Jump to content
Sign in to follow this  
thebassman

Any way I can help?

Recommended Posts

Hey all,

Fairly new to SpamCop.net - just started reporting spam as of a couple of days ago thanks to some helpful members of this board - finally got it all figured out.

Anyways, I actually work for an ISP, and I work in the department that deals these reports submitted by companies like SpamCop. I'm not sure if you have many members with that sort of "inside look" at the receiving end of the reports, but I'd be happy to answer any questions you have about that. I am in the EUAMT (End User Agreement Management Team) - we generally deal with customers who we have suspended (disabled their internet service) because of complaints like spamming and port scanning.

Anyhoo, just thought I'd say hi. Feel free to ask any questions that I may be able to answer or clarify for you.

B)

Share this post


Link to post
Share on other sites

Welcome, thebassman!

Thank you for participating. Would you care to share your opinion of RFC3912, which obsoletes the requirements for WHOIS contact details in RFC954? Thanks!

Share this post


Link to post
Share on other sites

It would be helpful for some posters to hear it from the horse's mouth, how an ISP can handle spamcop reports. Most of the regulars who work for ISP's are server admins.

You might also be able to 'translate' for newcomers to spamcop. I think I have been around too long to see what is confusing, though when I first started, I was hopelessly confused.

Miss Betsy

Share this post


Link to post
Share on other sites
  I think I have been around too long  to see what is confusing, though when I first started, I was hopelessly confused.

Miss Betsy

24741[/snapback]

Yep, high time you changed that sig, Miss Betsy!

Share this post


Link to post
Share on other sites

My sig has a double meaning - one refers to my age and the other is that I still don't understand a great deal of the technical stuff. John 'educates' me all the time!

Miss Betsy

Share this post


Link to post
Share on other sites

Here's an excerpt from another post I made on this forum that might explain our process a little:

When we get complaints about spam messages originating from one of our customers' computers, we first send an email warning, advising them of the situation, and how to clean their computer... if we continue to get complaints, we temporarily suspend their service until they call in.  We then inform them of the issue on their computer (virus, open proxy, trojan, etc), and tell them they need to clean their computer and call us back.  We then reconnect their service once they say their computer is clean.  Most of the time, they don't actually fix the problem, however.  If we still continue to get complaints, we suspend their service for a week.  At this point, we generally recommend they reformat their computer(s), and install an antivirus program and firewall.  After the week is up, we reconnect their service.  If we still get complaints, we suspend their account for 1 month... and if, after the one month, we still get complaints, we terminate their internet services with us.

Share this post


Link to post
Share on other sites

Hi, thebassman -- glad you're here! :) <g>

Here's an excerpt from another post I made on this forum that might explain our process a little:

24750[/snapback]

...This seems a lot of work that could have been avoided by taking measures to ensure that all new and existing customers have a few simple bits of protection -- especially a personal firewall. I presume this is judged by your ISP company to be more expensive than being reactive. Are you able to speak to this without giving away proprietary information?

Share this post


Link to post
Share on other sites
Hi, thebassman -- glad you're here!  :) <g>...This seems a lot of work that could have been avoided by taking measures to ensure that all new and existing customers have a few simple bits of protection -- especially a personal firewall.  I presume this is judged by your ISP company to be more expensive than being reactive.  Are you able to speak to this without giving away proprietary information?

25813[/snapback]

We do offer access to a free firewall, as well as paid access to an antivirus program... but yeah, most people don't bother to set that stuff up themselves... that's the main problem. People just don't know how to protect themselves...

Share this post


Link to post
Share on other sites
<snip>

This seems a lot of work that could have been avoided by taking measures to ensure that all new and existing customers have a few simple bits of protection -- especially a personal firewall.  I presume this is judged by your ISP company to be more expensive than being reactive.  Are you able to speak to this without giving away proprietary information?

We do offer access to a free firewall, as well as paid access to an antivirus program... but yeah, most people don't bother to set that stuff up themselves... that's the main problem. People just don't know how to protect themselves...

25815[/snapback]

...Guess my question wasn't worded as I intended. My question is: why not force your customers to install the requisite products before being permitted full access to your service? Is it judged too costly to do that and/ or to check to insure they did it?

Share this post


Link to post
Share on other sites

Yeah, that would be considered too expensive, and beyond the scope of service an ISP should/could provide. In addition, it would leave the responsibility on the ISP to make sure people maintain their computers properly. While a lot of "anti-spammers" like to blame ISPs, and for sure a lot of ISPs need to take more responsibility in these matters, but ISPs can't control and monitor every customer's connection.

If 1 ISP were to force customers to have proper antivirus and firewall programs before they gave them access to the internet, the customers would view it as a money grab, and the competitors would jump all over it.

Share this post


Link to post
Share on other sites
If 1 ISP were to force customers to have proper antivirus and firewall programs before they gave them access to the internet, the customers would view it as a money grab, and the competitors would jump all over it.

Why would the customer think it is a money grab when there are both acceptable firewalls and antivirus programs for free? The ISP can give them a choice of vendors including the free ones.

And if ISPs were to use trade associations for advertising and educating, then they wouldn't have to worry so much about their competitors.

ISPs simply don't have the 'talent' to be able to communicate to their customers, IMHO. Witness the horrible spamcop communication. And if they leave it up to the marketing department, the marketing department won't do anything that doesn't feed the bottom line (and don't understand what the IT department is telling them about cost or vice versa).

Funny, isn't it that the ones in charge of email communication are so very bad at communicating?

Miss Betsy

Share this post


Link to post
Share on other sites
Why would the customer think it is a money grab when there are both acceptable firewalls and antivirus programs for free?  The ISP can give them a choice of vendors including the free ones.

Easier said than done. In addition to having to educate each new customer on installing and maintaining the programs, which would require to have a sales staff also trained as technical staff, but would also require the ISPs to provide support for these 3rd party products, as they would be "manditory" products for service. Broadband internet is barely a profitable business model at this point, and adding this to the mix would surely cost ISPs a lot more than it is worth, driving up the cost of broadband internet. Obviously, as a business, ISPs cannot impliment something along those lines. While it may help the fight against spam, it certainly wouldn't stop it, and it would be a horrible business decision.

While I agree there are a lot of ISPs that need to take more responsibility. The ISP that I work for deals with these spam reports quite well. I reported spam once from my own ISP, and within 24 hours, the offending connection was removed from our network until the customer could clean the computer. I know a lot of ISPs are not that efficient in dealling with spam, but it certainly helps.

I believe, as more and more spam is being reported, this will make more of a difference... the more and more spam reports sent and received will help motivate less-than-willing ISPs to take action. Trying to get businesses to take a loss to fight spam, however, is unreasonable.

Share this post


Link to post
Share on other sites
Trying to get businesses to take a loss to fight spam, however, is unreasonable.

I don't see why some customers have to buy (or spend time which equals money) anti-spam filters just because other customers don't have firewalls and anti-virus programs.

There is no reason why, with a good pr/advertising program, that an ISP couldn't insist that firewalls/anti-virus programs be installed. For instance, they could hike the prices for those who don't have them and lower the prices for those that do.

Miss Betsy

Share this post


Link to post
Share on other sites
Easier said than done.  In addition to having to educate each new customer on installing and maintaining the programs, which would require to have a sales staff also trained as technical staff, but would also require the ISPs to provide support for these 3rd party products, as they would be "manditory" products for service.  Broadband internet is barely a profitable business model at this point, and adding this to the mix would surely cost ISPs a lot more than it is worth, driving up the cost of broadband internet.  Obviously, as a business, ISPs cannot impliment something along those lines.  While it may help the fight against spam, it certainly wouldn't stop it, and it would be a horrible business decision.

While I agree there are a lot of ISPs that need to take more responsibility.  The ISP that I work for deals with these spam reports quite well.  I reported spam once from my own ISP, and within 24 hours, the offending connection was removed from our network until the customer could clean the computer.  I know a lot of ISPs are not that efficient in dealling with spam, but it certainly helps.

<snip>

25833[/snapback]

...Gotta admit, I don't fully understand. First, I find odd the argument that the ISP would have to support the 3rd part products (firewall, anti-virus, etc), because (1) the third-party vendors provide support and (2) AFAIK ISPs don't normally support other products "required" to make effective use of the service, such as the OS and web browsers. Second, if most of your users are ignorant and would require education and installation support, then I don't see how it would be more expensive to do it *before* they first connect to your service rather than *after* they are reported; conversely, if most of your customers already know they must protect their computers then they would not need the education and installation support. Further, it seems from postings to this forum that a number of people are explicitly looking for "white hat" ISPs / e-mail providers and so ISPs that provide such education and support might actually be at a competitive *advantage*, especially for those potential customers that they might most wish to have. That said, I defer to your knowledge of the market, since I am not in that business at all.

...Thanks for your cogent and patient explanations!

Share this post


Link to post
Share on other sites
I don't see why some customers have to buy (or spend time which equals money) anti-spam filters just because other customers don't have firewalls and anti-virus programs.

There is no reason why, with a good pr/advertising program, that an ISP couldn't insist that firewalls/anti-virus programs be installed.  For instance, they could hike the prices for those who don't have them and lower the prices for those that do.

Miss Betsy

25846[/snapback]

It's not a matter of being fair. It's a matter of business. Even with a marketing campaign and price discounts for those that "claim" to have proper security, it effectively still costs the company more money. Like I stated previously, it would involve training the sales staff in technical issues, as well as offering discounts to customers who "claim" to have proper security. As much as it would help, I don't believe it falls on the responcibility of the ISP to secure and maintain their customers' computers.

...Gotta admit, I don't fully understand.  First, I find odd the argument that the ISP would have to support the 3rd part products (firewall, anti-virus, etc), because (1) the third-party vendors provide support and (2) AFAIK ISPs don't normally support other products "required" to make effective use of the service, such as the OS and web browsers.  Second, if most of your users are ignorant and would require education and installation support, then I don't see how it would be more expensive to do it *before* they first connect to your service rather than *after* they are reported; conversely, if most of your customers already know they must protect their computers then they would not need the education and installation support.  Further, it seems from postings to this forum that a number of people are explicitly looking for "white hat" ISPs / e-mail providers and so ISPs that provide such education and support might actually be at a competitive *advantage*, especially for those potential customers that they might most wish to have. That said, I defer to your knowledge of the market, since I am not in that business at all.

...Thanks for your cogent and patient explanations!

25856[/snapback]

With regards to support of 3rd party products, if the ISP is enforcing the use of them, it would be a PR nightmare to not support them. In addition, the majority of the security software out there either has extremely expensive paid support, or pretty much no support at all.

As far as educating customers ahead of time, I believe that shouldn't fall on the laps of the ISPs. I think that's an unreasonable expectation. While, as a former technical support rep for the ISP that I currently work for, I would have loved to have all the customers educated in how their computer works and how to protect it, but unfortunatly, that's just not realistic.

While I can certainly understand your suggestions, I just can't see how realistically that can work in the present business model of providing internet service.

Share this post


Link to post
Share on other sites

Do you think that spam will ever cost ISPs more than it would cost to 'educate' their customers?

Miss Betsy

Share this post


Link to post
Share on other sites
Do you think that spam will ever cost ISPs more than it would cost to 'educate' their customers?

Miss Betsy

25875[/snapback]

It may, but it may not. I hope it never gets to that, and I'm sure ISPs are banking on the fact that personal computers will becoming increasingly more secured as more and mroe customers are educated on the importance of protecting their computers.

That being said, if it gets to the point where spam is costing more than it woudl to educate customers, ISPs would turn to education as a cost-saving business model.

Share this post


Link to post
Share on other sites
<snip>

Like I stated previously, it would involve training the sales staff in technical issues, as well as offering discounts to customers who "claim" to have proper security.

25874[/snapback]

...But your sales staff don't have detailed training in use of Microsoft and Apple OS, the many browsers in use, or the PC hardware that are effectively required to use your ISP, do they? Why should it be different for firewalls and antivirus software that are required to keep from overloading your servers with spam traffic and storage? Let your competitors absorb those costs! :) <g>
As much as it would help, I don't believe it falls on the responcibility of the ISP to secure and maintain their customers' computers.

25874[/snapback]

...Certainly not -- but it might be more costly to allow uneducated customers onto your network than to give them a bit of direction on how to acquire and install what these days are pretty inexpensive and painless protective software packages.
With regards to support of 3rd party products, if the ISP is enforcing the use of them, it would be a PR nightmare to not support them.

25874[/snapback]

...Again, I'm not seeing this. You require your customers to acquire and, if needed, find their own support sources for their PC hardware, OS and browsers, don't you? You require them to have their own storage systems so that they don't store all their executables and system files on your servers, I would imagine.
In addition, the majority of the security software out there either has extremely expensive paid support, or pretty much no support at all.

25874[/snapback]

...This assertion astounds me but I have no reason to doubt you. Although I can tell you that my experience with the personal firewall and antivirus software I've run for many years is that the lack of or expense of their support is of little importance, since they haven't required any support.
As far as educating customers ahead of time, I believe that shouldn't fall on the laps of the ISPs.  I think that's an unreasonable expectation.

25874[/snapback]

...You're already eductating your customers, just *after* they have been reported for being trojanned rather than before. If that's cheaper and better, fine ... I'm just wondering whether ISPs in general have given this as much thought as you apparently have before deciding it is not something they feel it appropriate to do.
While, as a former technical support rep for the ISP that I currently work for, I would have loved to have all the customers educated in how their computer works and how to protect it, but unfortunatly, that's just not realistic.

25874[/snapback]

...Rats. I have to defer to your judgment on this. Rats!

...Again, I appreciate your time and effort in answering my silly, naive questions.

Share this post


Link to post
Share on other sites
...But your sales staff don't have detailed training in use of Microsoft and Apple OS, the many browsers in use, or the PC hardware that are effectively required to use your ISP, do they?  Why should it be different for firewalls and antivirus software that are required to keep from overloading your servers with spam traffic and storage?  Let your competitors absorb those costs!  :) <g>...Certainly not -- but it might be more costly to allow uneducated customers onto your network than to give them a bit of direction on how to acquire and install what these days are pretty inexpensive and painless protective software packages....Again, I'm not seeing this.  You require your customers to acquire and, if needed, find their own support sources for their PC hardware, OS and browsers, don't you?  You require them to have their own storage systems so that they don't store all their executables and system files on your servers, I would imagine....This assertion astounds me but I have no reason to doubt you.  Although I can tell you that my experience with the personal firewall and antivirus software I've run for many years is that the lack of or expense of their support is of little importance, since they haven't required any support....You're already eductating your customers, just *after* they have been reported for being trojanned rather than before.  If that's cheaper and better, fine ... I'm just wondering whether ISPs in general have given this as much thought as you apparently have before deciding it is not something they feel it appropriate to do....Rats.  I have to defer to your judgment on this.  Rats!

...Again, I appreciate your time and effort in answering my silly, naive questions.

25880[/snapback]

D'oh! So many points. LOL. In general, I'd say the majority of ISPs are probably not as efficient or harsh on their customers when it comes to spam as we are, but I've only worked for 2 ISPs over my lifetime, so I can't comment on most of them.

Cost is obviously the big roadblock for dealing with this issue. However, I think a lack of hard numbers on the actual cost incurred by ISPs because of this problem comes into play as well. As an example, I reported a spam email I received from our own network last night, and by the time I was into work today, they were already suspended. A lot of ISPs charge their customers for the costs incurred by the suspension, while others just leave them on billing until their issue is resolved. Either way, I think most ISPs try to recoop a little bit of money from the offending customers. If ISPs were actually given hard numbers of the costs associated with the cost of dealing with spam, not only internally, but also the cost of the extra bandwidth and whatnot, it would help some bigger ISPs to "see the light" and take a more aggressive stance against it. One of the major problems is, however, that the majority of spam does not originate from within any individual ISP network. Most of the spam I personally receive originates overseas (kornet, chinanet, etc)... that still costs ISPs $, and there's not a lot they can do to stop it. Part of the apparent apathy on the part of ISPs is probably the futile outlook they have on actually "fixing" the problem.

A lot of UK ISPs, as well as Canadian and some US ISPs are re-introducing a bandwidth caps, and are even beginning to charge customers for bandwidth instead of speed... in the long run, that will further pass along the responsibility to the customer to keep their computers clean, so not to have to pay for the bandwidth being used by spam and spam-sending agents.

Back to support. Our sales staff has very limited technical knowledge and I assume that to be common across most ISPs. They have to ask some qualifying questions like OS, RAM, USB?, etc. When it comes to software, however, and educating customers on its' proper use would either require a conference or transfer to tech support, or to train the sales staff in such matters. Either way, it's looked on as to expensive. Of the 2 ISPs I've worked for, general internet connectivity & email funcationality are the 2 common threads of internet support. Some software is also supported, like Internet Explorer, Outlook Express, Outlook, etc. While we recommend and even resell antivirus programs, other than basic support is done by McAfee, Norton, etc.

But really what it boils down to is effectivness and cost. Even if an ISP forced every customer to have an uptodate antivirus, or even provided it for free, would that even insure that the majority of customers used it properly? No. The majority of people on the internet are idiots when it comes to computer security. Even people with up to date AV and firewalls get infected and have spam-agents on their computer. The other side is the cost associated with such a program, which would inevitably result in the loss of a good chunk of the customer base to competitors with a less strict policy. Only if all ISPs from any given region were to band together to impliment similar polcies and procedures, would something as cost impacting as the majority of these suggestions have been, be effecitive.

Share this post


Link to post
Share on other sites

I have always suspected that the reason that spam continues to be a problem is because of ISP policy.

I don't know how much it costs to offer spamassassin (or the equivalent) or to maintain whitelists and to pay for the bandwidth as opposed to using blocklists and educating customers, but it obviously is cheaper.

Also, IMHO, ISPs are too pessimistic about the ability to stop spam. They throw up their hands because they can't explain how email works to the end user or the sales department. The sales department and the end user, then, think that there is no way to control spam and that they, thus, have no responsibility for its continuance. (not to mention the idiots who design web pages and don't use published ways of avoiding getting email addresses harvested. You would think that they could have a clue. But that's the only reason I get spam now is because the web designers wouldn't listen. If consumers were only told the truth about the lack of service provided by both ISPs and web designers by the so-called journalists, there would be a lot of refund demanding and request for qualifications, etc. before buying.)

Or maybe we can blame Ma Bell for creating a monster communication that can't be explained - even Marilyn says she can't figure out a telephone bill - so that consumers are so used to the 'wizards' behind the curtains for communication that they too are pessimistic about being able to really /shop/ for service.

Miss Betsy

Share this post


Link to post
Share on other sites

I have run away from my local telephone monopoly, Verizon (formerly Bell Atlantic, New Jersey Bell, and AT&T), and now use VoIP (Voice Over Internet Protocol) service from myPhoneCompany with more features at about half the price.

Share this post


Link to post
Share on other sites
I have run away from my local telephone monopoly, Verizon (formerly Bell Atlantic, New Jersey Bell, and AT&T), and now use VoIP (Voice Over Internet Protocol) service from myPhoneCompany with more features at about half the price.

25897[/snapback]

...Saw a scary news item recently about a VOIP customer whose daughter was not able to call 911 to get help while her parents were being robbed and injured downstairs. The story also reported that even E-911 services offered by some VOIP providers get short shrift or ignored because they don't come into the emergency call center on the "regular" 911 lines. Do you have information from your VOIP provider about 911?

Share this post


Link to post
Share on other sites

They don't have 911 yet (see 911), but they're working on it, and I can almost always call 911 from my cell phone.

Share this post


Link to post
Share on other sites

When an ISP gets a complaint about a compromised computer, they should perform a scan and if it fails then quarantine that computer to immediately stop the spam/viruses from it.

The scan is needed to prevent GWF or GW spamfilter type reports from triggering a false positive, but it should only take one valid complaint for an ISP to take action. They may not get any more before they are in local and public blocking lists all over the internet.

Giving the user time to react allows too many viruses or spam to be sent, and spammers will target ISPs that delay taking action, as they know that they can get a specific amount of spam through those ISPs.

Also, on a broadand ISP, a compromized machine being used in a spam run or actively spewing viruses is enough in some areas to cause outages to hundreds if not thousands of customers because it is saturating a common link.

DSBL has a set of free open source tools that can be used to scan a machine, and at least one ISP has posted that they have set up a program on their abuse e-mail box to start the scan for a zombied machine.

From monitoring posts on my current broadband ISP's internal forum, at least two major U.S. ISPs will quicly put any virus or spam source in their local blocking lists, and that includes the mail servers of other ISPs. As they tend to block only one or two of the apparent 14 outgoing mail servers, it is hit or miss if a mail to those ISPs gets through, and it seems to take about 48 hours to get the blocks removed.

Also when the spamcop.net listing information was availalbe to the public, for a period of a couple of weeks, I was able to map every user complaint about extreme performance problems or outages to active zombie computers operating in their vicinity. Since I.P. addresses were obtained from news.admin.net-abuse.sightings, and then checked with spamcop.net reports, it all cases, it appeared that the ISP would have received the complaint identifying zombie computer's IP address for days before the users were complaining about the outages.

It appears that my broadband ISP no longer feels that warning periods are appropriate for owners of compromized machines, and about the time of that change in policy, the amount of user complaints about poor speed dropped considerably.

It is interesting that many broadband ISPs try to discorage their users from using hardware firewall routers when should be encouraging them.

But an ISP is really limited in requiring specific software to be installed. Many systems are not prone to viruses or malware, so there is no market for scanners for them, and what scanners are available may not be cheap. I can not find a free virus scanner for my computer in a ready to use binary format from a trusted source.

The most that an ISP can really do is to scan an IP to determine if it has ports that are typically used by malware open, or that they can relay through it. And most can not be continually running such a scan on their IP address.

An ISP could set up a system where a user could be automatically quarantined when a scan fails, and leave the user with access to download fixes, and also request a rescan where if they pass the quarantine would be removed automatically.

-John

Personal Opinion Only

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×