Comment ISPs can act more proactively (Score 2, Interesting) 304
ISPs do need to more closely monitor mail that is sent from their subscribers computers--not the content but the destination and headers. Similarly, ISPs need to filter incoming mail as described below. I am glad to see an ISP like BigPond taking some step though I think they could more narrowly tailor their efforts.
Right now three domains owned by members of my family have been chosen by spammers as the forged source domain for their spams, which are primarily sent to AOL, MSN, Yahoo. Working with AOL's postmaster team (which took a long time to find), we have determined these messages originate all over the world from a number of machines on many dozen ISPs and universities--directly from clients on those networks, not mail servers. AOL says there isnt a thing they can do about it (apparently even thousands of spam messages aren't a lot for them and no filtration process exists to, say, block any email which purports to originate from a domain but doesn't originate from the ip address of that domains email server) and I should contact each network directly (a daunting task since no one reads postmaster emails anymore).
Meanwhile, AOL's, MSN, Yahoo, etc. postmaster account sends hundreds of rejected messages to our domains daily.
The spammers' chosen method seem to be to create a relay on these public access networks. Chose a random source domain (which remains relatively constant) and then apply a number of random email account names to create a forged source. Then send to every possible subscriber at a major ISP in small but continuous batches.
Short of requiring authenticated emails, it would still seem relatively easy to detect this spam both leaving and coming in to an ISP:
-- mail is being sent directly from a client and not relayed either through the ISPs mail server or another relay which matches the reply to domain.
-- mail from the same machine continually iterates reply-to names
-- if 100s of messages are being rejected, then logically 1000s must be successfully sent--which means these machines should be more than a blip on ISPs server logs.
-- while messages come in waves, they continue throughout the day (and mail sent by humans is sent in small batches usually during waking hours)
What I would really like is a registry, perhaps tied to my domain registrar, wherein I can register the mail server(s) of my domain(s) and other ISPs can do a lookup for incoming mail and block email which isn't relayed through that mail server/IP address. This simple method would stop all my spam--at least until spammers find a new method.
Right now three domains owned by members of my family have been chosen by spammers as the forged source domain for their spams, which are primarily sent to AOL, MSN, Yahoo. Working with AOL's postmaster team (which took a long time to find), we have determined these messages originate all over the world from a number of machines on many dozen ISPs and universities--directly from clients on those networks, not mail servers. AOL says there isnt a thing they can do about it (apparently even thousands of spam messages aren't a lot for them and no filtration process exists to, say, block any email which purports to originate from a domain but doesn't originate from the ip address of that domains email server) and I should contact each network directly (a daunting task since no one reads postmaster emails anymore).
Meanwhile, AOL's, MSN, Yahoo, etc. postmaster account sends hundreds of rejected messages to our domains daily.
The spammers' chosen method seem to be to create a relay on these public access networks. Chose a random source domain (which remains relatively constant) and then apply a number of random email account names to create a forged source. Then send to every possible subscriber at a major ISP in small but continuous batches.
Short of requiring authenticated emails, it would still seem relatively easy to detect this spam both leaving and coming in to an ISP:
-- mail is being sent directly from a client and not relayed either through the ISPs mail server or another relay which matches the reply to domain.
-- mail from the same machine continually iterates reply-to names
-- if 100s of messages are being rejected, then logically 1000s must be successfully sent--which means these machines should be more than a blip on ISPs server logs.
-- while messages come in waves, they continue throughout the day (and mail sent by humans is sent in small batches usually during waking hours)
What I would really like is a registry, perhaps tied to my domain registrar, wherein I can register the mail server(s) of my domain(s) and other ISPs can do a lookup for incoming mail and block email which isn't relayed through that mail server/IP address. This simple method would stop all my spam--at least until spammers find a new method.
