Thread: Apology to rec.aviation...
View Single Post
  #13  
Old March 29th 04, 12:48 AM
Dudley Henriques
external usenet poster
  
Posts: n/a
Default
I think you and I are in total agreement on these issues. About the ISP's; I
finally chose Earthlink about 3 years ago after going through a bunch of
them where cutoffs and issues were everyday companions. Actually, aside from
the server issue, Earthlink has been a fairly good move for me. They keep
the news server up and running most of the time which is good, and the price
is right (senior discount :-) I don't surf all that much and e-mail and the
newsgroups are my main interest for the computer, so a DSL, or a cable modem
hasn't really come up around the house as an option. The old 56kbs modem
works fine for us.
I think Earthlink got the message after the Swen hit. They got clobbered!!
Everybody was bitching at them to get their act together on the servers.
Everything seems to be working much better now in my area at least.
Those "robots" I was talking about seem to only be part of the problem with
your email address being picked up on the Internet. I understand that it
only takes 1 infected computer owned by someone who has your address in
their address book to start an exponential series of this chain Spam. At the
heart of the Swen mess, I was seeing about 100 of those 143.0kb messages
sitting on the server waiting to be downloaded. There's no way of knowing
whether you getting these originates from an infected address book somewhere
or your email address being un-munged on Usenet. I munged as you can see,
and the number of the bad messages went down immediately to much lower
levels. Also, if I had been picked up by someone with an infected computer,
they might have "cleaned up" their machine of Swen finally :-)) Anyway, I'm
fairly back to normal now and hoping for the best as far as the future
goes!!
Dudley


"Michael Wise" wrote in message
...
In article et,
"Dudley Henriques" wrote:

"Michael Wise" wrote in message
...
In article et,
"Dudley Henriques" wrote:

...
I was well over 100 spams a day, due to having multiple email
addresses,
posting to the news groups a lot, and having a web site with
hundreds
of
individual pages, each with my email on it.

Changing the email addresses would have inconvenienced my
contributors/customers/suppliers/relatives/friends.

However, after some work and about $20 in expense, all but about
50 to
100
spams a day are flushed away and I never see them.

Of the ones I still get, the funniest are the ones supposedly from
the
people who manage the email services for my domain. Since "I" am
the
only
one who manages my domain, I tend to be a bit suspicious!


After the Swen virus hit, I was getting over a hundred a day. I
finally
got
Mailwasher and bounced them all. The robots pick up continious
bounces
apparently...

Not really. The way most of these sorts of viruses operate these days
is
by turning the infected person's computer into a mail relay without
their knowledge. The term for this sort of thing is "owning" a
machine.
They then scan the Outlook and Outlook Express data files as well as
web
cache and mine out all email addresses. The infected machine's new
stealth mail relay mechanism is then used to send copies of the virus
to
every mined address...and it uses a return address of any one of the
mined addresses. Any of the targeted addresses which actually result
in
another infection are in turn going to do the same process. This is
why
these viruses spread so rapidly.


Why should virus writers want to turn peoples' home and business
computers into stealth mail relays? Easy, they are paid to do so by
professional spam gangs who will then turn around and use all these
new
mail relays to spew out their spam. Some 80% is relayed through
"owned"
MS Windows PC's on home cable and dsl networks (some 10,000 "owned
machines)...and some 90% spamvertises Western sites hosted in China.

It never ceases to amaze me how many people using Microsoft operating
systems either don't care or are just to damn ignorant to secure their
machines (with anti-virus software they keep current).

That said, there's a lot ISP's and companies could be doing to stop or
majorly contain such quick and penetrating viral outbreaks. Blocking
this sort of stuff at the mail server or network border are not that
difficult to implement....and should be required of every ISP and it
should be free. I have such protection on all my clients' email
servers,
and it has caught and blocked 100% of attempted virus relays before
they
can make into my customers' mail boxes.


It's only so many sysadmins at large ISP's are too lazy and/or
incompetent, that consumers are left thinking Mailwasher and products
like it are necessary. They are only necessary to make up for their
provider's incompetence.


So what happens when you're using a product like Mailwasher and it
tags
and rejects a virus-infected email? Not much, these sorts of emails
have
forged return addresses 99.9% of the time...and will either go to
somebody who scratches their head wondering why they're being accused
of
sending a virus...or to a bogus address. The same goes for spam. The
only way to tell the real source (well at least the last hop) of spam
is
by looking at the IP which relayed it to your smtp server (either by
looking at your message headers or your mail server's logs).


With that IP address, you have enough info to root out who is
responsible for abuse from that net block and make complaints
accordingly. The user-level anti-spam software is largely worthless in
actually having an effect on stopping that spam from spamming you
again
or rejecting to the right people. It is reasonably effective of
keeping
the garbage out of your mail box...which I guess is as much as most
end-users care about. The fact remains, if the provider did its job at
the server level, you wouldn't need such programs. I know that's a big
"if", but there are plenty of IPS's (as well as email hosters) to
choose
from who actually know a thing or two about blocking spam and viruses.


Of course, you could always get a Mac and never have to worry about
these sorts of viruses. ; )



First of all, my computer is protected by a very good anti virus
program. In
fact, the virus was never an issue for me.

Which is a good thing. It would be even better if the biggies like
Earthlink filtered such viruses such that they never made it to your
mail box in the first place....because for every smart and prepared user
on Earthlink such as yourself, there are probably five who are not.


What WAS an issue were the 100 or
so emails, (infected or not infected) that were sitting on the Earthlink
server just waiting for me to hit the download button so I could sit
here
for two hours waiting for the crap to get downloaded so I could delete
it.
The problem for me, as it was for many others, was the unacceptable
download
time taken to get these bogus emails down to where they could be deleted
without opening them.


Right, and the tools are available to Earthlink which would allow them
to block about 90% of the spam you receive and accurately tag as spam
(but not block) some 90% of the remaining 10%.


I think we all know that the answer to this is for the
ISP to have adequate programs installed on their servers to eliminate
these
problems, but the simple truth is that most do not.


Indeed, but there are always alternate providers or even plain email
hosters who do. People need to speak to companies like Earthlink in the
only language they care about and understand: $$. By customers
continuing to pay for their services, they have little incentive to
change. To add insult to injury, the end-user gets to a point where
he/she has to spend extra $$ for software to bring their mail box back
into something resembling control...when the ISP should be doing that.



My antivirus program (Computer Associates) is completely up to date and
will
catch any virus' infected messages after downloading, but who the hell
wants
to sit on their ass for two hours and wait while all the mess is coming
in
at 56kbs; I sure don't! :-)


Agreed. Just think if Earthlink actually gave a rat's a** about their
incoming spam or the amount of "owned" Windows PCs on their
consumer-grade DSL networks?

Even so, there for years have been tools which will allow you to
scan/read/delete your email while it still sits on your mail server.
That way, you can delete before downloading any messages you don't want.

POPmonitor (http://www.vechtwijk.nl/dev/popmonitor/) and Mail Siphon
(http://www.maliasoft.com/us/mailsiphon.html) are two of several such
tools which come to mind.



After complaining along with a million other people to the ISP's to
install
software that catches all this crap, I, along with a million other
people
out here installed Mailwasher so that we can see what the hell was
sitting
on the server and get rid of the crap BEFORE downloading it.


You can thank Earthlink for that.



Bottom line is that until the ISP's start nailing this stuff on their
servers, the general public is left to programs like Mailwasher to help
them
delete these messes from the server,


Or use an ISP or email hoster who does nail the stuff on their servers.



--Mike