Forgot your password?
typodupeerror
Spam The Internet Your Rights Online

Spanish Internet Provider's SMTP traffic Blocked 841

Posted by timothy
from the appropriate-measures dept.
Andrew D Kirch writes "After being barraged by spam and 419 scams from Rima-TDE and telefonica.es [translated], the AHBL has announced that all of Spain's national ISP's e-mail will be blocked by their blacklisting service. One has to ask though, is blocking an entire country like this the future of spamfighting, or has something gone horribly wrong?"
This discussion has been archived. No new comments can be posted.

Spanish Internet Provider's SMTP traffic Blocked

Comments Filter:
  • by joeszilagyi (635484) on Monday April 26, 2004 @02:12AM (#8970015)
    The message is clear: police your people's usage and abuse of the Internet, or prepare to enjoy your new Intranet.

    A few other countries that can use this are found here [blackholes.us].

    • I guess paying off SCO warrants a blackhole entry as well:
      EV1 [blackholes.us]
      • "Blackholes.us does not list spammers, spam supporters or vulnerable hosts at the present time. These lists are meant to contain all known networks assigned or allocated to the respective provider or organizations within the respective country. Lists are created for research purposes, primarily, and are made public for any use others see fit."

        It seems the purpose of the site is to list the IP ranges associated with various bodies in the event you should wish to block their traffic.

      • A list of EV1's IP blocks was available long before the whole SCO debacle. The reason being there was a time when it didn't appear EV1 (aka RackShack) didn't appear to be policing violaters of their AUP. Hence if you want to block EV1 you can add that particular blackhole. Of course it's something you have to add manually.
    • by Anonymous Coward on Monday April 26, 2004 @02:18AM (#8970050)
      Now that is a cool idea!
      I don't recieve email from friends in other countries. NEVER. So if a mail service could filter out anything that wasn't comming from the good ol USA, that would we sweet!

      Granted I know some places have servers elsewhere, but then the should put some here in the US then shouldn't they?
    • Indeed, my living in Thailand blocks me from many things on the internet:
      • Paypal is unusable;
      • Many other online ordering service block my whole area;
      • I have been unable to find a colo provider with php/mysql that will either accept my payment or allow FTP from SE Asia for their free account;
      • Loxinfo (the largest ISP here, I believe) users cannot post to Slashdot stories.
      Living in a country that is a home for spam relays, FTP assaults, whatever... makes life much more difficult online, though I do none of this.
      • by noselasd (594905) on Monday April 26, 2004 @04:19AM (#8970516)
        Then you'll know what to do. Complain to your ISP till they take action,
        and get rid of the bad people/spammers.
        And, gather up more people to complain.
        • by weijiao (749614) on Monday April 26, 2004 @10:46AM (#8972407)
          This is just egocentric crap! We are frequently blocked because our netblock is a source of spam. The ultimate provider is controlled by a branch of the Chinese government. Like most people here, we have no choice, or influence over our ISP. The logic in the post is therefore fatally flawed. Be aware, that the fastest growing power in IT and related is China. Do you really want to exclude that potential source of business enquiry? If so, it is not surprising that you are exporting your jobs to India and China. Ironically, 99% of the spam I receive is for products whose ultimate source is the USA.
      • Bad neighborhood. (Score:5, Insightful)

        by CrystalFalcon (233559) on Monday April 26, 2004 @08:19AM (#8971225) Homepage
        The equivalents exist IRL too.

        I live in a place where I have difficulty finding a cab. If I call for one on the phone, they tell me to be out in the street waving for the cab, or they will drive past without stopping in the area. I never go out on a Friday or Saturday night without a bulletproof vest, and I'm always armed with at least one combat knife - often several.

        This is where you live online. This is why people won't come to your place to deliver pizza. Or SMTP, or any other service.
    • by LostCluster (625375) * on Monday April 26, 2004 @02:24AM (#8970089)
      Uh... the site says:

      Blackholes.us does not list spammers, spam supporters or vulnerable hosts at the present time. These lists are meant to contain all known networks assigned or allocated to the respective provider or organizations within the respective country. Lists are created for research purposes, primarily, and are made public for any use others see fit.

      Really, all they're giving you is a list of IPs assosicated with the named nation or company. If you were to use all of those blacklists at once, you will have blocked out nearly every major hosting firm in the USA, and a good chunk of the world. Not just the spammers, but everything within those ranges. This is definitely a "We can't find the criminals, so we're nuking the town!" defense plan.

      These lists are valuable if you want to lock out an entire provider... but realize that you're going to throw out a lot of legitimate servers in your quest to block a few Spammers. Unless you're sure you're never going to have customers in Mexico, don't throw out all of Mexico's IP space in one swipe.

      Also, beware that these lists don't sort datacenters from customers. EV1's IP space for example is mostly servers, but they do operate a regional ISP as well. Block that whole range, and some dial-up customers might try to reach you and fail.

      Think before you block...
      • by rixstep (611236) on Monday April 26, 2004 @03:35AM (#8970370) Homepage
        I agree all of this can seem damned ugly, but we really have no choice. If some people fly through the roof, let them. The alternative, a legislated and policed Internet, is not an alternative.

        And they must succeed, for if they do not, the legal eagles will be here to clean up and then the world will have to go off searching for a new Internet.

        The freedom of the Internet is, IMHO, the top priority here. It is the one thing we may never trivialise. We're a fifth column here. The net is powerful - /. is powerful - and if it's legislated and policed, you can kiss most of that goodbye.

        So let them let off steam. Let them blacklist all of Spain. After all, Spain should do something. Let Spain work it out. If it does work out, it's not only a victory for anti-spam forces like us, it's a victory for a free Internet.

        Tada.
    • I see ChinaNet are on that list. Some !#@%er on ChinaNet is joe-jobbing our webmail system, we have virus and spam scanning but that takes up a lot of processing time, coupled with the vast barrage of bounces from the spammer its bringing our system to its knees.

      Complaining to ChinaNet has made no difference, all we've had is an automated response that was in Chinese.

      The sooner we just start blocking sources of spam wholesale the sooner we could see results I believe. I know it's a very extreme response,
      • by aqua (3874) on Monday April 26, 2004 @05:21AM (#8970717)
        Chinanet's attitude is utterly hostile. To the extent that one can communicate with them at all (only slightly worse than trying to communicate with any large american ISP, to be fair), they not only don't care, they will defend the spammer ("is not spam") or lie about its origins ("IP in report is wrong.") [quotes here from n.a.n-a.e] Giving them the benefit of the doubt (i.e. that they're not pernicious malevolent cretins and merely have a very different view of right and wrong in this matter), it's still impossible to deal with them on an individual basis. Maybe a government could. Or MSN, or AOL. But until that happens, all of Chinanet's known IP address blocks have a nice shiny DROP rule in my mailservers' firewalls, and any URL to a host in those blocks earns several points for spamassassin to work on.

        Unfortunately for this sort of problem, there isn't an email equivalent to a Usenet Death Penalty (UDP). UDPs threatened or applied against major ISPs often tend to produce some meaningful action. Partly it works (to the extent that it does) because Usenet has a replication fabric controllable by a relatively small number of people, whereas email has no such system.

        Maybe someone will stage a worm attack in the opposite direction from the usual -- writing a worm to scan the top spam sources lists and spamvertized website lists and DDoS them. It would do little for the problem directly, but it would increase the cost of doing business substantially for Chinanet and their kind. (okay, vigilante justice is usually very bad. But it's a fun fantasy.)
    • by billstewart (78916) on Monday April 26, 2004 @04:59AM (#8970651) Journal
      Korea was the first country to get massively blacklisted. It's probably the most wired country in the world, with a large number of cookie-cutter badly-administered machines (mainly in the school districts) that had open relays on them, language barriers that meant that if you did send mail to the bad administrators, they couldn't read them and you couldn't read their replies, and it has a relatively small set of industries that do Internet-related business with US locations - if you don't make chips or consumer electronics, and don't have friends over there, you're highly likely not to get many false positives by simply blocking the whole country and its huge spammer load. And if you _do_ have friends over there, you can still block any email that's not in Korean character sets :-)

      China's another popular place to block, not because of badly administered machines, but because of policies of tolerance of spammers and scammers and lack of useful response to abuse complaints. I haven't gotten much spam in Chinese in a while, but I still get lots with either the email origin or the web site located in China. And China's Internet access is controlled by the government telecom monopoly, who obviously don't mind spammers if they pay their bills.

      So blocking a whole country isn't a new thing. But this isn't a whole country, it's just one of the major providers there. Spain doesn't censor their users' internet service - if you're blocking their mail, they can get themselves a Hotmail or Yahoo account to reach you.

      • by BlueUnderwear (73957) on Monday April 26, 2004 @07:19AM (#8971013)
        China's another popular place to block, not because of badly administered machines, but because of policies of tolerance of spammers and scammers and lack of useful response to abuse complaints.

        However, Chinese authorities have no tolerance against people who download anti-regime propaganda, or who sympathize with Falun Gong.

        Hence, I solved my Chinese spam problem by adding the following to my sendmail.mc (it's only 4 lines, but Slashdot will probably cut the 3rd...):

        # Really give the Chinese Spammers a mouthful...
        changequote([[,]])dnl
        define([[confSMTP_LOGIN_MSG]], [[EFGIC: U.S. Congress Condemns China's Oppression of Falun Gong on\nU.S. Soil and in China\n\nHouse Concurrent Resolution 304 calls on China's agents in\n the United States to halt all operations being carried out against\n practitioners of Falun Gong on United States' soil, as well as the brutal\n persecution of millions inside China.\n\nLONDON (EFGIC) - Last week, the US Congress introduced a concurrent\n resolution calling on the Chinese government to end its brutal\n persecution of Falun Gong in China and stop all activities against Falun\n Gong practitioners inside the United States.\n House Concurrent Resolution 304 (full text), introduced by Congresswoman\n Ros-Lehtinen of Florida, references China's own constitution and\n international human rights accords in calling for China to uphold\n freedom of belief, assembly, and speech for the millions of Falun Gong\n practitioners in Mainland China.\n Resolution 304 also specifically mentioned section 401(a)(1)(B) of the\n International Religious Freedom Act of 1998 (22 U.S.C. 6401(a)(1)(B)):\n \"Whereas the Constitution of the United States guarantees freedom of\n religion, the right to assemble, and the right to speak freely, and the\n people of the United States strongly value protecting the ability of all\n people to live without fear and in accordance with their personal\n beliefs...\"\n Harassment, libel, and imprisonment have been widespread in\n Jiang Zemin's four-year campaign to eradicate Falun Gong. Torture and\n abuse in custody have led to thousands of wrongful deaths.\n]])dnl
        changequote(`,')dnl

        This will change your sendmail banner in such a way that spammers, should they dare to send to you, get a surprise visit from the political police ;-)

    • by spacefrog (313816) on Monday April 26, 2004 @06:24AM (#8970890)
      Which is exatly why reputable spam filters (Spamassassin, etc) only use a positive match on a blacklist to increase your 'spam likelyhood' score. Ditto, as the primary mx for a dozen or so domains, I *NEVER* block or delete email based upon it's spam scorecard or whether the sending server is in a 'blacklist'.

      If it goes past a certain threshold (in my case, an SA score of 5 or greater) my server will prepend ****SPAM**** to the subject line. What you choose to have your mail client do with such mail, based upon the subject line match as well as whether the sender is in your adress book, etc. is 100% your decision.

      In my personal case, I have a couple of sender domains, namely yahoogroups.com that while not spam are *sometimes* misflagged as such... Not surprising since they are mass-emailed messages that *DO* have advertising. My mail filters move these into a seperate folder before procsssing '***SPAM****" messages.

      Spam is a bitch and I hate it as much as the next admin. Deleting or blocking said email is the *wrong* choice.
  • by inflex (123318) on Monday April 26, 2004 @02:14AM (#8970025) Homepage Journal
    This is crazy, blocking an entire country because of spam - while I can appreciate the 'irritation' of receiving spam, the dis-service imposed by this massive block will greatly outweigh the 'service' it's supposed to perform.

    It's like back in school, when the entire class would be put into detention because of the actions of one person, it was a pathetic method then and it's a pathetic method now. Ultimately, it comes down to the teacher/blocker being lazy and hoping that such drastic measures will induce the 'masses' to seek out and obliterate the offending party. I never saw such 'action' succeed at school, I doubt we'll see much happen from this either (apart from iritate a lot of people).

    *disclaimer: school was more than half a lifetime ago - so perhaps my brain is rusty by now.
    • by NSash (711724) on Monday April 26, 2004 @02:22AM (#8970074) Journal
      "Blocking off an entire country" is meaningless in this context. You make it sound as if no one in Spain can send e-mail now; that's completely untrue. What has been blacklisted is e-mail originating from Spain's national ISP: that won't affect the Yahoo Mail, or hotmail, or GMail, or any other mail service accounts of people in Spain. Only the accounts provided by Telefonica De Espana, or companies that rely on them for hosting, will be blocked.

      This is far less extreme than say, a spam filter that automatically flags email originating from hotmail and aol addresses as spam.
      • by inflex (123318) on Monday April 26, 2004 @02:29AM (#8970117) Homepage Journal
        You make it sound like no one ever uses their own corporate mail servers?

        Not everyone uses yahoo, hotmail, gmail etc. A lot of local businesses will have localised mail servers, these people will now feel the crunch... I can imagine export type companies would really be wailing.

        It's not like they all have time on their hands to start phoning up and complaning, let alone even KNOWING who to complain to (imagine if they're a few tiers down from the top ISP). How many of those business would know why their email all of a sudden wasn't being responded to.

        Clients love getting email from joe@hotmail.com, very professional looking :-\

        While this may actually induce something to happen, I still feel the cost on the innocents is just too high.

        PLD.
        • by _Sprocket_ (42527) on Monday April 26, 2004 @02:58AM (#8970226)


          You make it sound like no one ever uses their own corporate mail servers? ...
          While this may actually induce something to happen, I still feel the cost on the innocents is just too high.


          If I were a company who rented IP space from Telefonica De Espana, I'd be upset. They should be able to police their own network. I would have to consider taking my business elsewhere. Or, failing that, seek compensation for the increase in expense of hosting my company email server elsewhere.

          The key here is generating a cost to ISPs who harbor spammers. After all, a spammer's fee is certainly incentive to sign them on. Without a counter incentive, we will quickly find ourselves in a classic tragedy of the commons situation.

          A final point - email and the Internet in general is a powerfull, valuable resource that exists because various entities work together. When one (or more) entities threaten the workings of that resource, it should be of no suprise that others will decide to no longer work with them.
  • by dawg ball (773621) on Monday April 26, 2004 @02:14AM (#8970029) Homepage
    ... but it's about time that something serious was done to combat spam. It's a pity that some innocent ISPs have had to suffer because of this but maybe they, in turn, will also put pressure on ISPs that host spammers?
  • by Animats (122034) on Monday April 26, 2004 @02:15AM (#8970033) Homepage
    The near future of blocklists may include all of these highly spam-tolerant areas:
    • China
    • Romania
    • Sub-Saharan Africa
    • Florida
  • by silentbozo (542534) on Monday April 26, 2004 @02:15AM (#8970034) Journal
    You may or may not like blacklists, but you gotta admit, they take their work seriously (from their list of return classifications when querying their blacklist DNS lookup):
    Shoot On Sight (Response: 127.0.0.10)

    This IP address is listed for one of several reasons. The provider, individual, or company did one of the following:

    * Cart00ney threats made towards the AHBL, SOSDG, other blacklists, and spam fighters.
    * Attempted and unsuccessful legal attacks against the AHBL, SOSDG, other blacklists, and spam fighters.
    * Promotes, supports, or incites attacks against the AHBL, SOSDG, other blacklists, spam fighters, and others on the Internet.
  • by Anonymous Coward on Monday April 26, 2004 @02:16AM (#8970037)
    ...that since most spam originates in the US, the entire country should be blocked.

    I, for one, would welcome it, living in the US. Get rid of my spam AND my e-mail. Productivity would go through the roof.

  • Wonderful (Score:5, Insightful)

    by Neo-Rio-101 (700494) on Monday April 26, 2004 @02:20AM (#8970064)
    This is amazing really.

    All the democratizing functions, promises of free education, free dispersion of information, increased international communication and understanding..... all these things that the internet promised is being brought to it's knees because of penis enlargements, nigerian fraudsters, and greedy marketers all wanting to make a buck!

    Don't mod this funny! It's NOT!

    (Actually, now that I think of it, TV suffered the same fate. Originally touted as an educational resource, it turned into the junk box it is today. It's just history repeating.)
  • by jhunsake (81920) on Monday April 26, 2004 @02:22AM (#8970076) Journal
    e-mail will be blocked by their blacklisting service

    Nope, only *you* can block email to *your* server.
    • Nope, only *you* can block email to *your* server.

      Those who blindly trust a blocklist will get burned eventually. Don't just trust some stranger you meet on the Internet to do your work for you... they will eventually screw up when you're not looking.
  • Gandi.net (Score:3, Interesting)

    by azav (469988) on Monday April 26, 2004 @02:29AM (#8970114) Homepage Journal
    I have noticed that the vast majority of spam that I get reference domains registered at http://gandi.net

    I'd LOVE to be able to block by registrar.

    Does anyone know how to get a registrar shut down??
    • Re:Gandi.net (Score:3, Insightful)

      Gandi.net just happens to be a cheap registrar. I bought a domain there, and their service is perfect AND cheap. Now your idea is just as plain stupid as blacklisting an entire country.

      Note also that with a few simple scripts blocking by registrar should be fairly easy.
      • Re:Gandi.net (Score:3, Interesting)

        by azav (469988)
        Well, if you consider that my idea is stupid, please take note that I have complained directly to them about the domains responsible for spamming. They are all ignored.

        FYI, the domains are a .biz domain that push cealis and penis extension pills.

        Now, I ask you, if the registrar does not respond to the complaints about one of their clients (who is not playing fair), what do you think IS fair and equitable treatment?

  • by dtfinch (661405) * on Monday April 26, 2004 @02:34AM (#8970134) Journal
    The United States produces more spam than any other country.

  • by dinodrac (247713) <jrollyson@nOSPaM.2mbit.com> on Monday April 26, 2004 @02:36AM (#8970141) Homepage

    Rima-tde's long time treatment of abuse complaints has lead to them being labeled by many in the community as a rogue provider.

    This has continued for quite some time, as evidenced by archived usenet posts (http://groups.google.com/groups?q=rima-tde&ie=UTF -8&oe=UTF-8&hl=en&btnG=Google+Search)

    Getting up there along with the likes of HINET and Chinese state-run providers takes some serious work, and in goes to show Telefonica De Espana's commitment to its spammers!

    Congratulations to them on this well deserved moment of (in)fame.
  • by crucini (98210) on Monday April 26, 2004 @03:01AM (#8970238)
    This is a typical demagogic attempt to get slashdotters riled up against an otherwise unnown blocklist operator. Simply put, most slashdotters do not run ISP's and therefore see only the downside of blocklists.
    Most slashdotters are benefiting from some kind of mail filtering and don't even realize it. They are like peaceniks bitching about the very defense establishment that keeps them free to bitch.

    I never heard of the AHBL before this article. There are tons of lists. A list that would block a major ISP is probably a niche list aimed at small domains who are not going to have 10,000 angry customers. If SPEWS blocked this ISP, it might be news. If some unknown list does it, so what?

    If you find it shocking that a list would shoot from the hip, don't ever query xbl.selwerd.cx. Fast, broad and unforgiving!

    Before the inevitable whining chorus of broad-listing-is-bad-what-about-the-innocent-victi ms, let me remind you that SPEWS has gotten the attention of some extremely inattentive spam havens. Companies that unrepentantly spammed like mad in the face of every kind of complaint, peer pressure, and narrowly targetted listing have suddenly come to the table when facing a broad SPEWS block. Broad listing works where diplomacy has failed.

    And remember, also, that you are almost certainly benefiting from a lot of filtering implemented by your postmasters or even network admins (at border routers). They spend a huge amount of time compiling lists of bad domains and netblocks - why shouldn't they share that knowledge with other admins? Such sharing is most efficiently done by publishing a DNS-based list like SPEWS. The high profile lists are more professionally maintained than most ISP's in-house lists. Would you rather they share in secret, so small operators can't benefit from their knowledge?
    • by bruns (75399) <bruns.2mbit@com> on Monday April 26, 2004 @03:16AM (#8970288) Homepage
      The AHBL is the redesign of the older blackholes.2mbit.com DNSbl from years ago. We've just changed its main focus on abuse in general - which includes e-mail, DoS attacks, etc.

      We are apparently in wide enough use that we deal with TDE customers on a daily basis that are complaining that they are blocked.

      Its not our primary focus to be the biggest.

      Our primary focus is to protect our systems, and the systems we manage, from spam and abuse. We make our data available to anyone and everyone, because we know that our data will improve on the feedback of our users.

      So far, we have had zero complaints from our users as to our blocking methods, even if they are extreme at times.

  • by SiliconEntity (448450) on Monday April 26, 2004 @03:06AM (#8970258)
    This is a good idea, but it doesn't go far enough.

    I didn't just block Spain. I set my system to blackhole the whole damn world!

    Just think of it! All over the world, anybody tries to send me email, and it disappears into a black hole. Eat dirt, spammers!

    And of course all the legitimate email disappears as well. But that's the point! When I talk to someone and they complain that I didn't respond to their email, I explain that it's not me - it's their world's policies about spam! Once you get your act together and get spam off the net, then I'll unblock you, I say. Until then, don't come crying to me - talk to your ISP, to your elected representatives, to the UN. That's where the problem is, and until you can solve it with them... you're blocked.

    Yup. I figure this spam business is going to get cleaned up PDQ once people realize what it's costing them. We're going to get a nice, spam-free net, and it's all because of me. You're welcome.
  • I say block it. (Score:3, Interesting)

    by Mustang Matt (133426) on Monday April 26, 2004 @03:13AM (#8970279)
    Block every country that's sending tons of spam. Yes, I know the US is responsible for most of it, but that's exactly my point. Keep blocking countries until the US spammers have to send from US servers and then let us all attack them with a multitude of lawsuits.

    China is the worst for me because some jerk spammer is sending junk with my domain on the reply-to. His stuff is hosted in China and there's not a thing I can do.
  • AHBL policies (Score:5, Informative)

    by bruns (75399) <bruns.2mbit@com> on Monday April 26, 2004 @03:22AM (#8970314) Homepage
    The AHBL is very open to working with providers to solve their problems. On a daily basis, I can be working with several ISPs to figure out how to better tune our listings, or help them track down a spamming customer.

    We only resort to this wide range listings when we're run out of options. In the case of TDE, we just do not have any more patience.

    We gave them time. We sent them abuse reports. We even asked them to provide us with accurate information on their netblocks so we can tune our listings down to only their dynamic customers.

    However, they ignored our requests.

    The AHBL has very strict policies on what we will and will not do.

    We are taking a strong stance on 419 and phishers right now - just take a look at our ongoing fight with megamailservers.com - we caught them in a lie with their phishing customers, and we are holding them responsible.

    If we are having an effect or not, it doesn't really matter to me. All I do know is that we are taking a stance and asking others to support us.

    The hope being that with enough people working with us, we will be able to force providers to do something about their problems.

    Feel free to flame me all you want.
    • Just out of interest, in which language did you write to tell them all this?

      It's a little-known (in the U.S.) fact that people in other countries speak languages other than English.

      For instance, I live in France, and my mail provider in the U.S. uses a whole bunch of these predominantly U.S.-based blacklists. Much of the mail sent via French ISPs by my friends is blocked because just once, perhaps seven or eight months ago, someone managed to send some spam from an account with those ISPs before having

  • by RWarrior(fobw) (448405) * on Monday April 26, 2004 @03:27AM (#8970330)
    It would be nice if these kinds of things would get administrators' attention. I don't have high hopes.

    Personally, I get anywhere between one thousand and one hundred thousand spams a week directed at my domain from some asshat in Brazil. They come addressed to user1@mydomain.com, user2@mydomain.com, etc., in alphabetical order. Tens of thousands of them. And that's just the Brazilian stuff. That doesn't include the mortgage ads, 419 scams, porn ads, and advertisements that will help me make my wife's penis larger.

    Since I'm the only person who uses my domain, and I don't read Portuguese anyway, these are nothing but a drain on my bandwidth and resources, even if I were inclined to buy penis enlargement cream for my wife.

    And since I use a hosting service I can't implement a connection-level block because I don't have root on the box. Implementing SpamAssassin on the hosting server brings their box to its knees (I know because I've done it and they shut down my account); instead, I have to dedicate one of my own boxes to scanning all this shit -after- downloading it. My box does virtually nothing else.

    And since my domain is my last name, I can't exactly change it easily.

    SMTP is broken. It has outlived its usefulness, and it is past time for it to die. Born in an era when the internet was a far safer place, patches and scanning placed on top of it to stop spam do nothing to put the burden of sending mail where it belongs: on the sender. While tools like SpamAssassin, SpamBouncer and RBLs help us to avoid seeing the crap in our inboxes, they remain kludges that still eat up our processor time, bandwidth, infrastructure and money.

    But all my work in call centers has taught me that stupid people will always exist, and that some of them can never be taught to behave properly. This means that any schmuck with enough money and enough time and some basic Google literacy can set up a broken copy of $YOUR_FAVORITE_SMTPD on $YOUR_FAVORITE_OS and become the latest spew.

    Proposals exist (Dr. Dan Bernstein's Internet Mail 2000 [cr.yp.to] is one of several) to shift the burden of storage and processing from the receiver to the sender. All well and good, but nobody's bothered writing a bunch of cross-platform implementations that everybody will actually switch to, and that Microsoft won't be able to embrace and extend.

    So where does that leave us mere mortals, except to use the hypersonic planet-smashing axe to kill the maggot-laying fly?

    • by 87C751 (205250) <sdotNO@SPAMrant-central.com> on Monday April 26, 2004 @07:10AM (#8970998) Homepage
      Proposals exist (Dr. Dan Bernstein's Internet Mail 2000 is one of several) to shift the burden of storage and processing from the receiver to the sender.
      IM2000 is interesting on the surface, but the proposal is incomplete and it misses one essential point. Putting the storage burden on the sender is meaningless when the sender is sending millions of identical copies. There's also the point that under IM2000, the receiver must know to seek out and download notifications of waiting mail. This does well against unsolicited spam, at the expense of unsolicited non-spam. I suppose you could develop a network of trusted introducers to provide the thousands of maildrops you would now be required to periodically check, but then there would be the issue of how to extend trust. And if spammers are willing to forge every last bit of identifying data save for the essential sucker's URL in an email now, nothing suggests that they would be any more responsible about creating introducers.

      The essential problem is that email is a push technology by necessity. A successful antispam technology protects the entry point to the system, but protecting the entry point is a Hard Problem.

  • As a Spaniard... (Score:4, Insightful)

    by JCAB (714346) on Monday April 26, 2004 @03:47AM (#8970407) Homepage
    As a Spaniard living abroad, I care deeply about this. I do exchange plenty of legit email with Spain, you see, so this will affect me personally.

    Contrary to what many people seem to think here, the announcement doesn't say thay'll block the whole country. That measure would be draconian, along the line of nuking a city to quench a major disturbance.

    Instead, they say (correctly) that they are blocking the offending IDE, which "is the govt run ISP of Spain" so it can be expected that this ISP provider is a major provider, and many people will be affected. I believe that. Telefonica was, until a few years ago, _the one and only_ telephone communications provider of Spain. It is BIG.

    This is unfortunate, but _if_ this provider really is such a non-cooperative major source of spam and hack attacks, then I can't blame them for blocking it, much as it pains me.

    • Re:As a Spaniard... (Score:4, Informative)

      by Anonymous Coward on Monday April 26, 2004 @05:26AM (#8970730)
      As Spaniard...

      It's true that the announcement does'nt say that they'll block the whole country, but telefonica rents his lines to other companies, so they will be blocking a lot of people, a lot more than the 50%.

      Its incorrect that telefonica is the gov's isp, it was few years ago, but the previus government privatized it so the new government (we have elections a month ago) doesn't have any control over the company.
      The process of privatizacion was very obscure, a lot of directives getting a large amount of money, the new president that was designed was a friend from school of the old government president, etc etc.

      We've got only a pair of alternatives and isn't as easy as it seems to change provider, for example you can't change company in the first year whithout paying a large amount of money.

      We're paying what the previous government do, they do their worst in exterior relationships, they had a very bad plan about new technologies, education, etc. For example Spain got the worst number of internet connections, internet services and the most expensive connections of Europe.

      Telefonica got the worst client hot line you can imagine and they don't pay any attention to what the users says, but you've got no alternatives in the most of the cases.

      So as a Spaniard and as a Telefonica user i thought that it isn't fair to ban the whole company ips but it's fair to make telefonica pay a large amount of money or punish it other way.

      PD: sorry for my english
  • by Animaether (411575) on Monday April 26, 2004 @03:50AM (#8970415) Journal
    Ideally, people would complain to their ISP. But, society is hardly an ideal...

    -----

    Somebody robs a bank and flees.
    The cops don't know where he is, but know that he can't have fled beyond 5 blocks.
    The cops cordon off those 5 blocks.
    Everybody within can't leave, everybody outside can't get in.
    Does society, in general, get pissed wtih :
    A. The bankrobber, for robbing the bank, making this a likely necessity
    B. The police, for preventing people from going where they want

    Answer : B

    -----

    A local TV transmitter gets notice from a commercial network that the commercial network will no longer pay the transmitter to be aired. They'll have to put them on the air for free.
    The local TV transmitter gives them the finger and pulls them off the air.
    Delicate issue : the commercial network carries soap operas that are hugely popular within the local region.
    Does society typically blame :
    A. The commercial network for using their show's/shows' popularity to try and strong-arm the local transmitter for a better deal
    B. The local transmitter for making it impossible to watch their favorite show

    Answer : B. Real story where I'm from, and people ended up getting TV dishes en-masse.

    --

    Same thing with this...

    Do you really think all those Spanish people are going to blame their ISP for hosting (known) spammers once they get word/realize that their mails out to the world are bouncing/getting eaten ?
    Of course not. They're going to say "wtf. stupid blacklists - that e-mail has to be there today, and that blacklisting of my ISP is the reason it can't. I guess I'll have to hotmail it. *expletive*"

    That's how cause and effect is going...
    effect : ISP is blacklisted
    cause : ISP hosts spammers
    NOT the legitimate people's problem!

    at least, until...
    effect : people can't send e-mail
    cause : blacklists
    Therefore - blame the blacklists!

    you see, there is no :
    effect : people can't send e-mail
    cause : ISP hosts spammers
    relationship to most of society, so they're not about to blame the spammers.

    And as much as I disagree with that stance, and would poke at my ISP to see if they can get off the blacklists a.s.a.p., I can't say that I blame users who point at the blacklists instead.

    Maybe if blacklists could warn ISPs' users 3 days in advance. Maybe... mass e-mail them :x That's spam I wouldn't mind receiving it means I could ring up the ISP and warn them that if 3 days later the ISP still finds itself listed, I'd take my business elsewhere - and find a decent alternative in the mean time, rather than being caught off-guard.
  • Not the first time (Score:3, Interesting)

    by Halo1 (136547) <jonas.maebeNO@SPAMelis.ugent.be> on Monday April 26, 2004 @04:42AM (#8970592) Homepage
    In the past, the whole of Costa Rica has already been blocked once because their national ISP (racsa.co.cr, which was (is?) the only one available) did nothing against Ralsky's bestiality and incest porn spamming via their networks and hosting his sites on their network.

    And since this is in the "Your Rights Online" category: I think everyone has the right to refuse mail from anyone else. If an ISP uses this blocking list without properly informing his customers and without offering a way for his customers to opt-out of this kind, then this ISP is obviously at fault, not the people who publish the blacklist. The latter are simply like a consumer magazine that advises against buying a particular product because it performed very bad compared to other tested products.
  • by D4C5CE (578304) on Monday April 26, 2004 @04:55AM (#8970639)
    They cannot claim that it wasn't a scenario waiting to happen.
    Back in 2000 already, Tom Geller made this statement in a discussion [tgeller.com] with the EFF:
    The saddest part of the spam problem is this: The "technical solutions" you name above already cause
    entire nations to be blackholed in thousands of servers around the world. Many postmasters have received only spam from .cn and .kr, so they dump all mail from those TLDs in the trash.
    Mind you, it is the Spanish government's explicit duty under EU legislation to stop precisely this situation from happening to all of Europe - this is the very reason why Directive 2002/58/EC [eu.int] was adopted in the first place, and its wording is crystal clear - anything that is not opt-in (with the onus on the sender to prove it) is strictly illegal:
    Article 13
    Unsolicited communications

    1. The use of [...] electronic mail for the purposes of direct marketing may only be allowed in respect of subscribers who have given their prior consent.
    It was a long hard fight [slashdot.org] getting this on the statute books almost all across an entire continent - but now, finally, the law is definitely not on the spammers' side.

    Blacklists are a bad idea in the first place, but if legitimate eMail gets blocked because a provider fails to fight spam, it is that ISP (rather than the blacklist operators) who deserves all the wrath of its customers.

    Sad as the current situation is, combined with the onslaught of Trojan eMail [slashdot.org] it will hopefully make Spanish businesses and citizens pressure their authorities to enforce a draconian crackdown on the perpetrators - finally treating spammers as the cyber-terrorists they are.

  • Just a typo (Score:3, Funny)

    by ocie (6659) on Monday April 26, 2004 @05:43AM (#8970771) Homepage
    They accidentally typed the following in a config file:

    .es TLD for spamish servers

    See, just that one letter messed up the whole country when it was caught by a filter run on the config file. Look for similar things to happen to:

    .vi TLD for U.S. virgin islands
    .ng TLD for Nigeria
    .ph TLD for the Philipenis

    Seriously, haven't these folks ever heard of a spell checker?
  • by erroneus (253617) on Monday April 26, 2004 @06:30AM (#8970902) Homepage
    Working and playing on the internet is a priviledge. It's that simple. And allow me to draw a parallel to my own experience.

    I had a roommate. This roommate has a child. This roommate's babysitter would enter my home and during that time, things would disappear. And after changing the locks twice, I arrived at the conclusion that the items were disappearing either through my roommate or the roommate's babysitter. I decided to notify the police and before my roommate would give me the babysitter's contact info, the roommate called the babysitter to inform about the situation.

    They both deny any wrong-doing and no property was recovered however, once I booted the roommate, my theft problem disappeared with the roommate.

    Living in my home was a priviledge and when that priviledge was abused I needed to take action since all other outlets were met with opposition, denial or attempts to evade. Ultimately, just like the blocking of SMTP traffic from Spain, I had to cut off the problem from the source.

    Obviously no one expects the situation with Spain to be permanant. I expect when the lesson is learned and enough cries are heard, they will be restored without the scam-spam problem they once had.

    The Public Internet is a priviledge, not a right.
  • by DocSnyder (10755) on Monday April 26, 2004 @06:53AM (#8970961)
    rima-tde.net is a major European spam source. So is wanadoo.fr [wanadoo.fr] whose official email relays (193.252.22.21-30) are sending me about 50 spam emails per day. Almost everyone in Europe is blocking their entire netblocks, but that can't be a solution as not everyone is able to block them.

    So I unblocked their relays a week ago to see the input IPs and LART each spam originating from worm-infected Wanaspew customer PCs [google.com]. Surprisingly, the whole mess hasn't been coming from thousands of wormed Weendoze boxes, but merely from *four* (later six) different input IPs. A responsible ISP wouldn't have any problem in preventing a handful of customers from emitting spam.

    Wanapoo did nothing. In spite of 44 (!) complaints to Spamadoo and some further communication with the French ISP association AFA France, the same customer IPs I've been LARTing up to 10 times since Sunday last week were still spamming on Friday [google.com].

    So there are only two solutions left - either eat your spam or dig a deep hole, put Wanadoo's netblocks including their email relays in and let them rot there. Writing spam complaints to Wanadoo is futile.

  • by JackAsh (80274) on Monday April 26, 2004 @08:55AM (#8971424)
    Hi all,

    My family actually lives in Spain, and uses Telefonica as their ISP. During my last visit, I discovered a wonderful surprise: Slashdot already blacklists the entire Telefonica data block. Whenever you select a link to read a story's comments, etc., it comes up with some message about not allowing that operation due to abuse from the netblock. It was pretty cool, really.

    In any event, Telefonica is a big, monolithic telephone operator. They used to be the official, national telephone monopoly company before the market was opened up to other operators. Telefonica is still huge, nonetheless. They have voice, data, and cell phones in Spain; I think they also own a good chuck of media there. They run a pretty sizeable percentage of the telco business in South America (possibly the largest telco in the region). They bought our Terra back in the 90's, which bought out the Lycos networks for those that actually care.

    Telefonica could probably have worse service, but they would need to train their personnel for it. As with most old monopolies there's this pervasive company culture that they are the center of the universe and if you don't like it you can go jump off a cliff or something. So I'd suggest not holding your breath for this situtation to be resolved. Although, as with every bureaucracy, every once in a while messages accidentally make it to the desk of the one guy who has a clue... :)

    -Jack Ash
  • by WoodstockJeff (568111) on Monday April 26, 2004 @10:02AM (#8971948) Homepage
    The use of ANY blacklist is OPTIONAL on the part of an ISP. And, in the case of the article in question, the lists mentioned are (and have been) more agressive than most people would like.

    We only block based on a few external lists (ORDB, SpamCop, Blitzed Proxy), and then, not unconditionally. 90% of our blocks are done by internally generated lists, because we do have to receive mail from compromised sources at times... our business customers have clients in countries that are notorious for spamming, and even on ISPs that are bad.

    That said, we do not accept any mail on the first pass from a large number of subnets, varying in size from /24 up to /8's, and a growing number of European subnets are on that list - not just Spanish ones. Mail from these subnets is "soft-bounced" (given a 451 error code) until it can be reviewed for legitimacy. And anything that doesn't have at least 1 retry is judged to be a proxy-based spam attempt.

    Now, I will check bounces against some of the more agressive lists in deciding whether to make exceptions for these "soft bounces", but the final authority is a check with the customer on anything questionable. A million-customer ISP can't do that; that's one of our advantages...

Swap read error. You lose your mind.

Working...