Domain: openrbl.org
Stories and comments across the archive that link to openrbl.org.
Comments · 32
-
Re:De-standardize, and make it worthwhile.
There's already a few mail reputation systems:
Mail Abuse Prevention System
And there's also a generic checklist for all anti-spam ideas:
Anti-Spam Solutions Checklist -
DO NOT USE BLARS :o)
Whatever you do, DO NOT USE BLARS he runs a pretty mean black list, so bad that he his website probably got pulled or he was forced to pull it
if you happen to be the mail admin i would suggest checking out mxtoolbox.com -
Some other zones
-
Re:I've run 2 ISP's, starting my third...
not really, his IP is not listed in any important blocks according to openrbl. Mail should get out normally
... unless there's something fisy with his domain name... but the IP itself looks perfectly fine for SMTP usage. -
The point of these databases/lists
Firstly, by calling MAPS "out of date, or insecure and flawed" is flawed logic -- if that statement were true, then MAPS just wouldn't get the wide-spread usage that it does. The fact that many SMTP server administrators are using the MAPS database to block known spammers indicates that their criteria for listings is one that these administrators agree with.
Secondly, the MAPS database has criteria that is in many ways similar to other DNSBLs (MAPS is a "DNSBL"), while it also differs greatly from many others. If you take the time to understand even the most popular DNSBLs in use today (see http://www.openrbl.org/ for a short list of approximately 30), then you'll see that the criteria varies widely -- some list only single IPs, some list entire netblocks, some list internet domain names, etc., and then the reasons for being listed and de-listed add even more complexity to any sort of a comparison.
Thirdly, each SMTP server is governed by different policies, and the administrators/owners of those systems are the ones who decide which criteria (or no criteria) is appropriate for reducing/eliminating spam. So to assume that a DNSBL is somehow controlling eMail on the internet is completely incorrect -- it is the SMTP server administrators who are in control of their own systems, and have every right to choose to use "delegation of authority" (and can just as easily stop using a DNSBL). A competent administrator can usually make such policy decisions take effect in a matter of seconds, and is accountable only to the users who pay them for spam-free eMail service.
Anyway, waving a big red flag around in an attempt to gain sympathy from others is always a complete waste of time because DNSBL operators generally have a reputation for not making exceptions to their rules (that's why people tend to trust and rely on them). This is an example of good management (and it's not really suprising because good management skills tend to come from those with a strong sense of clarity; one of the most essential requirements for running a successful DNSBL).
The main point of a DNSBL is to put pressure on ISPs who don't take the spam problem seriously. If your eMail is blocked because your IP address is listed in a DNSBL, then the very best course of action you can take is to demand that your ISP get the listing resolved (and provide a discount until your eMails are no longer blocked), or switch to a better ISP who does take the spam problem seriously (or just put up with it the way it is).
If your ISP directs you to complain to the DNSBL operator, then they're probably just trying to avoid dealing with it themselves. This is the kind of problem that only your ISP can resolve by terminating their spamming customers' accounts, so why should you have to do the dirty work and put your own reputation at risk for their screw-ups?
The fact of life is that as long as there are spammers, there will be spam fighers, and a good number of those spam fighters will operate DNSBLs. Practically all eMail software natively supports DNSBLs these days because customers demand it, and trying to change a DNSBL just because it's inconvenient to you isn't going to help anyone in the long run.
Eventually, the internet will become divided into two factions, the spam-friendly, and the anti-spam, if more people don't fight back (I believe it's already happening to some extent today). Take a look at this article for a more complete view on this slowly-growing split:
Good-Bye to middle-class ISPs
http://www.inter-corporate.com/spam/classes.html
To become a spam-fighter, an excellent place to get involved is in NANAE, a public newsgroup called "news.admin.net-abuse.email" where many spam-fighters (and a few idiots, clowns, stalkers, etc.) post regularly. Many victims of spam (including those who find their eMail blocked) also regularly ask for help, and there are many helpful people t -
Re:For example
The cracks.am domain sure is registered in Armenia. But the www.cracks.am website has an IP address assigned to an ISP in Sealand, not Armenia.
Look it up: http://www.openrbl.org/ip/217/64/35/211.whois.htm
. -
Re:What is the best way to stop this?
- ISPs (and any other business that gives a workstation a "real" IP address) need to block egress port 25. Comcast is going to be doing this soon, others should soon follow suit. This plugs the zombies.
- IP addresses that continue to send spam will be blacklisted. With the zombies effectively out of the loop this will become easier (albeit never quite perfect).
- SPF and other authentication schemes need to be adopted to prevent "spoofing" and so called "Joe jobs".
- E-mail providers (including small companies) need to deploy mature e-mail systems for their users. In 1995 it was fine to accept e-mail from anyone on port 25, with no authentication and no encryption. In 2004, remote clients need to have an SSL connection available (both for sending mail and accessing inboxes), and must require authentication before accepting initial mail submission (SMTP+TLS+AUTH). Not only is this more secure, but it also addresses the issues always raised by blocking egress port 25 and deploying SPF.
Appendix:
SMTP+TLS+AUTH is not that tough, no whining. All modern mail clients support it, on all platforms. There is a little bit of work to do on the server end, but that's what you pay your ISP (or IT department) for: -
Re:How to tell?
Is there an easy way to tell if your own computer is a zombie spambot?
Yes, there is! If your IP is sending spam, believe me, we will have noticed via our extensive spam traps. Just query your IP at OpenRBL or at dnsstuff to see if you're blocked due to spam received from your IP.
Note that you can also appear on blocklists for various other reasons. So look into why you're blocked. If you're listed on AHBL, CBL, SpamCop, WPBL for example then your host is probably infected. -
Spamcop is least of Richter's worries
I think it's kind of stupid for Richter to sue Spamcop. Scott Richter's "WholesaleBandwidth, Inc." is responsible for a ton of spamming, and he's being appropriately blocked for it. For example, look up 69.6.21.150 at OpenRBL to see just how fscked Richter is. You don't appear on 14 blocklists unless you are a spammer.
-
Re:More Details
-
Re:More Details
-
Re:More Details
-
Re:More Details
-
Re:More Details
-
Re:More Details
-
Re:More Details
-
Re:More Details
Looks like your domain being suspended might just be the beginning of your problems.
You appear to be listed on four blocklists.
You might want to keep a closer eye on your customers in the future... -
Check your status....
-
How about my old hardware?
How is my older hardware (or even pretty recent hardware on a huge ISP, with lots of SMTP activity) supposed to be able to handle this? Bah. It seems to me that adding computational difficulty is not such a great way to combat spam. Do you have any idea how effective IP blocklists and statistical filters alone are? (Or, you could combine them as this project is doings).
-
Re:What about netstat?
Note that OpenRBL is back up, using a distributed proxy system to weather the DDOS (which I'm currently trying to find more info about, it is technically very interesting). You can search spamhaus records (among many others) from there.
-
Re:The Heavy Hitters Are Still AroundYeah, but look at OpenRBL, DSBL references them..
-
Re:Distrustful of Network Level Censorship
Spam control with RBLs is, in fact, decentralized. There are many RBLs to choose from, and any that are too severe will not be used for long if they generate too many false positives. As a system admin, I have my choice. I use 4 RBLs right now:
- spamhaus.relays.osirusoft.com
(this is a mirror of the Spamhaus Block List) Well known spam operations, and is checked hourly. - dialups.relays.osiruSoft.com
(details at OsiruSoft) This list is of DHCP IP addresses of home users (DSL, cable, dial up). - dnsbl.njabl.org
(extensive details of what's on this list) - rbl.restongeek.com
I maintain this one myself for anything I want all my servers, primary and backup MX, to block
/. journal for a sample report). If I start to think maybe one of these lists is a little too severe, or someone lets me know that there are problems with one or more of the lists, I will delete it and pick another. Or maybe not. It is my choice, I want to keep down the spam on my system, for my sake as well as my clients'. - spamhaus.relays.osirusoft.com
-
Re:Just got this from Internap:Flirzan, just wondering, why do you host with Internap? Are you a spammer?
-
The man knows his html...
Come on, the timecube guy is obviously a master at modern UI deign and html layout.
:-)
Seriously though, here are some sites whose design I like:
Sweetcode
Mathworld
openrbl.org
perldoc
Paul Borke's website
the Joel On Software forums
the Tech Report (a debatable choice, but the best of its type)
Dmitry's Design Lab
-
Re:Out of contestDigital Impact is not a "known spammer". Everything they send out has clear and effective unsubscribe methods.
Can you prove it's effective? Hell, "make penis now boobies here" spam has clear unsubscribe methods.
If DI/m0.net aren't spammers, why haven't they gotten out of the blacklists they are in? Why the complaints on usenet
Why did I get an email bounce
23:36:06 Wirehub! Internet DNSBL 209.11.164.116 microsoft2003launch@email.microsoft.comI don't recall signing up for product launch emails. In fact, the only reason MS has my main home address is for their security bulletins. My profile on MS's site only has this option ticked. I doubt that email from microsoft2003launch@email.microsoft.com is a security bulletin. Ironically, if MS had mailed it from their own IP space, it would have reached my inbox.
-
Re:datacommarketing.com
They're on a lot of blacklists: Choose from one of the following
http://openrbl.org/ip/65/242/117/50.htm
dave -
Re:Simple Solution for ISPs
My ISP does block outbound port 25. The problem is that they still end up in the RBL Lists all the time as a multi-hop spam relay. All blocking outbound port 25 does is prevent people like me from running a legit amateur mail server.
At least my ISP doesn't block inbound port 25 too, like some others do!
-Ben
PS: I can still set a static SMTP route, but things such as mail bouncing, etc don't work properly in this situation. -
Re:More proof that this guy is a moron...
People like searchking should be lined up and shot next to all the spammers
Funny you should mention that, there's a post at Lawmeme
:First, according to OpenRBL SearchKing either IS, or is affiliated with, Mach 10 Hosting, a known spammer. I have to wonder if Bob Massa is in fact the owner of, or a principal in, Mach 10 Hosting (i.e. a spammer) in addition to being a purveyor of banner ads? I think it's funny that his web site's IP address (209.217.135.144) has a reverse-DNS name of "dave144.mach10hosting.com" instead of any name concerning "searchking.com"...
We can save Bob Massa's bullet and have two for Alan Ralsky
-
Re:If he's annoyed, then it's working.Every one of my email addresses is in some blacklist or another. (And no, I'm not a spammer!) Check out your smtp server's ip address at openrbl.org
If I move to another provider, will they stay off one of the lists for more than a week?
I did find one provider that threatens to charge me something like $1000 if someone accuses me of spamming. Gee, I guess they don't get many spammers (assuming the ISP is telling the truth - all the ISPs have some clause against spamming), but why would I want to run the risk of fighting a $1000 bill if there is some misunderstanding?
-
Re:Spamming for dumbassesFrom a well below current threshold post:
You sir are correct, this is not t0qer this is anoymous coward..
65.89.25.90
Note, this is 1 IP off of his subnet, the rest you'll have to figure out on your own.
Easy: Found the bastard!
Life_Enhancement_Society (NETBLK-BRW-3614-LIFEENHANC)
4551 California Ave. #10
Bakersfield, CA 93309 US
Netname: BRW-3614-LIFEENHANC
Netblock: 65.89.25.0 - 65.89.25.255
Record last updated on 10-Mar-2001.
Dutcher,Les (EVERYTHINGHERESITE-DOM)
7850 White Lane, #E221
Bakersfield, CA 93309
US
Domain Name: EVERYTHINGHERESITE.COM
Administrative Contact:
Dutch, L (LD8015) admin@everythingheresite.com
7850 White Ln E221
Bakersfield, CA 93309
US
661-637-1230 123 123 1234
Billing Contact:
Dutcher, Les (LD7700) mspss@hotmail.com
Dutcher,Les
7850 White Lane, #E221
Bakersfield, CA 93309
661-637-1220 (FAX) 661-637-1230
Record last updated on 07-May-2001.
Record expires on 07-Feb-2003.
Record created on 07-Feb-2001.
Database last updated on 1-Mar-2002 07:48:00 EST.
Domain servers in listed order:
SPOT.EVERYTHINGHERESITE.COM 65.89.25.5
LARRY.EVERYTHINGHERESITE.COM 65.89.25.6
Found the 'fo in this record at SPEWS!
Looks like he's listed all over the place!
Hosted by Broadwank... ugh...
I think I'll bounce his packets too... but anything else done against his network would be wrong... so wrong...
-- I HATE SPAMMERS --
Nice ass on her though! -
Has the server been blacklisted?
Head over to openrbl.org or osirusoft or Sam Spade and see if the server has been listed in any blacklists. If so, that's probably why your mail has been blocked. If not, contact road runner and find out what's up.
-
Re:More fuel for this fire