Email Servers Will Choke, Says Spamhaus 576
Rub3X writes, "The legal battle between antispam organization Spamhaus and e360 Insight is heating up. Spamhaus has a user base of around 650 million, and its lists block some fifty billion spam emails per day, according to the project's CEO Steve Linford. Spamhaus CIO Richard Cox says the immediate issue is that if the domain is suspended, the torrent of bulk mail hitting the world's mail servers would cause many of them to fail. More than 90% of of all email is now spam, Cox says, and he doubts that servers worldwide would be able to handle a ten-fold increase in traffic." Others estimate Spamhaus's blocking efficacy as closer to 75%; by this metric spam would increase four-fold, not ten-fold, if Spamhaus went unavailable. The article paraphrases CIO Cox as saying that the service will continue "even if there is a short-term degradation."
I say let the spam come (Score:5, Interesting)
It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.
I still think they 3360 guys just look and smell like spammers. That spamhaus aggrees just adds to this conclusion. Here's what seems to amount to the spam histroy of the "plantiff". [spamhaus.org]
Someone please tell me they have an alternative (Score:4, Interesting)
Two lists needed (Score:5, Interesting)
what else can you do? (Score:2, Interesting)
I have a client who complains daily about the amount of spam she recieves (4-6 a day) and takes probably half an hour a day forwarding each of them to me along with rants about them. I have tried to explain that if she would parlay that half hour into about 5 seconds of clicking the delete button she would save herself alot of grief. She just wants it all eradicated, and frankly I dont think its really possible with an open email address. She will download things like weatherbug and signup for webshots or any other "free" service without regard to what "free" means when it comes to the web. I have tried explaining that you simply cant stop all of it and that level of spam control I have been able to maintain in far superior than most, but she insists I just dont know what im doing. The latest problem has been with image spams regarding penny stocks. The source shows basically nothing filterable, anyone ever find a way to deal with those?
I am now evaluating a Deep Six spam box to see if that helps but with what little is trickling through now I dont see alot of improvements, im already catching hundreds a day without it.
Re:I work for a company... (Score:4, Interesting)
I can back up the AC's statement. I work for an IT multinational and our e-mail servers run close to the edge. If we were to see a significant increase in e-mail levels, be it x4 or x10, or even x2, our e-mail system would grind to a halt. We, along with every organisation have become totally dependant on e-mail. For example, one of our customers requires that financial information it sent to the Bank of England by close of play every day. It is sent using (encrypted) e-mail. A delay of a few hours would give us major headaches. And yes, we could use alternative methods but it would take some time to put these in place.
If the preditions came true it would be bad for us.
Re:I say let the spam come (Score:5, Interesting)
Re:I say let the spam come (Score:2, Interesting)
(Sorry, as a Californian, I couldn't resist)
Re:I work for a company... (Score:1, Interesting)
if the amount of email traffic more than doubled for a day or 2 we would end up with weeks worth of backlogs as smaller isp's clog up (and even the bigger ones), then you would start losing email which is not acceptable to any business. most companies cannot upgrade their infrastructure fast enough to cope with this kind of thing.
these days email is expected to be instantaneous like a phone call, but if you were constantly being phoned by telemarketers when you were waiting for an important customers call someone would kick off, but for email it seems to be acceptable.
Re:Spamhaus is correct (Score:3, Interesting)
Why? There will be more IPs, but if everyone has a permanent IP it will be easier to block offenders and infected machines.
Buggy post (Score:5, Interesting)
GP was missing the link above.
Spamhaus have their problems (Score:5, Interesting)
I work for an ISP providing dedicated server hosting & colocation. Recently a couple of our customers contacted us saying that they had appeared on the Spamhaus blacklist, and were consequently having trouble sending e-mails. They claimed that they had not involved in any spamming activities, and that this listing was therefore incorrect. We found out that Spamhaus had blacklisted a range of our IP addresses (specifically a
While it was indeed true that we were hosting a server for this person, Spamhaus had a) blocked an address range larger than the IP addresses involved with this spammer, and b) would not offer any proof that the spammer had been using the server we host for him to involve in any spamming activities. When we contacted them, they refused to unblock this range unless we suspended the account of this spammer (again without providing any proof of activities conducted from our network that would breach our TOS), even though they acknowledged that the range they were blocking involved innocent customers. For us to suspend him at the request of Spamhaus would have been US breaking our contract with him, as there was no indication that he had violated our AUP (which DOES prohibit involvement with spam).
When we refused to break our contract with our customer at the request of a third party (perfectly acceptable position imho!), Spamhaus said that if they blocked any of our customers in future, they would blacklist our entire network (which is a considerable amount of addresses). This is unacceptable in my view, they are essentially trying to hold us to ransom without providing any proof of activities. When talking with some other ISPs, we heard of similar stories. In one case, the ISP concerned suspended the spammer's account and contacted Spamhaus to have their blacklist removed, and were told that "due to under-staffing, Spamhaus would not be able to remove the blacklist entry for a couple of days. however, if they would like to make a donation to spamhaus, they would remove the entry much sooner".
To reiterate my earlier point, Spamhaus does provide a valuable service, there's not much doubt of this. But they way in which they are organised leaves a lot to be desired!
Re:Spamhaus have their problems (Score:1, Interesting)
Could you offer proof of this, or a reference contact who would happen to have the communication still lying around? Just curious.
How can having IPv6 make it worse? (Score:3, Interesting)
No one will be hiding behind NAT's or using dynamic IP's with IPv6. These two abuses of IPv4 addressing are the main reason why it is so difficult these days to track down and control sources of network abuse, including spam. This will make it easier to make computers and people responsible for them accountable for their actions, which means spammers and people who insist on running insecure operating systems can no longer hide or deny responsibility so easily as they can now.
Re:Interesting legal argument. (Score:4, Interesting)
The next interesting legal argument here is, that the judge seems not to be a judge, but a referee. His job is not to descide what's right and what's wrong, but to make sure the rules of the game are observed. They can't even descide that the case does not belong before them.
The last interesting legal argument is, that if the one who's sued doesn't appear, the one who sues gets all they want. Hell, they should have asked for a billion or two along with eevryone working for spamhaus and their children, relatives and frieds as slaves (for the next 7 generations). By the logic of the US legal system, they might just have won that as well.
Would I have appeared bofore them? And let the spammer force me and my non-profit organization to accept to be financially crippled by the spammer's for-profit ressources? No, I'd have shown them the finger as well (living in Europe and feeling there's a lot of nice areas for vacation that are on this side of the pool, so I don't really need to visit the US).
Re:The solution is not SpamHouse, it's SPF ! (Score:1, Interesting)
SMTP has serious technical problems, it wasn't designed to be deployed on a hostile network.
> Not to mention the legal uncertainty surrounding the version hijacked by Microsoft.
???
There is no legal uncertainty. Microsoft SenderID has nothing to do with SPF other than checking SPF records created for a SMTP transaction against a message body. Sender ID has zero technical merit, it was a Microsoft attempt to muddy the waters, and the IETF was complicit.
Re:I work for a company... (Score:1, Interesting)
To worries over Spamhaus outages, from what I heard, they maintain a regularly updated list that people retrieve from them. Power outages wouldn't be a problem, shutting down however would make the list gradually less relevant. In practice it would have to be dropped fairly quickly though, for the sake of those who have plugged security holes but can't be removed.
Re:I say let the spam come (Score:5, Interesting)
Most users probably don't remember the rate of spam before filtering was common for a number of reasons:
Most of us who were using the internet before spam filtering became so common have not seen what today's volume of spam would look like unfiltered. Assuming spam per person has tripled, anyone who was getting 20 spam per day pre-filtering would be looking at 60 spam per day now.
It would be a much deserved wake up call if spam filter companies were to shut down operations for a few days. It's obvious that the bodies overseeing this case think of Spamhaus as little more than a novelty. I think Spamhaus needs to send a crystal clear message, and perhaps the most effective way to do that would be to show the world how green the other side of the fence really is.
Re:I say let the spam come (Score:1, Interesting)
That's why, even if it's slightly more inefficient, it's a good idea to have these things under the control of the UN, or at least significantly decentralised.
Re:Spamhaus have their problems (Score:3, Interesting)
When we contacted them, they refused to unblock this range unless we suspended the account of this spammer (again without providing any proof of activities conducted from our network that would breach our TOS), even though they acknowledged that the range they were blocking involved innocent customers. For us to suspend him at the request of Spamhaus would have been US breaking our contract with him, as there was no indication that he had violated our AUP (which DOES prohibit involvement with spam).
Again, you don't get onto ROKSO for no reason. spamhous documents their ROKSO entries quite well usually, so 'involvement in spam' is quite likely here, and you can quite review why a certain person ended up on that list.
And yes, I have worked for an ISP in the same position as you are in. The choice we had was between:
Both financial and moral obligations made the first option the best by far, and getting of the list was quite easy after this.
Re:I say let the spam come (Score:2, Interesting)
Re:I say let the spam come (Score:5, Interesting)
It's easy to explain why they don't do this. They know that only clueless email admins rely only on an RBL for Spam control. Only the "Spamhaus faithful" would get clobbered with the extra Spam and they would have to switch to a different method or lose their jobs. This would be a sure way to kill off your customer base by proving empiracally why a single point of failure in Spam detection is a bad idea.
I've seen as much bad behavior from the RBL maintainers as I have from the spammers, so I only use an RBL as a final check to hold email that is on an RBL but otherwise passes through the filter. The (very few) held emails are almost always legitimate. The only reason I even bother to hold them is to keep an eye on what's going on and kill the final few Spam emails. The system I use for my employer has an almost perfect rate of rejection. Most of our users get fewer than 10 Spam messages a year! I get a lot of questions from co-workers about how to deal with Spam in their personal accounts because we do such a great job of dealing with it in their work accounts.
I know the Spamhous fanboys will take offense at this post. My only comment is that you are free to use an RBL as your only Spam control if you wish, just as I am free to use what I consider to be better methods. Good luck to you if Spamhous ever goes dark for any reason -- you're gonna need it.
Comment removed (Score:5, Interesting)
Evil bit set for me... (Score:1, Interesting)
Re:Trying to block spam is like... (Score:4, Interesting)
For some reason, most people do not consider that as a realistic possibility. Personally, I think it should be illegal to be stupid, in a lot more situations than it is today.
This isn't exactly revolutionary. People are already being put into jail, for buying stolen goods, if the police can demonstrate that "they should have known it was stolen". And if you drive over some schoolkids while fondling with your car-radio, you are still guilty of murder. And if you are a surgeon and kills a patient through malpractice, you are also in deep trouble.
The society needs more legislation against stupidity, not less. It's too easy to excuse away all the damage you have done, by putting up the "I'm stupid" excuse. So, yes, let it be punishable for up to n years in jail, to through stupid or uninformed actions, create life more profitable for spammers.
Re:I say let the spam come (Score:3, Interesting)
On the subject of what would happen if Spamhaus' domain gets taken down, I use Spamhaus as one of several RTBLs. If they go down, I may see a slight increase in spam. I'll see if I can plug their IP in so I don't even see that. I'm sure a number of companies could see a massive increase but I'm sure it will only be a blip on the radar as they will likely find another way to get Spamhaus or another service within a few days.
Re:I say let the spam come (Score:5, Interesting)
Here is the result:
Spamhaus gives only further sub-5% improvement on top of greylisting with a positive feedback loop at delivery/user report level. With relay level content filtering feeding into the feedback loop that will be down to under 3%. Greylisting on its own does 90%+.
The CPU cost of greylisting is not that much higher compared to DNS blacklists (and on a large site you can dynamically gate greylists into a local DNS greylist zone for distribution). In fact it is less if you form temporary firewall reject lists from your greylisting database.
So the answer is: technically Spamhaus is full of shit and the floodgates will not open. On most well managed sites it will be just another day. A bit more SPAM, but not a lot. At most it will make admins tune feedback loops into grey/black lists a bit better.
Move along people, nothing to see here. Spamhaus should stop dragging the rest of the internet into the stupid internet governance battle which is not for them to fight in the first place. I already commented on their position on this issue in past Slashdot posts on it.
Spamhaus should stop talking BS and move their operations to the same domain as their legal country of residence.
Re:Someone please tell me they have an alternative (Score:3, Interesting)
Actually, at least in my home country (Sweden), they already are: for example if a burglar gets access to wepons that should have been stored in a more secure way (usually a specific locked cabinet) they can be found guilty for this. I belive that is a reasonable law.
However, I didn't say that I want to punish clueless computer users. I just want fewer hacked systems on the Internet becuase I belive that is the only way we eventually can get rid of spam.
The blame rests with the spammers, period.
And the blame for murder lies with murderes. But that does not mean that we shouldn't take steps to prevent neither murder, nor spamming.
Re:Spamhaus have their problems (Score:3, Interesting)
I work for a legitimate, non-spamming multinational company with presence in the US, UK, Canada, South America, Asia, etc etc). From my experience, Spamhaus definitely works like a self-righteous vigilante organization. My company's mail servers were blacklisted several times earlier this year simply because employees' out-of-office autoreply rules were autoreplying to spam messages (the few that get through our filters). I assume our servers were blacklisted either because messages hit a spamtrap or some clueless person complained about getting junk mail from my company.
They told us we should stop people from using auto-reply rules. Right. For 35,000 people where client communication is paramount. Brilliant vigilante thinking.
The end result was months of legal wrangling. Threats of a lawsuit finally brought them into line.
Re:I say let the spam come (Score:4, Interesting)
Most of us who were using the internet before spam filtering became so common have not seen what today's volume of spam would look like unfiltered.
So much of it happens server side the end users would have no idea as to the amount. My home mail server which handles a handful of users gives me these stats. and this is just for the 8.5 hours of "Today":So that's just over 800 pieces of crap for today (so far) Those are server-side filters, not client side.
Re:I say let the spam come (Score:3, Interesting)
Maia Mailguard [maiamailguard.com]. With a well tuned SpamAssassin core, SARE rules, RBL Lists (of which Spamhaus is just one), DCC, Razor... and currently we're working with the SpamAssassin folks to get OCR working on image spam. It's an unusual day when spam gets through to me.
Disclaimer: I'm a Maia Mailguard developer.
Re:I say let the spam come (Score:2, Interesting)
And now here I am, on a 18Mb/1mb so called broadband (well I suppose to US people it is) link, hosting my two domains, my MX, my webservers, a few services. And the spam to signal ratio is just ridiculous. I don't use any RBLs because I've been bitten by them more times than I can care to tell but I must get about about 1200 spams a day (for non obvious domains, my previous "sexy" address got twice that daily).
Spam isn't enough of a bandwidth hog to be a problem outside of email (as of now it doesn't use much absolute bandwidth, i.e. I can still play online games without trouble). However it uses most "email" bandwidth. Granted I don't get that much "real" email. Little enough that spam is probably 90% of what I get (if not more, I haven't gotten around to computing stats). However, It's gotten bad enough that I've got enough misses on both sides (ham and spam) that I can truthfully tell my correspondents that I have missed their mails because they have been missfiled *or* because they have been lost in the noise. And that sucks.
It doesn't mean Spam has become more effective, it means email has become *less effective* and that sucks.
It means spammers are now testing their messages against all of the common filters.
Re:I say let the spam come (Score:3, Interesting)
As much as I'd like to suggest tar and feathers as a fitting punishment for e360, I believe that is generally frowned on these days, so I doubt it would work. However, I doubt that a class action would really amount to much more than some attorney chest thumping of motion, counter motion. Perhaps a different tact is needed?
Maybe we could take a lesson from the spammer. They cause lots of small problems that add up to a huge drain, and maybe they get really lucky, and make a score. Adopt the same strategy. Consider a coordinated, but arguable separate, set of law suits in multiple jurisdictions against e360insight for the damage they cause. No class actions, as that would give one single point to defend. For this to have the desired effect, it must drain the resources in many small pieces. Imagine if, say for example, on March 16, 2007, there were 50,000 independent suits filed across the country by the victims of the e360 spam. Each one could be for a small amount of damages. The important point is make them all independent, and resist a class designation. Imagine the burden of defending these. Imagine the default judgements if any got lost in the shuffle. Imagine the statement that would make to those who abuse not only the email systems, but our courts as well...
60K spam (Score:3, Interesting)
Google has reported 60K spam over the last 30 days, and about 10 messages in hour still get through to my inbox.
Worse is these asscactuses start sending mail that looks like it was from my domain, so I get all the bounces, and look like an asshole myself.
That one Russian spammer who was savagely murdered... it's hard to drum up sufficient sympathy for that.
If all the world is bending over backwards to find new ways of plugging their ears, stop yelling.
Re:I say let the spam come (Score:3, Interesting)
You assume that your customers won't leave en masse because "my sister just sent an email and it didn't get here 30 seconds later". When you tell them that cannot be changed, they will leave and go to someone who accepts and delivers email instantly. It doesn't matter that it is in their best interests, they will still leave. We can't do greylisting for that exact reason.
Here's what kind of stats SpamHaus does for us:
Blocked from SpamHaus (hijacked cable/dsl modem): 160039
Blocked from SpamCop RBL: 7869
Blocked from internal RBL: 1145
So before even seeing content, we blocked 169053 connection attempts, and there could have been multiple emails on each connection. After all that being blocked, we still accepted 55K emails:
Inbound per day totals: 55373
Detected and rejected as spam 37677
Detected and rejected as virus 254
and there was STILL 38K emails detected and blocked as spam. And in the real world, some of that 17442 emails (55373 - 37677 - 254) was spam too. If we open the floodgates and previously blocked email starts getting delivered, likely it would be about 100K emails that get past the spam filters, of which all additional email is guaranteed to be spam, so 80%+ of that delivered email would be spam.
Now, multiply those numbers times 4 and that is the load we would have to deal with, and we are a small operator compared to a lot of ISPs. In addition, we would likely have to get one or two additional machines to handle the increased spam scanning load. It does nothing but COST US MONEY to shut down SpamHaus service.
Before anybody points out the obvious, our SMTP Auth users are exempted from the RBLs if authentication succeeds.
One thing that I've not seen anybody mention though is how simple it is to make your nameservers forward spamhaus.org requests to their nameservers. Problem solved.
Good To See... (Score:3, Interesting)
Spammers (Score:3, Interesting)
I agree that spam email is about 90% of traffic. In my case the ratio is probably even higher. I get a lot of spam. Most of it gets filtered out by spamcop.
If RBLs suddenly became unavailable, the only - and I do mean only - option for me would be to reject any email that doesn't come with correct sender verification of some sort, say, SPF. Then, once spammers start using those systems too I'd have to start whitelisting senders.
I really can't believe that the US is putting up with that. I think only judges who have no email account could even agree to hear such a case.
Re:MOD PARENT INSIGHTFUL!!! (Score:3, Interesting)
This is precisely what happens when you elect judges.
IN this case, the action was taken by a federal judge, who are appointed, not elected, but many state judges have to run for office.
In Ohio, they've found a state judge who finds infavor of campaign contributors 90% of the time, and one decision by the state Supreme Court that was split 4-3, exactly along the lines of donation by the two parties in the lawsuit. (one side contributed to the four, the other to the three)
Justice isn't only not blind in Ohio, hell, it's for rent.
Take down the internet! (Score:3, Interesting)
Unfortunately, too much of the IT economy is closely tied to fighting spam, and they can't afford to let that happen.