SPEWS Adds DSL Reports to Block List 814
Kylow writes "Last year, Slashdot publicized our efforts at DSL Reports to pursue a group of spammers who had spammed our forums. The Slashdot community immediately pitched in to help, and the publicity wiped the sites owned by the spammers off the internet. Fast-forward to today, and the popular yet often draconian block-list SPEWS has added DSL Reports to their blocklist due to the activities of other websites hosted on NAC.net. DSL Reports users are less than happy. This is hardly the first time SPEWS has been accused of going too far."
The problem with lists like SPEWS... (Score:5, Insightful)
Re:The problem with lists like SPEWS... (Score:2, Insightful)
Re:The problem with lists like SPEWS... (Score:5, Insightful)
The problem with that type of scheme is that it is really difficult to make it work when there are people trying to game the system. Try to apply the slashdot moderation system direct to political discussion and you will have teams of partisans desperately moderating down the other side. Moveon.org has been blacklisted by lists after a group of republicans organized a campaign where they subscribed to the list then reported it as spam. Same probably happens to republican lists (although grass roots does not really figure the same in their model)
On the IRTF ASRG list Vernon Schryer used to make a point of reporting posts he simply did not like as 'spam' to his distributed mod list scheme. If the designer of a scheme can commit that type of abuse in that type of forum there is little hope for the scheme being scalable.
SPEWS is such a cartoon cutout operation that I seriously wonder if it is being run by a spammer, certainly we will find at least one blacklist where this is the case. Think about it, other spammers are your competition, both for eyeballs and for the merchandise. So run a service that blocks their mail but not your mails when you choose.
Quite a lot of the anti-spam technologists have played both sides of the fence. Folk who are unsucessful at selling their anti-spam scheme frequently turn to spam to sell it.
Early on the ASRG list appeared to have been the target of a campaign to destroy the list by Vernon et al. It might just be that they are complete jerks or the gratuitous insults aimed at every practical suggestion may have been made with a purpose. It felt like there was a purpose, be as unpleasant as possible and hope you can drive people away.
What we have to start doing is to turn the issue arround, instead of trying to spot bad mail, look for the good stuff. Mail that is genuinely from Hotmail is pretty unlikely to be bulk sent because of their rate limiters. So it is pretty likely to be genuine. Schemes like SPF and Yahoo! Domain Keys are the way to go. Couple these with an accreditation scheme that can report the reputation of the sender as well and you have a scheme that can identify good mail with very high accuracy. If 50% of mail is authenticated then the spam filters can be twice as strict on the remaining 50%.
Insightful? (Score:3, Insightful)
We've tried relaxing it, using smaller netblocks and it DOESN'T PROVIDE ENOUGH INCENTIVE TO WORK. If you get blocked because your ISP's blocked as they're an RFC-ignorant Spamhaus, then you'll take your business elsewhere. If you can't take it elsewhere then you'll shout and maybe change their minds.
No ISPs forced to use SPEWS: if they do, then it's the ISPs servers the spam's clogging up, and
Re:Insightful? (Score:5, Insightful)
And yes, I know I'll evoke a squeal of hysteria for even hinting that any form of anti-spam zealotry could be dubious.
Re:The problem with lists like SPEWS... (Score:5, Funny)
Swat spammers with sledgehammers?
SPEWS == the wrong way (Score:4, Insightful)
http://www.satlug.org/~kjar/spews/
My company has had prety much the exact same experience.
Anyone using SPEWS is either lazy, ignorant, or could care less about the right way to do things.
In other words, just don't use SPEWS. Use ANY list but SPEWS.
Re:SPEWS == the wrong way (Score:5, Interesting)
SPEWS is great for getting raw data, and one of the only blacklists left with detailed evidence files that contain actual spam samples (now that spamcop went from simple munging to nearly useless to all the way useless).
Just mind the timestamps, the data is not always all that fresh. Often even that is useful, it's nice to dig up a spammer's history and past associations that way.
Personally I'm a fan of Spamhaus, but you still can't automatically block based on SBL listings because they vary widely in quality. What Spamhaus does reasonably well is correlate the IP blocks with organizations, and none more illustrative a fashion than with ROKSO. ROKSO listed spam sources are pretty much "block on sight"
So for the obligatory bit of rudeness, stuff your righteous stance, some of us who do mail for a living know how to use blacklists as the advisory mechanisms they were intended to be. I'm truly sorry your friends or associates or whatever got screwed by an ISP that doesn't know better. SPEWS does not generally go off on righteous rants about why IP ranges are blacklisted and how everyone in there is an evil spammer. They simply indicate a range with spam problems, present the raw data, and encourage people to use other sources like spamcop to triangulate and pinpoint.
Information may want to be free, but some people are still into shooting the messenger if the message isn't always 100% clear or it doesn't place a disclaimer between every sentence.
Re:SPEWS == the wrong way (Score:5, Informative)
You are ignorant of this scenario:
Your ISP has Company A (You) and Company B with a bad administrator.
Company B screws up and installs a Microsoft patch that opens up their Exchange SMTP server as an open email relay.
So they become a spam email relay just because they applied a patch. Unbeknown to the ISP, someone accidentally became a SPAM relay. Then some idiots get this attitude that the ISP is a Spam friendly ISP.
My company was blocked because a company that had been shutdown 2 years beforehand was listed in the same IP block.
So here's what we did when we discovered we were on SPEWS:
1. Looked up SPEWS database.
2. Tried to contact the Company listed in our block as a SPAMMER.
3. Discovered Company didn't exist.
4. Contacted ISP to find out why we were being blocked.
5. Discovered ISP wasn't doing business with the company anymore.
6. The IP address in this block that was listed on SPEWS wasn't even assigned to anyone.
7. For the hell of it, tried to use the IP address for an SMTP relay. Didn't work.
8. Tried contacting SPEWS (HAHAHAHAHAHAHA) on the newsgroups, for about a year.
9. Gave up.
10. Half a Year later was removed from the list.
If any administrators are reading this and think SPEWS is worthwhile... please quit and get a job in Marketing. Thanks.
Re:SPEWS == the wrong way (Score:3, Interesting)
Re:The problem with lists like SPEWS... (Score:5, Interesting)
NAC.net harbors known spammers [google.com], despite repeated spam runs and subsequent complaints. This means that nac.net is not a "good supporter of internet society".
Re:The problem with lists like SPEWS... (Score:2, Informative)
Re:The problem with lists like SPEWS... (Score:3, Funny)
Re:The problem with lists like SPEWS... (Score:5, Insightful)
Oh, for FUCK'S SAKE, stop missing the point, would you?!
Sorry, I'm getting a bit pissed off with this topic.
Look, it's nice that you think you have free choice, but the innocent people who are on that list do not have any choice in the matter. And the people they're trying to stay in touch with might also have no choice but to use the list, if it's company policy, or if their ISP uses it.
THIS IS A PROBLEM. You can claim it doesn't exist till the cows come home, but it will still be there.
Re:The problem with lists like SPEWS... (Score:4, Insightful)
So, instead of having the choice to simply delete/filter the spam I receive, I have to start the arduous task of webmail/smarthost/ISP hopping?
This cure is definitely worse than the disesase.
Re:The problem with lists like SPEWS... (Score:4, Insightful)
Only if you do business with people who do business with spammers. If you don't, you won't have this problem. Even if you do, finding a new ISP or smarthost is a five minute job. Whereas deleting and filtering spam takes millions of people a significant amount of time every single day.
I think it's a fine cure. It raises the cost of doing business with spammers, which is ultimately the only real way this problem will ever be solved.
That's funny (Score:4, Insightful)
5 minutes? Sure, then contact me, and I'll pay you for 5 minute's work of work to move all of my co-located servers to a new ISP. You have no idea what you're talking about.
Re:That's funny (Score:3, Informative)
Re:The problem with lists like SPEWS... (Score:4, Insightful)
I think you've failed to grasp how many people were suffering from the "disease" of the spammer on your network. Those people no longer have to worry about the spammer on your network. The fact that you (presumably not a spammer) get your mail rejected from their network (along with the spammer) is not their problem. It's your problem, and you should bloody well make it your ISP's problem.
If you were recieving all the email sent out by the abuser on your network, you'd probably get a better perspective on the scale of the "disease" - and realise that the "cure" in question is a perfectly reasonable one.
BTW: you still have the choice to "simply" delete/filter the spam you receive ;-).
And if you think finding and using a decent webmail provider [fastmail.fm] is arduous, then... well... I think the word "arduous" must mean something very different in your part of the world.
Pete.Re:The problem with lists like SPEWS... (Score:3, Insightful)
1) Network's infrastructural problems due to heavy traffic caused by spam. To be brutally honest, that is not my problem. I pay my ISP for a service and they pay for their access to national/international feeds. If spam is such a problem, the providers/backbones as large national level entities should fight the spammers by legal and technical means. If they can't, then they should lobby the governments. If it means that my monthly ISP bill wil
Re:The problem with lists like SPEWS... (Score:2, Interesting)
Am I my keeper's brother? (Score:5, Insightful)
I think the black girl behind me at the screening of The Ring said it best. "Get the fuck out of there!"
Everyone loses when you patronize businesses who willingly accept spammers. Don't give them your money. Do it and feel good about yourself and for the good of your subscribers.
Re:Am I my keeper's brother? (Score:3, Insightful)
Re:Am I my keeper's brother? (Score:4, Informative)
Spews will list the IP that their spamtrap received mail from.
Then they will make a complaint to the ISP.
If the ISP ignores complaints, THEN the listing is progressively expanded, but they don't start out by listing a whole block.
Re:Am I my keeper's brother? (Score:4, Informative)
Actually, this part is incorrect. Spews (and several other blacklist providers) don't even bother to notify the ISP before listing (or after for that matter). In spews particular case they don't send ANY email at all (you can't email them either).
More accurately... (Score:5, Informative)
SPEWS as an organization does not send mail, however the people who are behind SPEWS DO send LARTs to the responsible hosting providers for the spams that they receive. They just don't identify themselves as SPEWS when they do it. This is so that ISPs will either learn to take ALL complaints seriously (because they can never know when one of the complaints comes from someone at SPEWS) or learn to enjoy their new intranet.
Re:More accurately... (Score:2, Troll)
But will have the effective result of everyone treating SPEWS less seriously.
ISPs have their own processes for dealing with complaints. Sometimes these are inadequate, but SPEWS seems to consider themselves the sole authority on the matter. They are not. They're just a bunch of jumped up nerds with way too much power, and rapidly falling credibility.
Re:More accurately... (Score:5, Insightful)
How long has SPEWS been "in business"
You know, some of us are trying to do legitimate business on the internet. It's not like we have a friggin dialup account and can just pick someone else. The process of moving a business from one provider to another, especially if the provider is co-hosting your servers, is quite involved and usually involves a contract that can't easily be broken without penalties.
SPEWS BLOWS.
Re:More accurately... (Score:3, Informative)
Agreed, look at how hard spammers are fighting against SPEWS.
How long has SPEWS been "in business"
Who literally cannot under any circumstances? I am not SPEWS, but I've never seen one.
You know, some of us are trying to do legitimate business on the internet.
Tell me about it.
It's not like we have a friggin dialup account a
Re:Sue them (Score:3, Informative)
The identity, location, and contact information for SPEWS is easily to determine:
Re:More accurately... (Score:3, Insightful)
Re:Am I my keeper's brother? (Score:4, Interesting)
Re:Am I my keeper's brother? (Score:2)
Re:Am I my keeper's brother? (Score:5, Insightful)
By that logic virtually all the major ISP should be blacklisted and all real users should find little mom and pop operated providers.
Think your logic all the way thru. If I sign up with what appears to be the best provider for me (or even the only one avilable), am I to blame because some stupid git sign up for a free trial and sends out spam? Should the postoffice refuse to deliver mail sendt from your city becuse there is a company there that sends out junkmail?
Blocking off entire subnets may be a "solution" to stopping spam, but so is taking a pair of pliers and cut your networkcable...
Re:Am I my keeper's brother? (Score:4, Insightful)
No. Fortunately, no sane DNSbl (including SPEWS) will list an ISP because "some stupid git signs up for a free trial and sends out spam". ISPs only get listed in SPEWS after refusing to terminate repeat spammers, or sign up a known "block on sight" spammer like Alan Ralsky.
Re: (Score:2, Insightful)
Re:Am I my keeper's brother? (Score:3, Insightful)
Well, let's see. First of all, you are no WORSE off than if they block the /16 or /12 you are on under $BIG_ISP.
/16 blocked, they are FAR more likely to respond and correct t
Secondly, since SPEWS blocks unresponsive ISPs, you can call $SMALL_ISP and raise hell, and likely be listened to far more than if you call $BIG_ISP and raise hell.
Third, since $SMALL_ISP is more likely to be SEVERELY effected by having a
Re:Am I my keeper's brother? (Score:4, Insightful)
Not particularly, but what's my alternative? Buy myself out of the contract I have with my ISP? Then pay another ISP a "setup fee" along with entering into another contract, just so in a few months I can repeat the whole process when THEY get listed by SPEWS? Some of us (and I'm talking about small businesses here, not home users) can't afford to just throw away thousands or tens of thousands of dollars because our ISP hosts spammers.
Re:Am I my keeper's brother? (Score:3, Insightful)
Maybe if I'm a large webhost buying multiple DS-3s, or a multi-site company that is building a fairly large voice/data WAN, I have that kind of bargaining power. Nobody is going to expose themselves to the liability you suggest above (i.e. penalties) for a sin
As a small webhost (Score:5, Informative)
Level 2 (Score:5, Interesting)
But, from the SPEWS FAQ, The Level 2 list
Re:Level 2 (Score:3, Informative)
SPEWS does not recommend that level 2 listings be used for filtering, but they don't disallow it because
Re:Level 2 (Score:5, Interesting)
You're right. A more accurate phrase would have been "ISPs who cannot afford a critical mass of false positives do not block on level 2 listings."
That's the majority of ISPs, and certainly all of the big ones. Very few block on level 2 listings.
Small ISPs or people like me who run an SMTP server for less than ten people (who really hate spam and are willing to deal with some false positives) have thought about it and are willing to reject inbound email from entire netblocks that are owned by sleazeballs who take money from spammers, even if it means a half dozen false positives a year. We block about 200 spams a day using a combo of spews, ordb, and spamcop, so it's definitely worth it. If that makes life difficult for the sleazeballs who take money from spammers, fine. If it encourages their legit customers to get pissed off enough to threaten to move elsewhere and stop giving the sleazeball ISP their money, that's great too. I love the fine spam-haters at DSL Reports, but they need to realize that they're pissed off at SPEWS because their ISP is hosting spammers. If they want to ignore that and place the blame totally on SPEWS, then I'm willing to chide them by bouncing any email they send my way for a little while.
I like SPEWS and it's my choice as to whether to use it or not. Nobody else has to like it and nobody else has to use SPEWS if they don't want to.
Level 2 listing, (Score:5, Informative)
SPEWS/spews.org: 209.123.109/24: 553 SPEWS2 [2] nac, see http://spews.org/ask.cgi?S2814
from the SPEWS FAQ
Q22: What is Level 2?
A22: This includes all of Level 1, plus anyone who is spam-friendly, supporting spammers, or highly suspicious, but not blatant enough to be included in the Level 1 list yet. If it becomes obvious that someone at Level 2 has become a real problem, they will be escalated to Level 1 after some attempt at education. The Level 2 list will have some inadvertent blocking (non-spammer IP addresses listed), but can still be used by small ISPs or individuals who want a stricter level of blocking/filtering. By having a two tiered list, you can make the hardcore spamfighters happy; those who want to block first and ask questions later. Also, a listing in the Level 2 list may exert a bit of pressure on spam friendly sites and may keep them from turning totally bad - but that is not really the point, stopping spam is. (note: a Level value of "0" means that area is not listed)
They didn't block it (Score:5, Informative)
1) your mail server is NOT BlackListed! If you look at the listing it is at level 2 the [2] means level 2. Read the SPEWS FAQ. No one blocks on level 2 listings.
Level 2 listings are netblocks which are watched carefully for evidence of abuse, usually because the adjoining netblocks are in use by spammers, and because the provider (NAC in this case) is ignoring complaints about the abuse, or is doing nothing to remove the abusers.
2) There is something you CAN do other than rant, which will not do you any good at all; and that is to complain to NAC about their spam-friendly policies. It's NAC's hosting network abusers which is the problem. If the listing is upgraded to level [1] then there will be a problem getting your e-mail out; if this is intollerable, the ONLY solution would be to change providers.
3) If NAC persists (usually for a prolonged period of time) in it's disregard for the rest of the Internet, by allowing our mailboxes to be filled up by their customer's garbage, then many system administrators including myself, will choose to refuse mail from larger and larger portions of NAC's IP-Space, IMHO this is a perfectly reasonable choice. It puts presure on the service provider not to host spammers, something, which in the long run will help stop spam.
Understand, that SPEWS does not block anyone, all they do is make available a list of spam-friendly, and spam-supporting providers. Many systems will choose not to communicate with providers who support spam operations in a direct effort to hurt spammers by denying them access to providers.
Yes I run an ISP, and YES we use SPEWS as one of many BL's we use to eliminate UCE/SPAM from our customer's mailboxes. Spews comes in seccond only to spamhaus.org in it's effectiveness. We receive less than 10 spams/day across a user population of over one thousand. Spews alone is responsible for about 30% of the blocking.
Re:They didn't block it (Score:4, Insightful)
Yes, and if you were using Osirusoft's DNSBL when they decided to shutdown and blocklist the entire Internet it would have accounted for the extra 10 spams a day as well. Of course, you wouldn't be getting any legitimate email either, but collateral damage is the whole point of the story, and makes your statistic a little meaningless. Do you know how many legitimate emails are being blocked? No, of course not, because that's the drawback of DNSBLs; you can't tell whether that SMTP connection you just refused was really spam, or a sales lead from a potential customer that just went elsewhere.
Now, don't get me wrong. I'm a firm believer in the judicious use of RBLs; I use a select few directly with the MTA and have several more adding weighted scores to inbound emails via SpamAssassin. However, it has been my experience that using too many blacklists is a waste of time; the spammers will most likely be on multiple lists anyway and you just increase the chances of getting false positives like DSL Reports. Obviously it's a YMMV issue, but for me SPEWS was also responsible for the vast majority of hits on the webform link I provided in the reject message to capture false positives. Note the past tense; I stopped using SPEWS a *long* time ago because of this, including with SpamAssassin, and I still get no spam in my inbox.
Re:They didn't block it (Score:3, Interesting)
This is my primary problem with SPEWS and those who use it -- they do not publicize the fact that they endorse extreme collateral damage which results in unmeasurable false positives. Go to www.spews.org. Read their entire front page which summarizes SPEWS. No where does it even hint that this i
Re:They didn't block it (Score:2)
I assume, then, that you have a better method for pressuring spam-friendly ISPs to drop their known criminal customers?
Here's an example. Verizon.net. They host a criminal outfit called digitalcable4free.com. This outfit not only spams, but also sells an illegal product. Verizon has yet to terminate these criminals -- apparently Verizon has a polic
Re:They didn't block it (Score:2, Insightful)
Never use blocklists to block (Score:5, Insightful)
Re:Never use blocklists to block (Score:5, Informative)
The problem with just using SpamAssassin is that it's very CPU-intensive. And when the spam's already got onto your mailserver, has already cost you in storage space and bandwidth.
SpamAssassin is good as a second (or third) line of defense, but an RBL is much cheaper from the CPU/bandwidth/storage perspective - hence one or more RBLs is preferable as a first line of defense.
The cool thing about RBLs is the wide selection. Are you happy to block confirmed open relays? No worries [orbs.org]. Do you want to block all of South Korea, as you never recieve legit mail from there? No worries [blackholes.us]. Do you want to block known and thoroughly reprehensible spam gangs that have been booted off three or more ISPs? No worries [spamhaus.org].
And of course there's a variety of other blocklists [rbls.org], all with their own published criteria and standards. No one says which ones you have to use. No one says you have to use any of them.
But the major point is, if you're a target of a blocklist, there's a reason for it (assuming the list admins didn't make a mistake, which does happen very occasionally). And there are always ways you can deal with the listing, ranging from ignoring it to smarthosting email to changing your mailserver IP.
SPEWS are absolutely consistent with their listing criteria, and always have been. If you're not a spammer and you've been included in a netblock listed by SPEWS in Level 1, it is always after your ISP has been repeatedly warned and they've done nothing about the problem spammer.
A SPEWS listing always starts with individual IPs. Beyond that point, it's the ISP's problem.
Pete.Re:this may be stupid, but... (Score:3, Informative)
Am I missing something here?
Yes. Blocklists can reject the message as the SMTP protocol level. It's possible to literally drop the TCP/IP link before even the first headers gets sent. Any content filter solution (header or body of the email) will require receipt of the full message. At that point, the spammer has already wasted your bandwidth resources, and is now going to waste even more of your CPU resources in filtering it.
Problem is using RBLs not just as advisory (Score:3, Insightful)
RBLs should be used as they were intended. As advisory to extra check email against. A good idea is to add RBLs to e.g. spamassasin and assign them a +2 score. Then you can take into account other things, like the headers and body of the email to determine if it actually counts as spam. That works very well. But blocking all email just because it comes from a certain IP on some random RBL is stupid.
Re:Problem is using RBLs not just as advisory (Score:2)
I definitely block email to postmaster based on spam block lists. Otherwise, I get piles of spam to it.
Anyone who really needs to get ahold of me can use my phone number.
Switch hosts (Score:2, Insightful)
By hosting on NAC.net, they are providing support for an ISP that supports spammers where it counts -- in the pocketbook, with money.
Find a new host and quit whining.
Change providers or put up with it (Score:5, Insightful)
That being said, netblocks get listed for a reason. SPEWS does a pretty good job at providing a history of abuse. If this proves to be true, then you should choose a different provider - I wouldn't want my money going to someone supportive of spam operations.
A couple of clarifications (Score:5, Insightful)
- dslreports.com has address 209.123.109.175. That address only appears in a level 2 listing. Very few people use level 2 listings, the "real" SPEWS are the level 1 addresses. What level 2 really means, is explained in their FAQ [spews.org] (Q22).
- SPEWS did not add dslreports.com to their blacklist (search the linked page for dslreports, it's not mentioned). This does not make it less annoying for the owners of dslreports.com obviously, but there are differences. E.g., if a spammers moves, the blacklisting will be moved too, for dslreports.com it obviously wouldn't (no, that doesn't mean I think dslreports should simply move and shut up, I know things like that cost money).
- The blacklist that SPEWS publishes is an *opinion*. Everyone is free to follow their opinion or not and use it to (over-)protect their property or not. If an ISP uses it (or any other blacklist) and doesn't clearly inform its customers about that fact, then this ISP is at fault.
Nevertheless, I completely agree it's sad that the spammer situation has gotten so much out of hand that people resort to this kind of carpet-blacklisting to try to force ISP's to stop their spam support (as larger ip-blocks are only added when an ISP refuses to remove its spammers, or starts moving them around to non-blacklisted IP-addresses).It's however pretty much the last resort that other people have to do anything about it. If an ISP does not experience any significant harm from hosting spammers (and in facts profits largely from it) and does not want to remove them because it's the right thing to do, what else can you do to tell the ISP to FOAD if you don't want to become a vigilante?
(putting on asbestos suit)
Positive discrimination (Score:5, Insightful)
The point is, blocking a sizeable portion of the ISPs IP range inconveniences them and their non-spammy customers. It encourages them (if nothing else) to take responsibility instead of going for the cheap buck. If blocking wide-ranging ISP IP ranges means that they wake up and stop hosting spammers (or implement stricter controls) then surely that's a good thing in the grand scheme of things.
Re:Positive discrimination (Score:2)
Plus, SPEWS doesn't block anyone. SPEWS provide listing of IP addresses ranges used by spam operations. It is then under the reponsibility of the individual email admins to either implement and enforce the blocks, or not. Many don'
Nobody seems to understand spews (Score:5, Insightful)
I see lots of comments in the forum like 'spews blocked my server'. Spews did no such thing. Spews is listing their provider. That's what spews does. They list providers. Spam friendly providers.
When your provider is listed by spews, it's time to move away. You are supporting your provider, which is supporting spammers.
When legitimate customers move away, providers will feel that supporting spam costs them real money. They will figure it out sooner or later: the community hates spam. Really, really hates it. And the community will hate you for not hating spam.
Re:Nobody seems to understand spews (Score:5, Insightful)
When legitimate customers move away, providers will feel that supporting spam costs them real money.
What you may not realise is that moving elsewhere costs US real money. Money not all of us can easily afford.
Telling people to switch ISPs because their current one is suspected of harboring spammers is like telling the people of Iraq (pre-invasion, obviously) to move away because their country was suspected of harboring terrorists. Easy to say, but far more difficult to put into practice. And the end result is that when the bombs start falling, innocent people get hurt.
Re:Nobody seems to understand spews (Score:2)
The comparison with Iraq is plain wrong - customers can influence their ISP's actions, especially if they act en masse. The only influence an Iraqi citizen could have had on their regime was being the next in line for Saddam's target practice sessions.
Re:Nobody seems to understand spews (Score:4, Informative)
Spews listed samba.org's ISP, and their supporters spewed the same sophistry: that the (non-profit) Samba admins should spend large amounts of time and money switching ISPs and physical hosts. The ISP's record was previously clean, and negotiating those kind of terms is impractical when hosting a small number of machines.
Spews openly admits that they see collateral damage as a positive good. The more non-spamming machines they hit, the happier they are. That's fine, they're happy to list whoever they want.
I just wish more administrators were aware that blocking using Spews is a definite decision to drop legitimate and wanted email. You *will* drop legitimate email, and possibly large quantities of it, if you use Spews. If hurting spammers is more important than getting your own mail, use it!
To judge from the number of complaints we got about people not getting their mailing lists, I don't think many of the admins using Spews were aware of the consequences. Basically everybody we spoke to decided to use less-insane RBLs.
Using a mix of sane RBLs blended through SpamAssassin is probably the way to go these days.
Re:Nobody seems to understand spews (Score:5, Insightful)
They list it on a list that is used to determine which servers to block, for the sole purpose of causing said servers to be blocked.
Since their actions have the aim and result of blocking servers, I think your argument that they're not is somewhat lacking.
When your provider is listed by spews, it's time to move away. You are supporting your provider, which is supporting spammers.
When your provider uses SPEWS it's time to move away. SPEWS blocks too many legitimate emails to be worthwhile. The community hates being blocked as spam a lot more than it hates spam.
Re:Nobody seems to understand spews (Score:2)
Right, you don't understand spews either.
Spews is a boycot list.
Spews is not a list for blocking spam. Spews is a boycot against spam supporting providers. Spews wants the listed providers to clean up their act.
Note that a spam supporting provider is not by definition a large source of spam. They could be, but they meight as well be the hoster of spamvertized websites. And as long as providers are willing to (continue to) host spamvertized sites, spammers will continue to spam.
Blocking Spam = Un-American (Score:5, Funny)
I can't believe what I'm reading on this site today! Targetted advertising or so called "Spam" is a commercial venture that goes to the very heart of a great American capitalist tradition. IT IS YOUR DUTY AS A GOOD CITIZEN TO READ ALL THE SPAM IN YOUR INBOX.
The cold war may be over, but does the term "Economic downturn" mean anything to you? We need Americans to buy herbal remedies (many of which are extraordinarily effective) and penis extenders, to consume, consume, consume before our great country becomes yet another footnote in some future history book, PROBABLY SCRAWLED IN SOME CHINESE PICTOGRAM. Is that what you want? DO YOU? ANSWER ME??
Support your country. Reject communism. Read spam.
Trust, but verify works well here (Score:2, Insightful)
WTF (Score:5, Funny)
-- Nil of Broadband Reports
Them sounds like fighting words to me!
Hmmm, We are also in SPEWS under the same listing (Score:2, Interesting)
Security Forums [security-forums.com] are also hosted in NAC.net so we are also 'SPEWed' which is a pain as it means anyone using an Outblaze related service doesn't get their sign up e-mail and their account will stay inactive. There is nothing you can do to get out of SPEWS, you can just moan about it
We got around the problem by relaying a
The SPEWS philosophy (Score:5, Interesting)
I don't know if the actual newsgroup replies come from people who make decisions with SPEWS, but those replies are amazingly hostile. "Oh, you're blocked? That's because you're on a crummy ISP that allows spammers. You're on a contract and can't switch? Well, you'd better start calling your ISP, because the block on your addresses isn't going away until the spammer adjacent to you does, and maybe not then, because you're a whiner."
(ok, ok, that last part was a bit of hyperbole, but it's not that far off... check dejanews!)
Admittedly, they're not killing anyone, but the tactic of deliberately attacking people who are only tangentially related to your real target is often called 'terrorism'. The consequences here are far less serious, but the fundamental tactic remains the same.... someone is doing something you don't like, and so you hurt a whole lot of people to try to force them to stop. So I don't use SPEWS.
There are a number of other, much saner, blocklists available, and the advent of Bayesian filtering is a VERY big deal. I am personally using a combination of postfix, maildrop, SpamAssassin and bogofilter, and I get amazing results; I only started training about two weeks ago, and the spam I have to deal with has dropped by over 99%. I get 1 or 2 false negatives per day, and I have had only one false positive since I started using this system. It does take a little maintenance, but it's much less annoying and intrusive than the constant attention digging through spam takes.
It is possible, in other words, to do an exceptional job of stopping spam without contributing to a form of terrorism.
Re:The SPEWS philosophy (Score:2)
As for other blocklists - they do the same thing. It is just that SPEWS lists entries earlier - take SPEWS out of the equation and people will start moaning about SpamHaus, SpamCop
Re:The SPEWS philosophy (Score:2)
Only by Bush. Get off the "terrorism" trend, because you just discredit your own arguments that way.
You obviously have absolutely no idea what terrorism is if you believe that crap.
By your incredibly vague definition, there is no such thing as war, as everything qualifie
Unfortunately, I'm all too familiar... (Score:2, Interesting)
Any open proxy list left? (Score:2)
Those are the prime source of spam these days, but they need a quick-acting blocklist.
SPEWS - highest collateral damage of all lists? (Score:2, Interesting)
NAC.net finally got SPEWSed? (Score:2, Informative)
I don't think the SPEWS listing is going to make a big difference. All of NAC.net has been locally blocked on my domain for over a year now, and they're going to stay there until the heat death of the universe or Windows XP is released under the GPL, whichever comes first.
If DSL Reports doesn't like it, they need to get themselves a provi
Don't understand (Score:3, Insightful)
Secondly, I don't understand why people blame SPEWS. All SPEWS does is provide a list of what they think a black-list should be. They are not forcing anyone to use it. They are not a government body or even a standards organisation. They are not trying to trick anyone with false promises or advertising a dangerous product. Obviously the people who are using it agree with its philosophies (ie. collateral damage) and believe that the false positives are worth it to get rid of the spam. ISPs that implement it are businesses first and formost. If they were losing more customers due to complaints about false positives than to complaints about spam they would have disabled it ages ago. As for complaints that SPEWS have too much power, they get the power by people who run ISPs deciding to voluntarily and of their own free will give it to them. They don't dictate terms to anyone, they don't force anyone to use their blacklists. SPEWS is a symptom of the problem not the cause. Just like fevers and boils are often the body's attempt to get rid of the disease. Mighty inconvient but useful. The cause is spammers and ISPs that support them. Managing to wipe out SPEWS is like popping smallpox boils. It does nothing to get rid of the disease. The question is whether SPAM is a disease that SPEWS can get rid of or whether the disease is so severe that the fever is useless and the inconvience was all for naught.
I think the issue is that the problem with spam is so huge that any anti-spam action you take is going to cause problems for someone somewhere. No approach is NOT going to cause problems. Legal approaches either seem to legitimise spam or add more government control and often seem to be useless with little teeth anyway. Technical approaches like changes to email protocols seem to be going no-where quickly and take lots of money and inconvience to implement. If people fustrated with the slow technical changes start implementing different protocols we could end with a Balkanisation of email. Making people pay for each email sent will cause big problems with people who legitimately need to send out mailing lists. End user filtering tends to be more complex than the average user likes and doesn't address the problem that the email still costs money to the ISP (and hence to you). Blacklists tend to cause collateral damage. It's like the solution to any major problem - someone somewhere is going to have to give. Either you allow the government exert more control over the internet, you are willing to spend a lot of money fixing the problem technologically or you accept that blacklists are going to cause collateral damage. What are people willing to sacrifice to get rid of spam, because you are going to have to sacrifice something because it is the legal and technical status quo that allows it to happen. Just like if you want to get rid of pollution, you are going to have to sacrifice something because it is our current way of life that causes the massive pollution problems that exist today.
Personally I think the best approach would be for spammers to all get struck by lightning and suffer in the 7 Hells for the rest of eternity but somehow I doubt that will happen.
Admins vs. Users (Score:4, Informative)
However we quickly got reports form our users about false positives. While my attitude was "Then your friends should switch ISPs", my users were not happy with that response.
After some discussions, I stopped using SPEWS. I may poll it again as an advisory (i.e. marking, but not blocking messages).
However, currently I am polling the Spamhaus SBL and XBL, and me and the users are very, very happy. The XBL catches loads of spam, and we did not have a single false positive.
Alex
SPEWS is Not Anonymous (Score:3, Informative)
TMDA (Score:3, Informative)
Wonderful piece of software that works quite nicely and for small independent mail servers you will not be disappointed.
http://tmda.net/
In case you don't have this running already, that is.
Deliberate abuse by sp (Score:4, Insightful)
This would mean that the spammers would get blacklisted, but much to the spammers glee the anti-spam sites (in this case DSL Reports) also gets blacklisted. It has a double effect of the anti-spam site being blacklisted, plus the anti-spam site (DSL Reports et al) owners arguing for the blacklist hosts (SPEWS) to be more lenient.
It wouldnt suprise me if 'professional spammers' were acting this way to protect their own interests.
A different approach to a block list (Score:3, Informative)
Basically, it's an attempt to use statistical filters (eg Bayesian based ones) to identify what IP's are sending spam. I'm sure that they would love to have more people involved in the collection of data, particularly if they've already trained their client side filters to a high level of accuracy.
Re:A different approach to a block list (Score:4, Insightful)
Looking at all of the broadbased effects that spam has --- added network traffic, open SOCKS proxy exploits, open SMTP relay exploits, trojan host takeovers, lost business time/productivity, added storage allocation --- it really is high time that the standard governing organizations expand the SMTP protocol in to a stack that includes more sophisticated mechanisms to ensure message integrity. A sender verification token of some sort. Be it a PKI check, a site certificate, a challenge/response between sender and receiver mailhost, etc.
Since supposedly the spammers can hide their tracks well perhaps whatever commercial product being spammed should be targeted by the authorities. The websites and entities in question would certainly be less likely to hook up with spammers then I would think.
Re:A different approach to a block list (Score:3, Interesting)
WPBL isn't a filtering tool itself (and hence not an alternative to Spambayes). It's a project aimed at building a list of IP addresses that send good mail and IP addresses that send spam (based on whatever bayesian filtering the client has available). The data collection is automated, so as long as your filter is accurate, then the data uploaded will be too.
It's not about spam, it's about TRUST (Score:5, Insightful)
OK, for those of you who read NANAE, this is old news, but for the rest of you...
I'm a sysadmin who worked very hard to get a /24 listed in SPEWS delisted. The netblock was in the list because a customer of ours decided to provide DNS service to a known and notorious spammer. We earned the listing, period. I killed the bastard, reported the fact, and got the listing lowered to a zero, historical. In the process of doing that job, I learned a lot about the whole blocklist thing and realized that even the operators didn't see what they are really doing. They think it's about spam. Wrong.
Follow along with me a moment, and you'll see why I think this way. First, the Internet is, by definition, a "network of networks", a large anarchy run by a very large number of system administrators (greater than 10,000) who make private decisions about who and how they allow to access their bandwidth, systems, and services. The Internet Society and its sub-units provide a forum to publish community notes, the Requests for Comments, which are nothing more and nothing less than agreements for how to play nice in this employee-owned swimming pool.
The Internet community has decided on standards of behavior, and each system operator trusts every other system operator in the pool to conform to the rules of society, and to ensure that the users conform to the community rules -- not unlike CC&Rs in a neighborhood development that form part of the purchase contract of many homes and condominiums. Some operators have become lax in their expected enforcement of the rules on particularly not-nice people, the ones who break the rules in order to win money, or some other benefit. There are enough of these Internet con men out there that the community coined a word to describe them: "spammers."
Back in the NSF days, a lapse in administration resulted in disconnection, quick and swift, so the system adminstrators, up and down the line, toed the line to avoid being banished. In the Commercial Internet that replaced the NSF Internet, personal greed gets in the way of this remedy, and so the disdain of social customs is left largely unpunished by the society.
Just about every system operator who runs a mail service with more than three users has been yammered at by those users: "WE WANT LESS SPAM -- DO SOMETHING." Complaints to ISPs who take spammer money go largely ignored, and appeals "upstream" -- to the connection providers and to the Tier One networks -- have also gone largely ignored. So the small administrators started to implement mail filters and blocks on "spammy" IP addresses in the hopes that they can block the crap and thus appease their users.
Spammers countered by having their providers move them around in IP space, and by using techniques to "get around" the content filters. It's become a war, frankly. First there were keyword filters, and so spammers started to "do things" to their messages, like replace the letter 'o' with the digit '0' -- you've all seen the tricks. Hash identification of bulk messages were thwarted by inserting random nonsense text. Learning filters are poisoned by spammers injecting random words. And so on and so on. In addition to these content-based counters, spammers also steal resources of innocent people: open mail relays, open proxies, and hijacked Web scripts like formmail.pl, so that the wrong person gets blames for their flood of commercial feces.
What the block-list people decided is that having each of the 10,000 to 100,000 system administrators deal with this individually was eating up too much time, and there was this nifty thing already in place that could be used to reduce the system overhead of id
Re:It's not about spam, it's about TRUST (Score:5, Insightful)
We like to talk about the "good old days" of the internet as "Wild West", but we forget that the town marshal, er, admin, could shoot down anybody who got out of line & send them straight to Boot Hill, no questions asked.
I'm not sure I'd attribute all our problems to the commercialization of the internet more than how the internet was commercialized.
I don't mean this to start some "Soviet Russia" vs "capitalism" flamefest. Many capitalist enterprises have based their success on following rules other than the profit-loss statement. I don't know why a "rules-based" (pun loosely intended), socially-conscious system wouldn't work for an ISP. It might even attract honest customers.
Suck it up. (Score:4, Informative)
I am quite surprised that a forum dedicated to broadband telecommunications can't or won't understand hat.
The Problem with SPEWs... (Score:3, Informative)
Personally I use a spam filter on my e-mail server, but I use Spamhaus, as my primary, which is a much more professionally run list, they remove listing automatically after 90 days without spam complaints (SPEWs generally only removes you after you beg in the newsgroup), actually have e-mail addresses that you can contact them at, and actually target the spammers nets, not blocking class B networks.
I believe that any admin of an ISP that uses SPEWs is really doing a disservice to their customers, who will have a number of e-mail problems from some very large hosting companies.
I'm sure DSL Reports isn't happy (Score:5, Informative)
Perhaps, though, they should talk to the source of the problem instead of complaining about the solution. The problem, after all, isn't that SPEWS listed a spam source network, but that NAC.net is hosting spammers alongside it's legitimate customers. Those customers should make it clear to NAC.net that either the spammers go, NOW, or they'll take their hosting elsewhere, also now.
A More Sensible Solution (Score:4, Insightful)
Block one IP, you block nobody you wanted to because the spammer that sent it doesn't use it anymore. Block one URL and you've just blocked dozens if not hundreds of spams regardless of who's advertising it.
Includes source for automating the process as much as possible [icarusindie.com]
It takes just a few minutes to go through any number of e-mails and remove all the legitimate domains that were linked to and then to update the Mercury Mail rule file.
SPEWS is retarded and counterproductive. IPs are a finite resource and are reused constantly. You cannot realisticly block spammers by blocking IPs. SPEWS has probably done more damage to the internet by it's idiocy than spammers have. It's about time some of the businesses that are being hurt by them form a class action lawsuit. Or, even better, everyone should just stop using them until they pull their heads out of their asses and start being productive instead of just an internet bully.
I found a simple solution that results in getting virtually no spam. And any spam I do get is taken care of on the next update. I have a domain that was getting lots of spams now pointing to a catchall at my home IP. Since I had no legitimate e-mail addresses using that domain it's now a very effective way to preemptivly block links before a spammer tries to use them in a spam sent to one of my real e-mail addresses.
No solution is going to make spam dissappear entirly. The idea is to make it go away as much as possible so it's down to a reasonable level without causing collateral damage. SPEWS has taken the stance to act like an idiot and then blame the ISPs for SPEWS being retarded. There's no excuse or need to block IPs. Especially ones in use by people who have never sent spam.
The best part about blocking links is that the header is meaningless. Every line of it could be forged but if the e-mail contains a link to a blocked domain it will not get through.
Ben
a repost of a post i made at dslreports (Score:3, Informative)
I can understand your frustration at being listed and at the "scorched earth policy" of spews. However, there is ample and damning evidence that your isp, nac, is a MASSIVE spam haus
First piece of evidence:
12 sbl listings (with 3 of the really nasty yellow ones) at www.spamhaus.org
Second piece of evidence: the well mentioned spews listing, which has bucko evidence contained inside.
third piece of evidence: 1970 listings found at http://groups.google.com/groups?q=nac.net+group:ne ws.admin.net-abuse.sightings&hl=en&lr=&ie=UTF-8&oe =UTF-8&group=news.admin.net-abuse.sightings&sa=G&s coring=d
I think we can all agree, nac has a MASSIVE spam problem and does jack shit about it. So lets move on. BBR obviously doesnt spam, but because you are hosted with a pro spam isp, your being used as human shields by your isp. So what are your options here to get your mail working?
option one: bitch at nac to punt all their spammers, which will cause spews to descalate (yes spews DOES remove entries when spammers are terminated) the listing so your mail doesnt get 550'd. Problem is, nac is likely to not give a shit, and not lift a finger.
option two: smart host your mail with a non spammy isp. There are a variety of ways to do this, and usually its not very expensive. I've leave it up to you (i am sure you guys are fairely clueful in a network sense) on the best way to accomplish this. This is probably the quickest and easiest solution, though the one negative to it is that your still supporting a spam haus, but if that doesnt bother you, then so be it.
option three: the probably least practical solution for you, but morally the best solution. Tell nac to eat shit and die, and move your operations to a non spam haus (and despite what some people are saying, there ARE isps that dont get blacklisted, they agressively nuke any spammer on sight. Spews doesnt list you for one spam, they list you for ignoring repeated spam complaints). On a practical level, i understand this may not be a realistic option for you due to the extreme complexity of moving servers, but i figured i mention it since it is technically possible.
ok, now for my rant directed at the non mail server admins of this forum.
As others has said, spews does NOT directly block your mail.
The mail admin is the one that blocks or doesnt block incoming mail. When he configures the mail server you use, he decides what if any rbls (aka blacklists) he uses. The critera for which rbls he uses depends on management's attitude (assuming its a business server), the admin's stand on spam (is he a rabid block spammers on sight type, or a "screw it, not my inbox or bandwidth" type), and the user base of the server (do the users need to recieve mail from china or south america, or can those countries be blocked with out losing legit mail?).
Spews does not communicate directly with the outside world or provide a method to be communicated with directly for very good reasons. In the past, spammers and spam hauses (verio comes to mind) have sued rbls for completely bullshit reasons. Because spews can and does play hardball with spam hauses, they remain safely anonymous so when spam hauses try to send bullshit lawsuits (aka cartooneys in the anti spam world) to spews; well it doesnt go far when you dont even know who to send the process server to The only way to communicate with spews is by posting on the usenet group NANAE that you've removed the spammers you host. Failure to remove your spammers or lying that you've removed the spammers only gets more and more of your network listed.
People complain about spews listing non spammers along with the spammers. Spews philosophy is similar to the following analogy. Lets say you live in the same apartment complex as the unabomber. People in your town keep getting mail bombs
Your Rights Online (Score:3, Insightful)
Nobody has "the right" to call me at midnight to sell me stuff, or junk fax me, or bang on my door until I open it. Similarly, nobody has "the right" to put an e-mail into my inbox.
Need more blacklists like SPEWS (Score:3, Insightful)
Re:Abuse. (Score:5, Informative)
One spammer buys a few IPs on a block with an ISP, and SPEWS takes out the entire block.
You don't know what you're talking about. As long as the ISP acts to terminate spammers in a reasonable fashion, they don't get listed in SPEWS. It's only after several months of protecting a spammer that an ISP gets added to the block.
Re:Abuse. (Score:2, Interesting)
In fact, they actively support blocking whole netblocks so that innocent people will be affected and (hopefully) take action.
They're vigilantes and thugs, and, they break the trust the email system is founded upon.
Re:Abuse. (Score:4, Insightful)
Of course they do. It's a reputation thing. If they were to list IPs at random, then nobody would use the list. That people do use the list is a sign that they don't act carelessly in listing IPs in there. SPEWS is a little more strict than most lists of this nature, but then some ISPs want that. It's freedom of choice, baby.
Re:Bah... (Score:2)
Yeah, what about the poor spammers who can't send mail from their bulletproof nac.net hosted space?
Re:people are saying spews doesnt block people (Score:3, Informative)
Re:Stuck between a rock and a hard place (Score:2)
Ultimately the usefulness of email itself is being destroyed (hands up anyone who would bother with an inbox receiving 1,000+ junk emails a day) and everyone is having to pay (in terms of higher bandwidth fees) for unwanted and wasteful email traffic.
Oh, Mr Anonymous
Re:Why SPEWS is bad (Score:3, Interesting)
Or, perhaps, enforce their contracts? Most ISPs claim to have a no spam policy, if only to keep them under the radar for a longer period of time. SPEWS helps to urge them to enforce that clause in the service agreement.
And even those few ISPs who say nothing about spam usually specify that they can terminate service at any time for any reason - thus, cutting off a spammer is well with