Outlawing free email

[Larry Gude]

Ok...

The vast majority of spam comes from overseas - we get IPs from Amsterdam, Brazil, Mauritania....all over the place. You can't block foreign IPs across the board, and you can't stop other countries from providing free email. But we can stop free, unfettered email in the US. Then it's easier to filter on your own computer and it's easier for services (such as the Somd.com forums) to block spammer registrations.

...won't the spammers just move to the overseas free e mail accounts? In other words, doesn't it need to be universal?

Certainly I don't much know how it works anyway. Just a thought.

 

[vraiblonde]

...won't the spammers just move to the overseas free e mail accounts? In other words, doesn't it need to be universal?

Overseas freemail accounts are easy to block - I do it all the time. You just say that nothing from @overseasspammer.com can come through your network. Or you can blacklist the whole IP block.

 

[Larry Gude]

10-

Overseas freemail accounts are easy to block - I do it all the time. You just say that nothing from @overseasspammer.com can come through your network. Or you can blacklist the whole IP block.

4...

 

[RadioPatrol]

I'm surprised legislators haven't thought of this in response to the overwhelming amount of spam that clogs up the internet.

99.99999% of all spam comes from a free email account - Yahoo, Hotmail, etc. - because spammers know using their primary email address to send spam will get them caught.

99.99999% of all internet connections come with an email box. So it's not like you HAVE to have some freebie account in order to send and receive email.

Even Gmail is becoming a spammer tool. You need an invitaion from another member in order to get an account of your own. This was supposed to cut down on abuse. But it only takes one spammer to get a Gmail account, then they send out invitations to other spammers, who send to other spammers, and now the whole initial idea is kaput.

We offer free email through Google on Somd.com, but we manually process account requests. If you're from outside the US, you're not getting an account. If you come to us from a blacklisted ISP, you're out of luck.

I don't see why other providers can't take these precautions.

Discuss.

changing email addresses is worse than moving I was an Earthlink user from way back 1996 ? and on Dial up for about 6 yrs till @Home started offering Cable Internet in 2000 ...... i am subscribe to so much stuff - Tech Emails and such ....... I swore I'd never do that drill again, plus my email stays @ Yahoo, Netscape, Gmail, Hotmail - and never gets downloaded to my PC

Until I get my own Domain and a Fixed IP and a running mail server (I have a SBS 2003 box running for training)

I'll Keep my web mail thanks .......... oh and I don't lose my mail if my computer crashes, like POP3 to Outlook Express or Full Outlook

yeah I know I can backup a PST file - been there done that for customers ......


It all comes down to responsible Net Use ....... most of the spam, come from Compromised Systems ie Viruses, Spyware / Adware - clueless lusers who do not know how to maintain their PC's .......

 

[RadioPatrol]

The problem with that is there are too many people who use it legitimately. If you block all Yahoo, Hotmail or Gmail accounts on your computer, you're going to lose a lot of email that you want.

And if ISPs did that there'd be hell to pay. They'd have to hire a hundred people just to field the support phone calls from people who aren't receiving email from their family, friends, etc.

like when AOL 2 yrs ago change their email Policy, and I had to run around getting Clients AOL Email working again ......... basically you had to submit a request or verification ........ I cant remember the details now, but suddenly clients were not getting email from their customers that had AOL and It had me jumping through Hoops

I was like " fricking call AOL" its not my policy

 

[RadioPatrol]

it really pizzes me off so I would vote for instant death penalty for spammers. I have my home email that I give to people and I have a yahoo email I use to register for things or on forms. My yahoo account is blasted everyday but now my home email is as well and I never use it for anything internet related. I have tried filters, rules wizard deleting anything penis, viagra, cialis, errection or anything from a foreign url and they still get through. Cialis, viagra, stock tips, free vacations, Bank Of America phishers, PayPal phishers, it goes on and on and on.

Shoot them all and let Bill Gates sort them out.

Yahoo does a good job filtering out SPAM Untill a new wave of trojans / viruses comes out ...... than i may get a couple odd things but I tag'em yahoo bags'em and its all over but the fat lady

 

[RadioPatrol]

Most ISPs batten down their hatches so unauthorized people can't relay through their network. Those that don't are typically blacklisted.

yeah keeping off of Spamhaus list was always a fun task - I had a client that was an FMO - w/5000 agents so they sent a lot of email ........ generated through a 3rd party Html Email Generator

they got black listed a couple of times ( Wanker Office Drone opened a 0 day virus and Norton Corp didn't catch it "I knew I shouldnt OPEN this EMAIL but I did anyway" ) so his PC was trying to make all these port 25 connections ............

suddenly all the Agent Reps were getting bounce backs ........ from other companies subscribed to SBL or some other Spam Prevention Org.

 

[CAE]

99.99999% of all spam comes from a free email account - Yahoo, Hotmail, etc. - because spammers know using their primary email address to send spam will get them caught.

NO! Spam LOOKS like it comes from hotmail, yahoo, etc. When you send a mail you can put whatever return address on it that you like... it's not very well policed on the internet. It's like me sending nasty anonymous letters and using YOUR return address!

For one domain I'm responsible for, we get about 250,000 email/day, of which 95+ percent is garbage. A good chunk of it comes from Hong Kong, Argentina, Brazil, Romania, and Czechoslovakia. They can use whatever return address they want.

If you're in the business of sending in excess of a million emails per day, you won't use a free mail service.... the volume just ain't there. These guys have very sophisticated, high volume infrastructure to pump out email.

The solution isn't in legislating free email (tough to legislate anything on the Internet!). ISPs must agree an a standard to verify that emali originating from a specific IP address has authority to originate the specific email. Sender Policy Framework (SPF) addresses this, but it's not comprehensive enough.

The easier solution is to develop more sophisticated filters and techniques for eliminating the unwanted mail. Greylisting, realtime blacklisting, and heuristic/Bayesian filtering go a long way towards keeping the junk out of your mailbox.

Ironically (given the subject of the original post) most free email providers have excellent anti-spam technology. Hotmail is OK... Yahoo is better, and Gmail is outstanding. Google recently bought Postini and theirs will only get better. if you don't like spam, start using a gmail account!

 

[vraiblonde]

NO! Spam LOOKS like it comes from hotmail, yahoo, etc. When you send a mail you can put whatever return address on it that you like... it's not very well policed on the internet.

No - we get a ton of it that actually COMES from a yahoo or hotmail address. They register for these forums and approve their confirmation email, so it's a valid account.

The really bad stuff "looks" like it comes from eBay, BoA, PayPal, etc., not yahoo and hotmail.

 

[Severa]

Dunno what you guys have for hardware but our two comps (my husband the gamer runs XP, I run Linux) sit behind a Linksys broadband router. That seems to keep out a lot of the crap. We don't use the ISP emails, we stick with Yahoo and Gmail. Both tend to do really good jobs on spam catching/removal.

 

[JEB]

Does anyone know how much an email address is worth?
These spammers must be making a profit. Or at least the people who sell mass mailing software to spammers (picks and shovels to the 49'ers.)
Or how many emailings does it take to earn one buck from the suckers?

 

[CAE]

No - we get a ton of it that actually COMES from a yahoo or hotmail address. They register for these forums and approve their confirmation email, so it's a valid account.

The really bad stuff "looks" like it comes from eBay, BoA, PayPal, etc., not yahoo and hotmail.

Sorry... it may have a yahoo or hotmail return address, but it did not come from yahoo or hotmail severs. If you check the mail headers you'll see that I'm right here (99.999% of the time!); if you use Outlook, you can look at the the headers by right clicking on a message and selecting 'View Options' or 'Message Options' (depending on the version of Outlook you're using).

Here's an example: Let's say you're not happy with President Bush. So you decide to write him a nasty letter. After you're done, you feel better, but realize that your threatening overtones might not be appreciated by Mr. Bush and the Secret Service. After much consideration, you feel compelled to send the letter anyway knowing that the president will certainly change his ways upon reading it. To avoid any entanglement with the Secret Service you astutely put *MY* return address on the envelope and drop it in a mailbox on the other side of town. When the Secret Service begins their crackdown, the first place they show up is in MY driveway!

It's the same with email... essentially, you can put what you want in the 'return address' of any email you send. Most ISPs do not verify if your IP address is allowed to originate mail for that domain or not -- this is the root of the spam problem!

 

[CAE]

No - we get a ton of it that actually COMES from a yahoo or hotmail address. They register for these forums and approve their confirmation email, so it's a valid account.

The really bad stuff "looks" like it comes from eBay, BoA, PayPal, etc., not yahoo and hotmail.

In fact, here's a good example:

Delivered-To: me@mydomain.com
Received: by 10.65.53.5 with SMTP id f5cs214363qbk;
Tue, 2 Oct 2007 05:57:29 -0700 (PDT)
Received: by 10.90.29.18 with SMTP id c18mr137589agc.1191329846788;
Tue, 02 Oct 2007 05:57:26 -0700 (PDT)
Return-Path: <rene039@hotmail.com>
Received: from ?59.93.3.215? ([59.93.3.215])
by mx.google.com with ESMTP id 39si5630328hse.2007.10.02.05.57.23;
Tue, 02 Oct 2007 05:57:26 -0700 (PDT)
Received-SPF: fail client-ip=59.93.3.215;
Authentication-Results: mx.google.com; spf=hardfail smtp.mail=rene039@hotmail.com
Received: from [59.93.3.215] by mx4.hotmail.com; Tue, 32 Sep 2007 12:53:00 -0800
Message-ID: <0585ffa4$0585fe00$d7035d3b@rene039>
From: "Willis Tate" <rene039@hotmail.com>
To: <me@mydomain.com>

=============================

When you look at this email in Outlook or what ever client you use to read mail, it looks like good old Willis Tate sent it from his hotmail account...

but what's key is the IP address that it originated from, 59.93.3.215, which clearly does NOT belong to hotmail... gmail (where my mail lives) further verified that by these two lines:

Received-SPF: fail client-ip=59.93.3.215;
Authentication-Results: mx.google.com; spf=hardfail

I tried to find this IP and can't. You can trace it to a Teleglobe facility in Santa Clara, but the trail stops there. Teleglobe serves a lot of international customers and my guess is that this IP lies somewhere on the other side of the Pacific (Hong Kong or Singapore would be my first choices).

So, it looks like it came from hotmail, but it didn't. Hotmail was NEVER involved... too bad for them because everyone points the finger and it's not their fault!

 

[bcp]

since the U.S can not regulate what other countries do with their email, you are only insuring that more american jobs are outsourced overseas.

 

[crabcake]

I've had no fewer than 12 mailing addresses in the last 11 years; however, I've been able to keep the same email address in that same timeframe thanks to Hotmail. I agree that spammers abuse the hell out of it and ruin it for those of us with a legitimate need/desire for a web based email account ... maybe they can find a way to legitimize/validate accounts when they're set up beside peer referral (e.g. gmail). Hell, I'd be willing to pay a one-time flat fee for my hotmail accout to validate it.

Also, I used to use MSN for my mail when I had it as my ISP, and it sucked! I've never liked using Outlook and such for my personal email needs. I like knowing that anywhere I go, my email can be accessed from there as well.

 

[David]

Actually, I believe most SPAM comes from the U.S.

Very little SPAM is sent using real email accounts. Most of the return addresses are bogus or stolen -- stolen as in they use some innocent person's real email as the return address. Using a real return address helps get it thru some spam filters.

Some SPAMMERS simply rent server space from any ISP willing to sell it to them. Money talks. Many of these servers are overseas in poor countries.

A great deal of SPAM these days comes from zombie computers, i.e. some idiot gets a PC, doesn't know the first thing about protecting it with firewalls and anti-virus software...they open some SPAM or go to a fradulent website that installs software that turns their PC in a remote zombie for some spammer.

These guys controls tens of thousands of zombie PCs across the world. When they want to send SPAM, the zombie network goes to work.

It has gotten so bad that the FBI announced a few months ago that they were going to start contacting these people who have been compromised and help them clean up their act. Personally, I would make it illegal for these people to own a computer for 5 years for each time their computer was compromised.

These zombies are also used to launch DoS attacks against servers. Since the attack comes from 1000's of different IP addresses, it is virtually impossible to stop them.

It is very easy to catch the people who pay for the SPAM to be sent out. Even though the return address is BS and it usually comes thru a compromised PC, 9 times out of 10 spam messages include a URL they want you to visit. Whoever owns that URL is who paid for the spam. Arrest them!

The only spammers/scammers that use real emails are the ones who need a response from the people they are trying to SCAM. In our experience, they usually use Yahoo. See: - KnowledgeBaseSouthern Maryland Online Support Center

 

[RadioPatrol]

A great deal of SPAM these days comes from zombie computers, i.e. some idiot gets a PC, doesn't know the first thing about protecting it with firewalls and anti-virus software...they open some SPAM or go to a fraudulent website that installs software that turns their PC in a remote zombie for some spammer.

 

[AndyMarquisLIVE]

I'm surprised legislators haven't thought of this in response to the overwhelming amount of spam that clogs up the internet.

99.99999% of all spam comes from a free email account - Yahoo, Hotmail, etc. - because spammers know using their primary email address to send spam will get them caught.

99.99999% of all internet connections come with an email box. So it's not like you HAVE to have some freebie account in order to send and receive email.

Even Gmail is becoming a spammer tool. You need an invitaion from another member in order to get an account of your own. This was supposed to cut down on abuse. But it only takes one spammer to get a Gmail account, then they send out invitations to other spammers, who send to other spammers, and now the whole initial idea is kaput.

We offer free email through Google on Somd.com, but we manually process account requests. If you're from outside the US, you're not getting an account. If you come to us from a blacklisted ISP, you're out of luck.

I don't see why other providers can't take these precautions.

Discuss.

Gmail's gotten really bad.