Lou Katz <lou @
> In response to most spams, I immediately block the entire Class C
> set of netnumbers from which the spam originated. Since I can,
> I block ALL packets, which I just throw away, causing the offending
> site to timeout, rather than gettting a service refused response.
> This blocks DNS lookup, Finger, SMTP, etc. I believe that
> raising the pain threshold for sites that harbor spammers by making
> their services somewhat less useful for their legit customers (if any)
> is a useful and legitimate response.
A significant portion of the spam I receive comes from sites like AOL
and att.worldnet.net. Even though I could block traffic from these
sources, I'm not sure I would want to.
> I also think that if each of us send a single, lengthy message to
> the sites involved for each spam received, the return traffic should
> also increase the pain on the source and its providers.
If our subscribers did this to one of our lists or our home site, most of
us would be mad as hell. I don't think we're better than the rest of the
net community, and can come up with precious few instances where mailbombing
is a good idea.
But I do think that the list management community may need to come up with its
own solution to the problem, since so far the net community as a whole hasn't.
In general, I see several different situtions, each of which may require
a different response.
1. The site management is an active and willing participant in the spamming.
In this case, I think that some form of dire sanction needs to be applied,
blocking the entire domain is OK by me. I don't see where e-mail
bombing the site is likely to be effective, though, especially because
such a site might configure itself to ignore that kind of attack anyway.
(I'm not an expert on this subject, but isn't it possible to block
some forms of traffic in certain directions, which could include
2. The site management is aware of the spamming, not an active participant
but tolerant of it. Blocking might be a solution here, and sending
e-mail bombs might actually be more effective than in the first case,
if that's what it takes to get their attention.
3. The site management is unaware of the spamming, and possibly willing to
take steps to deal with it once alerted. Unless spam constitues a
major portion of the traffic from this site, in which case it may more
properly belong in one of the first two categories, I don't think that
blocking is advisable, and mail bombing is likely to be less effective
than a politely worded advisory and request for action. The more
willing that the site management is to take action, the less likely I
am to want to block traffic from it.
4. The site is an unwilling participant, through any of several security
holes. I could see blocking as a short-term fix until security is
improved. I think that mail bombing just exacerbates the problem at
that site, though.
5. The site isn't really involved, it's being spoofed or forged into
headers. I'm getting out of my technical depth at this point,
spoofing may not be happening all that much in real life, but I'm
trying to come up with a fairly complete taxonomical breakdown, so
I needed to cover this variant. In the event of either spoofing or
forging, neither blocking nor mail bombing is effective, it's not
even clear to me that alerting the site management would always help.
A further problem is the load on the net providers to the sites being
affected. In the long run, the most effective form of enforcement may
be for the IP community (the carriers) to refuse to do business with
spammers, an updated and enforced version of the 'acceptable use' guidelines
if you will. Even that might not help entirely, anyone who has ever gotten
a nasty message with instructions to call area code 809 might have
discovered that the phone companies of the world mostly tolerate this abuse
of their billing system.
The best solution to me is still some kind of authentication system, to
establish certainty as to both the origination and author of all messages.
which may be technically impossible and in violation of the US Government's
archaic encryption rules anyway. And I'm not sure it couldn't be perverted
by willing spammers, too. (And does this raise First Amendment concerns?)
If this could be tied into some kind of transfer of payments system, so that
unsolicited e-mail is paid for by the sender on a per-address basis rather
than $19.00 per month (or whatever), then spam mail could become a problem
of the past, except for bulk marketers who can afford it. My e-mail box
becomes more like my postal mail box at that point, over half of the mail
I receive most days is bulk rate mail. Thank heaven that isn't true for
my e-mail box, at least not yet. And the ultimate transfer of payments
system would pay ME for receiving such mail, or at least credit my account
at my IP. Hell, I might even read some of it at that point!