary E. Miller wrote: Yo Scott! On Sat, 4 May 2002, Scott A Crosby wrote: I'd like the costs quantified.. Servers and disks are expensive, but if they handle a ten million messages during their lifetime, the amortized cost PER MESSAGE is cheap. I guess at a school you get free labor for setup, admin, backup, tech support, etc. FOr the rest of us those are major costs you left out. Correct, The people that call in and say Please delete my mailbox as i can't download anything from it because my mail client freaks out. that costs real $$$, since they want an 800# to dial, and those support costs are not directly tangible to spam but it's very complicated to add up. Most providers needed to build a custom mail system to get past 30-50k users as you can't run that on one beefy system. You need to keep duplicates away, reliable delivery and good responses for checking your mail. Then at this size you need to be integrated into your billing system otherwise your required resources to manage your isp grow very quickly. the costs of smtp() and pop3() are all related here. If you go back 10 years ago, you did not need a dedicated abuse/security staff to police your users. These are all intereleated. - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: anybody else been spammed by no-ip.com yet?
trollishly What do you guess for the amortized cost/spam? /trollishly a cost that you are forced to pay in order to enrich somebody else is theft, no matter how microscopic the payment might be. we all know what (they) are, now we're just arguing about the price. I do find it amusing that nobody responded to my more relevant and intended thrust, about how putting a 'sender pays receiver for email' could cause a variety of new abuses of the email system. on the one hand, you're right that any micropayment system would have to be very carefully thought out and even more carefully implemented, lest it open the door to many and varied forms of microabuse. on the other hand, that doesn't disprove the case, since even in your example it would merely cause people to become a LOT more careful about they mail they sent. that CAN'T be a bad thing. bill washburn's XNS effort, while nowhere near ready for critical review, shows some of the throught that needs to occur to make micropayments not be a bad deal for one or both parties. www.xns.org has an overview and www.onename.com goes so far as to say With an OneName solution, you control and manage all relevant identity data, with no need to involve a third party in your business relationships. You can customize authentication and permission structures for every business relationship and automate specific types of data exchange, both within and across the corporate firewall. These same permission structures provide an easy way for customers to provide consent for the usage of their personal data. note that i'm not advocating the approach, but rather, holding it up as one example of how personal messaging will have to work at full scale.
Re: anybody else been spammed by no-ip.com yet?
I've been roasted privately and called naive in thinking that pay-per-mail is a valid solution. Let me first say that the $0.02 I pulled out of the air was derived simply by taking the $80/hr I bill to clients and dividing that by 3600 (number of seconds in an hour) thus $0.022. I'd say that about 1 second per email is probably real in relation to my time. Let me explain why I've come up the pay per message as an answer. I realize that this has got issues with it - such as abuses of the micropayment system, etc. etc. etc. Anyone who thinks that government can pass a law and this will go away is hopelessly naieve. The spammers will go overseas. Besides, if you look at the content of a lot of the spams I receive I doubt the senders care much about the law. The junk fax law, in my opinion, worked primarily because sending faxes from locations outside the us jurisdiction cost more and there were few things you could provide from overseas which were marketable via fax. Anyone who thinks we're going to be able to educate people and make them all close their open relays is going to make the problem go away is hopelessly naieve. There are just too many admins out there, most of which are of the I think running my own mail server is a good idea, but I really don't have much of a clue about how the mail server REALLY works variety. It's not possible. That leaves technological measures. Spam filters are a good idea, but spam is a very moving target. I run spamassassin (highly recommended) on a couple of mail servers. When I first install a newly-released version of spamassassin it is nearly perfect. Over a couple of months it gets less and less effective, at which point I install the newest version, which improves effectiveness again. Occam's razor is good, but in reality only catches spam if it has been reported to the razor. rbldns lists are effective only against the worst offenders, as the rest don't get reported until it is too late. and so on. I think the only other methods I can think of are best described as some sort of web of trust type method. These are essentially whitelist systems. In order to send me mail you have to *do* something. The first option is a traditional If you send me email and I don't know you, I'll bounce the message and you have to reply with a specially formatted mail message in order to get your mail through. The main problem with this model is that in circumstances where bulk mailing is necessary (such as notifications of credit card payment due, etc.), you run into a problem. The other thing is that eventually, spammers will learn how to respond to these messages automatically. The second is more of a secure-smtp model, in that each mail server is Certificated in one way or another and that you only accept mail from Certificated mail servers. One of the conditions of being certificated is verification of anti-spam technological and other measures (such as being able to identify spammers, etc.). In a small internet, this is a perfectly workable solution. In a globally sized one, it seems to me that the likelihood of spammers being able to work around the system is as close to 100% as you can get. The pay-per-message system I proposed was an outgrowth of the certificated option. In essence, my theory is that if you paid *something* for each message you send, than everything should equal out in the long run. Generally, other than mailing lists and spam, I send about 1 message for every one I receive. A spammer sends tens of thousands of messages for every one he receives. There are a whole new set of problems caused by this which I think have mostly been mentioned - to summarize, they mostly relate to the technical problems with doing this, plus the possibility of abuse of the system, etc. etc. etc. Someone pointed me to a discussion of camram at http://harvee.billerica.ma.us/~esj/camram.html. I initially *like* something like this option. In short, it forces the sender to spend a lot of CPU cycles for every message they send. Need to send a lot of email, well, spend a LOT of cpu cycles. The point I was trying to make with the pay-per-message is that the real cause of spam is an economic one. That is, the cost of sending the spam is less than the profit the spammers make from the spam. If we can increase the cost of sending the spam, then we will lessen the profitability of sending it, and the problem will diminish substantially. Remember almost 100% of the spam is driven by greed, and if we can't satisfy the greed of the spammers, they will go elsewhere. - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Eric A. Hall wrote: Forrest W. Christian wrote: Anyone who thinks that government can pass a law and this will go away is hopelessly naieve. Uh, thanks. The government has all kinds of property protection laws. My mail spool is my property. Do the math. Been there, done that, and it made no significant difference. Both J.D. Falk and I put a lot of work into getting tough anti-spam legislation passed, and we were successful. Here in California we now have jail time for second-offense spammers. Does it make a damned bit of difference? No. Was it worth trying? Yes, of course. The conclusion I came to at the time was that the bond-posting micropayment schemes were the only way out of the problem, and I haven't seen anything to change my mind on that since. Whitelists are too drastic, I think, but I'm slowly headed that way. -Bill
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Eric A. Hall wrote: Uh, thanks. The government has all kinds of property protection laws. My mail spool is my property. Do the math. Your car is your private property as well, but if you park it in a public place, with the engine running, and offer every passerby the opportunity to use it at no cost or obligation, the government is not going to help you get the car back when someone takes you up on your offer. Laws are a necessary first step and will have the most positive effect. Micropayments won't be needed if the right laws are passed. Given the history, the biggest problem with the legal approach is that congress will pass a bad law instead of the one they need to, which is to extend the TCPA to include spam. Yeah, another unenforceable law that nobody will give a shit about, except when it's time to pay for the [non-enforcing] enforcement agents (tax time). -- Yours, J.A. Terranson [EMAIL PROTECTED] If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place...
Re: anybody else been spammed by no-ip.com yet?
Forrest W. Christian wrote: Grandma would get 2c for each mail she received. Grandma would pay 2c for each email she sent. Where does that cause the problems you are talking about? I send a lot more mail than grandma does. -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: anybody else been spammed by no-ip.com yet?
I want to clarify this a bit, before I get flamed (not that I'm not going to anyways). On Sat, 4 May 2002, Forrest W. Christian wrote: The people in the middle would get *nothing* beyond what they are getting today. Grandma would get 2c for each mail she received. Grandma would pay 2c for each email she sent. Where does that cause the problems you are talking about? What I am *specifically* talking about is a situation where people who receive on average as many emails as they send don't pay ANYTHING above what they are paying now. We're trying to discourage bulk emailers, not individuals. - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 -- Protect your personal freedoms - visit http://www.lp.org/
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Forrest W. Christian wrote: We're trying to discourage bulk emailers, not individuals. Then the way to do this is to make the cost of sending mass mail more expensive than sending only a few here and there. In short, we need a way to prevent the use of the $19.95 throw-away account that is used to send the vast majority of spam. Let's face it, only the biggest of the hardcore spammers are willing to pay out for dedicated lines. How about something along the lines of dial accounts having their outgoing SMTP connections rate limited to, oh, let's say 100 per day, and limiting the maximum number of recipients on any given email to some low number, say 5? A customer reaches the limit, the account auto-rejects all email for 24 hours. Someone bitches? Let them buy full rate dedicated services, with the first month, last month, and a security deposit up front before service is established. -- Yours, J.A. Terranson [EMAIL PROTECTED] If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place...
Re: anybody else been spammed by no-ip.com yet?
facetious Hey! Where's my reply? I'm in the hole $.04 on this thread now! Right! No more mail to you until you send me two messages! /facetious Then we all move to some other medium that doesn't cost money -- and then the spammers follow us there too. Eric A. Hall wrote: Forrest W. Christian wrote: Grandma would get 2c for each mail she received. Grandma would pay 2c for each email she sent. Where does that cause the problems you are talking about? I send a lot more mail than grandma does. -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: anybody else been spammed by no-ip.com yet?
Theft/Taxes nearly the same . ;-) JimL Really? What's the difference? I was giving the thief the benefit of doubt ;-) . JimL http://www.gmu.edu/departments/economics/bcaplan/anarfaq.htm See the part on public goods problem and Pareto optimality :) --vadim
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002 [EMAIL PROTECTED] wrote: How about something along the lines of dial accounts having their outgoing SMTP connections rate limited to, oh, let's say 100 per day, and limiting the maximum number of recipients on any given email to some low number, say 5? A customer reaches the limit, the account auto-rejects all email for 24 hours. Someone bitches? Let them buy full rate dedicated services, with the first month, last month, and a security deposit up front before service is established. The problem with this is how do you enforce this across thousands of mail servers, controlled by many many different organizations? I'm not saying the pay-per-message option is perfect. In fact, the more I think about a camram-type solution the more I like it: where the sender proves to the recipient that they spent a fair bit of CPU time before sending the message. The bottom line is that in my opinion people need to give up *something* for the privlege of sending mail. I suggested a couple of cents per message. Others reject this as it will destroy the net. Camram requires people to give up CPU cycles. This might be an easier thing to swallow. Passing laws and putting on filters don't work. Depending on each mail server admin to do the right thing doesn't work. We need to find something else that will. - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 -- Protect your personal freedoms - visit http://www.lp.org/
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Eric A. Hall wrote: Grandma would get 2c for each mail she received. Grandma would pay 2c for each email she sent. Where does that cause the problems you are talking about? I send a lot more mail than grandma does. Yes, but even if you send one a day and she never responds, this only comes out to $7.30/year. Hey, I'm not saying this is perfect. I'm just saying that passing laws and filtering and depending on admins to do the right thing just doesn't work. Ask people in those states which have anti-spam laws how many fewer spam messages they receive than before. We need something else. It must be enforceable at the receiving side, and we must be able to step into it gradually. The best solution I've seen, thanks to someone else on the list, is camram, which makes you pay for the email sending with proving you have spent about 15 seconds worth of CPU cycles. In fact, I'm thinking this is probably a better solution than the pay-per-message solution, as we don't have to worry about settlement, etc. etc. which was the real problem with the pay-per-message. - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 -- Protect your personal freedoms - visit http://www.lp.org/
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Forrest W. Christian wrote: On Sat, 4 May 2002 [EMAIL PROTECTED] wrote: How about something along the lines of dial accounts having their outgoing SMTP connections rate limited to, oh, let's say 100 per day, and limiting the maximum number of recipients on any given email to some low number, say 5? A customer reaches the limit, the account auto-rejects all email for 24 hours. Someone bitches? Let them buy full rate dedicated services, with the first month, last month, and a security deposit up front before service is established. The problem with this is how do you enforce this across thousands of mail servers, controlled by many many different organizations? I'm not saying the pay-per-message option is perfect. In fact, the more I think about a camram-type solution the more I like it: where the sender proves to the recipient that they spent a fair bit of CPU time before sending the message. It doesn't scale to those who source lots of email, like mailing lists or webmail providers. It also has its own set of problems that are much much worse, if its enabled by default on users: -- [1] User (to ISP): ``Why does getting mail from NANOG never seem to work.'' Response: ``Because you haven't enabled them in the no-pay list.'' [2] User (to mailing list admin): ``Whenever I try to subscribe, I don't get a confirmation message.'' Response: ``Because you haven't enabled them in the no-pay list.'' [3] User (to ISP): ``Why does email from grandma never get through.'' Response: ``Because their email client doesn't support CAMRAM and you haven't enabled them in the no-pay list.'' [4] User (to ISP): ``Why does email to grandma never get through.'' Response: ``You need a CAMRAM-aware email client. Switch from MS-Outlook to Mutt.'' -- I dunno, but I'd think that the tech-support manpower for this would be pricy, especially if you get a phone call everytime a user tries to subscribe to mailing list. Spam sucks... But, these alternatives seem like they'd be a lot more expensive for ISP's. The bottom line is that in my opinion people need to give up *something* for the privlege of sending mail. I suggested a couple of cents per message. Others reject this as it will destroy the net. Camram requires people to give up CPU cycles. This might be an easier thing to swallow. Imagine a requirement that you had to listen to 30 seconds of muzak before every telephone call. Somewhere in the 30 seconds would be a 4 digit number you'd have to type in in order to complete the call. This is done to make sure people ``give up *something* for the privlege of'' making a telephone call. Why is this done, other than to discourage people from making telephone calls? Dunno.. Are telephone calls something we need to discourage? Passing laws and putting on filters don't work. Depending on each mail server admin to do the right thing doesn't work. We need to find something else that will. I hope so too.. But sender-pays isn't true for postal mail or telephone. If I get a junk mail, I have to waste time *and* pay to have it carted to a landfill. If I get a phone-spam, I have to waste time. In ways, it seems like this is trying to force email into the idealized mold of postal mail. A mold that never really existed in the first place. This is impossible in any case as email isn't postal mail. Where is the analogy of NANOG for postal mail? A weekly newsletter? That newsletter would be what? $.35/issue, or $350/week if it had a readership of 1000. How much cheaper is NANOG to run than what that newsletter would cost? We could make a NANOG posting cost $20/message for sender-pays, but do we want to sacrifice mailing lists on the alter of fitting a square peg into a circular hole? Scott
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Forrest W. Christian wrote: Passing laws and putting on filters don't work. Depending on each mail server admin to do the right thing doesn't work. We need to find something else that will. Define doesn't work? Yes there is still spam - but the laws are in all cases relatively new (even on a technology timeline) and far from universal. None of these solutions is going to work overnight. The large amount of spam that people are filtering/bouncing at this point proves that they are far better than nothing. What might work, instead of setting up a micropayments system (would take years) or convincing the 'net to adopt a Camram type system (might not take as long, but it wouldn't happen anytime soon) is to set up a reliable, centralized blacklist/filter provider, and to enact and enforce anti UCE laws on a national basis. For the filters to work, they have to have a certain critical mass, in terms of users or sources to key into spam. If you're talking about expending all the energy to coordinate and set up the above, why not instead lobby for a federal law, and enforcement of that law, along with a centralized and well admin'd blacklist (who's operations would be funded in part by proceeds from enforcement of antispam laws). The point that the spammers would just go overseas was well answered by the fact that generally (not always, but in a huge % of the cases) there is a US based contact for selling the stuff. Spam has always been a problem - but it's become much more of a problem in the last 18 months. People dislike it - but I would be willing to bet the average person on this list gets more / has stronger feelings on / etc spam than the average public. The problem will get worse before it gets better - but I think it could be argued that the tools that are being developed now (filters, blacklists, etc) are the least intrusive, disruptive and most practical of the three options. I think the other thing that has to happen, which hasn't reliably yet, is that the large providers have to be better about cutting off spammers and isp's that support them. Run an open relay? Your immediate upstream is notified, and if they can't get you to fix it, _they_ black hole it till you do. That would get your attention and stop the spam. I'm interested that (as far as I've seen) there hasn't been much talk in this thread yet about the larger networks' role in the enforcement side of this. Whatever happens, it's going to take time to make work - more time than the current (possibly stopgap) measures have been given.
Re: anybody else been spammed by no-ip.com yet?
On Sat, May 04, 2002 at 07:22:35PM -0500, Eric A. Hall wrote: Ask people in those states which have anti-spam laws how many fewer spam messages they receive than before. Although responding to this message puts me back to -$.04, I will point out that the junk fax law worked pretty well. It didn't take long for people to get the point that they shouldn't be faxing lunchroom menus to everybody in their area code. Faxes are a little bit easier to trace than email. The bottom line is, spamming makes money. People don't spam because they think that maybe it might work, they spam because it gets responses and it makes them money. Maybe one really stupid person gets prosecuted on an anti-spam law once, but it doesn't seem to be making much of an impact. If you beheaded 10 spammers on primetime TV I really don't think they would stop. Spamming will stop when it stops being effective. That said, I'm pretty sure this thread has now excercised my D key more then a month's supply of spam. Isn't it about time we called it a day, or perhaps moved this to a list more appropriate for complaining and sending email about people sending email. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Re: anybody else been spammed by no-ip.com yet?
ben hubbard wrote: why not instead lobby for a federal law, and enforcement of that law, along with a centralized and well admin'd blacklist (who's operations would be funded in part by proceeds from enforcement of antispam laws). Actually, a well-written law wouldn't need funding. MAPS could make a decent income by filing class-action suits against spammers, for example. No reason for the government to get involved other than holding court. -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Forrest W. Christian wrote: On Sat, 4 May 2002 [EMAIL PROTECTED] wrote: How about something along the lines of dial accounts having their outgoing SMTP connections rate limited to, oh, let's say 100 per day, and limiting the maximum number of recipients on any given email to some low number, say 5? A customer reaches the limit, the account auto-rejects all email for 24 hours. Someone bitches? Let them buy full rate dedicated services, with the first month, last month, and a security deposit up front before service is established. The problem with this is how do you enforce this across thousands of mail servers, controlled by many many different organizations? Obviously, it is a self-enforcement issue, aimed at the ISPs who do sial services. I firmly believe that if we could control the dial accounts in this respect, we'd wipe out a very large portion of the problem children The incentive to the ISP is obvious: $19.95 throw away accounts (which are likely not paid anyway) disappear, their SpamCop nightmares disappear, and the legitimate mass mail customer pays for commercial services. I'm not saying the pay-per-message option is perfect. I am a fan of micropayments in theory, but I do not believe that they can ever be applied to email, attractive though it may be. Since I don't believe it's really possible, I choose not to burn cycles on it. snip The bottom line is that in my opinion people need to give up *something* for the privlege of sending mail. Agreed: to send it for free, they lose the right to do it in significant volume. I suggested a couple of cents per message. Others reject this as it will destroy the net. Camram requires people to give up CPU cycles. This might be an easier thing to swallow. Possibly, but I doubt that you can explain this to Joe and Jane Sixpack. Passing laws and putting on filters don't work. Amen. Depending on each mail server admin to do the right thing doesn't work. The problem here is defining the right thing, no? We need to find something else that will. Agreed. - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- Yours, J.A. Terranson [EMAIL PROTECTED] If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place...
Re: anybody else been spammed by no-ip.com yet?
On Fri, 3 May 2002, Gregory Hicks wrote: money. Today with flat rate access and many people not paying on a per packet basis it seems to me that the responsibility lies with the end user to filter properly and or dress that delete key. I always shut [...snip...] The problem with this is that, yes, to the END USER, there is no direct cost involved. However, in order to maintain the same level of service, the ISP is forced to go get a bigger pipe and/or bigger, faster routers and/or servers. (Raises prices a bit per account) Yes, I've always said that the costs MUST be looked at in the aggregate. In all of this, the bozo (well..., 'user' really) no, 'bozo' is appropriate. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net The Indians are unfolding into the 2002 season like a lethal lawn chair. (_News-Herald_ Indians Columnist Jim Ingraham, April 11, 2002)
Re: anybody else been spammed by no-ip.com yet?
On Fri, 3 May 2002, Scott Granados wrote: Well the costs you mentioned with aol seem high Not when you consider how much time and money AOL has sunk into the development of their mail system. They are the only company that has to scale their operations to the size to which they scale, and I guarantee you can't do what they do with off-the-shelf software. Plus, you have to multiply costs out over *mumble* million users. The case against spam probably should be decided entirely on economics not on content issues. Agreed, completely. Start dealing with content and you get into very murky waters. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net The Indians are unfolding into the 2002 season like a lethal lawn chair. (_News-Herald_ Indians Columnist Jim Ingraham, April 11, 2002)
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Eric A. Hall wrote: Anyone who thinks that government can pass a law and this will go away is hopelessly naieve. Uh, thanks. The government has all kinds of property protection laws. My mail spool is my property. Do the math. Indeed, the courts have already ruled that an ISP has a right to tell a spammer to sod off. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net The Indians are unfolding into the 2002 season like a lethal lawn chair. (_News-Herald_ Indians Columnist Jim Ingraham, April 11, 2002)
Re: anybody else been spammed by no-ip.com yet?
On Sat, 4 May 2002, Richard A Steenbergen wrote: Faxes are a little bit easier to trace than email. Sometimes. If the faxer is identifying s/h/itself properly. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net The Indians are unfolding into the 2002 season like a lethal lawn chair. (_News-Herald_ Indians Columnist Jim Ingraham, April 11, 2002)
anybody else been spammed by no-ip.com yet?
as a coauthor of rfc2136, my curiousity is always piqued when spammers use the technology. can i get private forwards of other similar messages? (see below.) (and yes, i'll also be in touch with level3, who serves 166.90.15.236, from whence this message came.) (time was, anyone who could use postfix and php would also know better than to spam, or at least, to spam *me*. grump grumble.) re: --- Forwarded Message Return-Path: [EMAIL PROTECTED] Delivery-Date: Fri May 3 07:44:25 2002 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from isrv3.isc.org (isrv3.isc.org [204.152.184.30]) by as.vix.com (Postfix) with ESMTP id 2360D28B6B for [EMAIL PROTECTED]; Fri, 3 May 2002 07:44:25 -0700 (PDT) (envelope-from [EMAIL PROTECTED]) Received: from www.no-ip.com (yoka.vitalwerks.com [166.90.15.236]) by isrv3.isc.org (8.11.2/8.9.1) via ESMTP id g43EiOT08718 for [EMAIL PROTECTED]; Fri, 3 May 2002 14:44:25 GMT env-from ([EMAIL PROTECTED]) Received: by www.no-ip.com (Postfix, from userid 99) id 4A10F833A4; Fri, 3 May 2002 07:54:40 -0700 (PDT) To: [EMAIL PROTECTED] Subject: Your password for no-ip.com From: No-IP Registration [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Mailer: PHP/4.1.2 Message-Id: [EMAIL PROTECTED] Date: Fri, 3 May 2002 07:54:40 -0700 (PDT) Hello, Welcome to No-IP.com. Your number one stop for dynamic dns services. Your password is: jnMgta To logon to no-ip.com go to http://www.no-ip.com/ and enter your email address and the password above. Once you logon you may change your password by clicking the Change Password link. Remember that you can use our dynamic update client to keep our system is sync with your IP address. These clients are available at http://www.no-ip.com/downloads.php Also, keep in mind that No-IP offers services for use with personal domain names. This service, No-IP Plus, allows you to use YOUR domain name with our dynamic dns, and other facilities. More information on this and other services is at http://www.no-ip.com/services.php. If you have any further questions about this service, please refer to our FAQ at http://www.no-ip.com/faq.php. If the FAQ doesn't answer your question(s) contact us at [EMAIL PROTECTED] Enjoy! The No-IP Team [EMAIL PROTECTED] http://www.no-ip.com/ --- End of Forwarded Message
Re: anybody else been spammed by no-ip.com yet?
On Fri, May 03, 2002 at 08:46:45AM -0700, Paul Vixie wrote: (time was, anyone who could use postfix and php would also know better than to spam, or at least, to spam *me*. grump grumble.) If you feel like you don't have enough spam, I'd be happy to let you have some of mine. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Re: anybody else been spammed by no-ip.com yet?
Not me, but I am getting an awful lot of emails from this one person, to
my nanog address lately:
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 21586 invoked from network); 3 May 2002 03:09:28 -
Received: from unknown (HELO sohu.com) (203.240.184.78)
by apple.silverwraith.com with SMTP; 3 May 2002 03:09:28 -
Reply-To: [EMAIL PROTECTED]
Return-Path: [EMAIL PROTECTED]
From: richard [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: test
Sender: richard [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/html; charset=ks_c_5601-1987
Date: Fri, 3 May 2002 12:09:13 +0900
[ The following text is in the ks_c_5601-1987 character set. ]
[ Your display is set for the ISO-8859-1 character set. ]
[ Some characters may be displayed incorrectly. ]
HTML
HEAD
META content=text/html; charset=ks_c_5601-1987 http-equiv=Content-Type
STYLE p, font, span { line-height:120%; margin-top:0; margin-bottom:0;
}/STYLE
/HEADBODY
Ptest/P
/BODY
/HTML
On Fri, 3 May 2002, Paul Vixie wrote:
as a coauthor of rfc2136, my curiousity is always
piqued when spammers use the technology. can i get
private forwards of other similar messages? (see
below.)
(and yes, i'll also be in touch with level3, who
serves 166.90.15.236, from whence this message came.)
(time was, anyone who could use postfix and php would
also know better than to spam, or at least, to spam *me*.
grump grumble.)
re:
--- Forwarded Message
Return-Path: [EMAIL PROTECTED]
Delivery-Date: Fri May 3 07:44:25 2002
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from isrv3.isc.org (isrv3.isc.org [204.152.184.30])
by as.vix.com (Postfix) with ESMTP id 2360D28B6B
for [EMAIL PROTECTED]; Fri, 3 May 2002 07:44:25 -0700 (PDT)
(envelope-from [EMAIL PROTECTED])
Received: from www.no-ip.com (yoka.vitalwerks.com [166.90.15.236])
by isrv3.isc.org (8.11.2/8.9.1) via ESMTP id g43EiOT08718
for [EMAIL PROTECTED]; Fri, 3 May 2002 14:44:25 GMT
env-from ([EMAIL PROTECTED])
Received: by www.no-ip.com (Postfix, from userid 99)
id 4A10F833A4; Fri, 3 May 2002 07:54:40 -0700 (PDT)
To: [EMAIL PROTECTED]
Subject: Your password for no-ip.com
From: No-IP Registration [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-Mailer: PHP/4.1.2
Message-Id: [EMAIL PROTECTED]
Date: Fri, 3 May 2002 07:54:40 -0700 (PDT)
Hello,
Welcome to No-IP.com.
Your number one stop for dynamic dns services.
Your password is: jnMgta
To logon to no-ip.com go to http://www.no-ip.com/ and enter your email
address and the password above. Once you logon you may change your
password by clicking the Change Password link.
Remember that you can use our dynamic update client to keep our system
is sync with your IP address. These clients are available at
http://www.no-ip.com/downloads.php
Also, keep in mind that No-IP offers services for use with personal
domain names. This service, No-IP Plus, allows you to use YOUR domain
name with our dynamic dns, and other facilities. More information on
this and other services is at http://www.no-ip.com/services.php.
If you have any further questions about this service, please refer to
our FAQ at http://www.no-ip.com/faq.php. If the FAQ doesn't answer your
question(s) contact us at [EMAIL PROTECTED]
Enjoy!
The No-IP Team
[EMAIL PROTECTED]
http://www.no-ip.com/
--- End of Forwarded Message
--
Avleen Vig
Work Time: Unix Systems Administrator
Play Time: Network Security Officer
Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf
Re: anybody else been spammed by no-ip.com yet?
no spam. But I just took apart an IRC controlled botnet that used their service. (The trojan was a basic 'floodnet' binary and was distributed via email... ) -- --- [EMAIL PROTECTED]Join http://www.DShield.org Distributed Intrusion Detection System
RE: anybody else been spammed by no-ip.com yet?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Vixie Sent: May 3, 2002 11:47 AM To: [EMAIL PROTECTED] Subject: anybody else been spammed by no-ip.com yet? as a coauthor of rfc2136, my curiousity is always piqued when spammers use the technology. can i get private forwards of other similar messages? (see below.) (and yes, i'll also be in touch with level3, who serves 166.90.15.236, from whence this message came.) (time was, anyone who could use postfix and php would also know better than to spam, or at least, to spam *me*. grump grumble.) [snip] I hate to sound like the big idiot here, but what exactly in the email you received indicates no-ip.com spammed? It looks to me like you just have some secret admirer who thought you wanted a no-ip.com account, and no-ip.com emailed you to confirm that you do want the account. Vivien Random disclaimer: Yes, we're a competitor of no-ip.com's... And yes, we used to send similar emails to people signing up for an account, although nowadays instead of sending them an initial password we send a confirm URL instead. -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
RE: anybody else been spammed by no-ip.com yet?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Vixie Sent: May 3, 2002 5:18 PM To: [EMAIL PROTECTED] Subject: Re: anybody else been spammed by no-ip.com yet? I hate to sound like the big idiot here, but what exactly in the email you received indicates no-ip.com spammed? It looks to me like you just have some secret admirer who thought you wanted a no-ip.com account, and no-ip.com emailed you to confirm that you do want the account. spam is like pollution in that (a) whenever you're not sure if you're doing it, you probably are, and (b) if everybody did whatever it is, life would be universally worse for, well, everybody. You have a broader definition of spam than me, I guess. And yet, believe me, I do hate spammers... Random disclaimer: Yes, we're a competitor of no-ip.com's... And yes, we used to send similar emails to people signing up for an account, although nowadays instead of sending them an initial password we send a confirm URL instead. that's the right approach. no-ip's problem was they presumed my permission. Well, they might have stolen that approach from us, though, in a way (at least, it seems vaguely familiar to me)... The way we used to do it was this: you go to our site, read the AUP (which has a strict no-spamming clause, but every day a few idiots forget to read that section and find out it exists the hard way ;-)), fill out a form with your choice of username and your email address (the form also warns _in advance_ that we do require people to be on an announcements mailing list, but these days we send about one email every four months). Then our system would send you an email that says basically You (or someone else) requested an account at our site. If it was you, log in within the next 48 hours with this initial password to confirm your account. If it wasn't you, then we apologize for the inconvenience, and the unconfirmed account, along with any reference to your email address in our database, will be automatically deleted in 48 hours Isn't that the same as what no-ip.com is doing, except that they don't have the if you don't reply in 48 hours, we'll forget you ever existed? Is that the part you find to be missing in no-ip's modus operandi? FYI, our new approach is that you fill out choice of username, choice of password, and email address. We send a thing to you with a confirmation URL; if you go to that URL within 48 hours or so, great, the account keeps existing. If not, then byebye account, and we expunge any trace of you from the database. Vivien -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
Re: anybody else been spammed by no-ip.com yet?
At 05:25 PM 5/3/2002 +0100, you wrote: I got some of these a few weeks ago. I believe these test messages are sent to find the non-deliverables in their mailing list. Right after I got these test messages, they started sending quite a bit of spam. I filtered sohu.com and it went away. Not me, but I am getting an awful lot of emails from this one person, to my nanog address lately: Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 21586 invoked from network); 3 May 2002 03:09:28 - Received: from unknown (HELO sohu.com) (203.240.184.78) by apple.silverwraith.com with SMTP; 3 May 2002 03:09:28 - Reply-To: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] From: richard [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: test Sender: richard [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/html; charset=ks_c_5601-1987 Date: Fri, 3 May 2002 12:09:13 +0900 [ The following text is in the ks_c_5601-1987 character set. ] [ Your display is set for the ISO-8859-1 character set. ] [ Some characters may be displayed incorrectly. ] test On Fri, 3 May 2002, Paul Vixie wrote: as a coauthor of rfc2136, my curiousity is always piqued when spammers use the technology. can i get private forwards of other similar messages? (see below.) (and yes, i'll also be in touch with level3, who serves 166.90.15.236, from whence this message came.) (time was, anyone who could use postfix and php would also know better than to spam, or at least, to spam *me*. grump grumble.) re: --- Forwarded Message Return-Path: [EMAIL PROTECTED] Delivery-Date: Fri May 3 07:44:25 2002 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from isrv3.isc.org (isrv3.isc.org [204.152.184.30]) by as.vix.com (Postfix) with ESMTP id 2360D28B6B for [EMAIL PROTECTED]; Fri, 3 May 2002 07:44:25 -0700 (PDT) (envelope-from [EMAIL PROTECTED]) Received: from www.no-ip.com (yoka.vitalwerks.com [166.90.15.236]) by isrv3.isc.org (8.11.2/8.9.1) via ESMTP id g43EiOT08718 for [EMAIL PROTECTED]; Fri, 3 May 2002 14:44:25 GMT env-from ([EMAIL PROTECTED]) Received: by www.no-ip.com (Postfix, from userid 99) id 4A10F833A4; Fri, 3 May 2002 07:54:40 -0700 (PDT) To: [EMAIL PROTECTED] Subject: Your password for no-ip.com From: No-IP Registration [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Mailer: PHP/4.1.2 Message-Id: [EMAIL PROTECTED] Date: Fri, 3 May 2002 07:54:40 -0700 (PDT) Hello, Welcome to No-IP.com. Your number one stop for dynamic dns services. Your password is: jnMgta To logon to no-ip.com go to http://www.no-ip.com/ and enter your email address and the password above. Once you logon you may change your password by clicking the Change Password link. Remember that you can use our dynamic update client to keep our system is sync with your IP address. These clients are available at http://www.no-ip.com/downloads.php Also, keep in mind that No-IP offers services for use with personal domain names. This service, No-IP Plus, allows you to use YOUR domain name with our dynamic dns, and other facilities. More information on this and other services is at http://www.no-ip.com/services.php. If you have any further questions about this service, please refer to our FAQ at http://www.no-ip.com/faq.php. If the FAQ doesn't answer your question(s) contact us at [EMAIL PROTECTED] Enjoy! The No-IP Team [EMAIL PROTECTED] http://www.no-ip.com/ --- End of Forwarded Message -- Avleen Vig Work Time: Unix Systems Administrator Play Time: Network Security Officer Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf Best Regards, Simon -- ###
Re: anybody else been spammed by no-ip.com yet?
On Fri, 3 May 2002, Paul Vixie wrote: I hate to sound like the big idiot here, but what exactly in the email you received indicates no-ip.com spammed? It looks to me like you just have some secret admirer who thought you wanted a no-ip.com account, and no-ip.com emailed you to confirm that you do want the account. spam is like pollution in that (a) whenever you're not sure if you're doing it, you probably are, and (b) if everybody did whatever it is, life would be universally worse for, well, everybody. Random disclaimer: Yes, we're a competitor of no-ip.com's... And yes, we used to send similar emails to people signing up for an account, although nowadays instead of sending them an initial password we send a confirm URL instead. that's the right approach. no-ip's problem was they presumed my permission. You don't even have to be in the big idiot league to figure out that in both the wrong and the right approach as sanctioned above by a higher authority, an email message (aka spam) is sent to the presumed subscriber. One sends a password, one asks for permission to issue a password on their site. What's the difference in the annoy factor, if indeed one were to be subscribed by a secret admirer? Mr. Halmu chose to think, rather than bindly obey... --Mitch NetSide
Re: anybody else been spammed by no-ip.com yet?
At 02:59 PM 5/3/2002 -0700, Simon Higgs wrote: At 05:25 PM 5/3/2002 +0100, you wrote: I got some of these a few weeks ago. I believe these test messages are sent to find the non-deliverables in their mailing list. Right after I got these test messages, they started sending quite a bit of spam. I filtered sohu.com and it went away. I'm seeing 5-10 of these every day to one of my addresses, even after I blocked their test address at the smtp port with a 550 permanent failure response. Out of sight, out of mind. :-| -- Christopher Schulte http://www.schulte.org/ Do not un-munge my nospam.schulte.org email address. This address is valid.
Re: anybody else been spammed by no-ip.com yet?
... I'm not sure entirely what the big deal with spam is. Honestly sure I get it like everyone else, in some of my accounts more than others ... I have a delete key ... in the time between when you sent the above, and when i read it, the following messages were added to my mailbox: 1+ 05/03 stay5hard@hotmail The Harder you are The More She Will Come .. Vi 2 05/03 stayhdard@hotmail An Investment that will Rise with out a Doubt.. 3 05/03 sta4yhard@hotmail The Harder you are The More She Will Come.. Via 4 05/03 stayharud@hotmail The Harder you are The More She Will Come.. Via 5 05/03 henning@mercadob Nasty Japanese Whores! 14918Have you ever won 6 05/03 Cindy_W0887w08@ho fw.$25 Investment - Massive Return=== 7 05/03 Cindy_W5276c01@ms fw..$25 Investment - Massive Return== 8 05/03 Joke-of-the-Day! Patients taking Tri-Phetamine for 30 days, lost 9 05/03 istayhard@hotmail The best Hard-on you have ever hadVIAGRA (and 10 05/03 sjtayhard@hotmail Be Hard as a Rock.. Make her come and come../ 11 05/03 AEMI ADV: A low cost professional 800 number is fina 12 05/03 AEMI ADV: A low cost professional 800 number is fina 13 05/03 stayhayrd@hotmail Be Hard as a Rock.. Make her come and come .. V 14 05/03 sxtayhard@hotmail Vaniqa .. Order today You Unwanted Hair Will be 15 05/03 zstayhard@hotmail The Harder you are The More She Will Come.. Via 16 05/03 stayrhard@hotmail Take the Blue Pill.. and show her how far the R 17 05/03 sthayhard@hotmail Better for Him Better for Her.. . Order Viagra 18 05/03 [EMAIL PROTECTED] Quality Affordable Hunts!html head title 19 05/03 mailing@revistatr Especial 100 edi esA TRIP deste m s j est na 20 05/03 AEMI ADV: A low cost professional 800 number is fina 21 05/03 stadyhard@hotmail Take the Blue Pill.. and show her how far the R 22 05/03 Kitty Dials Record Low MORTGAGE rates! *Act Fast* 11551h 23 05/03 AEMI ADV: A low cost professional 800 number is fina 24 05/03 AEMI ADV: A low cost professional 800 number is fina 25 05/03 stayhnard@hotmail Online Pharmacy..Any Medication you Need Lowest 26 05/03 Val (~) You only THINK you're a U.S. citizen! %8t it comes in 24 hours a day, 365.24 days per year, at about that rate. and that's after subscribing to several source-address-based rejection filters, and rejecting some additional sources. (otherwise it would be 4X worse, at least according to my syslog.) here's a short term histogram: lartomatic=# SELECT DATE(entered),COUNT(*) FROM spam WHERE DATE(entered) = '2002-04-01'::DATE GROUP BY DATE(entered) ORDER BY DATE(entered) DESC; date| count +--- 2002-05-03 |78 -- (partial) 2002-05-02 | 111 2002-05-01 | 176 2002-04-30 | 122 2002-04-29 |99 2002-04-28 |65 2002-04-27 | 128 2002-04-26 | 143 2002-04-25 | 107 2002-04-24 | 107 2002-04-23 |73 2002-04-22 | 121 2002-04-21 |72 2002-04-20 | 101 2002-04-19 | 104 2002-04-18 |89 2002-04-17 | 100 2002-04-16 |78 2002-04-15 | 119 2002-04-14 | 113 2002-04-13 | 116 2002-04-12 | 167 2002-04-11 | 167 2002-04-10 | 100 2002-04-09 | 166 2002-04-08 |81 2002-04-07 | 105 2002-04-06 | 115 2002-04-05 | 116 2002-04-04 | 125 2002-04-03 |91 2002-04-02 |88 2002-04-01 |97 (33 rows) go ahead and Just Hit Delete if you want.
Re: anybody else been spammed by no-ip.com yet?
Date: Fri, 3 May 2002 15:27:08 -0700 (PDT) From: Scott Granados [EMAIL PROTECTED] I realize this statement I'm about to make is going to open a huge... can o worms but ... and hoefully everyone knows I mean this in the most friendly responsible way ever but I'm not sure entirely what the big deal with spam is. Honestly sure I get it like everyone else, in some [...snip...] money. Today with flat rate access and many people not paying on a per packet basis it seems to me that the responsibility lies with the end user to filter properly and or dress that delete key. I always shut [...snip...] The problem with this is that, yes, to the END USER, there is no direct cost involved. However, in order to maintain the same level of service, the ISP is forced to go get a bigger pipe and/or bigger, faster routers and/or servers. (Raises prices a bit per account) The transit provider raises the costs to the ISP because the packet count has gone way up. The backbone provider has equipment running a bit hotter because of the increased packet count. This may cause them to either increase the bill to the transit provider and/or procure bigger and better equipment (to handle the load) before their planned replacement time... The peers to this ISP are forced to get either bigger pipes and/or more costly equipment (routers) in order to handle the increased packet count they might be seeing. In all of this, the bozo (well..., 'user' really) originating the email (well, spam) has not paid a thing other than a temporary interruption in service for one of his throw-away accounts and is still paying a 'flat rate' for the POP (dial-in) service that HIS isp is providing. For snail mail junk mail (aka spam), the mailer bears ALL of the costs and, if there is insufficient returns on their junk mail, is forced to stop. A 'spammer' does not see these costs and thus has no incentive to find another model to do business. We get, for our 7K users, upwards of 25,000+ unwanted messages per day that make it past our not so rigid filters. My $0.02 worth. Use the delete key... Regards, Gregory Hicks On Fri, 3 May 2002, Mitch Halmu wrote: On Fri, 3 May 2002, Paul Vixie wrote: I hate to sound like the big idiot here, but what exactly in the email you received indicates no-ip.com spammed? It looks to me like you just have some secret admirer who thought you wanted a no-ip.com account, and no-ip.com emailed you to confirm that you do want the account. spam is like pollution in that (a) whenever you're not sure if you're doing it, you probably are, and (b) if everybody did whatever it is, life would be universally worse for, well, everybody. Random disclaimer: Yes, we're a competitor of no-ip.com's... And yes, we used to send similar emails to people signing up for an account, although nowadays instead of sending them an initial password we send a confirm URL instead. that's the right approach. no-ip's problem was they presumed my permission. You don't even have to be in the big idiot league to figure out that in both the wrong and the right approach as sanctioned above by a higher authority, an email message (aka spam) is sent to the presumed subscriber. One sends a password, one asks for permission to issue a password on their site. What's the difference in the annoy factor, if indeed one were to be subscribed by a secret admirer? Mr. Halmu chose to think, rather than bindly obey... --Mitch NetSide
Re: anybody else been spammed by no-ip.com yet?
Picture it as a fellow stopping by every night and filling your home mailbox with horse manure...I'm sure you'll get a feeling for how most of us regard it. A) it wastes bandwidth B) It wastes our time C) It's the litter of an otherwise clean Internet. D) It's a method of placing the costs for the actual emailing on someone else without their explicit permission...the ISP, the user, and the ISP's other paying customers all pay for the act, either directly or indirectly. We need to make it illegal as soon as possible everywhere. At 15:27 5/3/02 -0700, you wrote: I realize this statement I'm about to make is going to open a huge... can o worms but ... and hoefully everyone knows I mean this in the most friendly responsible way ever but I'm not sure entirely what the big deal with spam is. Honestly sure I get it like everyone else, in some of my accounts more than others but I also get a real truckload in my snailmail box. Just as with all the pottery barn catalogs no offense to pottery barn I guess:) I have a delete key just like my trash can. I know at one time the argument was made, and quite correctly that people were paying to receive this service and these messages cost them money. Today with flat rate access and many people not paying on a per packet basis it seems to me that the responsibility lies with the end user to filter properly and or dress that delete key. I always shut down customers who spam and disrupt service simply because I don't want the backlash or want specific ips blocked but in a way I don't feel its right that the carriers do the filtering it seems tome up to the end user. On Fri, 3 May 2002, Mitch Halmu wrote: On Fri, 3 May 2002, Paul Vixie wrote: I hate to sound like the big idiot here, but what exactly in the email you received indicates no-ip.com spammed? It looks to me like you just have some secret admirer who thought you wanted a no-ip.com account, and no-ip.com emailed you to confirm that you do want the account. spam is like pollution in that (a) whenever you're not sure if you're doing it, you probably are, and (b) if everybody did whatever it is, life would be universally worse for, well, everybody. Random disclaimer: Yes, we're a competitor of no-ip.com's... And yes, we used to send similar emails to people signing up for an account, although nowadays instead of sending them an initial password we send a confirm URL instead. that's the right approach. no-ip's problem was they presumed my permission. You don't even have to be in the big idiot league to figure out that in both the wrong and the right approach as sanctioned above by a higher authority, an email message (aka spam) is sent to the presumed subscriber. One sends a password, one asks for permission to issue a password on their site. What's the difference in the annoy factor, if indeed one were to be subscribed by a secret admirer? Mr. Halmu chose to think, rather than bindly obey... --Mitch NetSide
RE: anybody else been spammed by no-ip.com yet?
Actually, I can agree entirely with this point and it makes sense. Having direct mail in the snailmail world cost tens of cents each certainly would tend to force the originator to go through more effort to insure its sent to and hopefully read by someone who will then buy what they are selling. Someone who only pas a flat fee of say $19.95 for dial or a few hundred for something faster will push as much as they possibly can with no concern for the validity of addresses targeted. Very good point! Scott On Fri, 3 May 2002, Deepak Jain wrote: I think the issue is that in real-world spam, the spammer is actually paying some price to make the spam arrive in your snail mail box. This allows for some negative feedback inhibition [if the mailings cost exceeds the return, its not continued]. With spam, especially in this flat-rate world, the costs are _so_ low that there is essentially no feedback inhibition. This means that every email box could concievably recieve 20,000 spams per valid mail, continuously. You'll see how the problem of handling that much mail, especially when it has essentially no value in most cases, is as big a problem for the carriers customers as limiting the spam in the first place. YMMV, my opinion only. Deepak Jain -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott Granados Sent: Friday, May 03, 2002 6:27 PM To: Mitch Halmu Cc: Paul Vixie; [EMAIL PROTECTED] Subject: Re: anybody else been spammed by no-ip.com yet? I realize this statement I'm about to make is going to open a huge... can o worms but ... and hoefully everyone knows I mean this in the most friendly responsible way ever but I'm not sure entirely what the big deal with spam is. Honestly sure I get it like everyone else, in some of my accounts more than others but I also get a real truckload in my snailmail box. Just as with all the pottery barn catalogs no offense to pottery barn I guess:) I have a delete key just like my trash can. I know at one time the argument was made, and quite correctly that people were paying to receive this service and these messages cost them money. Today with flat rate access and many people not paying on a per packet basis it seems to me that the responsibility lies with the end user to filter properly and or dress that delete key. I always shut down customers who spam and disrupt service simply because I don't want the backlash or want specific ips blocked but in a way I don't feel its right that the carriers do the filtering it seems tome up to the end user. On Fri, 3 May 2002, Mitch Halmu wrote: On Fri, 3 May 2002, Paul Vixie wrote: I hate to sound like the big idiot here, but what exactly in the email you received indicates no-ip.com spammed? It looks to me like you just have some secret admirer who thought you wanted a no-ip.com account, and no-ip.com emailed you to confirm that you do want the account. spam is like pollution in that (a) whenever you're not sure if you're doing it, you probably are, and (b) if everybody did whatever it is, life would be universally worse for, well, everybody. Random disclaimer: Yes, we're a competitor of no-ip.com's... And yes, we used to send similar emails to people signing up for an account, although nowadays instead of sending them an initial password we send a confirm URL instead. that's the right approach. no-ip's problem was they presumed my permission. You don't even have to be in the big idiot league to figure out that in both the wrong and the right approach as sanctioned above by a higher authority, an email message (aka spam) is sent to the presumed subscriber. One sends a password, one asks for permission to issue a password on their site. What's the difference in the annoy factor, if indeed one were to be subscribed by a secret admirer? Mr. Halmu chose to think, rather than bindly obey... --Mitch NetSide
Re: anybody else been spammed by no-ip.com yet?
Well the costs you mentioned with aol seem high but I suppose are possible. Being a parent however and having three children who do use the net extensively I see your point about the content they receive but of course the ultimate responsibility for what they are exposed to on the net lies with me the parent. I realize in my case the the case of everyone rrading this list I'd say that we're a lot more educated and aware of what's likely to arrive in their inboxes so we address and are more concerned with this but I believe that protecting children is the parents responsibility entirely. The case against spam probably should be decided entirely on economics not on content issues. Several really solid points are being made here concerning the economics of spam and how it differs from snailmail. I'm actually very glad I asked the question as the answers have given me a lot to think about and I'll go so far as strengthened or rather made me more determined to take an antispam position. On Fri, 3 May 2002, Dave Israel wrote: Content providers have to recieve and hold spam mail before they delete it. People and mailing lists who have well-published addresses can recieve hundreds of spam messages a day. I know that, without my filters, I would easily spend 30-45 minutes a day downloading, identifying, and deleting spam mail. Not counting the frustration, that's costing the company money. I heard somewhere that ~$2 of an AOL users' monthly bill goes towards spam management. (IS there an AOLer who can confirm or deny?) AOL has some 10 million users. That's a lot of dough a month to handle what appears to be no big deal. SPAM is a milder version, but it is no better than if telemarketers called you collect to try to sell you crap. -Dave p.s. Also, if you're a parent, do you think the spammer knows how old you are before sending you Teenage Girls Doing Farm Animals! Click here? On 5/3/2002 at 15:27:08 -0700, Scott Granados said: I realize this statement I'm about to make is going to open a huge... can o worms but ... and hoefully everyone knows I mean this in the most friendly responsible way ever but I'm not sure entirely what the big deal with spam is. Honestly sure I get it like everyone else, in some of my accounts more than others but I also get a real truckload in my snailmail box. Just as with all the pottery barn catalogs no offense to pottery barn I guess:) I have a delete key just like my trash can. I know at one time the argument was made, and quite correctly that people were paying to receive this service and these messages cost them money. Today with flat rate access and many people not paying on a per packet basis it seems to me that the responsibility lies with the end user to filter properly and or dress that delete key. I always shut down customers who spam and disrupt service simply because I don't want the backlash or want specific ips blocked but in a way I don't feel its right that the carriers do the filtering it seems tome up to the end user. On Fri, 3 May 2002, Mitch Halmu wrote: On Fri, 3 May 2002, Paul Vixie wrote: I hate to sound like the big idiot here, but what exactly in the email you received indicates no-ip.com spammed? It looks to me like you just have some secret admirer who thought you wanted a no-ip.com account, and no-ip.com emailed you to confirm that you do want the account. spam is like pollution in that (a) whenever you're not sure if you're doing it, you probably are, and (b) if everybody did whatever it is, life would be universally worse for, well, everybody. Random disclaimer: Yes, we're a competitor of no-ip.com's... And yes, we used to send similar emails to people signing up for an account, although nowadays instead of sending them an initial password we send a confirm URL instead. that's the right approach. no-ip's problem was they presumed my permission. You don't even have to be in the big idiot league to figure out that in both the wrong and the right approach as sanctioned above by a higher authority, an email message (aka spam) is sent to the presumed subscriber. One sends a password, one asks for permission to issue a password on their site. What's the difference in the annoy factor, if indeed one were to be subscribed by a secret admirer? Mr. Halmu chose to think, rather than bindly obey... --Mitch NetSide
Re: anybody else been spammed by no-ip.com yet?
uWell I tend to always error on the side of free expression verses making something illegal and I definitely disagree with the statement that its a clean internet otherwise but just like non electronic space there are many differing standards and shades of things something I actually think brings a lot to the quality and adventure of the thing. Its just that maybe although I don't have a good solution for this, these mail services should be charged more per message or something more similar to traditional junkmail. It would force them to be more targeted as well as deal with the costs in transporting this stuff. And I get the thousands per day as well I just filter them or block ranges of ips where lots of this stuff originates but I figure thats my choise to do and would appreciate it if my upstream wouldn't make that call for me. On Fri, 3 May 2002, blitz wrote: Picture it as a fellow stopping by every night and filling your home mailbox with horse manure...I'm sure you'll get a feeling for how most of us regard it. A) it wastes bandwidth B) It wastes our time C) It's the litter of an otherwise clean Internet. D) It's a method of placing the costs for the actual emailing on someone else without their explicit permission...the ISP, the user, and the ISP's other paying customers all pay for the act, either directly or indirectly. We need to make it illegal as soon as possible everywhere. At 15:27 5/3/02 -0700, you wrote: I realize this statement I'm about to make is going to open a huge... can o worms but ... and hoefully everyone knows I mean this in the most friendly responsible way ever but I'm not sure entirely what the big deal with spam is. Honestly sure I get it like everyone else, in some of my accounts more than others but I also get a real truckload in my snailmail box. Just as with all the pottery barn catalogs no offense to pottery barn I guess:) I have a delete key just like my trash can. I know at one time the argument was made, and quite correctly that people were paying to receive this service and these messages cost them money. Today with flat rate access and many people not paying on a per packet basis it seems to me that the responsibility lies with the end user to filter properly and or dress that delete key. I always shut down customers who spam and disrupt service simply because I don't want the backlash or want specific ips blocked but in a way I don't feel its right that the carriers do the filtering it seems tome up to the end user. On Fri, 3 May 2002, Mitch Halmu wrote: On Fri, 3 May 2002, Paul Vixie wrote: I hate to sound like the big idiot here, but what exactly in the email you received indicates no-ip.com spammed? It looks to me like you just have some secret admirer who thought you wanted a no-ip.com account, and no-ip.com emailed you to confirm that you do want the account. spam is like pollution in that (a) whenever you're not sure if you're doing it, you probably are, and (b) if everybody did whatever it is, life would be universally worse for, well, everybody. Random disclaimer: Yes, we're a competitor of no-ip.com's... And yes, we used to send similar emails to people signing up for an account, although nowadays instead of sending them an initial password we send a confirm URL instead. that's the right approach. no-ip's problem was they presumed my permission. You don't even have to be in the big idiot league to figure out that in both the wrong and the right approach as sanctioned above by a higher authority, an email message (aka spam) is sent to the presumed subscriber. One sends a password, one asks for permission to issue a password on their site. What's the difference in the annoy factor, if indeed one were to be subscribed by a secret admirer? Mr. Halmu chose to think, rather than bindly obey... --Mitch NetSide
Re: anybody else been spammed by no-ip.com yet?
I do agree here that using fake addressing and so on is really bad on many levels. I know on one of the networks I was involved in recently we had a customer who was a spammer and I pulled his services very quickly, some might even say to quickly. I also realize that even though I personally don't find it to bad to to deal with others don't agree so like I stated my professional policy differs from what I do personally. On Fri, 3 May 2002, Forrest W. Christian wrote: On Fri, 3 May 2002, Scott Granados wrote: deal with spam is. Honestly sure I get it like everyone else, in some of my accounts more than others but I also get a real truckload in my snailmail box. Just as with all the pottery barn catalogs no offense to pottery barn I guess:) I have a delete key just like my trash can. I know at one time the argument was made, and quite correctly that people were paying to receive this service and these messages cost them money. Today with flat rate access and many people not paying on a per packet basis it seems to me that the responsibility lies with the end user to filter properly and or dress that delete key. I always shut down customers who spam and disrupt service simply because I don't want the backlash or want specific ips blocked but in a way I don't feel its right that the carriers do the filtering it seems tome up to the end user. Let me put this into real world terms. I run a mail server (among other things) with about 4000 mailboxes, and about 40,000 messages a day. over 85% of all mail on average is marked as spam by spamassasin on this mail server. I, late last year, had to upgrade it to a multiprocessor box with gigabytes of memory, striped raid 0+1, etc. etc. etc. to handle the load. I could have used a mail server only 15% of the size of this one. Or better put, I could have used a 300mhz pentium III box with low-end IDE drives and a modest amount (256MB) of memory instead of the Dual PRocessor 6-SCSI 2GB ram thing we are running now. Add to that the 8-10 hours a week we spend cleaning up messes related to spammers who decide that sending 50,000+ messages as fast as they can to us is a good thing. For instance, on thursday of last week, we took almost 5000 messages in about a hour from one spammer in particular. The mail server *can't* handle this load so it basically was a Denial of Service attack. Right now there are 5000 messages in our mail queue which are spam bounces which aren't being accepted by the spammer's mail server. I could go on and on and on and on. I might be more inclined to tolerate the spammers if they weren't bad net citizens. They forge their email addressses so they can't receive bounces. They don't have any consideration about the load they are placing on the remote mail server (I've seen 40 streams open at once to my mail server from the same class C - all injecting mail as fast as possible). And on and on and on. - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 -- Protect your personal freedoms - visit http://www.lp.org/
Re: anybody else been spammed by no-ip.com yet?
On Fri, May 03, 2002 at 05:08:44PM -0400, Vivien M. wrote: [snip] I hate to sound like the big idiot here, but what exactly in the email you received indicates no-ip.com spammed? It looks to me like you just have some secret admirer who thought you wanted a no-ip.com account, and no-ip.com emailed you to confirm that you do want the account. Holy shit! Duck! Did you see that! Those pigs had wings! Man! Were they ever crusing! The entire idea (assuming that you weren't being totally factious - given the absurdity of the idea, I have to allow for even that possibility) is so rediculous as to set new records. Have you ever met some secret admirer who thought...? Yes, I have. They are ALL practical jokers who like to fill in your name and address in the Cleveland Institute of Electronics information requests in the back of matchbook covers. In order words, moronic practical jokers who are more interesting in having fun by screwing you over than by whether you are interested in some stupid service. I'm not totally sure which is worse. The idea that lamers would use that stupid excuse that some secret admirer just thought you were dying for their wares or the even more stupid idea that they (said lamers) would be so overtly stupid as to believe any such individual was doing anying more beneficent than forking you over for shits and giggles. Both (lamers and secret admirers) deserve appropriate comphensation. Battonado would be good for warm ups. Keel hauling (slow) would be definitely on the agenda. A nice, VERY slow, garrote would finish the job. If I haven't made my point, this is it... NO ONE. NO BODY! would be so lame or STUPID as to do something so assinine without checking with me first. Anyone who did so was NOT someone with my best interest in mind and certainly not a friend or secret admirer. Anyone doing that would be tracked down and made to pay consequences. That very thing insures that nobody would do such a thing by accident, honestly thinking I would be interesting in something like that (besides, I don't associate with people having IQ's less than half their age). To raise that straw man is a fraud. It doesn't happen. To use that excuse is to buy into the fraud. If someone SERIOUSLY thought I was interested in something like that, they would tell me and THEY would personally send me a message and a URL. No anonymous bullshit. No adding my name to bullshit spammer lists. NOBODY does that. NOBODY with half the intelligence that God gave a rock! And... Yes, I HAVE had assholes pull the Cleveland Institute of Electronics trick on me. That's what infuriates me about this bullshit and why I know it's all a lie. They paid the price dearly FOR YEARS AFTER! Vivien Random disclaimer: Yes, we're a competitor of no-ip.com's... And yes, we used to send similar emails to people signing up for an account, although nowadays instead of sending them an initial password we send a confirm URL instead. So it appears you wised up... Yeah, I help run a system with over 100 mailing lists and over 10,000 subscribers to one or more of those mailing lists. You learn. We learned YEARS ago. No open subscriptions. Confirm everything. We got tired of half the planet subscribing Rep N. Gingrich to all of our mailing lists. We may have had really REALLY good information and service, but I honestly DON'T think he as interested and those 100,000 secret admirers really didn't think they were doing him a favor. The secret admirer thing is so rare it makes the lottery look like a sure bet. Hell! It makes Schroeder's cat look immortal. It's an excuse and a fraud. That's all it ever was and that's all it will ever be. -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/ Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
Re: anybody else been spammed by no-ip.com yet?
... not only does it cost usually very little to receive these messages ... even if i granted to a third party the right to determine the value of my time, which i don't, the fact is that an hour or more of my time per day is too high a price to pay to receive these messages, by _any_ standard. to understand the scale, here's what came in during my trip home tonight. 456 05/03 Big Brother Protect your family on the InternetHTML BOD 457 05/03 Big Brother Protect your family on the InternetHTML BOD 458 05/03 Big Brother Protect your family on the InternetHTML BOD 459 05/03 Big Brother Protect your family on the InternetHTML BOD 460 05/04 FreeSampleCenter Win $20,000! Win $20,000 to RENOVATE your Home! 463 05/04 my_own_business20 If a 15 year old boy can earn $71,000 in just a 464 05/03 mikeYOUR HEALTH zNAUiqxgExThis is a multi-part mes 465 05/03 National Financia InvestorFacts: NasdaqNM: DSSI -Data Systems and 466 05/02 Pamila Binkley don't Pay another monthly Bill until you read th 469 05/04 [EMAIL PROTECTED] Large Annual Tax Savings!html head title remember, it would be ~4X higher without filtering, according to my syslogs.
Re: anybody else been spammed by no-ip.com yet?
On Fri, 3 May 2002, Michael H. Warfield wrote: If I haven't made my point, this is it... NO ONE. NO BODY! would be so lame or STUPID as to do something so assinine without checking with me first. Anyone who did so was NOT someone with my best interest in mind and certainly not a friend or secret admirer. Anyone doing that would be tracked down and made to pay consequences. That very thing insures that nobody would do such a thing by accident, honestly thinking I would be interesting in something like that (besides, I don't associate with people having IQ's less than half their age). Perhaps you completely missed the point. In this case, secret admirer = someone who dislikes Vixie and knows getting unwanted email sent to his address will more than likely rattle his bones. In other words, not someone with his best interest in mind. It's not like Paul has a history of spam fighting or anything that would make him a target towards something like this.. nah..
Re: anybody else been spammed by no-ip.com yet?
On Fri, May 03, 2002 at 09:41:36PM -0400, PS wrote: On Fri, 3 May 2002, Michael H. Warfield wrote: If I haven't made my point, this is it... NO ONE. NO BODY! would be so lame or STUPID as to do something so assinine without checking with me first. Anyone who did so was NOT someone with my best interest in mind and certainly not a friend or secret admirer. Anyone doing that would be tracked down and made to pay consequences. That very thing insures that nobody would do such a thing by accident, honestly thinking I would be interesting in something like that (besides, I don't associate with people having IQ's less than half their age). Perhaps you completely missed the point. Damn! Guilty as charged. In this case, secret admirer = someone who dislikes Vixie and knows getting unwanted email sent to his address will more than likely rattle his bones. In other words, not someone with his best interest in mind. Ah yes! I fell prey to my own traps and foibles! Mea culpa. A few Sarcasm tags might have helped, but, I will admit, this this a button push for me and I didn't think about it being sarcastic. No! Actually, it would have lost it's effect if you had pointedly made to Sarcasm. As such... Well done! I am hoisted on my own petard. It's not like Paul has a history of spam fighting or anything that would make him a target towards something like this.. nah.. And I fall into the same category as Paul in that case. Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
Re: anybody else been spammed by no-ip.com yet?
On Fri, May 03, 2002 at 08:13:52PM -0400, [EMAIL PROTECTED] said: Picture it as a fellow stopping by every night and filling your home mailbox with horse manure...I'm sure you'll get a feeling for how most of us regard it. A) it wastes bandwidth B) It wastes our time C) It's the litter of an otherwise clean Internet. D) It's a method of placing the costs for the actual emailing on someone else without their explicit permission...the ISP, the user, and the ISP's other paying customers all pay for the act, either directly or indirectly. We need to make it illegal as soon as possible everywhere. Overall, an excellent post - very good illustration of why spam is wrong. However, I prefer to solve this problem, created at the union of technology and business (however un-businesslike spamming may be, the motivations are business), with a solution that's a mix of technology and business. Namely, using technology to effectively quarantine and blacklist spammers and those who support them (whether actively or passively), which will eventually make spamming and supporting spam so painful to the bottom line that no carrier will allow it. We just haven't got there yet. I really would like to hold off governmental involvement as much as possible. Using Congress to solve technical problems is like using a hammer to cure a hangnail: It may fix the problem, but generally you find that you'd rather have kept the problem than taken the solution. Naturally, the technical solution will only work if everybody supports it. Whether or not _that_ will ever happen is another kettle of fish entirely. -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui msg01494/pgp0.pgp Description: PGP signature
Re: anybody else been spammed by no-ip.com yet?
I'm curious on this extra traffic data, since I'm somewhat involved with antispam website, it'd be interesting to get the statistics and post it to explain others how bad spam is for internet not only in annoyance but in actual extra costs and wasted traffic. Do you have data on approximate amount of this extra mail bandwidth due to spam per user? Actually lets be more exact, can some of you with 10,000 real user mail accounts reply how much traffic your mail server is using and if you have spam filter, how much (in percentage) of mail were filters. And how big were the filterd spam in comparison to all other regular mails? And if possible how much in amount of disk space was it in comparison to all other emails? On Fri, 3 May 2002, Gregory Hicks wrote: Date: Fri, 3 May 2002 15:27:08 -0700 (PDT) From: Scott Granados [EMAIL PROTECTED] I realize this statement I'm about to make is going to open a huge... can o worms but ... and hoefully everyone knows I mean this in the most friendly responsible way ever but I'm not sure entirely what the big deal with spam is. Honestly sure I get it like everyone else, in some [...snip...] money. Today with flat rate access and many people not paying on a per packet basis it seems to me that the responsibility lies with the end user to filter properly and or dress that delete key. I always shut [...snip...] The problem with this is that, yes, to the END USER, there is no direct cost involved. However, in order to maintain the same level of service, the ISP is forced to go get a bigger pipe and/or bigger, faster routers and/or servers. (Raises prices a bit per account) The transit provider raises the costs to the ISP because the packet count has gone way up. The backbone provider has equipment running a bit hotter because of the increased packet count. This may cause them to either increase the bill to the transit provider and/or procure bigger and better equipment (to handle the load) before their planned replacement time... The peers to this ISP are forced to get either bigger pipes and/or more costly equipment (routers) in order to handle the increased packet count they might be seeing. In all of this, the bozo (well..., 'user' really) originating the email (well, spam) has not paid a thing other than a temporary interruption in service for one of his throw-away accounts and is still paying a 'flat rate' for the POP (dial-in) service that HIS isp is providing. For snail mail junk mail (aka spam), the mailer bears ALL of the costs and, if there is insufficient returns on their junk mail, is forced to stop. A 'spammer' does not see these costs and thus has no incentive to find another model to do business. We get, for our 7K users, upwards of 25,000+ unwanted messages per day that make it past our not so rigid filters. My $0.02 worth. Use the delete key... Regards, Gregory Hicks On Fri, 3 May 2002, Mitch Halmu wrote: On Fri, 3 May 2002, Paul Vixie wrote: I hate to sound like the big idiot here, but what exactly in the email you received indicates no-ip.com spammed? It looks to me like you just have some secret admirer who thought you wanted a no-ip.com account, and no-ip.com emailed you to confirm that you do want the account. spam is like pollution in that (a) whenever you're not sure if you're doing it, you probably are, and (b) if everybody did whatever it is, life would be universally worse for, well, everybody. Random disclaimer: Yes, we're a competitor of no-ip.com's... And yes, we used to send similar emails to people signing up for an account, although nowadays instead of sending them an initial password we send a confirm URL instead. that's the right approach. no-ip's problem was they presumed my permission. You don't even have to be in the big idiot league to figure out that in both the wrong and the right approach as sanctioned above by a higher authority, an email message (aka spam) is sent to the presumed subscriber. One sends a password, one asks for permission to issue a password on their site. What's the difference in the annoy factor, if indeed one were to be subscribed by a secret admirer? Mr. Halmu chose to think, rather than bindly obey... --Mitch NetSide -- William Leibzon Elan Communications
