Slashdot Mirror

Spamhaus's Register of Known Spam Operations contains quite alot of detail on some known spammers.

Filtering the email is usually more effective because the mail itself follows more determinate patterns, such as key words, obfuscation, originating IP's, fake headers and malformed HTML whereas most of these 'companies' operate from shadey websites that move around alot that are hard and expensive to trace and punish. It's also difficult to prove they had a any direct involvement with the spamming.

(x) Mailing lists and other legitimate email uses would be affected

Not if spam is defined well enough, which I admit is a non-trivial problem.

(x) No one will be able to find the guy or collect the money

See the SpamHaus ROKSO list. Finding them isn't the problem.

(x) Microsoft will not put up with it

Microsoft has already been pursuing legal action against spammers. They're on our side here. Spam costs Hotmail a hell of a lot of money.

(x) The police will not put up with it

This is true, until Congress earmarks funding for it. Sorry, I forgot to specifically mention this requirement in my post.

(x) Lack of centrally controlling authority for email

Legal action doesn't require central authority over e-mail, it only requires authority over the spammer.

(x) Open relays in foreign countries

I shouldn't have said technical solutions are not the answer. Technical solutions are part of the answer. We're already using technical solutions to deal with this problem (RBLs).

(x) Asshats

Have something specific in mind?

(x) Jurisdictional problems

The majority of spammers are in the United States, and foreign governments have agreed to collaborate on this problem (I can't find a link now, but it was mentioned on Slashdot).

(x) Armies of worm riddled broadband-connected Windows boxes

Who controls the armies? Those are the people that would be targeted.

(x) Extreme profitability of spam

Huge fines or jail time would make spam far less profitable.

(x) Joe jobs and/or identity theft

Yeah, maybe. If a spammer can make it look like their spam came from an innocent party, that could be a problem.

(x) Technically illiterate politicians You got me on this one.

(x) Dishonesty on the part of spammers themselves That's part of why what they're doing is illegal.

(x) Outlook Has nothing to do with this.

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical Nobody has allocated funding for it on the scale that would be required.

(x) SMTP headers should not be the subject of legislation Sorry, but I don't agree.

(x) We should be able to talk about Viagra without being censored Absolutely; this is one of the areas where technical solutions have trouble, but a legislative solution would work fine.

(x) I don't want the government reading my email They wouldn't have to.

(x) Killing them that way is not slow and painful enough As I understand it, jail is pretty slow.

(x) Sorry dude, but I don't think it would work. If it doesn't, I'd be interested to see exactly why, and then go from there.

His "Oh, it's not so bad," attitude is unfounded at best and what you might expect from M$ or the DMA as they promote, "legitimate" spam at worst. Spamhaus tells us that there's still a big problem, despite steps that most ISPs have taken. The problem will get worse again as the spammers learn to get around those mostly trivial steps. It won't take much effort to read configuration information on broken Windoze machines and make them point to the ISP's SMTP to send mail like the end user does. In the mean time, the botnet continues spew network clogging spam, and DDOS and we all get to pay the price in slow networks and broken computers. It's not enough to sit smug behind your spam filters while the average user gets creamed. The nasties are strengthened and encouraged by that kind of attitude and they can get still you with a DDoS or Distributed Mailbomb.

Flaws in Microsoft's operating system are what enables the nasties. They have to be corrected or avoided to fix the problem. Until then, the botnet will be both a weapon and profit center at everyone's expense. No, the answer is not "trusted" computing or mail servers that waste your time with MENSA puzzles and collect a penny for Bill. The answer is fixing what's broken. Email works despite it's great abuse by a few idiots.

It depends on how you measure it, but according to the ROSKO list, of the 200 spam operations responsible for 80% of spam in Europe and North America, 120 are from the USA, 13 from Canada, 9 from Russia, 2 from Taiwan, and 4 from China. They just use foreign relays (and increasingly "zombied" Windows PCs with broadband connections). This week's top ten is: USA 5, Russia 4, Brazil 1.

Would US companies be held responsbile for the action that spammers take to spread said company's name?

I don't know - but if they got the spammer's details from an unsolicited email, it would be hard to argue that they didn't know spam was going to be involved.

Whether or not those who commission spam could be prosecuted (for conspiracy, or for aiding and abetting, counselling, or procuring illegal spam) these figures show that a major legal clampdown on spammers purely inside the USA could have a dramatic direct effect.

The indirect effect on other countries would be considerable - especially if similar legislation allowed the worst offenders to be extradited. Preferably to the country with the least pleasant Jails. That might even be the USA, if half of the tales are true...

will they end up suing:

Alan Ralsky
Scott Richter
Alexy Panov
Alex Blood
Robert Soloway

and the rest of the pinheads listed on the Spamhaus Registry of Known Spam Operations? Most of the stuff that I'm seeing is from Panov and Blood, with some dribblings from the rest on my server and the LUG server that I oversee. Shut this group of idiots down and I might see some peace and quiet for a change.

2)Blacklist any server/ip/whatever that sends email to x amount of disabled accounts (I would say x ==5 but any value really would work)
3) Publish said blacklist


Gee, what a great idea

I appreciate all he's done for Gmail, but he can't take credit for their excellent spam filtering. That credit should go to Steve Linford and XBL from the Spamhaus project. As stated before, Gmail uses XBL to filter out spam. Needless to say - the XBL is pretty cool.

I appreciate all he's done for Gmail, but he can't take credit for their excellent spam filtering. That credit should go to Steve Linford and XBL from the Spamhaus project. As stated before, Gmail uses XBL to filter out spam. Needless to say - the XBL is pretty cool.

Non-compliant spam now requires felonies. Multiple felonies. Not just CAN-SPAM violations, but forgery, viruses, theft of service, money laundering, and other clear crimes. Those are things that law enforcement understands.

Remember, there aren't that many spammers. ROKSO says that 200 spammers are responsible for 80% of spam. That's not very many from a law enforcement perspective.

MessageLabs says that spam peaked last year. At peak, 60% of all E-mail was spam. It's down below 50% now. However, it doesn't seem to have decreased since Ralsky was taken down last month.

And although Mr. Ralsky says he is effectively out of business, I trust him and this statement as much as I trust his honorable treatment of email address removal requests - which is no trust at all*. He certainly has backup tapes off site. He also has the means to start right back up - or he should have, considering the money involved. If he doesn't, then he is an idiot, and gets what he deserves. SBC wouldn't go out of business if their bookkeeping computers were seized - same principle here.

I know I expect SourceForge to have backup tapes held off site. If SourceForge and OSDN don't have disaster recovery plans already written and tested - shame on them.

Every business that depends on IT should have a DR plan. Even if law enforcement mistakenly seizes your computers - that doesn't excuse your business from failing. Once you get 'large enough' it is irresponsible to not have a DR plan.

*According to the Spamhaus Project, Mr. Ralsky hosts his email servers in China to evade U.S. law. And as an email administrator, I don't see any evidence that email removal requests result in less spam - quite the opposite, really.

And although Mr. Ralsky says he is effectively out of business, I trust him and this statement as much as I trust his honorable treatment of email address removal requests - which is no trust at all*. He certainly has backup tapes off site. He also has the means to start right back up - or he should have, considering the money involved. If he doesn't, then he is an idiot, and gets what he deserves. SBC wouldn't go out of business if their bookkeeping computers were seized - same principle here.

I know I expect SourceForge to have backup tapes held off site. If SourceForge and OSDN don't have disaster recovery plans already written and tested - shame on them.

Every business that depends on IT should have a DR plan. Even if law enforcement mistakenly seizes your computers - that doesn't excuse your business from failing. Once you get 'large enough' it is irresponsible to not have a DR plan.

*According to the Spamhaus Project, Mr. Ralsky hosts his email servers in China to evade U.S. law. And as an email administrator, I don't see any evidence that email removal requests result in less spam - quite the opposite, really.

Ralksy isn't the worst of the bunch.. perhaps his BIGGEST mistake is actually having some sort of media profile. There are plenty of spammers out there who are even more despicable than him, but it seems that Ralsky is an easy target. Perhaps they should consider going after Robert Soloway or Alec Defrawy next?

I think you need to back that statement up with a source.

http://www.spamhaus.org/rokso/index.lasso

Count the number of times "United States" shows up in that list, relative to other countries.

Perhaps it will cut down on all the spam I get from .ru, .bx, .fr and other domains.

Because the sender address is never faked?

America is the worst offender so us non-americans will hopefully see a nice drop in spam.

No, it would be the end of spam!

For the rest of the world, yes. Of the top 200 spammers, quite a lot are from the USofA...

Oh really?

I hope that burning sensation you feel in your trachea right now doesn't cause you too much discomfort.

Our levels of Spam would suddenly become a fraction of what it is now. No more spam from russia and china.

Ehem...
Top 200 spammers

Psst... lots and lots from the USofA...

No, it would be the end of spam!

You are correct. Of course, if they try to hide the money, you can go after them for it and dig. I know someone who will be filing a suit against Soloway (for spamming), but he will be in line after Braverman and Microsoft -- But he is determined to "make him my bitch."

Even if they are overseas, you can still go after them. I went after Global Web Promotions in a California court. They spent at least $25K tried to fight. I cannot discuss what happened after. They are subject to the jurisdiction that they inject themselfs into.

Here on Slashdot complaining that the map is "flawed" and "why isnt China on the map" and "the map is wrong"

they should face up to it that they really are the worlds biggest spammers and start cracking down on the sites that are spamvertised and the scumbags that send the trash
you would think with all the negativity about Mailinators map people here had something to protect, i guess some people/countries just cant handle the truth, at least the rest of the world can take solace that denial is one of the steps to recovery

This is really an invalid survey because of tunnels and portals that most spammers use. This link gives a far better representation of the overall spam locations in the world. They actually trace backed the mail to its origin to map where it was coming from.
On a side note there are far better services out there similar to mailinator like shortmail.net and pookmail.com that should be checked out.

Of course if people routinely block traffic from certain areas of the world with a high concentration of spammers and the like, then it is going to hurt the honest people who happen to be living in the same neighbourhood as the spammers. It is called "collateral damage" by some military organisations.

It looks as if Florids is high on the list of areas to have all its Internet traffic blocked, if we want to block spammers.

Business Week Are Hurricanes Swamping Spammers? Lots of folks think the hits that the Sunshine State (aka Spam State) have taken slowed the volume. Probably isn't so, though
Spamhaus United States Heads Towards Legalization of Spam
The RegisterFlorida spammers sue anti-spam groups

would be if China blocked inbound USA connections seeing as 80% of the worlds spam originates from there, the numbers are no different for all the other scams either ie Phishing, Malware, Adware , Spyware etc etc

hmmm perhaps the rest-of-the-world should just cut off USA it would probably stop 80% of internet related crime overnight

2 Years ago a space probe crashed on Jupiter, killing my rich uncle....

Hmmmm, yes, let's cut off the country that is the source of all the spam out there. Taking a quick look at the list maintained by Spamhaus here http://www.spamhaus.org/rokso/index.lasso that would be......the Unites States. Of the top 200 listed, noted as being responsible for 80% of the spam on the internet, I see only 4 that are listed as coming from China. Might want to be careful about what you wish for, you might get it. Your US-centric attitude shows you for the bigot you are and it ain't pretty.

Tell me, how often do you have to create a new tagged address, so it's such a burden to add one line to your aliases file? How often do you sign up to new e-mailing lists?

Almost never. I not only use this method for lists, but for website logins. And so far I've never had to actually create an account to disable that came from one of those. I have only done it once where a spammer used a non-existant account from my domain to send spam and I got a small spate of bounce messages. So I wouldn't have gotten the bounce messages, big deal.

And how adding a new filtering rule afterwards when you want to stop that address to deliver is less of a burden than creating a valid address? Keep in mind, your filtering rules will grow bigger and bigger, and they work on *each* e-mail you receive, causing more and more load on the CPU, too, just to process e-mails.

Again, in over a year of using the catch-all account, I have never had to actually put this into practice. I have the option of doing so, which is good enough for me. The management burden of my method is still much less than the approach you advocate, and I continue to dispute, based on my experience, that your assertion that this "happens every other day" is valid.

If you want some real protection, and you control your mailserver, then you should use blocklists, like Spamhaus ( http://www.spamhaus.org/ ), SPEWS (http://www.spews.org/ ), block entire countries that are spam cesspools

I never suggested that you couldn't also use other controls in parallel. My (hosted) mail server runs SpamAssasin, which I believe uses blocklists as well as other methods (I don't admin the whole server but I can manage my hosted account on it).

That would require me to not only create the account on the email server every time I want to sign up for something,

Your method requires creation of filtering rules when you want to disable accounts. Doubtfully less involving than just adding or removing a name into the aliases file.

but then go to my email client and configure it to receive the account as well.

Ever heard of aliases? You can create as many names as you want, and alias them all to be delivered to just one box, which you can check with your e-mail client. No extra configuration is required.

When you live in the real world, you have to make tradeoffs such as these.

When you live in real world, cases like one below happen every other day. E-mail admins stopped to use catch-all addresses YEARS ago, precisely because of such abuses. Your method will give people a lot more of headaches to try to clean up after a dictionary attack against their domains, than it will help them to deal with their daily spam loads. Tell me, how often do you have to create a new tagged address, so it's such a burden to add one line to your aliases file? How often do you sign up to new e-mailing lists? And how adding a new filtering rule afterwards when you want to stop that address to deliver is less of a burden than creating a valid address? Keep in mind, your filtering rules will grow bigger and bigger, and they work on *each* e-mail you receive, causing more and more load on the CPU, too, just to process e-mails. If you want some real protection, and you control your mailserver, then you should use blocklists, like Spamhaus ( http://www.spamhaus.org/ ), SPEWS (http://www.spews.org/ ), block entire countries that are spam cesspools and do not care, like China or Korea, and use your own local blocklist where you can add ISPs that refuse to deal with their spammers who keep bothering you, but are not listed in public blocklists above. That way you can have a pretty manageable 3-5 spams a day (if your e-mail addresses are well-exposed to such places as Usenet or web where spammers harvest their addresses most), or maybe even one-two a week (if you don't show your e-mail addresses too much).

And here is the real life example where your advice fails:

Aug 3 13:27:59 orca sendmail[3984]: j73ARuat003984: [vh@mydomain.tld]... User unknown
Aug 3 13:27:59 orca sendmail[3989]: j73ARuGB003989: [vi@mydomain.tld]... User unknown
Aug 3 13:27:59 orca sendmail[3985]: j73ARuGO003985: [vg@mydomain.tld]... User unknown
Aug 3 13:27:59 orca sendmail[3987]: j73ARu20003987: [vm@mydomain.tld]... User unknown
Aug 3 13:27:59 orca sendmail[3984]: j73ARuat003984: [vn@mydomain.tld]... User unknown
[SEVERAL THOUSANDS OF OTHER REFUSED DICTIONARY ATTACK ADDRESSES SNIPPED]
Aug 3 13:32:41 orca sendmail[4184]: j73AW2eP004184: [iqr@mydomain.tld]... User unknown
Aug 3 13:32:41 orca sendmail[4191]: j73AW3LQ004191: [iqs@mydomain.tld]... User unknown
Aug 3 13:32:41 orca sendmail[4188]: j73AW3lL004188: [iqm@mydomain.tld]... User unknown

Yeah, I agree. Filters are a big part of the problem.
Here's why:

Used to be a spammer could send out 50,000 messages and get three orders of penis enlargment pills.
Then we all started filtering, and the spam wasn't getting through.
To compensate the spammer has to send out 10,000,000 messages to get the same three orders of penis enlargement pills.
Unfortunately they have been able to do it.

For those that are interested here is the reference:
200 Known Spam Operations responsible for 80% of your spam.
80% of spam received by Internet users in North America and Europe can be traced via aliases and addresses, redirects, hosting locations of sites and domains, to a hard-core group of around 200 known spam operations ("spam gangs"), almost all of whom are listed in the ROKSO database. These spam operations consist of an estimated 500-600 professional spammers with ever-changing aliases and domains. http://www.spamhaus.org/rokso/index.lasso

Microsoft as an ISP is taking the money.

U-CAN-SPAM permits AGs and ISPs to sue spammers for money. One of the things which sucks is most ISPs (in the way we think of ISPs) aren't going after them and AGs as well as the FTC serve in bulk mode: get billionz-n-billionz of examples, then ponder going after them.

It's the fault of the DMA, who essentially wrote U-CAN-SPAM. Take a gander at some of these from Jerry Cerasale, of the DMA, on June 16, 2004:

Washington Post...We agree that the consumer should have choice, that they can say 'no' to receiving further e-mail. (IOW, they demand the right for everyone to get one bite at the apple).

ZDNet.com, October 21, 2002..."We're finding that we need to give the consumers the choice to try and allow them to control their inbox, to try and say no, I don't want this, while leaving the medium open for commerce," Cerasale said.

But, Cerasale said, a federal requirement that consumers "opt in" instead of "opt out" of bulk e-mail is unacceptable. "We think the opt-in creates a true noneconomic model," Cerasale said. "We don't believe you get a viable economic model in opt-in."

Interpretation: any law which prevents businesses from making money via email is wrong. And anything which permits inbox owners to avoid getting business-oriented unless they give permission is wrong.

IOW, email serves one purpose and one purpose only: for businesses to make money. Anything impeding that is wrong and anything else is personal consumption and secondary.

But in a contradiction, here's what the DMA has to say about spyware legislation on May 25, 2005:

"The DMA strongly believes that consumers should be in control of their computers..."

Now, DMA, which is it? Do we have control or don't we?

This last quote is the newest. Does it mean they've changed their collective minds? I doubt it I don't think they realized they contradicted themselves. If confronted, they'd backpedal and perform some serious tap dancing in the process.

If you want to collect the loot yourself, set up a server, sell services to your neighbors, and you're in business as an ISP. When the spam rolls in, pay a visit to your local court and file the paperwork.

BTW, I'll say here what I said on SPAM-L: even though Richter was taken off of the ROKSO list, Richter has tasted the taste of money regardless of how it was obtained and he's sitting on millions of email addresses. He's not shutting down how he does business, despite anything he says. And he still stands to make a lot of money harvesting email addresses and selling them to others. There is nothing in U-CAN-SPAM which prohibits the harvesting and sale of email addresses, only the use of harvesting email addresses as the targets of unsolicited email.

But are you are working for OptinRealBig and self proclaimed "Spam King" Scott Richter who were recently sued to near oblivion by NY State Attorney Eliot Spitzer and Microsoft? Quite a coincidence that someone should be asking this just after it is announced on The Register that he is cleaning up his act and just got delisted from ROKSO. If so, good luck in your new job trying to get a leopard to change its spots, but my advice would be to keep one eye on how much legal scrutiny the company is under and what happens to ethics when that spotlight starts to fade.

Spamhaus' definition of spam: (the rest of the definition is [here.

The word "Spam" as applied to Email means Unsolicited Bulk Email ("UBE").

Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.
A message is Spam only if it is both Unsolicited and Bulk.

- Unsolicited Email is normal email
(examples: first contact enquiries, job enquiries, sales enquiries)

- Bulk Email is normal email
(examples: subscriber newsletters, customer communications, discussion lists)

Technical Definition of Spam

An electronic message is "spam" IF:

(1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients;

AND

(2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.

(The rest of the definition is here.

Spamhaus' definition of spam: (the rest of the definition is [here.

The word "Spam" as applied to Email means Unsolicited Bulk Email ("UBE").

Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.
A message is Spam only if it is both Unsolicited and Bulk.

- Unsolicited Email is normal email
(examples: first contact enquiries, job enquiries, sales enquiries)

- Bulk Email is normal email
(examples: subscriber newsletters, customer communications, discussion lists)

Technical Definition of Spam

An electronic message is "spam" IF:

(1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients;

AND

(2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.

(The rest of the definition is here.

Check out ROKSO on Spamhaus.

You want to know who leads the world in spam output; its the wealthy EU countries ....

Both the USA and the EU have approximately the same number of internet users (US 200 million vs. EU 215 million as of March 2005) and their share of the total spam generation rate (US 22.8% vs. EU 24.7%) roughly roughly corresponds to those numbers. This is not surprising since alot of the spam generators are zombie Windows boxen owned and operated by people with a very limited computer knowledge. It seems to me that all we can conclude from these statistics is that the level of 'computer-cluelessness' among the general public is about the same on both sides of the pond. Even so, I care fairly little about where the actual Spam Servers/Zombie PCs churning out the crap mail are located. What would be more interesting is a statistical analysis of where the people owning or controlling all these spam servers and zombies are located? Which countries are failing to deal with the spam companies causing the problem? Take a look at the top ten list at the bottom of this page the USA claims no less than six of the top ten ROKSO spammers I don't see a single spam king from an EU country on that list.

According to Spamhaus, whom I completely agree with based on my own experience, 80% of all known spam originates from no more than 200 "spam gangs", most of whom are in the United States. If China cooperates by providing U.S. Authorities with the missing logs to track the illegal activities of these groups so that law enforcement can prosecute them, that will be a good thing. But it still comes down to law enforcement going after the spammers, which is something that's not being done. If just a few of these 200 spam gangs were criminally prosecuted, we'd probably see spam levels drop dramatically. So everyone should contact their District Attorney and demand that they pursue and prosecute these cases.

And then you have big corporations that are deliberately sabotaging anti-spam efforts. AT&T for example is hacking their nameservers to be authoritative for anti-spam RBLs so their users are unable to filter mail based on these services. That's unconscionable, and reason # 87,343 why you shouldn't do business with a provider like AT&T who is not only being ambivalent about spam, but actively interfering with their customers' own attempts to find superior solutions.

Considering that most spammers are in the US, perhaps it might actually help after all.

Bzzt. You get today's award for not having read the informative slashdot comments, specifically this one - showing that the listing Paul Graham was bitching about covered only one single solitary IP address. As mentioned in alanw's comment, you can look at the Spamhaus record if you wish:

Warned repeatedly, many times, that textileshop.com was spamming, Yahoo chose to continue hosting them. They spammed again. Via Haberstroh. Again. Textileshop has been kicked off other ISPs for spamming.

News flash: Yahoo has more than one IP address. Hard to believe, I know. And very very very very very very very very few of Yahoo's customers/users would actually send email from that one blacklisted IP address.

He didn't say not to block spam hosts; he said that when they blacklist NON-spam sites by the truckload in order to pressure an ISP, they are specifically targetting innocent users in order to carry out their agenda.

Well, it's a good thing that in Paul Graham's case, Spamhaus was only blacklisting the one IP address used by the spammer. Excellent. So there's no problem, right? :-)

like most spam seems to originate in China but in reality its American spam gangs sending spam via China
iam sure this is no different

As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam. Why? Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming.

Also, for what it's worth, I've found the SBL incredibly reliable (except recently, when I've found it's been increasingly unreachable at peak times), but I check it as one of many spamassassin rules -- I don't mark e-mail as spam just because it's in the SBL, though the way I have spamassassin score things, it doesn't take much more...

As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam. Why? Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming.

Also, for what it's worth, I've found the SBL incredibly reliable (except recently, when I've found it's been increasingly unreachable at peak times), but I check it as one of many spamassassin rules -- I don't mark e-mail as spam just because it's in the SBL, though the way I have spamassassin score things, it doesn't take much more...

As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam. Why? Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming.

Also, for what it's worth, I've found the SBL incredibly reliable (except recently, when I've found it's been increasingly unreachable at peak times), but I check it as one of many spamassassin rules -- I don't mark e-mail as spam just because it's in the SBL, though the way I have spamassassin score things, it doesn't take much more...

The http://www.spamhaus.org/ SpamHaus lists seem to be very effective. I've yet to hear of anyone being wrongly listed. They list individual hosts, not netblocks. Couple that with Spam Assassin and Vipuls Razor, and I don't see much spam if any.

any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam

I assume that what Paul Graham is complaining about must be SpamAssassin, or some other content filter, applying a score to articles containing URLs, which when looked up in DNS resolve to listed IP addresses. This is much less acceptable, since the sender has no way to know that their e-mail may have been classified as spam.

The details of the listing can be found at http://www.spamhaus.org/sbl/sbl.lasso?query=SBL279 45. This is a /32 - i.e. a single IP address. I don't know why Paul Graham's web site (which has that IP address) has been associated with textileshop.com, which has a completely different IP address.

The other Yahoo listing on the SBL is also a /32.

I also note in another of Paul Graham's articles http://paulgraham.com/sblbad.html he claims

The most notorious example is the MAPS RBL

I'm surprised there isn't a RBL for zonbies yet
There is

I'm surprised there isn't a RBL for zonbies yet
There is

I'm surprised there isn't a RBL for zonbies yet
There is

I'm surprised there isn't a RBL for zonbies yet
There is.

The spamhaus xbl is meant to be an RBL of spam zombies.

AOL has offered a feedback loop for years.

Information on how to activate it is available at http://postmaster.info.aol.com/fbl/index.html.

MSN/Hotmail's offering is quite a bit different, and I'm not yet prepared to offer an opinion on which interface/mechanism is more useful.

Right now, we find the AOL feedback loop quite useful, as do many others.

More feedback loops for large mail providers are documented in this Spamhaus FAQ entry

Yeah, like the Spamhaus top 10 spamming ISP list has helped.

And I think my sig speaks for itself when it comes to the terrorist methods of the spews blocklist.

The point is, we aren't going to solve spam by putting pressure on large ISPs using technical means.