Email is broken

Last night, for the umpteenth time LISHost was brought down by spammers. Several thousand messages to one address and POW, over 100 domains went dark (and this is not a small weak server). Sometimes I'll just sit and watch the UCE (aka, spam) get absorbed LISHost, and the volume is simply amazing. I can only run sa-learn so many times before I just want to give up in disgust. I've got every trick in the book running, RBLs, spassassin, and so on, there's only so much I have the time and money to do.

So when I say "email is broken," I don't mean my email, I mean email. It's broken, and UCE broke it. A few years ago I kept hearing people say things like "oh, I don't get much, I just delete it" or "I don't mind, it's not so bad," well those days are long gone, and I don't know what can be done to fix it. If my server can be brought down because of the amount of spam going to one email address, and there's nothing I can do to stop it, we have a problem.

Most of what I am talking about is illegal unsolicited advertisements from scam artists and assorted other criminals. So I'm equating SPAM with any other type of scam and also with robbery, assault, and everything else evil and illegal. It's done illegally by stealing resources from others with the intent of stealing money from yet other people. It's done by criminals who hide behind the anonymity provided so well be the internet.

How much spam is out there? I don't really know how anyone can even estimate such things. AOL says it blocks a billion messages a day, judging from my inbox @my AOL accounts, I believe them, actually I think they're underestimating. Well over 90% of the total email in my other email accounts I get is SPAM. Other estimates range from 40 to 60% of all email floating through the ether is now spam. I'd say those are conservative numbers. In any case, the majority of email is now trash. My guess is 90% of all the email sent to LISHost is UCE as well.

How are they doing it? From what I've seen there's a large number of dictionary attacks that focus on a few domains on LISHost. They have a dictionary of names (carver, billington, smith, Hartman, crawford) and simply send an email to every name in their list hoping that some will make it through. They do it by using what appear to be computers that have been cracked. They rarely use the same computer to send more than a couple messages to each server. Some of the worst, and impossible to block are actually sent from me, that is, the from: and to: lines are the same in the mail. Some of the other bad ones, though these are most likely the result of viruses, comes from the "lisnews user team" and have attachments that probably open the infected machine to being used as a spam zombie.

So what can we do? As users, as librarians, as educators we are in a unique position to use a wide range of resources to help stem the tide. Through user education we can alert people to what's going on, and what they can do to help stop it. It looks like most of the spam coming into LISHost is from compromised home computers on high speed connections.

I am afraid this, coupled with various other nefarious doings on the internet, will be it's down fall. As things get worse governments, or corporations, will promise to make us safer by slowly tightening down on the openness that has been part of the internet for years. Trading safety for security is an easy sell now, and I'm afraid once we've traded one for the other, we'll lose all the freedoms that made the internet what it is today.

So what are my options? I still have a few, the most drastic being to just give up. Slightly less drastic is to make mail.lishost.org a separate server. Something is going to need to change soon.

But let me finish on a positive note, I have a confession to make. I love AOL.
I just logged into the email account I use as the primary contact for all the domains I own, it's an AOL account I've had for 11 or 12 years now, and I was shocked at the amount of spam I had received. I hadn't checked that account in weeks, and I had 12 new messages, and only 5 of them were SPAM. This was, for me, truly shocking to say the least. I was shocked that I'd only received 5 in several weeks, it doesn't even seem possible. This gives me hope, it leads me to believe there are technologies that are winning in the war against spam. AOL deserves some praise for doing something very well. I have no idea how they are doing it, but they really seem to be winning the war against spam.

Comments

I haven't spotted any emails with viruses in my inbox (then, I usually don't open them), but boy, the online casinos sure do love me.

I have this deep seated fear that all the spam I get in my inbox is really being dispatched through the PACS at our library. I have no control over the firewall at work, so I feel like I'm fighting a losing battle.

Anyway, Blake, kudos on getting things up and running so quickly this morning... That would have put me in a bad mood all day. :)

I've noticed a Spamsplosion in my LIShost account the past month or so. As soon as I get time to share my routing numbers, I stand to make some beeeg bucks!

no it doesn't involve nigeria...
via /.
http://anuragjain.blogspot.com/2004/12/de-spamming -inbox-hard-way-i-have-been.html

Someone posted an article on slashdotslashdot.org> recently on the lasting positive effect on spam ratios that resulted from his server being down for two days.


Apparently some spammers WILL filter addresses that are at (perhaps even temporarily) non-existant domains.


Rather a drastic measure to undertake voluntarily, but perhaps this effect will be a delayed silver lining to your current LISHost outage.