In a move that threatens to shortly involve diplomats at the Federal level in many countries, network adminstrators across all of North America, South America and Europe have begun to block all traffic from Asian countries, with special emphasis on China, Korea and Malaysia. Malaysia has been previously subjected to countrywide blocks on the ICQ network (1999 and 2000). The reason for this unprecedented move is a torrent of spam using the thousands of unsecured mailservers in those countries. Estimates place this flood of UCE (Unsolicted Commercial E.Mail) and UBE (Unsolicited Bulk E.Mail) in excess of 30 million pieces per day, nearly 40% of all E.Mail traffic. A spam run from China crashed several large US East ISP's (including parts of AOL) several weeks ago. The networks crashed took several days to purge their systems of the spam. Similarly, a Korean spam run crashed the official Olympic mailservers for the Utah Winter Games the first day of the games. Olympic officials simply unplugged the server and installed a fresh one, but little E.Mail was handled correctly by them during that first day. Spam runs frequently involve milions of pieces, more than enough to crash even a stable and robust system.
The origins of why spammers frequent Asian servers is murky, but likely reasons are that many Asian ISP's do not believe spam is a serious problem, they view it as nothing more than an electronic business card. In addition, many Asian mailservers (especially those in China) are set up in the older (now defective) "router" pattern. This allows anyone to connect and send unlimited mail. Spammers need this as most legitimate ISP's would cancel their account over this. Most servers in North America, South America and Europe are set up so that only authenticated members can logon and send mail.
For those of you new to the spam problem (and why Asia must be stopped immediately if the 'Net is to survive - it has nearly half the Earth's population, so making spam OK would be lethal), this analogy about spam and telemarketing should be helpful:
Say I decide I want to sell something, so I get on the phone and start randomly dialing numbers and tell people about my exciting new product. Ok, I think that is currently a problem, but at least the person getting the call can tell me to take them off the list and if I call back they can take me to court and get money from me.
So, I realize, I'm only one person and I'm getting tired of dialing numbers and getting wrong numbers and getting hung up on, so I invent a machine to dial random numbers and say my message when the phone is answered. But I still realize, I only have one phone line and I can only make one call at a time. Also, if the machine [by accident] dials 911 and leaves this message with them, police show up at my door and I have to explain myself. Also, there are only so many numbers in my area code, I don't really want to pay long distance charges for calls to other area codes.
My next brilliant idea, I break into my neighbor's house and hook up my machine there. Now I have two lines and long distance is no problem. Better yet, I hook up my machine at his phone box so that he doesn't know it is in his house. He can't figure out why his phone seems to be busy all the time and why his long distance charges went way up and why people are hitting *69 and cursing him out for calling them.
So, next I go up and down my street and if anybody leaves their door unlocked, I guess they are just asking for it, so I go into their houses and hook up machines there. I didn't do a very good job programming my machine, so they call the same number a lot sometimes or get a whole lot of wrong numbers. Sometimes they [by accident] dial 911, but I'm not answering the phone there, so what do I care. Besides, I'm calling 911 in some other town, so if I have a heart attack, I'll be fine. As I have more and more machines calling, the area code that I have targeted finds their home phones less and less useful because they keep getting calls with my message.
Even better, what if my message tells about this cool machine I invented to call lots of people and leave messages with them and how to break into other people's houses and hook up their machine there and I'll send them all this information and some lists of phone numbers if they send me some money. Other people will probably use this to send obscene messages that will likely get to children, but what the hell, that's freedom of speech and free enterprise, isn't it?
Spam must die.
Kerry (used with permission)
A raging debate is ongoing on many spam control BBS. Arguments fall into two loose camps: 1) those who approve of this countrywide (culturewide) blocking until these countries force their ISP's to comply; and 2) apologists who believe that these countries are unable to comply as their ISP administrators speak little (and read less) English. English is the defacto language of the 'Net and the one in which most manuals are currently written (French and Japanese are usually available also). Both sides make compelling statements. For our part here at Pacoima Ranch, we've already instituted country-specific blocking as the sheer volume of Asian spam had started to overwhelm our servers in mid 2001. Not once (since 1994) have we have ever received any real mail from any Asian country - all such E.Mail traffic has been spam. We also block all known spammers, spam-friendly ISP's, and use pattern-matching software to selectively block individual spam. Our position is similar to #1 above. We value our servers, like to keep them as free and fast as possible, and have no qualms about keeping spam thieves out.
Those supporting #2 above feel that since spam is largely a North American problem (more than half of all spam is for US products and US companies), that the better route is to begin translating mailserver manuals into the languages of the countries affected (at a minimum, Chinese, Korean and Malaysian). While this approach is noble and will surely help where the server is a school, university or business, it ignores the serious problem of Asian ISP's who do not care about the spam problem. The largest Chinese ISP's routinely answer all spam complaints with autoresponders that tell the complainer that the spam is from another system, not theirs, even when the spam can be proven to be from them. There is yet to be proven any pink-contract connection, but many spam hunters believe one exists. "Pink Contract" refers to the now infamous case of ATT in which it was proven that ATT had given a spammer special permission to spam (for an extra monthly amount), and the pink part of the contract came into a spam hunter's hands. He scanned it and uploaded it to the 'Net and ATT was forced to temporarily clean up their rather spamhappy service. We currently block ATT as we've yet to see any proof that they aren't still spamhappy, and our previous attempts to get spammers on their system to stop were met with lies by ATT mailserver administrators.
As with any 'Net controversy, all involved hope that simply blocking the offender until they comply will be sufficient to move the offending ISP's to action. Only time will tell. It would be a true shame if Asia were to become the largest intranet.
|
|
