Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Spam The Internet Your Rights Online

SPEWS Adds DSL Reports to Block List 814

Kylow writes "Last year, Slashdot publicized our efforts at DSL Reports to pursue a group of spammers who had spammed our forums. The Slashdot community immediately pitched in to help, and the publicity wiped the sites owned by the spammers off the internet. Fast-forward to today, and the popular yet often draconian block-list SPEWS has added DSL Reports to their blocklist due to the activities of other websites hosted on NAC.net. DSL Reports users are less than happy. This is hardly the first time SPEWS has been accused of going too far."
This discussion has been archived. No new comments can be posted.

SPEWS Adds DSL Reports to Block List

Comments Filter:
  • by GodBlessTexas ( 737029 ) on Wednesday January 21, 2004 @04:15AM (#8041349) Journal
    Is that it swats flies with sledghammers. Surely there's a more elegant way to deal with this issue now?
    • I'd like some sort of distributed list, with a web of trust type mechanism, and an indicion of the spam/email ratio.
      • by Zeinfeld ( 263942 ) on Wednesday January 21, 2004 @10:05AM (#8042986) Homepage
        I'd like some sort of distributed list, with a web of trust type mechanism, and an indicion of the spam/email ratio.

        The problem with that type of scheme is that it is really difficult to make it work when there are people trying to game the system. Try to apply the slashdot moderation system direct to political discussion and you will have teams of partisans desperately moderating down the other side. Moveon.org has been blacklisted by lists after a group of republicans organized a campaign where they subscribed to the list then reported it as spam. Same probably happens to republican lists (although grass roots does not really figure the same in their model)

        On the IRTF ASRG list Vernon Schryer used to make a point of reporting posts he simply did not like as 'spam' to his distributed mod list scheme. If the designer of a scheme can commit that type of abuse in that type of forum there is little hope for the scheme being scalable.

        SPEWS is such a cartoon cutout operation that I seriously wonder if it is being run by a spammer, certainly we will find at least one blacklist where this is the case. Think about it, other spammers are your competition, both for eyeballs and for the merchandise. So run a service that blocks their mail but not your mails when you choose.

        Quite a lot of the anti-spam technologists have played both sides of the fence. Folk who are unsucessful at selling their anti-spam scheme frequently turn to spam to sell it.

        Early on the ASRG list appeared to have been the target of a campaign to destroy the list by Vernon et al. It might just be that they are complete jerks or the gratuitous insults aimed at every practical suggestion may have been made with a purpose. It felt like there was a purpose, be as unpleasant as possible and hope you can drive people away.

        What we have to start doing is to turn the issue arround, instead of trying to spot bad mail, look for the good stuff. Mail that is genuinely from Hotmail is pretty unlikely to be bulk sent because of their rate limiters. So it is pretty likely to be genuine. Schemes like SPF and Yahoo! Domain Keys are the way to go. Couple these with an accreditation scheme that can report the reputation of the sender as well and you have a scheme that can identify good mail with very high accuracy. If 50% of mail is authenticated then the spam filters can be twice as strict on the remaining 50%.

    • Insightful? (Score:3, Insightful)

      by RMH101 ( 636144 )
      No! The fly's dead, and the other flies know that if they step out of line, they're dead too. And their kids.
      We've tried relaxing it, using smaller netblocks and it DOESN'T PROVIDE ENOUGH INCENTIVE TO WORK. If you get blocked because your ISP's blocked as they're an RFC-ignorant Spamhaus, then you'll take your business elsewhere. If you can't take it elsewhere then you'll shout and maybe change their minds.

      No ISPs forced to use SPEWS: if they do, then it's the ISPs servers the spam's clogging up, and

      • Re:Insightful? (Score:5, Insightful)

        by Endive4Ever ( 742304 ) on Wednesday January 21, 2004 @07:38AM (#8041991)
        People may begin to "start taking their business elsewhere" when a gestapo-friendly ISP just aligns themselves with an anti-spam outfit rather than providing the service the customer paid for.

        And yes, I know I'll evoke a squeal of hysteria for even hinting that any form of anti-spam zealotry could be dubious.
    • by gnu-generation-one ( 717590 ) on Wednesday January 21, 2004 @07:55AM (#8042058) Homepage
      "Is that it swats flies with sledghammers. Surely there's a more elegant way to deal with this issue now?"

      Swat spammers with sledgehammers?

    • by Ledskof ( 169553 ) on Wednesday January 21, 2004 @11:15AM (#8043600)
      Here is a website detailing basically what happens with SPEWS:
      http://www.satlug.org/~kjar/spews/

      My company has had prety much the exact same experience.
      Anyone using SPEWS is either lazy, ignorant, or could care less about the right way to do things.
      In other words, just don't use SPEWS. Use ANY list but SPEWS.
      • by scrytch ( 9198 ) <chuck@myrealbox.com> on Wednesday January 21, 2004 @12:38PM (#8044574)
        > In other words, just don't use SPEWS. Use ANY list but SPEWS.

        SPEWS is great for getting raw data, and one of the only blacklists left with detailed evidence files that contain actual spam samples (now that spamcop went from simple munging to nearly useless to all the way useless).

        Just mind the timestamps, the data is not always all that fresh. Often even that is useful, it's nice to dig up a spammer's history and past associations that way.

        Personally I'm a fan of Spamhaus, but you still can't automatically block based on SBL listings because they vary widely in quality. What Spamhaus does reasonably well is correlate the IP blocks with organizations, and none more illustrative a fashion than with ROKSO. ROKSO listed spam sources are pretty much "block on sight" ... but there's no way to tell if a listing is for a ROKSO spammer other than visiting the URL in the TXT record. It's probably that way on purpose, to make you research it, but sometimes I just need something to jog my memory. And that's where SPEWS comes back in. SPEWS puts the name of the spamming organization in the TXT record, whereas SBL does not. When I see an IP with a SBL listing, I check the SPEWS TXT record. If it indicates a ROKSO spammer, no need to go further.

        So for the obligatory bit of rudeness, stuff your righteous stance, some of us who do mail for a living know how to use blacklists as the advisory mechanisms they were intended to be. I'm truly sorry your friends or associates or whatever got screwed by an ISP that doesn't know better. SPEWS does not generally go off on righteous rants about why IP ranges are blacklisted and how everyone in there is an evil spammer. They simply indicate a range with spam problems, present the raw data, and encourage people to use other sources like spamcop to triangulate and pinpoint.

        Information may want to be free, but some people are still into shooting the messenger if the message isn't always 100% clear or it doesn't place a disclaimer between every sentence.
  • by ObviousGuy ( 578567 ) <ObviousGuy@hotmail.com> on Wednesday January 21, 2004 @04:18AM (#8041359) Homepage Journal
    If your ISP is also providing spam services to spammers, do you really want to be grouped in with them?

    I think the black girl behind me at the screening of The Ring said it best. "Get the fuck out of there!"

    Everyone loses when you patronize businesses who willingly accept spammers. Don't give them your money. Do it and feel good about yourself and for the good of your subscribers.
    • Your isp can be totally against spamming and enforce it heavily... You'll still get blocked out because their are always people who will register a server or hosting account and then spam as much as possible till they get shutdown. Spews will then block an entire ip block in which the offending ip belongs and then both your isp and yourself will suffer.
      • by Alranor ( 472986 ) on Wednesday January 21, 2004 @04:34AM (#8041407)
        No.

        Spews will list the IP that their spamtrap received mail from.

        Then they will make a complaint to the ISP.

        If the ISP ignores complaints, THEN the listing is progressively expanded, but they don't start out by listing a whole block.
        • by fwc ( 168330 ) on Wednesday January 21, 2004 @05:03AM (#8041495)
          Then they will make a complaint to the ISP

          Actually, this part is incorrect. Spews (and several other blacklist providers) don't even bother to notify the ISP before listing (or after for that matter). In spews particular case they don't send ANY email at all (you can't email them either).

          • More accurately... (Score:5, Informative)

            by Dimensio ( 311070 ) <darkstarNO@SPAMiglou.com> on Wednesday January 21, 2004 @05:06AM (#8041509)
            Actually, this part is incorrect. Spews (and several other blacklist providers) don't even bother to notify the ISP before listing (or after for that matter).

            SPEWS as an organization does not send mail, however the people who are behind SPEWS DO send LARTs to the responsible hosting providers for the spams that they receive. They just don't identify themselves as SPEWS when they do it. This is so that ISPs will either learn to take ALL complaints seriously (because they can never know when one of the complaints comes from someone at SPEWS) or learn to enjoy their new intranet.
            • This is so that ISPs will either learn to take ALL complaints seriously

              But will have the effective result of everyone treating SPEWS less seriously.

              ISPs have their own processes for dealing with complaints. Sometimes these are inadequate, but SPEWS seems to consider themselves the sole authority on the matter. They are not. They're just a bunch of jumped up nerds with way too much power, and rapidly falling credibility.
            • by That's Unpossible! ( 722232 ) * on Wednesday January 21, 2004 @10:23AM (#8043136)
              And this lovely idea is clearly working wonders.

              How long has SPEWS been "in business" ... and how many complaints do you guys still have coming from legit people who CAN'T just up and move to a different provider?

              You know, some of us are trying to do legitimate business on the internet. It's not like we have a friggin dialup account and can just pick someone else. The process of moving a business from one provider to another, especially if the provider is co-hosting your servers, is quite involved and usually involves a contract that can't easily be broken without penalties.

              SPEWS BLOWS.
              • by mrex ( 25183 )
                And this lovely idea is clearly working wonders.

                Agreed, look at how hard spammers are fighting against SPEWS.

                How long has SPEWS been "in business" ... and how many complaints do you guys still have coming from legit people who CAN'T just up and move to a different provider?

                Who literally cannot under any circumstances? I am not SPEWS, but I've never seen one.

                You know, some of us are trying to do legitimate business on the internet.

                Tell me about it.

                It's not like we have a friggin dialup account a
      • by Lord Azrael ( 472884 ) on Wednesday January 21, 2004 @04:37AM (#8041414)
        Your isp can be totally against spamming and enforce it heavily... You'll still get blocked out because their are always people who will register a server or hosting account and then spam as much as possible till they get shutdown.
        that is not true. SPEWS knows that every ISP has a certain amount of customers willing to spam. No provider will get blocked for having occasional (!) spammers on his nets. And SPEWS will not block nets that fast one spamrun originates from a net. They start threatening a ISP if he continously fails to do something against the spammers, that means, terminates their connections or shuts down the spamvertized sites. Mind that usually no ISP gets blocked suddenly, most of the blocked companies to not ever reply to messages sent to abuse@ISP or at least they never gave the impression, that they are trying to get rid of the spammers.
        Spews will then block an entire ip block in which the offending ip belongs and then both your isp and yourself will suffer.
        there are numerous reports about ISPs who did not care about well known spam gangs in their nets and only then reacted, after their internet had been turned into a big intranet after a spews listing. Only when other innocent customers of the ISP start complaining about their own ISP and threaten to terminate contracts, then often only at that point the ISPs have reacted and shut down spammer lines. SPEWS does work, although in that case mentioned today the collateral damage is too hight.
    • by WegianWarrior ( 649800 ) on Wednesday January 21, 2004 @04:24AM (#8041378) Journal

      By that logic virtually all the major ISP should be blacklisted and all real users should find little mom and pop operated providers.

      Think your logic all the way thru. If I sign up with what appears to be the best provider for me (or even the only one avilable), am I to blame because some stupid git sign up for a free trial and sends out spam? Should the postoffice refuse to deliver mail sendt from your city becuse there is a company there that sends out junkmail?

      Blocking off entire subnets may be a "solution" to stopping spam, but so is taking a pair of pliers and cut your networkcable...

      • by Dimensio ( 311070 ) <darkstarNO@SPAMiglou.com> on Wednesday January 21, 2004 @05:19AM (#8041545)
        If I sign up with what appears to be the best provider for me (or even the only one avilable), am I to blame because some stupid git sign up for a free trial and sends out spam?

        No. Fortunately, no sane DNSbl (including SPEWS) will list an ISP because "some stupid git signs up for a free trial and sends out spam". ISPs only get listed in SPEWS after refusing to terminate repeat spammers, or sign up a known "block on sight" spammer like Alan Ralsky.
      • Re: (Score:2, Insightful)

        Comment removed based on user account deletion
    • by Zak3056 ( 69287 ) on Wednesday January 21, 2004 @08:23AM (#8042254) Journal
      If your ISP is also providing spam services to spammers, do you really want to be grouped in with them?

      Not particularly, but what's my alternative? Buy myself out of the contract I have with my ISP? Then pay another ISP a "setup fee" along with entering into another contract, just so in a few months I can repeat the whole process when THEY get listed by SPEWS? Some of us (and I'm talking about small businesses here, not home users) can't afford to just throw away thousands or tens of thousands of dollars because our ISP hosts spammers.

  • As a small webhost (Score:5, Informative)

    by Nazmun ( 590998 ) on Wednesday January 21, 2004 @04:18AM (#8041360) Homepage
    I can't tell you how much we hate spews, this is far from a common occurrence and it seems that the only to fight this is to not use spews. Their are plenty of better alternatives like spamcop and orb.
  • Level 2 (Score:5, Interesting)

    by Phroggy ( 441 ) * <slashdot3@NOsPaM.phroggy.com> on Wednesday January 21, 2004 @04:21AM (#8041368) Homepage
    Comment from At Sea:
    your mail server is NOT BlackListed! If you look at the listing it is at level 2 the [2] means level 2. Read the SPEWS FAQ. No one blocks on level 2 listings.


    Level 2 listings are netblocks which are watched carefully for evidence of abuse, usually because the adjoining netblocks are in use by spammers, and because the provider (NAC in this case) is ignoring complaints about the abuse, or is doing nothing to remove the abusers.

    But, from the SPEWS FAQ, The Level 2 list ... can still be used by small ISPs or individuals who want a stricter level of blocking/filtering. "No one blocks on level 2 listings" is obviously wrong.
    • Re:Level 2 (Score:3, Informative)

      by Dimensio ( 311070 )
      It should be "no one who wants their mail system to run smoothly blocks on level 2".

      SPEWS does not recommend that level 2 listings be used for filtering, but they don't disallow it because ... well, they don't own the mailservers on which their lists are used.
    • Re:Level 2 (Score:5, Interesting)

      by Anonymous Coward on Wednesday January 21, 2004 @05:00AM (#8041482)
      "No one blocks on level 2 listings" is obviously wrong.

      You're right. A more accurate phrase would have been "ISPs who cannot afford a critical mass of false positives do not block on level 2 listings."
      That's the majority of ISPs, and certainly all of the big ones. Very few block on level 2 listings.

      Small ISPs or people like me who run an SMTP server for less than ten people (who really hate spam and are willing to deal with some false positives) have thought about it and are willing to reject inbound email from entire netblocks that are owned by sleazeballs who take money from spammers, even if it means a half dozen false positives a year. We block about 200 spams a day using a combo of spews, ordb, and spamcop, so it's definitely worth it. If that makes life difficult for the sleazeballs who take money from spammers, fine. If it encourages their legit customers to get pissed off enough to threaten to move elsewhere and stop giving the sleazeball ISP their money, that's great too. I love the fine spam-haters at DSL Reports, but they need to realize that they're pissed off at SPEWS because their ISP is hosting spammers. If they want to ignore that and place the blame totally on SPEWS, then I'm willing to chide them by bouncing any email they send my way for a little while.

      I like SPEWS and it's my choice as to whether to use it or not. Nobody else has to like it and nobody else has to use SPEWS if they don't want to.
  • Level 2 listing, (Score:5, Informative)

    by spydir31 ( 312329 ) * <hastur@hastur k u n . com> on Wednesday January 21, 2004 @04:22AM (#8041374) Homepage
    from openrbl.org
    SPEWS/spews.org: 209.123.109/24: 553 SPEWS2 [2] nac, see http://spews.org/ask.cgi?S2814
    from the SPEWS FAQ

    Q22: What is Level 2?
    A22: This includes all of Level 1, plus anyone who is spam-friendly, supporting spammers, or highly suspicious, but not blatant enough to be included in the Level 1 list yet. If it becomes obvious that someone at Level 2 has become a real problem, they will be escalated to Level 1 after some attempt at education. The Level 2 list will have some inadvertent blocking (non-spammer IP addresses listed), but can still be used by small ISPs or individuals who want a stricter level of blocking/filtering. By having a two tiered list, you can make the hardcore spamfighters happy; those who want to block first and ask questions later. Also, a listing in the Level 2 list may exert a bit of pressure on spam friendly sites and may keep them from turning totally bad - but that is not really the point, stopping spam is. (note: a Level value of "0" means that area is not listed)
  • They didn't block it (Score:5, Informative)

    by CaptainBaz ( 621098 ) on Wednesday January 21, 2004 @04:27AM (#8041388) Homepage Journal
    From the linked forum posts:

    1) your mail server is NOT BlackListed! If you look at the listing it is at level 2 the [2] means level 2. Read the SPEWS FAQ. No one blocks on level 2 listings.

    Level 2 listings are netblocks which are watched carefully for evidence of abuse, usually because the adjoining netblocks are in use by spammers, and because the provider (NAC in this case) is ignoring complaints about the abuse, or is doing nothing to remove the abusers.

    2) There is something you CAN do other than rant, which will not do you any good at all; and that is to complain to NAC about their spam-friendly policies. It's NAC's hosting network abusers which is the problem. If the listing is upgraded to level [1] then there will be a problem getting your e-mail out; if this is intollerable, the ONLY solution would be to change providers.

    3) If NAC persists (usually for a prolonged period of time) in it's disregard for the rest of the Internet, by allowing our mailboxes to be filled up by their customer's garbage, then many system administrators including myself, will choose to refuse mail from larger and larger portions of NAC's IP-Space, IMHO this is a perfectly reasonable choice. It puts presure on the service provider not to host spammers, something, which in the long run will help stop spam.

    Understand, that SPEWS does not block anyone, all they do is make available a list of spam-friendly, and spam-supporting providers. Many systems will choose not to communicate with providers who support spam operations in a direct effort to hurt spammers by denying them access to providers.

    Yes I run an ISP, and YES we use SPEWS as one of many BL's we use to eliminate UCE/SPAM from our customer's mailboxes. Spews comes in seccond only to spamhaus.org in it's effectiveness. We receive less than 10 spams/day across a user population of over one thousand. Spews alone is responsible for about 30% of the blocking.
    • by Zocalo ( 252965 ) on Wednesday January 21, 2004 @05:08AM (#8041514) Homepage
      We receive less than 10 spams/day across a user population of over one thousand. Spews alone is responsible for about 30% of the blocking.

      Yes, and if you were using Osirusoft's DNSBL when they decided to shutdown and blocklist the entire Internet it would have accounted for the extra 10 spams a day as well. Of course, you wouldn't be getting any legitimate email either, but collateral damage is the whole point of the story, and makes your statistic a little meaningless. Do you know how many legitimate emails are being blocked? No, of course not, because that's the drawback of DNSBLs; you can't tell whether that SMTP connection you just refused was really spam, or a sales lead from a potential customer that just went elsewhere.

      Now, don't get me wrong. I'm a firm believer in the judicious use of RBLs; I use a select few directly with the MTA and have several more adding weighted scores to inbound emails via SpamAssassin. However, it has been my experience that using too many blacklists is a waste of time; the spammers will most likely be on multiple lists anyway and you just increase the chances of getting false positives like DSL Reports. Obviously it's a YMMV issue, but for me SPEWS was also responsible for the vast majority of hits on the webform link I provided in the reject message to capture false positives. Note the past tense; I stopped using SPEWS a *long* time ago because of this, including with SpamAssassin, and I still get no spam in my inbox.

    • I hope you have a huge advisory to your customers that states very clearly that you use a blacklist which has a very high number of false positives, due to their neanderthal mentality of 'extreme collateral damage.'

      This is my primary problem with SPEWS and those who use it -- they do not publicize the fact that they endorse extreme collateral damage which results in unmeasurable false positives. Go to www.spews.org. Read their entire front page which summarizes SPEWS. No where does it even hint that this i
  • by fo0bar ( 261207 ) * on Wednesday January 21, 2004 @04:27AM (#8041389)
    This is a perfect example of why you should never just arbitrarily block email because it comes from an IP on a list. Instead, programs like SpamAssassin are useful because they use blocklists as a factor, one among many, in determining whether to treat a message as "spam".
    • by Pete ( 2228 ) on Wednesday January 21, 2004 @05:31AM (#8041579)
      fo0bar:
      This is a perfect example of why you should never just arbitrarily block email because it comes from an IP on a list. Instead, programs like SpamAssassin are useful because they use blocklists as a factor, one among many, in determining whether to treat a message as "spam".

      The problem with just using SpamAssassin is that it's very CPU-intensive. And when the spam's already got onto your mailserver, has already cost you in storage space and bandwidth.

      SpamAssassin is good as a second (or third) line of defense, but an RBL is much cheaper from the CPU/bandwidth/storage perspective - hence one or more RBLs is preferable as a first line of defense.

      The cool thing about RBLs is the wide selection. Are you happy to block confirmed open relays? No worries [orbs.org]. Do you want to block all of South Korea, as you never recieve legit mail from there? No worries [blackholes.us]. Do you want to block known and thoroughly reprehensible spam gangs that have been booted off three or more ISPs? No worries [spamhaus.org].

      And of course there's a variety of other blocklists [rbls.org], all with their own published criteria and standards. No one says which ones you have to use. No one says you have to use any of them.

      But the major point is, if you're a target of a blocklist, there's a reason for it (assuming the list admins didn't make a mistake, which does happen very occasionally). And there are always ways you can deal with the listing, ranging from ignoring it to smarthosting email to changing your mailserver IP.

      SPEWS are absolutely consistent with their listing criteria, and always have been. If you're not a spammer and you've been included in a netblock listed by SPEWS in Level 1, it is always after your ISP has been repeatedly warned and they've done nothing about the problem spammer.

      A SPEWS listing always starts with individual IPs. Beyond that point, it's the ISP's problem.

      Pete.
  • by Anonymous Coward on Wednesday January 21, 2004 @04:31AM (#8041399)
    The problem with RBLs is how people use them. There are actually ISPs who block all email from IP (ranges) in a RBL (even to postmaster or abuse!). That is clearly wrong and lazy.

    RBLs should be used as they were intended. As advisory to extra check email against. A good idea is to add RBLs to e.g. spamassasin and assign them a +2 score. Then you can take into account other things, like the headers and body of the email to determine if it actually counts as spam. That works very well. But blocking all email just because it comes from a certain IP on some random RBL is stupid.
  • Switch hosts (Score:2, Insightful)

    by Trillan ( 597339 )

    By hosting on NAC.net, they are providing support for an ISP that supports spammers where it counts -- in the pocketbook, with money.

    Find a new host and quit whining.

  • by dmiller ( 581 ) <djm@mindro[ ]rg ['t.o' in gap]> on Wednesday January 21, 2004 @04:35AM (#8041409) Homepage
    The SPEWS level 2 list is pretty agressive, so much so that I can't imagine it being used for blocking by commercial operations of any significant size. Individuals are another matter - do you really want to make a fuss over a few people who don't want to receive your mail?

    That being said, netblocks get listed for a reason. SPEWS does a pretty good job at providing a history of abuse. If this proves to be true, then you should choose a different provider - I wouldn't want my money going to someone supportive of spam operations.
  • by Halo1 ( 136547 ) on Wednesday January 21, 2004 @04:35AM (#8041410)
    (I'm not SPEWS and don't know anyone at SPEWS). That said:
    • dslreports.com has address 209.123.109.175. That address only appears in a level 2 listing. Very few people use level 2 listings, the "real" SPEWS are the level 1 addresses. What level 2 really means, is explained in their FAQ [spews.org] (Q22).
    • SPEWS did not add dslreports.com to their blacklist (search the linked page for dslreports, it's not mentioned). This does not make it less annoying for the owners of dslreports.com obviously, but there are differences. E.g., if a spammers moves, the blacklisting will be moved too, for dslreports.com it obviously wouldn't (no, that doesn't mean I think dslreports should simply move and shut up, I know things like that cost money).
    • The blacklist that SPEWS publishes is an *opinion*. Everyone is free to follow their opinion or not and use it to (over-)protect their property or not. If an ISP uses it (or any other blacklist) and doesn't clearly inform its customers about that fact, then this ISP is at fault.
    Nevertheless, I completely agree it's sad that the spammer situation has gotten so much out of hand that people resort to this kind of carpet-blacklisting to try to force ISP's to stop their spam support (as larger ip-blocks are only added when an ISP refuses to remove its spammers, or starts moving them around to non-blacklisted IP-addresses).

    It's however pretty much the last resort that other people have to do anything about it. If an ISP does not experience any significant harm from hosting spammers (and in facts profits largely from it) and does not want to remove them because it's the right thing to do, what else can you do to tell the ISP to FOAD if you don't want to become a vigilante?

    (putting on asbestos suit)

  • by Durzel ( 137902 ) on Wednesday January 21, 2004 @04:36AM (#8041411) Homepage
    I actually think blocking the wider IP ranges of the ISP is a positive thing, and I'm sysadmin for one, and I've been involved in a similar dispute [google.com] in the past with SPEWS. To be fair in our case we were actually caught in the collateral damage and weren't even hosting the spammer in question.

    The point is, blocking a sizeable portion of the ISPs IP range inconveniences them and their non-spammy customers. It encourages them (if nothing else) to take responsibility instead of going for the cheap buck. If blocking wide-ranging ISP IP ranges means that they wake up and stop hosting spammers (or implement stricter controls) then surely that's a good thing in the grand scheme of things.

    • Support parent post ! To rephrase, being listed in SPEWS should provide ISPs with a good incentive to do something about the problem (not allow spammers in the first place). I know I wouldn't want to be hosted by or near one of these guys, because who knows what can happen next.

      Plus, SPEWS doesn't block anyone. SPEWS provide listing of IP addresses ranges used by spam operations. It is then under the reponsibility of the individual email admins to either implement and enforce the blocks, or not. Many don'

  • by Erik Hensema ( 12898 ) on Wednesday January 21, 2004 @04:49AM (#8041453) Homepage

    I see lots of comments in the forum like 'spews blocked my server'. Spews did no such thing. Spews is listing their provider. That's what spews does. They list providers. Spam friendly providers.

    When your provider is listed by spews, it's time to move away. You are supporting your provider, which is supporting spammers.

    When legitimate customers move away, providers will feel that supporting spam costs them real money. They will figure it out sooner or later: the community hates spam. Really, really hates it. And the community will hate you for not hating spam.

    • by Anonymous Coward on Wednesday January 21, 2004 @05:05AM (#8041504)
      When your provider is listed by spews, it's time to move away. You are supporting your provider, which is supporting spammers.

      When legitimate customers move away, providers will feel that supporting spam costs them real money.


      What you may not realise is that moving elsewhere costs US real money. Money not all of us can easily afford.

      Telling people to switch ISPs because their current one is suspected of harboring spammers is like telling the people of Iraq (pre-invasion, obviously) to move away because their country was suspected of harboring terrorists. Easy to say, but far more difficult to put into practice. And the end result is that when the bombs start falling, innocent people get hurt.
      • Which is why anyone contemplating a hosting contract should check every ISP's record on spam - and make it a provision in the contract that the ISP has to pay relocation expenses in the event of their inaction resulting in them being listed on a DNSBL.

        The comparison with Iraq is plain wrong - customers can influence their ISP's actions, especially if they act en masse. The only influence an Iraqi citizen could have had on their regime was being the next in line for Saddam's target practice sessions.
        • by boots@work ( 17305 ) on Wednesday January 21, 2004 @06:51AM (#8041805)
          Which is why anyone contemplating a hosting contract should check every ISP's record on spam - and make it a provision in the contract that the ISP has to pay relocation expenses in the event of their inaction resulting in them being listed on a DNSBL.

          Spews listed samba.org's ISP, and their supporters spewed the same sophistry: that the (non-profit) Samba admins should spend large amounts of time and money switching ISPs and physical hosts. The ISP's record was previously clean, and negotiating those kind of terms is impractical when hosting a small number of machines.

          Spews openly admits that they see collateral damage as a positive good. The more non-spamming machines they hit, the happier they are. That's fine, they're happy to list whoever they want.

          I just wish more administrators were aware that blocking using Spews is a definite decision to drop legitimate and wanted email. You *will* drop legitimate email, and possibly large quantities of it, if you use Spews. If hurting spammers is more important than getting your own mail, use it!

          To judge from the number of complaints we got about people not getting their mailing lists, I don't think many of the admins using Spews were aware of the consequences. Basically everybody we spoke to decided to use less-insane RBLs.

          Using a mix of sane RBLs blended through SpamAssassin is probably the way to go these days.
    • by 91degrees ( 207121 ) on Wednesday January 21, 2004 @05:32AM (#8041581) Journal
      I see lots of comments in the forum like 'spews blocked my server'. Spews did no such thing. Spews is listing their provider.

      They list it on a list that is used to determine which servers to block, for the sole purpose of causing said servers to be blocked.

      Since their actions have the aim and result of blocking servers, I think your argument that they're not is somewhat lacking.

      When your provider is listed by spews, it's time to move away. You are supporting your provider, which is supporting spammers.

      When your provider uses SPEWS it's time to move away. SPEWS blocks too many legitimate emails to be worthwhile. The community hates being blocked as spam a lot more than it hates spam.
      • Right, you don't understand spews either.

        Spews is a boycot list.

        Spews is not a list for blocking spam. Spews is a boycot against spam supporting providers. Spews wants the listed providers to clean up their act.

        Note that a spam supporting provider is not by definition a large source of spam. They could be, but they meight as well be the hoster of spamvertized websites. And as long as providers are willing to (continue to) host spamvertized sites, spammers will continue to spam.

  • by SimianOverlord ( 727643 ) on Wednesday January 21, 2004 @04:51AM (#8041457) Homepage Journal

    I can't believe what I'm reading on this site today! Targetted advertising or so called "Spam" is a commercial venture that goes to the very heart of a great American capitalist tradition. IT IS YOUR DUTY AS A GOOD CITIZEN TO READ ALL THE SPAM IN YOUR INBOX.

    The cold war may be over, but does the term "Economic downturn" mean anything to you? We need Americans to buy herbal remedies (many of which are extraordinarily effective) and penis extenders, to consume, consume, consume before our great country becomes yet another footnote in some future history book, PROBABLY SCRAWLED IN SOME CHINESE PICTOGRAM. Is that what you want? DO YOU? ANSWER ME??

    Support your country. Reject communism. Read spam.
  • Make sure that you understand what the list is meant for, and how aggressive the list is. Some lists tell you right off of the bat that they should be used for experimental or reference purposes only, and shouldn't be used in a production environment. Talk to friends and colleagues, reference newsgroups. Start small, and see how effective your beginning measures are before increasing your efforts. Your customers and/or company depend on email, and I have seen too much legimate traffic blocked by aggressive
  • WTF (Score:5, Funny)

    by Anonymous Coward on Wednesday January 21, 2004 @04:56AM (#8041472)
    "Actually, slashdot hardly makes a dent in our traffic when they link to us, so wouldn't be excessive at all"
    -- Nil of Broadband Reports

    Them sounds like fighting words to me!

  • by Anonymous Coward
    Well this is strange, it's not like they've been added though, that's a bit of a mis-truth as NAC.net have been in SPEWS for a long time.

    Security Forums [security-forums.com] are also hosted in NAC.net so we are also 'SPEWed' which is a pain as it means anyone using an Outblaze related service doesn't get their sign up e-mail and their account will stay inactive. There is nothing you can do to get out of SPEWS, you can just moan about it :) (Plus the whole damn Data Centre is in there)

    We got around the problem by relaying a
  • The SPEWS philosophy (Score:5, Interesting)

    by Malor ( 3658 ) * on Wednesday January 21, 2004 @05:24AM (#8041563) Journal
    From what I have gathered, the SPEWS philosophy isn't just indifference to collateral damage (ie, 'civilian casualties'); they actively do this damage in order to try to force ISPs into changing their habits. And they are extremely difficult to both reach and reason with; you can post on a newsgroup and hope someone pays attention to your pleas.

    I don't know if the actual newsgroup replies come from people who make decisions with SPEWS, but those replies are amazingly hostile. "Oh, you're blocked? That's because you're on a crummy ISP that allows spammers. You're on a contract and can't switch? Well, you'd better start calling your ISP, because the block on your addresses isn't going away until the spammer adjacent to you does, and maybe not then, because you're a whiner."

    (ok, ok, that last part was a bit of hyperbole, but it's not that far off... check dejanews!)

    Admittedly, they're not killing anyone, but the tactic of deliberately attacking people who are only tangentially related to your real target is often called 'terrorism'. The consequences here are far less serious, but the fundamental tactic remains the same.... someone is doing something you don't like, and so you hurt a whole lot of people to try to force them to stop. So I don't use SPEWS.

    There are a number of other, much saner, blocklists available, and the advent of Bayesian filtering is a VERY big deal. I am personally using a combination of postfix, maildrop, SpamAssassin and bogofilter, and I get amazing results; I only started training about two weeks ago, and the spam I have to deal with has dropped by over 99%. I get 1 or 2 false negatives per day, and I have had only one false positive since I started using this system. It does take a little maintenance, but it's much less annoying and intrusive than the constant attention digging through spam takes.

    It is possible, in other words, to do an exceptional job of stopping spam without contributing to a form of terrorism.
    • Have you ever managed to persuade a major ISP to drop a (high-paying) spammer? The only way is to ensure that that ISP faces financial penalties - and that means denying them access to other networks. No active damage is being done here - SPEWS is not DDOSing or mailbombing, so heaven knows how you can make a "terrorism" analogy.

      As for other blocklists - they do the same thing. It is just that SPEWS lists entries earlier - take SPEWS out of the equation and people will start moaning about SpamHaus, SpamCop
    • the tactic of deliberately attacking people who are only tangentially related to your real target is often called 'terrorism'

      Only by Bush. Get off the "terrorism" trend, because you just discredit your own arguments that way.

      someone is doing something you don't like, and so you hurt a whole lot of people to try to force them to stop.

      You obviously have absolutely no idea what terrorism is if you believe that crap.

      By your incredibly vague definition, there is no such thing as war, as everything qualifie

  • WaterKeeper.ca [waterkeeper.ca], the site for the Lake Ontario Waterkeeper (part of Robert F. Kennedy's Waterkeeper Alliance) had the same problem, but with SORBS [sorbs.net]. WaterKeeper.ca is hosted on a server at a hosting company [crystaltech.com], shared by many other customers. The problem is, one or more of the other customers were allegedly sending spam messages, and SORBS blacklisted the whole box, leaving Lake Ontario Waterkeeper unable to communicate with many people who depend on their newsletters to keep up to date with environmental battle
  • Is there any reasonable list left that has open proxies (trojan infected Windows PCs)?
    Those are the prime source of spam these days, but they need a quick-acting blocklist.
  • It seems SPEWS is one of the most hated block lists, not by spammers, but by regular folk that end up on their list. In fact, some speculate that some of the DOS attacks against SPEWS aren't actually done by spammers, but by enough innocent people pissed off by them and their attitude. Seems like SPEWS loves collateral damage against innocent people, doesn't update often (even though it claims to "automatically" remove old listings, a lie), hides behind a newsgroup and pretends to not exist so there is no r
  • Those scumbags forward spam complaints to spammers, tell people reporting spam to "get a life", and generally abuse anyone who dares to say anything about thier spammers.

    I don't think the SPEWS listing is going to make a big difference. All of NAC.net has been locally blocked on my domain for over a year now, and they're going to stay there until the heat death of the universe or Windows XP is released under the GPL, whichever comes first.

    If DSL Reports doesn't like it, they need to get themselves a provi
  • Don't understand (Score:3, Insightful)

    by tehanu ( 682528 ) on Wednesday January 21, 2004 @06:04AM (#8041677)
    First thing, it doesn't seem as if they are blacklisted yet, only that their IP-block is on some sort of warning level before being blacklisted if their ISP doesn't do anything about spammers.

    Secondly, I don't understand why people blame SPEWS. All SPEWS does is provide a list of what they think a black-list should be. They are not forcing anyone to use it. They are not a government body or even a standards organisation. They are not trying to trick anyone with false promises or advertising a dangerous product. Obviously the people who are using it agree with its philosophies (ie. collateral damage) and believe that the false positives are worth it to get rid of the spam. ISPs that implement it are businesses first and formost. If they were losing more customers due to complaints about false positives than to complaints about spam they would have disabled it ages ago. As for complaints that SPEWS have too much power, they get the power by people who run ISPs deciding to voluntarily and of their own free will give it to them. They don't dictate terms to anyone, they don't force anyone to use their blacklists. SPEWS is a symptom of the problem not the cause. Just like fevers and boils are often the body's attempt to get rid of the disease. Mighty inconvient but useful. The cause is spammers and ISPs that support them. Managing to wipe out SPEWS is like popping smallpox boils. It does nothing to get rid of the disease. The question is whether SPAM is a disease that SPEWS can get rid of or whether the disease is so severe that the fever is useless and the inconvience was all for naught.

    I think the issue is that the problem with spam is so huge that any anti-spam action you take is going to cause problems for someone somewhere. No approach is NOT going to cause problems. Legal approaches either seem to legitimise spam or add more government control and often seem to be useless with little teeth anyway. Technical approaches like changes to email protocols seem to be going no-where quickly and take lots of money and inconvience to implement. If people fustrated with the slow technical changes start implementing different protocols we could end with a Balkanisation of email. Making people pay for each email sent will cause big problems with people who legitimately need to send out mailing lists. End user filtering tends to be more complex than the average user likes and doesn't address the problem that the email still costs money to the ISP (and hence to you). Blacklists tend to cause collateral damage. It's like the solution to any major problem - someone somewhere is going to have to give. Either you allow the government exert more control over the internet, you are willing to spend a lot of money fixing the problem technologically or you accept that blacklists are going to cause collateral damage. What are people willing to sacrifice to get rid of spam, because you are going to have to sacrifice something because it is the legal and technical status quo that allows it to happen. Just like if you want to get rid of pollution, you are going to have to sacrifice something because it is our current way of life that causes the massive pollution problems that exist today.

    Personally I think the best approach would be for spammers to all get struck by lightning and suffer in the 7 Hells for the rest of eternity but somehow I doubt that will happen.
  • Admins vs. Users (Score:4, Informative)

    by WalterSobchak ( 193686 ) on Wednesday January 21, 2004 @06:24AM (#8041729) Homepage Journal
    I used to poll SPEWS, as I really, really, hate spam.
    However we quickly got reports form our users about false positives. While my attitude was "Then your friends should switch ISPs", my users were not happy with that response.
    After some discussions, I stopped using SPEWS. I may poll it again as an advisory (i.e. marking, but not blocking messages).

    However, currently I am polling the Spamhaus SBL and XBL, and me and the users are very, very happy. The XBL catches loads of spam, and we did not have a single false positive.

    Alex
  • by Chatmag ( 646500 ) <editor@chatmag.com> on Wednesday January 21, 2004 @07:02AM (#8041852) Homepage Journal
    After a run in last year with SPEWS, and after some investigation, I believe I have found SPEWS owner/administrator, and posted last March as SPEWS no longer anonymous [chatmag.com]
  • TMDA (Score:3, Informative)

    by tyrione ( 134248 ) on Wednesday January 21, 2004 @07:11AM (#8041883) Homepage

    Wonderful piece of software that works quite nicely and for small independent mail servers you will not be disappointed.

    http://tmda.net/

    In case you don't have this running already, that is.

  • by MtlDty ( 711230 ) on Wednesday January 21, 2004 @07:15AM (#8041900)
    Maybe I'm just being paranoid. But isnt it entirely possible that 'professional spammers' could set up mail relays under a subnet of highly regarded anti-spam sites?

    This would mean that the spammers would get blacklisted, but much to the spammers glee the anti-spam sites (in this case DSL Reports) also gets blacklisted. It has a double effect of the anti-spam site being blacklisted, plus the anti-spam site (DSL Reports et al) owners arguing for the blacklist hosts (SPEWS) to be more lenient.

    It wouldnt suprise me if 'professional spammers' were acting this way to protect their own interests.
  • by chriskenrick ( 89693 ) on Wednesday January 21, 2004 @08:12AM (#8042162)
    I've recently started submitting data to the Weighted Private Block List [pc9.org] project.

    Basically, it's an attempt to use statistical filters (eg Bayesian based ones) to identify what IP's are sending spam. I'm sure that they would love to have more people involved in the collection of data, particularly if they've already trained their client side filters to a high level of accuracy.
    • by gregarican ( 694358 ) on Wednesday January 21, 2004 @08:27AM (#8042272) Homepage
      There's another effective cross platform tool that I'm hooked on. It's called Spambayes [spambayes.org] and uses similar Bayesian filters. I would say that when the thresholds are correctly set it filters out about 99% of the spam that's out there. Even the haiku, random word, etc. variety. The more spam you get the better the Bayesian analysis becomes. If you're a Microsoft Lookout user you can just have the Junk Mail folder automatically empty out every x number of days and won't have to worry about most spam again.

      Looking at all of the broadbased effects that spam has --- added network traffic, open SOCKS proxy exploits, open SMTP relay exploits, trojan host takeovers, lost business time/productivity, added storage allocation --- it really is high time that the standard governing organizations expand the SMTP protocol in to a stack that includes more sophisticated mechanisms to ensure message integrity. A sender verification token of some sort. Be it a PKI check, a site certificate, a challenge/response between sender and receiver mailhost, etc.

      Since supposedly the spammers can hide their tracks well perhaps whatever commercial product being spammed should be targeted by the authorities. The websites and entities in question would certainly be less likely to hook up with spammers then I would think.

      • There's another effective cross platform tool that I'm hooked on. It's called Spambayes and uses similar Bayesian filters.

        WPBL isn't a filtering tool itself (and hence not an alternative to Spambayes). It's a project aimed at building a list of IP addresses that send good mail and IP addresses that send spam (based on whatever bayesian filtering the client has available). The data collection is automated, so as long as your filter is accurate, then the data uploaded will be too.
  • by satch89450 ( 186046 ) on Wednesday January 21, 2004 @08:39AM (#8042321) Homepage

    OK, for those of you who read NANAE, this is old news, but for the rest of you...

    I'm a sysadmin who worked very hard to get a /24 listed in SPEWS delisted. The netblock was in the list because a customer of ours decided to provide DNS service to a known and notorious spammer. We earned the listing, period. I killed the bastard, reported the fact, and got the listing lowered to a zero, historical. In the process of doing that job, I learned a lot about the whole blocklist thing and realized that even the operators didn't see what they are really doing. They think it's about spam. Wrong.

    It's not about spam. It's about TRUST

    A listing in a recognized blocking list is a vote of "no confidence" in the IP owner's ability to run its network, to make its users -- ALL its users -- conform to the Internet society's accepted code of conduct.

    Follow along with me a moment, and you'll see why I think this way. First, the Internet is, by definition, a "network of networks", a large anarchy run by a very large number of system administrators (greater than 10,000) who make private decisions about who and how they allow to access their bandwidth, systems, and services. The Internet Society and its sub-units provide a forum to publish community notes, the Requests for Comments, which are nothing more and nothing less than agreements for how to play nice in this employee-owned swimming pool.

    The Internet community has decided on standards of behavior, and each system operator trusts every other system operator in the pool to conform to the rules of society, and to ensure that the users conform to the community rules -- not unlike CC&Rs in a neighborhood development that form part of the purchase contract of many homes and condominiums. Some operators have become lax in their expected enforcement of the rules on particularly not-nice people, the ones who break the rules in order to win money, or some other benefit. There are enough of these Internet con men out there that the community coined a word to describe them: "spammers."

    Back in the NSF days, a lapse in administration resulted in disconnection, quick and swift, so the system adminstrators, up and down the line, toed the line to avoid being banished. In the Commercial Internet that replaced the NSF Internet, personal greed gets in the way of this remedy, and so the disdain of social customs is left largely unpunished by the society.

    Just about every system operator who runs a mail service with more than three users has been yammered at by those users: "WE WANT LESS SPAM -- DO SOMETHING." Complaints to ISPs who take spammer money go largely ignored, and appeals "upstream" -- to the connection providers and to the Tier One networks -- have also gone largely ignored. So the small administrators started to implement mail filters and blocks on "spammy" IP addresses in the hopes that they can block the crap and thus appease their users.

    Spammers countered by having their providers move them around in IP space, and by using techniques to "get around" the content filters. It's become a war, frankly. First there were keyword filters, and so spammers started to "do things" to their messages, like replace the letter 'o' with the digit '0' -- you've all seen the tricks. Hash identification of bulk messages were thwarted by inserting random nonsense text. Learning filters are poisoned by spammers injecting random words. And so on and so on. In addition to these content-based counters, spammers also steal resources of innocent people: open mail relays, open proxies, and hijacked Web scripts like formmail.pl, so that the wrong person gets blames for their flood of commercial feces.

    What the block-list people decided is that having each of the 10,000 to 100,000 system administrators deal with this individually was eating up too much time, and there was this nifty thing already in place that could be used to reduce the system overhead of id

    • by djeaux ( 620938 ) on Wednesday January 21, 2004 @10:05AM (#8042995) Homepage Journal
      Back in the NSF days, a lapse in administration resulted in disconnection, quick and swift, so the system adminstrators, up and down the line, toed the line to avoid being banished. In the Commercial Internet that replaced the NSF Internet, personal greed gets in the way of this remedy, and so the disdain of social customs is left largely unpunished by the society.
      This is perhaps the most insightful thing I've read on /. (or anywhere else) so far today. It is a good history lesson. It illustrates the difference in a strict society based on rules & an open society based on profit.

      We like to talk about the "good old days" of the internet as "Wild West", but we forget that the town marshal, er, admin, could shoot down anybody who got out of line & send them straight to Boot Hill, no questions asked.

      I'm not sure I'd attribute all our problems to the commercialization of the internet more than how the internet was commercialized.

      I don't mean this to start some "Soviet Russia" vs "capitalism" flamefest. Many capitalist enterprises have based their success on following rules other than the profit-loss statement. I don't know why a "rules-based" (pun loosely intended), socially-conscious system wouldn't work for an ISP. It might even attract honest customers.

  • Suck it up. (Score:4, Informative)

    by acceleriter ( 231439 ) on Wednesday January 21, 2004 @08:40AM (#8042327)
    Your ISP supports spammers. Get another one, or live with the block. SPEWS doesn't force anyone to use its block list; there is nothing you can do but change ISPs. This is by design, so that ISPs that support spam, like NAC apparently is, lose legitimate business and are forced by the marketplace to either reject spamming and spam support or go out of business.

    I am quite surprised that a forum dedicated to broadband telecommunications can't or won't understand hat.

  • by PPGMD ( 679725 ) on Wednesday January 21, 2004 @08:51AM (#8042390) Journal
    is they are just as bad as the SPAM ISP that they are trying to stop. They don't respond at all, there is no contact information, so for many business their is only two choices, get past SPEWs (very easy to do), or go out of business.

    Personally I use a spam filter on my e-mail server, but I use Spamhaus, as my primary, which is a much more professionally run list, they remove listing automatically after 90 days without spam complaints (SPEWs generally only removes you after you beg in the newsgroup), actually have e-mail addresses that you can contact them at, and actually target the spammers nets, not blocking class B networks.

    I believe that any admin of an ISP that uses SPEWs is really doing a disservice to their customers, who will have a number of e-mail problems from some very large hosting companies.

  • by Todd Knarr ( 15451 ) on Wednesday January 21, 2004 @10:22AM (#8043126) Homepage

    Perhaps, though, they should talk to the source of the problem instead of complaining about the solution. The problem, after all, isn't that SPEWS listed a spam source network, but that NAC.net is hosting spammers alongside it's legitimate customers. Those customers should make it clear to NAC.net that either the spammers go, NOW, or they'll take their hosting elsewhere, also now.

  • by KalvinB ( 205500 ) on Wednesday January 21, 2004 @11:54AM (#8044022) Homepage
    Instead of blocking spammers, just filter out the links they include in e-mails. They can't be obfuscated because they won't work if they are and countless spammers use the same domains to host their affiliate pages and/or ad images.

    Block one IP, you block nobody you wanted to because the spammer that sent it doesn't use it anymore. Block one URL and you've just blocked dozens if not hundreds of spams regardless of who's advertising it.

    Includes source for automating the process as much as possible [icarusindie.com]

    It takes just a few minutes to go through any number of e-mails and remove all the legitimate domains that were linked to and then to update the Mercury Mail rule file.

    SPEWS is retarded and counterproductive. IPs are a finite resource and are reused constantly. You cannot realisticly block spammers by blocking IPs. SPEWS has probably done more damage to the internet by it's idiocy than spammers have. It's about time some of the businesses that are being hurt by them form a class action lawsuit. Or, even better, everyone should just stop using them until they pull their heads out of their asses and start being productive instead of just an internet bully.

    I found a simple solution that results in getting virtually no spam. And any spam I do get is taken care of on the next update. I have a domain that was getting lots of spams now pointing to a catchall at my home IP. Since I had no legitimate e-mail addresses using that domain it's now a very effective way to preemptivly block links before a spammer tries to use them in a spam sent to one of my real e-mail addresses.

    No solution is going to make spam dissappear entirly. The idea is to make it go away as much as possible so it's down to a reasonable level without causing collateral damage. SPEWS has taken the stance to act like an idiot and then blame the ISPs for SPEWS being retarded. There's no excuse or need to block IPs. Especially ones in use by people who have never sent spam.

    The best part about blocking links is that the header is meaningless. Every line of it could be forged but if the e-mail contains a link to a blocked domain it will not get through.

    Ben
  • by Indy1 ( 99447 ) on Wednesday January 21, 2004 @01:13PM (#8045166)
    The first part of this rant is directed to the admins of BBR. (dslreports is also known as BBR)

    I can understand your frustration at being listed and at the "scorched earth policy" of spews. However, there is ample and damning evidence that your isp, nac, is a MASSIVE spam haus

    First piece of evidence:
    12 sbl listings (with 3 of the really nasty yellow ones) at www.spamhaus.org

    Second piece of evidence: the well mentioned spews listing, which has bucko evidence contained inside.

    third piece of evidence: 1970 listings found at http://groups.google.com/groups?q=nac.net+group:ne ws.admin.net-abuse.sightings&hl=en&lr=&ie=UTF-8&oe =UTF-8&group=news.admin.net-abuse.sightings&sa=G&s coring=d

    I think we can all agree, nac has a MASSIVE spam problem and does jack shit about it. So lets move on. BBR obviously doesnt spam, but because you are hosted with a pro spam isp, your being used as human shields by your isp. So what are your options here to get your mail working?

    option one: bitch at nac to punt all their spammers, which will cause spews to descalate (yes spews DOES remove entries when spammers are terminated) the listing so your mail doesnt get 550'd. Problem is, nac is likely to not give a shit, and not lift a finger.

    option two: smart host your mail with a non spammy isp. There are a variety of ways to do this, and usually its not very expensive. I've leave it up to you (i am sure you guys are fairely clueful in a network sense) on the best way to accomplish this. This is probably the quickest and easiest solution, though the one negative to it is that your still supporting a spam haus, but if that doesnt bother you, then so be it.

    option three: the probably least practical solution for you, but morally the best solution. Tell nac to eat shit and die, and move your operations to a non spam haus (and despite what some people are saying, there ARE isps that dont get blacklisted, they agressively nuke any spammer on sight. Spews doesnt list you for one spam, they list you for ignoring repeated spam complaints). On a practical level, i understand this may not be a realistic option for you due to the extreme complexity of moving servers, but i figured i mention it since it is technically possible.

    ok, now for my rant directed at the non mail server admins of this forum.

    As others has said, spews does NOT directly block your mail.
    The mail admin is the one that blocks or doesnt block incoming mail. When he configures the mail server you use, he decides what if any rbls (aka blacklists) he uses. The critera for which rbls he uses depends on management's attitude (assuming its a business server), the admin's stand on spam (is he a rabid block spammers on sight type, or a "screw it, not my inbox or bandwidth" type), and the user base of the server (do the users need to recieve mail from china or south america, or can those countries be blocked with out losing legit mail?).

    Spews does not communicate directly with the outside world or provide a method to be communicated with directly for very good reasons. In the past, spammers and spam hauses (verio comes to mind) have sued rbls for completely bullshit reasons. Because spews can and does play hardball with spam hauses, they remain safely anonymous so when spam hauses try to send bullshit lawsuits (aka cartooneys in the anti spam world) to spews; well it doesnt go far when you dont even know who to send the process server to The only way to communicate with spews is by posting on the usenet group NANAE that you've removed the spammers you host. Failure to remove your spammers or lying that you've removed the spammers only gets more and more of your network listed.

    People complain about spews listing non spammers along with the spammers. Spews philosophy is similar to the following analogy. Lets say you live in the same apartment complex as the unabomber. People in your town keep getting mail bombs
  • Your Rights Online (Score:3, Insightful)

    by Voivod ( 27332 ) <crypticNO@SPAMgmail.com> on Wednesday January 21, 2004 @03:21PM (#8047176)
    This story fits very well into the "Your Rights Online" category. It's my mail server, and it's my right to decide who can talk to it. As the admin of my mail server, I am participating in a boycott of spam supporting ISPs. It's that simple.

    Nobody has "the right" to call me at midnight to sell me stuff, or junk fax me, or bang on my door until I open it. Similarly, nobody has "the right" to put an e-mail into my inbox.

  • by vandan ( 151516 ) on Wednesday January 21, 2004 @04:34PM (#8048211) Homepage
    I have to agree with their actions here. This is the sort of 'collateral damage' I agree with. Asking ISPs nicely to clamp down on spammers doesn't work - after all, spammers are customers too. To get an ISP's attention, you have to talk their language: money, and the easiest way to do that is to cause their customers to move elsewhere, and the easiest ( and most defensible ) way to do that is to blacklist IP blocks belonging to the ISP. It's just cold, hard reality. Note that I'm not saying that we have to bomb the Christ out of the ISPs and kill hundreds of thousands of innocent customers and steal their computers ... that would be taking things too far!

"Hello again, Peabody here..." -- Mister Peabody

Working...