Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam

ISPs That Actively Combat SPAM? 45

Posted by Cliff from the I-miss-my-inbox dept.
The Llama King asks: "Like a good netizen, I do my part to report spam. But most Internet providers merely respond with a canned e-mail and it's hard to tell whether action was taken - or when. I know a lot of abuse desks are overwhelmed and spammers can get a free ride if they pick their targets carefully. Occasionally I'll get a personalized response, and even notification that a spammer's access and/or Web site has been nuked - but that's rare, and seems to be getting rarer. What ISPs are best at responding to spam complaints in a timely fashion, both in terms of killing e-mail accounts and shutting down sites that have been spamvertised?"
This discussion has been archived. No new comments can be posted.

ISPs That Actively Combat SPAM? More

ISPs That Actively Combat SPAM?

Comments Filter:

  • AOL (Score:3, Funny)

    by alpert ( 651442 ) on Tuesday February 18, 2003 @03:54PM (#5328060)
    Why, AOL of course!

  • two of the biggest hosters/isps in germany do (Score:4, Informative)

    by collin.m ( 207384 ) on Tuesday February 18, 2003 @04:01PM (#5328118) Homepage
    Schlund+Partner AG and 1&1 Internet AG, they have build a nice testing system and operate a hugh blacklist (sadly non public) here is the link [kundenserver.de]
    • I can only agree to this. They are doing a great job to keep both inboxes and their hosts spam and spammer free.

      Alex
    • Quatsch!! I would have to disagree about Schlund+Partner AG. They are not doing a very good job at filtering spam although i must admit 6 months ago it was a complete nightmare because all of their SMTP servers were open relays and they were all blacklisted. It was impossible to run a business due to every single email being sent back because the Schlund servers were blacklisted. There has been a bit of improvement since they finally set up a SMTP server requiring SMTP AUTH. But the amount of spam getting through is crazy. The fews times I have talked to them on the phone concerning the problem they were very rude and basically said they don't care. Emails and questions concerning the spam problem and any other problems are rarely returned with other than a form letter. If they do reply it's usually rude, short and worded to make it seem like it's my fault. Typical German Customer Service i.e. none. We're looking for another ISP but it's pretty slim pickins over here.

  • I used to do that (Score:2, Interesting)

    by PD ( 9577 )
    But complaining about spam is like pissing on a forest fire. I've accepted reality and now I just filter it with Spam Probe. The only way spam will stop is with a law and hefty fines.
    • I like to piss on the people who are feeding the forest fire. For this, the bitch list [bitch-list.net] comes in handy.

      For those that deserve a bitch listing but don't have one yet, a search for 'ispname "bitch list"' on Google groups often produces a nice list [google.com].

      It's also fun (maybe not effective, but fun) to add addresses of spam ISP admins to the footer of all your posts :).

  • Ironic (Score:3, Interesting)

    by fateswarm ( 590255 ) on Tuesday February 18, 2003 @04:12PM (#5328209) Homepage
    The failure rate of spam filters is still 1 to 5%. This is a fairly large ammount of email if you count how many of these are transfered each day. I don't want any of my personal emails being blocked as spam because that friend of mine used a phrase like "I got that job which pays me really good".

    What we need is

    - better laws concerning internet privacy
    - shutting down of spamming machines
    - getting these spammers understand somehow how much we appreciate their spam and at what extent we read it. That will make them less interested in spam.
    • Economics will be the driving force to end or deter Spam. You will get what you pay for. Some enterprising ISP will find ways to deter or end Spam and will get a fee for that service. Spam has been essentially non-existent through two ISP providers that I have used. (NOT AOL, or other free email sites). Certain laws may help, but you may not want to live with the outcome if the government get involved. Remember, its the governments system that discounts bulk mailing to your door of advertising (spam) and charges you 37 cents to send a personnel message. Government solutions will also have a life of their own and may involve national firewalls, etc. that will cost money and be of most benefit to organizations that can fund lobbyists.

      Be careful what you ask for.

  • Admins seem to be lazy (slightly OT) (Score:4, Informative)

    by Deagol ( 323173 ) on Tuesday February 18, 2003 @04:16PM (#5328241) Homepage
    I recently installed postfix for our domains and started rejecting IPs without a hostname (reject_unknown_client). Spam getting through dropped to a trickle, the reject-to-accept ratio being about 3:1, or about 1000 rejects a day. Unfortunately, there are many mis-configured sites out there, so some legit email was being denied.

    One would think that the remote sender would complain to their mail admin first and they would get it fixed (distributed debugging, if you will). But no, they bitched to the person on my end (even though postfix's default boune messages are pretty self-evident) and then I'd end up adding an exception.

    Initially, I would email {post,host}master@ the offending domain. While some were thankful for the notice, most either ignored me or flat out refused to add a rDNS entry for the mail server. Granted, it's not required by RFC, but in my opinion legit hosts should have DNS entries.

    (And no, I can't just ignore the problem. When the person who writes your paycheck looses email, you're fighting a loosing battle.)

    Actually, I gave up using reject_unknown_client today, except for large domains which are configured correctly (MSN, Hotmail, Microsoft, etc.) and a handful of Asian netblocks.

    So back to the OP... I wouldn't hold out for admins to take care of the spam for you, especially if they're with a company you don't actually work for.

    • Hate DNS.

      One of the unpleasant aftereffects of 9/11 is the flood of computer security consultants on the market. To less-than-competent security folks, reverse DNS is considered to be some sort of security hole.

      I'd expect to run into this at larger corps and government more than in small or midsize companies.

  • My own observations (Score:4, Informative)

    by dacarr ( 562277 ) on Tuesday February 18, 2003 @04:18PM (#5328272) Homepage Journal
    At one time, all of the now big ones - Compu$serve, Earthlink, Netcom - were very active in doing this. Mindspring was also, and I think I have a couple "we killed 'em" messages sitting around. Not anymore though - you're right, it's only canned replies as far as the eye can see.

    These days if I get a response it's from Hotmail. Small ISP's also have the time for this, but small ISP's are small ISP's and tend to not require the manpower of the likes of Speakeasy, Earthlink, etc. for their basic operations - so accordingly when the occasional spammer buys usage on a small ISP, and they disuser him, they can respond to the complaints en masse and say "we got 'im, sorry 'bout that".

    I think the biggest reason for this is owing to the fact that dealing with spam is unto itself a laborious task. I suppose you can set up a filter for the local abuse address to bounce around email pertaining to a specific case, but first you have to identify the case - a filter won't drop in place by itself. Then, when the problem is pinpointed to the user, you have to (in no particular order) eliminate the account (easy enough), kill the user's dialup session if necessary (why get the DSL or the T1 if you know it's going to be killed the second you start spamming?), and block his port 25 access so he can't send mail. Maybe send a little courtesy message saying "All your base are belong to us" to the spammer as you nuke his account, or set his account to download mail precisely once, and he promptly loses his connection after that. After all that's done, then you have to draft up a reply or send a canned message to the complainers.

    In short, you can't win, and it sucks royally.

  • Don't take it personally. (Score:4, Insightful)

    by FreeLinux ( 555387 ) on Tuesday February 18, 2003 @04:19PM (#5328286)
    The fact that you didn't get a response from an ISP when reporting a spammer shouldn't be taken as an afront. Any ISP with a large subscriber base is almost certainly deluged with spam reports and some/many of them are false reports from clueless users. Think of the reports that flood in when the Outlook worm du jor starts filling peoples mailboxes with crap. Think of all the complaints that flood in about real spam, penis enlargement, earn cash now, Nigerian needs help.

    The ISP staff is not capable of answering each message individually. At best they will scan through the reports that they get and act on the ones that they think are legit. But, they have another hundred thousand to process after that so, don't expect a personalized response and, if you're looking for some kind of credit or pat on the back for reporting it, just forget it!

    Most large ISPs today subscribe to inbound RBLs as well as possibly doing some local filtering with the likes of SPAM Assassin. But, they can't be too restrictive in their policies as there are actually people who subscribe to lists and expect mail that any normal person would regard as pure spam. A growing number of ISPs are actually implementing user configurable spam blocking lists so you can set your own rules.

    These same large ISPs usually don't hesitate to act if the spammer is one of their own subscribers. The accounts *are* terminated. But, because of the scope of the problem, it is a thankless and never-ending battle that they trudge through with resentment.

    If you have a *serious* spam problem and *must* get the ISP to act on it, the best way is going to be via telephone but, you will have to work to get past level one tech support.

  • My expericence (Score:2, Interesting)

    by shdragon ( 1797 )
    My personal experience is that IOCom is one of the best in responding to/nuking abusive accounts. They are also very heavy into protecting a customer's privacy (so be prepared to prove abuse, not just random accusations). I have been with them for about 7 years now. I was with them when they were still a BBS that offerred internet access. For a good read into WHY they protect customer's privacy read here [sjgames.com].

  • we try our best (Score:2, Informative)

    by askewview ( 84670 )
    Where I work I do my best to handle every spam complaint properly but due to volume of abuse email at times it can be kind of hard. Most complaints i get end up being miss configured servers. Personally I just run all my spam througha filter that a friend of mine wrote that works great.

  • My experiences with rackspace (Score:3, Informative)

    by yamla ( 136560 ) <chris@@@hypocrite...org> on Tuesday February 18, 2003 @05:07PM (#5328758)
    I noticed about a week ago that more than 90% of my incoming spam was originating with rackspace.com customers. That was more than enough to grab my interest. I complained using spamcop.net, as always, but that didn't do anything. So I personally emailed the appropriate people at rackspace.com. They ignored this. Eventually, I found a 'live chat' function on rackspace's web site and used that to talk to someone. They claimed they'd 'look into it' but my deluge of spam continued. I complained over the next several days and eventually, just blocked all IPs controlled by rackspace.com. I understand it was only a couple of their customers but seeing as they were providing access to known spammers and they simply couldn't be bothered to help me out even a little bit, I didn't feel bad banning all their IP addresses.
    • I've noticed that as well. PhenomINET's just started blocking almost all of rackspace, using their own internal blacklist. The nice part about rackspace is that you can quickly check whois.arin.net to find most of the really annoying netblocks. They might even run their own whois server, which would be better, but I don't know about that.

  • Well... (Score:4, Interesting)

    by Saint Aardvark ( 159009 ) on Tuesday February 18, 2003 @05:08PM (#5328767) Homepage Journal
    I work for a a small ISP [dowco.com]. I took over abuse duties about a year and a half ago.

    It hasn't happened in a while, but any time I got a complaint about a customer spamming that checked out, I cut off the account immediately. This was happening about once a month for a while -- people signing up for throwaway accounts and spamming the hell out of them until they were cut off. One morning I checked my email and found spam that was sent from one of these accounts. I was able to log in, lock the account and kick 'em off our modems. That made me feel good.

    As for responses to complaints: we'd get a lot of complaints when one of these episodes happened (usually through the good offices of SpamCop [spamcop.net], who Truly Rock), and it was impossible to reply individually to each one. I took the initiative and installed Linux (had been W98) so that I could use Mutt, with all the automation that implied, to send canned responses to let people know that someone's listening.

    There are two big reasons for any ISP to respond aggressively to complaints about spam:

    First, it's death to end up on a blacklist. The number of complaints would be astronomical, and if you're not lucky enough to be dealing w/a blacklist with defined ways of getting off it, you're stuck either waiting for people to decide you're honest/have suffered enough, or living with random chunks of email bouncing. Have a look in news.admin.net-abuse.email (I think that's the right group -- check Google) sometime and read the complaints from people who have been blacklisted. There is no sympathy (or at least very little) in that group for anyone who is blacklisted (whether there should be sympathy is another question).

    Second, and arguably more importantly, spam is just plain wrong. There were the comments of the head of an old ISP -- The Well, maybe? -- a while back; he said that for any other entity on the Internet, a DDOS on the scale of spam would be Big News and would result in action. But email, for some reason, just doesn't rate a damn. People are drowning in the stuff, but so are mail servers, and the ISPs that run them, and the admins who take care of them. Check out my journal -- we had to spend $ on getting a new server, plus my time to set it up, just to keep our customer-facing mail server from falling over from the sheer volume of the stuff. That's fucking insane, and the idea of contributing in any degree to someone else's version of that story should make anyone sick to their stomach. It is such a waste of so many resources.

    So for me at least, the moral and economic incentives to take action on spam are huge, but the volume of complaints for any episode usually prevents me from replying personally. I can only imagine what it would be like for someone at AOL or Sprint or what have you. YMMV.

    • Re:Well... (Score:2, Interesting)

      by Anonymous Coward
      It hasn't happened in a while, but any time I got a complaint about a customer spamming that checked out, I cut off the account immediately. This was happening about once a month for a while -- people signing up for throwaway accounts and spamming the hell out of them until they were cut off. One morning I checked my email and found spam that was sent from one of these accounts. I was able to log in, lock the account and kick 'em off our modems. That made me feel good.

      I also work for a small ISP. My solution to minimize spam from our network was to change our mail server config so that it only allowed a small number of recipients (25 or so) per message, and to transparently proxy all SMTP traffic from our dial-up pool to our mail server, then to install an alert whenever the load on the mail server reaches a preset level.

      Reasoning is as follows: if you're sending mail to more than 25 people at one time, you should set up a mailing list (which we'd even assist with, at no charge - much easier than trying to manage something similar with outlook.) The few people who have needed this thought we were wonderful for making their lives easier.

      The second part makes sure that anyone sending spam is forced through our mail server - so we don't have to worry about spammers attempting relay-rape, or to spam directly from the dial-up line.

      The third part limits the amount of damage a spammer can do - if they figure out the RCPT TO: limit, sending large amounts of spam through our server results in my pager going off, which means that I can stop the spam before most of it is sent out (this has happened once - a grand total of 18 spams were sent out before I killed the spammer's account and purged the queue.)
      • What about customers who need to use other SMTP servers? I run several Web sites and have my primary personal e-mail account with a service that is not my personal ISP. I use those SMTP servers all the time, and my own ISP's SMTP server sometimes. If all of my SMTP traffic was forced through my ISP's server, I'd be very upset. When I'm sending mail as "webmaster of example.com," I want to send it through smtp.example.com, not smtp.myisp.net. Just like I wouldn't expect the president of Doohickeys, Inc. to send it through hisisp.net instead of doohickeys.com.

    • Re:Well... (Score:2, Informative)

      by Anonymous Coward
      First, it's death to end up on a blacklist.

      It is only death if you believe the people why run and promote these blacklists. There are some options that the anti-spammers in the newsgroup won't give you. You can send mail thru a smarthost on a non-listed server. You can tell the intended recipient that thier legit email has been blocked by their ISPs filters. You can get a non-listed block from your ISP (A /30 will do) and run your server on that. It is best to deal with the admins that are using the dnsbls than trying to deal with the lists. Working with any of the lists or their supporters is impossible.

  • Are those ISPs vegetarians?

    SPAM is canned meat, while spam is aka UCE.
  • 1. No open relays....
    2. Stop accepting unverified free accounts on things like yahoo, and hotmail.

    Let me expand on this, in my vision the account would be able to accept all the mail it wants, and it would be able to respond to mail it received. However inorder to send cold mails, some verification of the users real existance would need to occur(real world address or something like that). Of course it also wouldn't hurt if sending more than a few address at a time from such accounts were disallowed.
  • my Aunt that forwards me every damn joke she gets. Yes, of course she uses AOL.

    *sigh*

  • Gotta take the George Bush approach to spam (Score:4, Funny)

    by anthony_dipierro ( 543308 ) on Tuesday February 18, 2003 @06:32PM (#5329771) Journal
    We must make no distinction between the spammers who spam us and the ISPs who harbor them. Preemptive strikes must be made upon any ISP responding to spam with a canned e-mail.
  • Why not start off with whitelisting? Add some extension to SMTP that would sign outgoing mail with a domain certificate. Old, noncompliant software could ignore the extension. Newer versions could verify the signature and bypass the spam (message content) filters, but check the domain name against a domain blacklist. Once a domain was found to be a source of spam, it could be added to a domain blacklist (or better yet, request that they get put on the CRL [techtarget.com]!). Eventually, you'd get to the point where you (the mail server admin) would feel comfortable requiring all domains to sign their mail to you.

    How about it, guys [ietf.org]? (I looked, and this [rfc-editor.org] was the closest thing I could find.)
  • The best response I got after complaining about a spammer (from rcn.net):

    The account is now free to extrapolate on the finer points of my
    wastebasket. It was cancelled as of 4/21/00. Have a nice day :)

    Cheers,
    Torquemada

    If only all complaints received this kind of attention.

  • earthlink.net adn attglobal.net (Score:3, Informative)

    by josepha48 ( 13953 ) on Tuesday February 18, 2003 @09:31PM (#5331317) Journal
    both allow you to turn on their spam elimitaion software. I use it it does help, but its not enough IMHO. I like yahoo's block user setup.
  • I run a mail setup that actively scans for viruses and spam for about 30k users. about 60% of our incoming mail is blocked by using spamcop.net, spamhaus.org, and ordb.org.

    I also do the abuse mail box, and we get about 40-50 complaints a day. most of these are clueless grandmas that have no idea what they are doing. some are automated messages about viruses on their corporate lan sent from our network. About once or twice a week, I get an actual problem that I can do something about.

    I can imagine if i had 10x as much work, i would probably not respond to any of it.
  • I don't know much about them except that they're in Ohio, and that's just from going to their site a second ago. But my mailserver received spam from a mailserver on one of their IPs shortly after noon yesterday.

    I fired off a forwarded copy to their "abuse" address at 12:22pm. I received an auto-reply instantaneously, and then at 1:59pm the same day I received the following message from them:

    "We have traced the originator of this spam and have taken action according to bright.net policy. If you should experience further problems, please don't hesitate to let us know."

    Needless to say, I was pretty impressed, both with the blazing fast turnaround, and the fact that I actually got something other than an autoreply from them-- with the big boys, you never feel like anyone is reading your spam reports. It was very nice to hear that my report actually had an impact, and some asshole spammer has been smacked down because of it.

    ~Philly
  • My ISP labels my spam quite accurately by inserting **** SPAM **** in the subject line of all offending messages. It has never marked anything I actually wanted, and what it misses, Mail marks as spam for me (under OS X...). I just set my filter on Mail to delete messages with the *** SPAM *** thingy inserted, so i recieve nearly no spam.

  • Formmail Scans (Score:3, Interesting)

    by Nishi-no-wan ( 146508 ) on Wednesday February 19, 2003 @12:46AM (#5332535) Homepage Journal
    I report formmail scans up the yin yang. 30 a day sometimes. Second notices from the same IP address are rare, third notices rarer. The only North American ISP that I've totally blocked ALL ports at the firewall are two USWest city sub-blocks.

    Second notice offending ISPs include:

    • ATT Canada
    • RR.com
    • WorldCom
    • ATT Net

    I generally block China attacks without sending a notice (because there's no whois information for who to complain to - and abuse@ often bounces). This has proven to kill a LOT of SPAM. The spam houses that proxy off of Chinese servers can't scan my site for addresses, and the SPAM mail servers won't get through. I don't even bother filtering mail on that server as blocking formmail scanners' domains pretty much kills 90% of them.

  • The only time an ISP will really truly care is if an existing paying customer complains that there are spammers on the network they are hosting from.

    This is a very valid complaint. Someone above mentioned they just blacklisted rackspace.com. I wish every rackspace.com would call their account rep. and give them a lot of trouble.

    In fact, I highly recommend that every corporate customer using some sort of ISP for bandwidth or hosting should do some research on spamcop and/or other dnsbl lists and find out what complaints are in the queue. If there are a lot, call up your account rep and threaten to take your business elsewhere because those spammers are hurting your business by potentially getting you blacklisted.
  • I get my email through Cyberus [cyberus.ca]. I used to get about 10 SPAMs a day through them. I know that's technically not that many compared to many other people, but still, it's a hassle.

    A few months ago, they implemented an in-house filtering system they call Clearmail [cyberus.ca]. Anyways, it's pretty slick. I get about 1 SPAM per month that somehow slips by. As an added benefit, they send me one email per week with a list of all the SPAM they think they caught, so I can skim it to make sure no real ones got through. So far, it hasn't caught a single real email, but a couple hundred SPAMs. They also include a Criteria chart for each message so you can see why they thought it was SPAM.

    Anyways, this seems like an ad, but i just think its pretty slick. . . I wish my other email accounts had similar services.
  • I'm currently working for a certain 3-letter ISP (no, not that one. The one that's owned by that one company that we all love to hate) and my supervisor took a great amount of pleasure in having some person's account shut down for "commercial use." I don't know for sure that they were spamming, but the account was shut down after we saw it on a TV commercial that was running here. That was some money well spent for the people running the ad and just having the account shut down as a result...

Slashdot Top Deals

This restaurant was advertising breakfast any time. So I ordered french toast in the renaissance. - Steven Wright, comedian

Close