ISPs That Actively Combat SPAM? 45
The Llama King asks: "Like a good netizen, I do my part to report spam. But most Internet providers merely respond with a canned e-mail and it's hard to tell whether action was taken - or when. I know a lot of abuse desks are overwhelmed and spammers can get a free ride if they pick their targets carefully. Occasionally I'll get a personalized response, and even notification that a spammer's access and/or Web site has been nuked - but that's rare, and seems to be getting rarer. What ISPs are best at responding to spam complaints in a timely fashion, both in terms of killing e-mail accounts and shutting down sites that have been spamvertised?"
AOL (Score:3, Funny)
two of the biggest hosters/isps in germany do (Score:4, Informative)
Re:two of the biggest hosters/isps in germany do (Score:1)
Alex
Re:two of the biggest hosters/isps in germany do (Score:1)
I used to do that (Score:2, Interesting)
Re:I used to do that (Score:1)
For those that deserve a bitch listing but don't have one yet, a search for 'ispname "bitch list"' on Google groups often produces a nice list [google.com].
It's also fun (maybe not effective, but fun) to add addresses of spam ISP admins to the footer of all your posts :).
Ironic (Score:3, Interesting)
What we need is
- better laws concerning internet privacy
- shutting down of spamming machines
- getting these spammers understand somehow how much we appreciate their spam and at what extent we read it. That will make them less interested in spam.
Re:Ironic (Score:1)
Be careful what you ask for.
Admins seem to be lazy (slightly OT) (Score:4, Informative)
One would think that the remote sender would complain to their mail admin first and they would get it fixed (distributed debugging, if you will). But no, they bitched to the person on my end (even though postfix's default boune messages are pretty self-evident) and then I'd end up adding an exception.
Initially, I would email {post,host}master@ the offending domain. While some were thankful for the notice, most either ignored me or flat out refused to add a rDNS entry for the mail server. Granted, it's not required by RFC, but in my opinion legit hosts should have DNS entries.
(And no, I can't just ignore the problem. When the person who writes your paycheck looses email, you're fighting a loosing battle.)
Actually, I gave up using reject_unknown_client today, except for large domains which are configured correctly (MSN, Hotmail, Microsoft, etc.) and a handful of Asian netblocks.
So back to the OP... I wouldn't hold out for admins to take care of the spam for you, especially if they're with a company you don't actually work for.
Re:Admins seem to be lazy (slightly OT) (Score:3, Informative)
I'd wager that if most mail admins knew they could reduce their spam load by 90% by this single config change (assuming there are other MTAs as versatile as postfix), they would do it in a heartbeat.
Your inability to get RDNS entries for your machine is, to be blunt, your problem and not mine. Part of a full-service internet connection includes (or should, if you're paying for it) both halves of DNS service.
"Security" Folks... (Score:2)
One of the unpleasant aftereffects of 9/11 is the flood of computer security consultants on the market. To less-than-competent security folks, reverse DNS is considered to be some sort of security hole.
I'd expect to run into this at larger corps and government more than in small or midsize companies.
My own observations (Score:4, Informative)
These days if I get a response it's from Hotmail. Small ISP's also have the time for this, but small ISP's are small ISP's and tend to not require the manpower of the likes of Speakeasy, Earthlink, etc. for their basic operations - so accordingly when the occasional spammer buys usage on a small ISP, and they disuser him, they can respond to the complaints en masse and say "we got 'im, sorry 'bout that".
I think the biggest reason for this is owing to the fact that dealing with spam is unto itself a laborious task. I suppose you can set up a filter for the local abuse address to bounce around email pertaining to a specific case, but first you have to identify the case - a filter won't drop in place by itself. Then, when the problem is pinpointed to the user, you have to (in no particular order) eliminate the account (easy enough), kill the user's dialup session if necessary (why get the DSL or the T1 if you know it's going to be killed the second you start spamming?), and block his port 25 access so he can't send mail. Maybe send a little courtesy message saying "All your base are belong to us" to the spammer as you nuke his account, or set his account to download mail precisely once, and he promptly loses his connection after that. After all that's done, then you have to draft up a reply or send a canned message to the complainers.
In short, you can't win, and it sucks royally.
Don't take it personally. (Score:4, Insightful)
The ISP staff is not capable of answering each message individually. At best they will scan through the reports that they get and act on the ones that they think are legit. But, they have another hundred thousand to process after that so, don't expect a personalized response and, if you're looking for some kind of credit or pat on the back for reporting it, just forget it!
Most large ISPs today subscribe to inbound RBLs as well as possibly doing some local filtering with the likes of SPAM Assassin. But, they can't be too restrictive in their policies as there are actually people who subscribe to lists and expect mail that any normal person would regard as pure spam. A growing number of ISPs are actually implementing user configurable spam blocking lists so you can set your own rules.
These same large ISPs usually don't hesitate to act if the spammer is one of their own subscribers. The accounts *are* terminated. But, because of the scope of the problem, it is a thankless and never-ending battle that they trudge through with resentment.
If you have a *serious* spam problem and *must* get the ISP to act on it, the best way is going to be via telephone but, you will have to work to get past level one tech support.
Re:Don't take it personally. (Score:2)
Yeah, I'm an optimist.
My expericence (Score:2, Interesting)
we try our best (Score:2, Informative)
My experiences with rackspace (Score:3, Informative)
Re:My experiences with rackspace (Score:1)
Well... (Score:4, Interesting)
It hasn't happened in a while, but any time I got a complaint about a customer spamming that checked out, I cut off the account immediately. This was happening about once a month for a while -- people signing up for throwaway accounts and spamming the hell out of them until they were cut off. One morning I checked my email and found spam that was sent from one of these accounts. I was able to log in, lock the account and kick 'em off our modems. That made me feel good.
As for responses to complaints: we'd get a lot of complaints when one of these episodes happened (usually through the good offices of SpamCop [spamcop.net], who Truly Rock), and it was impossible to reply individually to each one. I took the initiative and installed Linux (had been W98) so that I could use Mutt, with all the automation that implied, to send canned responses to let people know that someone's listening.
There are two big reasons for any ISP to respond aggressively to complaints about spam:
First, it's death to end up on a blacklist. The number of complaints would be astronomical, and if you're not lucky enough to be dealing w/a blacklist with defined ways of getting off it, you're stuck either waiting for people to decide you're honest/have suffered enough, or living with random chunks of email bouncing. Have a look in news.admin.net-abuse.email (I think that's the right group -- check Google) sometime and read the complaints from people who have been blacklisted. There is no sympathy (or at least very little) in that group for anyone who is blacklisted (whether there should be sympathy is another question).
Second, and arguably more importantly, spam is just plain wrong. There were the comments of the head of an old ISP -- The Well, maybe? -- a while back; he said that for any other entity on the Internet, a DDOS on the scale of spam would be Big News and would result in action. But email, for some reason, just doesn't rate a damn. People are drowning in the stuff, but so are mail servers, and the ISPs that run them, and the admins who take care of them. Check out my journal -- we had to spend $ on getting a new server, plus my time to set it up, just to keep our customer-facing mail server from falling over from the sheer volume of the stuff. That's fucking insane, and the idea of contributing in any degree to someone else's version of that story should make anyone sick to their stomach. It is such a waste of so many resources.
So for me at least, the moral and economic incentives to take action on spam are huge, but the volume of complaints for any episode usually prevents me from replying personally. I can only imagine what it would be like for someone at AOL or Sprint or what have you. YMMV.
Re:Well... (Score:2, Interesting)
I also work for a small ISP. My solution to minimize spam from our network was to change our mail server config so that it only allowed a small number of recipients (25 or so) per message, and to transparently proxy all SMTP traffic from our dial-up pool to our mail server, then to install an alert whenever the load on the mail server reaches a preset level.
Reasoning is as follows: if you're sending mail to more than 25 people at one time, you should set up a mailing list (which we'd even assist with, at no charge - much easier than trying to manage something similar with outlook.) The few people who have needed this thought we were wonderful for making their lives easier.
The second part makes sure that anyone sending spam is forced through our mail server - so we don't have to worry about spammers attempting relay-rape, or to spam directly from the dial-up line.
The third part limits the amount of damage a spammer can do - if they figure out the RCPT TO: limit, sending large amounts of spam through our server results in my pager going off, which means that I can stop the spam before most of it is sent out (this has happened once - a grand total of 18 spams were sent out before I killed the spammer's account and purged the queue.)
Other SMTP Servers? (Score:1)
Re:Well... (Score:2, Informative)
It is only death if you believe the people why run and promote these blacklists. There are some options that the anti-spammers in the newsgroup won't give you. You can send mail thru a smarthost on a non-listed server. You can tell the intended recipient that thier legit email has been blocked by their ISPs filters. You can get a non-listed block from your ISP (A /30 will do) and run your server on that. It is best to deal with the admins that are using the dnsbls than trying to deal with the lists. Working with any of the lists or their supporters is impossible.
Combat SPAM? (Score:1)
SPAM is canned meat, while spam is aka UCE.
Two fixes... (Score:1)
2. Stop accepting unverified free accounts on things like yahoo, and hotmail.
Let me expand on this, in my vision the account would be able to accept all the mail it wants, and it would be able to respond to mail it received. However inorder to send cold mails, some verification of the users real existance would need to occur(real world address or something like that). Of course it also wouldn't hurt if sending more than a few address at a time from such accounts were disallowed.
My problem is (Score:2)
*sigh*
Gotta take the George Bush approach to spam (Score:4, Funny)
Instead of filtering and blacklisting.... (Score:2, Interesting)
How about it, guys [ietf.org]? (I looked, and this [rfc-editor.org] was the closest thing I could find.)
Best reply (Score:1)
The account is now free to extrapolate on the finer points of my
wastebasket. It was cancelled as of 4/21/00. Have a nice day
Cheers,
Torquemada
If only all complaints received this kind of attention.
earthlink.net adn attglobal.net (Score:3, Informative)
isps should use blackhole lists and spamassassin (Score:2)
I also do the abuse mail box, and we get about 40-50 complaints a day. most of these are clueless grandmas that have no idea what they are doing. some are automated messages about viruses on their corporate lan sent from our network. About once or twice a week, I get an actual problem that I can do something about.
I can imagine if i had 10x as much work, i would probably not respond to any of it.
In Ohio, Bright.net (Score:2)
I fired off a forwarded copy to their "abuse" address at 12:22pm. I received an auto-reply instantaneously, and then at 1:59pm the same day I received the following message from them:
"We have traced the originator of this spam and have taken action according to bright.net policy. If you should experience further problems, please don't hesitate to let us know."
Needless to say, I was pretty impressed, both with the blazing fast turnaround, and the fact that I actually got something other than an autoreply from them-- with the big boys, you never feel like anyone is reading your spam reports. It was very nice to hear that my report actually had an impact, and some asshole spammer has been smacked down because of it.
~Philly
My ISP labels spam (Score:1)
Formmail Scans (Score:3, Interesting)
Second notice offending ISPs include:
I generally block China attacks without sending a notice (because there's no whois information for who to complain to - and abuse@ often bounces). This has proven to kill a LOT of SPAM. The spam houses that proxy off of Chinese servers can't scan my site for addresses, and the SPAM mail servers won't get through. I don't even bother filtering mail on that server as blocking formmail scanners' domains pretty much kills 90% of them.
The ONLY way to make ISPs care... (Score:2)
This is a very valid complaint. Someone above mentioned they just blacklisted rackspace.com. I wish every rackspace.com would call their account rep. and give them a lot of trouble.
In fact, I highly recommend that every corporate customer using some sort of ISP for bandwidth or hosting should do some research on spamcop and/or other dnsbl lists and find out what complaints are in the queue. If there are a lot, call up your account rep and threaten to take your business elsewhere because those spammers are hurting your business by potentially getting you blacklisted.
Cyberus seems to filter well . . . (Score:2)
A few months ago, they implemented an in-house filtering system they call Clearmail [cyberus.ca]. Anyways, it's pretty slick. I get about 1 SPAM per month that somehow slips by. As an added benefit, they send me one email per week with a list of all the SPAM they think they caught, so I can skim it to make sure no real ones got through. So far, it hasn't caught a single real email, but a couple hundred SPAMs. They also include a Criteria chart for each message so you can see why they thought it was SPAM.
Anyways, this seems like an ad, but i just think its pretty slick. . . I wish my other email accounts had similar services.
Shutting down a spammer (Score:1)
Love to hate? (Score:1)
The one that's owned by that one company that we all love to hate
Is such company "AOL Time Warner" for the Bono Act and the DMCA, or is it "Microsoft" for predatory Windows OS licensing practices?
Re:Love to hate? (Score:1)