Spam - how would you deal with it?

[Paul Adams]

It seems that last month, of all the emails passed through MessageLabs, more than 2 in 3 were spam.

The Register article.

Different legislations around the world mean that spammers can set themselves up somewhere and operate without fear of reprisal.

Only very recently have the big companies started to consider revamping the very basic nature of SMTP email to do validation on senders of emails, but this will take a long time to get ratified and even longer to be enforced globally.

What would you do to combat the problem of spam - either implementing a system to stop it being possible, or legal proceedings to fine/jail the biggest contributors?

Or is it a lost cause?
Should we all set our email accounts to only accept email from people on a white list which we have to maintain ourselves?

Or has spam not really had an impact for you, so do you not see it as a major problem?

[0iD]

I don't think you will ever stop it, no more than you can stop getting junkmail through the post. Mind you, is there not an opt-out list for junkmail? Maybe there could be an e-mail equivalent. Is that at all feasible?

[Richie]

I dealt with spam 3 years ago when I bought my first domain which had POP3 boxes included.

I set up individual addresses for things like onine shopping, forums etc etc I havent had one single bit of spam on any of my domains yet. If I did I would just close that email address off and change the address

[Paul Adams]

I don't think you will ever stop it, no more than you can stop getting junkmail through the post. Mind you, is there not an opt-out list for junkmail? Maybe there could be an e-mail equivalent. Is that at all feasible?

The main difference when it comes to email is its global presence - if you send a spam email from a country where it is not illegal to a country where it is illegal, what happens?

Junk post is unlikely to be international, and a lot more costly when it misses the target audience.

The 3 main subjects for spam are (I think):
financial (loan, credit card offers, etc.)
pharmaceutical (cheap viagra! increase the size of your manhood! and so on)
porn ('nuff said)

They know that they are just bombarding email systems across the world with emails designed to try and get past Bayesian spam filters (this is why they contain random words in the subject line and at the bottom of the body), and they know it's not appreciated by most people, but don't care.

The domains they send from are often spoofed, and the ISP accounts they use are meant to be temporary ones as they fully expect complaints and will be shut down - they just use a credit card to open a new ISP account, rinse & repeat.

Different countries have adopted different approaches to combat (rather than pro-actively prevent) spam - but if there is no common global law regarding it, there are always places that the current system can be abused.

I dealt with spam 3 years ago when I bought my first domain which had POP3 boxes included.

This is exactly what I do too, but it is still a solution that is for tech-savvy people only, and if your personal email address gets onto a harvested email list then you have to inform all your contact of a change of address every time.
This is why businesses are impacted more than individuals - they can't just chop & change their addresses and must rely on software to block spam.

[0iD]

Any solution, be it filtering, legislation of otherwise is going to be hard to enforce on such a vast scale. But something does indeed need to be done before the internet becomes choked with the stuff.
Programs like Mail Washer & the like are good at what they do, but I agree that something needs to be done closer to the source of the problem.

[Jiff Lemon]

ISP's need to get more heavy handed. People who send spam or virus's from their network should be ring-fenced ASAP. The only net that that machine then sees is a "you have a problem with your machine, contact the ISP on xxxxx". It's not that hard to implement, just requires initiative.

If ISP's were then forced to comply to act with 24 hours of report, or face having their entire domain blacklisted, it may force a few to get their act together. As a customer you wouldn't be impressed that you couldn't send mail cos you're ISP couldn't manage it's network, so would look to go elsewhere.

[Moby-Dick]

We have our antispam via messagelabs

I see no spam

[Paul Adams]

ISP's need to get more heavy handed. People who send spam or virus's from their network should be ring-fenced ASAP. The only net that that machine then sees is a "you have a problem with your machine, contact the ISP on xxxxx". It's not that hard to implement, just requires initiative.

If ISP's were then forced to comply to act with 24 hours of report, or face having their entire domain blacklisted, it may force a few to get their act together. As a customer you wouldn't be impressed that you couldn't send mail cos you're ISP couldn't manage it's network, so would look to go elsewhere.

Interesting approach - actually it's something I have thought for a while, given all the virtual ISPs operating as 2-man outfits that popped up and disappared overnight when the flat-rate dial-up access was common.

At times I've even thought of a really OTT policy to have computer users require a "licence" to show they are capable of operating a computer, after a week full of talking to complete idiots

In the event of a user unknowingly acquiring a virus or a spam-trojan and getting cut off and told to contact the ISP, how do they get the problem resolved?
Especially if it requires downloading some tool to clean the machine?

I guess they could have a "walled garden" phone number which allows them to connect to a specific set of sites to get the tools?

Personally, I'd like to protect users from themselves by blocking all inbound service ports unless they explicitly ask for them to be opened (and had good reason), that could help a bit.
(Okay, not so much against trojans as they'll use high ports, but for OS vulnerabilities and people services they weren't aware of it would help.)

We have our antispam via messagelabs

I see no spam

Ah, as do we - but as a matter of interest, as our mail provider vendor was offering it for free, we implemented a second layer of spam filtering in March.
It almost doubled the number of trapped spam emails, showing that MessageLabs, while being really good, is still letting junk through.

[Moby-Dick]

what ML settings have you got ?

put their heuritics on and it should trapp the vast majority
if you really want belt & braces , combine it with GI mail essentials

[Paul Adams]

what ML settings have you got ?

put their heuritics on and it should trapp the vast majority
if you really want belt & braces , combine it with GI mail essentials

ORDB
RBL
RSS
DUL
Custom IP Blacklist
Custom Domain Blacklist
Heuristics

All enabled, appending a header and redirecting to a single spam mailbox to check for any false positives and get an idea of the volume being blocked.

Stats:
Jan - 2165
Feb - 2388
Mar - 4187 (the second layer of spam filtering enabled around 10th March)
Apr - 4923

I was kind of surprised and thought the in-house filtering solution must have been throwing out tons of false positives, but we've only identified 3 LOL.

[Moby-Dick]

not bad at all - I'm not convinced that the ML antispam is as advanced as their skeptic engine for Anti-Virus to be honest.

[Jiff Lemon]

In the event of a user unknowingly acquiring a virus or a spam-trojan and getting cut off and told to contact the ISP, how do they get the problem resolved?
Especially if it requires downloading some tool to clean the machine?

I guess they could have a "walled garden" phone number which allows them to connect to a specific set of sites to get the tools?

Exactley. Don't get me wrong, it's not a perfect solution - I'm sure you'll get someone saying "but I don't run XYZ's software" or "but the software doesn't run on my obscure out of date OS", and frankly I'd put that in the big box labelled "Not my problem". You want access to my network, you sort your machine out.

I've lost count of the number of machines that I've seen with out of date (6months +) virus definitions, or missing patches ("but it said it'd take 15 minutes to download"). The tools are out there - people winge about having to pay £50 for AV software but you don't hear them complaining about the £240+ a year they pay for their net connection? It's YOUR computer, and therefore YOUR responsibility to look after it. If you drive an unroadworthy car, the police will pull you over, fine your a$$ and not let your vehicle back on the road until it was made roadworthy.

Rant over - maybe I need to go easy on the new coffee machine!

[RVF500]

Would love to have an application that did something like a reverse telnet session back to the spammer and then fried their drives. Inconvenience those annoying tw*ts for a change.

Meanwhile.....back in the real world......

[Paul Adams]

Would love to have an application that did something like a reverse telnet session back to the spammer and then fried their drives. Inconvenience those annoying tw*ts for a change.

Meanwhile.....back in the real world......

Someone once wrote an application to attempt to connect back to the source of a port scan and attempt to hack them back... they were absolutely crucified by the security world.

Sounds great in principle, get your own back on the guys probing you for trojans... only it's not illegal to do port scans, but it is to attempt vigilante justice like that - plus you cannot be certain that it's not a man-in-the-middle attack, and you end up hosing some innocent's "owned" PC.

Even if you go after the company that the spam appears to be advertising, they claim that it's a competitor trying to ruin their image.

It truly is a crappy situation to find ourselves in

[Rabs]

ISP's could introduce a send limit on home based accounts to 50 emails every 10 minutes.

Users could request an upgrade on this if their needs are greater. ISP's could then monitor users which request an upgrade, they could also write something in the AUP that they will pass on details of spammers to law enforcement agencies or something along those lines.

[Paul Adams]

ISP's could introduce a send limit on home based accounts to 50 emails every 10 minutes.

Users could request an upgrade on this if their needs are greater. ISP's could then monitor users which request an upgrade, they could also write something in the AUP that they will pass on details of spammers to law enforcement agencies or something along those lines.

Not a bad idea, I also like the idea of blacklisting ISPs' SMTP servers that are known to be "spam friendly" - if customers weren't able to send email they'd soon kick up a fuss


Looks like there might be a little bit of action going on finally...
http://www.theregister.co.uk/2004/05...us_china_opens