Why Blacklisting Spammers Is A Bad Idea

Roland Piquepaille writes "For the last two months, an eternity in Internet time, I was unable to reach -- and to contribute to -- Smart Mobs, the collective blogging effort around the next social revolution initiated by Howard Rheingold. Why that? Because an unknown customer of Verio decided it was a spamming site and asked the company to blacklist the site. Verio complied -- probably without even checking it -- and my problems started. It took me dozens of e-mails and phone calls and two visits to the headquarters of my french ISP, Noos, to fix the situation. More about this horror story is available here."

Horror story my arse

[pauldy]

Use some common sense editors when presented with a story that seems unusually slanted please take it at face value. This is why corporations such as verio need to be made aware of their policies not working not that black lists do not. Blacklists are the only thing that works against spammers and they know it. So how do they fight back by using the blacklists against regular sites to try and disrupt users service so that people might think twice about using them.

Instead this article should be title "Why Blacklist Do Work" and what spammers are doing to try and disrupt them.

Had the same problem..

[Chicane-UK]

Someone anonymously submitted our MS Exchange server (I don't blame em *grin*) as a spam relay, despite the fact that it is not. As said in the original post, they didn't even check the server they just blacklisted it.

The first thing we know about it is when members of staff come to us and complain that they are getting error messages such as 'denied' when trying to email important people.

Sigh.. in fact I have that very same problem waiting to be tackled when I get back on Monday morning. And its always such a ballache to get your mail servers removed from these block lists... :(

Re:Improperly done blacklist

[PReDiToR]

I'm still pissed that AOL won't let me send email to any of their customers, just because I run my own SMTP server.

That sucks ass royally.

Hypocrisy

[sirket]

First of all, the idea of Verio blocking spammers is laughable. They have always been a haven for spammers and everyone here probably already knows that.

The real issue, however, seems to be this guys ISP. I mean honestly, what the hell is wrong with them? If I had called Speakeasy with this sort of problem, it would have been taken care of that day.

-sirket

incorrect title

[TekZen]

The tite should read: "One of the many problems with spam blacklists" -Jaxn

User vs. Customer

[Buran]

The last time I checked, being a user of an ISP or the company that carries the packets means you're a customer of that ISP/provider ... your money is used to pay for their services.

Re:Yup, I was RBL'd

[sirket]

First off, mail-abuse.org is notorious for their response times.

That said, you left a relay open for 3 days, and potentially tens of thousands of spam emails, and you are going to sit their and complain that it took two weeks for you to be removed from the black list? What about all the individual admins that added you to their personal blacklists and just never bothered removing you?

-sirket

Re:Had the same problem..

[sirket]

I know of no blacklist that does not first verify that you are indeed an open relay. If you know which service did this, then please let the rest of us know so that we can be sure not to use them.

-sirket

Blacklists and filtering only works so well.

[Chanc_Gorkon]

The thing we all forget is that spammers are human. If a single address is being blocked, then they change the addresss. If they are spoofing, there's a chance you can incorrectly block a whole domain because of one idiot who setup an open relay. Case in point, at work, all e-mail on the .biz top-level domain is blocked because of the amount of spam taht is recieved from it. What if someone we'd like to do bisness with is on that domain? Alot of the typical comapnies you do musiness with have the .com tied up but if your starting a new business, sometimes the only one available might be the .biz. I personally have given up and try to filter as much as I can knowing that even that won't help.

Slashdot global bans Spain

[Null-A]

Yep, I am tired of getting the dreaded pink slashdot screen (DPSS), after hitting several times F5 it loads the page correctly (weirdly developers.slashdot.org is the hardest to bypass)
Why /. bans spain?
Yep I know my evil "isp" hijacked the internet and put a transparent firewall but I CANT switch "isp" there is only one "real" adsl provider in spain Telefonica, the other ones are resellers of the same product. /. ban on spain lame
(I tried once emailing /., one of the addresses listed in the DPSS, but to no avail , the /. admin want me to contact my adsl proxy administrator and from there the Telefonica "techies" (another joke) and /. admin resolve the matter, what a JOKE any one in Spain will LOL at that thought, its impossible to talk to any one in Telefonica, they have a monopoly and frankly they dont care about each users because they know we CANT switch)
Note: All adsl in spain goes to port 80 using only a handful of IP adresses which /. is very kind to ban ,thx very much. (and no its impossible to change that, i cant switch adsl provider because all of them are resellers of the main one, and since the main one uses a "transparent" proxy .....

Re:Verio = SBF (Spammer's Best Friend)

[Chatmag]

I've tried the link to Spamhaus several times.

Are they being: A. DDoS'ed again B. ./'ed again C. is there a real difference between A and B?

Re:Slashdot global bans Spain

[Tony Hoyle]

They're not related to teleline.es are they? The ISP that at least once (they've been blocked on my domains for ages) sent around an email saying 'don't worry if other ISPs have blocked you for spamming.. join us and we'll let you spam all you like'.

I got that message and immediately blocked their entire subnet...

Re:Even more offensive

[taustin]

There are only a couple of possibilities here. One, you are running your own server on a consumer account with a dynamic IP address, in which case you are likely in violation of your AUP, or two, your ISP is utterly clueless and has put their static IPs in the middle of their dymanic range.

Either way, get a real provider, and your problems will disappear.

Um, Verio?

[CaptainSuperBoy]

Verio doesn't blacklist spammers. Verio HOSTS spammers. Verio is friends with spammers. Verio has a long and storied history of supporting spammers, so I think it's far more likely that Verio got blacklisted and not the other way around. This guy should have switched ISPs but he completely misunderstood what happened here - he thinks that Verio is blocking him from viewing some random web site. What actually happened is Smart Mobs' ISP blacklisted Verio, probably with good reason.

Re:Improperly done blacklist

[bigberk]

If so, why don't you use your ISP's server as smarthost and relay through them?

Why don't I use my ISP's mail server? Because:

1. My ISP's mail server sometimes takes as much as 3 hours to deliver a single email
2. Mail sometimes gets lost entirely, and without access to logs I have no clue what happened
3. I have a host with TCP/IP abilities just like everyone else. Just because I'm not paying thousands of dollars doesn't mean I can't establish a port 25 connection to another host. I resent the drive by industry to segregate connectivity based on service class (consumer/business). TCP/IP knows no such labels.

Re:Am I understanding this correctly?

[osgeek]

Additionally, it wastes more of their time/resources, since their server will sit there spinning for the connection to time out.

Newsworthy?

[fondue]

So some bandwidth provider accidentally stuck a site on a blacklist. And then it got fixed. Is there some important angle I'm missing here?

Don't tell me, because of this upset you missed meeting up with four thousand other bored office workers in a public place to do something 'wacky'? Boo freaking hoo.

Re:Improperly done blacklist

[ScrewMaster]

Thanks for the info. The idea of a blacklist of blacklists isn't a bad idea at all.

I had this happen at work. The marketing group is responsible for administering the mail server (don't ask me how that happened) and as of last Thursday about 95% of outgoing mail was being rejected by the server. It was configured to send mail direct to the remote host, bypassing the ISPs SMTP. Apparently a whole lot of domains are now blocking unrecognized SMTP transfers (there was something in the news about it). I had to call up SBC (our ISP) and find out what their mail settings were and once I did that everything worked fine, right up 'til the point where their server stopped responding for a few hours and screwed things up yet again. That was why I configured it to go direct in the first place.

I dunno about this. I'm generally not in favor of torture or undue human suffering but I'm reaching the point where I think a few spammers need to be dealt some very public, painful and drawn-out deaths. Actually, I withdraw that statement. The deterrent effect nailing only some of them is insufficient. We need to do it to all of them.

Something has to put a stop to this. My feeling is that legal, political and diplomatic solutions are going to fail, miserably. Let's face it, the problem is multinational and it only takes one spamer-friendly country to screw things up for the rest of us. That's why simple-minded ideas like "charge a penny for each mail sent!" are doomed to failure. Sure, you can crucify a few spammers, and that makes us feel like our politicians are "doing something", but ultimately the solution is going to have to be technological.

Spammers are an infection that is slowly poisoning the entire organism, and the Internet needs to be given some kind of an immune system that will, in true autonomic fashion, eliminate the possibility of spam once and for all.

Because we all know...

[FredFnord]

...that you're perfect, and have never done anything ill-informed, spiteful, purely accidental, or just plain stupid. Therefore, you can tell people not to fuck up in the first place, because clearly the rest of us just aren't trying hard enough.

The rest of us, sadly, aren't interested in trying hard enough, especially if it results in as much difficulty as you seem to have in extracting your cranium from the depths of your large intestine.

That said, I do agree that two weeks isn't an irrational amount of time for this. If it had been two months, though, I would say that they were, in fact, being irresponsible, because they said they were doing something, and then they didn't actually do it, and in fact damaged someone's personal life and potentially their business for making one simple, easy-to-make mistake.

At some point, if you volunteer to undertake a project, and then in the course of doing so you dick someone over in an easily-prevented manner, you are acting unethically. Doesn't matter that you volunteered: if your actions can screw up someone else's life, you have the obligation to be careful of them.

I try to avoid killing pets in the road, if I can do so safely. It's certainly not illegal to run over a cat, but it's certainly not nice. The argument that 'they shouldn't have let fluffy escape out the window that their nine-year-old accidentally left open' does not, somehow, cause me to decide not to (gently) step on the brake.

I know, I know, I'm the anti-libertarian, right? Saying that we actually have some sort of obligations not to actively screw over our fellow man? God, I'm a pinko commie symp! Shoot me now! Or something.

Sheesh.

-fred

Not really going well and not a good idea.

[twitter]

You propose:

What's needed is a two pronged approach. One prong is legal and is being followed fairly well; pass laws that make spamming illegal. The other prong, which is still under development, is to make technical changes to email so that spammers can't hide their addresses.

First, I don't share your glee about current laws and the direction they are taking. I fear email will end up like broadcast radio and TV - only people who pay big bucks to the government will be alowed to run a mail server. The result will be as dismal as broadcast media is, but worse because mail is personal. Imagine licensed spam and every email service being like Hotmail - a spam in every can! Your email will always be searchable by government agencies and spammers if people like AOL and Microsoft have their way.

How do they get there from here? They are already half way there. Blacklists are a part of it. Any ISP that does not prevent their users from running mail servers gats on M$ and AOL blacklists, regardless of the actual volume of spam. Convienetly enough for them, this puts further pressure on smaller ISPs and eliminates competition, compliance or no. Another way to get there is by creating mechanisms "so that smappmers can't hide their addresses". This would create the kind of central authority that the internet was designed to avoid. Wanna bet who will run that central authority? The smarter you make the net, the dumber and less free it becomes.

Laws making spam illegal, with reasonable definitions of spam are the only way to kill spam. The IP address of the spammer should leave a large enough trail for people who really want to bust spammers to follow, so it is indeed practical. Some recent turns are good, I just hope it applies to the big boys the same way it applies to the smaller ones. Somehow I doubt it, despite small charges against ATT. No spam is ever acceptable on a medium that was designed to work on pull and our laws should reflect it. If France can keep people from selling Nazi junk, the USA can halt spam if it wants to.

Re:Just to clarify

[arth1]

The manner of blocking must have been pretty special, if it gave a 404 error. That's an error that a *reachable* web server sends out when the content asked for isn't there.

Did this guy misconfigure his web server application to fetch content from a remote server and present it, and it erroneously gave a 404 error when the connection couldn't been established?

Anyhow, it's also quite uncommon that a single IP gets blocked. It's more common that a whole subnet is blocked, and this may hurt innocents who share the subnet with a spammer.

The article also fails to give any useful info on what caused the block in the first place. The complaint might have been valid for all we know -- the lack of evidence, and very biased and one-sided story doesn't give us enough information to draw any conclusions, one way or another.
Apart from either a lack of understanding of HTTP error codes and possibly misconfigured server, that is -- which makes me hesitate to dismiss the possibility that this guy was the cause of spam by having a misconfigured mail server too, or allowed his web server to be used for spamming. There's simply not enough info to say, one way or another.

As for blacklists, yeah, they're a bad idea. I used to publish one (back in the days of Sanford Wallace), but was forced to shut it down because there was no way I was going to be able to afford all the lawsuits I was threatened with -- even if not doing anything wrong, you have to front quite a bit of money, and you lose even if you win.

Regards,
--
*Art

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

you sir, are an idiot.

[RMH101]

your ISP has explicitly signed up to SPEWS because it works. it works because it encourages ISPs to be RFC compliant. it's for the greater good: i don't *care* if it breaks your email to your mom on a blacklisted ISP: it's your ISP's business decision to ignore spam complaints and become spam-friendly. natural selection says their customers get pissed off (step one: looks like it's working so far) and then jump ship to an ethical ISP. eventually the spamhauses go bust.

Re:Improperly done blacklist

[radio4fan]

If so, why don't you use your ISP's server as smarthost and relay through them?

I had to do this recently due to AOL refusing mail from my server (which is a BT business account, but not on a static IP).

Trouble is, BT's SMTP service is terrible -- earlier this year it was unavailable for over a week. That was unusual though; mainly it just drops out for an hour or so. I can handle this.

Now (as of last week) they have decided that if you send more than two emails in quick succession they will bounce the remaining mail. So if you've got say, three mails in your mail queue, when BT's SMTP server pops up again they will accept the first two mails, and bounce the third.

Of course, I will get round this when I get a bit of time by using my hosting company's SMTP server. But how long will it be before BT start snaffling all port 25 traffic and redirecting it to their own crappy server (NTL in the UK do this already)?

I find myself endlessly chasing my own tail to get the service that I used to have.

Win-win, surely?

Only if

• My ISP's server was reliable
  
• My ISP didn't arbitrarily decide to rate limit how many mails I can send (and at such an absurdly low rate)
  
• I thought I could find an ISP that won't suddenly pull this kind of trick.
  

Yeah, whatever, moron

[MattW]

You're good with the SPEWS line, there, but there's good reasons why any admin with a clue doesn't use that fucked up list.

(1) SPEWS is ineffective. It might have some effect if your goal is to drive spammers away from a given ISP, or drive customers in general away from a given ISP. But it won't significantly reduce the amount of spam you get compared to using the lists with a philosophy that involves far less collateral damage. But by using SPEWS, you WILL block hundreds or thousands of times more legitimate emails. If you (the list USER) wish to use the inconvenience of your customer base as a means to punish an ISP with spamming customers, then by all means, use SPEWS. However, if you think your first duty is to maximize spam droppage while minimizing false positives, SPEWS is NOT for you.

(2) SPEWS is inaccurate because of how it is organized. For example, one ISP I used had a spammer, and a clueless staff. After the SPEWS listing hit us, we worked with them to clear out their spammers. They did so; but one set up across town with their own space, and had a very similar name to the ISP. SPEWS decided the ISP was "hiding" its spamming on another block, and listed all blocks (the ISP and their former customer) together, despite different names and addresses on their ARIN registrations. To this day, the ISP remains in SPEWS because the other company spams. Of course, since Collateral Damage is SPEWS middle name, this is of no concern.

(3) Run by fanatics. Much like the 'Eat Your Spews' crowd; they're just the shame of all of us who'd like to see spam stop and would like to take reasonable countermeasures. I get over 1000 spams per day to my 8-year-old email address (most of which are oblitterated by spamassassin), and I wouldn't think of using SPEWS.

(4) SPEWS damages the innocent and does so without warning. Even if you're incredibly conscientious about NOT spamming, you may one day discover a horde of bounces because you are on SPEWS. Now without warning or cause, you will now suffer significant economic damages even if you do immediately exactly what SPEWS would like you to do: switch ISPs.

(5) Because of the sudden effect of (4), you probably will not; you will probably begin immediately routing your mail through a third party, thus rendering SPEWs useless, and simply costing you more money, slowing delivery, wasting bandwidth, etc.

(6) Because SPEWS must, by necessity, delist organizations who stop sending spam, the whole process only serves to make spammers be clandestine and move from ISP to ISP. And so they do; they still show up in ALL the same places. They just move on more often. And the problem is never solved. I'm sure you've noticed that there's still no shortage of spam and years of SPEWS listing places hasn't even dented the problem. But it has cost billions of dollars of productivity and other collateral damage trying to deal with the effects of SPEWS.

Basically, SPEWS is the terrorist anti-spam organization. It is threatening to blow up mail delivery if the spammers don't capitulate. Whether SPEWS works or not is really irrelevant; spammers will always move on and find new ISPs, and at best, SPEWS makes them move more often. Meanwhile, the innocent suffer, because the cure is worse than the disease.

Now, one thing I do agree with: you have every right to use SPEWS. But realize that most of your users would never concur with what you're doing, and they only accept it because they are clueless. Almost every ACCOUNTABLE organization (typically, corporations) that tries to use SPEWS stops immediately, because it is UNACCEPTABLE to have a 100:1 ratio of false positives:true positives. The shame is moronic ISPs like pacbell.net signing their servers onto SPEWS and fucking their ignorant customers out of a ton of their legitimate email.

So, it is perfectly accurate to call SPEWS the nuclear bomb of blacklists. It can and does do enormous collateral damage, most of the IPs it blocks are used by responsible or at least innocent net