All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
The Spam Problem.... new thoughts and ideas for control needed?
AnthonySmith
Member, Patron Provider
Hi Folks,
I got a ticket in today from a customer very soon after once of the /25's I lease ended up on a spamhaus SBL, not because of any wrong doing by any of my own clients for because 5 records of spam from the /21 were witnessed.
It will get sorted out, however it is very obvious that this stupid method of blacklisting simply does not work, more spam is sent today than ever before, the only difference is that more legitimate mail gets blocked as a consequence of the blacklists.
I think some change is needed to the way it is handled amongst us as providers who supply the IP's to end users rather than allowing these third parties to dictate to our customers what mail can be sent and to where.
Heck even if it was just a list maintained by hosts for hosts with an audit-able seal of approval to confirm that host XYZ takes action against spam within 24 hours that would be a start that would get us working together on common issues like this much as a lot of us do with fraudrecord.
I say all this also after having to resort to twitter multiple times just to get digital ocean to react to about the 10th paypal phishing email in 5 days from the same IP and filing an abuse report every time.
Any thoughts?
Comments
I second that.
Spamhaus is blackmailing providers, that is only true, why don't list single offending IP... there is no money in blocking single ip...
I hate them.
Well, best policy would be that you as a host get notification from some "anti spam" organisation to act against abusive user in following 24 hours. If mailing continues then SINGLE IP should be blacklisted.
Blocking whole range for 10 abusive IPs is blackmailing !
DNSBL are totally awesome, but if and only if you're using it right. Basically, you shouldn't reject letters from IPs which are listed in SBLs, but just add to letter, which is originating from that IP, spam score. Unfortunately, many e-mail server administrators don't understand that ><.
Spamhaus has always existed with the sole purpose of blackmailing people - it's a private organization taking government level actions, that's just not right from the beginning.
Indeed DNSBLs should contribute to the score, not finish it off, as @dazedandconfused. Furthermore, spam is overrated, the only spam around are message bombs and Viagra advertisements etc, they're all so easy to filter out on just volume and keywords...
I should add: spam used to be a real business back in the .COM bubble, with entire shell companies being racked up for it. Now spam is something you can do for $3/mo, little business, little profit, especially little gain.
What was pretty uncommon back in the '90s and very much now is IP leasing, which makes spam fighting impossible on IP basis. IPv6 just about finishes this feature, after all, verifying the domain it's coming from and blacklisting keywords and domains should be enough, granted it goes into your SPAM folder and not /dev/null
Email is such a pain... spamhaus is a blackmailing monopolist. yahoomail, hotmail, gmail arent very different either. No matter what we decide here, the final vote is that of these companies.... With the new tlds like dot gmail, hotmail, etc their grip on email just tightens further, gotta pay the piper ... The entire infrastructure of ip based reputation is flawed.
The only true way to indefinitely stop spam is to switch to captcha like confirmations at the receiving end, a lot like what spamcop has to offer. For every email you send, you must confirm you are not a spamming bot... Genuine automated bulk emailers must be whitelisted by the email account owner prior to receiving their email.
An even better solution: proof of work.
Sadly the backwards compatibility is an issue.
You can also set that up yourself, just write something on your own mail server that rejects mail from unknown senders and sends them an email explaining how to contact you by filling out captcha. Once they fill it out they get put on recognized list.
Too bad then no one wants to email you anymore
If its important they would otherwise they should just trash social platforms
Let the revolution begin ... VPS vendors unite
I guess what everyone has said so far is kind of relevant to my main point, none of it really works well, all most of the solutions do is prevent genuine emails from being received (I accept it also filters some spam).
How about a 2 way credit based public email system.
You sign up you can send up to 2 emails in the first 24 hours and receive up to 5, that increases by 1 per day but only if you send at least 50% of your previous allowance.
I don't know just spit balling because I am getting tired of being offered luxury watches from 6 different and new domains every day, kind of an annoying problem with nothing but terrible solutions currently.
Yep I have said it more times than I can count now, we are competitors and some of us are not exactly best friends however we all deal with the same BS on a daily basis and either do not work together to resolve it or rely on some third party laying down the law.
Seems madness to me.
@Jack naa just a general thing, I am more referring to myself getting tired of getting a lot of spam, for obvious reasons I cannot filter incoming emails to much.
After the 1000'th fake paypal or luxury watch email it starts to grate on you a bit.
Only 1000? You lucky bastard
Anthony such a system would introduce the need for 1) a central authority to check everyone's credit or 2) without central authority it wud require u to trust that the sender is adhering to such a scheme which would eventually lead to ppl developing services that create trust detail dbs of such providers & eventually u will get another spamhaus....
I think de only route through is without central authorities... Where the recipient user decides if it's spam or not after the sender has verified the message is not spam by filling in captcha/etc at the recipient end.
Well I did mean an automated solution for the limits, I am sure this thread with result in nothing to be honest, just throwing it out there
@joepie91 haha thanks
There is no perfect system, by the way many of the responses so far have mentioned blackmail by Spamhaus, do any of you have personal experience with this?
They do list have /32 listings, I've always found them to be quite reasonable in their dealings but I'm sure they get frustrated after the 100th listing for the same company, as would anyone.
There is no easy way to stop SPAM, the blacklists are not a great solution as more often than not it's legit users who are getting blocked, and since everyone uses different blacklists, you might be on a blacklist you didn't even know existed. We'd have to fundamentally change the email system for any of what you're proposing.
I think the best system right now is IP reputation, however it does not account for IP turnover which is increasing more and more due to depleting supply of IPv4.
Stop lying to yourself spam is an actual issue lol, some basic keyword filters will keep those embarrassing and stupid e-mails out for you, they're so overly obvious for filters and geeks.
These days it's just sad most providers rely on a reputation system rather than just a keyword system, it has probably to do with the e-mail market still generating quite some money in bulk
Anti-spam software is the only way.
The problem with services like spamhause is that they block shared ip's aswel meaning that legit email from people that use shared hosts gets rejected.
I don't think that it is acceptable that services like spamhaus reject potential important emails, I always disable those blacklist services.
Even at my former job had issues with ransom lists such as uceprotect. They blacklisted the whole ISP because, you know, was from romania and all romanians are spammers. Of course, all romanians stopped using them (there were some, lol), however, yahoo and others kept using those clowns. Today they have to beg for money extortion no longer works.
As for spamhaus dont get me started, a quick check in major spamlists for AS 34971 will give very few results, much less than most other providers, yet, spamhaus still felt the need to blacklist a whole /23 and issue threats for the whole AS because of 2 incidents (something I never heard of they called it "flooring scheme" and was not even that AS where the spam originated from, was because of the site or DNS, dont remember).
No, there never is. That doesn't mean that the system currently in place isn't horribly broken, in need of replacement, and (conceptually) easy to improve upon.
"There's no perfect system" is never an argument against trying to improve what there is.
Bullshit. That's just trying to fix the issue after it has already occurred.
If you have a better suggestion that is not depending on a third-party blacklist service then i would appreciate it if you could share it with us.
Thank you!
It is possible to reduce global spam.
Most spam are sent by botnets (malware-infected computers), whose owners often have no idea of what their computers have done. If we want to reduce spam, we have to reduce the size of botnets. We need to:
I have been doing that (botnet detection and share information with ISPs/CERTs) since 2009, for more than 4 years now. I have found more than 770K suspected botnets' IP in 2013.
Spam is decreasing. Symantec said in its 2013 Internet Security Threat Report, Volume 18, p.42: "Spam rates declined for a second year in a row, dropping from 75 percent in 2011 to 69 percent of all email in 2012." But we have to remember that spam will never disappear, just like we have had police for a long time, but crimes still exist.
I already did. A few posts back.
Again, this is just a form of mitigation. It doesn't solve the actual problem. Once one ISP doesn't inform his customers (for whatever reason, be it a legitimate reason or not), your entire system falls apart, and you're back to the blacklisting situation.
Oh, http://en.wikipedia.org/wiki/Proof-of-work_system ?
i didn't look that up before, my apologies, i'll check it out.
Yup. The idea has been around for a while (10+ years at least), but the problem is that it would require a backwards-incompatible change to the e-mail protocols. Another common issue is that it would require more CPU for for example legitimate newsletters. It's not a perfect solution, but a whole lot better than what we have now - assuming it is possible to implement it without breaking backwards compatibility.
EDIT: For anybody who doesn't feel like reading up on this; the mechanism is similar to that in Bitcoin, except here the sender of an e-mail completes the "proof of work" challenge, requiring CPU power, and making spamming less economically viable.
So what then, all spammers would line up to buy ASIC "proof of work" rigs so they can spam cheaper?
@joeoie91 great idea the effort required to spam would kill 80% over night.
Very doubtful. Profit margins on spam are tight.
The answer lies in extremely difficult captcha requirement to be filled in by the sender at the recipient end! No one is definitely going to pay people for filling in captcha manually for such large number of emails especially with all the other spam filtering checks in place.
I think he was refering to a cryptographical proof-of-work, not a CAPTCHA. A CAPTCHA wouldn't be feasible anyway, it would kill any possibility of legitimate automated messages (newsletters, notifications, etc.).