Jump to content
Sign in to follow this  
hadaso

IBM tool to spam us with "Challenge messages"

Recommended Posts

FairUCE is the name of free (as in beer) software from IBM that they think would "get back at spammers". I think otherwise.

Read about it on Cnet here: http://news.com.com/2100-7349-5629998.html?tag=yt

Read its description on IBM's site here: http://www.alphaworks.ibm.com/tech/fairuce

What it seems to do is try to determine a relation between the envelope-from address and the sending SMTP client's IP. If it cannot determine a match it sends a "Challenge/response" message! You get it? first they make sure it's a Joe job. Then they pester the victim with a "Challenge"!

What they seem to think their system would be able to do is, when a constant source of spam is determined, overload the sender with email they would send to the sender's server. What I understand from this is that they would try to connect to the sending IP address hoping to find an SMTP server listening on port 25 that would then stop sending too much spam because it would have too much load from incoming mail. That's what I understand from their description (I hope they don't mean that once they identify the same forged envelope-from address on many spam messages they would mailbomb the poor JOe Job's victim with their challenges...) Of course there is one "small" wrong assumption, here, and that is that where there's an SMTP client, there's an SMTP server (and that their loads are somehow related). A zombie PC would certainly not listen on port 25 for incoming traffic! In fact, a spammer can sit safely behind a firewall and operate an SMAP client spamming the whole world while you cannot even ping his machine!

Perhaps IBM should hire other programmers?

Share this post


Link to post
Share on other sites

I like most of DavidTC's response so well that I'm reproducing it here without the profanity:

Do I call accept-and-bounce wrong? YOU BET I DO. That's been rude behavior for years, and at this point it's unacceptable unless you have a really good reason, and it's completely unacceptable for simple things like users not existing. (As opposed to, say, quota running out, which is hard to check before accepting the mail.)

See, this is what I mean about C/R advocates not knowing anything about email? Bounces have been causing huge problems for years, and it finally got to the point people either get them under control or the mail system would collapse. Something had to be done.

AND IT WAS. Software that couldn't reject invalid usernames in real time was dropped. Stupid mail configurations that had relay MXs that didn't know what user existed were changed, both by removing them, or running software that could either keep a list up to sync, or by the simple process of connecting immediately to the primary MX and checking.

They're basically under control. All the big boys stopped. All the major software changed. We keep have stupid anti-virus scanners that keep popping up, but at least MTAs aren't doing it anymore, and we *THWAP* anti-virus venders that sell software the bounce viruses.

It took us TEN YEARS to convince people that bouncing on invalid users would not be tolerated, we don't care if their crusty old MTA couldn't be fixed. Running a MTA that normally bounces mail to invalid users is as acceptable as walking a bookstore covered in mud. It happens, and if you do it, it's a good way to end up on your own intranet if a spammer hits your boxes, unable to reach anyone for a while.

And now here come some morons with a system that has misdirected 'bounces' as a f***ing feature. It's not a feature. It's a problem of the mail system!

Share this post


Link to post
Share on other sites

I like most of DavidTC's response so well that I'm reproducing it here without the profanity:

Do I call accept-and-bounce wrong? YOU BET I DO. That's been rude behavior for years, and at this point it's unacceptable unless you have a really good reason, and it's completely unacceptable for simple things like users not existing. (As opposed to, say, quota running out, which is hard to check before accepting the mail.)

See, this is what I mean about C/R advocates not knowing anything about email? Bounces have been causing huge problems for years, and it finally got to the point people either get them under control or the mail system would collapse. Something had to be done.

AND IT WAS. Software that couldn't reject invalid usernames in real time was dropped. Stupid mail configurations that had relay MXs that didn't know what user existed were changed, both by removing them, or running software that could either keep a list up to sync, or by the simple process of connecting immediately to the primary MX and checking.

They're basically under control. All the big boys stopped. All the major software changed. We keep have stupid anti-virus scanners that keep popping up, but at least MTAs aren't doing it anymore, and we *THWAP* anti-virus venders that sell software the bounce viruses.

It took us TEN YEARS to convince people that bouncing on invalid users would not be tolerated, we don't care if their crusty old MTA couldn't be fixed. Running a MTA that normally bounces mail to invalid users is as acceptable as walking a bookstore covered in mud. It happens, and if you do it, it's a good way to end up on your own intranet if a spammer hits your boxes, unable to reach anyone for a while.

And now here come some morons with a system that has misdirected 'bounces' as a f***ing feature. It's not a feature. It's a problem of the mail system!

Share this post


Link to post
Share on other sites

Well, it seems that Cnet got the "getting back on spammers" wrong. It's just a C/R system that tries first to authenticate the sender using DNS data, and then, if quite sure the sender's domain doesn't relate to the sender's IP address, then it sends a chalenge. In other words, if it's highly probable that the address is forged, it is sent a challenge, so whenever your address is forged on spam, in addition to the usual bounces, you're also going to get "Challenges" from lots of people you don't know.

Share this post


Link to post
Share on other sites

...When someone figures out the proper authority/ies to whom we should direct complaints about this, please let me know!!!!

Share this post


Link to post
Share on other sites

I would hate it, if everyone used that system.

Out of my 4 e-mail addresses, there's not one that has a relationship between me and my isp. I'd have to be on everyone in the worlds white list or I get to send no mail. blah.

Edited by shmengie

Share this post


Link to post
Share on other sites

How will Spamcop handle the reports when the false bounces and misdirected C/R's start pouring in? Will they be accepted?

Share this post


Link to post
Share on other sites

I don't submit many misdirected bounces for reporting, but I don't recall having a problem with the Parser rejecting one recently.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×