Slashdot Mirror

If they're going to go after someone in the Detroit area why not Alan Ralsky?

If they're going to go after someone in the Detroit area why not Alan Ralsky?

The SpamHaus xbl contains known open proxies (and open relays too, it's designed for spam blocking). You might want to look at blocking access to IPs on this list. It's updated very frequently, twice per hour I believe, and whilst it's obviously not going to catch everything it's certainly very useful.

The SpamHaus xbl contains known open proxies (and open relays too, it's designed for spam blocking). You might want to look at blocking access to IPs on this list. It's updated very frequently, twice per hour I believe, and whilst it's obviously not going to catch everything it's certainly very useful.

Some have said that 'blanket measures' (such as listing entire countries as spam and abuse sources) taken by the AHBL are wrong, and that only the "bad" ISPs (those harboring spammers) should be targeted for such listing.

I would point out that the "bad" ISP, in this case, IS being targeted. The fact that it is Spain's national ISP is secondary to the fact that Telefonica.es (and its broadband/dialup counterpart, rima-tde.net) is a huge and (apparently) unceasing source of spam, port probes, and other network abuse.

Speaking as a mail server owner/operator, I rank Spain as only a few steps below China, Korea, and other Pacific Rim ISPs as spammer havens and nests of virus-compromised 'spammer zombies.' I've lost count of how many times I've seen spam attempts from IP ranges controlled by Telefonica, Rima, and their clones hit our filters. The abuse flowing from them is responsible for at least 10-15% of the accumulated weekly entries in our reject logs.

I would also like to point out a few other things. First off: NONE of the DNSBLs, such as AHBL, SPEWS, or Steve Linford's Spamhaus actively block ANYone.

What DNSBLs do is publish AN OPINION, in the form of their listings of IP addresses or address ranges, as to which parts of the Internet are supportive of spammers and network abuse. It is up to EACH INDIVIDUAL SYSADMIN, or anyone else who connects to the Internet, to choose whether to believe that opinion by configuring (or not) their equipment to check incoming mail-transfer requests against said DNSBL.

Let me say it again: DNSBLs, BY THEMSELVES, DO NOT BLOCK E-MAIL OR ANY OTHER TRAFFIC! SYSADMINS DO.

Yes, SysAdmins. Those like myself, who are fed up with the unending abuse of our private property by spammers, abuse that is supported by unethical or uncaring ISPs who, apparently, don't give an aerial intercourse through a toroidal pastry what their users do as long as said user's check doesn't bounce.

I'm currenly using the DNSBLs compiled and mainted by Spamhaus, and several from Blackholes.us to help protect our tiny little corner of the 'net from spammers. No one compelled, ordered, cajoled, coerced, bullied, or hassled me into using any of them. I chose to do so because of the positive things said about them by other SysAdmins, and because my own experiments revealed an 80%+ drop in our spam load received once I implemented their use by our servers.

Am I blocking entire countries? Yes, several. China, Korea, Taiwan, Hong Kong, south America (the 200/8 subnet, to be exact), pretty much every IP range controlled by LACNIC, most of France, and the .ru top-level domain (just to name a few) have all made it into my local 'Deny' lists, all because I never seem to get anything but spam and other abuse from all of them.

My servers, my bandwidth, my rules. And it's just exactly that simple for anyone else who connects to the 'net, no matter if they're an AOL user, trying to protect their single E-mail box, or the CTO of a worldwide conglomerate with 100,000+ E-mail boxes to worry about.

Telefonica got themselves into this mess by ignoring spam complaints. They have no one but themselves to blame if other admins choose to drop packets from them, no matter if they're doing it with their own local list or with the AHBL's help.

If the AHBL thinks listing the entirety of Telefonica will get their attention, and perhaps give them some badly-needed motivation to clean up their act, great!

One other thing. Slashdot posed the question at the beginning of this article "...or has something gone terribly wrong?"

Yes, it has. Spammers are still being allowed to abuse a resource that anyone, from a three-year old kid to a century-old adult, should be able to enjoy WITHOUT THE THREAT of losing their inbox to spam.

That sure seems "terribly wrong" to me.

Yep, I have the same prob but hope help is on the way, have your ISP look at:

https://www.bondedsender.com/

or

http://www.spamhaus.org/tld/index.html

Second one run by Spamhaus seems good. There's a comment board here, but most posters don't seem to get how it works... or have bothered to read the FAQ... hey sounds like Slashdot! ;->

cb1

Only half? Over 80% of my spam comes from the USA (and this is not a thumbsuck, I've saved and studied all my spam received over many months).

Take a look at this "top spammers" list: http://www.spamhaus.org/rokso/. One country stands out as the clear leader. China hardly features, and "Sub-Saharan Africa" doesn't feature at all.

Time to block the USA?

it seems like all it takes is one dimbulb somewhere to decide (usually erroneously) that something is spam, and one of our hosts will wind up on the spamcop list. They've really gone around the bend.

Also consider the SpamHaus Block List which targets known spam operations (details on their ROKSO list).

it seems like all it takes is one dimbulb somewhere to decide (usually erroneously) that something is spam, and one of our hosts will wind up on the spamcop list. They've really gone around the bend.

Also consider the SpamHaus Block List which targets known spam operations (details on their ROKSO list).

• (as far as open relays go, I'm sure that spammers have an equal-opportunity policy regarding countries of origin.
• Statistics show that about 33% of the world's users are in the US, so that might be more likely)

• (as far as open relays go, I'm sure that spammers have an equal-opportunity policy regarding countries of origin.
• Statistics show that about 33% of the world's users are in the US, so that might be more likely)

there was an article on slashdot a while ago. so it must be true!

Joking aside, have a look at the list of Top 10 spammers

1: Alan Ralsky, U.S.A. (Michigan)
2: Scott Richter, U.S.A. (Colorado)
3: Alexey Panov, Germany
4: Tony Banks, U.S.A. (Missouri)
5: Chris Smith, U.S.A. (Minnesota)
6: Eddy Marin, U.S.A. (Florida)
7: Eric Reinertsen, U.S.A. (Florida)
8: Juan Garavaglia, Argentina
9: lmihosting.com, U.S.A.
10:Robert Soloway, U.S.A. (Oregon)

Spamhaus sez NOT LEGIT - I'll belive them. Time to toast MV Communications I guess. Adios spammy.

A really nice DUL-like system with almost no false postives is the Spamhaus XBL, it catches stuff that traces to these ATRIKS scumbags all the time.

A really nice DUL-like system with almost no false postives is the Spamhaus XBL, it catches stuff that traces to these ATRIKS scumbags all the time.

In addition, Atriks' own policy insures that they will NEVER pay you.

Believe me, this news hits slashdot late. The folks at your ISP almost certainly are aware of Atriks, and its owner Brian Harberstroh by now, and if not, you can point them to THIS. Spamhaus does not add listings to ROKSO until after a spammer has had three documented terminations. In fact it often takes several before one can get three which are documented, as most ISPs don't announce when they've terminated a spammer.

--Og

This article misses a few key points that are summed up nicely here (requires a click to accept policy and then REFOLLOW the link).The link to Spamhaus provided includes not only a brief description of his transgressions, but addresses from his domain registry etc. The one thing to remember about this person is that he has been careful to follow the first rule of spammers for years.

Rule 1: Spammers lie
Take a look at a few of his quotes here

An old BBC article on him is what scares me. "We are very excited [about the new CAN-SPAM law]," said Scott Richter, the president of OptInRealBig, an e-mail marketing firm in Westminster, Colo. "All of our clients had been worried about the California law. In the last two hours we have been booking a lot of orders for January." This guy is the kind of guy that would piss in your pool. Now that he's got the internet, he gets to piss on millions of people at a time.

Regular "white-hat" ISPs won't tolerate spamvertised WWW sites and kick them quite soon. So do many uplinks of smaller ISPs. But anti-spam terms of service seem to stop at backbone level. The German DE-CIX Internet Exchange center, though operated by an institution which is known for successfully fighting against spam, does not forbid spam support or downlinking spam-friendly customers. In fact they can't prevent DE-CIX members from hosting spammers or providing connectivity to other ISPs who do so.

Traceroutes to spammer hosts all over the world show that many spam-friendly ISPs are directly connected to big backbones or even operate them. But why? A backbone or CIX is nothing more than a "better" internet access point. So where is the reason not to enforce anti-spam TOS like any "smaller" ISP? If they did, e. g. Above.net could choose between routing Chinanet and routing Germany, and Alan Ralsky or Scott Richter could host their stuff at bulk friendly intranet access providers or normal ISPs who would kick them. So making a profit out of spam would be much more difficult.

There is a hell of a difference between what you are describing and real spam. Real spam in involves privacy violations, harvesting of addresses, messages sent to randomly generated lists, etc.

Check out The Definition of Spam (according to Spamhaus) and What is spam? (according to spam.abuse.net). The term was originally coined to describe the crap spewed onto USENET. It most certainly was not intended to describe marketing spewed by your ISP, television, newspaper, or the ad boxes on /.

15) Couldn't this be done using a normal example.com type domain instead of creating a TLD?

Yes... but in reality no. In truth, *any* TLD could really be a SLD (second level domain). In fact, many are (example.co.uk). The concept behind TLDs is to differentiate them, and their users - especially in the case of an sTLD (sponsored TLD) - from the internet at large and the other TLDs.

There are also other reasons:

Setting up the system behind .mail as a TLD will also help insure its acceptance and its longevity. It will be an ongoing effort run by a sponsoring organization rather than just a smaller entity. Also, psychology tends to show that "example.com.mail" will be accepted more readily than something like "example.com.this-is-not-spam.com"

Running a system like this on an existing TLD would also bind it to the rules and regulations of that TLD. Each existing TLD has some rules and regulations that are not compatible with the stated rules and regulations of the .mail TLD as it is to be used in anti-spam.

On the technical side, a TLD's infrastructure is also set up to be more robust and attack resistant than a normal domain from the outset. Whenever dealing with spammers, one must expect some level of attack.

Ok, then they need to update their FAQ, question 9 "What does a domain cost and why?":

The use of each domain will cost over US$2000. The price may vary depending on the registrar one uses.

This high cost will insure that most spammers will not bother and attempt to sign up for one, and if they do, it will be a high cost for what will be a very short time period of spamming.

The cost also pays for the much greater than normal vetting procedures places requesting this domain will go though before one is granted to them.

Emphasis mine. Sounds to me like $2000 is the lower limit.

The interesting twist is that companies that comply with the US CAN-SPAM act - which SpamHaus opposed due to the legalization of bulk unsolicited commercial e-mail - would not be eligibile to register a .mail address.

Peter

I think you need to read the proposal more carefully and to look at the less formally worded materials at Spamhaus regarding the plan for use of the TLD. It is inaccurate to look at this as a means of fighting spam, much less a FUSSP because it is in fact a way to address the issues of legitimate mail getting caught by various imperfect approaches to spam detection.

Because it is designed to provide a sort of 'bus lane' for mail servers whose operators are willing to meet the rather stringent conditions and the hefty price of a domain in the TLD to get their mail servers into the TLD, it does not require universal acceptance. It also has literally NOTHING to do with SMTP headers , is designed to be useless as a pure whitelist (eliminating the related objections,) does not depend on spammer honesty, is totally unrelated to the lack of a central controlling authority for email, and is significantly resistant to 'joe jobs' and identity theft for the entities with .mail domains because any mail not coming from their .mail machines would be readily repudiable.

In short, your comment might have deserved the 'funny' moderation if you were the first person to come up with a checklist response, but all you have really shown is that you did not bother to dig any deeper than the rather misleading /. blurb.

SPEWS has always been anonymous, they didn't "go anonymous".
If NANOG would block CHINANET, KRNET, and a few rogue providers here (4.0.0.0/8) I think we would see spammers getting discon'ed very quickly, rather than the 2-3 years we see for some. As soon as the spammers are booted, the ISP would get delisted.
The major problem is that ISPs don't have a problem with their IP being blocked outbound on port 25, but blocking their IP space and dropping their routes would give them a lot of problems. Take for instance this listing on SpamHaus. Been listed since Sep 24, 2003. Yet old AlRal has been happily spamming the world for a long time from there.

AlRal and his ilk are the reason why I don't accept packets from APNIC, RIPE, TWNIC, and LATNIC except by whitelisting.

SPEWS has always been anonymous, they didn't "go anonymous".
If NANOG would block CHINANET, KRNET, and a few rogue providers here (4.0.0.0/8) I think we would see spammers getting discon'ed very quickly, rather than the 2-3 years we see for some. As soon as the spammers are booted, the ISP would get delisted.
The major problem is that ISPs don't have a problem with their IP being blocked outbound on port 25, but blocking their IP space and dropping their routes would give them a lot of problems. Take for instance this listing on SpamHaus. Been listed since Sep 24, 2003. Yet old AlRal has been happily spamming the world for a long time from there.

AlRal and his ilk are the reason why I don't accept packets from APNIC, RIPE, TWNIC, and LATNIC except by whitelisting.

a lot of it comes off American shores..

Define "a lot".

Most spam comes from INSIDE the US, not outside.

Shaw is too busy spamming the rest of the world to care about cooperating with an investigation.


Do you have any evidence to back up that accusation?

I found this(couldn't link directly to the shaw page) at spamhaus, how bad that actually is relative to other ISPs I can't really say.

You can make it even simpler. Don't accept mail from likely abuse sources, from dynamic IP addresses, or from known abusers. Those three blocklists get rid of an enormous amount of my spam.

Taken along with a few select country blocklists (I use China, Taiwan, Hong Kong, Korea, Brazil, and Argentina), you can go from a flood to a trickle in no time. China is a Very Special Case -- they're completely filtered at the borders now. If they ever clean up their act, they may get to pass packets again, but I'm not holding my breath. In the meantime, they can enjoy their shrinking view of the Internet.

Your problems are exactly why real time block lists were created. Some ISPs executives don't care, unless it hurts their bottom line. And if some RBL operators are (or were) over-aggressive about blacklisting an entire block, they probably have been in your shoes. Not that that excuses their behaviour, just makes it understandable.

By the way, Spamhous now has a blocklist of zombie machines, as well as open relays.

I get spam from the #10 guy, but unfortunatly he's recently sold my address so now I get spam from some guy in Lativa as well. While the volume hasn't gone up, the content has changed from being viagra sales to being ads for beastiality. Plus the new spams seem to be harder to filter, loaded with many false html tags trying to get them through. Only 4 emails a day or so make it past the mail filters my ISP uses, but I still don't want that shit in my indox.

Spamhaus reckon less than 200 spam outfits make up 90% of spam. So 6% would be a bit more than a drop in the ocean - and if they get caught and face big fines (or jail time) we could see an even bigger impact.

This is really excellent news - according to Spamhaus.org, 7 of the top 10 (including the top 2) spammers worldwide are from the USA. Looking at the list of the top 200, I'd say about 80% are from the USA. It needs action within the USA to stop this, and for once I can say I really approve of something AOL, MS and Yahoo are doing [don't know much about Earthlink] - See, I'm not biased at all :-))

Today I received 1681 emails, 137 of which are non-spam. Now I have good anti-spam filters, and I probably only opened about 300 of those, but that's still a major pain where it hurts. String 'em up, I say, bring back lynching - mob justice for spammers!

Simon

Just what we need to give the Chiniese people, an unlimited supply of open proxies to use!

Don't you already get enough spam from them?!

they are a major spam haus

As always, Gates has no clue whatsoever and is merely reitterating 10-year old ideas to the general public. How exactly is this news?

I, for one, am utterly convinced that no anti-spam measure will work that does not target the spammers themselves. They will find ways around any and all technological measures - there just is too much money in the business for them not to.
Yes, that means we need laws. Get over your stupid american "weee, government baaaad" attitude. I haven't yet heard a convincing argument why laws against theft and rape are bad, and while both problems persist they are at a manageable level.

More important than the laws is that they're actually enforced, though. I want to see the Top 200 spammers in jail. (actually, I want to see them drawn and quartered, then coated in sugar-water and left for the ants, unless someone can suggest a slower and more painful death; I just realize that this wish isn't realistic)

Aside from that, quite a few third world countries are responsible for a lot of the spam

According to Spamhaus.org, most of the known spammers are from the US, responsible for 90% of the spam.

well as USA is the chief spammer this wont come as much of a suprise
-- -- - - --
Registrant:
WORDOFMOUTHRESEARCH.COM
9805 DUPONT AVE SOUTH
BLOOMINGTON, MN 55431
US

Domain name: WORDOFMOUTHRESEARCH.COM

Administrative Contact:
FEINBERG, ANDREW A.FEINBERG@WORDOFMOUTHRESEARCH.COM
9805 DUPONT AVE SOUTH
BLOOMINGTON, MN 55431
US
+1.9528851917
Technical Contact:
FEINBERG, ANDREW A.FEINBERG@WORDOFMOUTHRESEARCH.COM
9805 DUPONT AVE SOUTH
BLOOMINGTON, MN 55431
US
+1.9528851917

A domain of a spammer listed for level13 was rooted. OR did a spammer root all of this users domains and use them to spam?


p

Large portions of UUNet have been listed by the various anti-spam blacklists, such as Spamhaus, and all of UUNet is blacklisted in SPEWS. These providers are the scum of the Earth. They will delay, misdirect, and outright lie to keep their sweet large contracts with the spammers, at the expense of all their other customers.

Do you want to put your faith in a business that is indirectly lining the pockets of spammers?

The spamhaus website has been listing the USA for a loooong time now as the #1 spam source. It's got the names of the top spammers there too...

Simon

There must be accountability on the web. Period.

Breaking News! Ding Dong, Foonet's Gone!
Perhaps the blackest of the black hat networks is finally gone, raided by the FBI.Foonet [CITHosting] was home of spammers, packet kiddies, script kiddies, carders, and other illegal activities, as documented in the links below.

SPEWS's rapsheet on Foonet
Usenet postings in regards to Foonet
GBLX yanks Foonet's pipe
Foonet hosting carders (credit card thieves) and here
More on foonet's hosting of spammers, and possible traceroute forging
Foonet's Page
theWHIR article

spamhaus, who FooNet have been implicated in DDoSing to oblivion.

But I guess they don't fit into your vision of the FBI being corporate bullies.

But I think someone needs to buy the man a clue about the location of spammers

It's a social problem, not an economical.

Why is the USofA the #1 spam haven of the world? No, it isn't because it has the majority of users, that was 1998, by now Europe has passed the US (it has more population total, so that makes it easier).

The problem of spam will persist until one of two things has happened:

a) it has destroyed e-mail
b) we understand that it's not a technological problem and not an economical problem

We've seen dozens of solutions about how to completely redesign half the Internet so we can pay 0.10 cents per e-mail and get rid of spam... ...for the 3 weeks it takes the spammers to circumvent the system and find loopholes to either send mail for free or at someone elses expense.

I have a simpler solution: Shoot the top-20 spammers. On primetime TV. Not in the head, but somewhere painful and slow.

Spam would drop to pre-1995 levels within 48 hours. If it starts to rise again, shoot another spammer.

We know who they are. Our problem isn't how to deal with spam. Our problem is that we don't deal with the spammers.

Seriously, we must expose who is doing the spamming. Once people are out in the open, they may be less willing to send spam.

But we already know who the big spammers are.

It *is* legal. Were you paying attention when they passed CAN-SPAM? Read what the anti-spammers have to say about it.

will just have to put up with even more American spam in our inboxes

thanks

Aunt Bertha switches on her 2 GHz supercomputer, and hooks up to the Internet with a connection speed that would have rivaled an ISP in the early 1990's. She sees a pretty icon in her inbox, so she points and clicks, unleashing some spammer's latest mass-mailing creation. By the time Bertha goes and gets a triscut, she has already spammed a million Internet neighbours.

Anyone else see why the Internet is full of crap? And if you think it's as easy to control as "blocking port 25" ... ha ha. You wish! The worm only has to send mail via the ISP's outgoing mail server (remember... the one you reminded me "I should be using")

So no, controlling this spam/virus menace isn't quite that easy. Whatever method you use to legitimately send mail, the worms will follow that same method.

I'd like to hear your opinion on how someone raping, torturing and finally killing a child should be punished.

I don't know. I'm not a "law-system in a box". If this is a serious question, give me more details and a day or two and I will give you a well-thought-out personal opinion.

Or Osama Bin Laden for that matter.

To the best of my knowledge, he has not been actually convicted of any crime so far, has he?

or you believe that sending a bunch of 0s and 1s over an Internet connection is the worst crime a human can commit.

No, I don't. But you obviously believe that sending a bunch of guys with boxcutters to the US is.
Spotted the point? It's not what you do, its the impact you have. Raping a young girl is technically (penetration of penis into vagina) the same act as loving sex. Of course it isn't, because technicallities aren't everything. Context and impact are vastly more important.

A single spammer would be a slight annoyance. A million spammers is a disaster.

Nope. Read spamhaus - 200 spammers are responsible for 90% of the spam. Not "a million".

By the same logic that lets you judge spammers by the total damage caused by spam, the RIAA should also be allowed to judge pirates by the total damage caused by piracy. Wouldn't surprise me if they went for the death penalty too.

Me neither. But you cleverly avoided the core of my argument: Spammers damage society as a whole. Their crime is like polution: There'll be a few deaths, but overall, no major damage to any one individual. Just a bit of damage to all of us.

I fail to see how MP3 copying falls into that same category.