Stocks, Accounting, War and Treason

• The Internet boom came shortly after SpamShield's initial release, July 1997
• Y2K came, and passed, and nothing god'dam happened, other than a boatload of people making an even bigger boatload of money updating legacy systems from way-back-then, that they should have programmed correctly to begin with.
• Then, the Internet bubble/boom was followed by the dot-com bust.
• A bust that started sometimes around the time when a clueless & witless convicted drunk driver from Texas with a 25-year history of alcohol and drug-abuse, was declared President of the United States by the Supreme Court. A court that thought counting votes fast was more important than counting them right - and lifted a lying scumbag, insider-stock-dealing, unindicted team of felons into the Whitehouse. Slow to realize that they'd set a trend, the Supreme Court's principle of counting fast instead of counting right would soon become an ever-recurring theme of the "New Economy" : the beginning of the end of a bright and shiny future for the Internet - for now, at least.
  With campaigns of fear, uncertainty and doubt (FUD) that many will easily remember from the 1960's and 70's, this team of felons has already deprived the American people and the world of more freedoms, liberties and justice than Osama BinLaden can ever dream of depriving us in ten lifetimes. Welcome to the War on Everything ^TM
• Without a doubt, the bursting of the dot-com bubble has to be seen in this climate of treason, betrayal, accounting and stock-fraud. The Internet is now ruled by big business, with their clueless and witless lawyers, appearing as litigious scumbags that will sue anything in their way that even remotely threatens their existing business model - it's the American way after all, and the rest of the world tends to follow us like lemmings: down the road, against traffic in a one-way, or over and beyond the cliff with a 500 ft. drop: the direction doesn't matter. We always have the satisfaction of being first though.
• Large ISPs/NSPs caught in the dot-com death spiral of mounting debt, stock price drops of 98% and diminishing revenue and profits (what a dirty word!) are now writing pink (dirty) contracts with spammers - because if you're facing going Chapter 11, any revenue will do, no matter how dirty, and especially if you can charge 5-10 times the going rates for a T1, with your financially depressed upstream provider barely emitting a grunt. But dare the MPAA/RIAA finding an MP3 or DIVX file on your servers, no matter that it was actually a copy of what you legally bought, and the www-server copy was in unadvertized URL-space, just for your own use.
  
• In this climate, complaining to ISPs/NSPs as an individual has become useless: only massive complaints from diverse sources and threats of blackholing are keeping most providers at bay, forced to remove spammers, at least the ones not paying premium pink-contract rates. Reporting services like SpamCop.net, which we highly recommend, are the only viable amplification of individual's voices in the war on spam at this time.
• As the revolution progresses, it eats its children. And as we know, sometimes brilliant ideas of a given time mutate into something incredibly ugly and reactionary, using the ways and means once used only by the revolution's enemies. Which of course by no means diminishes the brilliance of the original idea itself.
• Vixie's original BGP and DNS-based RBL has not just mutated into a not-for-profit corporation, but his original idea spurred a large variety of different blackhole lists, now commonly called DNSBLs: DNS-based blocking lists. They don't do any blocking on their own (only Vixie's BGP4-based feeds of the RBL did this) , but they are directory services, listing portions of the Internet's address space (and some list domain names as well). They list hosts and networks by any criteria human creativity has brought about: from Spamhauses over lists describing networks belonging to individual ISPs/NSPs, down to lists that describe countries : it's all there. Sysadmins can do garden-variety shopping for lists that fit their (and their corporation's) state of mind and general consensus, and then proceed to deny service (and not just SMTP/email service) for entities appearing on such lists.
• SMTP mail relays are no longer open by default: Not Sendmail anyway, but it's still easy to screw up and accidentially open a server for relaying. A large number of open mail servers remain on the Internet, as the statistics section at ORDB.org will tell you. There is the general feeling that lots of these machines have been abandoned in a corner under a desk somewhere, their owners don't care, their SAs have been downsized, and their corporate overlords most certainly don't care about the security threats emanating from them, or their impact on other systems in the world. Until the evil scumbag lawyers working for their competitors that got cracked through these machines find out, that is.
• open SMTP relays (or the information about their existence) are traded on a black market, with prices ranging somewhere from $5 for a junk IP on a slow satellite link that is listed on 5 DNSBL's, up to $100 for one not-yet exploited IP of a mail server sitting on a quiet T1 of a dot-com in chapter 11 with "noone home". Needless to say honesty and business model of such "open relay suppliers/traders" seems to intersect greatly with that of professional carders, e.g.: hard-core credit card thieves and traders. Nothing like selling the same damn cardz to 5 suckers simultaneously and making profits that would make Enron blush and feel embarassed about their "corporate restraint" in the California energy market. Meanwhile, the useless fucks at the FBI, busily building Ashcroft's new police state, are busy busting people downloading MP3s and DVD-rips in their dorm rooms: Political priorities. And a text book example how Jack Valenti's (or Hilary Rosens') hush money can grease the wheels of power and set their priorities as straight as their agenda.

New threats

• Since about 2000, website hosters find spammers uploading CGI programs like Merlin Pro (see explanation at Spamhaus.org), that then turn their high-bandwidth-connected machines into a spam factory with an output somewhere north of a million mails an hour. Most of them woke up to this fairly quickly, filtering their web-hosting machines' outgoing SMTP traffic properly, channelling it through their own mail servers, where it could be controlled with programs like SpamShield ^TM. It nevertheless brought about the need for DNSBLs that were relying on more than just SMTP open-relay testing.
• Sometimes in 2001, open proxy servers of every kind (SOCKS, Squid) became popular with spammers: no DNSBLs were covering them, they were easy to exploit, and there were (and continue to be) more of them than open relays, most of which had finally found their ways into DNSBLs and were starting to become useless to them.
• A large number of so-called "permission-based" marketers began to appear sometimes after 1999. They come in all shapes and forms now, with most of them managing their client's mailing lists extremely poorly: some of them are still "single-opt-in" lists, easily abused with a a Perl script and the open proxy server of a Korean middle school: keep running that "Millionz" CD against the sign-up form on their website again, bro! "Permission-based" is already a muddied term: most if not all of them do "affiliate marketing" : e.g.: taking the email addresses obtained from a list owner (with his consent, and paying him), and using them for a "related" mail campaign. Nevermind that consent cannot be sold, and signing up for "Florida Redneck News" should not get you spam, err.: mail from NASCAR. Some of these marketers are not taking SMTP "550 Go away, no trespassing" lines for an answer, continue to email defunct and never-existing accounts indefinitely into the future - or at least trying to: this kind of trespassing scum even has a name now: "Nadine"-spam. Or in other words: "This list is 87% permission-based, contents may have settled during shipment". Thieves, trespassers or simply SPAMMING CRACKWHORES are probably the best words to describe these "operations" that only do one thing with complaints received: list-washing the lists in question, by removing complainers, but keeping the other 10-90% involuntary members.
• MAILTO: HTML tags have become big "take me" signs for spammers, running spiders scraping the world-wide-web 24hrs/7days for email addresses to steal and compile into their "Millionz" lists. Basically, the idea of having a working MAILTO: link on a webpage is not just a bad idea, it has become a thing of the past. Illegal web-scraping (violating websites' terms and conditions that generally permit viewing, but no further use of the data displayed) has largely replaced and dwarfed stealing email addresses from Usenet - who's denizens saw the light a lot earlier (about 1998) and began to obscure their email addresses in any form imaginable, to derail Usenet email-address-scrapers. Then came Web poisoning, which remains a great way of putting sand into the grinding wheels of the spam mills. Some websites now have time-expiring, CGI-generated email addresses, real ones, used to contact real people, with encoded IP and time/date-stamps of the attacking spider/scraper: addresses that tend to expire within days, and are subsequently usable as spamtraps. Sites like Mailmoat and Mailexpire (currently out of service) that manage "expiring" email addresses for users are beginning to fill a great need.
• SMTP-cracking, or "SMTP dictionary attacks" came to light in the popular press (in the form of a USA Today article, as far as we are aware) around 1999: the process of illegally breaking and entering into ISPs and company's mail servers via the SMTP mail service (and running RCPT TO:, EXPN or VRFY commands against a pre-generated list of usernames found by first+lastname of users on Usenet, and from addresses scraped/stolen from Usenet and the WWW). It involves trying to uncover every account and email address on a system by means of "trial and error". Given that virtually all computer systems are keeping their list of users confidential, this is nothing short of illegal cracking, with the intent to obtain one part (of two) of a telecommunications access device (TAD) as defined by federal law: an account name and a password make up a TAD. Needless to say that SMTP dictionary attacks can use up an extreme amount of resources: we have seen attacks against DS-3 (45Mbps)-connected servers at a rate of up to 2000 addresses per SECOND. Soon after, the thus stolen addresses appear on "Millionz of verified email addresses!" CDs, abused for further acts of illegal trespassing by either spam or a POP3 password-cracking attack. Thankfully, there is defenses for this kinda of scanning as well: tarpitting the attacking servers, by intentionally slowing down responses. A demonstration patch for the obsolete Sendmail 8.9.0 is here, it's known to work up to at least Sendmail 8.9.3.
  In brazing acts, probably subjecting themselves to legal firepower greater than their own, some spammers have gone as far as starting dictionary attacks against the mail servers of public corporations, trying endless permutations of the corporation's officers' names as listed in SEC disclosure documents, to crack and get to these corporation's "decision makers" : what's John Sidgemore's email address worth, anyway?