Earthlink has the following open mail relays: gull.prod.itd.earthlink.net snipe.prod.itd.earthlink.net (a couple of other earthlink hosts, I can't remember which now, they were all in the .prod.itd.earthlink.net subdomain.) I know this because I have been getting spammed by someone using them for the past week. I have tried e-mailing abuse@earthlink.net several times and have received no response. I'm hoping a clueful Earthlink admin will see this post and take the appropriate action. If not, then maybe Earthlink should be "nominated" for RBL. --Adam --- bash: syntax error near unexpected token `:)' Adam D. McKenna adam@flounder.net
On Mon, 17 Aug 1998, Adam D. McKenna wrote:
Earthlink has the following open mail relays: gull.prod.itd.earthlink.net
feeding: {13} rly2 gull.prod.itd.earthlink.net Connecting to gull.prod.itd.earthlink.net ... <<< 220 gull.prod.itd.earthlink.net ESMTP Sendmail 8.8.7/8.8.5; Mon, 17 Aug 1998 07:58:06 -0700 (PDT) >>> HELO feeding.frenzy.com <<< 250 gull.prod.itd.earthlink.net Hello feeding.frenzy.com [209.198.128.35], pleased to meet you >>> MAIL FROM:<sam_merritt@hotmail.com> <<< 250 <sam_merritt@hotmail.com>... Sender ok >>> RCPT TO:<harter@feeding.frenzy.com> <<< 550 <harter@feeding.frenzy.com>... Relaying Denied rly2: relay rejected - final response code 550
snipe.prod.itd.earthlink.net
feeding: {17} rly2 snipe.prod.itd.earthlink.net Connecting to snipe.prod.itd.earthlink.net ... <<< 220 snipe.prod.itd.earthlink.net ESMTP Sendmail 8.8.7/8.8.5; Mon, 17 Aug 1998 08:00:04 -0700 (PDT) >>> HELO feeding.frenzy.com <<< 250 snipe.prod.itd.earthlink.net Hello feeding.frenzy.com [209.198.128.35], pleased to meet you >>> MAIL FROM:<sam_merritt@hotmail.com> <<< 250 <sam_merritt@hotmail.com>... Sender ok >>> RCPT TO:<harter@feeding.frenzy.com> <<< 550 <harter@feeding.frenzy.com>... Relaying Denied rly2: relay rejected - final response code 550
I know this because I have been getting spammed by someone using them for the past week. I have tried e-mailing abuse@earthlink.net several times and have received no response.
I'm hoping a clueful Earthlink admin will see this post and take the appropriate action. If not, then maybe Earthlink should be "nominated" for RBL.
They must have fixed it (or you didn't test it). Lets not be too hasty. Sam
Ever hear of postmaster@earthlink.net? rcpt to: postmaster@earthlink.net 250 postmaster@earthlink.net... Recipient ok Give it a whirl.
Earthlink has the following open mail relays: [snip]
-- jamie rishaw (dal/efnet:gavroche) American Information Systems, Inc. Tel:312.425.7140, FAX:312.425.7240 thirty thousand feet above the earth..youre a beautiful thing..
Hello- While suggestions for denying relaying are appreciated, a majority of EarthLink members access our mail servers via POPs on the UUnet and PSI networks. Closing our servers to those networks is not possible (though they are effectively closed to relaying for all other traffic). Our Network Abuse department works closely with UUnet and PSI to identify and take action on spammers that access our servers via their POPs. Please continue to report any incidents to abuse@earthlink.net for handling on a case-by-case basis. While a personal response to mail sent to abuse@earthlink.net is not always possible, if you continue to utilize our established abuse resolution channels by forwarding the message, with full headers intact, to abuse@earthlink.net, we will continue to either take immediate action on any EarthLink accounts identified, or forward complaints along to the appropriate network(s) until action is taken on the accounts responsible. Please let me know if I can be of further assistance. At 10:28 AM 8/17/98 -0400, Adam D. McKenna wrote:
Earthlink has the following open mail relays:
gull.prod.itd.earthlink.net snipe.prod.itd.earthlink.net (a couple of other earthlink hosts, I can't remember which now, they were all in the .prod.itd.earthlink.net subdomain.)
I know this because I have been getting spammed by someone using them for the past week. I have tried e-mailing abuse@earthlink.net several times and have received no response.
I'm hoping a clueful Earthlink admin will see this post and take the appropriate action. If not, then maybe Earthlink should be "nominated" for RBL.
--Adam --- bash: syntax error near unexpected token `:)'
Adam D. McKenna adam@flounder.net
====================== Lisa Hoyt, Information Security Administrator Earthlink Network, Inc 626.296.5152 http://www.earthlink.net/company/netabuse.html http://www.earthlink.net/spam 1-888-ELN-SPAM/1-888-356-7726
At 12:26 PM -0700 8/18/98, EarthLink Information Security wrote:
Hello-
While suggestions for denying relaying are appreciated, a majority of EarthLink members access our mail servers via POPs on the UUnet and PSI networks. Closing our servers to those networks is not possible (though they are effectively closed to relaying for all other traffic).
How about using POP before SMTP (works with any POP3 client), Authenticated SMTP (supported in Outlook 98 client) and XTND XMIT (supported in Eudora Pro 4.x) or just support all of the above? Then you would be able to close those mailservers to any relaying whatsoever. We support all of those mail-sending methods and because of that we have not relayed one single message for a non-customer in the life of our service. Regards, -- Wayne D. Correia Critical Path Inc. main: +1.415.808.8800 CTO <wayne@cp.net> San Francisco, CA 94105 USA fax: +1.415.826.6100 InterNIC: (WAYNE-ORG) http://www.cp.net 24/7 mobile: +1.415.826.6000 "we handle the world's email."
Is there a list of the dial up pools for the big providers anywhere? I would like to lock them out from delivering SPAM directly to us
On Thu, Aug 20, 1998 at 07:12:58PM -0700, Roy wrote:
Is there a list of the dial up pools for the big providers anywhere? I would like to lock them out from delivering SPAM directly to us
I have UUNet's somewhere, and I think they are probably about the worst -- Steve Sobol, Cartel Member #1489 (tinc) Quote of the year: "If Bill [Gates] were tan, buffed and weighed 240 pounds, I bet people would dig IS." - Michael Cohn, COMPUTERWORLD Magazine, 8/3/98.
We support all of those mail-sending methods and because of that we have not relayed one single message for a non-customer in the life of our service.
Maybe in part because your customers are remarkably endowed with clueons. In my abundant experience supporting configuration changes on the part of dial-up users (like Mindspring's), I have found that your average dial-up user is about as capable of reconfiguring and upgrading software as you or I am of building a nuclear reactor with a pencil, some sand, and a stick of bubble gum. Imposing security measures or performance enhancement tricks after initial implementation is a huge imposition on any company's technical support staff, and frequently serves more as a customer irritant than anything else. I remember having to assist flash.net customers with reconfigurating their POP3 and SMTP clients when that provider went to a round-robin load-balancing mail server system. It was ... painful. ag
On Fri, Aug 21, 1998 at 01:42:47PM -0500, Aaron Goldblatt put this into my mailbox:
Imposing security measures or performance enhancement tricks after initial implementation is a huge imposition on any company's technical support staff, and frequently serves more as a customer irritant than anything else. I remember having to assist flash.net customers with reconfigurating their POP3 and SMTP clients when that provider went to a round-robin load-balancing mail server system. It was ... painful.
"Well this is how we've always done it" isn't an excuse for sticking with a boneheaded configuration. Yes, changing configurations is painful. Yes, customers will bitch and whine and wail "But I'm not a computer person!" Yes, support staff will have to walk customers through reconfiguring their Endora and explaining why they need this STMP thing anyway. I've been doing it all summer at work. One extremely simple fix that the UUnet folks appear not to have stumbled upon is to firewall outgoing connections on port 25 to any hosts other than a specific list of earthlink, MSN, &etc mail hosts. This would only require reconfiguration on the part of the particularly obstinate customers who didn't follow the directions properly in the first place, and would for the most part kill off the relay hijacking that goes on from those networks. Last - all these companies don't seem to understand that implementing these fixes and dealing with the complaints in the short run will let them cut down their abuse staff in the long run, because they won't have 500,000 e-mails to deal with every day. It's cheaper to fix it right, folks. But this is getting to be off-topic, so I'll stop here. I'd suggest taking it to inet-access or somesuch, but I'm not on those lists and don't know what's appropriate for them. -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) "And I would've gotten away with it, if Founder, the DALnet IRC Network it hadn't been for you meddling kids!" e-mail: dalvenjah@dal.net WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/
else. I remember having to assist flash.net customers with reconfigurating their POP3 and SMTP clients when that provider went to a round-robin load-balancing mail server system. It was ... painful. "Well this is how we've always done it" isn't an excuse for sticking with a boneheaded configuration. Yes, changing configurations is painful. Yes, customers will bitch and whine and wail "But I'm not a computer person!" Yes, support staff will have to walk customers through reconfiguring their Endora and explaining why they need this STMP thing anyway. I've been doing it all summer at work.
Of course it's a boneheaded way to run an Internet business, if you plan to be a decent Netizen. But consider: Companies like flash.net, earthlink.net, mindspring.com, uu.net, etc., all exist for a single purpose: to make money. It is -costly- to fix broken configurations that have a direct impact on customers. You have to pay the support personnel to wade through the email and handle the calls. You may have to pay for the calls if you're dumb enough to have an 800 number for support. You may additionally have to pay the 800 bill for your customers calling your sales department 'cause they can't get through to the support department because the lines are so clogged. And you may lose customers, which costs money. Or you can continue to allow people to spam, which doesn't cost anything in any quantifiable manner, and annoys your support staff a whole lot less. Mind you, I'm all for doing the responsible thing. But I understand the bottom line concerns that sometimes prevent it. ag
At 09:54 AM 8/24/98 -0500, you wrote:
Or you can continue to allow people to spam, which doesn't cost anything in any quantifiable manner, and annoys your support staff a whole lot less.
Mind you, I'm all for doing the responsible thing. But I understand the bottom line concerns that sometimes prevent it.
I agree with you about their reasoning behind not solving the problem. Consider though how upset tech support will be when they start receiving calls... "What's this 'RBL' thing I keep hearing about whenever I try to send mail anywhere?" If a company like Earthlink sees the two options - paying tech support to fix mail software or paying tech support to answer RBL questions, and willfully chooses RBL questions, then they are getting what they deserve, because either way, they're going to get calls on the topic that need answers. And from a corporate perspective, they should be approaching it from the "You need to fix your e-mail like this because Earthlink is trying to be a responsible member of the Internet", as opposed to "You got that message because your ISP (us) has been blacklisted by the net for being a spamhaven." My $0.02 worth, everyone's mileage will, I am certain, vary. D
On 08/24/98, Aaron Goldblatt <aglists@trantortech.com> wrote:
Or you can continue to allow people to spam, which doesn't cost anything in any quantifiable manner, and annoys your support staff a whole lot less.
...in the short term. But in the long term, people stop accepting mail from you, which costs even more. Talk to AGIS or ACSI (now eSpire) for first-hand accounts of how bad it can get when you piss off (or allow your customers to piss off) millions of people. -- J.D. Falk <jdfalk@cp.net> Are you RFC 527 compliant? Special Agent In Charge (Abuse Issues) Critical Path, Inc.
On Mon, 24 Aug 1998, Aaron Goldblatt wrote:
Of course it's a boneheaded way to run an Internet business, if you plan to be a decent Netizen. But consider: Companies like flash.net, earthlink.net, mindspring.com, uu.net, etc., all exist for a single purpose: to make money. It is -costly- to fix broken configurations that have a direct impact on customers.
I think we do an extremely good job of making sure our configurations are not broken in any way that would make us a bad Netizen. If you believe otherwise and have already tried going through normal channels (abuse@mindspring.net or hostmaster@mindspring.net for example) and haven't gotten satisfactory resolution, please don't hesitate to let me know. We really do take our Core Values and Beliefs (http://www.mindspring.com/aboutms/core.html) seriously, and they don't just apply to direct customers.
You have to pay the support personnel to wade through the email and handle the calls. You may have to pay for he calls if you're dumb enough to have an 800 number for support.
There's no surviving in this business without it. The customers demand it. It's just a cost of doing business.
Or you can continue to allow people to spam, which doesn't cost anything in any quantifiable manner, and annoys your support staff a whole lot less.
And makes you look really bad to your peers, who, in this line of business are also your customers and suppliers. Brandon Ross Network Engineering 404-815-0770 800-719-4664 Director, Network Engineering, MindSpring Ent., Inc. info@mindspring.com ICQ: 2269442 Stop Smurf attacks! Configure your router interfaces to block directed broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.
Thus spake Aaron Goldblatt <aglists@trantortech.com> on Mon, Aug 24, 1998:
Of course it's a boneheaded way to run an Internet business, if you plan to be a decent Netizen. But consider: Companies like flash.net, earthlink.net, mindspring.com, uu.net, etc., all exist for a single purpose: to make money.
Once again, capitalists bashing capitalism. Some day people will learn you don't have to screw people to make money.
It is -costly- to fix broken configurations that have a direct impact on customers. You have to pay the support personnel to wade through the email and handle the calls. You may have to pay for the calls if you're dumb enough to have an 800 number for support.
This perplexes me. MindSpring is currently the only dialup ISP to be turning a profit, and we couldn't have done it without an 800 number for support plus a support staff that's sharp enough to fix customer config problems quickly. Yes, we pay a lot in 800 bills, but we also get a return on that investment. Our support department actually generates income for us because they treat the customer well enough to send us referrals. If you treat your customers better than the other guys to the point that the customers notice, you *can* make money.
You may additionally have to pay the 800 bill for your customers calling your sales department 'cause they can't get through to the support department because the lines are so clogged. And you may lose customers, which costs money.
Certainly does, so we hire people who can fix the problems fast enough not to clog the lines. Not to mention the PBX voice prompts which keep lots of support issues out of the sales lines and vice versa.
Or you can continue to allow people to spam, which doesn't cost anything in any quantifiable manner, and annoys your support staff a whole lot less.
We have very stringent anti-spam policies. It is in our interest to get rid of customers who abuse our network, and we do. We've also laid out lots of capital to block incoming spam, so we are familiar with the costs.
Mind you, I'm all for doing the responsible thing. But I understand the bottom line concerns that sometimes prevent it.
Again, it's in the bottom line interest to do the responsible thing. -- John Butler, Network Engineer, Mindspring Enterprises Network Services
On Tue, Aug 25, 1998 at 10:43:46AM -0400, John Butler wrote:
This perplexes me. MindSpring is currently the only dialup ISP to be turning a profit,
Wow.. I've got to tell some people that they've been misreading their numbers for the past couple of years. -- Christopher Masto Director of Operations NetMonger Communications chris@netmonger.net info@netmonger.net http://www.netmonger.net The problem (and the genius) regarding Microsoft's products is bloat. Microsoft's penchant for producing overweight code is not an accident. It's the business model for the company. ... While [bloatware has] made Bill Gates the world's richest guy, it's made life miserable for people who have to use these computers and expect them to run without crashing or dying. - JOHN DVORAK, PC Magazine
On Fri, 21 Aug 1998, Dalvenjah FoxFire wrote:
One extremely simple fix that the UUnet folks appear not to have stumbled upon is to firewall outgoing connections on port 25 to any hosts other than a specific list of earthlink, MSN, &etc mail hosts. This would only require reconfiguration on the part of the particularly obstinate customers who didn't follow the directions properly in the first place, and would for the most part kill off the relay hijacking that goes on from those networks.
ISPs sell customers a TCP/IP connection to the Internet. To me that means taking my IP datagrams and delivering them to where I address them. I don't see that filtering of outbound traffic is part of such a product, any more than hijacking my connects to port 80 somewhere and plumbing me into a "transparent" web cache is. Why shouldn't dialup users run MTAs that do "proper" delivery? On the other hand, I would fully support anyone's right to filter connections from my dialin user pool addresses if they felt that they needed to do that. I would, in my personal opinion, be happy to provide such a person with my IP pool address ranges, or info on the domain names we use for that (which are easy to deduce, anyway?). (Of course, I'd rather persuade this person than my organization deals responsibly with spammers - but no doubt I'd be unable to persuade some) If enough people refused to take mail from my pool addresses then I guess my customers will be duly "encouraged" to use the provided relays. (Most do anyway, of course) If only a few refuse to take the mail then most deliveries still work fine directly; and those few feel happy that they are "protected". Doesn't this arrangement make sense? Regards, Steve Davies Operations, UUNET UK (Who is in the UUNET group but does not influence policy for UUNET US)
On Sat, 22 Aug 1998, Steve Davies wrote:
ISPs sell customers a TCP/IP connection to the Internet.
Not necessarily. A number of ISPs on this side of the pond are starting to make a booming business out of selling "filtered internet"; essentially server-side filtering of web content. ISPs sell customers whatever it is they choose to sell them. The customer, as well, has the option of shopping around for the service they're looking for. If you, as a customer, are violently opposed to your ISP filtering you, then you have the choices of switching to an ISP that serves your needs, or getting other customers to try and convince your ISP to change policy.
Why shouldn't dialup users run MTAs that do "proper" delivery?
Nothing wrong with it at all (my home system, at the end of a dialup link, does so). Of course, with an ISP that filters outbound port 25 traffic, you'll want to smarthost everything to the ISP's mail server. Not much different, in the grand scheme of things.
On the other hand, I would fully support anyone's right to filter connections from my dialin user pool addresses if they felt that they needed to do that.
You've just transferred the burden of dealing with your dialup pool to other administrators, instead of dealing with the problem locally. Yes, you may respond quickly to abuse problems, but the fact is that abuse problems will still occur.
Doesn't this arrangement make sense?
Absolutely. So does filtering traffic and spam filtering at your central mail spool to ensure that the problem never happens in the first place. -- -------------------. emarshal at logic.net .--------------------------------- Edward S. Marshall `-----------------------' http://www.logic.net/~emarshal/ Linux labyrinth 2.1.117 #2 SMP Thu Aug 20 21:20:49 CDT 1998 i586 unknown 9:50am up 12:44, 2 users, load average: 0.00, 0.02, 0.00
On Sat, Aug 22, 1998 at 12:34:01AM +0100, Steve Davies wrote:
ISPs sell customers a TCP/IP connection to the Internet. To me that means taking my IP datagrams and delivering them to where I address them. I don't see that filtering of outbound traffic is part of such a product, any more than hijacking my connects to port 80 somewhere and plumbing me into a "transparent" web cache is.
Why shouldn't dialup users run MTAs that do "proper" delivery?
There is a company called TCPS that sends millions of spam messages in direct violation of UUNet's own AUP. They make exclusive use of resellers who lease UUNET dialups. According to UUNet abuse czar John Bradshaw, no fewer than 82 -- *82* -- TCPS-held dialup accounts had been nuked by resellers; this number was given sometime in early August, I think. They keep on getting new accounts with other companies. Now, do you want to ask me that question again... Thought not. Not that I care, I'm putting filters into place on my mail server that block mail from UUNet dialups and relays anyhow. But the answer to your question is, "It would save them a lot of trouble and money as there would be far fewer AUP violations to have to deal with." Besides, what are you defining as "proper delivery"?
On the other hand, I would fully support anyone's right to filter connections from my dialin user pool addresses if they felt that they needed to do that. I would, in my personal opinion, be happy to provide such a person with my IP pool address ranges, or info on the domain names we use for that (which are easy to deduce, anyway?).
Why is it my responsibility to filter users who are breaking your rules? It's UUNet's responsibility to enforce its AUP. It's also UUNet's responsibility to its shareholders to keep costs down and revenues high, and I could argue that preventing dialups from being used to send mail will cut a lot of the costs associated with cleaning up after spammers.
(Of course, I'd rather persuade this person than my organization deals responsibly with spammers - but no doubt I'd be unable to persuade some)
Steve, don't even get me started on this. I've been spammed by UUNet SALES REPS. I think there are people within the company who want to do the right thing, but I doubt the suits care.
If enough people refused to take mail from my pool addresses then I guess my customers will be duly "encouraged" to use the provided relays. (Most do anyway, of course) If only a few refuse to take the mail then most deliveries still work fine directly; and those few feel happy that they are "protected".
Doesn't this arrangement make sense?
Filtering is a good thing. But: UUNet getting up off their butts and finishing what they started WRT net abuse is better. UUNet leases dialups to ISP's. Why can't UUNet figure out a way to ensure that customers of ISP X only use ISP X's mail and news servers? It's NOT OUR RESPONSIBILITY TO POLICE UUNET. IT'S UUNET'S RESPONSIBILITY TO POLICE UUNET.
Regards, Steve Davies Operations, UUNET UK (Who is in the UUNET group but does not influence policy for UUNET US)
Understood... regards ...sjs -- Steve Sobol, Cartel Member #1489 (tinc) Quote of the year: "If Bill [Gates] were tan, buffed and weighed 240 pounds, I bet people would dig IS." - Michael Cohn, COMPUTERWORLD Magazine, 8/3/98.
Steven J. Sobol wrote:
There is a company called TCPS that sends millions of spam messages in direct violation of UUNet's own AUP.
They make exclusive use of resellers who lease UUNET dialups.
According to UUNet abuse czar John Bradshaw, no fewer than 82 -- *82* -- TCPS-held dialup accounts had been nuked by resellers; this number was given sometime in early August, I think. They keep on getting new accounts with other companies.
Since UUNET does not immediately cut off all accounts that come from a reseller because a spammer does, UUNET is _in_ _effect_ telling resellers "that's OK". If UUNET wanted to be proactive about spam, and truly carry out their policy, and do so without filtering SMTP, then they would refuse to sign up all accounts from spammers. But of course reality is that this is not known. Some things _may_ be possible to find this out, such as UUNET demanding the CC numbers used and refusing CC numbers blocked for spamming. But this is only a limited measure as dedicated spammers seem to have an endless supply. I actually got a recorded message on my telephone answering machine on an offer how I could make money by using a computer that they actually will supply to me to "distribute marketing material". Gee, I wonder how this works. They were actually promoting this offer with the addition of "and you do not even need to speak good English". I wonder how many people are going to become pawns in this cat and mouse game.
Not that I care, I'm putting filters into place on my mail server that block mail from UUNet dialups and relays anyhow. But the answer to your question is, "It would save them a lot of trouble and money as there would be far fewer AUP violations to have to deal with."
Actually not. UUNET, like many others, simply assign very limited resources to deal with the spam complains. They do not answer complains personally. Before I put filters in, I did answer every complaint personally, that asked for a response and did not make illegal threats. I was very motivated to get those filters in place. UUNET is not motivated because spam complaints actually make very little impact on their bottom line. We have to make that change, and the only way I see for that to happen is convince customers to leave their service and move to another.
Steve, don't even get me started on this. I've been spammed by UUNet SALES REPS.
UUNET, like any business, has numerous policies that cover matters from what customers are allowed to do and what services are to how operations and other divisions of the company operate. Having a policy that spells out that spam is a bad thing is inconsist in a policy set if there is no corresponding policy that requires operations to take reasonable and practical steps to prevent the policies from being violated in the first place.
I think there are people within the company who want to do the right thing, but I doubt the suits care.
They won't care until the bottom line starts shrinking. And then they have to figure out for themselves _WHY_ it is shrinking (since they are most likely not actually going to listen to the technical advice of their hired staff). And the suits don't read this e-mail. -- Phil Howard | a6b7c5d0@spam3mer.edu a1b3c2d6@noplace9.org end9ads6@anywhere.org phil | eat02me8@dumbads3.com no03ads5@s3p5a9m5.edu suck7it0@anywhere.net at | stop1it6@anywhere.com ads7suck@dumbads4.edu stop4096@no16ads6.net ipal | end2it64@spammer0.org crash341@s3p5a0m5.edu ads9suck@anywhere.org dot | eat6this@dumbads1.net stop4it5@noplace0.com no68ads2@nowhere4.com net | stop3it9@anywhere.edu suck8it6@no4place.org suck6it9@spammer2.net
On Tue, Aug 25, 1998 at 09:20:24PM -0500, Phil Howard wrote:
Since UUNET does not immediately cut off all accounts that come from a reseller because a spammer does, UUNET is _in_ _effect_ telling resellers "that's OK".
Huh? because a spammer does what? Hm. UUNet may not - probably doesn't - have the technical ability to get into Reseller X's server and disable the customer's account. I am assuming here, and Steve Davies can correct me if needed -- I am assuming that UUNet access servers refer back to the ISP's authentication servers (RADIUS, TACACS or the like) to verify login and password information. I am further assuming that UUNet does not have the necessary administrative access to its resellers networks and computers to disable the account.
If UUNET wanted to be proactive about spam, and truly carry out their policy, and do so without filtering SMTP, then they would refuse to sign up all accounts from spammers.
UUNet doesn't do retail dialup accounts, Phil. When a spammer signs up for dialup access via UUNet, it's through Earthlink or MSN or another UUNet reseller.
Some things _may_ be possible to find this out, such as UUNET demanding the CC numbers used and refusing CC numbers blocked for spamming. But this is only a limited measure as dedicated spammers seem to have an endless supply.
This is something that has to be done by the ISP's, not UUNet. And passing around credit card information can cause a huge amount of legal trouble. The solution is for UUNet to prevent SMTP connections directly from its dialups. -- Steve Sobol, Cartel Member #1489 (tinc) Quote of the year: "If Bill [Gates] were tan, buffed and weighed 240 pounds, I bet people would dig IS." - Michael Cohn, COMPUTERWORLD Magazine, 8/3/98.
Steve Davies wrote:
On Fri, 21 Aug 1998, Dalvenjah FoxFire wrote:
One extremely simple fix that the UUnet folks appear not to have stumbled upon is to firewall outgoing connections on port 25 to any hosts other than a specific list of earthlink, MSN, &etc mail hosts. This would only require reconfiguration on the part of the particularly obstinate customers who didn't follow the directions properly in the first place, and would for the most part kill off the relay hijacking that goes on from those networks.
FWIW, I block port 25 on all my dialups, except to my own mail servers. Only 2 customers complained. One was actually a mail-only customer who dialed another small ISP in another state. We assisted him in changing his configuration to using the mail server at his dialup ISP. The other was roaming to numerous ISPs and was a more complicated case.
ISPs sell customers a TCP/IP connection to the Internet. To me that means taking my IP datagrams and delivering them to where I address them. I don't see that filtering of outbound traffic is part of such a product, any more than hijacking my connects to port 80 somewhere and plumbing me into a "transparent" web cache is.
Not all ISPs do that. Some sell a limited service consisting of a subset of the entire scope of possible IP packets. Of course there are also many that sell IP "wide open". You can take your pick. I elect to offer just those services which offer what I feel to be the best combination of what most of my customers want, and what allows me to continue to offer these services to all customers. Those "services" that result in my staff having to deal with huge volumes of complaints, denial of service attacks, and being filtered by other ISPs, I simply do not offer.
On the other hand, I would fully support anyone's right to filter connections from my dialin user pool addresses if they felt that they needed to do that. I would, in my personal opinion, be happy to provide such a person with my IP pool address ranges, or info on the domain names we use for that (which are easy to deduce, anyway?).
I won't need to take advantage of your offer since my mail servers are not open for relaying. If I or my customers receive spam from your customers, it will either be delivered the correct way, or be delivered via a direct connection on port 25 to a mail server that is open for relaying. My main goal is to block the spam using the latter method since it predominates. But in the course of discovering all the little poorly administered mail servers that can be used as relays, I and my customers will have to endure tons of spam, and I will get less real work done.
(Of course, I'd rather persuade this person than my organization deals responsibly with spammers - but no doubt I'd be unable to persuade some)
Most spam is sent using the "hit and run" method. Cancelling the account is pointless, as it probably won't be used again. Putting a stop on the CC number from getting further accounts may help some, but they can use other numbers, or the numbers may be stolen, or they just go to other ISPs. IMHO, if you want to prevent spam from being sent by your customers, that is, if you do _not_ offer this as a service, then you need to block it. If you do not block it, then IMHO, you are offering it (whether for pay or for free).
If enough people refused to take mail from my pool addresses then I guess my customers will be duly "encouraged" to use the provided relays. (Most do anyway, of course) If only a few refuse to take the mail then most deliveries still work fine directly; and those few feel happy that they are "protected".
The majority of mail servers are run by small businesses with little to no average technical knowledge, and rarely do much to deal with it, especially since most spam software distributes the load rather evenly so no one server gets hit too hard. Getting this _large_ number of servers to clean up their act is difficult at best due to these large numbers, and the constant arrival of more servers. Unlike mail servers, the greatest growth in dialup is large providers like UUNET. The technical knowledge
Doesn't this arrangement make sense?
It makes sense, but it is not practical. I have not yet added mail filtering that allows me to scan every "Received" header for any mention of known dialup spam sources. If/when I do, UUNET will be one of the early ones I will have to add (depending on the growth rate of spam). The worst source I see this month is ATT Canada, not UUNET. What does UUNET do to _prevent_ spam originating from people so bent on sending it that they will disregard the policy and proceed to send spam anyway, if the service of connecting to any port 25 is offered to them? It's not good enough to cancel an account that has already been sacrified by the "customer". They don't pay and you don't get any money, but then you don't lose anything, either.
Regards, Steve Davies Operations, UUNET UK (Who is in the UUNET group but does not influence policy for UUNET US)
What we are trying to do is to influence policy, not just for UUNET anywhere, but all others. Influencing spammers themselves is not going to work. So someone else has to be influenced. We're going to choose who to influece based on what appears to be the most practical course to the desired end result. Much talk is about network peering. We generally don't think about it this way, but e-mail is a form of peering, too. Any it is getting to look like more and more of us will have to suspend such peering in certain cases. We will want to influence your good paying customers to switch to whatever of your competition discovers that they can gain these customers by applying the kind of filtering mentioned early on, blocking port 25 access. -- Phil Howard | stop3849@s1p1a1m9.edu stop0ads@nowhere3.net eat27me9@no43ads5.net phil | crash410@no02ads6.net suck3it6@dumb7ads.net suck8it8@no39ads3.org at | end8it33@anyplace.com ads5suck@dumbads5.com end9ads3@no45ads2.com ipal | w9x2y9z0@no25ads3.net stop9it6@anyplace.org eat17me0@spam5mer.edu dot | no7spam4@dumbads9.edu eat56me6@no3place.com end5ads2@dumbads4.edu net | stop3710@noplace7.com die9spam@no7where.com eat24me3@spammer0.com
On Sat, 22 Aug 1998, Steve Davies wrote:
ISPs sell customers a TCP/IP connection to the Internet. To me that means taking my IP datagrams and delivering them to where I address them. I don't see that filtering of outbound traffic is part of such a product,
Fair enough.
On the other hand, I would fully support anyone's right to filter connections from my dialin user pool addresses if they felt that they needed to do that. I would, in my personal opinion, be happy to provide such a person with my IP pool address ranges, or info on the domain names we use for that (which are easy to deduce, anyway?).
This is what we do here. Our MTA returns "We dont' accept mail from dialup ports" to the senders. As long as uunet maps their dialups into subdomains, it's no problem.
(Of course, I'd rather persuade this person than my organization deals responsibly with spammers - but no doubt I'd be unable to persuade some)
This is the heart of the problem in the US. The practice of renting dialup to other providers is not a problem as long as the people who OWN the equipment do not disclaim responsibility for it's use. What is happening in the US is that a spammer (typically) will get on some service which uses UUnet equipment and start spamming on a Friday night. You send a complaint to UUnet and get a robotic response, but the spammer will continue on until Monday at least, when UUnet's customer shuts him off. This is unacceptable. UUnet's US abuse department has claimed that such spammers are not their customers, so they are not responsible for what the spammer does while using their equipment, and so UUnet is violating it's own AUP. This leads to a bad, bad, place. What if the abuser were a smurfer or a ping-flooder instead of a spammer? Right now, UUnet in the US is the main source of spam on the internet, and this is due to UUnet's irresponsible policy. US spammers have found that it is cost-effective to get an account from an access reseller which uses UUnet hardware, and spam for up to a week before action is taken against them. You can send a million spams for the cost of one entry-level dialup account. They do this repeatedly, as evidenced by a single spammer using an NYC uunet pop for at least two months now. This has to be fixed to make spamming more expensive. Shut off the spammer as soon as complaints come in, and then forward the whole mess -- Spams, complaints, logs -- To the reseller and let them sort it out AFTER the spammer's access is removed. Bill <postmaster@iconn.net>
Bill Becker wrote:
On Sat, 22 Aug 1998, Steve Davies wrote:
ISPs sell customers a TCP/IP connection to the Internet. To me that means taking my IP datagrams and delivering them to where I address them. I don't see that filtering of outbound traffic is part of such a product,
Fair enough.
Depends on the ISP. We not NOT offer total IP access on our dialup accounts. We reserve the right to restrict and filter any IP packets that do not conform with the services we offer. These include: 1. IP packets addressed with a source address other than the address assigned to the dialup connection 2. IP packets addressed to a known LAN broadcast address 3. IP packets addressed to multicast addresses 4. IP packets addressed to private addresses other than those we offer to our customers 5. IP packets targeted to deny or disrupt service to us or anyone else 6. IP packets transmitted for the purpose of committing a crime or to otherwise gain illegal entry or access 7. IP packets addressed to port 25 of any SMTP other than the SMTP servers we offer. 8. IP packets received from services known to cause harm, or support the causing of harm, to our services and to our customers. We also reserve the right to withdraw any other services at any time, and without notification to customers that have not notified us that they are using that service, where such withdrawal of service is in the best interests of our total overall service offering. -- Phil Howard | w8x1y9z5@dumb1ads.net die4spam@spammer4.edu end7it83@dumb5ads.com phil | end0ads6@no02ads4.org a5b0c9d6@no2where.com stop5it7@no82ads3.com at | w5x9y5z7@noplace7.org stop9510@no4place.com die3spam@lame0ads.org ipal | ads3suck@nowhere3.edu suck7it7@nowhere9.com stop4000@no6where.com dot | no17ads2@lame0ads.com no5spam5@nowhere2.org blow5me9@no0where.net net | eat54me1@nowhere4.net crash951@no7where.com stop4618@spam5mer.org
Bill Becker wrote:
Right now, UUnet in the US is the main source of spam on the internet, and this is due to UUnet's irresponsible policy. US spammers have found that it is cost-effective to get an account from an access reseller which uses UUnet hardware, and spam for up to a week before action is taken against them. You can send a million spams for the cost of one entry-level dialup account. They do this repeatedly, as evidenced by a single spammer using an NYC uunet pop for at least two months now.
I don't think this is an indictment of the whole Internet, more how UUnet gets around to applying their AUP, therefore, ....
This has to be fixed to make spamming more expensive. Shut off the spammer as soon as complaints come in, and then forward the whole mess -- Spams, complaints, logs -- To the reseller and let them sort it out AFTER the spammer's access is removed.
.... I think this is a little too draconian for my taste. A little investigation might be in order, so we satisfy ourselves that the accused is guilty before we cut them off. Spammers: Shut 'em off and let God sort 'em out! >;) -Steve
participants (19)
-
Aaron Goldblatt
-
Adam D. McKenna
-
Bill Becker
-
Brandon Ross
-
Christopher Masto
-
Dalvenjah FoxFire
-
Derek Balling
-
EarthLink Information Security
-
Edward S. Marshall
-
J.D. Falk
-
jamie@dilbert.ais.net
-
John Butler
-
Phil Howard
-
Roy
-
Sam Hayes Merritt, III
-
Steve Carter
-
Steve Davies
-
Steven J. Sobol
-
Wayne