February 2, 2005 11:25 AM PST

Zombie trick expected to send spam sky-high

Spam levels are about to skyrocket, according to experts who warned this week that spammers have developed a new way of delivering their wares.

According to the Spamhaus Project--a U.K.-based antispam compiler of blacklists that block 8 billion messages a day--a new piece of malicious software has been created that takes over a PC. This "zombie" computer is then used to send spam via the mail server of that PC's Internet service provider. This means the junk mail appears to come from the ISP, making it very hard for an antispam blacklist to block it.

Previously, zombie PCs have been used as mail servers themselves, sending spam e-mails directly to recipients.

"The Trojan is able to order proxies to send spam upstream to the ISP," said Steve Linford, director of Spamhaus.

Linford believes that this Trojan horse was created by the same people who write spamming software.

ISPs in the United States may have already been hit. "We've seen a surge in spam coming from major ISPs. Now all of the ISPs are having large amounts of spam going out from their mail servers," Linford said.

This will cause serious problems for the e-mail infrastructure, as it is impractical to block mail with domain names from large ISPs. Linford predicts that ISPs will see a growth in the volume of bulk mail they send and receive over the next two months, with spam levels rising from 75 percent of all e-mail to around 95 percent within a year.

"The e-mail infrastructure is beginning to fail," Linford warned. "You'll see huge delays in e-mail and servers collapsing. It's the beginning of the e-mail meltdown."

Linford said that ISPs need to act fast to take control of the problem. "They've got to throttle the number of e-mails coming from ADSL accounts. They are going to have to act quickly to clean incoming viruses. ISPs have so much spam--they are too understaffed to call people up and tell them they have Trojans on their machines. And no one would know what you're talking about."

Antispam company MessageLabs confirmed Linford's findings.

"This ups the ante in the need for filters," said Mark Sunner, chief technology officer for MessageLabs. "It makes it more difficult for people who compile blacklists, which is why spammers are doing this. It will put more pressure on ISPs to take greater interest in the traffic they carry and filter at source."

The Information Commissioner's Office, the United Kingdom's point-of-call to report spam, said it had received no complaints of bulk spam from ISPs.

Some U.S.-based ISPs contacted by News.com said an e-mail meltdown has yet to arrive. But technicians at some of the largest Internet providers have acknowledged the issue and similar exploits in the past. Many, but not all, U.S. ISPs have blocked open relay ports, such as port 25, to shut out spammers from disseminating messages from home-operated servers. The block has helped some broadband ISPs limit the output of zombie spam, and some have noticed the new form of malware taking shape.

Time Warner Cable, the nation's second largest cable company, said it had become aware of this spam "vector," as it calls it, and has mechanisms to control it, according to company spokesman Keith Cocozza. He noted that the company's ISP, called Road Runner, has outgoing e-mail limits in place, but declined to elaborate on how the company monitors and responds to this malware issue.

Earthlink, which runs a dial-up and broadband service, said it noticed a gradual increase in spam volume coming from its legitimate mail servers since the beginning of 2004. The company claims it has implemented safeguards, such as authenticated SMTP servers and re-routing of legitimate e-mail, to cut down the flow.

"Overall we've been able to greatly reduce the amount of spam from our network by routing activities and applying chokepoints," said Trip Cox, Earthlink's chief technology officer. Cox added that the measure have reduced spam from 30 percent of the ISP's total e-mail volume to 2 percent.

Dan Ilett of ZDNet UK reported from London.

35 comments

Join the conversation!
Add your comment
Takes over a PC?
Wow. So, am I at risk if I'm running VIrtual PC on my Mac?

Oh come on! Like I could resist.
Posted by Steve Tsuida (9 comments )
Reply Link Flag
Exactly.
Aside from this being a chicken-little story to begin with, it fails to mention that this issue is with Microsoft Windows machines.
Posted by rbochan (14 comments )
Link Flag
Well...
You did, you are just toooooo afraid to admit it.
Posted by 201293546946733175101343322673 (722 comments )
Link Flag
ISP Issues
I feel that ISP's need to amend there TOS and start disabling accounts of those users that don't take the time to make sure there system is safe. The police don't let you drive an unsafe car and so I feel that ISP's shouldn't let you operate an unsafe computer on there network. Instead of calling users they should either send them an email or just disable the account. The user would then have no choice but to call the ISP to find out what is wrong. After the notify phase is over give the user 1 week to fix the problem. If the problem still is still there then they should terminate the account. Most IPS's already have warnings spelled out in there TOS about spam and spreading virii.. Its about time they step up and handle the problem.
Posted by ntrlsur (21 comments )
Reply Link Flag
Re: ISP issues
We do shut off accounts after complaints come in, but you have to understand that it is very difficult to find every infected windows machine on the network to shut it off. Often time we have phone reps walking these people through cleaning up their boxes over the phone.

If you admin 3 or 4 windows PC's for family members you could easilly understand how difficult it would be to admin the PC's of millions of subscribers.

The is just a countermeasure and not a solution to the problem. The situation today would not be nearly as bad if XP and XP SP1 were not vulnerable to remote attack.

We try to firewall out know common windows vulns, but again, we can only do so much.

The problem would be best solved by MS, SP2 is progress but how long before SP2 or better is 80% of the install base? 5 years?
Posted by Dachi (797 comments )
Link Flag
I think you are correct...
If people can't take the time to make sure their system is loaded with Trojan's and the like then the ISP should shut-down their e-mail until they can get it cleared up. Three times in one year the ISP should cancel their account outright. This needs to be universal so that all ISP work the same way which helps keep people that just don't give a damn from moving from one ISP to another without ever cleaning up their system.

I also think it is becoming time that all ISP's that have over 5,000 users should offer their customers free anti-virus software and make it part of the TOS that they keep it installed and updated. The renewal each year for the on going virus definitions are included with your ISP charges. I think this is another way that ISP's could help control these types of problems.

Another solution is for e-mail software to have a limit to the number of messages they can send in a one hour period something like 10 and hour any more than that and they are rejected. Large companies could be certified yearly as safe (they have meet requirements) and that limit can be raised or lifted. The certification is manditor to remove the restrictions and it is done automatically.

Either things like this are going to have to be done or countries governements are going to have take over e-mail and have the only servers and all e-mail goes through them. This would mean a new goverment agency just to control e-mail and spam. The first time you break the rules they fine you, the next time you loose the ability to send e-mail from that country for life.

Drastic yes, but then we are rapidly getting to the point that something is going to have to happen. Otherwise all of our month's ISP charges are going to go through the roof to help the ISP's pay for the wasted servers and bandwidth. I would rather have government control of e-mail than pay more for a service that is already more costly than it should be.

Robert
Posted by (336 comments )
Link Flag
Not so fast
The article goes a bit to far in suggesting that this will cause serious problems in e-mail infrastructure.

A trojan, worm, virus, or spam infection trying to use the host's configured SMTP server is nothing new. These efforts were minimized over the years by the improvement of monitoring via e-mail clients and ant-virus software for 3rd party access of the e-mail client.

If ISPs and e-mail System administrators enable password authentication requirements to send email, something that all major e-mail clients support, this will go a long way to stop an old trick. This is an easy task and one that many ISPs and Corporations already employ. And, SSL can be used to ensure the passwords are not sniffed by malware.
Posted by (1 comment )
Reply Link Flag
Authentication will help, just not for long.
A zombie process can just extract the server, port and username from your email settings... and if you've told your program to save your password too, what's to stop it from grabbing that? Phishers are already including keystroke loggers to grab credit cards and passwords even after you leave their sites, so it's a quick leap to using them to grab your email password too.

Once someone can remotely control your computer with sufficient permissions, all bets are off.
Posted by Kelson (64 comments )
Link Flag
Rate throttle dialup accounts
It is easy enough to limit the rate of email messages coming from any individual IP address.

MailScanner already does all this with its "IPBlock" features, where you can specify the number of messages that will be accepted per hour from any individual IP address within a netblock.

You can configure different rates for different netblocks and domains. Once the limit is reached for a particular IP address, the MTA's "access" table (for Postfix and sendmail) is updated to instantly block SMTP connections from the errant IP address. These are expired once an hour (by default) so that no permanent blocks are put in place which will upset the customer.

Problem solved.
Posted by (9 comments )
Reply Link Flag
That doesn't compute.
If the users machine is infected then once the time limit expires it will start recieving mail again which starts the problem all over again..
Posted by ntrlsur (21 comments )
Link Flag
ISP's have no one to blame if they don't use the methods at hand
There are already commonsense solutions readily at hand, and ISP's will have nobody but themselves to blame if they don't use them. Shutting down customers who exceed a volume profile or limiting the number of emails in a daily period is extremely simple and will not be noticed by most customers--only commercial customers would need to be able to send, say, more than 10 emails in 24 hours, and they should have a commercial account anyway. Shutting down accounts that exceed a volume profile will **** off only a handful of the clueless and should not pose a public relations hardship for customer relations. Sending emails to customers describing these issues and telling them how to do things (virus checking, setting up allowed sender lists, using utilities provided by the ISP, etc.) isn't done nearly often enough. Thorough antivirus checking at the server level also surprisingly isn't done often enough. If ISP's think these measures will tick off the customers then they don't realize spam is already exacting maximum pain and no measures they take against it will hurt them if they will only explain it to the customer base up front...
Posted by Razzl (1318 comments )
Reply Link Flag
You're kidding right?
10 emails? I send ten emails in a hour. Should be something like 30 or 40..

Still, the idea has merrit. For instance, one of my email providers won't let you send more than 25 emails out at a time. It's a pain, but not that much of a pain.
Posted by (21 comments )
Link Flag
That is the most ...
idiotic think I've read yet.

10 email in 24 hours?!?!

Ok, how about 100?

Congrats! You are the proud "owner" of a 364k/5mb broadband connection. Your bandwith limit is 10mb. Enjoy!

:p
Posted by Far Star (82 comments )
Link Flag
Horse Hockey!
I can send more than 10 email messages in an hour to friends, family and club members of my Dog agility club.

That solution is no solution.
Posted by Sboston (498 comments )
Link Flag
Verio suffered from something like this last week
I host with Verio, and last week for a few days I was seeing
serious delays in delivery of both outbound and inbound
messages - most were between five and twelve hours late. At
the time, Verio had a recorded message on their tech support
line explaining that they had become swamped by email spam,
and the email system was being brought to its knees. I spoke
with an agent who confirmed this. It took them a few days, but
they got it sorted out and all is back to normal now.
Posted by maxplanar (5 comments )
Reply Link Flag
Conspiracy Theory
Here's a neat story idea...

Many politicians as well as a certain well known (M)ajor (S)oftware company have been pushing, for years, for a new computer-paradigm. In this scenario every single computer will be 'registered', 'identified', 'locked-down' in both hardware and software-use, and must allow the remote-examination of its contents. Further, the computer must have the capability to have it's software, and data, 'updated' or deleted outside the control of the computer's-owner (for their own good).

But, (here's the conflict) most people oppose this level of 'control', and obvious manipulation...

So, after a few years of seemingly-endless SECURITY-PROBLEMS (caused by this very same software-company) and years of SPAM (specifically allowed by these same politicians) there are suddenly calls for this EXACT SAME "Trusted Computer" environment...

Otherwise, ...'users' would no longer be allowed to access the 'Internet' (thereby protecting, security, economic-resources, manifest political-control, and the corporate 'wish-lists' of numerous media-interests).

What a great story...

...NAW, nobody would believe it.

It's too simplistic. Why wouldn't everybody just demand that the 'software' companies be held responsible for their shoddy-products'? Also, why wouldn't the people rebel against these obviously corrupt, and/or incompetent, politicians?
Posted by Gayle Edwards (262 comments )
Reply Link Flag
Zombie Repellent
I think it's interesting that the news of Zombie PCs has been around, even in the tech news, for quite some time, but this article talks almost like it's a new problem. This is likely because so many people are still so ignorant about the problem.

The solution to it, in my mind, is not beefing up spam filtering, but spreading the word about how to de-zombify your PC. Because of the service that I use, and now resell (because it is really THAT GOOD, see why *I* like it at <a class="jive-link-external" href="http://www.myinvisusdirect.com/netsafe" target="_newWindow">http://www.myinvisusdirect.com/netsafe</a> ), I have very few worries about my PC being a Zombie, or being part of a botnet.

We need to keep spreading the word about how to stop PCs from being used as zombies, and then our spam problem will be significantly reduced!
Posted by (1 comment )
Reply Link Flag
A few things.
1) nobody said this was a new problem, just a new version of an old trick (using ISP servers).

2) AV protection has not done much to solve the problem this far in the game, I don't have much confidence it will prove to be a "fox"

2) Spreading the word is not that useful, you can't just ask people to "please become a computer security expert". If MS would release a secured version of windows you could maybe get them to upgrade.

3) This is a message about stopping spam, and in your suggestion to make it stop YOU SPAMMED!!

###

Also on MS, every time I see anyone interview someone from MS they ask them very general questions about security.

Q) How is the security thing going?

A) We spend X dollars and Y amount of time and have Z review process in place. We are doing more than anyone else.

Most of the sites doing the interviews have a technical reader base right? Why not ask them more specific technical questions, like a locked down mail client for instance, or a smaller remote attack footprint aside from just masking the problem by including a firewall. I have 100 more questions too, which brings me to another rant.

MS keeps bashing Linux saying that there is nobody to hold accountable for Linux. If you have a problem with Linux who do you call at 3 am?

Ok, fine MS, give me a telephone number so I can have a confrence call with 3 or 4 of your engineers so we can hash out the details of securing Windows.

It is 3:30 AM Microsoft, who am I going to call?

-jpriest at gmail
Posted by Dachi (797 comments )
Link Flag
stopping: antivirus, deleting: spyware-removers, blocking: desktop firewall
Stopping them before they get into your computer:
Get some antivirus software. avast.com has one for free that I can recommend.
The usual recommendations to be careful about which emails you open, change from MS Outlook to less common or more secured email readers, etc also apply here.

Deleting them once inside:
Get some spyware removal tools, but don't download the "antispyware" tools that is spyware in masquerade!
Check some reviews on trusted websites of which software to use! I'd suggest trying Lavasoft AdAware and maybe you could need one more to complement with, or in case the trojan found countermeasures to hide from lavasoft adaware but not the other one you chose. Microsofts spyware removal tool is still too basic and it leaves many commong trojans alone (at least as of June 15th 2005).

Blocking trojans/spam software:
Among software firewalls, ZoneAlarm free version is my best bet on blocking trojans and spam-software once they're inside your computer. Some of them try to shutdown ZoneAlarm, so either rename the ZoneAlarm executable file or hope that the added protection can counter them. Adding some obscurity by yourself is always a good idea to stay away from the mainstream worms though.
Microsofts firewall in Windows XP does not block software to "phone home" throug your internet connection. Actually ZoneAlarm is "ok", competitors are working hard and will soon catch up (or take over?). Very very much is left to do in this field!
Posted by (4 comments )
Link Flag
I think you are safe
I am pretty sure this problem only affects real computers.
Posted by (1 comment )
Reply Link Flag
No chicken little, the sky is not falling!
Of course, talking about the eminent collapse of the Internet is a great way to make headlines... wish I'd thought of it ;-)

The effectiveness of IP based filtering has been fading for a while in favor of content based approaches. Message Sniffer, Spam Assassin
rules, SURBL and other URI based systems will be able to take up the slack as IP based blocking lists become more troublesome. I've got
statistics that show Message Sniffer eliminating better than 98% of spam consistently based entirely on content heuristics. (NO DNS based Blocking lists are used!)

The shift toward content filtering will put more pressure on email systems since it requires a bit more bandwidth than simply rejecting a connection based on an IP. However, not so much that the Internet will fail as a result.

This is going to mean that ISPs will have to become more responsive to complaints, more vigilant about the content traversing their systems, and more open to collaborative systems that identify and shut down problematic sources in real time.

Effective technical solutions to these problems can be built and implemented... perhaps up to now it simply hasn't been worth the effort since, up to now, spam has been a reasonably manageable problem with the tools that already exist.

Be honest,... we're all still using email, and I know lots of people who are quite happy with their spam filtering solution at present.

It has been said before, and it is true --- Email is "The Killer App" and that means there is plenty of reason (read $$$) to keep it from
"going quietly into that good night..." Email won't die. None of us will let it.

That said, the days of "keeping the lights on and raking in the doe" are over for all ISPs... not just the small attentive ones who still
know every node in their networks. From now on, even the big boys are going to have to pay close attention to the details -- or else.
Posted by codedweller (1 comment )
Reply Link Flag
Can more be done about SPAM?
After reading the article about the "Email Apocalypse" it sounds like Spammers, virus writers, and hackers are winning the battle, and making the internet a real mess for everyone. As far as I can tell, the only defense against SPAM are blockers and filters. This does not seem like an effective solution to me. Nobody seems to be talking about trying to do anything about the true source of the problem...the Spammers themselves! They seem to pretty much just get away with it. Can't the government get more involved and pass a law making it a federal crime to SPAM and then actively try to hunt down Spammers with the same seriousness that the government takes with hackers and virus writers?
Is there anything even remotely like this in the works right now? If there is, I sure don't ever hear any mention of it. In my opinion, especially after reading the article about how the "...email infrastructure is beginning to fail", the spammers are doing REAL damage just like a virus does or a hacker does! The spamming situation really needs to be taken much more seriously than it seems to currently be taken. Much more extreme action needs to be taken than just simply trying to block or filter the SPAM!
Posted by tstarkey (2 comments )
Reply Link Flag
What a coincidence...I just found my answer
Just as I was finshing my above comment I came across this article that talks about exactly what I was asking about:
<a class="jive-link-external" href="http://www.newscientist.com/article.ns?id=dn6955" target="_newWindow">http://www.newscientist.com/article.ns?id=dn6955</a>

Check it out, very interesting.
Posted by tstarkey (2 comments )
Link Flag
Takes over a "PC" - you mean "Windows" don't you
But you are clearly too cowardly to say so for fear of losing ad
revenue? Its the same tap dance you do when talking about the
latest virus - you carefully skirt the issue that its only "Windows"
that is the problem.

And now "Windows" is causing new problems for the world's
email system. How quaint. Perhaps its time to give Windows
the boot for good.
Posted by (10 comments )
Reply Link Flag
Stop with the band-aid solutions
Trying to trap a spammer is like trying to grab a hold of fog. It can't be done.

What needs to be addressed is the reason spammers exist in the first place. There is money in it, a lot of money, else they would be out of business. The answer is to cut off their sales.

The problem needs to be stopped at the source. The source are all the idiots out there. Stop them from responding and buying crap from spammers. Let ISP's suspend or ban anyone caught responding to spam. As much as I don't like government intervention, writing fines would be in order. Maybe then people would spend the 5 minutes it takes to learn basic computer security.

If ISPs that cater to the clueless, such as AOL, would stomp on its customers, the problem would be greatly dimished. There would also be another side effect to this: viri and trojans would not spread as fast, as it is often these same clueless morons that cause them to spread.

This seems like a draconian solution, but the only way to really stop spammers is to remove the profit. It is just like telephone solicitors, no one like getting calls, but someone must be buying.
Posted by Bill Dautrive (1179 comments )
Reply Link Flag
beg to differ
Stopping spam completely is out of the question.
But in the long run, sending spam has to become more expensive.

Laws and fines are slow and doesn't affect offshore spammers.

How about getting paid to receive emails? There are systems in testing where you get (virtual) $.02 or so for each email you receive, and if you're out of virtual money you'd have to pay into the system somehow before you can send email through that channel again. Add to this the option to send email free of charge between your collegues (for example everybody in your adress book email you for free, but also opening up for spam to be sent from your computer to your collegues. But in this case they probably write or call you so you can remove the spambot/trojan/virus from your computer quite quickly.)

The main obstacle here is that these "micropayments" cost more to manage than the actual value tranfered. And if a trojan could steal your login codes to this system, it could use up all your "emailing credits". It's a nusance -- for those who got their computers cracked and abused for spam will become victims and spend some time on preventing and removing the spambots. Combined with instructions how to do this from your ISP, this could rid the internet of 50% of it's spam-related traffic! (Oops, Cisco and others will kll me for this).
Posted by (4 comments )
Link Flag
Message has been deleted.
Posted by wssbill (9 comments )
Reply Link Flag
Message has been deleted.
Posted by wssbill (9 comments )
Reply Link Flag
Message has been deleted.
Posted by wssbill (9 comments )
Link Flag
WHY IS CNET DELETING MY SPAMHAUS COMMENT?
TalkBack
Message has been deleted.
wssbill
Aug 12, 2006, 4:55 AM PDT

Message has been deleted.
wssbill
Jun 16, 2006, 10:49 AM PDT


WHat is the matter CNET? you kissing up to spamhaus that you also do not care about Freedom of speach?


Just because I said bad things about spamhaus. They contacted my ISP and threatened them into shutting off my Internet connection. I did not spam. all I did was write a bad comment about spamhaus. they told my provider that if they did not shut me off they would blacklist them for 6 months. I am not in the email business in any way. These guys abuse their power. stay away from them. the word NAZI comes to mind.

this is what I wrote below. ANd for saying this they had my home internet connection shut of

Spamhaus.org charges a whopping $14500 per year for a blacklist
they don't even own! To verify these charges, visit this page:

<a class="jive-link-external" href="http://www.spamhaus.org/datafeed/pricecalculator.lasso" target="_newWindow">http://www.spamhaus.org/datafeed/pricecalculator.lasso</a>


More facts:
----------


The XBL list that comes in the spamhaus.org data feed is in
reality the CBL list at <a class="jive-link-external" href="http://cbl.abuseat.org" target="_newWindow">http://cbl.abuseat.org</a>. That list is *not*
owned by spamhaus.org. All spamhaus.org does is copy (download)
the information X number of times a day to their own servers
before feeding it to unsuspecting corporations.


The CBL list has been renamed to XBL by the very cunny(!) folk at
spamhaus.org so that no-one could possibly notice the fraud.
Furthermore, spamhaus.org is selling the rebranded CBL list which
makes up over 90% of the total value of the data feed for up to
$14500 pa, when anyone including corporations and ISPs can get
the *same feed* for *FREE* by filling in this simple form:


<a class="jive-link-external" href="http://www.cbl.abuseat.org/rsync-signup.html" target="_newWindow">http://www.cbl.abuseat.org/rsync-signup.html</a>


This is blatant fraud because by mixing their highly *ineffective*
SBL list with the CBL list, Spamhaus gives the false impression of
their own SBL list being a powerful spam filter. This is a
marketing con, just as ROKSO is a PR ploy.


The stark reality which spamhaus.org has been trying to sweep
under the carpet in the last 3 years is, without the CBL list
spamhaus.org would have been bankrupt by now. Without the CBL
list, Steve, John et al, would not have been able to rake in
hundreds of thousands of easy dollars from corporations and
government institutions gullible enough to believe the
spamhaus.org PR.

Spamhaus Internet terrorists.

Becoming what you oppose
Editorial by Dave Hayes

Many folks have asked me why I stopped "contributing" to the everlasting debates in NANA (news.admin.net-abuse.*). I generally respond with something along the lines of "I don't wish to become that which I oppose". Indeed, recently I've "plonked" several entities (among them the terrorists known as "spamhaus" and "spews") simply because I no longer wish to beat my head against the stone wall of ignorance.

Terrorists? Yes that's right. One definition of "terrorism" is "attacking innocents in the name of your cause". Nowhere is this more ironic and extreme than in the deeds of my old nemesi, the anti-spammer zealotry collective, some of whom are now known as spamhaus and spews. The terrorism they practice is implemented in the form of "mail blacklists".

Blacklists are not a new notion. In the 1950's, the infamous McCarthy blacklists contained names of "possible communists", which ultimately led us to a more sterile culture.

The social costs of what came to be called McCarthyism have yet to be computed. By conferring its prestige on the red hunt, the state did more than bring misery to the lives of hundreds of thousands of Communists, former Communists, fellow travelers, and unlucky liberals. It weakened American culture and it weakened itself. ---Victor Navasky, Naming Names (New York: Viking Press, 1980)
Modern internet technology has created our own version(s) of social blacklists. Many anti-spam zealots have turned to this method for freeing their mailboxes from spam. Simply expressed, these organizations maintain databases which are supposed to contain the IP addresses of known spammers. They then provide these databases to various electronic mail servers, so that the servers can reject email based on what's in these databases.

The bottom line is, if the machine that sends your email is on this list, a number of mail servers will automatically reject all email from your server.

If (and only if) they restricted these blacklists to actual spammers, I doubt very seriously that I would have problem with this practice. If we could trust human beings to maintain a logical and calm viewpoint about life, I doubt that I would have a problem with these blacklists. Unfortunately we cannot trust these things in either case.

Fact: Spamhaus and spews have added innocent IP blocks to their blacklists.

The anti-spammer idealotry goes like this: "Anyone who gets service from a network friendly to spammers is supporting the spammers and therefore our enemy." (The friend of my enemy is my enemy too?)

So here's how this goes. Once a network provider is branded "a communist"...er excuse me..."a spammer", ALL of their IP ranges are blocked. Typically a network provider is providing services for smaller service providers, many of whom would never and have never engaged in spamming of any kind. No notice is really given on these blacklisting events, rather you find out when mail starts bouncing to some destination. Usually an end customer is the first to notice, and that customers is directed by the bounce to complain to...their own ISP!

In essence, the customer is tricked into presenting the terrorist anti-spam agenda to the ISP. The ISP turns around and finds out that their provider (or provider's provider) is what the anti-spam zealots want "silenced". Until that target complies with their arbitrary agenda (usually of the form "stop spamming", but this is not always true...see below), everyone else has to suffer with electronic mail blocks.

What's wrong with this? Everything.

* First and foremost, the most often heard reason anti-spammers are so rabid about anti-spam is "it makes electronic mail unusable for average people". If this is true, then how does blocking innocent email help this situation? In fact, blacklisting innocents contributes to the problem. The hypocrisy here is so thick I doubt even a knife can cut it. * The dishonor of the practice of blacklists is amazing. Many naive internet mail administrators add blacklists like spamhaus "because they work to reduce spam". Lots of these sites have no idea that they are being cut off from legitimate email because of these machinations. If their customers really knew that they were cutoff, I wonder how many would still buy service? Getting rid of spam is one thing, blocking that key business email that means $100K in sales is quite another. Lets take this one step further. Person A buys email service from ISP X who is using Spamhaus to block spam email. Person A's daughter, who's income is very low due to being a student in college, buys email service from ISP Y (because it's cheap) who uses IAP S as their connectivity. ISP Y buys network from IAP S because it's cheap. Due to real life constraints, the only contact Person A has with their daughter is email. IAP S suddenly gets put on the anti-spam master blacklist. The same day, Person A's daughter has a car accident. A roommate desperately tries to send email to Person A but it's blocked. Worse, it's blocked because these zealots have an idealogical cause which is set up to be more important than a person's life. This is the height of dishonor. * The practice is quite criminal by many definitions and with criminals on all sides: o Any ISP that is blocked is told to "comply with our demands or be blacklisted" (a.k.a. extortion). o Attacking innocents in the name of their cause (a.k.a. terrorism). o Since the control of the blacklist is out of the hands of the service provider who subscribes to it, by law you must clearly state "random people may be blocked to your email box by other people who are not under our control" before selling "email services". I've never seen this stated on any ISP ad. (a.k.a false advertising) o Blacklisting ISPs is a good way of knocking them out of business (a.k.a restraint of trade) o If spam ever goes away, these organizations will also. Thus they have a vested interest in keeping spam alive (a.k.a playing both sides of the street)
Do note that the anti-spammers claim these practices are not criminal and will "reduce economic support for the 'spam friendly' ISPs". This claim is quite erroneous:

Fact: Spammer companies have far more money than most innocents.

Yep, to the tune of millions of dollars per month. SPAM is big business. Do you think that the income of one little ISP with 1000 customers is going to make any difference against the large income of a spam company? No! All that does is clear more bandwidth for the spammers to use, should the little ISP cave in and switch to another provider.

While there's no proof (that I'm aware of), it's not so far fetched to open up questions of collusion between "the providers that are anti-spam" and the "anti-spam blacklists". Certain providers, to compete, may pay the blacklist groups lots of money to keep attacking innocents, which gets them more customers in the long run as ISPs fold because they cant afford the connectivity provided by the "anti-spam supporter" providers.

I've established some things here:

1. In my opinion, blacklists are bad. 2. The anti-spammers are resorting to clearly criminal activities to further their goals: extortion, restraint-of-trade, terrorism. 3. The effect the anti-spammers are trying to have by blocking innocents only works to destroy email connectivity, the cure is worse than the disease.
This brings me to my concluding point. The original complaint against spammers included accusations of being criminal. Most spammers are considered criminal. Yet look at the anti-spammers! In their undying eternal zeal to end spam, they have become just what they oppose! Criminals and email destroyers. Gee, isn't this what they call the spammers?

The aware person realizes that fighting something only makes it stronger. Indeed, when you see two people rabidly on one side or the other, it's very hard to distinguish the two. They almost appear to be the same person, willing to commit any atrocity for the sake of their ideology or economics. What more do I need to know?

So, in a roundabout way, that's why I don't participate. I've done my days of tilting at windmills. I've presented my pearls, but the swine didn't hear any of them. They've misrepresented my position countless times for their own agendas, failed to understand even the most basic of the concepts I've explained, and twisted what I've said to make me out to be something I am not. ("Spam supporter"...lol)

I have finally realized that it has less to do with the ability to understand, it's mostly that they are not willing to understand. So in that climate I should once again venture forth into that primal never-ending argumentia that is NANA?

No. I'm sorry. I have far better things to do.
Posted by DeletedWhy (2 comments )
Reply Link Flag
WHY IS CNET DELETING MY SPAMHAUS COMMENT?
TalkBack
Message has been deleted.
wssbill
Aug 12, 2006, 4:55 AM PDT

Message has been deleted.
wssbill
Jun 16, 2006, 10:49 AM PDT


WHat is the matter CNET? you kissing up to spamhaus that you also do not care about Freedom of speach?


Just because I said bad things about spamhaus. They contacted my ISP and threatened them into shutting off my Internet connection. I did not spam. all I did was write a bad comment about spamhaus. they told my provider that if they did not shut me off they would blacklist them for 6 months. I am not in the email business in any way. These guys abuse their power. stay away from them. the word NAZI comes to mind.

this is what I wrote below. ANd for saying this they had my home internet connection shut of

Spamhaus.org charges a whopping $14500 per year for a blacklist
they don't even own! To verify these charges, visit this page:

<a class="jive-link-external" href="http://www.spamhaus.org/datafeed/pricecalculator.lasso" target="_newWindow">http://www.spamhaus.org/datafeed/pricecalculator.lasso</a>


More facts:
----------


The XBL list that comes in the spamhaus.org data feed is in
reality the CBL list at <a class="jive-link-external" href="http://cbl.abuseat.org" target="_newWindow">http://cbl.abuseat.org</a>. That list is *not*
owned by spamhaus.org. All spamhaus.org does is copy (download)
the information X number of times a day to their own servers
before feeding it to unsuspecting corporations.


The CBL list has been renamed to XBL by the very cunny(!) folk at
spamhaus.org so that no-one could possibly notice the fraud.
Furthermore, spamhaus.org is selling the rebranded CBL list which
makes up over 90% of the total value of the data feed for up to
$14500 pa, when anyone including corporations and ISPs can get
the *same feed* for *FREE* by filling in this simple form:


<a class="jive-link-external" href="http://www.cbl.abuseat.org/rsync-signup.html" target="_newWindow">http://www.cbl.abuseat.org/rsync-signup.html</a>


This is blatant fraud because by mixing their highly *ineffective*
SBL list with the CBL list, Spamhaus gives the false impression of
their own SBL list being a powerful spam filter. This is a
marketing con, just as ROKSO is a PR ploy.


The stark reality which spamhaus.org has been trying to sweep
under the carpet in the last 3 years is, without the CBL list
spamhaus.org would have been bankrupt by now. Without the CBL
list, Steve, John et al, would not have been able to rake in
hundreds of thousands of easy dollars from corporations and
government institutions gullible enough to believe the
spamhaus.org PR.

Spamhaus Internet terrorists.

Becoming what you oppose
Editorial by Dave Hayes

Many folks have asked me why I stopped "contributing" to the everlasting debates in NANA (news.admin.net-abuse.*). I generally respond with something along the lines of "I don't wish to become that which I oppose". Indeed, recently I've "plonked" several entities (among them the terrorists known as "spamhaus" and "spews") simply because I no longer wish to beat my head against the stone wall of ignorance.

Terrorists? Yes that's right. One definition of "terrorism" is "attacking innocents in the name of your cause". Nowhere is this more ironic and extreme than in the deeds of my old nemesi, the anti-spammer zealotry collective, some of whom are now known as spamhaus and spews. The terrorism they practice is implemented in the form of "mail blacklists".

Blacklists are not a new notion. In the 1950's, the infamous McCarthy blacklists contained names of "possible communists", which ultimately led us to a more sterile culture.

The social costs of what came to be called McCarthyism have yet to be computed. By conferring its prestige on the red hunt, the state did more than bring misery to the lives of hundreds of thousands of Communists, former Communists, fellow travelers, and unlucky liberals. It weakened American culture and it weakened itself. ---Victor Navasky, Naming Names (New York: Viking Press, 1980)
Modern internet technology has created our own version(s) of social blacklists. Many anti-spam zealots have turned to this method for freeing their mailboxes from spam. Simply expressed, these organizations maintain databases which are supposed to contain the IP addresses of known spammers. They then provide these databases to various electronic mail servers, so that the servers can reject email based on what's in these databases.

The bottom line is, if the machine that sends your email is on this list, a number of mail servers will automatically reject all email from your server.

If (and only if) they restricted these blacklists to actual spammers, I doubt very seriously that I would have problem with this practice. If we could trust human beings to maintain a logical and calm viewpoint about life, I doubt that I would have a problem with these blacklists. Unfortunately we cannot trust these things in either case.

Fact: Spamhaus and spews have added innocent IP blocks to their blacklists.

The anti-spammer idealotry goes like this: "Anyone who gets service from a network friendly to spammers is supporting the spammers and therefore our enemy." (The friend of my enemy is my enemy too?)

So here's how this goes. Once a network provider is branded "a communist"...er excuse me..."a spammer", ALL of their IP ranges are blocked. Typically a network provider is providing services for smaller service providers, many of whom would never and have never engaged in spamming of any kind. No notice is really given on these blacklisting events, rather you find out when mail starts bouncing to some destination. Usually an end customer is the first to notice, and that customers is directed by the bounce to complain to...their own ISP!

In essence, the customer is tricked into presenting the terrorist anti-spam agenda to the ISP. The ISP turns around and finds out that their provider (or provider's provider) is what the anti-spam zealots want "silenced". Until that target complies with their arbitrary agenda (usually of the form "stop spamming", but this is not always true...see below), everyone else has to suffer with electronic mail blocks.

What's wrong with this? Everything.

* First and foremost, the most often heard reason anti-spammers are so rabid about anti-spam is "it makes electronic mail unusable for average people". If this is true, then how does blocking innocent email help this situation? In fact, blacklisting innocents contributes to the problem. The hypocrisy here is so thick I doubt even a knife can cut it. * The dishonor of the practice of blacklists is amazing. Many naive internet mail administrators add blacklists like spamhaus "because they work to reduce spam". Lots of these sites have no idea that they are being cut off from legitimate email because of these machinations. If their customers really knew that they were cutoff, I wonder how many would still buy service? Getting rid of spam is one thing, blocking that key business email that means $100K in sales is quite another. Lets take this one step further. Person A buys email service from ISP X who is using Spamhaus to block spam email. Person A's daughter, who's income is very low due to being a student in college, buys email service from ISP Y (because it's cheap) who uses IAP S as their connectivity. ISP Y buys network from IAP S because it's cheap. Due to real life constraints, the only contact Person A has with their daughter is email. IAP S suddenly gets put on the anti-spam master blacklist. The same day, Person A's daughter has a car accident. A roommate desperately tries to send email to Person A but it's blocked. Worse, it's blocked because these zealots have an idealogical cause which is set up to be more important than a person's life. This is the height of dishonor. * The practice is quite criminal by many definitions and with criminals on all sides: o Any ISP that is blocked is told to "comply with our demands or be blacklisted" (a.k.a. extortion). o Attacking innocents in the name of their cause (a.k.a. terrorism). o Since the control of the blacklist is out of the hands of the service provider who subscribes to it, by law you must clearly state "random people may be blocked to your email box by other people who are not under our control" before selling "email services". I've never seen this stated on any ISP ad. (a.k.a false advertising) o Blacklisting ISPs is a good way of knocking them out of business (a.k.a restraint of trade) o If spam ever goes away, these organizations will also. Thus they have a vested interest in keeping spam alive (a.k.a playing both sides of the street)
Do note that the anti-spammers claim these practices are not criminal and will "reduce economic support for the 'spam friendly' ISPs". This claim is quite erroneous:

Fact: Spammer companies have far more money than most innocents.

Yep, to the tune of millions of dollars per month. SPAM is big business. Do you think that the income of one little ISP with 1000 customers is going to make any difference against the large income of a spam company? No! All that does is clear more bandwidth for the spammers to use, should the little ISP cave in and switch to another provider.

While there's no proof (that I'm aware of), it's not so far fetched to open up questions of collusion between "the providers that are anti-spam" and the "anti-spam blacklists". Certain providers, to compete, may pay the blacklist groups lots of money to keep attacking innocents, which gets them more customers in the long run as ISPs fold because they cant afford the connectivity provided by the "anti-spam supporter" providers.

I've established some things here:

1. In my opinion, blacklists are bad. 2. The anti-spammers are resorting to clearly criminal activities to further their goals: extortion, restraint-of-trade, terrorism. 3. The effect the anti-spammers are trying to have by blocking innocents only works to destroy email connectivity, the cure is worse than the disease.
This brings me to my concluding point. The original complaint against spammers included accusations of being criminal. Most spammers are considered criminal. Yet look at the anti-spammers! In their undying eternal zeal to end spam, they have become just what they oppose! Criminals and email destroyers. Gee, isn't this what they call the spammers?

The aware person realizes that fighting something only makes it stronger. Indeed, when you see two people rabidly on one side or the other, it's very hard to distinguish the two. They almost appear to be the same person, willing to commit any atrocity for the sake of their ideology or economics. What more do I need to know?

So, in a roundabout way, that's why I don't participate. I've done my days of tilting at windmills. I've presented my pearls, but the swine didn't hear any of them. They've misrepresented my position countless times for their own agendas, failed to understand even the most basic of the concepts I've explained, and twisted what I've said to make me out to be something I am not. ("Spam supporter"...lol)

I have finally realized that it has less to do with the ability to understand, it's mostly that they are not willing to understand. So in that climate I should once again venture forth into that primal never-ending argumentia that is NANA?

No. I'm sorry. I have far better things to do.
Posted by DeletedWhy (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.