![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
-
Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.
ISP Email Filtering?
- Thread starter Rich Tate
- Start date
As somebody who used to work as a helpdesk agent with multiple ISPs (before they all eventually offshored my job to the far side of the planet) I would definitly say that ISP based email spam/virus filtering is more then a good idea - it's necessary. The amount of spam that customers would recieve every day is staggering, and when they activated the antispam feature on their accounts it would be reduced dramatically. It's also relativly a low maintance thing to implament as well, most of the ISPs that I did work for used Brightmail so they didn't have to mess with filtering/management in-house. You just install it with your mail gateways, configure it and your good to go.
The only thing that conserns me is when ISPs don't give customers the option of disabling that protection. I like having the OPTION of using this but the last thing I want is to have this forced opon me, I've been playing with the internet since I was in Jr. H.S. and the last thing I need is a babysitter.
The only thing that conserns me is when ISPs don't give customers the option of disabling that protection. I like having the OPTION of using this but the last thing I want is to have this forced opon me, I've been playing with the internet since I was in Jr. H.S. and the last thing I need is a babysitter.
Gorankar
[H]F Junkie
- Joined
- Jul 19, 2000
- Messages
- 11,271
First, let me say this.. I DO NOT think that it is my isp's responsibility to filter my mail.. It's my computer, my responsibility, there is plenty of software available for me to do it myself.. Most of it works without you having to do much of anything at all except installing it and letting it update itself when needed..
That said,
I would not mind if they did a simple malware and virus scan of my incoming mail.... Anything more than that would be, "getting in my bussiness"..
Spam is different matter.. I prefer to filter it myself.. I'll decide what I want to look at, and what I want to delete..
That said,
I would not mind if they did a simple malware and virus scan of my incoming mail.... Anything more than that would be, "getting in my bussiness"..
Spam is different matter.. I prefer to filter it myself.. I'll decide what I want to look at, and what I want to delete..
It should not be mandatory that an ISP filter e-mail, but a smart ISP will offer it as a value-added feature their customers can request or enable at will. I think it's in the ISP's best interest to offer this since it sets them apart from other ISPs and gives the end user a reason to pick them over the competition.
Basically I think the market should control this. DON'T legislate it for god's sake!
Basically I think the market should control this. DON'T legislate it for god's sake!
TomL took the words out of my mouth. As we can see in this thread already we have two strong opinions, and consumers should be able to decide which type of provider they go with.
Clearly, with many ISP's already bundling anti-virus service, Spam/Virus filtering and other services to protect users from malicious behavior, there is a demand for it. This generation of Internet consumers is about as saavy (on a whole) as they are going to get, and will not bother with researching and configuring the latest spam fighting tools.
I think the article's legal concerns can be better voiced this way: If an ISP is now protecting you from a virus, and you get a nasty one that results in $XXX in damages, is the ISP responsible for not protecting you properly? ISP's have long divorced themselves from content of "The internet" which can include some very illegal or objectionable things, but I don't know of anyone who has escaped the "Enlarge your <appropriate body part>!" email.
Maybe if we made spamming, phishing, virus writing, etc as difficult to get away with and as punishable as other crimes, this problem would take care of itself. A spam campaign can cost an ISP thousands, which is exactly like a spammer stealing that money from the ISP, and therefore the consumer. I get spam in my mailboxes every day, but my car (maybe not worth "Thousands" but the idea is the same ) has never been stolen once. Clearly we have a difference here in enforcement and punishment.
Basically, I think we're trying to solve a symptom, not fix the problem. Fixing the problem would be: Spammers always get caught and pay big time for their crimes. If we place more burden on the victim (the consumer/ISP) then we're essentially saying "Ok spammers, do your worst and we'll continue to pay for it."
-MC
Clearly, with many ISP's already bundling anti-virus service, Spam/Virus filtering and other services to protect users from malicious behavior, there is a demand for it. This generation of Internet consumers is about as saavy (on a whole) as they are going to get, and will not bother with researching and configuring the latest spam fighting tools.
I think the article's legal concerns can be better voiced this way: If an ISP is now protecting you from a virus, and you get a nasty one that results in $XXX in damages, is the ISP responsible for not protecting you properly? ISP's have long divorced themselves from content of "The internet" which can include some very illegal or objectionable things, but I don't know of anyone who has escaped the "Enlarge your <appropriate body part>!" email.
Maybe if we made spamming, phishing, virus writing, etc as difficult to get away with and as punishable as other crimes, this problem would take care of itself. A spam campaign can cost an ISP thousands, which is exactly like a spammer stealing that money from the ISP, and therefore the consumer. I get spam in my mailboxes every day, but my car (maybe not worth "Thousands" but the idea is the same
) has never been stolen once. Clearly we have a difference here in enforcement and punishment.Basically, I think we're trying to solve a symptom, not fix the problem. Fixing the problem would be: Spammers always get caught and pay big time for their crimes. If we place more burden on the victim (the consumer/ISP) then we're essentially saying "Ok spammers, do your worst and we'll continue to pay for it."
-MC
Gorankar
[H]F Junkie
- Joined
- Jul 19, 2000
- Messages
- 11,271
Might want to change this to a poll
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
Antivirus scanning should be mandatory without the option to turn it off.
Spam filtering should be optional.
Spam filtering should be optional.
[H]EMI_426
2[H]4U
- Joined
- Feb 19, 2001
- Messages
- 3,965
I work(ed, Friday was my last day, yay) for a company that did virus-filtering and spam-tagging for the employees. I also provide similar services for users that have e-mail accounts through my personal domain. In my opinion, filtering viruses is quite fine and should be encouraged, but actually dropping spam messages should not be done at the ISP level. However, tagging spam e-mails is quite fine and is something I do for my users. If they decide to use the tags I provide, great. However, they can also decide to do their own tagging/filtering if they like. The decision should be left to the user in regards to whether or not things that have a certain chance of being spam should be filtered out.
I decided to push the filtering decision out to the users cause I as the e-mail provider did not want to be responsible for losing someone's false-positive e-mail. I generally advocate the users stick all e-mails tagged as spam or that have a certain percentage chance of being spam in a separate mailbox and occasionally search that mailbox for addresses they may receive mail from or the like. If the user repeatedly receives legitimate e-mail from a user that consistently ends up in their spam mailbox, that user should consider adding the sending address to their mail client's whitelist (or procmail's whitelist, as in my case).
In no way do I think either virus-filtering or spam-tagging should be legislated. However, it's common sense. Don't legislate common sense.
I decided to push the filtering decision out to the users cause I as the e-mail provider did not want to be responsible for losing someone's false-positive e-mail. I generally advocate the users stick all e-mails tagged as spam or that have a certain percentage chance of being spam in a separate mailbox and occasionally search that mailbox for addresses they may receive mail from or the like. If the user repeatedly receives legitimate e-mail from a user that consistently ends up in their spam mailbox, that user should consider adding the sending address to their mail client's whitelist (or procmail's whitelist, as in my case).
In no way do I think either virus-filtering or spam-tagging should be legislated. However, it's common sense. Don't legislate common sense.
Zyzzyva100
[H]ard|Gawd
- Joined
- Feb 26, 2001
- Messages
- 1,204
Well its not my isp, but my primary email that I use is through my university, and there is server side spam filtering. You can choose to turn it on or off, but I have always had it on. They just upgraded it too, and it works a lot better. With the adaptive junk mail control in thunderbird turned on, and about a week of me helping it along, it removed about 99% of my spam.
I really like this, because I was getting sick of having to mark junk by hand. Granted, every once in a while something that shouldn't be marked junk is marked junk, but in every case this has been the sender's fault (ie. when a TA will send out mass mailings to a supressed list and forget to put in a subject). There are server side white lists, so I just list my university domain as safe, and have added a few other things in thunderbird.
Now granted my situation isn't exactly representative of the real world, but if I had an actual isp that did this, I would be thrilled. Its so not to see junk show up in your inbox anymore. (we also have server side virus filtering and all kinds of other fun stuff care of the SUN email system we use)
Edit: Let me clarify what I said. Our servers score the email with headers that thunderbird and outlook can use to determine if something is junk. With the exception of virus emails (and blacklisted domains), everything still makes it through. Normal spam isn't completely filtered out on the server side.
I really like this, because I was getting sick of having to mark junk by hand. Granted, every once in a while something that shouldn't be marked junk is marked junk, but in every case this has been the sender's fault (ie. when a TA will send out mass mailings to a supressed list and forget to put in a subject). There are server side white lists, so I just list my university domain as safe, and have added a few other things in thunderbird.
Now granted my situation isn't exactly representative of the real world, but if I had an actual isp that did this, I would be thrilled. Its so not to see junk show up in your inbox anymore. (we also have server side virus filtering and all kinds of other fun stuff care of the SUN email system we use)
Edit: Let me clarify what I said. Our servers score the email with headers that thunderbird and outlook can use to determine if something is junk. With the exception of virus emails (and blacklisted domains), everything still makes it through. Normal spam isn't completely filtered out on the server side.
My ISP already does filter spam and had been doing so for the past year-and-a-half or so. It's incredibly helpful as I used to get some 40 or 50 spam emails a day, and now it's down to one or two at the most and Thunderbird catches the rest.
They have a web-based interface to control various aspects such as the sensitivity, as well as a listing of around 50 megs of quarantine space for problem emails should I wish to review and/or save them.
They used to charge a small monthly fee for those wanting this service, but a few months later they first implemented it they made it free.
I really can't imagine having an email account without this feature. I'm certain I'd get 100 spam or more per day now, and be driven to the asylum!
They have a web-based interface to control various aspects such as the sensitivity, as well as a listing of around 50 megs of quarantine space for problem emails should I wish to review and/or save them.
They used to charge a small monthly fee for those wanting this service, but a few months later they first implemented it they made it free.
I really can't imagine having an email account without this feature. I'm certain I'd get 100 spam or more per day now, and be driven to the asylum!
No ISP should not filter. That's a road that I don't even want to start walking down. Let me decide what's good/bad and deal with it accordingly.
I don't need "the man" to help me decide what e-mails I want to see and which ones I don't.
I don't need "the man" to help me decide what e-mails I want to see and which ones I don't.
From what I've been reading, there are three entities that can read your email:
1. An individual directly associated with the message, either sender or receiver.
2. An employer, where the monitoring is done in the ordinary course of business
3. The provider of the communication media
I think that ISP's fall into that third category. Therefore, ISP's can (technically) monitor your email so long as it goes over their lines and through their equipment. Now, I doubt they spend time and money with something like that. The same is true of the filtering. No one has to read the email to apply a filter. I can't imagine that the large providers would actually spend time reading individual mails in order to do the filtering. But the point is that they already can, and email filtering does not change that.
That said, I feel that as long as the filtering is optional, there is no problem. Like most of you, I need no babysitter. But many people do want one, and that should be okay.
1. An individual directly associated with the message, either sender or receiver.
2. An employer, where the monitoring is done in the ordinary course of business
3. The provider of the communication media
I think that ISP's fall into that third category. Therefore, ISP's can (technically) monitor your email so long as it goes over their lines and through their equipment. Now, I doubt they spend time and money with something like that. The same is true of the filtering. No one has to read the email to apply a filter. I can't imagine that the large providers would actually spend time reading individual mails in order to do the filtering. But the point is that they already can, and email filtering does not change that.
That said, I feel that as long as the filtering is optional, there is no problem. Like most of you, I need no babysitter. But many people do want one, and that should be okay.
I hope that ISPs realize that the day they start looking at their customers e-mail is the day that they are liable for some people's file-sharing activities; it would be the equivalent of the USPS looking at my mail. If I end up getting an Anthrax letter, it would be the USPS' fault for not catching that. Also, they would be liable for allowing people to send mail-bombs etc.
I, for one, hope that ISPs do not start filtering/ looking at my mail. In the end, I am a strong proponent of net-neutrality, which I am just writing a paper about for my policy class.
I, for one, hope that ISPs do not start filtering/ looking at my mail. In the end, I am a strong proponent of net-neutrality, which I am just writing a paper about for my policy class.
I have been saying something of this nature for years, only a bit more extreme. My idea has always been to offer severely restricted services ( virus/spam/phishing scanned emails + port blocking *most* ports. Basically only allow web and a few of the more needed traffic through ) as default to your customers, but be willing to open and turn things off for them if they requested it.TomL said:
So were I to sign up for this theoretical ISP, I'd simply call up and say I would like the port filters/blocks turned off, and not to scan my email ( if I let them handle it, which I wouldn't, but for the sake of argument ). A normal customer, like my mother, would get restricted services. And she'd never notice the difference.
I think antivirus scanning of e-mail should be a standard feature among ISP's. There are tons of options out there; many can be done on the cheap (i.e., ClamAV).
As for spam, that's getting into murky waters. I personally think blocking it should either be an option heavily touted to users (most novice to intermediate users will jump at it) as a standard feature, with the ability to turn it off on request, with possibly a middle ground option that redirects all of a user's suspected spam into a junk mail folder (much like Thunderbird users have, though in this case, this assumes a user is using webmail). ISP's know that stopping spam reduces traffic and can be a bonus. It also eliminates even the text of a lot of virus-stripped e-mails, which is a good thing. If you're anything like me, you get a ton of users several times a year when the latest spammed virus e-mail comes out who call you up, scared that the FBI or CIA is accusing them of viewing kiddie pr0n (as I so kindly explain to them, the government would not be nearly so kind as to send them a polite e-mail if they thought this to be the case). Stripping these types of e-mails, as well as those for at least the obvious stuff (Fr33 Vi8GrA!!! H0t St0ck T|P!!! etc.) and mail that meets certain types of criteria (original source appears to be hidden, heavily relayed stuff, etc.) would go a long way. If a user wishes to opt-out, they should be able to request it.
Final point --I think that all ISP's need to close holes, like allowing SMTP relays, and I think that blocking port 25 (with an option for a user to call in and opt out, of course) is just fine. Some of us who know what we're doing need these services, and they should be available on request, but they stop Joe SixPack's virus-infected zombie-spambot system from sending a thousand bits of junk a day to the rest of us. If it needs to be open, you and I know how to ask for it, for those that don't know how to ask, it's pretty obvious that they DON'T need it.
As for spam, that's getting into murky waters. I personally think blocking it should either be an option heavily touted to users (most novice to intermediate users will jump at it) as a standard feature, with the ability to turn it off on request, with possibly a middle ground option that redirects all of a user's suspected spam into a junk mail folder (much like Thunderbird users have, though in this case, this assumes a user is using webmail). ISP's know that stopping spam reduces traffic and can be a bonus. It also eliminates even the text of a lot of virus-stripped e-mails, which is a good thing. If you're anything like me, you get a ton of users several times a year when the latest spammed virus e-mail comes out who call you up, scared that the FBI or CIA is accusing them of viewing kiddie pr0n (as I so kindly explain to them, the government would not be nearly so kind as to send them a polite e-mail if they thought this to be the case). Stripping these types of e-mails, as well as those for at least the obvious stuff (Fr33 Vi8GrA!!! H0t St0ck T|P!!! etc.) and mail that meets certain types of criteria (original source appears to be hidden, heavily relayed stuff, etc.) would go a long way. If a user wishes to opt-out, they should be able to request it.
Final point --I think that all ISP's need to close holes, like allowing SMTP relays, and I think that blocking port 25 (with an option for a user to call in and opt out, of course) is just fine. Some of us who know what we're doing need these services, and they should be available on request, but they stop Joe SixPack's virus-infected zombie-spambot system from sending a thousand bits of junk a day to the rest of us. If it needs to be open, you and I know how to ask for it, for those that don't know how to ask, it's pretty obvious that they DON'T need it.
I work tech support at an isp, and while I do agree on some points, I'd have to disagree with others.
The first issue of non-user controlled blacklisting/antispam software/etc is that most of all our spam *is* coming from legitimate IP blocks. If you blacklist an IP block from, say bellsouth, you'd end up getting dozens of calls from customers who say their friend/relative/etc are getting bounce backs. Global blacklist/white list will not work. Like someone stated before, what's spam is different from person to person. But what about whitelisting the IP blocks from, say bellsouth, again? We'd be back at step one before we created a blacklist.
I agree that a centralized server is a big no-no. Others have good points on this already.
I agree that educating people is a good option. The only problem is that you're educating *people*. If education was that easy, our schools would be so much better, and the general people would be so much smarter. Some people just don't want to learn.
I agree that legislation is not an option. Laws would be ineffective. It would just make people feel better without helping much, and in fact, it could actually hinder email and progress more than it helps. You can't legislate something like this. It's like banning the sale of violent video games to minors. If you don't want you or your child to play violent video games, you have filter that out yourself. This brings us back to step one; filtering spam should be a client issue, not the ISP.
The only problem about making it a client issue only is that the servers would then get flooded with spam. That's where the ISP comes in. That's up to the ISP to stop the flooding, but it's up to the client to filter out what he/she thinks is spam (what's spam is an opinion, but flooding isn't).
Logic puzzles are no good. Think of the average user here.
You can't charge the sender. If we were able to charge the senders, we wouldn't need to do so, since we'd be already able to catch the spammer/phisher/scammer. There's another impact of charging the sender. If someone mails technical support for various reasons, should they be charged for extra help that was already warranted on their service/product? I think not. I am a consumer after all and i do get defective products every so often. Charging the sender would not work. No one wants to pay it.
What I have been thinking about lately is a local user friendly filtering system for our customers. The user controls what domain and what word should be filtered out. That way different people can change the filter real time and they won't be calling us about bouncebacks because it's *their* fault for filtering out the email (of course there will still be people calling ). But the idea is that, the people are given what they want to filter, we filter it out for them, and if they happen to check their email from another computer (home/work/hotel/etc), their settings will still stay the same because the filter is server side and not client side -- like before, client side controls their own filter. I believe this is an extraordinary task for us, but if yahoo, google, hotmail, etc are able to keep my filtering settings from computer to computer, why can't I do the same thing with our server. I believe our only problem is the man power and cost, which is basically the main problem for everything
P.S. Hardocp and forums went down earlier. Not on front page anymore
The first issue of non-user controlled blacklisting/antispam software/etc is that most of all our spam *is* coming from legitimate IP blocks. If you blacklist an IP block from, say bellsouth, you'd end up getting dozens of calls from customers who say their friend/relative/etc are getting bounce backs. Global blacklist/white list will not work. Like someone stated before, what's spam is different from person to person. But what about whitelisting the IP blocks from, say bellsouth, again? We'd be back at step one before we created a blacklist.
I agree that a centralized server is a big no-no. Others have good points on this already.
I agree that educating people is a good option. The only problem is that you're educating *people*. If education was that easy, our schools would be so much better, and the general people would be so much smarter. Some people just don't want to learn.
I agree that legislation is not an option. Laws would be ineffective. It would just make people feel better without helping much, and in fact, it could actually hinder email and progress more than it helps. You can't legislate something like this. It's like banning the sale of violent video games to minors. If you don't want you or your child to play violent video games, you have filter that out yourself. This brings us back to step one; filtering spam should be a client issue, not the ISP.
The only problem about making it a client issue only is that the servers would then get flooded with spam. That's where the ISP comes in. That's up to the ISP to stop the flooding, but it's up to the client to filter out what he/she thinks is spam (what's spam is an opinion, but flooding isn't).
Logic puzzles are no good. Think of the average user here.
You can't charge the sender. If we were able to charge the senders, we wouldn't need to do so, since we'd be already able to catch the spammer/phisher/scammer. There's another impact of charging the sender. If someone mails technical support for various reasons, should they be charged for extra help that was already warranted on their service/product? I think not. I am a consumer after all and i do get defective products every so often. Charging the sender would not work. No one wants to pay it.
What I have been thinking about lately is a local user friendly filtering system for our customers. The user controls what domain and what word should be filtered out. That way different people can change the filter real time and they won't be calling us about bouncebacks because it's *their* fault for filtering out the email (of course there will still be people calling
). But the idea is that, the people are given what they want to filter, we filter it out for them, and if they happen to check their email from another computer (home/work/hotel/etc), their settings will still stay the same because the filter is server side and not client side -- like before, client side controls their own filter. I believe this is an extraordinary task for us, but if yahoo, google, hotmail, etc are able to keep my filtering settings from computer to computer, why can't I do the same thing with our server. I believe our only problem is the man power and cost, which is basically the main problem for everything P.S. Hardocp and forums went down earlier. Not on front page anymore