RE: "Antispam UOL" spam from petsupermarket@uol.com.br?

From: Seth Goodman (sethg_at_GoodmanAssociates.com)
Date: 11/19/05

  • Next message: Roberto C. Sanchez: "Re: how to get k3b back in testing (yes, this sounds familiar)" 
    To: <debian-user@lists.debian.org>
Date: Sat, 19 Nov 2005 13:48:28 -0600

    > From: loos [mailto:loos@qt1.iq.usp.br]
    > Sent: Friday, November 18, 2005 8:25 PM

    <...>

    > Unfortunately, most of their clients are very happy with this
    > system: It is very effective for SPAM protection.
    >
    > In fact for non-list mail it is really a good idea: all you
    > correspondents have to respond the challenge one and only one time,
    > all subsequent mail is unchallenged.

    C/R systems are fundamentally broken as spam protection for the
    following simple reason: virtually all spam uses a forged return-path.
    The challenge message you send to a purported sender is itself spam, as
    that party never sent you a message and your challenge is unsolicited.
    In the absence of a means of return-path authentication, sending
    challenges to forged address is no different from anti-virus systems
    that send "virus notifications" to people who never sent them mail.
    This type of email abuse is collectively referred to as backscatter.
    SpamCop, for instance, treats backscatter exactly the same as spam and
    will list abusers for it. I completely agree with them. Many mail
    system maintainers feel the same way and will put MTA's that emit
    backscatter on local blacklists.

    While it might appear to the users of the C/R system that it is good
    because it reduces their spam load, they are probably unaware that their
    backscatter is part of the growing spam problem. All they're doing is
    shifting the burden to innocent third parties, and that kind of abuse
    deserves getting your MTA's blacklisted. While it's unreasonable to
    expect the average user to understand this, the ISP _certainly_ should
    understand this since they have to deal with everyone else's
    backscatter. They know how _exactly_ much it costs the recipients and
    they don't care because it is helping them. Knowingly abusing third
    parties in order to reduce your own costs is clearly abuse, and they
    deserve whatever each receiving system operator dishes out to them.

    >
    > You just can't use this account for list subscriptions.

    And you shouldn't turn on C/R at all, unless you don't care if you abuse
    innocent third parties whose addresses spammers decide to forge.

    >
    > Besides that they are one of the largest and most popular ISP here.

    And that makes a difference because ... ? Microsoft if very popular,
    yet they produce mostly crap. Popularity does not make something
    reasonable. I think it might help get the problem solved if more large
    organizations just put a block on their whole ASN. If that doesn't get
    their attention, then I don't want their mail anyway.

    Losing a large part of their email connectivity might be the event
    necessary to encourage a competitor with more clue to come along and eat
    their lunch. That's a win-win situation for former UOL users as well as
    former victims of UOL abuse. Of course, UOL gets a well-deserved loss.
    This is one kind of problem that competition is very good at solving.
    In the absence of competition, the users are stuck. That's why it's
    actually in your long-term interest for as many services as possible to
    ban UOL's mail. Though it is painful in the short run, if you attract
    more than one competitor, you may even get lower prices out of the deal.
    But the main thing is that you won't be part of the spam problem, and
    people will gladly accept your mail. 

    --
Seth Goodman
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Roberto C. Sanchez: "Re: how to get k3b back in testing (yes, this sounds familiar)"

    Relevant Pages

    • Re: mail 2.0
      ... it is a no-brainer to avoid spam. ... usenet died as a social forum because there are no access controls. ... livejournal has a very active abuse department. ... sort of governing authority. ...
      (comp.mail.mime)
    • Re: How to trace email senders domain ?
      ... Communications" in San Jose CA and the abuse reporting address is ... they can contact the owner of the machine to have them take it off line ... inject the mail in to the mail delivery system. ... that why may not be effective and in fact may expose you to further spam. ...
      (comp.os.linux.networking)
    • Re: 1279-Work at home as an Internet research assistant!
      ... > You want that I should go to the affiliate website and file a spam report ... You can clearly read IP addresses; report it to the NNTP ... news.admin.net-abuse.sightings so there's a record of ongoing abuse. ... invalid mail that ISP will have to process. ...
      (alt.marketing.online.ebay)
    • Re: Brad Jesness and Reply to anonymous stalker
      ... NONE of the people who are claimed to be my friends are ... and HIS anonymous stalking, abuse domains. ... List of CABAL Internet Spam Abuse Domains ... Thanks -- Brad Jesness ...
      (sci.psychology.psychotherapy)
    • Re: Small request for those who are tired of people like eleaticus and retchier.
      ... > The spam has got to stop. ... > message gets sent to the abuse mailboxes of the requisite ISPs. ... That will show the real ISP and any specific abuse addresses. ... Vote often. ...
      (sci.physics)