more on 4 Rivals Almost United on Ways to Fight Spam

[David Farber <dave () farber net>]

Begin forwarded message:

From: rsk () gsp org
Date: June 28, 2004 9:35:55 AM EDT
To: vijay gill <vgill () vijaygill com>
Cc: David Farber <dave () farber net>
Subject: Re: [IP] more on 4 Rivals Almost United on Ways to Fight Spam

[ I have rearranged the order of Vijay's comments, hopefully in
a way that helps my response make more sense. ---Rsk ]

On Thu, Jun 24, 2004 at 08:56:31AM -0400, David Farber quoted:
> From: vijay gill <vgill () vijaygill com>
>
> For some numbers, please see the presentation by Carl Hutzler, director
> of anti-spam at AOL, given at NANOG in chicago a some months ago.

I'm well aware of Carl's work: much to his, and AOL's credit, Carl has
followed in the footsteps of his predecessors by being an active
participant in Spam-L, the Internet's primary anti-spam forum.
The interaction has been, I think, mutually beneficial to everyone:
Carl has taken away ideas that AOL is implementing, and we have
gained a better understanding of the particular problems they face.
NOT that everyone agrees on everything: they don't.  But peer-to-peer
dialogue is happening and progress is being made.

Unfortunately, Carl/AOL are rather unique in this regard.  Some  
examples:

        - Nobody from Comcast has been observed there.
        - The one person from Verizon who *was* there has announced
                that he's resigned his position.
        - The one person from Yahoo abuse was laid off several
                years ago.  Nobody has been seen since.
        - Nobody from Microsoft has been seen there in years.
        - I don't recall ever seeing anyone from Hotmail there.
        - Nobody from UUNet has been seen there in years.
        - and so on.

The fact that these operations have chosen not to participate in the
Internet's primary anti-spam forum speaks volumes about their complete
lack of committment.

> Do we have any hard statistics on this?  I work for one of the above
> and we fight internal spam hard.

Frankly, I don't care about your internal spam: that's between you
and your customers.   I care about (a) spam that you are emitting
to the rest of the Internet and (b) any abuse-support services that
you are providing: DNS, hosting, mailboxes, connectivity: any kind
of service being used in any way by any spammer/abuser.

Since I don't know which ISP you work for, I can't say how much
of (a) or (b) your ISP is responsible for.  But you can easily
find out by checking either SPEWS (www.spews.org) or Spamhaus
(www.spamhaus.org), among other resources.

> Of course to be fair, we would need
> to get the results normalized by the subscriber base.

I'm sorry, I don't buy the abuse-proportional-to-size rationale.
To be "fair", it should be INVERSELY proportional to size, since
large ISPs are vastly better situated to handle it than small ones.

They're also capable of doing far more damage to the rest of the  
Internet.
(Even if every system I run was completely hijacked by spammers and
sent traffic at maximum rates, they couldn't pump out in a year what
Comcast sends out in a day.  I just don't have the bandwidth or CPU.)

For example, all the ISPs I mentioned above could easily afford to run
24x7 abuse control centers staffed by as many experienced professionals
as necessary.  The costs to them are trivial. [1]

But this is not what they have done.  Examples: both Hotmail and Yahoo
are legendary for repeatedly demonstrating absolutely complete  
cluelessness
in handling abuse reports.  Read NANAE [2] for as many thousand examples
as you'd like.  Comcast has gone one better: they simply allow their
abuse mailbox to fill up (at the 100,000-message mark) thus making it
impossible for the hundreds of millions of victims of  
Comcast-facilitated
abuse to even complain about it. [3]

        [ Let me also note in passing that when I took the time to
        repeatedly warn Comcast of the exponential increase in spam
        from their network in the spring of 2003 that I received
        nothing other than their standard ignorebot response.  They
        chose to deliberately discard careful documentation of the
        problem and to do NOTHING.   My experience is far from unique:
        they ignored all of us because we were telling them something
        they didn't want to hear.  So did Verizon.  So did Charter.
        So did Roadrunner.  So did Adelphia.  So did (...) ]

Think about this for a minute: the entire rest of the Internet is trying
to do their job for these ISPs and to provide them with the information
they need in order to stop their network from abusing everyone else.
This shouldn't even be necessary: they should already KNOW that this
is happening just by paying attention to what their own networks are  
doing.
But since they're clearly not, all they need to do is read their
"abuse" mailbox and act on what they find there.  (Immediately, of  
course.
Even a 24-hour delay is obviously unacceptable.)

And they have FAILED to even do that.

That's pathetic.  And I'm not interested in any excuses or  
justifications
for this failure -- not any more.  Whether it's incompetence,  
negligence,
or active support of abusers makes no difference to what I and hundreds
of millions of other Internet users have to put up with all day, every  
day.

        "Sufficiently advanced stupidity is indistinguishable from malice."

> I keep hearing about how several of the above are primary sources,
> but rigorous data are hard to come by.

Hard numbers?  How many would you like?  Exhaustive and anecdotal  
reports
have been published over and over and over again on NANAE [2], Spam-L  
[4]
and other anti-spam/abuse forums.  Don't you read them?  If not, why  
not?

        [Aside: every one of those major ISPs should have personnel
        whose job consists of nothing but monitoring those forums 24x7
        and using the information found therein.  Especially because
        they are absolute goldmines of useful research *done by other
        people using their own time and money*.  Enormous amounts of
        abuse could be stopped very quickly with a very small investment
        just by doing this. ]

But since you don't mention which ISP you work for, let me throw a
few random statistics on the table:

        - A quick check of my own data shows

                - at *least* 1500 spammer dropboxes on Hotmail
                - at *least* 100 on Comcast
                - at *least* 150 on MSN
                - at *least* 2000 on Yahoo
                - at *least* 200 on Earthlink.

        Note: those are *just* the dropboxes.  This doesn't take into
                account all the other abuse support services they're
                providing such as web site hosting, DNS, etc.

        Note: those are *just* the ones that I happened to have noticed
                and happen to have handy at the moment.

        Which means that they represent only the tip of the tip of
        the iceberg of spam/abuse support provided by these ISPs.

        I don't bother reporting them anymore: why should I?  Since
        carefully-prepared reports (done on my time, at my expense, and
        documenting the abuse and the relationship to the dropbox)
        filed with their abuse desks have resulted in (a) ignorebot
        responses and (b) no action, why should I?  Why should anyone
        else, for that matter?  Clearly, these ISPs have no intention of
        lifting a finger to remove their spamming parasites.

        Again: read NANAE for as many thousand examples as you like.

        [ Aside: on very rare occasions, some people have actually
        managed to be persistent enough to cause some action to be
        taken.  But (a) it's far too slow -- since spammers only
        need a dropbox for 24 hours to profit handsomely from it and
        (b) nothing at all has been done to prevent the same abusers
        from signing up for service again and again and again.  The
        business and operational model for several of these ISPs
        is clearly broken. ]

        - Comcast continues to trail only the entire country of China
        in terms of attempted spam delivery here.  (It passed Korea
        a few months ago.)  For example, on one small mail server with
        26 users, the anti-spam measures blocked 1280 spams from Comcast
        over the last 8 days.  That's about 50 each.   Note please: those
        are just the ones that were blocked.  That number doesn't include
        all the ones that got through, and that's a substantial figure,
        because this particular server has rather loose spam-blocking
        in place.

        During the same period, that server refused 1644 spams from China.

        By the way: over this past weekend, a discussion on NANAE [2] has
        started over whether or not anyone has observed any slackening
        in the torrent of abuse that's been outbound from Comcast for
        the last 1.5 years.  Early reports appear mixed.

How many more numbers would you like?

And what's the point of my producing them?  All but one of these ISPs
(AOL) have no intention of actually *doing* anything: if they did, they
would have already done so, years ago.  They would be leaders in the
fight on spam/abuse, instead of leading producers/facilitators of it.

---Rsk

[1] Comcast bid $56 billion for Disney a few months ago.  Clearly,
they're not hurting for cash, and could easily set up a professional
abuse control center for .01% of that.

[2] NANAE:  
http://groups.google.com/groups?safe=off&group=news.admin.net- 
abuse.email

[3] Mail to abuse () comcast net, the designated RFC 2142 mailbox for abuse
reporting issues, has resulted in:

        <abuse @ comcast.net>
        Permanent Failure:  
+522_mailbox_full;_sz=570968404/629145600_ct=100000/100000
        Delivery last attempted at Tue,  9 Dec 2003 01:49:57 -0000

Let me decode that for you.  "sz=570968404" means that there are 571
MEGABYTES of unread mail in the Comcast abuse mailbox.  (However, it
hasn't reached the mailbox size limit of 629 meg.)   "ct=100000/100000"
means that it HAS reached the limit of 100,000 messages.

This is not the only time this has happened: see NANAE for repeated
reports.

[4] Spam-L: http://www.ot.com/~dmuth/spam-l

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/