Previous Politech message: http://www.politechbot.com/2005/05/24/ftc-plans-spam/ -------- Original Message -------- Subject: Re: [Politech] FTC plans spam "zombie" crackdown: a good idea? [sp] Date: Tue, 24 May 2005 09:50:23 -0400 From: H. Brower <hbout@private> To: Declan McCullagh <declan@private> References: <429323C9.80507@private> Declan, Very informative article on the spam-zombie problem. However I must disagree with you on what ISPs are currently doing to block the zombies from sending email out. Comcast is most definitely NOT blocking port 25 (the SMTP protocol channel) for a majority of their subscribers. They along with Shaw Cable in Canada are by far our two largest sources of zombie-spam currently, with thousands of unwanted messages coming in daily from their broadband subscribers. The new zombies pop up so fast it is not possible for existing spam blocking services like Spamcop or SPEWS to keep up with them, and as a result our spam filters are slowly losing their effectiveness. From our standpoint as a mid-sized email provider, what would help most is for broadband and dialup ISPs to properly setup their DNS systems to identify their residential end users, so that we can block all email coming from addresses such as "*.pool.BIGISP.COM". This setup still allows us to accept legit email from their official mail servers, which would have different DNS addresses. AOL already does this, and Verizon has at least partially implemented such a system. Since a lot of spam coming from hacked zombie computers seems to drive users to make purchases through legitimate e-commerce sites, albeit through a network of shadowy web affiliates, it might be helpful for the FTC to also warn those merchants to check out their affiliates carefully. I know of at least one large auto maker who is indirectly profiting from such a zombie-spam campaigns. Regards, Hugh Brower X9 Interactive - FuturisNET -------- Original Message -------- Subject: Re: [Politech] FTC plans spam 'zombie' crackdown: a good idea? [sp] Date: Tue, 24 May 2005 12:14:03 -0700 (PDT) From: Barclay McInnes <barc@private> To: Declan McCullagh <declan@private> References: <429323C9.80507@private> Declan; I think this is actually a good idea. Certainly better than some of the "solutions" that have been put in place so far. One "solution" is that some ISPs in Canada and the US have just put a blanket block on port 25 to prevent any mail from leaving their networks. This becomes frustrating as hell when dealing with clients who want to use just one set of SMTP settings on their laptops, instead of having to change it depending on whether they're at the office (where their home ISP SMTP doesn't work) or at home (where their office SMTP is now blocked). Also, in the olden days of the Internet, nodes WERE under a lot of scrutiny. I actually find it astonishing that things have gotten as bad as they have regarding zombie boxes, as that sort of thing would have been noticed and snuffed out almost immediately beforehand. Sniffing packets and reading the contents is a lot more work intensive than logging odd traffic patterns and flagging them for a little human scrutiny, so this wouldn't be a case of ISPs snooping in your every move. The fact that the ISPs don't do this more often now is probably a combination of lack of comptent tech people to do traffic analysis, and fear of uninformed users believing they're being spied on. But this problem is a problem for everyone, and something's gotta change. Barclay McInnes ----- End forwarded message ----- _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Thu May 26 2005 - 20:33:13 PDT