Getting on Top of Spam Down Under 128
The Register is reporting that Australia has implemented a new industry code for the regulation of email with respect to spam. From the article: "Under the new code, internet service providers (ISPs) will bear some of the responsibility for helping fight spam. Service providers must offer spam-filtering options to their subscribers and advise them on how to best deal with and report the nuisance mail. ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email."
Hmm (Score:2, Insightful)
Re:Hmm (Score:5, Insightful)
I'd say the kind of spam filter I'd prefer does not delete any mails, just tags them so I easily can do any filtering I want with them. But oh, I forgot. You don't have to know how to use a computer to use a computer. That is, people could never be bothered with something like that.
Re:Hmm (Score:3, Insightful)
While elitest, you fail to grasp what the grand parent was saying;
ISPs should be doing this anyway, to save on bandwidth. This has nothing to do with a user. Hell, I'm careful with my email address, and I still get spam.
It can
Re:Hmm (Score:2)
I always go for a business connection at home from my ISP...so I don't have limitations on what servers I can run...etc. While I don't send out a ton of email, I do have a good bit of traffic on my email server....for my business and others. Who is to say what a 'reasonable' email sending limit is? My traffic can get pretty high sometimes, but, I do keep an eye on it to make sure others aren't sending spam through it...
I supposed the major
Re:Hmm (Score:1)
Yes, I think I understood that. My point was that if they are going to deliver the mail anyway (as I would like them too) they aren't saving any bandwith.
Elitist.. well, whatever you say. It just happens that I think "Oh, they shouldn't be using a computer if they don't know how to fix this or that." when I hear of someone who has some problem with their computer. But I then real
Re:Hmm (Score:3, Insightful)
Then, you know where this road takes you.
Dear Mr grasshoppa, in our fight against spam, side by side with the legal forces and (somehow) following their indications, we have to tell you we're going to shut down all your towards-port-25 traffic. Sorry for the incoveniencies.
Only they won't send the letter, you'll find suddenly because your mailq is steadily growing and no mail is going off.
And among
Re:Hmm (Score:3, Interesting)
So the economic driver to quarantine Typhoid Marries is simply not there. As a result the Telcos and access ISPs will continue not to care until the rest of the industry (banks, e-commerce, e
So give them their own line. (Score:2)
Yep. It all comes down to money.
I agree on the relays.
What I don't understand is why the ISP's don't do SOME degree of spam checking and dump the offending customers onto their own email server?
Okay, I know why BellSouth doesn't do that. They send
Re:Hmm (Score:2)
Define SPAM, when coming from one computer. The same can go for a DDoS. My father sends out e-mail messages to a mailing list of well over 50 individuals. That is not SPAM, but to some filters it may look like it. Maybe you sug
Re:Hmm (Score:2, Interesting)
Re:Hmm (Score:2)
Re:Hmm (Score:2)
ISP false positives are also a hassle, you have to go back and check all the spam to make sure email you wont is not being intercepted, hence you
Re:Hmm (Score:2)
Re:Hmm (Score:1)
Some want payment for it (which I consider pennypinching), some do it for free, using different methods and policies.
It makes sense for them to do so. It cuts down on traffic, and it makes their customers happier.
Alot of ISPs are doing some port blocking to protect their customers too, often with options to opt out if you have a need.
All good things, IMHO.
ISPS do have a responsibility to protect their customers if they have to tools to do so, despite the rh
paid spam (Score:4, Interesting)
Re:paid spam (Score:1)
AOL/Goodmail is NOT "paid spam" (Score:2)
Agh (Score:4, Interesting)
Re:Agh (Score:2, Insightful)
Laws hit ISPs because Foreign Spammers ignore them (Score:3, Insightful)
Re:Laws hit ISPs because Foreign Spammers ignore t (Score:1)
As far as I can tell the laws have had quite a good effect, apparently spammers have either stopped, or have moved overseas: http://www.spamhaus.org/news.lasso?article=154 [spamhaus.org], and http://www.spamhaus.org/news.lasso?article=161 [spamhaus.org]
All we need now is a law against fax spamming so that Dell [dell.com.au] and getawaysdownunder.com.au [getawaysdownunder.com.au] stop using my equipment and resources for their own marketing campaign.
Re:Laws hit ISPs because Foreign Spammers ignore t (Score:2)
Re:Agh (Score:2)
Re:Agh (Score:1)
Re:Agh (Score:2)
The hell spammers are easy to find.
Re:Agh (Score:2, Informative)
There was a newsletter I caught recently talking about some of the successful prosecutions for spam 'downunder'. It sounds like they are making progress.
The full text of that news
Re:Agh (Score:3, Insightful)
For example, you can easily arrange for all accounts to be limited to 50 outgoing email/day unless the person has a valid credit card that gets charged a $1 set up fee, or they receive by regular mail a form, that they must sign and mail back.
The few NON-spammers that send more than 50 out going/day should be either willing to wait for their 51st email per day or pay $1. I can't see anyone except spammers being pissed off about this.
Re:Agh (Score:2)
Stopping this flow of spam the users don't even know about is best managed by the ISPs, and in their own interest too: the effort to explain to customers this stuff mig
Re:Agh (Score:2)
It would be stupid if enforcement was actually going on. The thing is, there are spammers being busted an
Hmm... (Score:2, Interesting)
Re:Hmm... (Score:1)
Now I can't see how routing ALL mail through spam-assasin so it gets tagged actually costs anything extra and above 4 or 5 people doing this. So I've come to the conclusion that DoDo sees this ruling as a great way to make money from spam, and and they have NO committment to cutting down spam going through the network.
DoDo charges a monthly fee plus data charges after a c
Re:Hmm... (Score:2)
Especially as there are ISPs here in the USofA who already do that at no additional charge.
Re:Hmm... (Score:2)
An ISP cannot be convicted for failure to comply with a code-of-practice. The worst that might happen is that said ISP would not be able to say “We comply with the Australian ISP code-of-practice regarding SPAM protection”.
The ISP may suffer financially since it doesn't have that tick-box feature, so the cost/benefit of implementing the Code could be weighed against the percieved risk of customer
Hows does it define SPAM ? (Score:3, Insightful)
Re:Hows does it define SPAM ? (Score:1)
Re:Hows does it define SPAM ? (Score:3, Informative)
Here you go [acma.gov.au] (pdf warning)
It's not legislation, but a code of practice (a sort of howto follow the legislation). from the linked pdf:
Re:Hows does it define SPAM ? (Score:3, Insightful)
Here's the legislation [comlaw.gov.au] - and a link to the rather more helpful plain english explanation of what constitutes a commercial message [dcita.gov.au]
Quoting it:
Re:Hows does it define SPAM ? (Score:1)
Because the 2003 anti-spam code was so totally effective to reduce all spam, let's have another [acma.gov.au].
Those Aussies... (Score:3, Funny)
Re:Those Aussies... (Score:1)
I had hesitated... (Score:1)
YES, WORLD, MY MIND IS IN THE GUTTER!;-)
Re:Those Aussies... (Score:1)
ISP (Score:1)
Re:ISP (Score:2)
No, because quite a few services plain and simple do not accept free email accounts for registration or other things.
Sending or receiving? (Score:1, Flamebait)
So far, so good.
So you host web sites and mail servers?
And?
Well, since it APPEARS that you are running email servers, you would not be doing that. You would be installing SpamAssassin and you would be offering your services to your customers to configure it, or you would provide a mechanism so they could configur
Re:ISP (Score:2, Interesting)
Right now I get approxamtely 10-15 spam messages a day. That is without any sort of blocking and is on the high end of what I generally get.
Surprisingly the majority of spam actually goes away if you unsubscribe from it at the bottom. I used to get 1500-2000 spam messages a week until I started unsubscribing.
I am currently trying out h [bluesecurity.com]
Re:ISP (Score:2)
Suprisingly it didn't do that for me. The best method I know of is to forward all my mailboxes into gmail and let that filter do its work.
Unimpressed. (Score:5, Informative)
Anyway, back on topic, here's [theage.com.au] an article from a local paper - it contains a link to the actual code of practice [acma.gov.au] (pdf warning)
Re:Unimpressed. (Score:2)
Re:Unimpressed. (Score:2)
I describe a continent-nation as a continent and a nation - and thats random?
I hearby apoligize for failing to realise that other nations are themselves not continent-nations and failing to modify my post to reflect sensitivities of non-australian readers. (yeesh)
Re:Unimpressed. (Score:2)
I just wondered if there was a reason for using the two words or if it was just random (ie. you could have used them in the other order with no change to your intended meaning).
Re:Unimpressed. (Score:1)
The domain name does not resolve and ASIC lists the company as deregistered.
Extracted from ASIC's database at AEST 11:06:40 on 29/03/2006
Name NET HARBOUR PTY LIMITED
ACN 106 807 201
ABN 20 106 807 201
Type Australian Proprietary Company, Limited By Shares
Registration Date 24/10/2003
Next Review Date 24/10/2006
Status Deregistered Date Deregistered  08/01/2006
Locality of Registered Office not available
Jurisdiction
Should be running already (Score:3, Interesting)
Better yet, profile your customer's habits. (Score:2)
But when they suddenly start sending 100 emails a second, to 100 different address, it's time to shut them down and email/call them to see if they meant to do that.
Scanning outbound email can be a problem. I send virus tests to servers and I would not like an ISP stopping that.
The same with scanning for "spam" because I also send spam examples to lists and other people.
For me, t
Re:Better yet, profile your customer's habits. (Score:1)
Ah, that's what we call it now
Having never ran an ISP I can't comment too tightly on this, but in broader terms, filtering spam for my company is a bitch. The problem is, of course, that automated programs (such as spamassassin, which I use personally), just don't cut it on a grander scale. I have seen 11 year old kids with hotmail address' that are more random than the 90% of the spam addresses that we get [by default, I recomm
Re:Better yet, profile your customer's habits. (Score:2)
GOOD MOVE.
Filtering where I work is easy. (Score:2)
Exim4 runs greylisting, checks open relay lists, etc. If everything passes there, it hands off to Guinevere which runs anti-virus then SpamAssassin (with Bayes) to flag anything suspicious.
Prior to that, 8 out of 10 messages would be spam.
Now, less than 1 out of 10 messages is spam.
I prefer Exim4 because I can put my phone
Re:Should be running already (Score:2)
ISPs _can't_ afford to run filters generally. If you want to run SA or other content filters, you should be doing those at the end user nodes, and not at the central hubs. Content filters work after the fact of accepting the email, at which point the only reasonable responses are to discard the spam silently, or generate a bounce.
I was under the impression... (Score:1, Interesting)
On the other hand these stats are interesting:
http://www.ciphertrust.com/resources/statistics/ [ciphertrust.com]
They tell me a few things.
1. Don't use citibank.
2. We're not doing as well as it seems to me
Don't use Citibank? (Score:2)
I think the real lesson is not to be an idiot about emails from "the bank".
Re:I was under the impression... (Score:2)
I'd have to say you've been under a false impression. I run a very small mail server at home for family and friends, and it blocks thousands of spams every week. With my own mailbox, an average of about four spams a day make it through all my filters without getting blocked - certainly better than it used to be, but that's bec
Re:I was under the impression... (Score:1)
It's appreciated, but... (Score:5, Insightful)
It's another token effort.
internet service providers (ISPs) will bear some of the responsibility for helping fight spam.
Some is not all, which means that any percentage they block meets the requirement. If they delete one, and pass 1000 - that fits the definition of some.
ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email.
Do any spammers use their own account for outbound spam?
Re:It's appreciated, but... (Score:2)
Do any spammers use their own account for outbound spam?"
No, but how many people unwittingly have a zombie machine in their home? If their zombie status affects their ability to send the email they intend to send, you can bet they'll take action to correct the problem.
Re:It's appreciated, but... (Score:1)
Re:It's appreciated, but... (Score:2)
Some is not all, which means that any percentage they block meets the requirement. If they delete one, and pass 1000 - that fits the definition of some.
Lawyers may be evil, but they're not idiots. If there's a law that says the have to offer spam filtering, you can bet that that means it actually has to be somewhat effective. The means to filter out 99% of spam is available, and relatively cheap. Any sane judge when given a spam filtering scheme that removes only 1 out of 1000 spam mails is going to say
easy solution (Score:1)
These are all related issues with one simple solution - implement a "deny by default" rule. Deny all communications except what is permitted. Given the option, I'd have all phone calls from number other than
Re:easy solution (Score:1)
Re:easy solution (Score:1)
As far as the Day 1 deluge, you can always grab the logs for the last day/week/whatever and use that for your initial filter (with some eyeballing for pr0n a
Hi! I'm a firewall! (Score:2)
By default I block all inbound IP connections, "except what's spefically permitted."
Re:Hi! I'm a firewall! (Score:1)
I'm not talking about ports, but about source/destination of traffic. Of course, everybody's going to restrict to 80, 443, etc. But then you let in
Re:Hi! I'm a firewall! (Score:2)
Checkpoint:
Default deny "any" where "any" is a configurable list that by default actually omits some popular types of traffic. Yuck...just...yuck. Still, most services are in the "any" list.
Cisco (by far the largest market share):
Pix-OS based? Default deny externa
Re:Hi! I'm a firewall! (Score:1)
Re:Hi! I'm a firewall! (Score:2)
By default most firewalls deny all inbound traffic on an external interface and allow all outbound traffic that originated on an internal interface. Adminisitrators usually have to "break" their configurations to all
Re:Hi! I'm a firewall! (Score:2)
Er, default "deny all" rules do block by IP, not by port. The only times the firewall would look at the transport or higher layers are:
1) When there are existing entrie in its session table for internally initiated sessions that would expect return traffic. For that it would match transport layer ports and src/dst IP addrs to table entries.
2) There are exception rules superceding the default behavior. Then each packet must
Re:easy solution (Score:2)
Why not implement SPF? (Score:2)
Re:Why not implement SPF? (Score:4, Funny)
psst.. because people want to communicate sometimes also.
Re:Why not implement SPF? (Score:2)
psst.. because people want to communicate sometimes also.
----------
If you implement it correctly, they can.. the kicker is lazy admins who won't fix their own side of things correctly, so their traffic bounces. Read up on it.
Re:Why not implement SPF? (Score:1)
Ok, I will. Oups, gotta go. Incoming SPF! Gah, I'm no spam I'm tellin ya! Get off me!!!
hear, hear (Score:3, Informative)
As more and more people put SPF into their DNS, the punishment for a message not having it can increase. In turn, then, more and more people put SPF into their DNS.
Let's get the ball rolling!
http://en.wikipedia.org/wiki/Sender_Policy_Framew o rk [wikipedia.org]
The big Phishing targets aren't using SPF :-( (Score:2)
Re:The big Phishing targets aren't using SPF :-( (Score:2)
You've misunderstood SPF (Score:2)
Re:You've misunderstood SPF (Score:2)
Btw.. you left something out...it's Nigerian-Herbal-Viagra-Enlargement.com
Documents and Articles (Score:1)
The Following links are as follows:
Spam and internet security information http://www.acma.gov.au/ACMAINTER:STANDARD::pc=PC_2 008 [acma.gov.au] web page
Spam Act Review: http://www.acma.gov.au/acmainterwr/telcomm/industr y_codes/codes/iia%20spam%20code%20dec%202005.pdf [acma.gov.au]
Spam Review http://www.dcita.gov.au/ie/spam_home/spam_act_revi ew2 [dcita.gov.au] documents.
Knock yourselves outwith it.
Regards
Slashdotgirl
Privacy implications (Score:1)
"ISPs directly responsible for the allocation of IP addresses to their subscribers (eg, all of them) will use all reasonable efforts to retain information pertaining to those allocations for a minimum period of seven days."
Can someone tell me what this has got to do with spam? Isn't this just a case of our privacy being thrown out the window but disguising it within a "spam act"?
Spam regions (Score:1)
What gives? (Score:2, Funny)
It had to be done. (Score:5, Funny)
(x) technical (x) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid government for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Bad law (Score:1)
Of course, if you want to exceed the "reasonable limit" of 2 messages per day, you must pay $30/month.
Also, a lot of ISP's spam filters suck. I have earthlink service and I get no less than 14 spam emails per day. that makes me quite reluctant to try their other "services" such as "scam blocker".
Re:Bad law (Score:1)
Re:Bad law (Score:2)
I see: Earthlink's spam blocker sucks because it doesn't catch everything. I've been using it for years, and I'd say it catches between 70 and 90% of all spam thrown at it. In all that time, I've never found a false positive. Finally, I was satisfied it was doing its job properly and told it not to save the spa
Really bad idea... (Score:2)
"Getting on Top of Spam Down Under" (Score:3, Funny)
How to reduce SPAM in 4 steps (Score:2)
2.ISPs need to implement good email based virus scanning (email is a major attack vector for viruses & trojans including spam zombies)
3.ISPs need to implement SPF. SPF wont stop spam but it will make it easier to detect if email claiming to be from fraud@paypal.com is really from paypal.com or if email from asdgtrqwrdasfsd@hotmail.com is really
Re:How to reduce SPAM in 4 steps (Score:2)
Re:getting on top of the comments page (Score:2)
How about a first post spam filters? May be we don't require law to make slashdot do this...or do we?
Re:getting on top of the comments page (Score:3, Funny)
"No post shall be made until another post has been made first."
I predict the end of all Slashdot troll posts!
Re:getting on top of the comments page (Score:2)
Oh shit, did I just do that?