Re: Now the idiots at ORBS are probing random dial-ups
On Mon, Aug 21, 2000 at 11:22:13PM -0700, Keith Woodworth wrote:
On Mon, 21 Aug 2000, John Payne wrote:
What trouble does MAPS cause? RSS and DUL are blocking quite a bit of spam for *me*. Dunno how much the RBL is blocking... 'cos I'm behind a BGP feed.
I find that RBL does not really block all that much overall. We dont use RSS or DUL here. Though one fellow posted a link to his stats on inet-access to his mail stats as graphed by RRDTool/Cricket. Shows most of the mail tagged as spam is blocked via RSS.
Don't forget - the main purpose of the RBL is not to block spam... its to educate spam(mers| friendly networks). If the RBL is blocking lots of mail, then its failed its primary purpose. -- John Payne http://www.sackheads.org/jpayne/ john@sackheads.org http://www.sackheads.org/uce/ Fax: +44 870 0547954 340% tax? http://www.boycott-the-pumps.com/
On August 21, 2000 at 23:52 john@sackheads.org (John Payne) wrote:
Don't forget - the main purpose of the RBL is not to block spam... its to educate spam(mers| friendly networks). If the RBL is blocking lots of mail, then its failed its primary purpose.
The problem is, other than hassling the honest this approach just doesn't work. I currently measure around 1,000 open relays PER DAY being used against us by spammers. The problem is several orders of magnitude larger than anything like MAPS' approach can hope to make a dent in. It's like trying to stop the west nile virus with a flyswatter. Showing the occasional dead mosquito doesn't quite prove the method is working. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
----- Original Message ----- From: "Barry Shein" <bzs@world.std.com> To: "John Payne" <john@sackheads.org> Cc: "Keith Woodworth" <kwoody@citytel.net>; <nanog@merit.edu> Sent: Tuesday, August 22, 2000 2:37 PM Subject: Re: Now the idiots at ORBS are probing random dial-ups
The problem is, other than hassling the honest this approach just doesn't work.
I currently measure around 1,000 open relays PER DAY being used against us by spammers.
The problem is several orders of magnitude larger than anything like MAPS' approach can hope to make a dent in. It's like trying to stop the west nile virus with a flyswatter. Showing the occasional dead mosquito doesn't quite prove the method is working.
It does however, prove that there is one less mosquitoe that could transmit it. The simple fact is, MAPS (I don't count ORBS based on numerous complaints that have long since passed through this forum multiple times) is _TRYING_ to do something about it. Think about how bad it might well be if they weren't out there working on the problem instead of sitting on the sidelines bitching like some folks. Bottom line, you can piss moan and whine all you want, but in this particular case, the old adage of 'if you're not part of the solution, you're part of the problen' holds terribly true. A failure to recognize the problems created by open relays run by your customers (or anyone else's for that matter) is just about inconvience for a few people but inconvience for thousands of people. I don't measure traffic, I don't read statistics as a rule, and I have a tendency to disbelieve people spouting numbers claiming them as truth. That being said, if I were to use my own personal mailbox as a gauge of just how much spam transits my own networks on a daily basis, well, I'd guess I could cut an easy 5mb/sec off my usage. This in and of itself is a miniscule amount of data to my network, however, to individual people, this is a signficant amount, to small mom & pop shops, thats a LOT of data. For those who have to pay per minute connection charges, that equates to a lot of wasted time and money. Bitch if you will Mr. Shein, but in a long term view, I'd rather see a few of your customers be inconvienced because you didn't do the right thing by shutting down open relays which smarthost through your mail servers than have to filter/delete another 4 pieces of spam out of my mailbox, and that sir, is what it really boils down to.
If you wish to speak in the company of engineers and technical professionals then when asked for measurables, for numbers, facts, figures, you either attempt to present some, or acknowledge you have little to add with your subjective impressions and speculations and realize that the utility of such ramblings is probably quite limited. Around 500-1,000 different relays per day pumping spam with impunity. I can give you today's list if you like, I just sent the list to Paul Vixie for perusal as part of a side discussion we were having on this topic. It doesn't change in magnitude much day to day, and I cannot see any measurement here which indicates these self-annointed anti-spam projects which mostly focus on the honest do any good. I'd be happy to be proven wrong. I think it was John McCarthy, the Stanford professor, who used to say "Those who will not do arithmetic are doomed to speak nonsense". But you can usually tell when people really haven't anything but what they want to believe in hand, they get increasingly verbally volatile when mere facts, numbers, would settle the matter. -b On August 22, 2000 at 14:49 brett.hawn@rcn.com (Brett L. Hawn) wrote:
----- Original Message ----- From: "Barry Shein" <bzs@world.std.com> To: "John Payne" <john@sackheads.org> Cc: "Keith Woodworth" <kwoody@citytel.net>; <nanog@merit.edu> Sent: Tuesday, August 22, 2000 2:37 PM Subject: Re: Now the idiots at ORBS are probing random dial-ups
The problem is, other than hassling the honest this approach just doesn't work.
I currently measure around 1,000 open relays PER DAY being used against us by spammers.
The problem is several orders of magnitude larger than anything like MAPS' approach can hope to make a dent in. It's like trying to stop the west nile virus with a flyswatter. Showing the occasional dead mosquito doesn't quite prove the method is working.
It does however, prove that there is one less mosquitoe that could transmit it. The simple fact is, MAPS (I don't count ORBS based on numerous complaints that have long since passed through this forum multiple times) is _TRYING_ to do something about it. Think about how bad it might well be if they weren't out there working on the problem instead of sitting on the sidelines bitching like some folks. Bottom line, you can piss moan and whine all you want, but in this particular case, the old adage of 'if you're not part of the solution, you're part of the problen' holds terribly true.
A failure to recognize the problems created by open relays run by your customers (or anyone else's for that matter) is just about inconvience for a few people but inconvience for thousands of people. I don't measure traffic, I don't read statistics as a rule, and I have a tendency to disbelieve people spouting numbers claiming them as truth. That being said, if I were to use my own personal mailbox as a gauge of just how much spam transits my own networks on a daily basis, well, I'd guess I could cut an easy 5mb/sec off my usage. This in and of itself is a miniscule amount of data to my network, however, to individual people, this is a signficant amount, to small mom & pop shops, thats a LOT of data. For those who have to pay per minute connection charges, that equates to a lot of wasted time and money.
Bitch if you will Mr. Shein, but in a long term view, I'd rather see a few of your customers be inconvienced because you didn't do the right thing by shutting down open relays which smarthost through your mail servers than have to filter/delete another 4 pieces of spam out of my mailbox, and that sir, is what it really boils down to.
On Tue, Aug 22, 2000 at 02:37:01PM -0400, Barry Shein wrote:
On August 21, 2000 at 23:52 john@sackheads.org (John Payne) wrote:
Don't forget - the main purpose of the RBL is not to block spam... its to educate spam(mers| friendly networks). If the RBL is blocking lots of mail, then its failed its primary purpose.
The problem is, other than hassling the honest this approach just doesn't work.
Sure it does. Who's being hassled in your universe?
I currently measure around 1,000 open relays PER DAY being used against us by spammers.
And if you report them to RSS and use the RSS zone (note that RSS != ORBS) then thats 1,000 open relays fewer you and the rest of us have to worry about.
The problem is several orders of magnitude larger than anything like MAPS' approach can hope to make a dent in. It's like trying to stop the west nile virus with a flyswatter. Showing the occasional dead mosquito doesn't quite prove the method is working.
I disagree. The combination of DUL and RSS to stop the direct-to-MX and relay abusers, and RBL to stop/educate the dedicated spamhouse can and does work, and will only work better with more people following the guidelines and submitting open relays to RSS, dialup blocks to DUL and nominating to the RBL. -- John Payne http://www.sackheads.org/jpayne/ john@sackheads.org http://www.sackheads.org/uce/ Fax: +44 870 0547954 340% tax? http://www.boycott-the-pumps.com/
On Tue, Aug 22, 2000 at 02:37:01PM -0400, Barry Shein wrote:
The problem is, other than hassling the honest this approach just doesn't work.
I currently measure around 1,000 open relays PER DAY being used against us by spammers.
Remember, folks, MAPS are ORBS don't exist to stop spam; they exist to cut down on the number of open relays, and thus make it: 1) More expensive to spam. 2) Easier to track spammers. Any discussion of their effectiveness should take these goals into account.
participants (4)
-
Barry Shein
-
Brett L. Hawn
-
John Payne
-
Shawn McMahon