On Wed, 1 Oct 1997, Paul Thornton wrote:
I have to agree with Alex here. If we can persuade ISPs (and customers who have mail servers which can relay) to fix their configurations to deny relaying except for their own hosts/networks then we have made a big step forward.
but it still doesn't solve problem of spamming. MJ ___________________________________________________________________________ Miroslaw.Jaworski@ikp.com.pl (Psyborg) MJ102-RIPE ATM S.A. - IKP division WAN/UNIX adm
On Wed, 1 Oct 1997 13:02:18 -6000 Miroslaw Jaworski <mjaw@ikp.ikp.pl> wrote:
On Wed, 1 Oct 1997, Paul Thornton wrote:
I have to agree with Alex here. If we can persuade ISPs (and customers who have mail servers which can relay) to fix their configurations to deny relaying except for their own hosts/networks then we have made a big step forward.
but it still doesn't solve problem of spamming.
I doubt that you'll ever solve this problem fully, and to be honest you'd have to live in cloud cuckoo land if you thought you could stop spam in a single step. What is suggested is that pressure or advice is given to people so that they stop having open email relays. If enough people do this then the spammer has one less way to spam the world and steal network resources. [i.e. it will cost the spammer money, and the average spammer doesn't like that]. Regards, Neil. -- Neil J. McRae - Alive and Kicking. C O L T I N T E R N E T neil@COLT.NET Ascend GRF: 100% CpF [Cisco protection Factor] Free the daemon in your <A HREF="http://www.NetBSD.ORG/">computer!</A>
On Wed, 1 Oct 1997, Neil J. McRae wrote:
I doubt that you'll ever solve this problem fully, and to be honest you'd have to live in cloud cuckoo land if you thought you could stop spam in a single step.
everything is hard. [ "Not for first time was built Krakow" ]
What is suggested is that pressure or advice is given to people so that they stop having open email relays.
i agree that this is the very first one what people should do.
network resources. [i.e. it will cost the spammer money, and the average spammer doesn't like that].
hmmm from my point of view it will cost MY money (ISP) not real spammer. when spam will have as source address my network 157.25.0.0/16, u mean that i am this spammer ? MJ ___________________________________________________________________________ Miroslaw.Jaworski@ikp.com.pl (Psyborg) MJ102-RIPE ATM S.A. - IKP division WAN/UNIX adm
On Wed, 1 Oct 1997 13:18:05 -6000 Miroslaw Jaworski <mjaw@ikp.ikp.pl> wrote:
hmmm from my point of view it will cost MY money (ISP) not real spammer.
Thats all academic, there will always be someone trying to spem you, if you reduce the ways this is possible then you help to reduce the spam, longer term it reduces costs in theft of network resources.
when spam will have as source address my network 157.25.0.0/16, u mean that i am this spammer ?
Obviously not, but you could help us in tracking any such offender, and help put a stop to it, InterISP co-ordination is important, and I'd guess thats why organisations like RIPE, LINX and so on, are keen to be a focal point for action. Regards, Neil -- Neil J. McRae - Alive and Kicking. C O L T I N T E R N E T neil@COLT.NET Ascend GRF: 100% CpF [Cisco protection Factor] Free the daemon in your <A HREF="http://www.NetBSD.ORG/">computer!</A>
On Wed, 1 Oct 1997, Neil J. McRae wrote:
Obviously not, but you could help us in tracking any such offender, and help put a stop to it, InterISP co-ordination is important, and I'd guess thats why organisations like RIPE, LINX and so on, are keen to be a focal point for action.
i see solution : every new ISP must own his IP. He gets it from RIPE. maybe he should sign such a document containing rules of servicing new customers. One part should inform that in case of spam spammer will be added to "Index" and no ISP will set up an account for him in the future. Maybe then people can understand what they can loose by inproper using of e-mail ? MJ ___________________________________________________________________________ Miroslaw.Jaworski@ikp.com.pl (Psyborg) MJ102-RIPE ATM S.A. - IKP division WAN/UNIX adm
In message <Pine.SGI.3.90.971001150122.28009Y-100000@ikp.ikp.pl>, Miroslaw Jawo rski writes:
i see solution :
every new ISP must own his IP. He gets it from RIPE. maybe he should sign such a document containing rules of servicing new customers. One part should inform that in case of spam spammer will be added to "Index" and no ISP will set up an account for him in the future.
Maybe then people can understand what they can loose by inproper using of e-mail ?
I would vote for this. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop."
added to "Index" and no ISP will set up an account for him in the future.
Maybe then people can understand what they can loose by inproper using of e-mail ?
I would vote for this.
It would be good idea if you had a proper organ to put spammers in that index but I can not see any normal mechanism for this. You have to have commonly accepted 'court' which can do that. Else can every people put his 'friend' in this index. Unfortunately this does not hear very Internet-like. Mikk
On Wed, 1 Oct 1997, Paul Thornton wrote:
I have to agree with Alex here. If we can persuade ISPs (and customers who have mail servers which can relay) to fix their configurations to deny relaying except for their own hosts/networks then we have made a big step forward.
but it still doesn't solve problem of spamming.
Long term: It doesn't solve it, but it helps it. One of the main problems is traceability. IE you don't know where the spam has come from. If noone third-party relayed, then when my users get spam, I'd know the IP address of the machine it came from originally. This would be good. Another necessary fix is for ISPs to keep record of which user had which IP address at any given time, and to keep contact details for all their users (this is desirable for secuirity and legal reasons too). If you build these two things together with a term in peering agreements that classifies spam abuse in a similar manner to the way most agreements currently classify security problems (i.e. mutual terms for traceability and action), and one hopes that similar terms are already in place in transit agreements, then one should be better able to get spammers removed. Short term: The other more obvious reason why it helps in the short term is that in conjunction with a realtime BGP feed like that on http://maps.vix.com, you (a) ensure that you have no 3rd party relayed spam, and (b) have the addresses of many commercial spammers blackholed. Of course they move IP addresses, but the larger ones soon get their networks blocked as a whole. Then they have to go back to their provider to change IPs. Eventually the provider will become bored of this (vz. Cyberpromo & AGIS). But it *does* reduce the amount of spam. -- Alex Bligh GX Networks (formerly Xara Networks)
In message <199710011109.MAA02064@diamond.xara.net>, Alex Bligh writes:
On Wed, 1 Oct 1997, Paul Thornton wrote:
I have to agree with Alex here. If we can persuade ISPs (and customers who have mail servers which can relay) to fix their configurations to deny relaying except for their own hosts/networks then we have made a big step forward.
but it still doesn't solve problem of spamming.
Long term:
It doesn't solve it, but it helps it. One of the main problems is traceability. IE you don't know where the spam has come from. If noone third-party relayed, then when my users get spam, I'd know the IP address of the machine it came from originally. This would be good. Another necessary fix is for ISPs to keep record of which user had which IP address at any given time, and to keep contact details for all their users (this is desirable for secuirity and legal reasons too).
This is elementary; know who your customers are and what they are doing with your infrastructre.
If you build these two things together with a term in peering agreements that classifies spam abuse in a similar manner to the way most agreements currently classify security problems (i.e. mutual terms for traceability and action), and one hopes that similar terms are already in place in transit agreements, then one should be better able to get spammers removed.
Almost all peering on the Internet today is 'soft'; in that it is 'just packets' that is moved. If we are to get tough on enforcing this we'll need lawyer-based peering aggreements. Remember the Internet of 1993 ? How fearful we all were about getting such 'firm' peering aggreements, because it would force us into a PTT-stand on almost all the models of pricing, transit etc. that the Internet Community loathed (does it still?). Are we ready for the 'firm' peering aggreement ?
Short term:
The other more obvious reason why it helps in the short term is that in conjunction with a realtime BGP feed like that on http://maps.vix.com, you (a) ensure that you have no 3rd party relayed spam, and (b) have the addresses of many commercial spammers blackholed. Of course they move IP addresses, but the larger ones soon get their networks blocked as a whole. Then they have to go back to their provider to change IPs. Eventually the provider will become bored of this (vz. Cyberpromo & AGIS). But it *does* reduce the amount of spam.
The other way is to keep up the self-justice. Drop the peering with the bozo generating the spam.
-- Alex Bligh GX Networks (formerly Xara Networks)
-- ___ === / / / __ ___ _/_ === Morten Reistad, Network Manager === /--- / / / / /__/ / === EUnet Norway AS, Sandakerveien 64, Oslo === /___ /__/ / / /__ / === <Morten.Reistad@Norway.EU.net> === Connecting Europe since 1982 === phone +47 2209 2940
Another necessary fix is for ISPs to keep record of which user had which IP address at any given time, and to keep contact details for all their users (this is desirable for secuirity and legal reasons too).
This is elementary; know who your customers are and what they are doing with your infrastructre.
If you keep all your servers time sync'd and keep full Radius accounting records, yes, you can translate an (IP address, time) pair into a username. Some ISPs can do this reliably. Many don't. Seconds may well matter. The next problem is to associate that user name with a person. Dead easy you may think. But the user may claim that someone else has been using their account. Thus you also need to log CLI (calling number identity), which in turn means your telecom provider has to present it. The ISP must also have a policy on what to do with withheld or unavailable CLI. So while this seems simple, actually it isn't. Very few ISPs actually do the whole of this (IMHO).
If you build these two things together with a term in peering agreements that classifies spam abuse in a similar manner to the way most agreements currently classify security problems (i.e. mutual terms for traceability and action), and one hopes that similar terms are already in place in transit agreements, then one should be better able to get spammers removed.
Almost all peering on the Internet today is 'soft'; in that it is 'just packets' that is moved. If we are to get tough on enforcing this we'll need lawyer-based peering aggreements.
Mmmm... About 30% of my US peers have paper based agreements. Most of them (probably all) have security based agreements, but ...
Remember the Internet of 1993 ? How fearful we all were about getting such 'firm' peering aggreements,
... wasn't most of the fear about a price being attached to them? (for exactly the reasons you state below). The academic networks have always had AUPs you are expected to abide by to some extent as peers. JANET in the UK being a good example.
because it would force us into a PTT-stand on almost all the models of pricing, transit etc. that the Internet Community loathed (does it still?).
Are we ready for the 'firm' peering aggreement ?
I think this is largely orthogonal. You can equally well implement the "if you don't track down spam, we'll cease this arrangement" in an email based, lawyer-free peering environment. And you make this point yourself below (*), My personal view is that firm peering agreements are inevitable. But this is another issue entirely. (*) - > The other way is to keep up the self-justice. Drop the peering
with the bozo generating the spam.
-- Alex Bligh GX Networks (formerly Xara Networks)
On Wed, 1 Oct 1997, Alex Bligh wrote:
If you keep all your servers time sync'd and keep full Radius accounting records, yes, you can translate an (IP address, time) pair into a username. Some ISPs can do this reliably. Many don't.
it's so easy. for dialup : I've got an authentication tool. Have You ever heard about Tacacs+ ? all informations are clear : when, which ip (which port on which router), username, result of authentication for leased : SYSLOG contains entries for sendmail.
Seconds may well matter. The next problem is to associate that user name with a person. Dead easy you may think. But the user may claim that someone else has been using their account.
most often company has one account and a few people had passwd to it. So... I can tell when it was. Then they should search inside their company.
Thus you also need to log CLI (calling number identity), which in turn means your telecom provider has to present it.
:( its impossible here. TPSA (telecommunication company ) is monopolist so they most often don't want to cooperate with people. even if u have an information which number was the source it's not everything. As i said - many companies use one PC to e-mail. When someone wants to check his mailbox simply call ( source phone is always the same ) and check it. MJ ___________________________________________________________________________ Miroslaw.Jaworski@ikp.com.pl (Psyborg) MJ102-RIPE ATM S.A. - IKP division WAN/UNIX adm
At 13:24 01.10.97 +0100, Alex Bligh wrote:
Seconds may well matter. The next problem is to associate that user name with a person. Dead easy you may think. But the user may claim that someone else has been using their account.
In most cases, we then tell the user to change his or her password, and that if anything like this happens again, we will still close his or her account. Also, with so many people using ISDN, we can see what numbers the customer has connected from. Some have tried that one; that somebody else used their account. So, when you ask them: "Is xxxxx your phone-number?" and they answer "yes", we can tell them that the connection was made from that phonenumber.
Thus you also need to log CLI (calling number identity), which in turn means your telecom provider has to present it. The ISP must also have a policy on what to do with withheld or unavailable CLI. So while this seems simple, actually it isn't. Very few ISPs actually do the whole of this (IMHO).
I think we focus on the wrong problem. Most of the spam we see, come from USA. There is not much spam originating in Europe. At least not compared with USA. So, if we could get rules that prevent our own users from spamming, before it becomes a problem, we would mainly have to deal with relayed spam. If larger parts of Europe can maintain a decent policy, and especially if the larger ISPs in Europe would have such a thing, the smaller would have to follow. That is, the large ISPs in Europe must deal with spam. If the larger ISPs, who can afford to lose one or two customers because they are not willing to house spammers, refuse to take in spammers as customers, and start blocking, or at least threaten to block, mail from ISPs that _do_ accept this, most ISPs will realize that they loose more customers by not being able to offer a satisfactory service. -- Med vennlig hilsen/Regards Ina Faye-Lund Telenor Nextel AS
Hi, At 12:09 01.10.97 +0100, Alex Bligh wrote:
Long term:
It doesn't solve it, but it helps it. One of the main problems is traceability. IE you don't know where the spam has come from. If noone third-party relayed, then when my users get spam, I'd know the IP address of the machine it came from originally. This would be good. Another necessary fix is for ISPs to keep record of which user had which IP address at any given time, and to keep contact details for all their users (this is desirable for secuirity and legal reasons too). If you build these two things together with a term in peering agreements that classifies spam abuse in a similar manner to the way most agreements currently classify security problems (i.e. mutual terms for traceability and action), and one hopes that similar terms are already in place in transit agreements, then one should be better able to get spammers removed.
But what, when there are laws, which disallow such loggins like IP Address <-> Username at a specific time for a long time ? Cu, sh -- Stephan Hermann, techn. Leiter Netzwerk u. Telekommunikation eMail: sh@nwu.de NWU Gesellschaft fuer Netzwerke und Telekommunikation mbH Tel.: +49-231-9860143 Heinrichstr. 51, 44536 Luenen FAX : +49-231-9860148
On Wed, 1 Oct 1997, Alex Bligh wrote:
It doesn't solve it, but it helps it. One of the main problems is traceability. IE you don't know where the spam has come from. If noone third-party relayed, then when my users get spam, I'd know the IP address of the machine it came from originally. This would be good.
I agree : knowing real source address is the base for success. It's nothing new...
Another necessary fix is for ISPs to keep record of which user had which IP address at any given time, and to keep contact details for all their users (this is desirable for secuirity and legal reasons too).
I've got everything in my logs. all sendmail jobs and from which user it cames from.
If you build these two things together with a term in peering agreements that classifies spam abuse in a similar manner to the way most agreements currently classify security problems (i.e. mutual terms for traceability and action), and one hopes that similar terms are already in place in transit agreements, then one should be better able to get spammers removed.
and what to do ? tell customers "sorry u generate spam, we don't want u on our server" ? OK, but a couple hours later he will get new accounts from other ISP. Cooperation of all ISP is needed. Index od spammers. Absolute rule : before setting up new accounts, check customer in spammers index. And for more : official documents about spam. It should be announced and published over network so EVERY user can read it and imagine what will happen with him if..... MJ ___________________________________________________________________________ Miroslaw.Jaworski@ikp.com.pl (Psyborg) MJ102-RIPE ATM S.A. - IKP division WAN/UNIX adm
and what to do ? tell customers "sorry u generate spam, we don't want u on our server" ?
Yes.
OK, but a couple hours later he will get new accounts from other ISP.
If he hits you, you tell that ISP: "stop this customer please", if they don't you blackhole their route.
Cooperation of all ISP is needed. Index od spammers.
YES, that's what this entire discussion is about.
Absolute rule : before setting up new accounts, check customer in spammers index.
yes.
And for more : official documents about spam. It should be announced and published over network so EVERY user can read it and imagine what will happen with him if.....
yes. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop."
On Wed, 1 Oct 1997, Poul-Henning Kamp wrote:
and what to do ? tell customers "sorry u generate spam, we don't want u on our server" ?
Yes.
i want to :) but i work for ISP :)
OK, but a couple hours later he will get new accounts from other ISP. If he hits you, you tell that ISP: "stop this customer please", if they don't you blackhole their route.
then many customers are wining "Why can't I.... ??!!Why did You ??!! What with my e-mail ???!!".... :(
YES, that's what this entire discussion is about. yes. yes.
Wow.. triple YES for me :) like in voting couple years ago in my country :) so... there is an idea. there is an beginning of solution.. who can accept it ? maybe we can try to create such a document which should be signed by every existing and every new ISP ? MJ ___________________________________________________________________________ Miroslaw.Jaworski@ikp.com.pl (Psyborg) MJ102-RIPE ATM S.A. - IKP division WAN/UNIX adm
On Wed, 1 Oct 1997, Paul Thornton wrote:
I have to agree with Alex here. If we can persuade ISPs (and customers who have mail servers which can relay) to fix their configurations to deny relaying except for their own hosts/networks then we have made a big step forward.
but it still doesn't solve problem of spamming.
MJ
My opinion is that this mail exchange is much more dangerous and boring than the spam itself. More then half of the messages I get is about spamming. Bye Peppo
___________________________________________________________________________ Miroslaw.Jaworski@ikp.com.pl (Psyborg) MJ102-RIPE ATM S.A. - IKP division WAN/UNIX adm
On Wed, 1 Oct 1997 13:10:32 +0200 (MET DST) Peppino Anselmi <peppo@inet.it> wrote:
My opinion is that this mail exchange is much more dangerous and boring than the spam itself.
And opinions are like arseholes - everybody has one. As for this exchange if more people prevented spam [and its not hard work] then you wouldn't have to real this "dangerous and boring mail exchange". -- Neil J. McRae - Alive and Kicking. C O L T I N T E R N E T neil@COLT.NET Ascend GRF: 100% CpF [Cisco protection Factor] Free the daemon in your <A HREF="http://www.NetBSD.ORG/">computer!</A>
howdy, At 12:24 01.10.97 +0100, Neil J. McRae wrote:
On Wed, 1 Oct 1997 13:10:32 +0200 (MET DST) Peppino Anselmi <peppo@inet.it> wrote:
My opinion is that this mail exchange is much more dangerous and boring than the spam itself.
And opinions are like arseholes - everybody has one. As for this exchange if more people prevented spam [and its not hard work] then you wouldn't have to real this "dangerous and boring mail exchange".
hey, calm down...:) we can switch from local-ir ML to another ML for such purposes (technical nature etc.) Questions: Is there a working-group for anti-spam discussions ??? if not, should we make one ? Cu, sh -- Stephan Hermann, techn. Leiter Netzwerk u. Telekommunikation eMail: sh@nwu.de NWU Gesellschaft fuer Netzwerke und Telekommunikation mbH Tel.: +49-231-9860143 Heinrichstr. 51, 44536 Luenen FAX : +49-231-9860148
we can switch from local-ir ML to another ML for such purposes (technical nature etc.) Questions: Is there a working-group for anti-spam discussions ??? if not, should we make one ?
Yes, we should. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop."
Hi, At 14:07 01.10.97 +0200, Poul-Henning Kamp wrote:
we can switch from local-ir ML to another ML for such purposes (technical nature etc.) Questions: Is there a working-group for anti-spam discussions ??? if not, should we make one ?
Yes, we should.
Ok, I'm installing tonight the majordomo to a special machine (my home machine)...I make the address public to all on this list. who wants to subscribe is welcome :) ReadU, sh -- Stephan Hermann, techn. Leiter Netzwerk u. Telekommunikation eMail: sh@nwu.de NWU Gesellschaft fuer Netzwerke und Telekommunikation mbH Tel.: +49-231-9860143 Heinrichstr. 51, 44536 Luenen FAX : +49-231-9860148
Hi, Poul-Henning Kamp wrote:
we can switch from local-ir ML to another ML for such purposes (technical nature etc.) Questions: Is there a working-group for anti-spam discussions ??? if not, should we make one ?
Yes, we should.
I second this. Gert Doering -- NetMaster -- SpaceNet GmbH Mail: netmaster@Space.Net Frankfurter Ring 193a Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
-----BEGIN PGP SIGNED MESSAGE----- Hello, ok..the mailinglist is setup for using it. write to majordomo@love.flirt.de with subscribe anti-spam in the body of the mail. (you can use subscribe anti-spam <your favorite email address>, too. Thx for your time.... sh - -- Stephan 'FlirtMan' Hermann home: flirtman@love.flirt.de Funk: +49-172-2335538 dienst: sh@nwu.de -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Waiting for PGP5.0i iQCVAwUBNDZFv+PPfOiqGZ2ZAQGJygP/aqew9RqkUnRhSv6Cjp5Q1++v9cVB1OeD i75WXBAg1ahEk9gOYc//lHgELKeYIQTlA2KvjgZVkKtPsr6aS51DAP9Swbib1aZI JOkei+PMznpIHhvxrBdgOSPWhXnN8D3YkLlcAGfanvhSMXIHZv1gb313JdQGg+Cv BS/4QbNSNQA= =5QG+ -----END PGP SIGNATURE-----
participants (11)
-
Alex Bligh -
gert@Space.Net -
Ina Faye-Lund -
Mihkel Kraav -
Miroslaw Jaworski -
Morten Reistad -
Neil J. McRae -
Peppino Anselmi -
Poul-Henning Kamp -
Stephan 'FlirtMan' Hermann -
Stephan Hermann