Previous Politech message: http://www.politechbot.com/p-04484.html --- Date: Fri, 21 Feb 2003 11:35:18 -0800 (PST) From: Julian Haight <julianat_private> To: Declan McCullagh <declanat_private> Subject: Re: "Why the SpamCop blocking list is harmful and inaccurate" In-Reply-To: <5.1.1.6.0.20030220220651.022157c8at_private> Message-ID: <Pine.LNX.4.33.0302211100560.12658-100000at_private> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Declan. Thanks for the chance to respond. I hope this will provide a counterpoint.. Jeremy never claims his users don't send spam. However, his freemail service (and all freemail) is an attractive neusance which spammers have only recently begun to exploit in force. Many spammers have started using automated tools to script webmail systems. Not just for sending mail with an existing account, but to create thousands of accounts and send spam through each of them until their limits are reached. Spammers also use many hundreds of IPs simultaneously by exploiting open IP proxies. So I doubt Jeremy is really as successful as he claims at stopping the spam from his system. I also think he vastly under-estimates the amount of spam sent. Just because he locks one account, it does not mean that many other accounts are not flying under his (and my) radar. Hotmail and AOL as well as other free webmail providers are finally dealing with the long-standing theoretical possibility that their systems are no better than open relays. This vulnerability in webmail has been known since their inception, but dismissed due to the lack of exploits "in the wild". That has changed. Webmail is vulnerable, and the expoit of these vulnerabilities is no longer a matter of speculation. Wednesday, fastmail.fm delivered 14 spam messages to spamtraps on my system. That is surely only a small fraction of the spam sent during that "spam run". These spamtraps are not known by spammers - I don't think this spam run is the work of revenge-seekers. Rather it is a successfull effort by spammers to use Jeremy's system to send spam. If his system did not allow spam to be sent in sufficient quantity, why would the spammers not move to greener pastures? They are motivated by greed, not revenge. Fastmail is worse than other freemail providers in one respect, and ths may be part of the reason spammers favor it. Most webmail providers list the sender's true IP address in the headers of the mail, providing an audit-trail. Fastmail does not, thus concealing the source of the message. This behavior is actually *worse* than most open relays. They at least indicate the "injecting" ip address. On the other hand, I admit that many of Jeremy's criticisms are valid. Some are totally off the wall, and I don't have time to respond to every point. I am always endeavoring to fix things that are broken. For example, I changed my FAQ entry which used the word "thousands". However, at least the current blocking of fastmail is justified. If it makes anyone fell better, several AOL and hotmail servers are also blocked, and those sites are also scrambling to stop the spammers using their systems as open relays. It is a hopeless, or at least up-hill battle, given the nature of free web-mail. If I were in his shoes, I would look at the countermeasures taken by IRC networks, which are often the first-responders to new routes of abuse. For instance, users of his system should be subject to open-proxy testing prior to sending mail. I find it disturbing that Jeremy has decided to shovel dirt about SpamCop rather than working with me and addressing the valid complaints of people who receive spam from his system. Sounds a lot like killing the messenger who brings bad news. - -=Julian=- On Thu, 20 Feb 2003, Declan McCullagh wrote: > I will give Julian the opportunity to reply. (Though he chose not to in > December, when we discussed how SpamCop blocked two of its competitors.) > > Background on SpamCop: > http://www.politechbot.com/cgi-bin/politech.cgi?name=spamcop > > -Declan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+Vn92kdq17G+XLoYRApZqAKCMBKFVEV9CtV2gDj1L6AEsqtR4jgCfVACl rF7Gj3MfiJDNMUiBy4OyNXc= =/ZqC -----END PGP SIGNATURE----- ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ ------------------------------------------------------------------------- Declan McCullagh's photographs are at http://www.mccullagh.org/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Feb 21 2003 - 12:22:22 PST