Forgot your password?
typodupeerror

Getting on Top of Spam Down Under 128

Posted by ScuttleMonkey
from the sudden-increase-in-spam-drone-numbers dept.
The Register is reporting that Australia has implemented a new industry code for the regulation of email with respect to spam. From the article: "Under the new code, internet service providers (ISPs) will bear some of the responsibility for helping fight spam. Service providers must offer spam-filtering options to their subscribers and advise them on how to best deal with and report the nuisance mail. ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email."
This discussion has been archived. No new comments can be posted.

Getting on Top of Spam Down Under

Comments Filter:
  • Hmm (Score:2, Insightful)

    by Vokbain (657712)
    While this is a good idea, I'm surprised most ISPs wouldn't do this anyways. It's a considerable waste of bandwidth, and their best interest to reduce spam.
    • Re:Hmm (Score:5, Insightful)

      by Bromskloss (750445) <auxiliary,address,for,privacy&gmail,com> on Tuesday March 28, 2006 @02:27PM (#15012082)
      I'm surprised most ISPs wouldn't do this anyways. It's a considerable waste of bandwidth

      I'd say the kind of spam filter I'd prefer does not delete any mails, just tags them so I easily can do any filtering I want with them. But oh, I forgot. You don't have to know how to use a computer to use a computer. That is, people could never be bothered with something like that.

      • Re:Hmm (Score:3, Insightful)

        by grasshoppa (657393)
        I'd say the kind of spam filter I'd prefer does not delete any mails, just tags them so I easily can do any filtering I want with them. But oh, I forgot. You don't have to know how to use a computer to use a computer. That is, people could never be bothered with something like that.

        While elitest, you fail to grasp what the grand parent was saying;

        ISPs should be doing this anyway, to save on bandwidth. This has nothing to do with a user. Hell, I'm careful with my email address, and I still get spam.

        It can
        • I hope there are stipulations for what kind of account you have...

          I always go for a business connection at home from my ISP...so I don't have limitations on what servers I can run...etc. While I don't send out a ton of email, I do have a good bit of traffic on my email server....for my business and others. Who is to say what a 'reasonable' email sending limit is? My traffic can get pretty high sometimes, but, I do keep an eye on it to make sure others aren't sending spam through it...

          I supposed the major

        • While elitest, you fail to grasp what the grand parent was saying; ISPs should be doing this anyway, to save on bandwidth.

          Yes, I think I understood that. My point was that if they are going to deliver the mail anyway (as I would like them too) they aren't saving any bandwith.

          Elitist.. well, whatever you say. It just happens that I think "Oh, they shouldn't be using a computer if they don't know how to fix this or that." when I hear of someone who has some problem with their computer. But I then real

        • Re:Hmm (Score:3, Insightful)

          by turbidostato (878842)
          "But I also have my mail server setup to check spamhaus so I can *NOT* recieve that mail in the first place."

          Then, you know where this road takes you.

          Dear Mr grasshoppa, in our fight against spam, side by side with the legal forces and (somehow) following their indications, we have to tell you we're going to shut down all your towards-port-25 traffic. Sorry for the incoveniencies.

          Only they won't send the letter, you'll find suddenly because your mailq is steadily growing and no mail is going off.

          And among
    • Re:Hmm (Score:3, Interesting)

      by arivanov (12034)
      Dealing with lusers who have been quarantined costs much more than the actual cost of the uplink bandwidth of a DSL line. In addition to that in an ISP which does not do significant amounts of colocation the overall balance of traffic is towards incoming. As a result extra outgoing traffic is usually outright ignored.

      So the economic driver to quarantine Typhoid Marries is simply not there. As a result the Telcos and access ISPs will continue not to care until the rest of the industry (banks, e-commerce, e

      • Dealing with lusers who have been quarantined costs much more than the actual cost of the uplink bandwidth of a DSL line.

        Yep. It all comes down to money.

        Personally I am all for the immediately quarantining utility customers on the first SPAM sent out and forcing the mandatory usage of relays.

        I agree on the relays.

        What I don't understand is why the ISP's don't do SOME degree of spam checking and dump the offending customers onto their own email server?

        Okay, I know why BellSouth doesn't do that. They send

      • Personally I am all for the immediately quarantining utility customers on the first SPAM sent out and forcing the mandatory usage of relays. Same for DDOS, so on so fourth. And anyone who does not want to be subjected to this regime should simply pay an extra for not having it.

        Define SPAM, when coming from one computer. The same can go for a DDoS. My father sends out e-mail messages to a mailing list of well over 50 individuals. That is not SPAM, but to some filters it may look like it. Maybe you sug
    • Re:Hmm (Score:2, Interesting)

      by Punkrokkr (592052)
      I worked at an ISP for a while, we were attempting to implement some sort of spam filtering; yet our biggest problem was giving the users a choice. Why are there spammers? Why is spamming such a lucrative thing to do? Because somewhere there is some moron who wants the spam. That was our problem, we couldn't filter out all the spam because some of our customers wanted the spam. It took a bit for me to wrap my head around that one.
      • by Buran (150348)
        So you anger the majority of your customers by catering to a tiny majority who are in turn causing others huge problems? I'd say a response of "We do not do that as it is causing problems for our other paying users" would have been appropriate here, along with a page on your website about why you do not and will not knowingly pass spam along.
      • by rtb61 (674572)
        Actually I take a portion of the spam so I can report it to the proper authorities, so that those individuals, where possible can be pursued and convicted for their crimes. ISP's when they filter spam don't necessarily do anything about reporting the offenders or provide proper data to the authorities so the legal process can be reviewed and updated as necessary.

        ISP false positives are also a hassle, you have to go back and check all the spam to make sure email you wont is not being intercepted, hence you

    • A friend of mine and I are thinking of starting a postini-like business for reliable mail filtering (We've learned a lot about how to do this administering the sendmail infrastructure for a large global company :). A logical set of first companies would be ISPs. They can offset their cost by making it an option users could pay for. They would have control over filtering settings, and for ISPs, users who get forwarded to our anti-spam relays.
    • Most Australian ISPs do offer antispam protection.
      Some want payment for it (which I consider pennypinching), some do it for free, using different methods and policies.

      It makes sense for them to do so. It cuts down on traffic, and it makes their customers happier.

      Alot of ISPs are doing some port blocking to protect their customers too, often with options to opt out if you have a need.

      All good things, IMHO.

      ISPS do have a responsibility to protect their customers if they have to tools to do so, despite the rh
  • paid spam (Score:4, Interesting)

    by dotpavan (829804) on Tuesday March 28, 2006 @02:23PM (#15012053) Homepage
    How would this clash with the pay-for-spamming option by AOL?
    • This might actually restrict mail you don't want whereas AOL will allow anyone who gives them money to spam your mailbox. Pretty much if you report nuisance mail they should stop the flow with filters. AOL doesn't care what you want unless you're willing to pay more than the business that wants past AOL's filters.
    • There are serious problems with AOL's use of GoodMail, but "paid spam" isn't one of them. Goodmail has fairly reasonable anti-spamming policies, and charges enough per message as well as their big upfront deposit. They're designed for commercial email senders that people actually do want to subscribe to - customer support mail for products, banks emailing customers, and that sort of thing. Some of it's junky mail, but it's junky mail you subscribe to, and unsubscribe have to work or the sender gets spank
  • Agh (Score:4, Interesting)

    by c0dedude (587568) on Tuesday March 28, 2006 @02:23PM (#15012056)
    What a stupid law. Why put enforcement on the ISP's? There aren't that many spammers, the key is to go after them with harsh penalties. The rest will wake up after a few test cases.
    • Re:Agh (Score:2, Insightful)

      by Tweekster (949766)
      Most spammers are already committing multiple felonies as it is that would result in pretty harsh sentances. There is no point in NEW laws that wont be enforced when there are already laws that exist that attack the actual important laws being broken.
      • The reason to make laws telling ISPs to fix the problem is because laws telling spammers not to spam at best would only stop domestic spammers, not foreign spammers. So if Australia actually wrote an effective anti-spammer law, it would push Aussie spammers offshore (or get them to spam Americans and leave spamming Aussies to us and the Chinese.) Of course, the politicians haven't written an effective anti-spam law, and it's not clear that such a thing is possible, so they're dealing with their previous f
      • by Buran (150348)
        They will be enforced. Why? Because legitimate ISPs are easy to find and sue, but spammers aren't. The idea of suing spammers, and not doing anything further, was idiotic in the first place. We need to keep the laws that make spamming a crime -- AND stop allowing ISPs to pretend it's not their problem.
        • The hell spammers arent easy to find not to mention the companies hiring these assholes to break the law. Trivial to find.
          • by Buran (150348)
            So my bank hires phishers to try to get me to hand over my account info? So Pfizer hires spammers to sell its medications without a prescription? So Microsoft and Adobe and Symantec hire spammers to sell OEM bundle-only CDs?

            The hell spammers are easy to find.
    • Re:Agh (Score:2, Informative)

      by nickh01uk (749576)
      I agree, having worked at an ISP... cracking down on the network operators just tends to lead to spammers migrating more and more frequently to new hosted servers and providers. Spammers find it pretty easy to up-sticks and leave at short notice, and most providers pride themselves on getting new customers up and running fast.

      There was a newsletter I caught recently talking about some of the successful prosecutions for spam 'downunder'. It sounds like they are making progress.

      The full text of that news

      • Re:Agh (Score:3, Insightful)

        by gurps_npc (621217)
        That just means they need to put in smarter controls, rather than none.

        For example, you can easily arrange for all accounts to be limited to 50 outgoing email/day unless the person has a valid credit card that gets charged a $1 set up fee, or they receive by regular mail a form, that they must sign and mail back.

        The few NON-spammers that send more than 50 out going/day should be either willing to wait for their 51st email per day or pay $1. I can't see anyone except spammers being pissed off about this.

    • You make it sound like zombie boxes acting as spam servers don't exist. When I checked the server at one of my relatives' firm, I found no less than 300 different pieces of malware (virii, spyware, etc), and the antivirus I installed immediately started detecting spam sent everywhere. No wonder they felt that it was a slow network connection!

      Stopping this flow of spam the users don't even know about is best managed by the ISPs, and in their own interest too: the effort to explain to customers this stuff mig
    • by Buran (150348)
      It's a lot easier to enforce regulations barring ISPs from willingly ignoring spam than it is to find the assholes who are dumping crap into my mailbox every day. You tell me why my bank keeps wanting to give me $20 multiple times a day and who is sending those messages, and cram a wrapped bundle of 20s up his/her ass and send me proof (not a photo, please!) and then I'll believe that this law is stupid.

      It would be stupid if enforcement was actually going on. The thing is, there are spammers being busted an
  • Hmm... (Score:2, Interesting)

    by jamesgamble (917138)
    So the law states that ISPs have to give consumers a choice on their spam protection. Does the law mention anything about if the ISPs can charge the customer for that option?
    • Great point. I got an email from DoDo (my ISP) the other day, where they offered to add SPAM tags to my e-mails for a small monthly fee.

      Now I can't see how routing ALL mail through spam-assasin so it gets tagged actually costs anything extra and above 4 or 5 people doing this. So I've come to the conclusion that DoDo sees this ruling as a great way to make money from spam, and and they have NO committment to cutting down spam going through the network.

      DoDo charges a monthly fee plus data charges after a c

      • I find this rather immoral - I fail to see why every mail isn't scanned and tagged for virus.

        Especially as there are ISPs here in the USofA who already do that at no additional charge.

    • This is a great point, but I think it's open, since this is not a law, it's a code-of-practice.

      An ISP cannot be convicted for failure to comply with a code-of-practice. The worst that might happen is that said ISP would not be able to say “We comply with the Australian ISP code-of-practice regarding SPAM protection”.

      The ISP may suffer financially since it doesn't have that tick-box feature, so the cost/benefit of implementing the Code could be weighed against the percieved risk of customer

  • by DrSkwid (118965) on Tuesday March 28, 2006 @02:28PM (#15012091) Homepage Journal
    Anyone got a link to the *actual* legislation ?

    • That is easy to define: unsolicited bulk email...(this includes political spam too) How much is bulk. well I doubt any normal user is sending out 50 messages a second to friends that may not be expecting an email (technically unsolicited) If it is a legit mailing list, it isnt unsolicited. If you are emailing a friend from college, it isnt bulk. I wish more ISPs would filter port 25 outgoing (with a reasonable way to get unblocked for those 2 users that need it) and rate limit the mail. That would st
    • Anyone got a link to the *actual* legislation ?

      Here you go [acma.gov.au] (pdf warning)

      It's not legislation, but a code of practice (a sort of howto follow the legislation). from the linked pdf:

      means commercial electronic messages that:
      (a) are unsolicited within the meaning of section 16
      of the Act; or
      (b) do not include accurate sender information as

      • means commercial electronic messages that: [emphasis mine]

        Here's the legislation [comlaw.gov.au] - and a link to the rather more helpful plain english explanation of what constitutes a commercial message [dcita.gov.au]

        Quoting it:

        EXAMPLES OF COMMERCIAL ELECTRONIC MESSAGES
        The following are common examples of electronic messages which are likely to be considered a commercial electronic message:
        * offers of stock-market options, credit and mortgage arrangements;
        * offers of computer goods including software and hardware;
        * promotions of

    • Anyone got a link to the *actual* legislation ?

      Because the 2003 anti-spam code was so totally effective to reduce all spam, let's have another [acma.gov.au].

  • by nathan s (719490) on Tuesday March 28, 2006 @02:30PM (#15012109) Homepage
    ...have some bizarre fetishes.
  • by u16084 (832406)
    I run a tiny web host biz (150 or so domains) .. Our Clients INSIST on spam filtering.. We're not an ISP... I could say "Heres Spam Assasin" deal with it, but, it doesnt work in the real world. We have to deal with the spam. Why would anyaone give out their primary email address on a form anyways? Let the Yahoos,gmails,and hotmails deal with it. (no?)
    • by Khyber (864651)
      Let the Yahoos,gmails,and hotmails deal with it.

      No, because quite a few services plain and simple do not accept free email accounts for registration or other things.
    • by khasim (1285)

      I run a tiny web host biz (150 or so domains) ..

      So far, so good.

      Our Clients INSIST on spam filtering..

      So you host web sites and mail servers?

      We're not an ISP...

      And?

      I could say "Heres Spam Assasin" deal with it, but, it doesnt work in the real world.

      Well, since it APPEARS that you are running email servers, you would not be doing that. You would be installing SpamAssassin and you would be offering your services to your customers to configure it, or you would provide a mechanism so they could configur

    • Re:ISP (Score:2, Interesting)

      by hedwards (940851)
      Personally, I still have my first email address from circa 1997. I have used it for a number of years on forms and I am sure that a google search would find numerous listings.

      Right now I get approxamtely 10-15 spam messages a day. That is without any sort of blocking and is on the high end of what I generally get.

      Surprisingly the majority of spam actually goes away if you unsubscribe from it at the bottom. I used to get 1500-2000 spam messages a week until I started unsubscribing.

      I am currently trying out h [bluesecurity.com]
      • Surprisingly the majority of spam actually goes away if you unsubscribe from it at the bottom. I used to get 1500-2000 spam messages a week until I started unsubscribing.

        Suprisingly it didn't do that for me. The best method I know of is to forward all my mailboxes into gmail and let that filter do its work.
  • Unimpressed. (Score:5, Informative)

    by tpgp (48001) on Tuesday March 28, 2006 @02:34PM (#15012135) Homepage
    Colour me unimpressed - the Prime Minister of this country (John Howard) phone spammed [theage.com.au] the continent prior to the last election, then paid his smug looking [smh.com.au] son to spam the nation [smh.com.au].

    Anyway, back on topic, here's [theage.com.au] an article from a local paper - it contains a link to the actual code of practice [acma.gov.au] (pdf warning)
    • Are you just using random words for fun? Or did his son spam people in Australian territories that aren't part of the Australian continent (which is more likely with email than phones I guess)...

      • Are you just using random words for fun?

        I describe a continent-nation as a continent and a nation - and thats random?

        I hearby apoligize for failing to realise that other nations are themselves not continent-nations and failing to modify my post to reflect sensitivities of non-australian readers. (yeesh)
        • There were no sentitivities. And I'm not non-australian.

          I just wondered if there was a reason for using the two words or if it was just random (ie. you could have used them in the other order with no change to your intended meaning).
    • It seems that netharbour.com.au is no longer operating.
      The domain name does not resolve and ASIC lists the company as deregistered.

      Extracted from ASIC's database at AEST 11:06:40 on 29/03/2006
      Name NET HARBOUR PTY LIMITED
      ACN 106 807 201
      ABN 20 106 807 201
      Type Australian Proprietary Company, Limited By Shares
      Registration Date 24/10/2003
      Next Review Date 24/10/2006
      Status Deregistered Date Deregistered &nbsp08/01/2006
      Locality of Registered Office not available
      Jurisdiction
  • by fak3r (917687) on Tuesday March 28, 2006 @02:36PM (#15012150) Homepage
    Why wouldn't they have this running already? It would reduce wasted bandwith, and make users happier. ISPs should do their best, and let users know in case some crappy 'joke' fwd'd to 100s didn't get through. My suggestions: Graylisting Mailscanner ClamAV Bitdefender Spamassassin DCC checks This will help reduce things CONSIDERABLY - again, if I can do it at home, why can't an ISP have a dedicated FreeBSD box (or two) that just handle this step, and then pass it on IF it passes?
    • Your customers will usually send out the same amount of email every day. If it's within their regular levels, don't worry about it.

      But when they suddenly start sending 100 emails a second, to 100 different address, it's time to shut them down and email/call them to see if they meant to do that.

      Scanning outbound email can be a problem. I send virus tests to servers and I would not like an ISP stopping that.

      The same with scanning for "spam" because I also send spam examples to lists and other people.

      For me, t
      • I send virus tests to servers and I would not like an ISP stopping that.

        Ah, that's what we call it now :)

        Having never ran an ISP I can't comment too tightly on this, but in broader terms, filtering spam for my company is a bitch. The problem is, of course, that automated programs (such as spamassassin, which I use personally), just don't cut it on a grander scale. I have seen 11 year old kids with hotmail address' that are more random than the 90% of the spam addresses that we get [by default, I recomm
        • Bad move? So you acted to protect the majority of your users and two people complained so that makes it a bad move? If it's only two people out of 300 users that complained about it, you helped 298 people. Those that actually do want the emails can be exempted from the filter if they request it, but filtering spam by default is what I'd expect from my mailserver, and it's up to me to act if I actually want to receive mail that is perfectly legitimately normally caught by spam filters.

          GOOD MOVE.
        • We have an old GroupWise 5.5ep system. But I have it sending through an app called Guinevere that runs SpamAssassin and the anti-virus apps. Guinevere hands off to Exim4 running on Debian.

          Exim4 runs greylisting, checks open relay lists, etc. If everything passes there, it hands off to Guinevere which runs anti-virus then SpamAssassin (with Bayes) to flag anything suspicious.

          Prior to that, 8 out of 10 messages would be spam.
          Now, less than 1 out of 10 messages is spam.

          I prefer Exim4 because I can put my phone
    • The good ISPs already have dedicated boxes. Lots of them. The ones who run SA have about 8 times as many dedicated boxes as the ones who purely block based on DNSBLs (IME).

      ISPs _can't_ afford to run filters generally. If you want to run SA or other content filters, you should be doing those at the end user nodes, and not at the central hubs. Content filters work after the fact of accepting the email, at which point the only reasonable responses are to discard the spam silently, or generate a bounce.
  • That United States spam laws are working really well. I was going to say why bash on the ISP's and just have tough criminal/civil penalties. I seldom get spam I have to sort through.

    On the other hand these stats are interesting:
    http://www.ciphertrust.com/resources/statistics/ [ciphertrust.com]

    They tell me a few things.

    1. Don't use citibank.
    2. We're not doing as well as it seems to me

    • While there may be plenty of other reasons not to use Citibank, I don't think this is one of them. You'd let the bad guys pick your bank for you?

      I think the real lesson is not to be an idiot about emails from "the bank".

    • That United States spam laws are working really well. I was going to say why bash on the ISP's and just have tough criminal/civil penalties. I seldom get spam I have to sort through.

      I'd have to say you've been under a false impression. I run a very small mail server at home for family and friends, and it blocks thousands of spams every week. With my own mailbox, an average of about four spams a day make it through all my filters without getting blocked - certainly better than it used to be, but that's bec
    • Yeah, but what do United States spam laws have to do with Australian ISPs, unless something horrible happened overnight.
  • by Weaselmancer (533834) on Tuesday March 28, 2006 @02:40PM (#15012176)

    It's another token effort.

    internet service providers (ISPs) will bear some of the responsibility for helping fight spam.

    Some is not all, which means that any percentage they block meets the requirement. If they delete one, and pass 1000 - that fits the definition of some.

    ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email.

    Do any spammers use their own account for outbound spam?

    • "'ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email.'
      Do any spammers use their own account for outbound spam?"


      No, but how many people unwittingly have a zombie machine in their home? If their zombie status affects their ability to send the email they intend to send, you can bet they'll take action to correct the problem.
    • I guess everyone has different desires as far as the tradeoff between /dev/null'ing false positives and letting spam through, but I don't want my ISP doing any filtering of my content. If they want to tag it to help me identify it, OK. But otherwise I want to retain control of what makes it to me and what doesn't.

    • Some is not all, which means that any percentage they block meets the requirement. If they delete one, and pass 1000 - that fits the definition of some.


      Lawyers may be evil, but they're not idiots. If there's a law that says the have to offer spam filtering, you can bet that that means it actually has to be somewhat effective. The means to filter out 99% of spam is available, and relatively cheap. Any sane judge when given a spam filtering scheme that removes only 1 out of 1000 spam mails is going to say
  • I saw an article elsewhere on /. about wrong numbers directed to someone's cell phone (in essence, accidental phone spam). A few days ago, I saw a print article on the difficults an admin at a school corp. has with students' use of school computers, and that he routinely blocks 150 or so sites a week.

    These are all related issues with one simple solution - implement a "deny by default" rule. Deny all communications except what is permitted. Given the option, I'd have all phone calls from number other than
    • People don't do this because of exactly the same reason that you suggest that they should. If, as a network administrator (or God forbid an ISP), I block all but the Internet traffic I'm sure is good, the upkeep that I would have to do in order to enable all traffic that people want/need is going to be horrendous. Not to mention the fact that people are likely to be more upset about not being able to access something that they need access to then getting a bit of extra spam...I know I would.
      • I disagree. Sure, if you're an ISP, you've got no business doing that. But if you run a private firm (I'm *not* thinking Fortune 500 here) or especially a school district, where you can be much more draconian, then by all means do it. Even better, a home environment. I use WEP, disable DHCP, and deny by default at home - makes it a lot easier on me.

        As far as the Day 1 deluge, you can always grab the logs for the last day/week/whatever and use that for your initial filter (with some eyeballing for pr0n a
    • Perhaps you've heard of me? I'm pretty popular!

      By default I block all inbound IP connections, "except what's spefically permitted."
      • I'd be willing to bet the number of firewalls that are configured to allow by default exceeds the number of firewalls that are configured to deny by default by about 5 to 1. At least.

        I'm not talking about ports, but about source/destination of traffic. Of course, everybody's going to restrict to 80, 443, etc. But then you let in /. over port 80 and look what happens anyway.
        • The following list is by no stretch exhaustive but hits many of the major enterprise level vendors available today. I'm primarily a router/switch guy, not firewall guru, but my experience reflects the same info I got from a couple quick googles:

          Checkpoint:
          Default deny "any" where "any" is a configurable list that by default actually omits some popular types of traffic. Yuck...just...yuck. Still, most services are in the "any" list.

          Cisco (by far the largest market share):
          Pix-OS based? Default deny externa
          • You're misunderstanding me. It's not the firewall, it's the loose screw behind the keyboard that's using it. Firewalls, just like any other electronic appliance, are generally capable of doing their job AS LONG AS THEY'RE CONFIGURED PROPERLY. Of the homes and businesses with which I've been familiar enough in the past 5 years or so, I'd say 5% of homes, 10% of small businesses, and 20% of large businesses are setting their firewalls to "deny by default". And yes, I'm pulling those figures out of my anal
            • I think we're talking past each other. To me, "configured by default," means the device comes from the factory with that behavior configured. To you, it apparently means, "a rule administrators deliberately configure to handle types of traffic that aren't specifically handled by other rules."

              By default most firewalls deny all inbound traffic on an external interface and allow all outbound traffic that originated on an internal interface. Adminisitrators usually have to "break" their configurations to all
    • Some do that - it's called a whitelist. Anyone in your whitelist goes to your inbox, anyone not in your whitelist goes into the bulk/trash.
  • SPF [openspf.org] assumes all email to be spam unless proven otherwise.. seems to reduce it by the ton from what I've seen. We should have more implementation of this.
    • by Bromskloss (750445) <auxiliary,address,for,privacy&gmail,com> on Tuesday March 28, 2006 @02:54PM (#15012292)
      (-- this comment has not yet been proved to be non-spam and is therefore not visible to you --)

      psst.. because people want to communicate sometimes also.
      • (-- this comment has not yet been proved to be non-spam and is therefore not visible to you --)

        psst.. because people want to communicate sometimes also.

        ----------

        If you implement it correctly, they can.. the kicker is lazy admins who won't fix their own side of things correctly, so their traffic bounces. Read up on it.

    • hear, hear (Score:3, Informative)

      by XanC (644172)
      SPF, I think, is a great idea. And it can be implemented gradually. The receiving server doesn't have to simply drop messages without SPF; that's just one input to that decision.

      As more and more people put SPF into their DNS, the punishment for a message not having it can increase. In turn, then, more and more people put SPF into their DNS.

      Let's get the ball rolling!

      http://en.wikipedia.org/wiki/Sender_Policy_Framew o rk [wikipedia.org]

      • Unfortunately, the big phishing targets don't appear to be running SPF - eBay, PayPal, Chase Manhattan, e-Gold, etc., and unless they do, it won't have a lot of influence on spam. SPF can't stop all the possible abuses - somebody can still register names similar to the real ones (remember paypa1.com, with a digit 1 instead of lower-case L in the name?), and even give them SPF records - but at least it would be possible to block a lot of the junk. But if *they* don't adopt SPF, or DKIM, or PGP signatures,
        • One would think that PayPal / Amazon would be scrambling to implement something like this. I know if I were in their shoes, I'd be livid that these scammers are using my good name to steal from my customers. But they don't actually seem to care very much... Maybe it's like free advertising.
    • SPF doesn't assume that mail is spam by default - it's a forgery-reduction tool, and assumes that forged mail is probably spam or otherwise unwanted.
      • More specifically, it assumes that mail from specific domains comes from specific IP addresses, and gives the owners of the domain ways to communicate those addresses.
      • If mail purporting to be from a given SPF-using domain comes from the wrong IP address, you can presume that it's forged and reject it.
      • You *could* decide to reject all email from domains th
      • You are correct - I was going for the high level interpretation. The majority of spam I see coming through for our users is spoofed addressing, which the implementation of SPF has reduced significantly. The spammers that *do* have things entered correctly are kindly putting on a sign that says "Here I am!" and can be dealt with accordingly.

        Btw.. you left something out...it's Nigerian-Herbal-Viagra-Enlargement.com :-D
  • The Following links are as follows:

    Spam and internet security information http://www.acma.gov.au/ACMAINTER:STANDARD::pc=PC_2 008 [acma.gov.au] web page

    Spam Act Review: http://www.acma.gov.au/acmainterwr/telcomm/industr y_codes/codes/iia%20spam%20code%20dec%202005.pdf [acma.gov.au]

    Spam Review http://www.dcita.gov.au/ie/spam_home/spam_act_revi ew2 [dcita.gov.au] documents.

    Knock yourselves outwith it.

    Regards

    Slashdotgirl

    • What I am surprised by is that no-one has noticed section 8.1:

      "ISPs directly responsible for the allocation of IP addresses to their subscribers (eg, all of them) will use all reasonable efforts to retain information pertaining to those allocations for a minimum period of seven days."

      Can someone tell me what this has got to do with spam? Isn't this just a case of our privacy being thrown out the window but disguising it within a "spam act"?
  • I can see where the Aussies would have a pretty bad spam problem; most spam is already focused on the Down Under regions.
  • What gives? (Score:2, Funny)

    by Khammurabi (962376)
    The title of the article is "Getting on Top of Spam Down Under," and I haven't even seen one v1@grA joke yet.
  • by HUADPE (903765) on Tuesday March 28, 2006 @03:42PM (#15012666) Homepage
    Your government advocates a

    (x) technical (x) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    (x) Mailing lists and other legitimate email uses would be affected
    (x) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (x) It will stop spam for two weeks and then we'll be stuck with it
    (x) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    (x) Requires too much cooperation from spammers
    (x) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    (x) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    (x) Lack of centrally controlling authority for email
    (x) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    (x) Asshats
    (x) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    (x) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (x) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    (x) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    (x) Outlook

    and the following philosophical objections may also apply:

    (x) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    (x) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    (x) Sending email should be free
    (x) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (x) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    (x) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    ( ) Sorry dude, but I don't think it would work.
    (x) This is a stupid idea, and you're a stupid government for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!
  • "ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email"
    Of course, if you want to exceed the "reasonable limit" of 2 messages per day, you must pay $30/month.

    Also, a lot of ISP's spam filters suck. I have earthlink service and I get no less than 14 spam emails per day. that makes me quite reluctant to try their other "services" such as "scam blocker".
    • ... which is of course a deliberate misreading of what is intended.
    • Also, a lot of ISP's spam filters suck. I have earthlink service and I get no less than 14 spam emails per day. that makes me quite reluctant to try their other "services" such as "scam blocker".

      I see: Earthlink's spam blocker sucks because it doesn't catch everything. I've been using it for years, and I'd say it catches between 70 and 90% of all spam thrown at it. In all that time, I've never found a false positive. Finally, I was satisfied it was doing its job properly and told it not to save the spa

  • And will contribute further to the unreliability of email. False positives are much worse than spam, but just try to convince spamfiltering ISPs of that...
  • by SeaFox (739806) on Tuesday March 28, 2006 @05:12PM (#15013310)
    Hey, that sounds like the title of a spam message I recieved recently.
  • 1.ISPs need to filter or block port 25 by default unless someone specifically requests it unblocked. Or, failing that, detect zombified machines and block those.
    2.ISPs need to implement good email based virus scanning (email is a major attack vector for viruses & trojans including spam zombies)
    3.ISPs need to implement SPF. SPF wont stop spam but it will make it easier to detect if email claiming to be from fraud@paypal.com is really from paypal.com or if email from asdgtrqwrdasfsd@hotmail.com is really

If I want your opinion, I'll ask you to fill out the necessary form.

Working...