"Spam trail uncovers junk empire"

This is an interesting article and probably quite discouraging for the ones that try to fight back against the spammers (like I do on a very small scale).

http://news.bbc.co.uk/2/hi/technology/5371078.stm

A few quotes:
“Every day for 14 days the spammers behind the junk mail campaign pumped out more than 100m messages.”

“Analysis of the net addresses where the e-mail messages originated showed that more than 100,000 hijacked home computers spread across 119 nations had been used to despatch the junk mail.”

Have these people never heard of Comodo?

“To try to beat anti-spam techniques that look up the net address from which spam originates to see if it that location has a reputation as a spammer, many of the machines used to send the mail had been recently hijacked. Analysis showed that many had only been taken over in the last 30 days”

So, in about a month these !#$%&**!! spammers gained control of the majority of those 100.000 PCs that were used in the attack. Is it that easy? Almost frightening!
How many do you think scum like this controls in total? Many, many millions, that’s for sure.

Is there no way to hit spammers were it really hurts? >:(

There is actually only ONE way (that I know of) that works to get rid of spam.

Every single one of those messages should be forwarded to the appropriate isp’s abuse dept. If it’s a drone-infected computer, it should be put offline anyways, until it’s cleaned up.

When the price of spamming is that you loose your internet-feed, the spam stops, by natural selection.

HOWEVER, you should always make a copy of the abuse mail, and send to the upstream ISP of the company BUYING “bulk mail services” from these spammers. Those “customers” should be put off line aswell, permanently.

This way the spam business will evaporate into nothingness.

All it takes, is one minute per mail, reading the headers, instead of just clicking “delete”.

//Svein

That’s all true…in theory. All it takes is the full cooperation of every ISP.

I already use Abuse, http://spam-abuse.sourceforge.net/, to send complaints. Some providers are active (and do send a confirmation after taking action against the spamming customer), but many don’t even bother to send a reply at all (Chinese providers for example). And perhaps\probably don’t do anything. I’m sure some providers turn a blind eye.

And why should they care about spam, if no one takes real (legal) action against them?
It’s all about the money. What’s a complaint (or 10 or 100) against the income they get from their customers?

If the provider doesn’t answer, perform a quick traceroute towards the ISP, and abuse-mail the upstream provider. And upstream again.

This method will selectively breed responsive ISPs, because non-responsive ISPs will be disconnected from the internet.

Been doing it this way for several years (I used to handle the abuse@ mailbox for a rather large .no isp. No we did not have any automatic response system. No I didn’t have help. Yes: Every complainer got a response within 72 hours. Most responses were “our flow-logs match your complaint, customer disconnected until investigation completed”.

When I handled “sub-ISPs” who were non-response about spam, I usually disconnected them, then called the CEO on his cellphone to inform him why they were disconnected, and that they would remain disconnected until I received a fax detailing how they were handling the non-responsive abuse-dept, and how they were making sure I never heard about this kind of problems again.

They were usually very quick about solving it, since they lost money while disconnected. Most of the ISPs large enough to have other, smaller ISPs as customers have an effective abuse-dept, and will handle it this way: That is why you should complain to the upstream ISP if you don’t get an answer.

//Svien

I know where to hit them and it hurts!

Funny thing, I have had almost 15 hijacking attempts on my Hotmail page, took screen shots, e-mailed support, no doubt, it’s an attempt. Wants me to log on when the page looks different, but I refuse the changed cert so no go. Anywho, I finally after 2 weeks, get final notification from Hotmail, get this…

Clear my browser cache, and cookies, it’s probably full. ERMMM… then it says, contact the maker of your browser.

Well, I was pretty mad, and told the guy where to put his hotmail. I told him straight out, just because you hotmail flunkies have no idea how to resolve this, you tell me to clear my cookies, and call the browser maker, what a croc! It only happens on the hotmail page!

Only I wasn’t as nice as here. Anyway, if this is Hotmail’s approach to this, they can stuff their email, I don’t like them anyway.

I should have said, do you realize who you are talking to ? I am a Comodo moderator and I demand respect!

So joking aside, this is becoming very serious, very quickly. It’s nice to know places like Hotmail won’t help. (:AGY)

How about Comodo mail! Bingo! Safe!

Paul

Do you have any idea about the costs of running such a mail system?

The expensive part isn’t the storage (disks) themselves, although those are expensive enough, but the BACKUP solution.

There’s a reason why the only serious contender to hotmail is g(oogle)mail. The amounts of data generated by mail users (who are generally abysmal when it comes to cleaning out their mail boxes) is terrifying.

I should know a tad about that. On the servers I remote manage (several small offices running combined mail/web/samba/ipfw setups on FreeBSD), the mail storage generally outgrows the file-storage after a 2 month timespan. Then it continues to grow at the same time, while the samba part keeps relatively static in size. May have something to do with the mail servers being set up for IMAP for the users, and not pop, but telling the users to run pop is like asking them to ignore the need for backup. WHEN (not if) they need to reinstall their wintendo laptops, all their precious pop-mail disappears with the format. And asking the users to run a sensible backup-regime on their laptop, is like asking a (insert favourite religion here) priest to stop preaching. It won’t happen.

So no: I won’t ask Comodo to run a mail service for the users. I like Comodo, and I don’t want to break their economy with the expenses running a decent mail service would give them. I won’t even recommend them to consider that service, for the same reason.

(Besides: Running a webmail service is very expensive in man-hours)

//Svein

Hm. While I understand your intentions, many would like things from Comodo and just to put it on the table here, myself and many others will simply throw things like this in. We don’t mean we “expect” Comodo to do anything of the sort. not to mention I would hope that a simple statement as such wouldn’t prompt Melih to break their economic growth and run out and create this. We like comodo and do wish they had a part in many other areas. This being said, I am “well” aware that Comodo cannot simply jump into a web based mail server, “nor” would I expect them to. We simply state things like that acknowledging that we trust Comodo and wish others were the same. So that said, while your statement is well said and thought out plus very informative, I think you may have taken my statement a bit too serious.

Paul

Nah, nothing like that, the reason I responded like that, is that this kind of suggestion tend to be translated by some users into a “demand” that the poor company does something. I just wanted to defuse it before it became something negative.

Besides that, I think the idea of Comodo providing a mail service would be great myself, because Comodo would probably do things “the right way” and provide webmail + imap(s) and secure smtp (login based, of course) aswell. I would simply LOVE having a serious provider out there offering a serious free mail service, but I see why that won’t happen (because of the cost of such a solution).

Don’t take me wrong, I still think your suggestion is a good one, just not very “doable” because of the costs.

//Svein

Glad to hear , and just to state, it’s not “really” a request as it was a “protest” against Hotmail, loll.

Thanks for the understanding,

Paul

S^ecure C^omodo A^dvanced M^ail
SCAM

ROFL!!! Aowl, I am not sure that having a program called SCAM will help Comodo’s cause!! OMG! lollll. Leave it to Aowl!!

Still ROFL,

Paul

Marketing genious??? : ;D

Maybe comodo could have a mail-server that only have mail-alias. Nothing gets stored on the server, just go through it. The only thing it would do, is scan the mails for malware and spam, and then get forwarded to our private mail. We wouldn’t have to give our private mail-adress away, just the comodo adress. ;D
Like this:
aowl@comodo.com ----> scan in comodo mailserver ----> private@mymail.any

Too expensive anyway?