| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 60006 | 2005-07-19 21:57:00 | Hit back at spammers | Greg (193) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 373559 | 2005-07-22 05:11:00 | on the sugect of spam filters getting better.. not so sure.. i sent an E last night, it bounced, and this is what i got back.. Recipient address: xxxxxx@orcon.net.nz Reason: Server rejected MAIL FROM address. Diagnostic code: smtp;553 5.3.0 Spam blocked see: spamcop.net Remote system: dns;mail.orcon.net.nz (TCP|xxx.x.xx.xx|40201|xxx.x.xx.xx|25) I used my personal @millerton.co.nz address that is never used in public. spamcop.net gives no responce. the blacklisted IP (bl.shtml?xxx.x.xx.xx) belongs to Telstra clear, but is nowhere near mine, i have a fixed IP. It has nothing to do with the people looking after my Email either. So i sent another E, this time using my Gmail addy as my sender address... no problem. I have never been blocked on basis of my domain before! |
personthingy (1670) | ||
| 373560 | 2005-07-22 05:21:00 | So i sent another E, this time using my Gmail addy as my sender address... no problem. I have never been blocked on basis of my domain before!It has nothing to do with the domain name. The IP range your connection is in will have been blacklisted probably for being dynamic IP space. Our mail servers end up in spam black lists quite regularly because of dickheads using MailWasher and submitting valid Mailer-Daemon bounces to spamcop/other bullcrap spam block list sites. |
ninja (1671) | ||
| 373561 | 2005-07-22 08:25:00 | So i sent another E, this time using my Gmail addy as my sender address... no problem. I have never been blocked on basis of my domain before! It has nothing to do with the domain name. The IP range your connection is in will have been blacklisted probably for being dynamic IP space. OK, so if it has nothing to do with my domain, how come resending using a different sendername (Gmail) worked? looked at the IP listed in Orcons bounce note, a "whois" informed me that it belonged to a huge range allocated to telstra-clear Mine is a fixed address from nowhere near that range. Apart from 5-10 minutes elapsing, the only difference between the 2 E's was one came through from xxxx@millerton, and the other from xxxx@Gmail Both were sent using Kmail on flaptop. It certainly seems a domain or email address orientated block! |
personthingy (1670) | ||
| 373562 | 2005-07-22 14:38:00 | OK, so if it has nothing to do with my domain, how come resending using a different sendername (Gmail) worked?Because you sent via GMail's server which isn't in a blacklisted IP block. Pretty simple really. |
ninja (1671) | ||
| 373563 | 2005-07-22 21:41:00 | I think the scenario outlined is flawed In retrospect I agree. Besides, I wouldn't install anything on my computer that does Internet stuff beyond my direct control. |
Greg (193) | ||
| 373564 | 2005-07-22 22:08:00 | Because you sent via GMail's server which isn't in a blacklisted IP block . Pretty simple really . No ninja, i suspect you either didn't read the above properly, or you've never used Kmail . I changed my sender address to my Gmail one, as stated above . In Kmail thats as easy as simply replacing the text in the "from" field . I did not use Gmails web interface, change my SMTP server or anything like that . In Kmail changing SMTP is a drop down form called "mail transport" Same E, Same SMTP server (smtp . paradise . net . nz) same everything . [b]The only difference was my claimed sendername/return address From: Chris <xxxxxxxxx@gmail . com> Organization: Millerton Sound Company To: xxxxx <xxxxxxx@orcon . net . nz> Subject: xxxxxx Date: Thu, 21 Jul 2005 22:04:13 +1200 User-Agent: KMail/1 . 7 . 2 X-KMail-Identity: 1433775380 MIME-Version: 1 . 0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200507212204 . 17587 . xxxxxxxxxx@gmail . com> Status: RO X- Status: RS X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Hi . . . . . . . . . . . . . . . . . . From: Chris <xxxxx@millerton . co . nz> Organization: Millerton Sound Company To: xxxxxx <xxxxxx@orcon . net . nz> Subject: xxxxxx Date: Thu, 21 Jul 2005 21:51:24 +1200 User-Agent: KMail/1 . 7 . 2 MIME-Version: 1 . 0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200507212151 . 30596 . xxxxx@millerton . co . nz> Status: RO X- Status: RS X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Hi . . . . . . . . . . . . . . . |
personthingy (1670) | ||
| 373565 | 2005-07-23 01:10:00 | No ninja, i suspect you either didn't read the above properly, or you've never used Kmail. I changed my sender address to my Gmail oneYou said you used your GMail address, assumed it was from the web client. I've used KMail, it sucks by the way, and the feature is the same in ever other mail client around the world. I still highly doubt it being the domain name that was blocked. Though without seeing the headers of the blocked message (post delivery, the ones on your local machine don't mean anything) I can't tell for sure. Orcon are idiots for using SpamCop anyway. |
ninja (1671) | ||
| 373566 | 2005-07-23 02:13:00 | I still highly doubt it being the domain name that was blocked. Though without seeing the headers of the blocked message (post delivery, the ones on your local machine don't mean anything) I can't tell for sure. I'm not going to publish the headers in full, but this bit, as posted above: Reason: Server rejected MAIL FROM address. seems fairly self explanatory.... |
personthingy (1670) | ||
| 373567 | 2005-07-23 03:47:00 | An interesting but occasionally over-the-top debate about a problem that affects us all . Bear with me here, because I have no knowledge of the operational practices of ISPs, but two questions come to mind that haven't been answered as yet: 1) Presuming that ISPs value their good name, their bandwidth and the custom of their legitimate business clients, I would assume that they monitor their own traffic for any abnormal behaviour . If so, surely the arrival of a new client who suddenly starts sending squillions of emails would arouse the attention of a traffic monitoring program, and further monitoring would identify words of a decidedly spammish nature? The latter is what I understand that spam filters do, and so alerted they could then disable that URL (or whatever, I'm no expert) and dump the client because such activity would be outside their conditions for access/usage . Of course that presupposes that they would act in the best interests of all their clients and the wider internet community, but I suspect that this doesn't happen because they probably reap their biggest profits from the users with highest traffic throughput . That brings me to the second question: 2) If the unholy dollar is what drives them to continue hosting spam merchants, then why should we care if spam hosting ISPs get flooded with traffic from Blue, Green or Purple Frogs? I am interested in the answers to those questions, because it seems to me that the whole internet is afloat on a sea of blood from self-inflicted wounds, and most of the objection I read here are at the expense of the innocent victims . Whatever the most effective counter to spammers might be, I have no doubt that inevitably there would be short term pain for some, but the long term gains would be worth it . Cheers Billy 8-{) :2cents: |
Billy T (70) | ||
| 373568 | 2005-07-23 05:02:00 | 1) Presuming that ISPs value their good name, their bandwidth and the custom of their legitimate business clients, I would assume that they monitor their own traffic for any abnormal behaviour . If so, surely the arrival of a new client who suddenly starts sending squillions of emails would arouse the attention of a traffic monitoring program, and further monitoring would identify words of a decidedly spammish nature?We handle mail in the order of 1000's of messages a second,in and outbound from our mail servers . Most spammers don't use ISP mail servers to send spam, so monitoring on a mail server isn't much use . The majority of spammers now use hordes of recruited bot nets, virus infected machines sitting on the net that are then used to fire spam out . Distributed traffic, very hard to trace . Monitoring traffic patterns is not an easy task . As far as core infrastructure is concerned data is data, whether it be news, mail, porn, downloaded movies, mp3s etc . It all looks the same to the core systems passing the data through . Add to that the fact that there are easily 10's of thousands of users on at any given time, monitoring what each individual is or isn't doing is just not feasible . We recently had an example of a colocated machine that was compromised and pushed through almost 100GB more traffic than it usually would . This was significant to the customer (and very significant to his invoice) but as far as our network was concerned it didn't even blip the radar as in proportion it was insignificant . The latter is what I understand that spam filters do, and so alerted they could then disable that URL (or whatever, I'm no expert) and dump the client because such activity would be outside their conditions for access/usage . Most spam filters check incoming mail rather than outgoing . Again as most spam mail is not sent by ISP mail servers spam fitlering outbound mail won't make a difference . From a network perspective, once the mail leaves the sending machine it's just data so can't easily be dealt with . Of course that presupposes that they would act in the best interests of all their clients and the wider internet community, but I suspect that this doesn't happen because they probably reap their biggest profits from the users with highest traffic throughput . Most ISP's are very responsive to abuse complaints . It also depends greatly on what kind of service you're providing . Dialup and ADSL, those that use less traffic are more profitable than those that use more . Co-located boxes or transit services tend to reap better money on high volume, but those clients tend to be pretty responsible . 2) If the unholy dollar is what drives them to continue hosting spam merchants, then why should we care if spam hosting ISPs get flooded with traffic from Blue, Green or Purple Frogs?Again this is related to the initial point . Most spam is sent from recruited bot nets . The idea of this software is to attack the spamvertised web-site . However this vigilante blunt object approach will hit an ISP's server and potentially affect any other innocent clients hosted on that web server, or potential the x 1000 dialup or ADSL customers that ISP has if their network became saturated by this DDoS attack . A quick lesson in servers: Most servers have one IP address . This IP address can have multiple domain names pointed to it . The server interprets the domain name and delivers the content that it holds for that domain name (very simple) . Even if the ISP in question took the site down immediately, they could still suffer the onslaught of the attack from this malformed stupid software idea for hours, even days after the site was taken down, until all the old DNS records pointing at that server have expired . See: The Slashdot Effect as an example: . wikipedia . org/wiki/Slashdot_effect" target="_blank">en . wikipedia . org I am interested in the answers to those questions, because it seems to me that the whole internet is afloat on a sea of blood from self-inflicted wounds, and most of the objection I read here are at the expense of the innocent victims . The internet, and e-mail in particular is inherently flawed . The system is based on a very simple setup that didn't anticipate abuse(or even the exponential growth it's encountered), and has no really good methods for dealing with it . The changes to effectively limit spam will be huge and far-reaching - almost to the point of Internet V 2 . 0 or equivalent . Whatever the most effective counter to spammers might be, I have no doubt that inevitably there would be short term pain for some, but the long term gains would be worth it . So Britain should immediately lock up every Muslim in a detention centre until they've worked out which ones are bombing things . I mean it'd be short term pain for a few million people, but in the long term no more trains would get blown up? Why should thousands of an ISP's customers suffer, or the other sites hosted on a server (as mentioned could be banks, government departments, whatever) be taken down by a vigilante DDoS attack (a fundamentally flawed idea) because one guy on a server put up a dodgy spamvertised site, or worse, a customer on that server had their site compromised and used so it's not even their fault . |
ninja (1671) | ||
| 1 2 3 4 5 6 | |||||