I just got an e-mail from someone currently attending the IGF meeting in Geneva . The e-mail ended up in my spam folder because the IP address used for the WLAN at the meeting is on a spambot/virusbot blacklist, namely cbl.abuseat.org. Apparently some guy there has his computer infected by a spambot or a virusbot. Because the local host uses a NAT, all the computers share the same public IP address. This means that all the attendees to the meeting risk seeing their e-mails blacklisted somewhere.

Funny this comes from the very people who would like to set up strategies to fight cybercrime …

Lesson to be learned:

One: NATs are a nuisance. They are responsible for collateral damage.

Two: In a hostile networking environment, never ever trust the local network and fire up your ssh or IPsec tunnel to a machine you can trust.

Three: give us IPv6 as soon as possible to get rid of NATs

I recently switched to a new position in my day job. I moved to another campus and office, where I found on my desk a computer with the default standard configuration. The default browser in this configuration is Internet Explorer 6.

I am still in a state of shock. Over the last four years in my previous position, I had been using Firefox as my main browser, mostly because of AdblockPlus, a remarkably efficient advertisement blocker.

With IE6, I have rediscovered how advertising on web sites can be distracting and invading. Suddenly, the pop-up windows, Flash animations and other nasties are there again. Unlike a paper magazine, when you only need to turn the page to ignore them, advertisements on web sites really prevent you to work until you close the pop-up window, stop the animation, turn off the volume, etc.

I guess one could say that Wladimir Palant, the developer of Adblock Plus, is one of the greatest benefactors to computer productivity over the last few years. Thanks, mate. Great job. I am forever grateful.

Greylisting is a technology deployed on mail servers that has proved to be effective against spam. I use it here. However, I have yet to find a greylisting daemon for Postfix that works well with IPv6. This morning again, a message from an IPv6 SMTP host came in and the greylisting daemon did not know what to do, until I white listed the host in question.

I have tried both SQLGrey and Policyd. They work, to a degree, but are not yet as smart as they are on the IPv4 side.

Typically, it should automatically white list entire /64s for IPv6, just like it white lists /24s on IPv4. If they support either PostgreSQL or MySQL, it is even better.

Any suggestions welcome.

I added a page to this blog, detailing some of the tricks I use to keep spam at a minimum level. The first part talks about Sendmail tricks I found here and there on maling lists and web sites. I take this opportunity to thank the authors.

It seems to me it is more efficient to fight spam at the SMTP session level. This saves CPU cycles, bandwidth and disk space. Spam filtering at a later stage, typically at the delivery agent or at the mail reader is less efficient. From the spammer’s point of view, if the message got past your SMTP gateway, then there is a chance that someone will read it.

I will add and/or detail these tricks in the coming weeks.

Until we have ISPs really commited to eliminate spammers from their network, either on their own initiative or being forced to by governments, the best thing we can do is to frustate the spammers as much as possible so as to make their business unprofitable.

I have often argued both on this blog and in live discussions that spam is a non-issue, which could be addressed by the ISP industry if it really wanted to. All the tools are there. A free software like SpamCannibal could do the job for low traffic operations. For ISPs, they could link their routers to DNS backlists and drop packets on port 25 from rogue ISP IP addresses or AS’es. Once the legitimate customer of ISP X will start complaining that their e-mail are being rejected on a massive scale and threaten to switch providers, be sure that ISP X will effectively stop hosting spam operations.

Only the political/economical willingness is missing. Right now, ISPs are just making lots of $$$ out of spam. That’s selling bandwidth after all. This is what you get when an industry focuses on short term profits rather than societal/ethical behaviour. Or customers could begin to sue their connectivity provider and ask for compensation for damage. After all, spam is costing billions of dollars each year to individuals and companies, in terms of lost time and resources. Saying that the carrier is neutral and is not responsible for carrying spam is unresponsible.
If the industry does not want to auto-regulate itself and really enforce its AUPs, one day or another governemnts will have to threaten them with fines is they continue to carry spammers on their network. So, spam issues, in the WSIS context, is just a smoke screen to divert us from real issues, ie unilateral political control on key Internet resources. But spam is a popular subject, as everyone is facing it. It makes good headlines in the popular press.

Many spammers use bots to read e-mail addresses from web sites. They usually identify the “mailto:” tags in HTML code. Over the years, some have suggested to replace these tags with litteral strings, use javascript to hide addresses, etc. This may all work to a point.

However, we should not forget that spammers are in the business because they want to make money. A database filled with good e-mail addrresses is worth a lot of money. On the contrary, a database filled with trash e-mail addresses is worth nothing. Based on this assumption, Nathan W. Lindstrom developed Spam-X . This Perl script will create a web page full of useless e-mail addresses generated using random strings.

I am not convinced it will work but I will give it a try. Ours is at http://patrick.vande-walle.eu/scripts/mail.pl. As you guessed it, the main reason for this article is to be catched by spambots. If I can help in spreading an anti-spammer tool, I am always glad.

Seems like Microsoft wishes to once again push forward its proprietary technologies.From next November its Hotmail and MSN e-mail services will start to tag messages with no Sender-ID as spam.

Sender-ID was proposed to the IETF Marid working group last year by Microsoft. However, the working group refused it because it is covered by a patent. MS was willing to give free access (for how long ?) to its technology to others but the open source community said they was no way they could incorporate this into open source software implementations. As a result, the Marid group disbanded with no agreement.

The Internet is based on open standards. Sender-ID is not. So, from next November, I intend to refuse all mail coming from Hotmail.* and MSN.* and suggest the poor owners of these e-mail addresses to go look elsewhere. After all, there are enough free services available, from Yahoo, Gmail and many others.

Update: it seems the IESG has approved Sender-ID on 24th June. It is not yet clear how the patent issue will be handled.

At WGIG this week, the ambassador of Syria made the observation that “There is no serious intention to stop this spam by those who are the transporters of the spam, because they benefit. The communication operators lose nothing in spreading this spam.
Developing countries, instead of benefitting from the internet, what they’re getting is spam, and has to pay for that spam.
And quite a lot of money.”

I could not agree more. My server statistics tell me that 70% of the mail we get is spam. Up to now, we have been using a combination of DNS blacklists and SpamAssassin. This works pretty well.
However, managing spam is stealing a lot of CPU resources.

So, since spammers are thiefs stealing bandwidth, CPU, memory, disk space and human time, it is more than legitimate to attack spammers the same way they attack us. This program called Spamcannibal does just that. It will query the DNS blacklists and if the remote server is a known spam operation will close TCP port 25 for that host on your firewall.

One of these days, responsible network operators will have to link their edge routers to these DNS blacklists. By dropping all packets from spammers on port 25, these pirates would have no connectivity. This would make the whole spam business useless. Well of course customers would suddenly notice that their bandwidth consumption would decrease by 20% and might be inclined to ask for a rebate from their ISP. Spammers would not be able to find a hosting company anymore. Operators would lose sales. So, the Syrian ambassador is right. Spam does benefit to network operators.