Comments on: Spam increasing again after shutdown of hosting company

Two weeks after hosting provider McColo was shut down, the volume of spam is increasing again as stranded botnets get connected to new domains.

[dargon19888]

While its easier to get a US based ISP shut down, you can always black hole an entire country like Estonia.

[jlsdev]

Very much agreed yet, in reading a dozen or so related articles on this subject, I have yet to find any of the so-called 'journalists' supposedly 'reporting' on this subject who have done any research to uncover and reveal the ISPs, and their associated IP ranges, who are RESPONSIBLE for this 'revival' such that we can easily block them. As opposed to the ill-conceived, farcical notion that charging a penny per email would magically stop spammers that continues to resurface and reflects only a complete lack of understanding of how the Internet works, providing the Internet community with the information needed to completely block the ISPs who, either negligently or knowingly, support these operations would quickly get their attention and, once again, 'pull-the-plug' on these resurfacing botnets - No hosts => No net.

[Rustedbird]

Not entirely farcical suggestion considering we are already paying something per email in that the ISP's overhead in maintaining an email service including cost of capital, maintenance. Why not make it up front?

[jlsdev]

The 'farcical' I mentioned was in relation to the supposition that it would have any measurable effect on spam. As with anything else, criminals will find ways around these charges such that the only ones paying them would end up being the legitimate mailers and the spam would continue unabated. This has a great deal to do with the open nature of the fundamentals under which the Internet protocols overall, and SMTP in particular, were developed and which, without a massive, entire rewrite from the bottom up, with the associated cost and disruption, of which, we now have to live with. For example, there are 65,535 ports that can be used for various protocols on any Internet connected device and, along with those, a list of 'assigned port numbers' maintained by IANA, however, there is nothing whatsoever that restricts any protocol to its 'assigned' port. So, while the vast majority of SMTP servers operated by ISPs [which is where these per-email fees would supposedly be tallied] follow the 'rules' and 'listen' for incoming traffic on port 25, there is nothing whatsoever in place to prevent anyone from setting up an SMTP server to listen on any one [or more] of the remaining available ports for incoming mail and many of the trojan-infected computers that make up botnets already do this or communicate their SMTP traffic to some other renegade SMTP server, somewhere, that they have been programmed to know the IP address and 'non-standard' port of, that is doing so thus bypassing completely any per-email fees that would be charged it indeed they were. The obvious result of this is that only those legitimate emailers using legitimate SMTP servers would be subject to the fee, the ISPs would collect and pocket the money and the spammers would continue to have a 'field-day' for free. The only way around this would be to implement more-or-less 'deep packet inspection' on a worldwide basis [meaning every single ISP on the planet would have to agree, buy into and implement it] to detect and deal with, by whatever means, specific IP traffic types on a per-type basis on any port. The sad reality of this, as evidenced by the over 2000 Internet 'specifications' known as RFCs that already exist and can be and are ignored at will, is that there is virtually nothing in place to get everyone to agree to and follow much of anything, there is absolutely nothing in the way of enforcing it even if we could get everyone to agree and, lacking that, there's simply no way to make it happen that the spammers cannot easily devise and implement - in a very short time - a 'work-around' for.

[pauljweighell]

frightening. i wish we had all charged 1c per email when the smtp system was set up - i know spammers would have used stolen card details but that would at least have been one more handle to track and erase them. for spam we must blame free email and suffer ....

[humanssssss]

You are dumb. Why should a person sending out an email be charged $0.01? There's a logical fallacy here because the person sending out the email is paying to send the email based on the amount of bandwidth he paid for.

A better solution to the problem is that people only read emails that they deem worthy to them. Meaning, if the amount pay to read the email is not higher than a certain amount, you won't read it.

I personally don't read email from anybody when I don't like them. This includes the government.

Why do people insist on reading emails that hurt them? People shouldn't be dumb. If emails that make you mad, you don't read it. If you already read it, don't read it again. People aren't dumb. They know what is good for them and not good for them. There are some people who are very dumb, they just read every email.

[mcugaedu]

That's exactly right. E-mail is not "free," the costs are just imposed on the wrong people. The reason there is spam is that the cost of transmitting e-mail is not imposed on the sender. Instead, the cost of e-mail is incurred mostly at the receiving end.

I think best approach to spammers would be more good old-fashioned law enforcement. Almost all of them are obviously violating existing laws against fraud, misrepresentation, illegal drug sales, etc., and if they're selling anything, it should be easy to make a purchase and follow the money trail.

[mcugaedu]

...What I mean is that "pauljweighell" is exactly right. The accompanying comments from "humanssssss" do not make sense. How are people supposed to know what is in e-mail without reading it? And does "humanssssss" even know that it costs money to deliver e-mail -- costs that are incurred before the recipient reads it?

[Rustedbird]

I was a network operator, not systems. But I only sat ten feet from that group. Just not reading spam doesn't work. Not if as a part of work that one is required to go through at least the subjects to weed em' out. It also puts an incredible load on the mail servers.

Maybe a penny an email might work, but if someone didn't secure their PC so it gets hijacked by a bot, that could be painful. Yeah, some places do black hole an entire country. Ar one time, we cut off the entire UK.

The best bet is to report the spam you get, practice commonsense stuff by never replying to it, to understand what is phish, and just be aware of scam. Also use an email client that can show the message as text and disable the HTML completely.

Don't open any attachments. Again, Do Not Open Attachments.

Sam Spade is an excellent tool for playing around with suspect emails.