Will we ever get rid of SPAM? ============================= July 2006 A rant by Florin Iamandi (Slippery), This rant is not going to teach you what do the eventually used terms mean. You, the reader, are supposed to know how the e-mail system works and what mechanics are under this system. However at the end of the rant you might find links pointing to various websites with plenty of further information in depth. SPAM[1] e-mail represents a huge chunk of the today's e-mail and it constitutes a big challenge for those that manage the e-mailing systems and networks, starting from the sysadmin to the CEO. This rant is about why do I consider this battle against SPAM on the verge of being lost. Nation wide telcos set the (wrong) rules ---------------------------------------- This stuff is happening nowadays. Nation wide telcos have SMTP servers abused by the spam barons. These servers are offered on a golden plate to the malware and constitute an always open gate to the Internet world because they are mostly relays with e-mail traffic filtered the wrong way. The relay filters applied on these servers usually consist in IP address oriented blocks. "We only allow relay for our customers on which we totally and fully trust". Excuse me? Can you REALLY trust your users? Since when? Can you control what software is running on their systems? How can you vouch for networks you don't know? At least a minimal content filtering system should be applied on EVERY SMTP sever in the Internet today. I know my ISP has one and I am proud it does. Sometimes the SMTP server is rejecting the SPAM abuse/complaints e-mails I am trying to forward but that's a price I am happily willing to pay because that's the way it should be. Bulk e-mail should be stopped at the source. Every bit of traffic generated by bulk e-mail is a wasted bit, every CPU cycle used to process bulk e-mail is a wasted cycle. Telcos should learn how to use their resources and our resources - as netizens - in general. Ignorance is a bless -------------------- OK, so the telco SMTP is relaying SPAM. Who cares? I have my DNSBL/RBL[2] filters in place and I'm rejecting these e-mails. Well not quite as ignorance is a bless. Here's a scenario that might change your point of view. You're a small/medium sized ISP running a clean, SPAM free e-mail server which implements DNSBL/RBL filtering. Content filtering is already an overload, not to mention the extra overload brought in by the necessity of checking for image based SPAM[3]. It is better to avoid content filtering if at all possible. The SMTP servers of the major telco(s) in your contry get blacklisted and your customers are unable to receive e-mail from almost everyone they know. These customers are paying for a service that, from their point of view, is blocking the e-mails they need to receive therefore this service is not working right, your system is blocking legit e-mails! Your tech support department gets swamped with phone calls, the CTO is under the pressure comming from the CEO, CFO and other officers. The telco doesn't give a squat if its servers are in a blacklist or another, after all the e-mail service they are offering is a free service, a bonus for the connectivity. Therefore their clients have no right to complain about the functionality of this service. Not to mention the huge bureaucratic process a request for a change in this system would have to follow. After trying to contact the telco and having not heard back from them in quite a while what's to be done? Whitelist the SMTP servers or give up the specific DNSBL/RBL that was blacklisting them. Who's fault is it? It's the telco's fault for trusting its users. Was the other telco affected? I don't think so. What did the other telco learn from this? Nothing. And the winner is... the spam baron! Yay! Is there any solution? ---------------------- Every ISP and telco should take the responsibility on what's originating from their networks and educate the users. This can even be a source of profit[4]. Content filtering at the first point of e-mail exit has become a necessity. I very much doubt every ISP in this world has the guts, the means, the will and/or the knowledge to stop SPAM at the very source. If all the elements involved in the e-mailing system wake up maybe the Internet might still stand a chance or two. We should all do our part of the job on keeping this network clean from the end user to the technical staff, from the CS teacher to the mass media. But as long as major players continue to ignore the real issue we are having today with SPAM, I'm affraid we are doomed and the future looks like a kludged, swamped and filthy Internet. Err... wait, aren't we there already? ------------------------------------------------------------------------ References [1] http://en.wikipedia.org/wiki/e-mail_spam [2] http://en.wikipedia.org/wiki/DNSBL [3] http://news.softpedia.com/news/Image-Spam-Overflow-28654.shtml [4] http://www.theregister.co.uk/2006/07/05/spam_zombie_survey/ ------------------------------------------------------------------------ Copyright (c) 2006, 2007 Florin (Slippery) Iamandi, Permission to use, copy, modify, and distribute this article for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. ------------------------------------------------------------------------ If you read this rant by chance and wish to comment on it or if you'd like to add something feel free to e-mail me. Last change: 20060707 ------------------------------------------------------------------------