Reject Chinese mail

classic Classic list List threaded Threaded
30 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Reject Chinese mail

Merrick
We did get a lot of spam messages from Chinese providers. We speak not Chinese, do you think if it is possible to reject all mails from China? Thanks 
Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Reto
On 21 November 2019 05:51:56 CET, [hidden email] wrote:
>We speak not Chinese, do you think if it is possible to reject all mails from China?

Apparently you also don't speak English properly. Do you want people to spam block the full .de domain because of that?

Think hard before you block 1.5 billion people, some of which may participate on this list and could give you support if you weren't blocking them.

Could you do that? Sure. Is it worth blocking by association due to where one grew up?

Hm, didn't Germany learn its lesson yet somewhen in the 50s don't you think?

Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Viktor Dukhovni
On Thu, Nov 21, 2019 at 06:42:15AM +0100, Reto wrote:

> Hm, didn't Germany learn its lesson yet somewhen in the 50s don't you
> think?

I don't think this is appropriate tone for the list[1].  Please refrain
from similar ad-hominem in the future.  Blocking mail by language risks
false-positives and should be generally avoided, but it is not evil.

--
    Viktor.

[1] My maternal grandfather died in occupied Kiev, probably Babi Yar, I
am no apologist for Germany's war time atrocities.
Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Reto
On 21 November 2019 07:11:43 CET, Viktor Dukhovni <[hidden email]> wrote:
>Blocking mail by language risks false-positives and should be generally avoided, but it is not evil.

Blocking based on geolocation / domain endings is something I seriously despise.
Email is decentralized for a reason, blocking huge portions of it due to spammers abusing a few *is* evil in my opinion.

I'm fed up with all those threads with people who want to block the most amount of people possible just because they personally happen to be lucky enough to live in a different country than the usual botnets come from or could still buy a .com or similar domain prior to the namespaces getting exhausted.


The point I wanted to make is that we should not let the history repeat itself (yet again...) especially in the political climate we happen to be in.
My intention wasn't to slur anyone, don't get me wrong there.

I apologise if that was the case.



Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Jaroslaw Rafa
Dnia 21.11.2019 o godz. 07:51:20 Reto pisze:
>
> Blocking based on geolocation / domain endings is something I seriously despise.
> Email is decentralized for a reason, blocking huge portions of it due to spammers abusing a few *is* evil in my opinion.

Same as blocking an entire netblock or ISP because there are spammers within
this netblock or using this ISP (but there are "good" senders there as
well). Which is something a lot of email providers do, nevertheless.
--
Regards,
   Jaroslaw Rafa
   [hidden email]
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Stephen Satchell
On 11/21/19 2:57 AM, Jaroslaw Rafa wrote:
> Same as blocking an entire netblock or ISP because there are spammers within
> this netblock or using this ISP (but there are "good" senders there as
> well). Which is something a lot of email providers do, nevertheless.

Given that [hidden email] yields close-to-zero results in many cases,
I tend to ACL netblocks.  Now, there are only two reasons that I will
add an entry into my ACLs:

   1)  extortion e-mail
   2)  excessive probes on 22/TCP

This knee-jerk ACL insertion (at the edge, by the way) is tempered by
the country in which the netblock is assigned.  The A list -- China,
India, and a couple others -- the netblock ACL goes in instantly.
Others I'll send *one* notice to abuse@xxx from [hidden email] and
put the netblock on probation.  If the abuse continues, they go into my ACL.

I let the DNSBLs take care of the run-of-the-mill spam, plus I segregate
spam that gets through into separate folders in my MUA.  This shunts
most spam into bins that I can process when priorities allow, and not
dilute the "ham" in the traffic stream.

The Internet, as currently developed, is not designed for wide public
consumption.  It assumed a BOFH was at each access point.

Reply | Threaded
Open this post in threaded view
|

It's all about risk and risk mitigation Re: Reject Chinese mail

Fred Morris
In reply to this post by Reto
It's about risk versus reward.

Never mind email. Let's say I'm an employer. They might all be perfectly
fine people in Walmart land, but why do people on the network I control
need to visit their web site? Is there any reason? Do we do business with
them? I might not go to any great lengths to block them, but I might not
miss them when they're gone. Maybe that seems a little silly. How about
blocking certain web sites because they show ads from pwned ad networks?
What if I block foreign media outlets, for this reason, because they're
proven popular in watering hole attacks? You might say it's a lost cause,
because smartphones, BYOD, whatever. I can block them from my network,
whatever. But I'll raise you one: there are sites selling aggregate (if
you're lucky) foot traffic info, and people are buying it to figure out
how many people are at work at a particular location at a particular time;
as an employer I have the right to ban carrying smartphones in the
workplace, and this seems like a pretty reasonable reason if I need one.

The relationship between email and domains is tenuous... or is it? Plenty
of domains out there send email through gmail or outlook. Plenty of
domains don't. The hosting you choose is your political voice. Let's say
you decide to set up your domain, and email, through a privacy protected
registrar, on privacy protected nameservers. Never mind whether I think
people should have the right to anonymously spew email on the internet or
not. Hrmmm... seems like a good idea to spammers too, apparently. In fact,
there are spammers using the same nameservers. I think I'll block all mail
from domains using those nameservers, because I can see because I keep
records of such things, that I've never received legitimate mail from a
domain using those nameservers. What about your domain? Really, I don't
care. I'm not getting mail from anyone using those servers Q.E.D. Seems
like a good choice to me. You made a bad choice, predicated on a right and
freedom to send email which doesn't exist in the real world. By accident
or design, you set up shop in a bad neighborhood. (Your registrar made
what I would consider a bad choice as well, although they likely
disagree.)

People disagree on the definition of "newly observed (or registered or
changed)", but one thing is clear: blocking email, or for that matter all
resolution of new domains, is low risk... even if the benefits might vary
with the situation or are inarticulable beforehand. I am well aware that
along with the spammers, marketers are upset about this: they paid their
money and registered a domain just for this marketing campaign, who are
network administrators to get between them and their audience? Again,
predicated on presumed rights and freedoms which are found not to be so
absolute when tested in the real world. Long before NOD as a Thing, mail
system administrators were mitigating spam by returning "spool full, try
later" when the first mail from a domain shows up, and adding it to a
whitelist so that when the sender retries in an hour or several the mail
gets delivered. So, there's no historical precedent either. The perception
of a right is simply in error.

1) It's all about the risk of mitigating certain annoyances or threats
    versus the risk of the loss of business and administrative overhead of
    dealing with false positives.

2) People are gonna do it and they're going to do it in the way that's
    easiest and least costly to them.

By the way, mail from mailing lists comes from the mailing list;
furthermore, this mailing list's archives are online. Send email from
anywhere that the mailing list will accept it, my policies are of no
concern. :-)


I'll hazard that the reputation of particular domains whether they're
TLDs or PseudoTLDs, registrars, or particular constellations of network
infrastructure, is outside the scope of this list. There are lists for the
discussion of such issues, although in my experience the useful ones are
not public.

--

Fred Morris

Reply | Threaded
Open this post in threaded view
|

Re: It's all about risk and risk mitigation Re: Reject Chinese mail

Merrick


On Fri, Nov 22, 2019, at 2:25 AM, Fred Morris wrote:



I'll hazard that the reputation of particular domains whether they're 
TLDs or PseudoTLDs, registrars, or particular constellations of network 
infrastructure, is outside the scope of this list. There are lists for the 
discussion of such issues, although in my experience the useful ones are 
not public.

--

Fred Morris




Hello Fred

If we choose not using big providers (google, MS etc), what mail service should be better to use?
Setup a mail server is hard job, I am not sure every body can do that well.

Thank you.
Reply | Threaded
Open this post in threaded view
|

Re: It's all about risk and risk mitigation Re: Reject Chinese mail

Fred Morris
On Fri, 22 Nov 2019, Merrick wrote:

>
> On Fri, Nov 22, 2019, at 2:25 AM, Fred Morris wrote:
>>
>> I'll hazard that the reputation of particular domains whether they're
>> TLDs or PseudoTLDs, registrars, or particular constellations of network
>> infrastructure, is outside the scope of this list. There are lists for the
>> discussion of such issues, although in my experience the useful ones are
>> not public.
>>
>> --
>>
>> Fred Morris
>>
>
> Hello Fred
>
> If we choose not using big providers (google, MS etc), what mail service should be better to use?
> Setup a mail server is hard job, I am not sure every body can do that well.

I'm not sure this is on-topic for this list either. I wasn't trying to say
anyone's a bad person for using the big providers, but you do pick the
neighborhood and the landlord. Honestly if they're serious about the
reputational aspects of making "ESP" a thing, I'll praise them for it.

You can have more than one, too, such as one which supports encryption, or
DANE, or whatever.

Is this a question about sending or receiving? What are the issues which
concern you? There are also legal aspects of "data at rest"; there might
be other aspects which I am unaware of in other jurisdictions.

I suppose that's a segue to: on the receiving side you can use a provider
as a forwarder, but do all of the storage and stuff locally: there are
hybrid solutions. The degree of email protection thus provided is a
sliding control, dial to the degree you're seeking to offload.

On the sending side, use SPF, and don't make it so complicated you mess it
up. Get some reputation data about your infrastructure neighborhood, or
forward sending to someone who has a good reputation who is willing to
relay for you. (If their reputation is any good, they probably pay
attention to complaints. If their reputation is bad, there'll be plenty.)

Keep an eye on DANE.

Since I run my own mail servers I'm probably not a good person to ask. I
don't find it particularly hard work. I set account limits, provide some
tools and also disincentives to make safety and privacy the easier course
and at the end of the day it's my servers, my rules.

As for my employer's and correspondent's practices, their servers, their
rules.

--

Fred Morris

Reply | Threaded
Open this post in threaded view
|

Re: It's all about risk and risk mitigation Re: Reject Chinese mail

Fred Morris
One more thing...

On Thu, 21 Nov 2019, Fred Morris wrote:
> Since I run my own mail servers I'm probably not a good person to ask. I
> don't find it particularly hard work. I set account limits, provide some
> tools and also disincentives to make safety and privacy the easier course and
> at the end of the day it's my servers, my rules.

Note to people who are not management who are attempting this: it's the
/server's/ fault. You set up the server's configuration, but blame the
server. Always blame the server. That's the way it is.

It sounds cynical, and it shamelessly is, but it creates objectivity
around the problem and separates it from your own ego. Is the server
"misbehaving"? How is that? What about these benefits? How about dangers
to others?

Have fun!

--

Fred

Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Ralph Seichter-2
In reply to this post by Merrick
* [hidden email]:

> We did get a lot of spam messages from Chinese providers. We speak not
> Chinese, do you think if it is possible to reject all mails from
> China?

SpamAssassin, which is often used in combination with Postfix, has a
plugin called "RelayCountry" that allows you to change the spam score of
email. It uses GeoIP and is therefore not always accurate, but overall
it can help.

There is also the "TextCat" plugin that attempts to determine the
language of email bodies, and it allows you to adjust spam scores based
on wanted/unwanted languages.

Personally, I think that hard blocks based on these plugins are not a
good idea, but if your business is not set up to handle communication
written in language X (e.g. because none of your employees speak X),
adjusting the spam score seems reasonable.

-Ralph
Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Wesley Peng-4
SA (Spamassassin) is good idea, I saw most people running their own mail servers are using it.


On Sat, Nov 23, 2019, at 4:35 AM, Ralph Seichter wrote:

> We did get a lot of spam messages from Chinese providers. We speak not
> Chinese, do you think if it is possible to reject all mails from
> China?

SpamAssassin, which is often used in combination with Postfix, has a
plugin called "RelayCountry" that allows you to change the spam score of
email. It uses GeoIP and is therefore not always accurate, but overall
it can help.

There is also the "TextCat" plugin that attempts to determine the
language of email bodies, and it allows you to adjust spam scores based
on wanted/unwanted languages.

Personally, I think that hard blocks based on these plugins are not a
good idea, but if your business is not set up to handle communication
written in language X (e.g. because none of your employees speak X),
adjusting the spam score seems reasonable.

-Ralph


Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

황병희-2
In reply to this post by Merrick
[hidden email] writes:

> [...] do you think if it is possible to reject all mails from China? Thanks

How about moving to Gmail(Google Apps)? Gmail's spam defense is not bad, i
think. Plus don't block China. Blocking China is blocking money.

Sincerely,

--
^고맙습니다 _地平天成_ 감사합니다_^))//
Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Jaroslaw Rafa
Dnia 23.11.2019 o godz. 10:59:24 황병희 pisze:
>
> How about moving to Gmail(Google Apps)?

If someone is running their own mail server, do not ask them to move to
Gmail. That's what the big players like Google want - that everyone uses
their service and there are no more small, independent servers on the
Internet. We should defend the de-centralized Internet, not help big players
to make it more centralized.
--
Regards,
   Jaroslaw Rafa
   [hidden email]
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Wesley Peng-4
I totally agreed with you @Rafa.

btw, is there any good reputation, strict standard email hosting for suggestions? I currently use fastmail, it is good for personal usage, but I heard some privacy problems for commercial use. 

thanks.

On Sat, Nov 23, 2019, at 6:35 PM, Jaroslaw Rafa wrote:
Dnia 23.11.2019 o godz. 10:59:24 황병희 pisze:

> How about moving to Gmail(Google Apps)?

If someone is running their own mail server, do not ask them to move to
Gmail. That's what the big players like Google want - that everyone uses
their service and there are no more small, independent servers on the
Internet. We should defend the de-centralized Internet, not help big players
to make it more centralized.
-- 
Regards,
   Jaroslaw Rafa
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."


Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Rafael Azevedo-4
In reply to this post by 황병희-2
I've blocked the entire ASIA netblocks in my ASN.
We don't exchange any information with that part of the world, neither any of our customers.
All we get from that part of the world is DDoS attacks, brute force attacks and spam.
Sorry for those who don't agree with me, its ok, but I got tired of being attacked and having this old type of thought "blocking China is blocking money" or maybe "There are good people there as well".
Over 20 years working with internet and the only thing that came to me from China is my Macbook.
Good people always end up paying for the bad ones. That's how world works.
By the way, you can find ASIA NETBLOCK on the internet and block them all easily.
Good luck.
BR,

Em sex., 22 de nov. de 2019 às 23:00, 황병희 <[hidden email]> escreveu:
[hidden email] writes:

> [...] do you think if it is possible to reject all mails from China? Thanks

How about moving to Gmail(Google Apps)? Gmail's spam defense is not bad, i
think. Plus don't block China. Blocking China is blocking money.

Sincerely,

--
^고맙습니다 _地平天成_ 감사합니다_^))//
Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Wesley Peng-4
Or maybe block them by ESP? I saw there is a Perl module listing those big providers in China.


regards 

On Sat, Nov 23, 2019, at 7:33 PM, Rafael Azevedo wrote:
I've blocked the entire ASIA netblocks in my ASN.
We don't exchange any information with that part of the world, neither any of our customers.
All we get from that part of the world is DDoS attacks, brute force attacks and spam.
Sorry for those who don't agree with me, its ok, but I got tired of being attacked and having this old type of thought "blocking China is blocking money" or maybe "There are good people there as well".
Over 20 years working with internet and the only thing that came to me from China is my Macbook.
Good people always end up paying for the bad ones. That's how world works.
By the way, you can find ASIA NETBLOCK on the internet and block them all easily.
Good luck.
BR,

Em sex., 22 de nov. de 2019 às 23:00, 황병희 <[hidden email]> escreveu:

> [...] do you think if it is possible to reject all mails from China? Thanks

How about moving to Gmail(Google Apps)? Gmail's spam defense is not bad, i
think. Plus don't block China. Blocking China is blocking money.

Sincerely,

--
^고맙습니다 _地平天成_ 감사합니다_^))//

Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

Matthew McGehrin
In reply to this post by Merrick
Hello,

There is a DNSBL maintained by bit.nl that allows you to block countries
with relative ease.

URL: https://noc.bit.nl/dnsbl/ascc/

IE: cn.ascc.dnsbl.bit.nl

This zone contains data regarding the ISO3166 countrycode and BGP
Autonomous System for any given IPv4 or IPv6 address. Every wednesday,
RIR allocation statistics are downloaded for the RIPThis zone contains
data regarding the ISO3166 countrycode and BGP Autonomous System for any
given IPv4 or IPv6 address. Every wednesday, RIR allocation statistics
are downloaded for the RIPE, ARIN, APNIC, LACNIC and AFRINIC regions and
this data is combined with a route-dump of the default free zone, as
seen from AS12859.E, ARIN, APNIC, LACNIC and AFRINIC regions and this
data is combined with a route-dump of the default free zone, as seen
from AS12859.

Thanks,

Matthew

On 11/20/2019 10:51 PM, [hidden email] wrote:
> We did get a lot of spam messages from Chinese providers. We speak not
> Chinese, do you think if it is possible to reject all mails from
> China? Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

three_jeeps
In reply to this post by Rafael Azevedo-4
+1 E10.
A colleague has dealt with them directly on technical/product and process issues and their business and product ethics when compared to ours, leave a lot to be desired.
"blocking China is blocking money" => sell ones soul to the devil.

On Sat, Nov 23, 2019 at 6:35 AM Rafael Azevedo <[hidden email]> wrote:
I've blocked the entire ASIA netblocks in my ASN.
We don't exchange any information with that part of the world, neither any of our customers.
All we get from that part of the world is DDoS attacks, brute force attacks and spam.
Sorry for those who don't agree with me, its ok, but I got tired of being attacked and having this old type of thought "blocking China is blocking money" or maybe "There are good people there as well".
Over 20 years working with internet and the only thing that came to me from China is my Macbook.
Good people always end up paying for the bad ones. That's how world works.
By the way, you can find ASIA NETBLOCK on the internet and block them all easily.
Good luck.
BR,

Em sex., 22 de nov. de 2019 às 23:00, 황병희 <[hidden email]> escreveu:
[hidden email] writes:

> [...] do you think if it is possible to reject all mails from China? Thanks

How about moving to Gmail(Google Apps)? Gmail's spam defense is not bad, i
think. Plus don't block China. Blocking China is blocking money.

Sincerely,

--
^고맙습니다 _地平天成_ 감사합니다_^))//
Reply | Threaded
Open this post in threaded view
|

Re: Reject Chinese mail

@lbutlr
In reply to this post by Merrick
On 20 Nov 2019, at 21:51, [hidden email] wrote:
> We did get a lot of spam messages from Chinese providers. We speak not Chinese, do you think if it is possible to reject all mails from China? Thanks

This is what I do:

In crontab for root:
@reboot bash -c 'pfctl -t badguys -T add $(cat /usr/local/etc/cn.zone)’

(I also do this for ru.zone)

This doesn’t necessarily block emails in Chinese, but not blocks a lot of spam from Chinese servers, though not as many as the Russia block does).

I do see mails from people who have Chinese names or Chinese characters in their signatures, and I have no interest in blocking those. I vary rarely see Chinese spam any more.

The reason I block at the firewall is that many attacks agains SSH or other ports come from IP addresses in these netblocks, and I see no legitimate connections from them. Other people’s server will, of course, have different experiences.

I don’t see this as any different from blocking an ISP because they allow criminal activity from their network, it’s just at a wider scale.


--
'They say that whoever pays the piper calls the tune.' 'But, gentlemen,'
said Mr Saveloy, 'whoever holds a knife to the piper's throat writes the
symphony.' --Interesting Times

12