Re: How's this for fun?

[Gary Warner <gar () askgar com>]

Logan5 wrote:

> I ran into a similar situation with an ISP here in the states, I won't
> name them (but they're in the SOUTHWESTERN area, a daughter of BELL) who
> blocked tcp port 25 from dialup clients (okay, this was years ago).  We
> routed through at least 3 different levels of tech support arguing about
> our business salesman trying to send email via the company server and got
> nowhere.  It wasn't until we contacted their marketing department and
> asked about their advertisement for "unlimited internet access" that
> corporate pressure was applied, and our man was able to send email (or at
> least telnet to tcp/25, email RCPT TO:'s became an issue...).

I've dealt with similar issues regarding mail.  At one point I 
reluctantly agreed to help a university do a web-based survey of their 
alumni's views of their university as compared to other universities of 
national renown.

The mailing list contained 190,000 email addresses.  So, yes, I became a 
temporary spammer.  Supposedly all of the emails on the list were people 
who had registered with the alumni office.  I spoke to several of the 
alumni, and gained the impression that the alumni office really did have 
a "legitimate list" and that the alumni really wouldn't mind being 
surveyed (after all, they DID join the alumni association, and paid dues 
to do so). And actually, I received less than a dozen complaints from 
the list.  The problem was that after agreeing to do this, I found by 
trial and error that my ISP was blocking all emails that contained more 
than 150 destination addresses. 

After HOURS of fighting with them in technical support, I decided to do 
what the spammers do.  I wrote a script which sent the 190,000 emails, 
one at a time, to all of the addresses.  I rate-throttled them out of 
politeness to my ISP, so that the send went on for more than a week, 
rather than blasting them all out the same day.

Of course about 70,000 of those emails were bad.

The problem with the ISPs blocking method was:

- 1 - they didn't tell their customer
- 2 - it doesn't stop someone from being abused to send 1 million mails 
a day after becoming a "bot"
- 3 - they have no means of telling "good" mass mail from "bad" mass 
mail.  I can think of MANY business situations where someone might need 
to send more than 150 people the same email without it being "spam".

The "choke" limit didn't used to be this high, as I ran a mailing list 
with more than 650 participants for years on this same ISP, so it was an 
"unnotified change in terms of service" in my opinion.

Very frustrating,

_-_
gar the spammer
(haha!)
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.