Are SPAM Blacklists Unreasonable?

rlsnyder asks: "I'm the inadvertant co-administrator of e-mail a for company that relies pretty heavily on it for daily business (e.g. sending confirmations of financial transactions). At one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen, and I'm ready to do my pennance. Given the relatively low volume of mail our server moved that did not originate from inside, I doubt I was a major contributor to the world of SPAM. In any event, we've been blacklisted on a number of sites. Some lists have reasonable policies, and we've since been removed. Other places are a little more arbitrary as to removal policies, and although I can prove we're not a relay, we're still listed." While I approve of the basic concept of SPAM Blacklists, there are dozens of SPAM blacklists out there who are real keen on adding open relays to the list, but not so keen on taking rehabilitated hosts out. I would posit that SPAM blacklists that are not properly maintained are a part of the problem, not the solution. What are your thoughts on the subject?

rlsynder continues: "Am I way off base here, or is this self-appointed mail police thing going in the wrong direction? Given that I can't reliably deliver e-mail to a number of places due to being blocked, I've got a big exposure. Is this making spam less of a problem, or are we trading one problem (SPAM) for another (the reliablility of proper maintenance of SPAM Blacklists)?

I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system? I realize no one makes ISP's subscribe to the blacklists, but basically, I'm trying to move data from one point to another, and some machines in the middle are discriminating against my data because a corrected, perfectly legal system configuration error. How is this helping? Has SPAM really decreased universally thanks to these lists?"

Real Pain

[Tadrith]

The company I work for had the same problem. As a result, we ended up having trouble getting e-mail to some of our customers. Thankfully, it was easy to get ourselves removed, but I think if people are going to use blacklists, they should also take the responsibility of keeping them maintained, both in additions and removals.

Re:Real Pain

[onepoint]

You are very correct, Accountability is the name of the game here.

I myself got into trouble with a blacklist, but if it was not for them, I would have been stuck with open relays. once I fixed it, I submitted my application for test. they found me clean and let the mail fly again.

I was very happy.

onepoint

Re:Real Pain

[fmaxwell]

I think if people are going to use blacklists, they should also take the responsibility of keeping them maintained, both in additions and removals.

So you're saying that unpaid volunteers have a "responsibility" to jump when someone says "I closed my open relay"?

You want them to be responsible to you? Pay them. If you screwed up and created an open relay on your mail server, then you should pay people for their time to update their databases. This idea that you can create a problem for someone else and that this makes them indebted to you is one that I don't follow.

Re:Real Pain

[SpacePunk]

"So you're saying that unpaid volunteers have a "responsibility" to jump when someone says "I closed my open relay"? "

They've made it their responsibility to jump to list the open relay, it becomes their responsibility to jump to de-list the machine after it's been secured. Otherwise their just fanatic assholes.

Re:Real Pain

[fmaxwell]

They've made it their responsibility to jump to list the open relay, it becomes their responsibility to jump to de-list the machine after it's been secured. Otherwise their[sic] just fanatic assholes.

Ignoring your name calling, they are making a volunteer effort to help reduce spam, not to minimize inconvenience for negligent system administrators. I don't care if they only purge their database once a month. If you don't like being in their database, don't do something as brain-dead-stupid as running an open relay. And if you f*ck up, don't blame the people that report it.

Re:Real Pain

[SpacePunk]

If they can jump to get it on, they can jump to get it off when the server is secured against relays. In addition, their lackadaisical attitude toward delisting harms any attempt to get them and their list taken seriously, and just means their list and them are half-assed. I really don't give a fuck if it's a volunteer effort or not. If volunteer firefighters had the same attitude whole neighborhoods would burn to the ground. If these people volunteer at hospitals you could easily find them by following the dead bodies and screaming.

Re:Real Pain

[J.+Random+Software]

Seems to me you're blaming the firefighters for putting effort into hosing down your house during the emergency but failing to put equal effort into drying your belongings off afterwards. Their real job is to save the neighborhood, not any one house.

Re:Real Pain

If they can jump to get it on, they can jump to get it off when the server is secured against relays. In addition, their lackadaisical attitude toward delisting harms any attempt to get them and their list taken seriously, and just means their list and them are half-assed. I really don't give a fuck if it's a volunteer effort or not.

Thanks for the useful comments. I doubt the list maintainers are breathlessly awaiting your note saying you take them seriously. There would be no argument here if substantial numbers of responsible mail server administrators didn't take them seriously. You lose. Again.

Re:Real Pain

[ReTay]

You know I really am not trying to start a flame war here but your statement about "...they can jump to get it off..." Sums up your attitude on the whole topic. And mine is that as long as *I* am paying for the computers,bandwith,and domain names *I* will use the RBL of my choice. If you want to mail me you can go by the rules of that RBL or *I* don't WANT to get mail from you.
And I hope you will forgive me for being blunt but I really don't care if you don't like it. I have had complaints from users about not being able to email their home accounts from work. They had an open mail server at work. After a long time explaining relays to him and telling him to talk to his mail admin I set up a secconed mail server that blocked nothing. Everything anybody sent it would be able to go to (internal only) accounts.
He said great, untill his wife was opening their email. He asked me to refilter his mail. It is now my tatic of choice. Most people don't last a week unfiltered. And they want the filters back.

Re:Real Pain

It is very dangerous to put up a "free" service like this and to then accept payment for removal.

This would greatly encourage the owner of the list to add false positives to his list to increase income.

If you've taken the time to put up the list for the good of the Internet community, then you damn well better be willing to take the time to maintain it. Otherwise, you just add to the list of problems related to spam.

An inaccurate blacklist is worse than no list at all.

Re:Real Pain

[fmaxwell]

If they can jump to get it on, they can jump to get it off when the server is secured against relays.

Or they can do it when they are damned good and ready to. It's their list and they can make removals a high or low priority. Their choice. If their views and mine are the same, then I can use their list to help me filter my mail.

If volunteer firefighters had the same attitude

The firefighters' responsibilities are to the community, not to the guy supplying oily rags and matches to arsonists.

If these people volunteer at hospitals you could easily find them by following the dead bodies and screaming.

In your world, the hospitals would be tending to the needs of the muggers, rapists, and wife beaters rather than those of the innocent victims. "Oooh! It looks like you cut your hand when you punched your wife. We'll get right on it and tend to her later."

Re:Real Pain

I can run around dobbing in people who exceed the speed limit. That's a volunteer effort to help reduce the road toll.

If I keep doing it after they've paid their fine and stopped, then that's harrassment and/or defamation.

Re:Real Pain

Or blaming the firefighters for turning up a week later and flooding the house again, even though the fire is long gone?

Subscribing to blacklists did not help me.

[Dick+Click]

When I used to manage a mail server, I was asked to filer based on orbs. Not did this in no significant way limit the amount of spam entering the system, it became a huge administrative headache. Eventually, we stopped using the lists. I am sure there are likely better lists, but I simply prefer creating my own list, based on investigation into what's coming in.

Re:Subscribing to blacklists did not help me.

[diamondc]

We use ordb and orbz here at work. Over a day or so it rejected about 500 emails.

Then we blocked all mail from mail servers who's IP numbers don't resolve. Now we have cut down on spam dramatically.. our root@ email account has gone from 200 spam emails a day to about 10

Re:Subscribing to blacklists did not help me.

[edrugtrader]

it also probably went from 20 real email requests to 5, because your customers can contact you.

a years ago I accidentally set up an open relay on my email server... i'm pretty sure i'm blacklisted all over the place, because by the time i relized it (only 3 days after install) there were 20,000 emails in the queue and it was sending like crazy.

how would someone like me go about getting off all the blacklists? who manages them all?

Re:Subscribing to blacklists did not help me.

Thanks for breaking the Internet! There is no RFC that states the sender's email server must have a Reverse Resolvable IP address. That's just plain silly even in a perfect world. I'm sure you are blocking lots of legitimate mail which you apparently don't seem to mind.

Re:Subscribing to blacklists did not help me.

[Carlos+Laviola]

In most cases, you can find out where you got blocked by just looking at the error the remote smtp daemon (the one that is filtering you) gives when they bounce back your message. I have set up my ISP's mail server so that, when the message bounces, the person whose message is bounced receives a warning in Portuguese and English about the blocking, and a URL, relative to the DNS blackhole that got him (we use both ORBZ and SpamCop's DNSbl's). Nevertheless, I still have to explain to some people why the heck their mail is getting blocked but, overall, I feel like I'm doing a service for them too. You may not get your mail delivered with an open relay, but at least some crazy idiot doing the old 419 scam won't be spending your bandwidth again. Ever.

Re:Subscribing to blacklists did not help me.

[diamondc]

yeah, well.. we're just experimenting, it seemed like a good idea to my coworker since he reasoned that mail servers have mx records that should an IN A and a PTR. I'm not sure if it's a good deal since people might not get a resolving host name from their ISP but are still legit.

Re:Subscribing to blacklists did not help me.

[Maserati]

The next step is to not accept mail from open relays. That should about finish the matter.

Re:Subscribing to blacklists did not help me.

[thogard]

That depends on how fast the names can be resovled. The reverse dns servers are way overloaded and when they have to deligate a few levels you will find one that is down. The result is not that the address doens't resolve but it times out. Make sure your filter can tell the difference.

Re:Subscribing to blacklists did not help me.

I simply wrote my own SMTP proxy. I can block by:

unresolvable sender addresses,

unresolvable relays,

IP masks of relays,

regular expressions of addresses,

the presence or absence of fields (based on a regex match), and

regular expressions in the body.

I feel with all the regex matching I have enough control that I don't need a list. Plus, I don't have to worry about the holes in sendmail.

Re:Subscribing to blacklists did not help me.

[Flower]

First off, go to samspade.org, bookmark this page and then check to see if your server has been blacklisted. It doesn't check every list but it is a dang good start. samspade is a friend indeed.

After that, it's simply up to you to find out how to get off the lists. Some are incredibly easy and take less than half a day. Others require more work. It isn't fun but it is worthwhile. You will surely rue the day when a client is knocking on your cube trying to send this critical e-mail to someone and the best advice you can give them is to open a hotmail account.

Re:Subscribing to blacklists did not help me.

[Syberghost]

I have only about 7 users. I am using two blacklists:

Not Just Another Black List, and Osirus

Between them, I'm stopping an average of over 100 messages a day. We do not have a single indication of any false positives yet.

Considering that only 2 of my 7 users receive a lot of mail per day (based on the size of their mail spools), that's a hell of a lot of spam.

So protestations that "they don't work" are bunk. If you think spam blacklists don't work, then you either have a skewed definition of "work", or you're just sadly misinformed.

As for "false positives", that depends on your definition. I personally choose not to do business with people who keep open relays. I therefore by definition can only have a "false positive" if there's a bug in one of my blacklists. Legitimate mail from an open relay isn't a false positive as far as I'm concerned, and my users have hundreds of alternatives if they don't like my policies.

Re:Subscribing to blacklists did not help me.

[Syberghost]

I should also add that every time Slashdot puts up a new spam-munge that leaves the domain name intact, as with the current one, I start getting bounces in my logs from spammers:

Feb 16 08:25:22 oa sendmail[4090]: g1GDPKD04090: <sLAPLACEyberghost@eiv.com>... User unknown
Feb 16 08:25:22 oa sendmail[4090]: g1GDPKD04090: from=<mark@gemdealers.net>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=netturbo.cscoms.com [202.183.214.2]

I thought you guys were gonna fix those to always munge the domain, too, for those poor souls who get their domain's mail via fetchmail with a POP account?

Re:Subscribing to blacklists did not help me.

This isn't a good idea at all. Our last provider only gave us reverse for the nameserver and that was after months of bitching. We haven't had a working PTR record for our mail for over a year. Use the blacklists :)

ObPeeve: SPAM(tm) vs uce spam

[Speare]

Hormel Foods has stated they don't mind the use of the word 'spam' to refer to U.C.E., or junk mail, as long as people don't use the term spelled in all-capitals. Hormel owns the trademark on the meat product, SPAM. Given their more-reasonable-than-average position on this, let's respect their request?

Its more of a pain in the neck

[tkrotchko]

I like the idea of something like MAPS-RBL, but I think many of them are bad hacks put together by guys who take the spam thing as a holy crusade. I don't really have a problem with that, its a free country, you do what you want.

However I fault ISPs for using them without understanding their policies. Many ISPs use these small-time black-holes because they don't want to use MAPRBL (I assume its a money thing at this point). And if you get listed, how do you know that you're listed? You don't until somebody calls somebody and says "I can't get mail through to you". There needs to be a better way.

And some sites, its not worth getting delisted. "www.joes.antispam.site.com" isn't worth the effort one way or the other.

Re:Its more of a pain in the neck

It's a free country but your rights end were mine begin let's not forget that.

I hate receiving unsolicited email. I would rather have sites with marketing ads were people could actually go and add their OWN email address to receive spam.

These MKT people should know that most people only delete their mails. But I guess there is always the other 1% who respond to it.

Re:Its more of a pain in the neck

[crucini]

Many ISPs use these small-time black-holes because they
don't want to use MAPRBL (I assume its a money thing at this
point).

I don't think it's only a money thing. MAPS is almost useless - they don't list spammers until they've tried to "educate" them. I've noticed that servers sending me spam are never on MAPS. But the fact that they're charging doesn't help.

And if you get listed, how do you know that you're listed? You don't until somebody calls somebody and says "I can't get mail through to you". There needs to be a better way.

You generally know that you're listed because some of your outbound mail bounces with a message explaining that you are listed and giving a URL for further info. Are you saying that you've had outbound mail bounced due to a spam list and there was no indication of the reason? I realize this is theoretically possible, but I don't understand why someone would set up a mail server that way.

Re:Its more of a pain in the neck

A spammer never uses his own address as "from address" - but in many cases another valid email address (like mine). So all those nice responses about why you could not get through to someone ends up in my inbox.

THIS IS WORSE THAN SPAM!

Over 3000 messages in two days! And this was not the only time it happend. Normal spam level would maybe be 10 msg a day, but getting all these autoreplies that is just too much.

So the point is: As long as these blacklists are only filtering some one at a time valid mails, no problem (just waste of time) - but when you really do block a spammer - big problem!

Re:Its more of a pain in the neck

Many ISPs use these small-time black-holes because they don't want to use MAPRBL (I assume its a money thing at this point).

I'm a tiny ISP running a sendmail server. I used MAPS for a couple years but switched to using small-time blackholes because MAPS made registration a pain in the neck - faxing forms and whatnot - not because of money.

Re:Its more of a pain in the neck

[macdaddy]

I tend to agree. MAPS is useless for the most part as far as listing actual spammers. Now I do like to use their RSS. Many anti-spam admins still report open relays to MAPS. I do. Because of that they have a decent list of open relays. I also like their DUL. It was created in a fairly professional way. They did the leg work to identify actual dialup user netblocks rather than me trying to make a quick guess. I like that. I don't hit the DUL much (maybe 500 times per week on average) but every so often it gets hit hard and I'm glad I shelled out the $$$ for it. I use the ORSS for most of my filtering. I zone transfer it so I get the SPEWS stuff as well. It works well for me. Add that to me huge Sendmail access list and you have a decent setup.

Re:Its more of a pain in the neck

[DavidTC]

Most servers don't 'bounce' the messages, they give a 550 during a receive. The message never actually enters the receiving end, and thus it can't 'bounce' the message, much less bounce it to the wrong perosn.

This error usually ends up looking like a bounce message, but it's entirely generated by mail client, or the SMTP server trying to send it.

550 errors never end up going to the wrong person, unless you have a strangely configured open relay that spammers are using, and then it's merely shunting a spam message from one person to another, and I fail to see the harm there.

Re:Its more of a pain in the neck

I would agree that an ISP should not use a blacklist without knowing something about it,but I would consider its track record to be more important than formal policies. However, the decision to not use the MAPS RBL may be due to more than money. A large part of the antispam community considers MAPS to be to slow to list spammers and too quick to remove spammers who claim to have reform but then go back to their old ways.

As to knowing that you're listed, nobody has an obligation to tell you. The people using those lists have obligations to stockholders and customers, and that's it. Many of them will include the reason in an SMTP error message, but that is for the benefit of their customers.

Re:Its more of a pain in the neck

That depends on where the blocking is. You might allow an IP address to communicate with your mail server and give it an error message, or you might block that IP address at your router. There are tradeoffs.

Stay away from certain ISPs

Although I am not sure of a solution to the poster's problem, I must take this time to note that your company can lose business if you use certain ISPs.

A good example is Rackspace. Yeah, you've seen those ads and think Rackspace is full of good little geeks, but many spamlists block all of Rackspace's IP blocks from sending mail. They host many repeat offenders and do very little to combat spam.

This is just one example, though ... basically, even if you're not involved in SPAM, you never know if your IP has been used for mischief in the past, or if your ISP is a moron.

-d

Re:Stay away from certain ISPs

[ONU+CS+Geek]

I use Rackspace for my Managed Hosting needs, and I've never had any problems with any of my site's emails. It's a sports agency, I've had only 3 problems of sites not getting any of our mail, and in both instances, it was a problem on my end (not having my MX pointer resolved right).

Rackspace is wonderful, and I would encourage anyone who is need of a Managed Host to go there.

Just my 2 Cents worth.

Re:Stay away from certain ISPs

I've had only 3 problems... and in both instances...

We should all listen to this guy.

Re:Stay away from certain ISPs

[Erik+Fish]

> even if you're not involved in SPAM, you never know if your IP has been
> used for mischief in the past, or if your ISP is a moron

Sure you do. Searching news.admin.net-abuse.* on the ISP's domain name is a good start. After that it's just a matter of ensuring that you've got some good clauses in the contract you sign with the ISP that define spam and keeps the ISP from knowingly hosting spammers or spam support services through the use of hefty penalties for doing so (cost of switching ISP's, damage to reputation, etc.)

If the ISP actually follows the anti-spam terms of service that they probably have they should have no problems with a contract like this. If they refuse the changes then find another provider and go back to step one.

Re:Stay away from certain ISPs

[Skapare]

Which blacklists are blocking whole ISPs when they could block just the offending server? If you genuinely know this is the case, then surely you know of examples of good blacklists and bad blacklists.

Colo/server hosting is one of the tougher areas to stop spamming. An ordinary dialup/DSL/broadband ISP can block port 25 and force the use of their mail servers, and rate control those servers and be effective. But colocated servers is harder to do because many of those machines have legitimate high mail volumes so the mechanics of controlling spam are much harder.

Re:Stay away from certain ISPs

Rackspace IP ranges are blocked by SPEWS.

I learned this the hard way.

Re:Stay away from certain ISPs

[Skapare]

I don't use SPEWS for a couple of reasons, and that is one of them. You have a Rackspace based mail server? Figure out my email address and send me something and see if it comes through.

Re:Stay away from certain ISPs

[DavidTC]

Frankly, I consider blocking all of Rackspace the sign of a good blacklist. ;)

I don't want a single IP blocked after some place sends a spam from it, I want ranges blocked that refuse to do anything about spam and continue to profit from it. That's where spammer flock, and that's where I block.

Re:Stay away from certain ISPs

[Skapare]

The only difference between the way you would do it and the way I would do it, is you lose all the other mail, too, while I would not.

If you're going to block a range, the only range you need to block is the range the actual spam comes from. If you are capable of blocking a range, then you can succeed at blocking the spammer range. The only time you need to block the whole ISP is if they help the spammer evade your block. But as long as the ISP is simply providing basic IP service in a box, the content should be irrelevant to them (not to you or me, course).

The extreme danger in this is that it sets up the precedent that a hosting company has to judge content. Once they are judging one type of content, then they could be forced to judge another. They might end up having to take down a web site because the corporation it makes fun of, or reports about improprieties by, would be offended and threaten the ISP with a lawsuit. As long as the ISP doesn't give the spammer special treatment by letting them change IP addresses all the time, blocking gets the job done by blocking the spammer and not the ISP.

If you think that by doing this kind of blocking (of the whole ISP) often enough will cause spammers to somehow just disappear, you are delusional. Spammer types have always existed before the internet, and will continue to exist as the internet becomes entirely ubiquitous.

As long as there is perceived to be a target market for spam, there will be spammers, and they will find ways to deliver the garbage. And there is such a target market out there. While you and I pay greater costs, to the spammer it is a success because they very frequently get returns well in excess of expenditures (and the last time I looked, that was the way business worked).

Compare this to the illegal drug market in the US. As long as people want to buy these drugs, someone will find a way to deliver it, no matter how much the US law enforcement does to stop them. As the supply diminishes, the prices go up, and the attraction to enter supply side is greater. So it is with spam. The more we reduce it on everyone, the more successful the spammers who remain will be (because their target is less saturated). If instead of trying to stop all spam, we work on stopping spam from just us, and let it go on to those who don't really care (and whether you believe it or not, there are a large number of people out there who really don't care), then at least we can be spam free. Economics works with spam, too.

Re:Stay away from certain ISPs

[DavidTC]

The only difference between the way you would do it and the way I would do it, is you lose all the other mail, too, while I would not.

I don't want email from people supporting thieves. If they're doing it unknowingly, well, they'll see the block and do a little research, and thus become knowing. If they already know they'll living in the slums and pay rent to thiefs, they either move or I refuse to visit them.

If you're going to block a range, the only range you need to block is the range the actual spam comes from. If you are capable of blocking a range, then you can succeed at blocking the spammer range. The only time you need to block the whole ISP is if they help the spammer evade your block. But as long as the ISP is simply providing basic IP service in a box, the content should be irrelevant to them (not to you or me, course).

No it shouldn't. I don't knwo where you get this concept they don't have to follow AUPs. Rackspace's AUP with their provider clearly says that they can't have anything to do with spamming. (As does pretty much everyone's in the entire world.) They simply lie and move people, take a month to deal with a complaint, etc.

The extreme danger in this is that it sets up the precedent that a hosting company has to judge content. Once they are judging one type of content, then they could be forced to judge another. They might end up having to take down a web site because the corporation it makes fun of, or reports about improprieties by, would be offended and threaten the ISP with a lawsuit. As long as the ISP doesn't give the spammer special treatment by letting them change IP addresses all the time, blocking gets the job done by blocking the spammer and not the ISP.

There is no precedent here for the simple fact this isn't a legal processing. Or do you want to worry that the BSU's boycott of Disney will create a precedent that people can sue Disney for things they find offensive? Boycotts are entirely legal, and they don't create any precedents, unless you want to count 'more boycotts' as predecents.

If you do want to talk about the concept of creating other types of blocklists...they already exist. Things like netnanny and junkbuster are the exact same thing, for the web instead of the net. People just haven't come up with the infrastructure to add things in real time, like with spam blocklists. (Though you can do that with whatever the usenet one is called...NoCemEm or something.)

There are plenty of volentary methods for blocking what you see on the internet, and plenty of people are willing to share what they block, and use what other people block. This isn't anything new, and none of them have resulted in any sort of bad legal decision. (Though the availibility of netblockers did help shoot down the CDA.)

If you think that by doing this kind of blocking (of the whole ISP) often enough will cause spammers to somehow just disappear, you are delusional. Spammer types have always existed before the internet, and will continue to exist as the internet becomes entirely ubiquitous.

I don't care if they exist, I just don't want them on the same wires as me. As that isn't strictly possible, I'll settle for simply blocking them off the same part of the net as me.

As long as there is perceived to be a target market for spam, there will be spammers, and they will find ways to deliver the garbage. And there is such a target market out there. While you and I pay greater costs, to the spammer it is a success because they very frequently get returns well in excess of expenditures (and the last time I looked, that was the way business worked).

This is a fairly common fallacy, that because I'm doing on thing to stop something I can't do another. I do educate people about spam, and tell them not to reply. I don't see how blocking spammers will hinder (or help) this. I can do two things at once, especially when one's automatic.

Compare this to the illegal drug market in the US. As long as people want to buy these drugs, someone will find a way to deliver it, no matter how much the US law enforcement does to stop them. As the supply diminishes, the prices go up, and the attraction to enter supply side is greater. So it is with spam. The more we reduce it on everyone, the more successful the spammers who remain will be (because their target is less saturated). If instead of trying to stop all spam, we work on stopping spam from just us, and let it go on to those who don't really care (and whether you believe it or not, there are a large number of people out there who really don't care), then at least we can be spam free. Economics works with spam, too.

Yes, that's a good way to get rid of spam, and it's how spam will eventually die. But the entire world isn't anywhere near being on the internet. Sure, we can educate everyone around us, but what about in ten years when everyone in India suddenly leaps on the internet, or twenty when everyone in China does?

Everyone getting educated to the point of not replying to spam is a long way off, and I perfer not delete the eight septillion spam messages between now and then.

Automate the maintenance

[jACL]

In this day and age, there's nothing stopping blacklist coordinators from automating the rehabilitation process: Select your host and click 'Check me now!' Passing verification removes one's host from the list.

Re:Automate the maintenance

[Sir+Spank-o-tron]

1. turn off open relay.
2. click 'check me now'
3. pass check.
4. turn on open relay.
5. spam as usual.
6. rinse repeat.
7. automate process

Re:Automate the maintenance

[amuro98]

Yeah, some sites do just that.

Many of these lists have a good memory, and getting RE-listed means the ISP will have a harder time getting delisted again - assuming they can even get delisted.

Re:Automate the maintenance

[maxpublic]

And if the database flags the company as a repeat offender the process is locked for them, requiring actual human intervention. Easy to write something like this.

Max

Re:Automate the maintenance

[Tyrall]

Nope, the usual way to do it is:
1. Filter the open relay checker's IP.
2. Click 'check me now'.
3. Spam as usual.

This is a retarded, but effective way of avoiding the automatic blacklist generators.
You'll still get on a lot of the automatic+human checkers like MAPS' open relay list.

Re:Automate the maintenance

[ahde]

a spammer doesn't need open relay turned on on his own box

Re:Automate the maintenance

[LinuxHam]

1. turn off open relay.
2. click 'check me now'
3. pass check.
4. Go on probation involving random checks for 6 months, with fails being duly punished.

Re:Automate the maintenance

In this day and age, there's nothing stopping blacklist coordinators from automating the rehabilitation process: Select your host and click 'Check me now!' Passing verification removes one's host from the list.

OK. I hope you agree that if you turn up on the list again that your "Check me now" button is greyed out for six months.

No. Deal with it.

[Tackhead]

No, they're not unreasonable.

You wanna live in a crack house? Don't go whining to the cops when you can't get a pizza delivered at midnight.

You wanna get bandwidth with a company that provides services to spammers and relocates spammers to IP addresses to avoid blocking of single IP addresses, don't come whining to /. when the rest of the world wants nothing to do with your ISP.

If someone spams me, I block the IP address. If the ISP relocates the spammer to another IP address in the same netspace, I say "fuck it", and block the /24. Or the /16, if need be.

Don't like living in a crack house? Move.

I've been e-mailing the admins of those lists,...

[5.25"+Floppy]

... but dammit, they just don't seem to be getting my e-mail! I'm going to start having all my friends send them a few mails as well... *sigh*

Naughty in his sight

[ackthpt]

At one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen, and I'm ready to do my pennance.

...and the number of counting shall be three...

if you got listed then you were major

major enough to merit listing.
Keep petitioning to be removed -meanwhile-
let this be a warning for the rest of you.

Re:if you got listed then you were major

[ackthpt]

It may be easier to just get a new domain or IP address, yes, no?

Re:if you got listed then you were major

[TheCarp]

That depends entirly on what blacklist we are talking about.

Our mail relay boxen were listed in orbs for a long time. We were never a major spam source, in fact, our relays were open (and stayed open because of political reasons, took us a while to get them shut down... now we have authenticated smtp and life is good)

The fact is, we got on the orbs list not because we were a spam source, but because we could have been. We were open if (and only if) you forged your from address as being from our domain. Yea...it was dumb - but believe it or not, noone spammed through us!

In fact (I said political process right?) we had permission to shut down relaying permanantly if we got abused - we were waiting for it! It never happened. (eventually, we finnally got it shut down without abuse but... it took time)

So no... bein glisted on a blacklist doesn't mean you are a spam source, unless it is one of the better blacklists. SOme blacklists will list you because you could be one. (One of the orbs tests that caught a machine of ours was an obscure uucp test that, yes meant we were open, but again.... no real spammers were actually using)

all in all I liked orbs, I think that active testing and notification was good... it helped us fix some of the stuff we didn't know about... but in the end, it wasn't a very good blacklist to block mail by because it listed alot of places that just wetren't spam sources (like us).

-Steve

Mail servers are private property

[Tyrall]

From the article: I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system?
This is a fallacy that continues to be propagated. I own my own mail server. The company I work for owns its mail servers. We can both decide who we want to allow to send mail to our users.

At work, we use two open relay lists; ORDB and ORBZ. Nobody forces us to use them; it's our server cluster, and our choice.
The reason we use those two systems, however, is due to the reasons pointed out in the article. Some blacklists are far too easy to get onto, or hosts are arbitrarily added by humans. The only way to get onto either of those lists is to be an open relay. The only way off is to be automatically retested and found to not be an open relay.

Re:Mail servers are private property

Email servers are private property, but if a transit ISP subscribes to MAPS' RBL using BGP, that block gets null routed. This causes major outages for smaller ISP's.

Re:Mail servers are private property

[Tyrall]

Correct.
There are numerous ISPs out there; you are not required to use any one ISP.
If an ISP doesn't fulfil your specific needs, or has policies you disagree with, then there is nothing preventing you from using a different one.

Similarly, if you're an ISP, there's nothing /requiring/ you to use one transit provider. If you have an issue with RBL filtering, don't use that transit provider.

Re:Mail servers are private property

[leviramsey]

You are 100% correct. However, I think that it's the responsibility of the sysadmin who subscribes to a blackhole list to keep the database current and to make sure that the list has a decent policy for removal from the list.

If I were to use an OR database, I'd require a few things:

• Mail is sent to an administrative account at the mail-server (or at least to common addresses like abuse@[mail-server], root@[mail-server]. Making admins manually subscribe does not satisfy this requirement.
• Related to the above, such mail must contain a full itemized list of tests performed (or at least any and all items which were failed). The point of these lists is not to punish admins, but to educate them and make a better internet.
• There must be a period of sufficient length (24 hours sounds good to me) to allow the admin to fix the problem, before the host is added to the list.
• There must be a free means of checking the lists.
• The current database of blocked addresses must be available for use and editing by myself.
• If IP blocking is enabled, it must possible to disengage, on a per-host basis.
• It must be possible to obtain a list of hosts which came off the list without re-downloading the entire list.
• Probably some other requirements, which I have forgotten.
• Any IP address which submits a list of open relays must be banned from submitting more relays for a reasonable period of time (3 years, maybe?) if one, when tested, is found to be adequate. Otherwise, these DBs are just DDOS attacks waiting to happen.

I should note that neither DB in your post is acceptable to me.

I think that the database approach is not the solution to the problem. The better approach may be to define a mail header that compliant webservers may attach saying that the mail was sent using open relay. This could then be blocked by destination servers using their own rules.

Re:Mail servers are private property

[geekoid]

e-mail system not server.
he is correct, nobody owns "the system".

Re:Mail servers are private property

[dillon_rinker]

Which is like saying that no one owns my neighborhood because 30 people own the property, the utilities own the poles, and the city owns the street. Or it's like saying that no one owns GE because 50,000 people own stock.

True, no single person owns it all, but all of it is privately owned, except for the bits that are owned by the govt, which in theory is owned by all the people.

Re:Mail servers are private property

[Tyrall]

You are 100% correct. However, I think that it's the responsibility of the sysadmin who subscribes to a blackhole list to keep the database current and to make sure that the list has a decent policy for removal from the list.

I'd say it's the responsibility of the sysadmin to analyse those factors way before they even started to use the list. I know we checked over a period of months that the two services we used we well maintained. I'd like to counter a couple of the points you mentioned:

Mail is sent to an administrative account at the mail-server (or at least to common addresses like abuse@[mail-server], root@[mail-server]. Making admins manually subscribe does not satisfy this requirement.
Related to the above, such mail must contain a full itemized list of tests performed (or at least any and all items which were failed). The point of these lists is not to punish admins, but to educate them and make a better internet.

This was one of the stumbling blocks we came up against. We'd prefer the systems used a notification method like you described. However, the TXT on the lookup clearly points you to a web page detailing exactly what failed. Our reject message is also customised to suggest why the mail is being rejected.
I find ORBZ's reason for not emailing notifications somewhat amusing though.

There must be a period of sufficient length (24 hours sounds good to me) to allow the admin to fix the problem, before the host is added to the list.

I disagree. One of the bonuses of both systems is their automatic notification feature. I can submit a relay for checking on the first spam from a server, and have it reject future attempts that same day.

There must be a free means of checking the lists. The current database of blocked addresses must be available for use and editing by myself. If IP blocking is enabled, it must possible to disengage, on a per-host basis.

Any server capable of limiting using RBLs is also capable of whitelisting IPs or IP ranges. We have many IPs in our whitelists, but it should be up to us to add to that whitelist. If you allow general access to the blacklists you will get moron spammers de-listing relays and then using them.

Any IP address which submits a list of open relays must be banned from submitting more relays for a reasonable period of time (3 years, maybe?) if one, when tested, is found to be adequate. Otherwise, these DBs are just DDOS attacks waiting to happen.

ORBZ will not retest within 24hrs unless requested from the IP of the blocked server. ORDB does not have such a limit to my knowledge, but I agree it should have.

Re:Mail servers are private property

[tymesf]

Also, public spaces aren't owned by anyone in particular. By the "free the internet" logic, a society should allow anyone in those spaces no matter what they've done. Get rid of criminal justice systems, they're completely unfair!

Re:Mail servers are private property

"except for the bits that are owned by the govt, which in theory is owned by all the people."

Which includes the spammers (at least the ones who are citizens of that govt.)

Re:Mail servers are private property

[nick+this]

I think that the database approach is not the solution to the problem. The better approach may be to define a mail header that compliant webservers may attach saying that the mail was sent using open relay. This could then be blocked by destination servers using their own rules.

Hey... this is a good idea. So if I've got the concept right, then those people that set the mail server up the wrong way to begin with would just adjust the configuration of their mail server. Not to stop acting as a spam relay, but to add a header saying that any mail going through might be spam?

Uh... riiiight...

While we're at it... here's another idea from the same well:

There are still a couple bits unused in the IP header aren't there? One flags bit and one service bit or something? We could just appropriate those. We could set up encodings to mean that a particular packet was part of a data stream that was:

• Attempting to hack or probe the destination system
• Attempting to steal computing time or other resources (spam)
• A general waste of resources (d/l pr0n, mp3, slashdot, etc)

Hacking tools could be written to set those bits, mail sent from spam servers could be configured to set the appropriate bits. DDoS bots, news clients downloading from the alt.binaries.* newsgroups, browsers to the slashdot.org domain, etc, etc. Or perhaps there could be an interface on the user's side... so that when the user was doing something that was wasteful of their employer's time or bandwidth, they could just check the "I'm wasting bandwidth" checkbox, and then the network administrator could decide whether or not to pass the traffic.

I think you are on to something here...

Re:Mail servers are private property

[TheBoquaz]

To keep going with this argument... in a case like this, where a reformed open relay tries to send your company mail, and it doesn't go through, you have to be willing to admit that it is your fault.

In essence, you are saying that he has no responsibility to get off the black lists (it's probably still a good idea for him to try) but really, the responsibility lies with you to make sure your people can get the data they need.

That's his answer really. If you can't mail people, and you try to get off the lists (and of course you deserve to be off the lists) then it's really the blockers problem.

Re:Mail servers are private property

• There must be a period of sufficient length (24 hours sounds good to me) to allow the admin to fix the problem, before the host is added to the list.

Are you joking? Do you know how many millions of spam emails can be sent though an open relay in 24-hours?

• The current database of blocked addresses must be available for use and editing by myself.

And by "myself" you also mean every spammer looking for a nice list of 100,000 open mailservers. Nice idea.

• If IP blocking is enabled, it must possible to disengage, on a per-host basis.

You really don't have a clue as to how these systems work do you?

• Any IP address which submits a list of open relays must be banned from submitting more relays for a reasonable period of time (3 years, maybe?) if one, when tested, is found to be adequate. Otherwise, these DBs are just DDOS attacks waiting to happen.

My last question was answered: No you don't. You don't think that the relay testers have several built in safety measuers to make sure they can't be used for DDOS or DOS attacks? Do you think if someone submits the same IP address 100,000 times they will test it 100,000 times?

Here's hoping you're not actually a Sysadmin someplace. (but the way the 'net is these days, you probably are.)

Re:Mail servers are private property

Your logic would work if only small ISPs did this, however some major backbone providers do this
such as Teleglobe (#2 in number of advertised roots after UUnet) So even if your ISP is connected through a different backbone provider a good portion of the hosts on the net won't be able to recieve any packets should you get onto RBL.

Re:Mail servers are private property

You pretty much are required at some point to use a tier 1 isp. Between AT&T, UUNet and Genuity, they have 90% end user reach in the US. If they drop your traffic, you arent on the net.

Re:Mail servers are private property

[Russ+Nelson]

If mail servers are private property, then why does ORBZ refuse to respect my private property? Every time ORBZ test my server, I receive several dozen mis-addressed messages. Given that they're unsolicited, bulk, email, with false envelope addresses, they closely resemble spam. Of course, ORBZ partisans angrily reject the idea that they are spamming anybody. But they are.
-russ

Re:Mail servers are private property

[DavidTC]

As far as I know, the US government doesn't own any parts of 'the internet' except their own networks and servers. In other words, unless you get on .gov, you're using privately owned wires. So, no, spammers do not own any part of the network. They have merely purchased access to it, and are actually in violation of their AUP, so it's not like they can complain when their AUP violation doesn't work.

This may or may not apply to other countries, I dunno.

Re:Mail servers are private property

[winnetou]

Every time ORBZ test my server, I receive several dozen mis-addressed messages.

No one forces you to accept those messages, in fact most mail servers are able to reject them. The few double bounces you see in your mailbox are relatively few messages when compared to the flood of bounces a victim of a From-header forgery will receive -- I know since I have twice been flooded by qmail servers, the bounces from open relays are easily blocked, thanks to services like ORBZ.

No decrease noticed on my part

[fishybell]

I've had my e-mail address at hotmail for many years, and until the last year or so haven't taken any precautionary measures to reduce my spam intake. As a result of this, that address receives hundreds of spam messages daily (thank god for filters).
I've only noticed that spam is getting harder to filter because of the blacklists. No longer are they all coming from a dozen or so servers, but instead hundreds.

Re:No decrease noticed on my part

[rmohr02]

I had noticed that with Hotmail, but I also realized that you can only have ~500 email addresses blocked, and only ~100 filters (i might be off on those numbers, but I know there are maximums), so I had to switch my address.

More fuel for this fire

[ellesar1]

I agree that these blacklists can be annoying. I could be wrong, but my alma mater's mail server which I use, byu.edu, seems to be blacklisted by earthlink.com and maybe a few others. But, when I send messages, I never get a response that these are denied. I send an email, and it doesn't get there, no errors or anything. I was doing some ebay business and I had to use a free internet email site with 4 pop-ups per page load, just to communicate with others. Really annoying. Anyone have any insight into the blacklist mess, perhaps how one can test it or find out?

Re:More fuel for this fire

[schon]

I send an email, and it doesn't get there, no errors or anything.

If this happens, then your mail server, or your mail client is misconfigured.

A site that operates a blacklist will reject the mail from the beginning - it isn't going to waste resources accepting an email, then deliver it to /dev/null. (Or, if it does, the mail admin needs his/her head examined.)

If you don't get a bounce message, then either your mail server is screwed (not delivering a bounce message), or your mail program is screwed (maybe you have the wrong email address in it?)

Re:More fuel for this fire

[prog-guru]

If you are blacklisted with DNSBL, you can do an DNS query to see if you are listed. If your servers IP is 1.2.3.4, and the list you think you are on is my.rbl.com, you can do:

dig 4.3.2.1.my.rbl.com

If it comes back with an A record that says 127.0.0.2, you are blacklisted by my.rbl.com.

Re:More fuel for this fire

[Wildcat+J]

Or, maybe the receiving mail server is on his mail server's blacklist, and they just keep bouncing rejections back and forth ;)

Re:More fuel for this fire

[schon]

maybe the receiving mail server is on his mail server's blacklist, and they just keep bouncing rejections back and forth ;)

Interesting, but unlikely (and it wouldn't bounce back and forth anyway - bounce messages that bounce go to the postmaster.)

If he uses his school's email address, sent through his school's email server, he should get the bounce message (because internal delivery always supercedes spam lists,) unless his mail server is misconfigured (which I covered :o)

If he uses a different (say, home) email address, then that would fall under "his mail client is misconfigured" (which I also covered :o) (yeah, this is a minor technical nit :o)

Re:More fuel for this fire

[Wildcat+J]

You are correct, but you did realize that I was kidding, right?

Re:More fuel for this fire

Or have it done for you at

Please list your domain.

[Henry+V+.009]

Unfortunately you are on my personal spam blacklist. I will consider removing you in return for a fee that will be calculated based on the amount of my time you wasted by allowing yourself to be used as a tool of the spam distributors. And I want you to grovel too.

P. S. And how come I never got those pics of Teen Sara27 XXX 18th birthday?

How to avoid SPEWS black-listings

[13013dobbs]

We have had customers find themselves on SPEWS. We just set up a smart host on a colo and have thier mail server direct all outgoing mail thru the colo. This way, the non-spammer does not have to re-locate and SPEWS has to do their own dirty work.

Re:How to avoid SPEWS black-listings

[prog-guru]

Won't they just blacklist your smarthost?

Remeber, when you relay mail for somebody you are relaying mail for everybody they relay mail for.

Re:How to avoid SPEWS black-listings

[Tackhead]

> We have had customers find themselves on SPEWS. We just set up a smart host on a colo and have thier mail server direct all outgoing mail thru the colo. This way, the non-spammer does not have to re-locate and SPEWS has to do their own dirty work.

Disclaimer: I am not SPEWS. I don't know who SPEWS is. If I did, I'd buy them a beer.

Personally, I wouldn't have a problem with that. Assuming you're the ISP, it still requires some effort on your part, thereby raising your costs of doing business with the spammers. But if I understand you correctly -- as you describe it, you're not moving the spammer around to evade the block. So SPEWS can continue to block the spam, and your non-spamming customers' concerns are also answered. (That is, the legitimate customers' email now comes from an unaffected range at the other host, so it's not subject to a block.)

I assume this is what you're talking about, otherwise (i.e. sending the spammer's mail through the smarthost/colo) SPEWS would just block the host at the colo. (Of course, that might not be your problem, it'd be the problem of whoever provided bandwidth to the colo - but if the spam's coming from there, it's the colo provider's problem too ;-)

Re:How to avoid SPEWS black-listings

[13013dobbs]

Not is there is no spam coming from it. :) I check to see if the customer is a spammer and if they are running a open relay. If they are a spammer, I tell them to fuck off. If they have an open relay, I fix it. If they are none of the above, I send them thru a colo.

Re:How to avoid SPEWS black-listings

[13013dobbs]

Disclaimer: I am not SPEWS. I don't know who SPEWS is. If I did, I'd buy them a beer.
Uh-huh.... Sure you aren't. ;)

Here is the problem. The customer gets his bandwidth from ISP A. ISP A has some spammers on a '/24'. My customer has a '/29' in that '/24'. My customer goes to the newsgroup to ask to be let out of SPEWS. Group members flame my customer to a crisp because he is supporting spammers when he pays his bill every month. My customer is told that he has to talk to his ISP about getting rid of spammers (which should be SPEWS job, IMHO) or move his network. My customer doesn't want to do either, so we route his mail thru the colo. Problem solved.

Re:How to avoid SPEWS black-listings

[Tackhead]

> I check to see if the customer is a spammer and if they are running a open relay. If they are a spammer, I tell them to fuck off. If they have an open relay, I fix it. If they are none of the above, I send them thru a colo.

Cool! (Frankly, I can't see how you'd get listed in the first place. I'm speaking primarily to the SPEWS issue, as that seems to be the "blacklist du jour", as opposed to the various open relay blocking services.)

(Yeah, I was exaggerating by implying I block the IP on the first spam. I usually don't block a /24 unless it looks like a dedicated spamming operation being hosted by a known non-responsive ISP. For dialup-through-relay spam, procmail is your friend. For my own mail, I still auto-forward-to-abuse and the FTC everything from certain ISP dialup ranges in Michigan and the Dallas-Ft. Worth area. I watch those recipes pretty quickly, and take the victim/accomplice ISPs as soon as the cockroach-in-question migrates to his next ISP.)

Re:How to avoid SPEWS black-listings

[13013dobbs]

I can't see how you'd get listed in the first place.Well, a customer gets his bandwidth from where ever. If that ISP has a spammer on it, SPEWS will list that entire /24 (or bigger) at the drop of a hat.

certain ISP dialup ranges in Michigan and the Dallas-Ft. Worth area.
Yeah. Alan Ralsky is a real choad-smoker, isn't he? I'll have to call Alan again and let him know he is a douche-nozzle.

Re:How to avoid SPEWS black-listings

[Tackhead]

> Uh-huh.... Sure you aren't. ;)

(Someday, I envision a huge "I'm Spartacus!" cascade...)

> My customer goes to the newsgroup to ask to be let out of SPEWS. Group members flame my customer to a crisp because he is supporting spammers when he pays his bill every month.

As for nanae posters flaming your customer to a crisp, well, that's USENET ;-)

Seriously, I do have a problem with that, even though I understand why it happens. The problem is that if you've read nanae long enough, you've seen every spammer lie in the book, and you're very skeptical.

I don't know a solution for that one. It's disturbing - like the cop who busts everyone for minor traffic offenses, because he believes everyone's lying to him. He's heard "I left my wallet at home!" and "Gee, my speedometer must be off!" and "I just noticed the headlight burned out when I left work!" thousands of times over his career, and the thought no longer crosses his mind that once in a while, it'll be the truth.

The nanae problem, in this sense, is that your customer (unlike the poor schmuck who did leave his wallet at home, but who probably realizes he's still toast :-) has no idea how burned-out most nanae denizens have become, and is (IMHO justly) surprised and pissed-off at the rough reception he gets when he tries to make good.

As my initial /. post shows, I'm also part of that problem (too cynical for my own good), which is why I maintain my blocklist on my own box, and only lurk on nanae. But having seen the arguments in nanae so many times, and realizing many /.ers aren't regular nanae readers and haven't read them, I figured I'd throw my two bits in here.

Re:How to avoid SPEWS black-listings

[13013dobbs]

I can understand getting burned out on excuses and all that. But, SPEWS might be doing the anti-spammers a big dis-favor by sending the innocent into nanae. My customer now feels that ALL anti-spammers are a bunch of jerks who just want to bully people around.

Re:How to avoid SPEWS black-listings

[Tackhead]

> I can understand getting burned out on excuses and all that. But, SPEWS might be doing the anti-spammers a big dis-favor by sending the innocent into nanae. My customer now feels that ALL anti-spammers are a bunch of jerks who just want to bully people around.

Yeah. I can't say I blame him :(

Suggested exercise for nanae readers: Watch the TV show "COPS". You'd be amazed at how patient they are (at least on camera :). The lesson to be drawn is to presume innocence, and flame to a crisp only after proof positive that the guy in question Isn't Getting It.

While I'm at it, I think the oft-repeated nanae "You're supporting spammers by staying with the blocked ISP" argument is silly. The customer has no intent to support spammers. Indeed, the customer probably doesn't even care if he/she supports his/her ISP! No customer (with the possible exception of Enron) ever purchased connectivity with the intent of supporting an ISP,

The "pizza delivery" analogy gets around this -- the pizza guy doesn't care where your rent money goes, he just doesn't wanna deal with what he has to step over in your front lawn. Big difference.

Speakin' of 'za, I'm out to get some. Don't interpret a lack of further replies as rudeness, I'm chowin' down. It's Slack(tm) to me.

Re:How to avoid SPEWS black-listings

[Paul+Wright]

Guess what? I'm not SPEWS either. None of us are. Move along now...

My customer is told that he has to talk to his ISP about getting rid of spammers (which should be SPEWS job, IMHO) or move his network.

It is believed that SPEWS sends complaints about the spam it receives, just as anyone else would. So the ISP is told about the spammers. They just don't know who is telling them. Think of SPEWS as the Egon Ronay guide to mailservers.

What SPEWS is not interested in doing is saying "hey, we're SPEWS, kick your spammer off". I surmise that they are doing this becuase an ISP ought to be listening to ordinary complaints, and because they have no wish to get sued.

Re:How to avoid SPEWS black-listings

[CaptainSuperBoy]

Your customer shouldn't take it personally. nanae has seen a thousand posters exactly like him, and they'll see a thousand more after he's gone. Someone shows up, never posted on Usenet before, and fills up a page or two ranting about blacklists taking away his business and restricting his free speech. If he read the FAQ before he posted, he'd know that the /24 gets banned since spam-friendly ISPs often shift their blackholed customers to different IPs. He'd know that the people to talk to are his ISP, not nanae. Instead, he's argumentative and pushy to people who have nothing to do with his problem. At best, he's clueless. At worst, he's a spammer himself.

These people come along, argue for a couple days, and vanish. nanae regulars will help you, if you're not a dick about it. But what's the use of being nice to someone who is pointing fingers all over the place, ranting and raving, and you know they'll never post again?

ORDB.org

[paranoidia]

ordb.org is a great site for this. They are very professional with both addition of servers, and subtraction of them. My mail server was an open relay for a time till I got an email from them saying that I was blacklisted. I quickly fixed the server, and submitted that my site be checked again, the next day I was taken off their lists, very easy. They run about 20 tests connecting to your server and sending e-mails for the most common way of sending spam. Also, as they say in their faq that they reload their lists every hour to get servers off it quickly. Well done!

Re:ORDB.org

[Skapare]

One of the things I want to know is why mail server admins let their servers be open relays in the first place. Is it because you became a mail server admin before you knew about open relaying? Or was it because you didn't really understand how your mailer software worked or was configured? Or was it because you inherited the machine from an idiot? Or was it because management didn't give you the time/resources to do the job right? Or was it because someone just didn't realize the impact of being blacklisted?

One problem I do see is lots of mail servers that are open relays from the very first day they go online. I can only suspect this is because the admin is a newbie and doesn't know about open relays or doesn't realize it can happen to him.

Another problem is that in a certain highly populous eastern Asian country, most servers are coming online with pirated copies of an older version of Microsoft Exchange, which not only is an open relay, but can't be made closed, either, even if the admin could read English. It seems in said country that piracy is the norm and virtually no one runs a legitimate copy.

Blacklist sites

[schon]

OK, you've fixed your mail relay(s)..

This is a good thing - and what every blacklist's ultimate goal is.

Speaking as a mail server admin, I'd be interested to know which lists are not removing you - so that I can make sure I'm not using them.

Seriously - letting people know about this is the best way to get what you want. If your site is not a relay, any blacklist maintainer is doing their users a disservice by listing you.

As a mail admin, I'd want to know.

Alternatively, you could do the American thing and threaten a lawsuit - most blacklist operators are immune from libel charges because they're just listing people who operate open relays (truth is defense against libel) - if you're not an open relay, then you've got a good case for libel: they're deliberately publishing false information to hurt your business.

Re:Blacklist sites

[chunkin]

schon said:
>This is a good thing - and what every blacklist's ultimate goal is.

>Speaking as a mail server admin, I'd be interested to know which lists are not removing you - so that I can make sure I'm not using them.

there is a point that i think has been missed (at least so far as i have read).

organized blacklists are overall MUCH easier to get off of, even the less rigorously maintained ones, than those run by admins who block on their own.

getting off of private blocklists is a gargantuan, perhaps even an impossible task. each individual private blacklist owner must be discovered, contacted and be convinced that the problem has been solved, before they will (if they ever do) unblock.

this is precisely why organized blacklists SHOULD be used...imho.

Re:Blacklist sites

if you're not an open relay, then you've got a good case for libel: they're deliberately publishing false information to hurt your business.

That sounds pretty weak. This is not just about open relays. This is also about spam havens, DNS providers for spammer's web sites, and web space providers. There are many blacklists that list blocks of IP space that are not open relays, do not claim that they are open relays, but do show emails from sysadmins responsible for them that show any reasonable person that the rogues have a screw loose and that you do not want your systems receiving anything from them.

If a blacklist says "Here's spam advertising URL's in X's space, here's some unaltered correspondence from X about it, and here's the IP space that X is responsible for", how is that libel?

In any event, Darwin's theory should hold true for blacklists: unreasonable blacklists will die off because they won't be used by reasonable sysadmins.

Re:Blacklist sites

[spt]

truth is defense against libel

If it is the truth then it isn't libel and no defense is necessary. A subtle distinction.

Re:Blacklist sites

[RedHat+Rocky]

I disagree that blacklists just list open relays. I keep an internal blacklist instead of using an public list, it's purpose is to list IPs that we DON'T accept email from. Sending me an email is not a right, it is something I allow or disallow. My receipt of SPAM is enough reason to me to decide I don't need email from the offending party, be they a user or a 16 block of an ISP. Now, in my case, the blacklisted party would get a bounce (assuming they're not being FRAUDULANT and using an invalid Reply-To!) informing them that their email is not welcome and a link to a web form that would allow them to plea their case.

In the case of the original poster, being an open relay would get you on my list, assuming I got SPAM, and I'd probably only remove you if there was some reason I wanted to get email from you. If you want off only because you MIGHT email me, forget it.

I'm hoping the "threaten to sue" was a joke, but in today's America it wouldn't suprise me if someone tried. No one has a Right to connect to my email server and send a message unless *I* grant that Right.

Re:Blacklist sites

[Skapare]

It seems what we need now is a ratings system for blacklists. I personally do want to only use those blacklists which operate professionally. The only time I can see justifying a delay in removal from a list is after the offending server goes back to being an open relay for the 3rd time or more.

I also do not want to be blocking whole ISPs just because the ISP hosts a spamhaus (or even a spam promoted web site), as long as the spamhaus itself can be listed and stay that way. OTOH, if the ISP lets them keep changing IP addresses, then by the 3rd time I'd be willing to have the whole ISP listed until the ISP gets a clue. But even that needs to be a separate blacklist zone so those who don't want these blocked at all won't have to (again, a "truth" issue, as this is saying "this is an ISP that not only hosts spammers, but aids them in evading being blocked as well").

Re:Blacklist sites

[Skapare]

I would agree an organized blacklist should be used in preference to private ones ... as soon as one that meets my needs can be found.

Those that are out there either block stuff I do not want blocked (and don't separate the zones to give me a choice), or are not very effective in doing quick blocking.

So I do block some on my own. But unless it is clearly a spamhaus (no point in ever trying to communicate with them), or a direct dialup/DSL pool (I block them by reverse-to-forward-verified domain name), I do send abuse@ the complaint with instructions to ask me to unblock. They don't even have to tell me they fixed the server the first time ... if they just ask to be removed, they get removed. They don't have to track me down because I sent them the report. Yet, the vast majority never ask.

Prevention is still the least costly route. Anyone running a mail server needs to prevent the problem from happening in the first place, or else pay the price.

And perhaps we need better blacklists.

Re:Blacklist sites

[WNight]

I agree about the overabundance of lawsuits, but here I think you misunderstood the intent of the post...

If someone lists you on their blackhole list claiming that you are running an open relay and refuses to change your status once you are not, you might have a libel case.

Not that people shouldn't be added to a "once ran an open relay" list that doesn't get blocked, but which gets added to the block list again more easily, or which people scan occasionally to check their compliance.

I don't know how well the lists are being run now, but a year or so ago there was a lot of scandal about list maintainers using them to unfairly hush their critics. In that case they aren't maintaining a list of people they don't accept email from, they're maintaining a list of people they claim have committed an offense worthy of being ignored. There's a subtle difference there. If they had said "I hold a grudge against these people for various reasons from having an open relay to having insulted my sister" then they would be in the clear.

Re:Blacklist sites

I disagree that blacklists just list open relays.

Sorry, I never meant to imply that blacklists ONLY list open relays (spamhauses, spamvertized websites etc are all candidates) - but the question that arose was quite specific: he had an open relay, and was blacklisted because of it. Now he's no longer an open relay, but is still blacklisted because of it.

And if he's not a spamhaus, and doesn't spamvertise through other ISP's, or whatever other criteria a list has for inclusion, then he doesn't deserve to be in the blacklist at all.

Sending me an email is not a right, it is something I allow or disallow.

Agreed. You should have control over your mail server - and that's exactly the point of my post: YOU should have control over it. If you decide to use someone else's blacklist, that's your choice - however when that blacklist starts lying to you about what they're blocking, you no longer have control; that was the point of my post.

being an open relay would get you on my list, assuming I got SPAM, and I'd probably only remove you if there was some reason I wanted to get email from you

Yes - (and besides being a different issue than what we're discussing) this is entirely within your rights. But minute you release the list to others, you need to make them aware of what your criteria is for inclusion in the list, so that they can make informed decisions.

I'm hoping the "threaten to sue" was a joke

It was 1/2 joke.

Re:Blacklist sites

[schon]

This is not just about open relays. This is also about spam havens, DNS providers for spammer's web sites, and web space providers.

No. THIS is about open relays.

The poster had an open relay, and got blacklisted because of it. Now that he's fixed his mailserver, he's still listed.

If he's not telling the whole story, and is operating out of a spam haven, or is spamvertising his website with another ISP, then that's another issue.

Re:Blacklist sites

[winnetou]

If he's not telling the whole story, and is operating out of a spam haven, or is spamvertising his website with another ISP, then that's another issue.

We already know the original poster didn't tell the whole story: (s)he withheld both the IP of the listed server and the name of the alleged unfair blocklist,

Re:Blacklist sites

Speaking as a mail server admin, I'd be interested to know which lists are not removing you - so that I can make sure I'm not using them.

My guess is that he either still has an open relay or that he hasn't requested retesting. I'm not aware of any public blacklist that lacks provision for removal.

Alternatively, you could do the American thing and threaten a lawsuit

Great. So now instead of being in one public list that he can get out of by closing his relay and requesting a retest, he's in thousands of private deny lists that he'll never get out of. To say nothing of the risk of a countersuit.

That's a self-solving problem (mostly)

[devphil]

Yep, that's the root of the problem: there are a number of for-free blacklists out there which are professionally managed. Those are the ones that should be used.

And as long as we publicly point out the blacklists that are being poorly run, people will stop using them, and switch to the good ones (like RBL, RSS, DUL, ORDB). The solution is not to ban or otherwise stop using blacklists, the solution is simply to (vocally) promote the ones which stay on top of the problem.

Re:That's a self-solving problem (mostly)

[Rick+the+Red]

Gee, devphil, you say:
The solution is not to ban or otherwise stop using blacklists, the solution is simply to (vocally) promote the ones which stay on top of the problem.

But your .sig says:
You cannot apply a technological solution to a sociological problem. (Edwards' Law)

Using SPAM blacklists is trying to apply a technological solution to a sociological problem, which your .sig proclaims won't work*. Either change your .sig or rethink your actions.

* And it doesn't: we still have SPAM despite the blacklists.

Re:That's a self-solving problem (mostly)

All blacklists are poorly run.

Re:That's a self-solving problem (mostly)

[TaliesinWI]

Agreed 100%. I'm the sysadmin for an ISP and I'm contracted out to two others. We use ORDB and ORBZ for our open-relay filtering. They're both very good about removing IPs from their list once its provable that the mail server in question is no longer an open relay. There are other lists that seem equally competent, but there are others that seem to be large-type assholes, in stereo (*cough* Dorkslayers *cough*). Before I started using any given list, I would go to the web page for that list. If it was a "we're an ISP with a spamtrap and we list everyone who tickles the spamtrap" I don't use them - I can do the same thing myself. If they're a "once you're on us good freaking luck getting off" I don't use them - they might block more spam but for every additional spam they block over the other guys, I'm going to have one or more pissed off E-mails/calls when someone fixes their server yet these guys won't remove them.

My users have seen probably a 75% or more decrease in spam since I started using open relay lists and spamhaus/spews/spamsites (which are actually the real blockers for some of the more annoying spams). I'd rather submit the other 25% to one of those lists and get them eventually blockes than deal with one of the other lists run by a maniac.

Re:That's a self-solving problem (mostly)

Using SPAM blacklists is trying to apply a technological solution to a sociological problem, which your .sig proclaims won't work*. Either change your .sig or rethink your actions.

Actually, using blacklists it an *extremely* sociological solution. It's a precise analogue to the practice of shunning. Repent and be not shunned. Really simple.

Re:That's a self-solving problem (mostly)

[Skapare]

However, RBL, RSS, and DUL, are not free. And they don't even seem to be interested in money from the little guy as they have refused to respond to any of my mail (and no, I was not using any blacklist that might have blocked them).

Re:That's a self-solving problem (mostly)

[AndroidCat]

Damn, the $cientology term for "shunning" of disconnection from a potential trouble source works.

That's not supposed to happen! :^)

Re:That's a self-solving problem (mostly)

[devphil]

When I say, "the solution is simply...," I'm not talking about the solution to spam. I'm talking about the solution to poorly-managed blacklists. And that solution (vocally promoting the good ones) is hardly technological.

The solution to spam is also quite simple: two bullets to the head of the marketing agent who did the spamming. That's not a technological solution either. :-)

Re:That's a self-solving problem (mostly)

[Rick+the+Red]

Repent and be not shunned.

If only it worked that way. That's rlsnyder's point: He repented but he's still shunned.

Shout out for SpamAssassin

[dietz]

I'd just like to give some props for SpamAssassin.

If you haven't heard of it, it's an elegant system that assigns a weight to each email message based on hundreds of different tests, and if the email scores over 5 (configurable), it is marked as spam.

One of the nice things about it that is it uses most of the email blacklists, but they're only worth ~2 points, so being in a blacklist alone isn't enough to kill a message. That's good for those blacklists that throw far too many people in that don't belong (osirusoft). It also uses razor, but that is only worth three points, so if someone is piping bugtraq to razor-report (that happened for a while) you won't lose all that email.

There's a really interesting set of tests (it's fun to read them) each with an obscure set of points including:
HTML with a non-white bgcolor (1.2)
Claims conformance to obscure spam law (1.0)
HTML mail with no text portion (3.33)
Various spam phrases (various points depending on how many "hits" there are)
Subject ends in an exclamation point (0.5)

The points have apparently been calculated using some program to give the best accuracy.

Anyway, SpamAssassin is the best of the spam removal programs I've seen. Give it a shot!

Re:Shout out for SpamAssassin

You should have a procmail rule to filter BuqTraq into it's own folder before SpamAssassin gets it. Since it's a moderated list, you won't get spam from it (unless people start forging BugTraq message headers). If you're using it at work, you should also have a rule so that any mail from your company's domain will bypass it.

Does SpamAssassin have a rule that will match all HTML mail, or allow you to define your own rules? I haven't figured out how yet, but I haven't looked very hard either.

Re:Shout out for SpamAssassin

If this works for spam, we could have a troll detector built in that automatically reduces points instead of prohibitory lameness filters

* ALL CAPS LOCK (or a lengthy substring of all caps)
* only one char per line
* a hard-link to offensive sites
* too short a message
* too soon a post
* an exact copy post
* subject title: fp

...

and have a list of criterions for auto-incrementing a score of a post

* (score:+1, insightful) for subjects with "!=" in it
* a post that is a copy of a page linked from the article
* post length > x chars
* CowBoyNeal

Feel free to add on...

Re:Shout out for SpamAssassin

>a hard-link to offensive sites

You wouldn't mean sites like goatse.cx would you? (Don't click that link)

BTW: I'd be filtered for mentioning this was bad if you were in charge. Fortunately, you aren't.

>post length > x chars

Yeah, just what we need, more page widening posts!

Re:Shout out for SpamAssassin

[Jonny+Ringo]

They should also add emails that start with

"Hi all, sorry for the spam..."

give that one a 5! :-)

Re:Shout out for SpamAssassin

[vadim_t]

Yeah, great. Now all trolls would have to do is to put all the incrementing stuff into a post, and then add a link to goatse or something else.

Re:Shout out for SpamAssassin

[smnolde]

I can personally vouch for Spamassassin as I just installed it this week on my FreeBSD system running exim.

Here's a nice sample log entry of what I see when an email is flagged as spam:
2002-02-15 14:07:17 From: tyu7@mail.com Subject: ***** SPAM ***** Add that extra room
X-Spam-Status: Yes, hits=13.2 required=5.0 tests=NO_REAL_NAME, MSGID_SPAMSIGN_1, FAKED_UNDISC_RECIPS, TO_MALFORMED, INVALID_MSGID, FREQ_SPAM_PHRASE, RCVD_IN_OSIRUSOFT_COM version=2.01 Sender: tyu7@mail.com

The highest hit count so far? 26.7 from a yahoo spam email.

It is so nice having Spamassassin on my mail server so that all users can choose what they want or not. Since Spamassassin only flags email as spam, it is up to the MUA how the email is disposed.

Re:Shout out for SpamAssassin

[Sarin]

the tests read the description of test, they are very funny.

Re:Shout out for SpamAssassin

That's good for those blacklists that throw far too many people in that don't belong (osirusoft).

Really? We've used it for months and it's not bounced anything of value (spam != value).

Using ORDB/ORBZ bounces only open relay stuff, much spam is from dedicated Spam Houses, if you don't bounce that crap, you're only doing half the job. Since we're too cheap to pay for the RBL, relays.osirusoft.com is the only current option - and it works well.

SpamAssassin does sound hot, I will look into it.

Re:Shout out for SpamAssassin

[Syberghost]

HTML mail with no text portion (3.33)

I bounce 100% of that, excepting the ones that have invalid headers proclaiming them to be text.

But only for me, not my users.

Here are the procmail rules I use:

:0
* ^X-Header-Type:.HTML
* !^X-Loop: MAILER-DAEMON@eivNOSPAM.com
| (formail -rk -i "From: MAILER-DAEMON@eivNOSPAM.com" -A "X-Loop: MAILER-DAEMON@eivNOSPAM.com"; echo "eiv.com does not accept html-only emails."; echo "Either include a text attachment, or remove us from your lists."; echo "This is an automated response, no human has seen or will see your message." ) | $SENDMAIL -t -oi

:0
* ^Content-Type:.text/html*
* !^X-Loop: MAILER-DAEMON@eivNOSPAM.com
| (formail -rk -i "From: MAILER-DAEMON@eivNOSPAM.com" -A "X-Loop: MAILER-DAEMON@eivNOSPAM.com"; echo "eiv.com does not accept html-only emails."; echo "Either include a text attachment, or remove us from your lists."; echo "This is an automated response, no human has seen or will see your message." ) | $SENDMAIL -t -oi

:0
* ^CONTENT-TYPE:.text/html*
* !^X-Loop: MAILER-DAEMON@eivNOSPAM.com
| (formail -rk -i "From: MAILER-DAEMON@eivNOSPAM.com" -A "X-Loop: MAILER-DAEMON@eivNOSPAM.com"; echo "eiv.com does not accept html-only emails."; echo "Either include a text attachment, or remove us from your lists."; echo "This is an automated response, no human has seen or will see your message." ) | $SENDMAIL -t -oi

and yes, I realize there's a better way to write them. I'm lazy. :-) I also spam-proofed an address in there, so remove "NOSPAM" when you edit this for your own use.

I used to have the rules include:

* !^FROM_DAEMON
* !^FROM_MAILER

but the spammers have figured out how to make their emails look like they meet these conditions, and spam was getting through. No legitimate MTA will be sending HTML-only error messages.

I do still see a percentage of it, when it bounces back as undeliverable due to the fake return addresses. But I can spot that without getting too far into it.

I run the risk of confirming my address, but anybody sending me legitimate HTML mail gets a proper chance to repent.

Re:Shout out for SpamAssassin

[mjh]

Does SpamAssassin. . . allow you to define your own rules? I haven't figured out how yet, but I haven't looked very hard either.

Yes it does. In $HOME/.spamassassin/user_prefs you can define rules. Here's an example of a rule that I've added to filter ICQ requests as spam:

header ICQ_REQUEST Subject =~ /^Please let me add you to my ICQ Contact List$/
describe ICQ_REQUEST Subject contains request for ICQ
score ICQ_REQUEST 10.00

Check here for instructions on how to specify rules.

Yes and no

[Grax]

Being added to a blacklist without being informed of it is wrong. I was added to a blacklist due to an oversight in my mail config. We were not generally an open relay but in specific instances we were.

Any time that happens an email should be sent to postmaster@(reverse dns of mail server IP address) to inform them of the action being taken and the specifics of their openness. Just "you are running an open relay" is insufficient.

Also the ability to quickly remove the address from the blacklist when the other mail admin repairs the problem is important.

I don't particularly like blacklists but something must be done to discourage open relays and for now they are the only option.

Re:Yes and no

[spottedkangaroo]

http://www.ordb.org/lookup/rbls/
http://www.ordb.org/lookup

I don't see why it's wrong at all. All they do is publish information... they remove you quite quickly if you goof up...

It's a simple matter. Just check the thing after a reconfig.

Personally, I actually check that every time I reconfigure... Your loss I guess.

Re:Yes and no

[zoydoid]

wake up people. the spammers USE the blacklists to
FIND open-relays to exploit.

Re:Yes and no

[Grax]

Mail admins don't necessarily know of that links existence. Since they know they added you to the blacklist the least they could do is inform you of the existence of the blacklist, the location to visit for more information, and the fact that you have been added.

It's like spreading a rumour behind the mail admins back that he has an open relay or his fly is unzipped or her slip is showing without bothering to tell the admin. It doesn't do anything to alleviate the problem.

The objective, as I see it, is to get rid of open relays. Not to make sure they're all on a list somewhere.
And the only way to do that is to inform the mail admins so they can fix it.

Re:Yes and no

Being added to a blacklist without being informed of it is wrong.

I think you're mis-assigning the responsibility. I use a form of blacklist (really just a sleezeball filter) to block annoying ads. If someone serves an annoying ad to me, they go on the list so that I don't have to look at their crap anymore. Why should I also have to spend a minute emailing them that I did it? They already wasted enough of my time. It's their responsibility to not be annoying, or face the consequences.

Imagine that you're on a bus and some asshole is shouting obscenities. And imagine that, due to an amazing mental power, all you have to do, is decide not to hear him anymore, and then -- *poof* -- you magically just don't hear him anymore. Do you just quietly use your mental power to tune him out, or do you explain to the asshole first, "I am sick of your crap so I am going to stop listening to you." I would do the former, because the asshole isn't worth any consideration, effort, or risk of confrontation. It's his problem now, not mine. Too bad.

Re:Yes and no

[Grax]

ordb.org does not give out a list that can be exploited. Each mail received is looked up via ordb to determine if it should be blocked.

Re:Yes and no

[Grax]

Now suppose that, due to an amazing mental power, you have ability to tell him to shut up and he will do it. Wouldn't it be the decent thing to do, especially for the other people on the bus, to tell him to shut up?
Or do you sit there claiming you wish he was gone while impotently ignoring him and leaving him blissfully unaware he was even shouting obscenities?

Re:Yes and no

[DavidTC]

And this is bad how?

I still won't get spam from the open relays. Passing around lists of open relays is like passing around security holes. Sure, evil people will be able to exploit stupid people, but it allows smart people to protect themselves. As someone would eventually figure out it's an open relay (or a security hole) later on, the list just evens the playing field, where everyone finds it out at once.

As time goes on, all the stupid people will Darwin themselves off of the internet as their bandwidth costs skyrocket and their connectivity plummets. And I still won't be getting spam relayed from them as they fail due to their own crapulence.

Easier solution

[LordNimon]

Wouldn't it just be a lot simple if the mail servers, when they receive a connection from an smtp server to deliver mail, make another connection back to the smtp server on port 25. If the connection can be made, then it means that it's an open port, and therefore the mail is rejected? Wouldn't this be a sort of "dynamic blacklist"? That way, mail from an open port is never accepted.

Re:Easier solution

So you only want mail from people you can't reply to?

I can see why this posting is Score 2

Re:Easier solution

[Shiny+Metal+S.]

Wouldn't it just be a lot simple if the mail servers, when they receive a connection from an smtp server to deliver mail, make another connection back to the smtp server on port 25. If the connection can be made, then it means that it's an open port, and therefore the mail is rejected?

It means that the port is open (you can't have smtp server with smtp port closed), but it doesn't mean that it's an open relay. You'd have to make an smtp transaction.

Re:Easier solution

[LordNimon]

Huh? I'm confused. I was trying to come up with a way of automatically rejecting mail from open servers.

Re:Easier solution

[13013dobbs]

Um. That would list all mail servers, sparky. :) I think you are trying to say that your mail server should perform an open relay test on any IP that is connecting to your mail server. This would work but, it will be quite a performance hit on your mail-server (doing that kind of check is gonna take a lot of time) and you won't catch the open proxies or web-forms that spammers are starting to abuse.

Re:Easier solution

[Tyrall]

You don't seem to understand how SMTP works. I would hope that the server connecting to me was listening on port 25, as that indicates it is an SMTP server itself.

If it's NOT listening on port 25, I'd be more likely to ignore it than if it were, as that might indicate a spammer sending mail direct-to-server.

Open and secure relays would both respond to port 25 connections. Correctly secured relays would reject any message you tried to send through their mail server to another destination, whilst still accepting mail for local users (if it's not just an outgoing relay).

It's possible to connect to the mail server for the address supplied and verify that the user exists, but in most cases, due to server configuration, that would require actually sending a message (thus putting you at risk of getting into a bizarre authentication loop).

It would also seriously add to the overhead of sending a message, something larger sites would not be able to cope with.

Re:Easier solution

[dsouth]

If your message means what I think it does, the answer is no.

An open SMTP port is an entirely different thing from an open mail relay. The first means that a host will (probably) be able to recieve mail. The second means that the host will recieve mail and then send it off to another host. The mechanism you are proposing would prevent your host from receving mail from any host that could also recieve mail without discriminating between open relays and correctly configured mail servers.

The sendmail homepage has more info on how SMTP functions as well as how to block relay.

Re:Easier solution

[LordNimon]

Um. That would list all mail servers, sparky. :) I think you are trying to say that your mail server should perform an open relay test on any IP that is connecting to your mail server.

Yes, that's exactly what I'm trying to say.

This would work but, it will be quite a performance hit on your mail-server (doing that kind of check is gonna take a lot of time) and you won't catch the open proxies or web-forms that spammers are starting to abuse.

Well, considering how little email I get in a day, I don't see how it could be a real problem. Plus, it could cache entries that have passed the test, so that email from mailing lists would only be tested once (per day/week/whatever).

And it should catch web forms, also, because web forms are just front-ends to smtp servers, aren't they?

Hmmm... I wonder if it's possible to write a script that scans the header of every email that arrives, does an open relay test on the sending IP, and if it fails, discard the email?

What's an open proxy?

Re:Easier solution

[LordNimon]

Open and secure relays would both respond to port 25 connections. Correctly secured relays would reject any message you tried to send through their mail server to another destination, whilst still accepting mail for local users (if it's not just an outgoing relay).

Ah, I get it now. Thanks.

It's possible to connect to the mail server for the address supplied and verify that the user exists, but in most cases, due to server configuration, that would require actually sending a message (thus putting you at risk of getting into a bizarre authentication loop).

Wouldn't it possible to initiate an SMTP transaction and then abort that transaction just before the email was actually sent, while still verifying that email could be sent?

It would also seriously add to the overhead of sending a message, something larger sites would not be able to cope with.

Well, yeah, but as a mail filter for your email client, it should work pretty well. Test each email as you receive it. No?

Re:Easier solution

[13013dobbs]

Well, considering how little email I get in a day, I don't see how it could be a real problem. Plus, it could cache entries that have passed the test, so that email from mailing lists would
only be tested once (per day/week/whatever).
For people running mail servers for personal use, it would not be a problem. But, if you had several thousand users, there would be a delay.

And it should catch web forms, also, because web forms are just front-ends to smtp servers, aren't they?
The script that spammers abuse the most is 'formmail.pl'. Check and see how that script delivers it's mail and you will have your answer.

Hmmm... I wonder if it's possible to write a script that scans the header of every email that arrives, does an open relay test on the sending IP, and if it fails, discard the email?
You should not need to scan headers. Just get the connecting IP from your logs. Just send out some '220-' lines and it will keep the connecting server holding while you find out if it is an open relay.

What's an open proxy?
These are proxies that spammers will use to redirect traffic to where ever they want to go. They are called HTTP Connect Proxies. Exploiting these is as simple as:

aeolus:telnet 198.xxx.xxx.x 80

Trying 198.xxx.xxx.x...

Connected to echspc4.xxxxxx.xxxxx.xxx.us (198.xxx.xxx.x).
Escape character is '^]'.
CONNECT 208.146.xxx.xx:25 HTTP/1.0

HTTP/1.0 200 Connection established

220 bass.sport_fish ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2650.21) ready

now, just spam like mad

Re:Easier solution

[curunir]

Hmmm... I wonder if it's possible to write a script that scans the header of every email that arrives, does an open relay test on the sending IP, and if it fails, discard the email?

You'll want to be careful doing this as the actions that your script is taking will look suspiciously similar to someone trying to send SPAM. You don't want to get blacklisted yourself.

Re:Easier solution

You numb fuck. It takes more to be an open relay than to be listening on port 25, the majority of mailservers out there will meet that criteria. That's the problem with the /. crowd nowadays, too many fucking know nothing kids who think they know it all.

Re:Easier solution

[funky+womble]

Wouldn't it possible to initiate an SMTP transaction and then abort that transaction just before the email was actually sent, while still verifying that email could be sent?

You can't verify whether an email would be sent without sitting and waiting to see if it is actually sent. Given that you might be trying to test a server which is open relay and being abused by spammers, you might have to wait quite some time for that message to actually get delivered. Some mail servers reject unauthorised relaying at the SMTP port. Others bounce the mail. Others just drop the mail.

Also, by starting and aborting the connection, on some fairly common configurations you would cause noise to the sysadmin/postmaster (either in logs or by email - some mail server software goes out of its way to log errors in the SMTP transaction, which can be quite helpful if people are having problems sending mail).

Re:Easier solution

[Phork]

you very much can have an smtp server that does not listen on a tcp port, but it can only be used for outgoing mail. Many people use this configuration with sendmail so they can send mail directly from there workstation, but recive mail on another system. Sendmail is just invoked from the command line, so it doesnt need to listen on a tcp port.

Re:Easier solution

[Shiny+Metal+S.]

you very much can have an smtp server that does not listen on a tcp port, but it can only be used for outgoing mail. Many people use this configuration with sendmail so they can send mail directly from there workstation, but recive mail on another system. Sendmail is just invoked from the command line, so it doesnt need to listen on a tcp port.

Yes, I know (I've configured quite a few workstations that way), but I consider such configuration an smtp client, rather than smtp server. Sendmail/Exim/etc. are clients in smtp transactions here, and can't act like a server (from the network standpoint).

What I was saying about is that, while you of course can eliminate open relays by denying access from every host with open smtp port, you will also eliminate that way, every host which can get mail, not only those who can get mail from everyone and send it to anyone, i.e. you deny access from every public smtp server. It's like eliminating misconfigured web servers by denying access from every host with port 80 open.

Re:No. Deal with it.

[spencerogden]

What if it used to be a crack house, but the neighborhood cleaned up and was safe?

is as easy as...

[Hooya]

since you are "ready to do my pennance.", all you need to do is bring up another host with a different name. as much as you can come up with analogies, so can i. one is: if you're a child molestor you're labeled for life. notin' you can do 'bout it.

Re:is as easy as...

[leviramsey]

if you're a child molestor you're labeled for life. notin' you can do 'bout it.

Yeah, and spam is as serious as child molestation....

Re:is as easy as...

[Hooya]

well, at work, i used to get all kinds of porn spam. so when i opened my email if a coworker walked by, they'd think i was surfing the internet for porn in the office since the email were in html with all kinds of porn pictures in them. i couldn't explain all that to every passerby.. so i had to be on a lookout for coworkers while i was checking my mail. so yeah, spam is as serious as child molestation. i could be sued if some female coworker walked by and i happened to open up my email that contained aforementioned spam. just today my boss showed me email that offered him 'barn babes'. he had to shut his door to show me those email and to ask me what he could do to stop them. i don't know about you but that's pretty serious. so any fucking open relays need their balls strung from a rope in the middle of a freakin rhino stampede. thank you -- goodnight.

Re:is as easy as...

[Flower]

Oh come on. If it's that bad then learn how to configure your client so you don't get the "pretty pictures."

As to what to tell your boss, tell him to look into getting some software that can do content filtering as the mail comes in. Where I work all incoming mail is virus checked then goes through the content filters before being delivered. We have a spam account where offensive mail can be forwarded and an admin then goes over it and updates the filters. If that isn't enough for people, they can call the helpdesk and get instructions on how to create a rule in Outlook to send the crap into the trash.

Comparing an open relay to child molestation is extreme and even more offensive than your boss' 'barn babes' issue. What is a greater pity is you seem possessed of a great deal of creativity (rhino stampede indeed) but are incapable of channeling it towards finding a solution to the threat of a "possible lawsuit."

Re:is as easy as...

[DavidTC]

Who the hell lets random people send them email with pictures in it?

When you set up a mail server...

[Shiny+Metal+S.]

When you set up a mail server, never EVER write:
host_accept_relay = localhost:192.168.1.0/2
when what you want is
host_accept_relay = localhost:192.168.1.0/30
It took me ten long hours to figure out that I allowed 1/4 of the whole Earth to use my relay, when I wanted 4 computers on a private network. And it was probably the worst 1/4 of the Earth, every C-class network... It was a long day which I will never forget. In this ten hours I read more about smtp than ever before... So remember kids, don't do this at home!

Re:When you set up a mail server...

[Sloppy]

Ha! That's a good one.

I know the "slash" notation is something people can learn, but the good old fashioned "netmask" notation is so much more unambiguous. Anyone can make the mistake you made, but no one would ever accidently say 192.0.0.0 when they meant 255.255.255.252, or wait, is it 255.255.255.63? D'oh! See? Even I don't know what /2 means, off the top of my head./p>

Re:When you set up a mail server...

[Shiny+Metal+S.]

I actually wrote literally all of the hosts ip numbers,

host_accept_relay = 127.0.0.1:192.168.1.1:192.168.1.2:192.168.1.3

Yes, after those ten hours I wasn't sure if I understand what "localhost" means, so I wrote 127.0.0.1 which seemed to be the only safe notation at that time. And those ten hours, was a constant fight. Of course I didn't know I have an open relay until the spammers attacked. I was manually killing smtp servers and removing messages from the queue with something like

killall -KILL exim; for m in `exim -bp | perl -ne 'print "$1\n" if /\b(\w{6}-\w{6}-\w{2})\b/'`; do exim -Mrm $m; done

whenever I noticed, that they were back, in my xterm with

tail -f /var/log/exim/mainlog | perl -ne 'print"\a$_"'

unplugging the network cables etc., while reading the exim docs, smtp specification, faqs, howtos, rfcs, everything, and wondering "what the hell can be wrong?". Believe me, something like this can quickly drive you insane. When I found out what was wrong, I shouted quite loudly "Ale ja jestem glupi!" (which in Polish means "How stupid am I!" or something like that) and after a while of silence wondering if anyone heard it (I usually don't shout alone so it's pretty embarrassing feeling, you know), I just changed the config to every host written as literal ip address.

Eventually, after few days of comparing slash notation definitions from many independant sources, I wrote it as 192.168.1.0/30. But I still keep those comments in my /etc/exim.conf:

# ZLA MASKA:
#host_accept_relay = localhost:192.168.1.0/2 # ZLE!

# dobra maska:
#host_accept_relay = localhost:192.168.1.0/30

(zla maska means bad mask in Polish, and dobra maska means good mask)

This is a frightening story of a hard and deadly fight of human versus his eternal enemy, his own stupidity. 100% of adrenaline. This is exactly what kids are talking about when they say: "Mommy, I wanna be a sysadmin when I grow up."

Re:When you set up a mail server...

the good old fashioned "netmask" notation is so much more unambiguous

Huh? How is "These are the number of 1's in the netmask" ambiguous?

Sorry, if you can't figure out simple slash notation then you don't belong configuring ANY internet device.

Re:When you set up a mail server...

With a netmask it's obvious which bits are host and network. With a.b.c.d/n notation you have to stop and remember they're counting from the wrong end, so that a /8 is a much bigger network than a /24.

Is there even a real name and RFC for a.b.c.d/n notation? I thought it was introduced with CIDR but RFC 1519 et al use netmasks.

Re:When you set up a mail server...

[DavidTC]

I hate netmasks, because I can never figure out how to do non-even-octal ones, like /26.

Look at that, I can't even figure out the example. I have to go and write the friggin number down and convert it to decimal.

11000000, so...

I mean, that should be .128+.64, right? So...255.255.255.196. Is that right?

And what happens if you get it wrong and do 255.255.255.198? That's 11000010, so have fun trying to figure out why .5 and .6 go to one network, and .7 and .8 go to another, and .9 and .10 go back to the first, etc... ;)

To repeat: I hate netmasks. :) Give me /26 any day.

Re:When you set up a mail server...

With a netmask it's obvious which bits are host and network. With a.b.c.d/n notation you have to stop and remember they're counting from the wrong end

If you know what you're doing, you don't have to "stop and remember" anything. And you're not "counting from the wrong end" slash notation is simply "number of ONEs in the netmask." VERY SIMPLE

I reiterate. If you don't understand slash notation, you don't belong configuring a network device.

Re:When you set up a mail server...

slash notation is simply "number of ONEs in the netmask."

The size of a network is the number of zeroes in the netmask, because that rises with the number of hosts it can accomodate. Counting ones is completely counter-intuitive.

you don't have to "stop and remember" anything

That depends entirely on how many times a year you have to grapple with this particular design error.

Re:When you set up a mail server...

That's completely opposite of how the mask was created. The 1's tell you how many people are filtered out hence "mask".

Indeed, no one owns the internet mail system

[JohanV]

And since nobody owns it, individual administrators/companies get to handle it the way they want. Without anybody being able to claim he has a God given right to deliver email to their systems (or even route it through them).

It is not the choice of blacklist maintainers to block you. It is the choice of a mail admin who is fed up with spam to try to block open relays. For that, he informs himself at a blacklist maintainer, but he still makes the decision himself. And currently, the credibility of that information apparently is high enough to warrant him blocking your access.

Personally, I wouldn't use a blacklist that doesn't have a good mechanism for administrators to get themselves of that list. But again, that is my choice. Somebody else may chooce to disallow you access to his system, because it is HIS system.

Re:Indeed, no one owns the internet mail system

[leviramsey]

It is the choice of a mail admin who is fed up with spam to try to block open relays. For that, he informs himself at a blacklist maintainer, but he still makes the decision himself.

He may make the initial decision. But since I have yet to meet a DB that opened the list for examination. There has to be someway of ascertaining the list, without DOS'ing the DB's website (sending 2^32 queries to their server is probably something that is not appreciated by anyone).

And how would anybody find out how much of the baby is being thrown out with the bathwater?

Re:Indeed, no one owns the internet mail system

[djmurdoch]

There has to be someway of ascertaining the list, without DOS'ing the DB's website (sending 2^32 queries to their server is probably something that is not appreciated by anyone).

Why would you want to know every entry in a blackhole list? You want to know if you're in it, and all the reputable ones make it very easy to figure that out. I can only think of one reason why someone would want a complete list of all open relays on the net, and that's so they could abuse them.

Re:Indeed, no one owns the internet mail system

> But since I have yet to meet a DB that opened the list for examination.

That's because the lists don't want to become a spammers' haven for finding masses of open relays.

even more extreme

These days if you want to screw up somebody, you just find some open relays and send some junk mails saing to visit his domain. It doesn't take too much to convince its ISP to shut its domain down even if there is no evidence that he was the person that sent the spam.
And that is because the spammers are so agresive these days, people does not distinguish them anymore from inocent guys.

Protecting my server, thank you very much

[alansz]

DNS-based blacklists are not your problem. There are no more than a dozen that are really widely used (some orbs spinoffs like http://www.ordb.org and http://www.orbz.org, the MAPS ones if you're willing to pay (or can get a hobby contract) at http://www.mail-abuse.org, and the collection at http://relays.osirusoft.com that includes open relays, spamhaus, and SPEWS. All of these systems have clearly-published listing policies and are actively maintained and if you're blocked by one of them, you'll likely get out sooner or later once you're clean. (In some cases, you can have them automatically retest you). Plenty of mail admins find that using the information on these sites to protect their mail servers from spam is highly effective.

Your problem is twofold. First, while you've cleaned up your open relay, plenty of spammers and spam-friendly hosts make the same claim and lie (Rule #1: Spammers lie). So you may have to be patient.

More importantly, your server ip may now be sitting in hundreds of private blacklists of mail servers whose admins don't like to use the centralized lists, and just reject/blackhole spammers on their own. It is the presence of well-trusted centralized blacklist services that gives you even the hope of ever having decent communication, because without them, you'd get into a thousand tiny blacklists and never get out.

(P.S. Note that if you're checking your status using the rblcheck tool at http://relays.osirusoft.com, it will tell you about a lot of blacklists that are not intended to be publicly used and not part of the usual osirusoft dnsbl, as well...)

Re:No. Deal with it.

Crack house? A bit harsh considering the guy simply had an open relay which he then fixed.

You really think this is a valid analogy? Go spend a night in one, then go back to our cushy world of sysadmin stuff.

Didn't think so.

I'm betting he was asked to install a server - prolly a turnkey type - did so, and watched it chug along for a good long time before someone found out it was open and started using it.

More like finding a crackhead in your garage, eh?

Gee, ya think maybe he missed the giant neon sticker that came with the mailserver manual that said "your box is an open relay by default. fix that. tag - you're it!" Oh, right - that's because there is no such sticker.

If they maintain the lists, they should *maintain* them, not just treat them like a brick wall and simply pile up the addresses and leave it at that. My experience with orbz is that they don't pay attention to the people in the middle - I've been there.

Just takes a little bit of hard work, and this guy's apparently willing to do his part.

Lighten up and tackle the appropriate problem.

--Jake

Black lists probably work

[jumpingfred]

The real question is did you only close down the open relay because of the black list? If that is the case then the black list did the job.

Re:Black lists probably work

[DahGhostfacedFiddlah]

But if you're not taken off the list afterwards, then there's no reason not to run an open relay - you're already screwed - and so is everyone else who may be saddled with your IP address at a later date. Part one is fixing the problem - part two is revoking the punishment.

Re:Black lists probably work

[tymesf]

If you feel that way, that's fine. You have no hope of contact with anyone who uses blacklists as long as you maintain the open relay. It's your loss, not ours. You can only lose, and we can only win. You simply get to choose whether or not you lose long-term.

I don't see the problem

If it was painless for a site to become an open relay and then they could just stop and say "I'll play nice now, take me off the blacklist" there would be no real penality at all for running an open relay and even more spam than there already is. Sounds to me like the system is working. When you finally get things cleared up you will be more careful and other sites might learn not to run an open realy from your experience, rather than learn there are no real consequences.

My take on all this

[amuro98]

My ISP won't subscribe to any lists, nor will they do any blocking of any email. Fortunatly, they don't have a problem with me setting up my own filters with procmail...

Some blacklists, I agree, are just overly sensitive. My ISP got mailed about being listed due to a resolved incident *6 months old* regarding the formail.* exploit. The list's webpage basically said "we might delist you, maybe not, you've already shown yourself to be a poor admin once, why should we give you another chance."

Sites/lists like that tarnish the whole anti-spam movement in my opinion. (and, IMHO, those who would use such a list probably isn't worth talking to anyways...)

I do like lists like SPEWS and MAPS-RBL since they're designed to get people to STOP providing spam services, albeit through negative re-enforcement.

As for the whole idea of shared lists, better to be put onto a list like MAPS or SPEWS, than to end up on 100s (or 1000s) of private lists maintained by admins around the world. Unlike the larger lists, an independent admin isn't likely to remember that he's started blocking an IP range after he stop seeing spam from it.

As it stands, I very much doubt large chunks of Asia will ever be allowed to send email to The West ever again, unless they get new IP#s and change their TLD... For instance, it's going to take an awful lot of convincing before I'll start accepting packets from *.cn again...

RBL can be useful...

[dtdns]

I agree that some BL's are not properly managed. The old ORBS system was a perfect example of this. They would add you if you were an open relay, but getting OUT of the database was pretty much impossible if the guy that ran it didn't like you or your attitude toward his "service".

One of my mail servers ended up on ORBZ as well as ORDB because I had made a mistake in the configuration, and I corrected it and was promptly removed after submitting a re-test request.

I now employ the use of RBL on my own servers, but I will only use those services which will remove "fixed" servers using an automated testing system that works properly. ORDB, ORBZ and Osirisoft's RBL's tend to be the best AFAIK. I have found that by using these systems, the level of SPAM that my users and I receive has dropped to a point where it's not entirely annoying or time-consuming to deal with it anymore.

One RBL that I stay away from using is the one operated by SpamCop (bl.spamcop.com). It's a great idea, but it ends up blocking out too much "real" e-mail as well, esp from the larger ISP's like Comcast, etc.

Re:RBL can be useful...

[Skapare]

One of my mail servers ended up on ORBZ as well as ORDB because I had made a mistake in the configuration, and I corrected it and was promptly removed after submitting a re-test request.

Did you learn from that experience to test your mail server after making configuration changes? I don't know if ORDB, ORBZ, and others track servers that get added back to the list repeatedly. But at some point (about 3 or 4), I'd want to start extending the time after being tested as clean, like maybe an additional week for every time above 3 that the server has been listed in the past 180 days). Surely you would no longer allow your mail server get go back to being an open relay. But some people it seems just don't really care, especially if they know where to go get delisted quickly.

The public blacklists aren't all...

[Jay+Maynard]

Be thankful there are public blacklists. Even the ones that aren't maintained - if, indeed, there are any, as opposed to ones that are maintained by people whose standards for removal are tight - are comparatively easy to get out of, and you know which ones they are.

You should be worrying about the private blacklists, like the one I maintain for my host. When I get spam, I drop that host in the blacklist, and they never, ever, ever get out. Multiply my system by thousands.

Spam is destroying the usefulness of email. People are being forced to take extreme measures to fight it. Don't like those measures? Don't spam, and don't run an open relay, and don't help spammers, in the first place.

Re:The public blacklists aren't all...

[ahde]

ooh, scary! I'm sure I'll be cut off from a sizeable subsystem of the .cx domain.

Open relays aren't the problem. Without them, you're stuck with webmail and large ISPs. Some joker with a DSL or Cable modem (his or somebody else's) sends more than any open relay. Most of your spam is your ISP's fault directly -- either through bad security or bad configuration or willfull participation. *cough*AOL*Hotmail*cough

Re:The public blacklists aren't all...

[Jay+Maynard]

Every sentence of this message is wrong.

ooh, scary! I'm sure I'll be cut off from a sizeable subsystem of the .cx domain.

You didn't read my message, did you? My system is a small one, true. Multiply my system by the thousands of others whose administrators maintain private blacklists - and, I assure you, not all of them are small - and you're talking about a significant chunk of the net.

Open relays aren't the problem. Without them, you're stuck with webmail and large ISPs.

Wrong. People can send email from their own systems - as I do - or through their ISP's outgoing email server. That is *not* an open relay, since (if it's properly configured) only relays messages from that ISP's customers.

Some joker with a DSL or Cable modem (his or somebody else's) sends more than any open relay.

Those jokers send their spam through open relays, in an attempt to evade other blacklists. You even note this yourself, though you don't appear to understand it: what, exactly, do you think someone sending mail through someone else's DSL or cable modem is doing if not abusing an open relay?

Most of your spam is your ISP's fault directly -- either through bad security or bad configuration or willfull participation. *cough*AOL*Hotmail*cough

I run my own email server. My ISP has nothing to do with it.

So much talking, so many errors. The fact is that, by eliminating open relays, a significant amount of spam is thrown out. If we didn't have open relays, we'd be much further along in the war on spam.

Re:The public blacklists aren't all...

Ditto. I've maintained a private blacklist for my company's email server for the last two years, which requires constant updating as spammers find new holes through which to send their junk mail.

One thing that has always worried me is whether any of the changes I make (two or three dozen new IP blocks added each week) end up blocking legitimate mail. Once in a while I get a call from another employee or a customer who complains that his email isn't getting through, so I can fix it right away, but what if a potential customer can't get through and doesn't bother to call us?

Re:The public blacklists aren't all...

Multiply my system by the thousands of others whose administrators maintain private blacklists - and, I assure you, not all of them are small - and you're talking about a significant chunk of the net.

As significant as the number of Linux users on the net? Heheh. How many people who have an email account also run their own SMTP server? The number is infinitesimally small.

The fact is that, by eliminating open relays, a significant amount of spam is thrown out. If we didn't have open relays, we'd be much further along in the war on spam.

And by simply blocking them forever, you're doing exactly what to help eliminate them?

Re:The public blacklists aren't all...

[ahde]

Every sentence of this message is wrong.

Every sentence of this message is wrong.

See above, below

You didn't read my message, did you? My system is a small one, true. Multiply my system by the thousands of others whose administrators maintain private blacklists - and, I assure you, not all of them are small - and you're talking about a significant chunk of the net.

You didn't read your original message, did you? So there are a thousand end users who use their own mail server that dead ends into their living room from their local ISP. Not much mail gets routed through them. Yes there are ISPs, and some of them large, that use their own (or other) blackhole lists. But that's not what you were talking about.

Wrong. People can send email from their own systems - as I do - or through their ISP's outgoing email server. That is *not* an open relay, since (if it's properly configured) only relays messages from that ISP's customers.

Wrong. You can send email through your own system (as I do) -- you are in a very small minority. And you can only send email piggybacked on the relays of larger networks (like your ISP.) I said, "Open relays are not the problem", in one sense, that is an exagerration, and should be read ,"Open relays are not the biggest problem," but in another sense it is completely accurate the same way saying, "Guns are not the problem, it is the people who misuse them."

Those jokers send their spam through open relays, in an attempt to evade other blacklists. You even note this yourself, though you don't appear to understand it: what, exactly, do you think someone sending mail through someone else's DSL or cable modem is doing if not abusing an open relay?

Yes, they do. Some of them. It's hard to turn down a big chunk of free, anonymous bandwidth. But its easier these days to call up the telco and get your own access on the cheap, and the risk is smaller. Just be sure to use the name "Herbert Spammerton" only once. And try to blackhole all of Verizon, I dare you.

I run my own email server. My ISP has nothing to do with it.

Who are you peered with?

So much talking, so many errors. The fact is that, by eliminating open relays, a significant amount of spam is thrown out. If we didn't have open relays, we'd be much further along in the war on spam.

I was only trying to bring up a counter point, sorry if my original response came across wrong. But you deserve this one.

Open relays are not the problem. Only as much as "bars" are the problem that causes car accidents. It isn't the only problem, maybe not even the largest. While it is a big problem, if you take it away, *the* problem would not go away. I'm not saying you shouldn't treat the symptoms, but you can't ignore the cause.

Relevant to the case at hand, I had to open relaying (only to my local network and work IPs) so that I could use my personal mail server from my home workstation, and from the office. I'm facing the problem of having several friends around the country who would like to use my home mail server -- and I'd like to when I travel. How you you propose doing that without selective open relay? Its already growing into a difficult task to maintain, and it's inconvenient to download putty everytime I travel so I can ssh home. By then, its easier to just read it instead of setting up a temporary mail folder on whoever's computer I'm at. I might as well telnet to port 110 -- which is what I usually end up doing now.

one thing

[Joe+the+Lesser]

I think as an internet community we must be firm with spam, and therefore I can totally understand the blacklist view. Not even contemporary 'spaminators' stop all spam, and although it's just a little extra email, I think most people would agree it's one of the worst aspects of cyberlife.

Going to get far worse before it gets better.

[Thagg]

rlsnyder asks Has SPAM really decreased universally thanks to these lists? Well, it is hard to say. Spam has increased monotonically since its inception, and it continues to grow. It is possible that blacklists have helped lower the rate of growth.

What blacklists really do is get the attention of sysadmins, and get them to take the problem seriously. I, like rlsnyder, was victimized in the same way -- our mail server was an open relay, we forwarded some spam, and got blacklisted. It took me a week or so to get it straightened out, and in the process I learned quite a bit about the UCE problem. rlsnyder similarly has been enriched by the experience, whether he agrees to that at this point or not.

One always has the option of sending mail from one of the many free mail systems. If your mail is blocked while your case is being reviewed, then send it from hotmail or someplace like that. That's what we did. In took about a week for the last of the spam reporting services to delist our site, and while it was inconvenient, it wasn't devastating. It won't be for rlsnyder, either, I trust.

The big problem is that there is nothing to stop the spammers. People who relay mail through unsuspecting companies are already criminals, they will not be dissuaded by laws. The only thing that the anti-spam community can do is to try to put a finger in all 2^32 holes in the dike, and the only way to do that is to educate people. The blacklists are that education program

thad

Re:Going to get far worse before it gets better.

[KshGoddess]

Apologies in advance; I'm in a twisted mood. It's Friday.

rlsnyder asks Has SPAM really decreased universally thanks to these lists? Well, it is hard to say. Spam has increased monotonically since its inception, and it continues to grow. It is possible that blacklists have helped lower the rate of growth.

<Stupid User Mode>I don't see how writing things down on black pieces of paper will keep spam from decreasing. The only thing that will decrease spam is consumers refusing to buy their homogenized meat!</Stupid User Mode>

Seriously, the concept of blacklists is good, it's just that the implementation differs from site to site.

If admins want to update their blacklists from the masters once a year, it's their choice. If they want to keep old virus definitions, it's their choice.

If you installed your mailserver with default settings and you're now on the blacklist, it's up to you to convince each list, and each administrator that you were a bad administrator, and you'll never do it again.

It's up to the individual adminsitrator to say yea or nay.

Personally, I enjoy getting spam; it lets me see how stupid people really are. Because I'm a geek, I get 'branded' middle-aged and male. Lots of pr0n spam, lots of 'increase your genetalia' spam, and 'look 20 years younger'... erm, yeah. I don't want to go back to elementary school.

Re:Going to get far worse before it gets better.

First the volume of spam on the internet hasn't increased monotonically. Variations in volume centered on the US holiday season create annual increases and decreases that result in a rate that, while increasing, is not doing so monotonically.

I work for Brightmail Inc (http://www.brightmail.com) and we've seen a vast increase in both the total number and variety of attacks over the past three years (although Viagra offers are still king). Over the past few years legislation has been passed in a variety of locales, black hole lists have risen and fell. Spam continues to increase. As long as there is are people who make that .1% response rate worthwhile there will be an incentive to spam.

We're the engine behind Earthlink's spaminator and we're moving into all the major ISPs. Unfortunately we're not free and can't be everywhere. The only way to really stop spam for good is to stop the profit incentive. Once the return on investment (it's cheap to spam but still not free) is low enough the spammers will find some other scam.

Re:Going to get far worse before it gets better.

[Skapare]

Unfortunately we're not free and can't be everywhere.

That's not as big an "unfortunately" as you might think it is. The bigger "unfortunately" is that the Brightmail website does not give enough information up front to decide if this product/service is suitable enough to be worth contacting the company about.

• It doesn't explain how the Brightmail server interacts with other mail servers and customer domains.
• It doesn't explain how Brightmail works with variant email addresses.
• It doesn't give any information whatsoever about pricing.
• It doesn't explain how it deals with issues of customer privacy and confidentiality.
• It doesn't explain what security audits have been done on the server software itself.

It just leaves people in the dark (that's not very "bright"). So for now it's a direction I won't be going, even though I have no qualms about paying for good service. Maybe if you can get the marketing people to make a better website, more people might become interested. It's not like you have anything to hide, being protected by patent 6052709.

MOD THIS UP!!!!

Gee (Mr,Ms) Insightful, I never would have guessed that.

Blacklists and Smart hosts

[ecrips]

One of the common things that people complain about on my ISP (Demon Internet) is that of the 'smart hosts' (servers that relay the mail to avoid you having to send the messages direct to the recipients) being marked as being open relays due to people having badly configured mail servers that use the smart hosts - or even open proxies that can be used to relay through these smart hosts. Whenever these smart hosts get listed on the blacklists it affects all customers of the ISP, not just the offending customers who have these open relays. Admittedly Demon should take a harder line on these people who have the badly configured mail servers/proxies - and indeed there was a recent announcement by Demon that access to the smart hosts would be cut off if abuse was detected - but even then its usually too late - the hosts have been already marked as open relays. Perhaps there should be some way of preventing these smart hosts from being added to the blacklists.

Re:Blacklists and Smart hosts

[chunkin]

i used the blacklists listing some of my ex employers servers as smarthost relays as a tool to discover stupid users with open proxies/mailservers. i cut off their access to outbound mail and fwded their ip to the policy team to follow up with the user and get them fixed. once they were fixed, i would test them and if they were no longer relaying, i'd let them send mail again.

unfortunately i was not allowed to use the lists inbound...and as such the inbound mailservers often were seriously overloaded with inbound spam. we had a private blacklist based on spam arrival, but usually spent hours cleaning up after each massive spam hit.

in case any of you wonder what it's like there now? don't worry, they are out of business by the end of this month.

Re:Blacklists and Smart hosts

Try not to be too much of a retard. If the smart host is allowing people to send spam through it, it damn well better make it on to the blacklists.

If demon is too lazy to fix their servers, too bad for them.

Re: Exclamation marks

[stu72]

I ran a simple procmail filter for a while, and I was astounded how much spam I could nuke by filtering based on subject line punctation. Some of my triggers:

more than 2 exclamation marks
more than 2 dollar signs
All caps

etc etc.

Worked pretty well, for its simplicity.

I know most don't agree but....

[linuxrunner]

I see it like this:

Think of it as a type of "Megan's Law". If you're a sex offender, then you're put on the list. I don't care if you reformed or not, you're still on the list for everyone to know.

Now here you are. A verified spammer (or cause of my daily headaches, i.e. spam). So now you're blacklisted and partially fscked... And back to being your fault?
You got what you deserve.

Whether or not blacklists are a good idea? Well, that can be questionable because DNS #'s do and will change over time. Blacklists are not completely kept up.... Maybe someone on slashdot has the answer so keep checking...

Re:I know most don't agree but....

[sbergman2]

> Now here you are. A verified spammer (or cause of my daily headaches, i.e. spam).

If spam is the cause of your daily headaches then my best advice is that you need to get a life.

Re:ObPeeve: SPAM(tm) vs uce spam

Exactly who in the world is going to mistake a mystery-meat product like SPAM(tm) with a general concept of unsolicited commercial email? Additionally, even if people do mistake one for the other, how is this going to affect Hormel's financial situation? Seems to me this particular trademark spat is pretty dumb. I for one will continue to use "SPAM" or "spam" or even "SpAm" as I see fit.

Re:No. Deal with it.

I don't want to live in a crackhouse, but I don't want to live in a cave either.

Spammers are relentless in searching for open relays. One misconfiguration and you're blacklisted.

Goodness, we weren't even open for 30 mins, but 3 months later and we are still on several blacklists (after numerous mails begging them to test us and remove us)

This isn't rocket science. Admins need to be as diligent removing blocks as they are at placing them.

Re:ObPeeve: SPAM(tm) vs uce spam

[Narril+Duskwalker]

hehe why isn't the above comment modded as funny?

Kinda funny...

[ruvreve]

At a certain midwest university lets call it Boiler University they use to have an open relay on the university-wide mail server. On the CS mail server for this certain university they obtained and implemented a blacklist for 'SPAM'. As it turns out the main university server was blacklisted and thus the CS server started rejecting all mail from the main university server. Talk about one hell of a troubleshooting task.

Re:Kinda funny...

[DavidTC]

It's always funny when a place tries to use a blacklist without checking if they're on any of them.

Hopefully, this got a lot of people's attention. ;)

Blocking lists pointless

We got blacklisted by ORBS. Took over 24 hours to get off the list despite the problem being fixed in 10 minutes.

We're a business that gets email from customers. A blocking list potentially blocks valid email from customers so we have chosen to live with the spam than risk using a blocking list. The blocking lists are probably OK for personal use.

Anyone recall the debate over web filtering software, and that no-one could be certain what sites were being blocked?

Getting blacklisted is just lots of fun...

[mttlg]

I recently discovered that any e-mail I sent with the return address listed here (and elsewhere on the web) will not get through to AOL. There's no notice of this of course, so I just never got responses from people on AOL. This had nothing to do with my mail server (I tested this with multiple mail servers and return addresses), it was completely based on the Reply-To header - changing the reply to address fixed the problem. Based on my experience, I see two main problems with blacklists:

Without notice that your message was rejected, it seems like the message is getting through, but the recipient is unwilling or unable to respond. This is a real pain with eBay, especially with Paypal payments (the sellers apparently never noticed that money had magically appeared in their accounts unless they received an e-mail notice).

Basing the filter on the Reply-To header is rather stupid, because it can easily be changed or forged. Spammers can simply spam under your address until it gets blacklisted, then move on to another, leaving you screwed. Sure it is simple to just change your return address, but how do you know that you have to if nobody tells you that you're blacklisted?

Re:Getting blacklisted is just lots of fun...

[Skapare]

Basing the filter on the Reply-To header is rather stupid.

Maybe. If it is negative filtering, blocking the reply addresses that spammers actually use, which would hopefully not be what you use, then it may work. And it has less collateral damage, unless someone spams with the intent to hurt you by using your email address, or this happens out of coincidence.

Still, the best way to block spam, IMHO, is at the SMTP connection, before it is even delivered, despite some collateral damage. As long as eBay, Paypal, and other like places are not blocked (while I currently refuse to do any business with Paypal for several reasons, I do not block their email), you should be able to communicate with them using SMTP connection level anti-spam (e.g. DNS based blacklists, or local blacklists databases). Giving a 5XX rejection gives you notice (if your mail server does the right thing and sends it to you), so you do find out about the problem and know it's not someone ignoring you.

In general I don't like basing the filtering on any aspect of the message content because that means the message had to be delivered to see that (including the RFC822 headers). Since it was delivered, then if it is rejected, my servers have to send the rejection notice back. And, since so many are bogus, my outbound queue is huge, and my postmaster box gets flooded for the failures to deliver the rejection. Stopping the spam before it is even delivered (based on connecting IP address as looked up via DNS blacklists or a local DB, or that IP's domain name using reverse the forward verification, or even the MAIL FROM string) givs a 5XX rejection over SMTP and commits the sending server to return the rejection instead of mine.

Re:Getting blacklisted is just lots of fun...

First, if AOL is not generating SMTP error messages, that is a problem with their mail server. Second, as far as I know AOL maintains its own list and does not use any of the public lists.

Are you sure that your mail is not being dropped due to filters created by the recipients? That seems like the most likely explanation for what you're seeing.

Re:ObPeeve: SPAM(tm) vs uce spam

[brunes69]

Big Deal. Diid you know McDonald's owns a trademark on the phrase "Smile" ? (Yeah that's right. It used to be on their cups when they were running some "Smile your at McDonal's campaign or something) Kimberly-Clark owns the trademark on Kleenex, do you think the cops come after me whenever I call my no-name tissue "Kleenex"? The point is, just because they own a trademark doesn't mean you can't use the word in whatever context you like, it means that you can't sell products under that same mark in the same field, or otherwise portray your products to belonging to that mark when they don't.

Re:No. Deal with it.

[harlows_monkeys]

Try actually reading the question. The complaint is not about blacklists in general, but rather about poorly administered blacklists.

ObJoke: SPAM(tm) vs meat product

Hormel owns the trademark on the meat product

Meat product? I thought we were talking about SPAM?

*rimshot*

Thank you very much, folks. I'll be here all week. Remember to tip your waitress!

Trust, but Verify

[eaolson]

After lurking on news.admin.net-abuse.email for a while, I've seen a lot of mail admins post asking to have their servers un-blacklisted because they've "cleaned up their act" only to have it pointed out to them that they are still hosting spammers.

Perhaps you could tell us where you have been blacklisted and what IPs are listed so we can see for ourselves the veracity of your statement?

Re:Trust, but Verify

[ColaMan]

Perhaps you could tell us where you have been blacklisted and what IPs are listed so we can see for ourselves the veracity of your statement?

Post some ip's? On slashdot? Are you mad?

evil blacklist admin #1: The fool! Even after our comprehensive "re-education" program, he still complains!

evil blacklist admin #2: I know! We'll use the awesome POWER OF SLASHDOT against him! I'll log in and issue a politely-typed request for his IP.. He'll rue the day he spoke out against ....
*pause for dramatic effect*

the BLACKLIST!

*evil laughter*

Too bad.

Are they a bad idea? From who's point of view?

As an administrator, I think it's a bad idea for ME to use a spam blacklist. Why? For the reasons you specified.

Do I think it's bad for people to use blacklists? No. IT's their choice.. and you cannot force them to accept your mail.

Just as I can block your mail for whatever reason I like.

too bad...

[tymesf]

You were a moron. Accept it, fix your mailer, and contact the anti-spam registries. Nobody ever claimed they were perfect. Nobody ever claimed there isn't a period of time during which previously ignorant admins' mail servers' users are punished. People use them because spam has become unbearable and the advantages outweigh the disadvantages.

Re:too bad...

On the contrary, it is not always that easy. I work for one of the worlds largest email list hosting company, with a volume of over a trillion emails a month, it isn't uncommon for someone to abuse their list and we end up being black listed somewhere. Of course anyone found spamming has their account immediatly suspended with no refunds.(and can be charged $500 per spam complaint) But some of these black listers are truely unreasonable. In one instance we were removed from a black list upon agreeing and showing proof that all our lists are required opt-in. (the person gets a confirmation message approving their subscription) A week later the same place black listed us AGAIN, but this time because of the volume of CONFIRMS! Now they won't even look at the messages to see that what he thought was spam are really just confirmation messages. Instead he just insists it is spam and will not remove us. This sort of thing is just down right anal, and should not be allowed!

Re:too bad...

[rifter]

Good. I hope you go on every blacklist there is. In fact, I hope you go out of business. Maintaining a host that enables spam is just plain wrong. And people get sick of receiving mail from lists saying "Oh! if you want to opt-out you can go to our ad-filled website!" not getting taken off the list they never subscribed to in the first place, and being told it was "opt-in." For a lot of these sites "opt-in" means you once put your email address on one of their "partners" websites to see an article or download a patch.

The purpose of mailing lists was to give groups of people access to discussion and infromation. It was NOT so I can get hundreds of "informative" scam advertisements. It was NOT for spurious "newsletters" containing nothing but get-rich-quick schemes and mlm to be sent to milions of people. And it was certainly not for bastards like you to make a quick buck off of it.

Harbouring spammers, IMHO should be treated just as harbouring terrorists is now. I think a lot of people will rejoice when what you do is illegal and all ISP's must blackhole scum like you.

Re:too bad...

[DavidTC]

Did your 'confirms' include an ad? Why, I bet they did!

Re:too bad...

Amen, Bro.

These scammer and spammer criminals need to be recognized for what they are.

And dealt with accordingly.

What about customer spammers?

[wraithgar]

Yeah, but what happens when it's a stupid customer who gets your mail server on a blackhole list, because they stupidly installed Exchange Server, which relays mail through YOUR server. They are on your IP, so your mail server lets them through.
Before you know it, you're on a blackhole list. You call the customer, get it fixed, and then find getting off of those lists is impossible... Seems the whole "slap on the hand" principle falls apart here, cause you weren't the one w/ the open relay..

Customers are a necessary evil of being an ISP.

Re:What about customer spammers?

[prog-guru]

Sendmail will see you are running an SMTP server, then won't relay mail from the exchange server unless you put an entry in access.db.

You should not make that entry if possible, and let the exchange server send the mail itself (M$ calls this "using DNS"), or have your users put the ISP's mail server in their mail client configuration, and not run your own mail server at all.

Re:What about customer spammers?

[wraithgar]

Um, we ARE the isp.... we have to keep those IPs open for relaying, and actively shut down any abusers. The problem is the time between their abuse and being caught gets us on those lists.... and it is very hard to get off of some of them.

Re:No. Deal with it.

[xee]

Your logic is... fuzzy.

First of all, your crack-house metaphor is absurd. Secondly, your "if you dont like it, move" mentality is so amazingly worthless, I'm surprised i'm even taking the time to point it out.

If you don't like it, try to make it better.

The real problem

Why are you guys getting on these lists in the first place? It is a disgrace in this day and age to expose an open relay to the internet. This happens in a 'financial insitution'? Problems with blacklists aside, the real problem lies with everybody thinking they are fit to be admins and the managers not being able to pick the right people for these jobs. If e-mail connectivity is _that_ critical you can certainly mopve the server to a different IP in your block or arrange for an upstream smart relay that isn't black listed. Oh I forgot, that requires actually understanding what you are doing and we cannot have that -- reading slashdot religiously is the only qualification necessary for admining.

Understanding? Does that require GNOME?

I think it will come dow to legal responsibility

[Tri0de]

IMHO, at some point there will be legal liability affixed on poorly managed blackhole lists. Negligence will be real hard to prove against a well run list, and of course no ISP is required to use any particular blackhole list, but just creating such a list and then NOT MAINTAINING it is bad karma at the least and potential libel.

Re:ObPeeve: SPAM(tm) vs uce spam

[Breakfast+Pants]

if its no long er on their cups then its not in use anymore and thus they no longer own it. And I don't beleive they owned a trademark on the word smile, just the stylized(sp) way it was on their cups, I beleive it had a little smiley mouth under it which was part of the TM.

Talk to abuse.net

[Qrlx]

I inherited an open relay when I came to work for a small company. I never got blacklisted, though once upon a time I got a warning message from ORBL that I was an open relay...I fixed that right away.

I suggest you read through the spamtools mailing list archive at abuse.net, or better yet join the mailing list. I'm sure that you will have more success getting de-blacklisted if you communicate with some of the blacklisters who are on that mailing list.

Realize that there is a huge variety of opinion regarding spam, SPAM, UCE, UBE, and so on. Some people like to /dev/null incoming hotmail.com and yahoo.com because they're fed up with the spam. There are people who will blacklist you if you don't have an abuse@yourdomain.com account set up. It is ultimately up to the mail admin at the receiving side, and you're gonna have to deal with that on a case by case basis.

But, if you've fixed your relay (and maybe your formmail.pl vulnerability too) then you shouldn't have too much of a problem convincing a *reasonable* person to take you off his list. (Unless you are actually a spammer...) Be warned that there are *UNreasonable* people as well, spam Nazis who'd make you wear a yellow "known spammer" armband if they could. Good luck deailng with them. Those guys are proof positive that noone owns the Internet, and you DAMN well better play by THEIR RULES if you want to use THEIR SERVERS!!

Re:No. Deal with it.

[Tackhead]

> What if it used to be a crack house, but the neighborhood cleaned up and was safe?

A good point. That's why I'd buy SPEWS a beer.

The system appears to be automated -- if the blocked host stops sending spam for a long enough period of time, SPEWS appears to unblock it.

If, on the other hand, the spam continues to issue from the blocked host, SPEWS appears not to unblock it.

From what I've read in news.admin.net-abuse.email, the length of time for which a provider remains in SPEWS appears to be proportional to the length of time the provider ignored abuse complaints.

Contrast this with a privately-run blocklist (e.g. my "fsck it, block the /24".) I can't be bothered to check if the /24 has cleaned up. There are IP address ranges all the way back to the days of Cyberpromo that I haven't been bothered to unblock.

The advantage of SPEWS and its ilk is that 1000 systems can be unblocked. The problem with the blocklist on my own system is that I can rarely be bothered to unblock it.

(In crackhouse terms, SPEWS reads police blotters, and if it stops seeing crime in a certain area, allows pizza delivery. I'm the crusty old Italian guy who says "No, you can't deliver to 48th street, it's a war zone, at least, it was the last time I tried to deliver a pie there sometime in 1996!")

Spam blacklists are unreasonable.

[FaxiS]

First a disclaimer: I don't like blacklists.

Until very recently I worked for an ISP in North East Georgia called WhiteLion.Net. I'll admit, our revenues were getting low, and we had the opportunity to colocate servers for a company that did bulk emailing. They paid us a lot of cash for this. The company is now out of business due to unrelated things. However, during our spam stint, we got placed on a number of blacklists, including one called SPEWS. We removed the servers about 3 months ago when UUnet threatened to cut our lines. *NO* spam has originated from our network since then, but, even though I have notified SPEWS of this, they either don't care, don't believe me, or something. Any way, they STILL have WhiteLion.Net's IP blocks banned, as well as some IP blocks that didn't even belong to it. I posted a remove request on the newsgroup that the SPEWS faq said to post on and got a whole slew of really hateful replies. My point is this: these blacklists are not a way to prevent spam so much as a way to punish ISPs for spamming or open-relays. If they were really about stopping spam, then the block should be removed when the spam stops. Instead they leave them up. I'll admit, there are probably people out there who say they don't do such things any more and are lying their ass off, but instead of taking each case individually and dealing with the offenders one at a time, they all get lumped together regardless of the level of offense, or the level of repentance. If you want to read some REAL crap, just go on to google groups and search for 'Chad Singer'. ;)

Re:Spam blacklists are unreasonable.

What are those blocks? I'll be sure to add white lion to my firewall ASAP. You sold to a spammer, so you and your users deserve to never, ever, ever send e-mail to my users.

Re:Spam blacklists are unreasonable.

[FaxiS]

You, my fine friend, are a first rate cock.

Re:Spam blacklists are unreasonable.

No, actually you're the cock.

You and your company deserve to go out of business. What did you think, you could host spammers and not get called on it? If you're that naive you should not be in the hosting business. Since you probably did know about all the blacklists, and took on spammer customers anyway, you have nobody to complain to but yourself.

The url for the usenet thread was broken, a good one is Chad's thread starter.

-1

Is slashdot ever going to remove those stupid -1 posts from the archives?

RBL

[spottedkangaroo]

I use several blackhole lists.

In the real world, the users want this, but the ones that cause more trouble their worth don't get used much.

I had a couple favorites that blocked all spam. All of it. But they also started blocking things like hotmail and yahoo! ... so I had to turn them off.

And that's the thing. The blackhole lists really do work. But the stupid ones ... nobody uses cuz they block too much legitimate mail.

Re:RBL

It's people like you that contribute to the breakdown of communication on the Internet.

Our Solution

[JWSmythe]

spam is a serious waste of energy. We're filtering roughly 3000 messages per week. It's unfortunate that you've ended up on those lists. It seems any successful hosting company will end up being fingered as a spammer at some point. In the case of the companies I've worked for, we've been innocent. One, a mainstream hosting company, was stuck on a blackhole list, which we never managed to get removed from. One customers ISP used that blackhole list, and he was very upset that he couldn't have his domains Email forwarded from us.

There are better solutions than using the "blackhole" lists to block someone, like yourself. Recently, we've stared using MailScanner, which uses SpamAssassin for spam identification by pattern recognition, blackhole lists, and Razor for spam identification through cataloging. MailScanner and SpamAssassin are very nice in that they don't just "black hole" you, they simply tag the message as possible spam. That's what any responsible ISP should do, rather than blocking all transactions based on a 3rd parties list. We get the occasional Email sent through a mail server which would have been black holed, and it is a legitimate Email which should be delivered.

Running a mail server, it's not my job to block mail based on where it came from. I can provide the service to my users by adding flags for potential unsolicited bulk messages, but it's up to them to decide if they did or didn't want it. You never know, they might have been interested in going to a hardcord teenage beastality site. Who am I to say that's wrong. :)

Re:Our Solution

There are better solutions than using the "blackhole" lists to block someone

Better for you, perhaps. Not better for everyone. If you want to pay the overhead of content analysis and extra disk space, that's your business. Other providers may not be willing to.

That's what any responsible ISP should do,

No. A responsible provider should do what works best for his stockholders and his customers. If that involves spilling mail on the floor, so be it. If that involves blocking packets at the router, so be it. His server, his rules.

rather than blocking all transactions based on a 3rd parties list.,

Well, I dropped my previous provider because he wasn't dropping any packets. A responsible provider will pay attention to what his customers want.

Running a mail server, it's not my job to block mail based on where it came from.

It is if your boss tells you to do so. It is if you've promised your cutomers to do so.

I can provide the service to my users by adding flags for potential unsolicited bulk messages,

Not at the same cost.

You never know, they might have been interested in going to a hardcord teenage beastality site.

Which they could easily find without any assistance from the spammer. What would happen in practice is that the update from the HTBS they subscribed to would be lost because of all of the golf ball, MMF, printer toner and other spam.

some of thee guys are nuts

[ellem]

A little while ago a site I worked at was blacklisted.

We fixed the problem that day and when we contacted the SPAM COP he wrote back to say, basically:

All Lotus Notes Mail Servers are insecure so we're leaving you on the list. Get another mail server.

I made achange in the Notes.INI file that made it look like I was using SendMail. And he fixed us.

Ridiculous policy. Notes is pretty secure anyway! I wonder what this guy read...

some companies deserve it

[not_anne]

My employer's corporate office email system is an open relay, so that outlying offices (like ours) can send email, and so the company can track what we're doing.

Recently, spammers have discovered our open system and have been relaying at a furious rate (read: thousands of emails a day.) This caused *our* email to get reflected back to us most of the time, and it also got my employer's domain on several spammer blacklists. This is such a problem, that the corporate office recently switched ISPs over it.

Now, with the new ISP, the IT guys have "cracked down on security" by banning relaying...for 1/2 the day. In the mornings we can send all the email we want (and so can the spammers), but after we all get back from lunch, no more email can be sent out. My employer is baffled why we can't get off of the blacklists, even after the move to the new ISP. I just laugh and goof off for the rest of the afternoon.

I'm all for an appeals process of some sort in order to get off of spam blacklists, but some companies do deserve to stay there, as long as their habits and policies don't radically change.

not_anne

Re:some companies deserve it

your employers are idiots to maintain ANY type of open relay even for so called "business" purposes. Get off your collective asses and research and implement something like SMTP-AFTER-AUTH or the like.

It's people like this I'm glad my email server blocks you

Re:some companies deserve it

[NeurfBallz]

Thanks for a good laugh. This beats out any slapstick comedy one might come across this evening.

Never understimate the power of stupidity

Re:some companies deserve it

You don't even need a full blown VPN. Just setup SMTP authentication.
It's not that difficult.

Re:some companies deserve it

[ColaMan]

Ok.......

You *do* realise that mail servers can be configured to only accept relays from certain domains? eg from "outlying-branch-isp.com"?
And your new ISP is "cracking down" by letting it go half the day only? Hmmm .. I take it you get charged by the MB by your new ISP?

I know, it's fun to goof off, but you're doing the rest of the internet a disservice.For chrissakes, get somebody to post your system specs here on slashdot and get somebody will post the steps required to walk you through setting it up .... even *I'll* have a go, if it stops the spam just a little bit.

If someone at your outlying branch isp subnet(s) discovers your mail relay after that, well it should be a simple matter for you to get them booted.

Oh, don't post any identifying details about your company, unless you want them to experience THE AWESOME POWER OF THE SLASHDOT EFFECT *evil grin*

Heh , I like the sound of that ...
"NOBODY EXPECTS THE SLASHDOT EFFECT!"
Kind of python-esque.

simple solution..

[Lumpy]

a self maintaining blacklist. if you get blacklisted and then fix it, you go to a webpage that you submit that you're fixed. then the system simply uses a seperate computer that is NOT on the webpages domain and tries to relay email. if the relay happened then the blacklisted site is still blacklisted, otherwise it is automatically removed.

Maybe 100 lines in perl to accomplish this. no real effort required.

Re:simple solution..

Insightful. Right.

So say I'm a scummy spammer ISP. I want to get myself removed: I turn off relaying for 5 minutes. I get myself verified as being "clean." I turn relay back on.

This can be somewhat mitigated by randomly checking several times over the course of a day, and removing at the end of that. Failing the check at any point puts you back on the list.

I note that even this can be solved by simply setting up a different mail server temporarily to do the relaying (if you really want to be an asshole) just temporarily while the original "relay" is closed to be checked out... *shrug*

Re:simple solution..

[curunir]

How long until the SPAM'ers found a way to configure a mail server that blocks your 100 line perl script but still allows open relaying?

However, your 100 line perl script could be useful as a pre-emptive measure to warn admins who have carelessly left their servers open to relaying. So if it finds an open relay, it sends the admin mail saying:

"The Automated Open Relay Detection Service has determined that your server does not sufficiently deny open mail relaying.

The following test was performed:
<test details here>.

If you do not wish to be added to various blacklists services, you should probably fix it. If you need help fixing it, useful resources include:
<useful urls&gt"

Set that up as a distributed project, and it'd find all the open relays on the internet PDQ.

Re:simple solution..

[Lumpy]

Ok I should have elaborated... Make the test happen in a random time and for a random amount of times over the next 72 hours. scummy spammer relay cant afford to be down for 72 hours. Or increast the time period... also increase the script to 150 lines and LOOK for a refusal to relay, seeing no response doesnt remove from the list. hell you can have the remote machines (say 3-4 of them at members homes or companies that volunteer some time running the script) keep the recently OK'd sites on a suspect list and cintinue to try to relay over the next 15-20 days. if it's still clean after 15 days, I'd bet it 's clean.

Re:simple solution..

[anthony_dipierro]

So say I'm a scummy spammer ISP.

I can't think of any reason why a scummy spammer ISP would want to be an open relay. Sure, they want to be a relay, but only for their own spam and those of their trusted partners.

Re:simple solution..

[NeurfBallz]

>[Who are you and what are you doing with my socks]

Hopefully not a thing. Open socks and other proxies are one of the fastest growing problems. When the spam comes through your socks, YOU ARE the spammer, whether you created the posting or not. There is no way to tell that you did it by accident, rather than deliberately to provide a service to the originator. You're the same as any other spammer-for-hire, except that you MIGHT not be getting paid for it.

Re:simple solution..

To do it well, you'll probably end up writing more than 100 lines of code, but it's certainly not rocket science. One day, I got fed up with the amount of spam coming into our network and wrote the bulk of the code for the njabl.org blacklist (http://njabl.org/). It went from concept to automatically detecting thousands of open relays in one day at work. Since then, quite a bit of time has been spent on enhancements and additional code.

Automated removal is no problem. My solution was anyone can remove any open relay from the list. After removal, it gets retested. After a couple removals, a delay is inserted between teh request for removal and the actual removal. 1 hour, 4 hours, 16 hours, before long it's more or less permenant and can only be removed by hand.

Some sites will block retesting, which sucks. The really dumb ones will send some hate mail first, which usually prompts us to check to see how their retest went (hmm...we couldn't relay or couldn't connect, but this other remote IP can still relay through them...back in the list you go).

Re:simple solution..

[Phork]

you seem to be not understanidng something. Open relays are not uasualy set up by spammers, they are uasualy setup unknowingly by companies for there corprate email and things like that. Then a spammer finds out that the server is an open relay, and starts to bounce there spam off it. So it is not at all an issue of spammers finding a way to avoid having there mail servers detected, a smart spammer would not run an open relay on there own server, because open relays get blocked, and can cost you money if someone starts to send a large amout of traffic through the server.
The only time you would have someone trying to avoid their server being detected as an open relay is when they use the server for legitimate(non-spam) purposes, but are to lazy to make the server not an open relay.

Re:simple solution..

[Phork]

i belive this is how several of the blacklists currently work, at least for the removal. I dont know if they automatically go out and hunt for open relays.

Re:simple solution..

[curunir]

No, I understand all too well how spammers operate. I realize that they currently look for vulerable servers to exploit.

However, if the blacklist process were to be made automated like the parent post suggests, then spammers would quickly realize that it is far easier to run their own server than search for open relays to exploit.

This kind of solutions is very Microsoft-esque. It seeks to solve the current problem without thinking about the problems that could be created by the solution.

Re: Push Systems

[yintercept]

Spam can be defined as any peice of email that your really don't want to get.

E-mail is the easiest way to develop push program, and I generally let end users track different events on the their accounts with email. Such systems generate a ton of email. They generally let the end user control which events get reported. Regardless, I find heavily used systems generating 10,000+ auto generated emails a day.

It is very easy to mix this push programming up with marketing spam. It only takes one admin to confuse the end user controlled push program with marketing spam to mess up an entire block of end users.

We are never going to be able to completely protect our users from spam, it is much better to develop clients that help the end user cope with vasts amounts of email.

blacklists are fine

[maxpublic]

Your right to email stops at my machines. I can choose to accept it, redirect it, or reject based upon any criteria I like. Could be I use a blacklist, could be I reject anyone with an aol.com address, could be your name is Fred and I don't like that name.

The point is, all of these reasons are valid because they're *my machines*. Only I get to say what goes and what doesn't on them. My users might get disgruntled and go someplace else but they don't have any say in how my machines are run - and neither do you. I might decide to respond to my users for fear of losing their patronage but I don't *have* to.

If the blacklists really do such a lousy job then the people using them will get annoyed, then pissed, then stop using them altogether. It's a great system for weeding out the incompetents and the fanatics, since in the end only incompetents and fanatics are left using the badly-managed list. Works for me.

If the blacklists are doing okay then people will continue to use them instead of migrating away. From what I've seen the 'big' blacklists have a growing clientele, not a shrinking one, which is somewhat credible testimony that most of the time they do an okay job.

You can complain that it isn't fair if you can't get your name off a list, but you don't have any rights (legal, moral, or otherwise) to petition for a redress of a non-existent grievance. They can keep you on their list on a whim, if they like, just like I block all aol.com addresses universally and have for years.

Max

ORBS cocksuckers

Cocksuckers at ORBS hammer my mail server with "tests" for open relays. My server ISN'T an open relay. Doesn't matter, then send me some auto-generated threatening mail that they suspect I might have an open relay, and add me to a public list of "Known open relays".

Next thing my site which DOESN'T relay is being hammered by spam-fuckers who use the ORBS list to find relays to abuse. Sure nothing gets through, but my server still has to deny a billion and a half requests.

Re:No. Deal with it.

[derF024]

My experience with orbz is that they don't pay attention to the people in the middle - I've been there.

people in the middle?
orbz is 100% automated and once you fix your server, you can be off of the blacklist in under an hour. (just ask for a re-test from the mail server in question) i'm not sure what you mean by orbz not paying attention to people in the middle, but it's fairly easy to get out of the DB if you close your relay.

Machines in the middle?

[ryanwright]

I'm trying to move data from one point to another, and some machines in the middle are discriminating against my data

Just wait a minute there Jethro... "machines in the middle" are not discriminating against your data. It's not like your mail passes through this machine that says, "Hey, you're a bad bad person! Go away."

In fact, the recipients are the servers refusing to deal with you. Sure, it's because they've subscribed to a list, but the list is not the one refusing you, it's the server that reads from it.

That said, it's not very nice to remove you from such a list once you've demonstrated your server is fixed.

Re:Machines in the middle?

[ryanwright]

That said, it's not very nice to remove you from such a list once you've demonstrated your server is fixed.

Oops. That should have said, "It's not very nice to refuse to remove you" ...

It's anti-democratic ! There are other (better) so

[dbucher]

We too were listed on some of these lists. And this was at the beggining of what is now know "mail relaying". Before then, all mail servers were open-relays, and suddently your emails are blocked !

Therefore I'm against these lists but I would suggest another solution :

1. These list should inform you have been added
2. They should leave you 10-15 days to fix the problem before blocking you
3. They should help you. I was *very* shocked by ORBS attitude "we block you, and we don't care if you cannot correct it"

The problem 3 is quite grave : What can you do if your mail server doesn't support anti-relay ?
Or if you must buy another licence, or it it's opensource, but needs a new version of the OS, or things like that. OK, now all email servers support anti-relay. But this was not the case at this time.

And FIRST OF ALL, I would really like to have a RFC on this subject : I don't accept ORBS having decided what's permitted and what's not ! Some relaying is permitted and some not.

Example : Accept any IP address for relay except ORBS, you won't be blocked but you're an open relay ;-)

ISP have the problem, too

[buserror]

no later than this afternoon, I was trying to email some guy at @blank.org, and my mail was bouncing because it was claimed my ISP was an open relay.
I checked it using an external box, and it wasn't.
I emailed the ISP and the destination domain (using another relay) and the ISP was ammadant they had never been open relay in the past, because that's the first thing they checked when installing their server. I know the techies there, they aren't bad, I trust them.

Of course, the blacklist site failed to reply to any email I send.

I don't see why they try to do that, openrelays are mostly home machines that will be shut down before there is a chance for the blacklist to work (and with DHCP...)

Maybe they should target and start blacklisting yahoo.com, home.com, hotmail.com, aol.com and the few other domain from where 90% of the spam I receive originate, instead.

Re:ISP have the problem, too

Uhm.. Just becuase the mail says "yahoo.com" (or one of the others you mention) doesnt mean it actually came from servers operated by that company.

What it usually means, is that since a lot of mail servers reject mail coming from invalid domains, is that the spammers put "From: dfgsdfgsdfg@yahoo.com" in there becuase they know its a valid domain.

Learn how to read SMTP headers - its the *IP* addresses of the open relays or spam sources that the various DNSBL's operate with.

Now, AOL has their own blocking/filtering system which has nothing to do with the DNSBL's - and it is based on domains. I can't imagine it is very effective, but then again AOL is for lusers anyway..

Re:ISP have the problem, too

[SpacePunk]

In my mail server I have quite a few manually entered ip blocks such as NNN.NNN.*.* which effectively blocks everything beginning with NNN.NNN. Perhaps that's what happened.

(yes, I know that blocking 65k IP's at a time is crazy, but it's a crazy business)

Re:ISP have the problem, too

[tweek]

Think that's bad?

From my deny file:

210 This mailserver does not accept spam from AsiaPacific netblocks. If this is in error, please send email to dj_tweek@yahoo.com
211 This mailserver does not accept spam from AsiaPacific networks. If this is in error, please contact dj_tweek@yahoo.com
202 This mailserver does not accept spam from AsiaPacific networks. If this is in error please email dj_tweek@yahoo.com
203 This mailserver does not accept spam from AsiaPacific netblocks. If this is in error, please contact dj_tweek@yahoo.com
61 This email server does not accept spam from Asia Pacific networks. If you feel this is in error, contact dj_tweek@yahoo.com

I don't know anybody from there and I give an option for the serious people who want to get in touch with me.

Re:ISP have the problem, too

[wizkid]

Sometimes the ISP doesn't have the open relay, but a downstream customer does. Orbs and other blacklist servers will test for spam at the insert point, which in this case would be the downstream customer mail relay. For the ISP to get of the open relay list, he needs to shut off this customer that's using his server as a relay to relay mail from his server, that's an open relay. Damn, talking about a Long winded sentence! When an ISP has a customer with an open relay, then the problems escallate, for obvious reasons. Being an ISP can suck sometimes, cause that customer is probably a buddy of the CEO :(

Re: Exclamation marks

[Da+Schmiz]

Yeah, a friend of mine was using a similar system, and it worked quite well for him. That is, until the day his boss sent him a message with the subject line "URGENT!!! THIS IS VERY IMPORTANT!!!" or something like that. He never saw the message.

So, the boss realizes that perhaps my friend didn't get the message, and so the boss forwards the message to him, with a note attached, so now it reads "FW: URGENT!!! THIS IS VERY IMPORTANT!!!"

This happens two or three times before he finally figured out what was going on.

Moral of the story: quarantine spam, but don't automagically send it to a black hole. Only the addressee can truly differentiate legitimate mail from spam.

Re:Shout out for ... spamcop.net

[edstromp]

I personally like SpamCop.Net. It has a dynamic black list based on ip. If people report spam from a specific ip address, it will (after a certain threshhold) get added to the black list. Once the spam stops being reported, the ip address becomes open again.

Blacklist maintenance

[Todd+Knarr]

I can understand the problems caused by unmaintained blacklists, or ones that operate on the roach-motel principle. All you can do is communicate directly with the blacklist maintainers, or communicate with the sites blocking you (mail to postmaster shouldn't be blocked) and see if you can convince them the blacklist is unreasonable. If sites start getting lots of reports about a blacklist refusing to delist open relays after they've been fixed, site operators may stop using those blacklists.

On the other hand, you admit to having had an open relay in your network. Back before 1995 or so this might have been excusable. If we're talking in the last 6 years, though, there's no excuse. The problems have been well-known, the solutions equally well-known and easily implemented. If you shoot yourself in the foot, even unintentionally, whose fault is the resulting pain?

Re:Blacklist maintenance

On the other hand, you admit to having had an open relay in your network. Back before 1995 or so this might have been excusable.

Back before 1995 or so this might have been laudable. Open servers were considered to be desirable until UBE became a serious problem. Back when it was considered inconceivable that any but a small number of sociopaths would ever spam, open servers were considered to be a way to help those with poor connectivity.

A Blacklist Blacklist

[xee]

Wouldn't that be great? Someone (me?) should start a blacklist-blacklist to keep track of all the poorly maintained blacklists. "Well, that's a great idea, but what if..." That's exactly what i thought you'd ask. Of course, we could do this forever. Sometime circa 2055 we will live in a world with several "blacklist-blacklist-blacklist-blacklist-blacklist -blacklist-blacklist-blacklist-blacklist-blacklist -blacklists". When will it ever end? I'll tell you when: WHEN WE WISE UP AND FIX THE PROBLEM. Blacklists are pointless and worthless. Spammers are in the business of spamming. Block their IP, and it will be their FIRST PRIORITY to either have the IP removed from the blacklist, or to get a new IP address.

Want a public, anonymous, free, decentralized communication system? Accept certain truths about it. There will always be spam, there will always be chain letters, there will always be suckers who fall for them or otherwise propagate them. Is the system imperfect? Of course. Are spammers the problem? Of course not.

When Microsoft adds a "feature" to Outlook that spawns an entire legion of worms and viruses, do we slashdotters attack the virus writers? No (at least, not usually). We attack Microsoft for releasing such a vulnerable product, and we attack the users who execute every single attachment they recieve regardless of the sender or the context. By this SAME LOGIC, we should not be condemming the spammers -- they are the equivelant of the virus writers -- we should be condemming the e-mail infrastructure (which is as productive as condemming Microsoft -- see them listening? i dont) and we should be condemming these same users who support spammers by sending them money.

Some of you may want to tell me "stop complaining unless you can fix it" or perhaps you'd prefer the old "what else is there?" But this only dodges the issue. The issue here is not spam, it is not blacklists, it is not the e-mail infrastructure. The issue here is the users who give spammers money, and who propagate chain letters, and who run virus-ridden e-mail attachments. We need to be attacking these people who have no business using computers in the first place.

Elitist for life. :)

Re:It's anti-democratic ! There are other (better)

[hpa]

The problem 3 is quite grave : What can you do if your mail server doesn't support anti-relay ?
Or if you must buy another licence, or it it's opensource, but needs a new version of the OS, or things like that. OK, now all email servers support anti-relay. But this was not the case at this time.

If so, they're right in blocking you. You're saying "oh, we're not willing to go through the trouble of cleaning up our server, to hell with anyone who gets spammed." It's exactly those sites that they're supposed to be blocked

2. They should leave you 10-15 days to fix the problem before blocking you

That's insane. Once you end up on a spamrelay list, you'll be the conduit for tons of spam within hours of even minutes. 10-15 days is an eternity in that respect.

Threaten to sue the 5h1+ out of them - IANAL

Get a lawyer to write a threatening letter, stating that they're unfairly interfering with your business. They're costing you revenue and creating problems with your communications channels. You've complied with thier stated policies already and have taken "good faith" action to resolve the issue. Bottom line. If it's harming you and money is involved you can at least threaten to make them liable for that money. You'll probably loose if you push it, but just the letter ought to be enough to force the issue.

I'm not a lawyer, but I used to sleep with one... how's that for reversing the system?

Re:Threaten to sue the 5h1+ out of them - IANAL

[DavidTC]

They will post this letter to news.admin.net-abuse.email. You will end up in thousands of private blacklists and will never be removed. You will be stuck in most major blacklists for months. You will have people who route your network to /dev/null so your customers can't access anything, not just email, at your site.

And, finally, you may also be sued for barretry (sp?), which is threatening groundless lawsuits.

Problem needs to be addressed on several fronts

[Pinball+Wizard]

Consider all the small and medium sized businesses out there. They may be lucky to have even one admin, yet still need to provide email to all their employees. That one(if even that) overworked admin may have many responsibilities, one of which is running a mail server. I know some of you would like to say, "hey if he can't run his mail server right, he shouldn't be doing it at all". That's a bad attitude to take, and putting someone on a blacklist without giving him the chance to correct the problem first is just plain wrong. Yet thats what these blacklists do. Only after you take care of the problem are you taken off the blacklist.

IMO, the way it should work, to be fair, is to send a warning email to someone from the company. Then, if that email goes unnoticed, put the company in the blacklist. Even better, put something informative in that email letting people know how they can stop their server from being an open relay.

I should know. I've been in this situation, where my email server was way down on my list of priorities. I was blacklisted without warning or explanation. I had to investigate the whole matter myself, fix the problem, find the people who blacklisted me and go through their procedures to get off the blacklist. While I see the need to have blacklists, they certainly could do a better job dealing with buisnesses who have no intention of spamming and who may have just overlooked or not even known about the problem.

Re:Problem needs to be addressed on several fronts

[Senior+Frac]

"hey if he can't run his mail server right, he shouldn't be doing it at all". That's a bad attitude to take, and putting someone on a blacklist without giving him the chance to correct the problem first is just plain wrong. Yet thats what these blacklists do. Only after you take care of the problem are you taken off the blacklist.

Yes. It's called Performance Based judgement. You should try it some time instead of touchy-feely T-Ball games for your kids. (Hint: no one wins or loses, everyone bats every inning. Losing might traumitize the kids!)

IMO, the way it should work, to be fair, is to send a warning email to someone from the company.

We've tried that method. Admins try and hide behind nonstandard email addresses; no abuse@ or postmaster@ addresses, if they even list one at all. The whois databases on IP ownership aren't always trustworthy. It's a damn lot of work, in addition to the time-cost of listing to begin with. Not only is the offending admin using my resources to send his spam, he expects me to waste my valuable time tracking him down, and often teching him his job? No. Pay me.

I should know. I've been in this situation, where my email server was way down on my list of priorities.

We know. The blacklists exist to move this up on your list of priorities.

I was blacklisted without warning or explanation. I had to investigate the whole matter myself, fix the problem, find the people who blacklisted me and go through their procedures to get off the blacklist.

OMG. It's called doing your JOB you lazy puss. They didn't make this work-to-be-done appear out of midair, they merely highlighted it on your list.

As much as you point the finger, as much as you wiggle, as much as you try and shift blame, you didn't do your job, you didn't understand the technology you were dealing with, and you misconfigured the server. This means you get to fix it and deal with the cleanup issues. They're a lot bigger than you originally thought. Maybe hiring someone qualified is in order.

Time for ISP's to adopt a new email standard.

[BlueCoder]

Time to face the fact that grandpa's hacked text email protocol does not cut it anymore. Time for a modern binary based protocol designed to optimize the handling of binary encoded messages.

Messages need to be encrypted by default. We need public and anonymous digital signatures to automatically seperate and filter email. Everything needs to be trashed unless it's properly authenticated. Much of which should be performed at the mail server level with features such as receipts that can verify that a message was at least recieved by a user or trashed outright as unauthenticated.

Authentication codes must accompany all email addresses. Authentication codes which can be revoked. That email gets through should be viewed as an intimate privilage. Spam will then and only then be eliminated. And web sites that extort email addresses will become a thing of the past.

Re:Time for ISP's to adopt a new email standard.

How are text vs. binary or encryption relevant to this problem in any conceivable way? "Public and anonymous digital signatures to automatically separate and filter email" how? How can spam be stopped by receipts? What does "properly authenticated" mean? "Authentication codes which can be revoked" by who? Would you consider "email that gets through ... as an intimate privilege" a desirable thing?

SPAM? Here's some addresses to try, hee hee

Good luck :)

Electrical Engineering Jobs

Over 770 E-mail Addresses

EE Times - December of 1997
JOB 1
stg.jobs@attws.com, pa@ansara.com, resumes@qualcomm.com, hr1@arris-i.com, pmurphy725@aol.com, boulder-jobs@qualcomm.com

San Jose Mercury News 10/12/97 paper
JOB 2
jobsedg@msm.mea.com, hr@asante.com, hr@cel.com, jobs@redcreek.com, jobs@vnet.ibm.com, manager@resumix.nsc.com

EE Times - 1/12/98
JOB 3
teclou@aol.com, TELECOM@NSASEARCH.COM, jobs@intel.com, aztech@amug.org, jobs@vitesse.com, resumes@wtc.sel.sony.com, rafey@tiac.net, hr_resume@ims.com, jobs@whiteoaksemi.com, jobline@littongcs.com

San Jose Mercury News - 8/24/98
JOB 4
jobs@fcsi.fujitsu.com, careers@stellexms.com, jobs@c-cube.com, kelly.ulmen@plexus.com, employment@splashtech.com,tchiang@techwellinc.com, brigid@cohogroup.com

Westech High Technology Careers - Part I (August 1998)
JOB 5
confreg@dci.com, resumes@ireadyco.com, baynetworks@isearch.com, resume@rayjobs.com, opportunity@sandcraft.com, itjobs@montgomery.com, adresp@cadence.com, jobs@wdl.lmco.com, staffing@ca.slr.com, jobs@lsil.com, jobs@level1.com, hr@littonatd.com, resume@livingston.com, jobs@ssi.samsung.com, employment@crossworlds.com, careers@fmi.fujitsu.com, jobs@sunrisetelecom.com, jobs@us.ibm.com, staffing@aspect.com, hr@cel.com

Westech High Technology Careers - Part II (August 1998)
JOB 6
deseri@zoran.com, jobs@divatv.com, resume@pmcg.philips.com, recruiting@sharplabs.com, job.opps@quester.com, tutresumes@tutsys.com, recruit@candescent.com, staffing@tab.com, hr@altera.com, jobs@corp.adaptec.com, chuck@pmcflash.com, jobs@quantum.com, career@smartm.com, staffing@electroglas.com, recruiter@wyse.com, hr@isd.com, candidate@verilink.com, jfrench@masca.com, resume@itron.com, resume@netscape.com, hr@rise.com, jobs@auspex.com, jobs@edg.mea.com, sj_jobs@mail.sel.sony.com

San Jose Mercury News - August 31, 1998
JOB 7
resumes_ca@alliedtelesyn.com, ace@hallkinion.com, hr@oaktech.com, hr@interrainc.com, jobs@amd.com, hr@connectix.com, jobs@larscom.com, Adecsystem@aol.com, hr@sierraimaging.com, jobs@avanticorp.com, hr@gasonics.com, ssthr@ssti.com, jobs@alza.com, ben@virtual-silicon.com, hr@flextronics.com, employment@ocv.com, jobs@qntm.com, hrdept@pixera.com, staffing@actel.com

San Jose Mercury News - Part I (September 13, 1998)
JOB 8
recruit@micrel.com, hrd@ata-sd.com, staffing@genmagic.com, hr@oaktech.com, jobs@opti.com, resumes@delfin.com, tpc@integration.com, jobs@sunup.com, resumes.rfpower_mh@ericsson.com, people@newfocus.com, jobs@episupport.com, hr@synplicity.com, jobs@mdyn.com, career@smartm.com, hr@nanogen.com, hrdept@curtisca.com, resume@ceoi.com, recruiter@wyse.com, peggi.stamm@hti.htch.com

San Jose Mercury News - Part II (September 13, 1998)
JOB 9
jobs@cardiac.com, jobs@gravitytech.com, jobs@synthesysresearch.com, employment@aristotech.com, recruiting@omnicell.com, jobs@pluris.com, career@galgon.com, irene@ancore.com, ari_jobs@affymax.com, tchiang@techwellinc.com, resumes@com21.com, hr@oblix.com, reneev@sncorp.com, employment@splashtech.com, service@systron.com, jobs@jpmsj.com, jobs@coppermountain.com, hr@powerint.com, info@xemod.com, info@photon- inc.com, jobs@divio.com, hr@harmonic-lightwaves.com, hr@fci.com

Westech High Technology Careers (September 1998)
JOB 10
ddickins@pixtran.com, hr@isd.com, hr@plx.com, jobs@sentientnet.com, jobs@symantec.com, michellen@8x8.com, HR@broadvision.com, careers@aol.com, hr@intarsiacorp.com, jobs@cerf.net, staffing@atp.com, info@xemod.com, hr@feico.com, recruiter@tcisolutions.com, staffing@cis.canon.com, austin@atr1.com, resume@atr1.com, jobs@concentric.com

San Jose Mercury News - August 29, 1999
JOB 11
resume@hp.com, jobs@lumnet.com, staffing@corsair.com, resumes@thru-put.com, hr@inkjet-tech.com, jobs@dpix.com, jobs@lexra.com, hr@roassoc.com, hr@unisil.com, hrecosys@atmi.com, resume@calimetrics.com, HR@plxtech.com, jobs@splasers.com, lanne@rudolphtech.com, jobs@new-techinc.com, info@crossroads.com, employment@sicon.com, human_resources@edgesemi.com, jobs@mindmaker.com, inquiry@uniqa.com, bonesteel@value.net, fordd@hrsss.com, jobs@ubmusa.com, HiringPT@pebio.com, resume@nms.fnc.fujitsu.com, marie.tremblay@medtronic.com, jobs@mediaplex.com, jobs@hotrail.com, erinwc@erineng.com, hr@camstar.com, jobs@alidian.com, hr@cetr.com, eddyh@hiwinmikro.com, jobs@corp.phone.com, hr@calmicro.com, careers@kbscorp.com, jobs@elantec.com, hr@adicomwireless.com, cleanad@metasound.com, laura@aspec.com, jobs6@yahoo.com, jobs@comtier.com, jobs@clarify.com, jburns@ciena.com, jobs@aerogen.com, hr@invision.iip.com, glin@digicomsys.com, jobs@cohera.com, resume@atmel.com, resumes@sageinst.com, staffing@ca.slr.com, jobopps@supertex.com, jobs@vishay.com, staffing@wj.com, employment@sti.com, jobs@larscom.com, resume@pinnaclesys.com

Dallas Morning News - August 29, 1999
JOB 12
errecruiter@na.marconicomms.com, recruitment@spang.com, hr@pvi.com, tpiDFW@aol.com, hrresume@cacd.rockwell.com, personnl@friedrich.com

Jobtrak - April 5, 2000
JOB 13
rcambareri@pacbellwireless.com, career@dknowledge.com, raffi.codilian@wdc.com, resumes@rsc.rockwell.com, hr@cputech.com, irdinc@earthlink.net, mortons@lincom.com, jobs@qthink.com, resumes@cbm.canon.com, rick.melvin@analog.com, marilyn.condran@baesystems.com, resume@conexant.com, staffing@sv.sc.philips.com

Silicon Valley Tech Week - November 13, 2000
JOB 14
jobopps@tce.com, kpitjobs@kp.org, jobs@elantec.com, te_ca@jabil.com, careers@zflinux.com, jobs@jasminenetworks.com, jobs@nsc.com, colo@inreach.com, siliconvalleyjobs@foliage.com, careers@commerceone.com, jobs@zarak.com, cag.hr@cohr.com, jobs@redswitch.com, Job.responses@hsa.hitachi.com, careers@qstech.com, hr@cosinecom.com

San Jose Mercury News - May 13, 2001
JOB 15
resumes@microchip.com, omeissner@maxios.com, careers@phodyn.com, jobs@os.varian.com, jobinfo@cachevision.com, career@lightwaves2020.com, hr@nvidia.com, eis.jobs@us.abb.com, jobs@actuate.com, jobs@openwave.com, santaclarahr@atitech.com, careers@synopsys.com, hr@teja.com, cooljobs@s3graphics.com, jobs@ictv.com, jobs@redback.com, jobs@ci.santa-rosa.ca.us, jobs@quinstreet.com, jlien@pericom.com, jobs@lightsand.com, agkayler@micron.com, hr@gtweed.com, jobs@atoga.com, kelvyn@hibandsemi.com, al.pham@gluonnetworks.com, hr.sj@ricoh-usa.com, admin@teamscape.com, hr@fse-power.com, hr@admtek.com, jobs@excelsior-mfg.com, jobs@siimage.com, richardgu@aoctech.com, vickie@ipunity.com, recruiting@ctscorp.com, hr@rapid5.com, karen.vu@evoice.com, hr@controlnet.com, info@ecosnow.com, bhadinger@calair.com, hr@nlc.com, resumes_wa@alliedtelesyn.com, amygmt@worldnet.att.net, jobs@informativepeople.com, hr@prediwave.com, hr@optiwork.com, laura@sonnetusa.com, careers@irislogic.com, hrm@powertv.com, jobs@trendmicro.com, resumes@fisherinc.com, marieh@wintecind.com, careers@tahoenetworks.com, teamwork@xirlink.com, humanresources@nextec-rf.com, jobs@enreach.com, tt@pacecocorp.com, jobs@quartetns.com, careers-sanjose@siliconaccess.com, youngshim@aqs-inc.com, jobs@pixo.com, hr@johnstech.com, hr@road-com.com, jobs1@tsunamioptics.com, joanna.reyes@mindspeed.com, kf@administaff.com

High Technology Careers by Brassring - Feb/Mar 2001 Vol. 18 No.1
JOB 16
jobopps@tce.com, careers@mondes.com, kbasl@intevac.com, jobs@trimble.com, jobs@andanetworks.com, jgarci03@harris.com, careers@impac.com, resumes@tibcofinance.com, jobs1@csd.com, jobs@infineon.com, jobs@veritas.com, hr@starvox.com, optics@rt6.com, hr@tegal.com, jobs@sunrisetelecom.com, talent@catc.com, jjolly@celerity.L-3com.com, manzanares@earthlink.net, jobs@resilience.com, cooljobs@xicor.com, hr@camstar.com, jobs@mobilinktel.com, hightech@incyte.com, hitec@jazo.org.il, jobs@centerpoint.com, sj.jobs@am.sony.com, resumes@tumbleweed.com, resumes@condorsys.com, HR@acmrc.com, hr@garudanetworks.com, jobs@zembu.com, sanjresume@bd.com, hr@littonatd.com, jobs@nazomi.com, recruit@candescent.com, resumes@kla-tencor.com, resume@borland.com, hr.mio@sbs.com, dalia.liron@innowavebb.com, Dballagh@3dsp.com, jm.sheldon@gemfire.com, rrojas@pria.com, mvrecruiting@teledyne.com, jobs@epeople.com, careers-us@charteredsemi.com, employment@ejasent.com, jobs.htc@compaq.com, newgrad@altera.com, jobs@legato.com, jheinrich@com21.com, hr@marvell.com, jobs@pixim.com, hr@acta.com, ddalal@gobosh.com, resume@appsig.com, careers@godigital.com, sjjobs@sj.symbol.com, careers@ampro.com, jobs@commandaudio.com, careers@CRTechnology.com, employment@entigen.com

EE Times - March 26, 2001, March 5, 2001
JOB 17
bayareajobs@vitesse.com, recruiting@artisan.com, fitz@sssnet.com, jobs@foundrynet.com, frank.humphrey@adtran.com, IPCJOBS@earthlink.net, careers@mahinetworks.com, careers@cfires.com, eet@nesnet.com, vtb-10@voyetra.com, jobs@nurlogic.com, careers@mltc.com, todd@jobjungle.com, careers@thunderRiver.com, rtpjobs@ericsson.com, hanmi@hanmico.com, ldavis@ditechcom.com, 471798.6@jobfrenzy.com, recruiter2@adaptec.com, matt@jivaroinc.com

San Jose Mercury News - June 3, 2001
JOB18
Lucy@rudolphtech.com, hr@fodus.com, dactron@msn.com, mailbox@mctengr.com, sspiller@arcadiadesign.com, apply_sanjose@celestica.com, hr@solidone.com, careers4@logicon.com, hr@turnstone.com, edaadmin@edainc.com, hr@agorics.com, careers@spiketech.com, hr@sequencedesign.com, jobs@silicon-packets.com, getajob@mips.com, jobs@zilog.com, dmorris@zmda.com, gloria@zeta-idt.com, recruit@dcswins.com, hrstaffing@symyx.com, employment.sanjose@pemstar.com, team@accesslan.com, jobs@digisle.com, BATCRecruiter@ball.com, resume@hoyaoptics.com, KTCAPET@quadrant.com, hr@pmcflash.com, jobs@ebay.com, hr@via-cyrix.com, hr@implant-center.com, techjobs@entercept.com, employment@brecis.com, Acro.pasadena@acrocorp.com, mtr@mtrinc.com, Obyron@spgca.com, jobs@azanda.com, vpapa@xoftmicrotube.com, hr@robsci.com, jobs@clarent.com, hr@dcmindustries.com, jobs@verisign.com, lilyh@maxxan.com, careers@packetdesign.com, resumes@www.wdc.com, jobs@simplex.com, jobs@saratogasystems.com, pmi@vigilance.com, recruiting@artisan.com, edgar@denham.net, lake@lightlogic.com, hr@inkjet-tech.com, greatcareers@visx.com, careers@platys.com, jobs@rti.com, jobs@razafoundries.com, jobs@kcti.com, jobs@vina-tech.com, hr@trompeter.com, emanning@packeteer.com, jobs@synthesysresearch.com

San Jose Mercury News - June 10, 2001
JOB19
hr@themis.com, hr-us@arm.com, jobs@novacrystals.com, hr@apichip.com, recruiter@iphotonics.com, Perlegen_HR@perlegen.com, mary_calon@holz.com, jobs@cidcocom.com, genesis@rpc.webhire.com, jobs@vicom.com, dflottman@atiae.com, recruit@infobahnsw.com, employment@arkivio.com, maricela@linkupsys.com, resume@vivacenetworks.com, jobs@tavanza.com, jobs@cplane.com, djansen@coen.com, engineerg@hosmer.com, scjobs@us.ul.com, staffing@nayna.com, jobs@simagic.com, hr@aitfl.com, bobl@lathropengineering.com, staffing@virtual-silicon.com, jobs@caresoft.com, staffing.SVLCA@trw.com, jobs@adobe.com, staffing@wellex.com, hr@mmctechnology.com, HR-Emeryville@affymetrix.com, HR@finisar.com, necel@rpc.webhire.com, careers@verticom.com, HR@aemf.org, hr@entrego.com, hr@ateonix.com, jobs@mosel-vitelic.com, burt@oriolinc.com, jobs@luxxon.com, jobs@silvaco.com, resumes@mapleoptical.com, HR@Sparqtron.com, jobs@netigy.com, meblasi@home.com, hr@rcorp.com, bisterjj@nv.doe.gov, hr@tmantennas.com, hr@opticnet-inc.com, Ga400Career@sea.siemens.com, jobs@agile-automation.com, jobs@numeritech.com, jobs@enreach.com, jobs@wavesplitter.com, careers@triscend.com, jobs@opsol.com, dnazarenus@medsourcetech.com, hr@parallax-medical.com, jobs@sisilk.com

San Jose Mercury News - June 17, 2001

JOB20
jobs@oni.com, resumes@rambus.com, staffing@tridmicr.com, jobs@siperian.com, sanjosejobs@netiq.com, hr@compsensor.com, hr@sensarray.com,
troberts@netledger.com, personnel@telewisecomm.com, info@quadrep.com, jobs@barcelonadesign.com, jobs@synaptics.com, jobs@timogen.com, joblogic@pdf.com, careers@bose.com, hr@networkphysics.com, resume@guzik.com, natalia.murray@astecsemi.com, hr@phoenix.com, recruit4@coherentinc.com, info@aristanetworks.com, jobs@centillium.com, recruiter@alvesta.com, egainjobs@egain.com, laurieg@checkpointtechnologies.com, jobs@headway.com, jobs@etouch.com, coriojobs@hiresystems.com, kchen@excelics.com, jobs@nishansystems.com

San Jose Mercury News - November 19, 2000
JOB21
personnel@gmicolor.com, craig_chidlow@fast-chip.com, SanJose.JOBS@teradyne.com, enghr@efi.com, jobs@zambeel.com, Raschell.Floodman@ind.alcatel.com, hr@opthos.com, jobs@dataphysics.com, hr@fireclick.com, jobs@des-ae.com, hr_it@Chartone.com, jobs@genemachines.com, jobs@dialpad.com, jobs@nixxotech.com, jsmith@apw-enclosures.com, FremontJobs@bsci.com, hr@jenningstech.com, Theresa.Sweet@readrite.com, employment@ocv.com, jobs@zip2.com, jobs@teraoptics.com, jobs@ils-tech.com, hr@svpa.com, jobs@sat.com, jobs@ingine.com, HR@altigen.com, jobs@o2micro.com, Alltemps@Abreau.com, resume@ti.com, webmaster@ghz.com, jobs@ecode.com, Hrwest@techspan.com, linc@intrinsix.com, jobs@ingenuus.com, resumes@quintus.com, hr@imedica.com, hr@marketfirst.com, employment@broadbase.com, jobs@intensys.com, rem.sw@remingtonjobs.com, jobs@cyras.com, staffing@as-e.com, hr@mosys.com, HR@raytek.com, jobs@SAAMA.com, jobs@appro.com, hr@agilitycom.com, hr@wireless-link.com, jobs@angelengineers.com, adventures@watchertech.com, hr@oratec.com, jobs@netscaler.com, hr@insilicon.com, jobs@windriver.com, hr@eiccorp.com, p09.personnel@SCI.com, engineer@inspx.com, globalstar@rpc.webhire.com, jobs@accuray.com, dannyl@atpusa.com, hiring@volterra.com, Russell@atcor.com, recruiting@dtius.com, kduda@metrolineindustries.com

San Jose Mercury News - June 24, 2001
JOB22
sanjosejobs@earthtech.com, jobs@selabs.com, hr@esstech.com, jobs@bitmath.com, careers@onetta.com, hr@iridex.com, sanfrancisco@thk.com, resumes@arie.com, HR@ambicom.com, jobs@bayspec.com, bkmc@mindspring.com, HR@mdcvacuum.com, hr@optonics.com, hr@volterra.com, hr@impaxlabs.com, hr@inviscidnetworks.com, HRStaffing@halodata.com, resumes_adv@innominds.com, rrcstaffing@readrite.com, rchrenowski@hns.com, jobs@tavant.com, jobs@pointbase.com, yangcai@mediostream.com, jobs-sjmn@speedtrak.com, jaya@softsolresources.com, us- staffing@businessobjects.com, jobs@rackable.com, john.lawson@qlogic.com, IPE@nihachi.com, Amanda_E_Cullen@md.northgrum.com, jobs@ibusinesshub.com, sdjobs@fairchildsemi.com, jobs@k2optronics.com, resume@surromed.com, careers@sandisk.com, lamjobs@lamrc.com, jobs@transparentnetworks.com, jwang@pinephotonics.com, jobs@arthrocare.com, staffing@ambernetworks.com, susan@ect.com, resumes@ps2tech.com, hr@apluscorp.com

San Jose Mercury News - July 1, 2001
JOB23
wendy@360degreeweb.com, jobs@bigbearnetworks.com, resume@ovt.com, HR@stradient.com, Hr@quippex.com, jobs@ipverse.com, Jobs@merc-int.com, jobs@coreon.com, jobs@crosslayer.com, resume@intervideo.com, jobs@sonicblue.com, jobs@prismedia.com, suncrest_hr@yahoo.com, jobs@neomagic.com, careers@imperito.com, actuate@hiresystems.com, jobs.mdyn@am.apbiotech.com, jobs@centricsoftware.com, resumes@terayon.com, jobs@ecrio.com, hr@ipitek.com, shomo@fortemedia.com, jobs@cognigine.com, jobs@lnxw.com, anorton@hothire.com, jobs@innotone.com, jobs- web@sensys-inst.com, careers@laranetworks.com, jobs@endwave.com

San Jose Mercury News - July 8, 2001
JOB24
karenq@vxitech.com, jobs@elance.com, jobs@innova-usa.com, recruiting@cygn.com, careers@novellus.com, jobs@zettacom.com, bsstreeter@msn.com, patty@cme4job.com, jobs@mindstech.com, Shelly@atomic29.com

High Technology Careers - June/July 2001 Vol. 18 No. 3
JOB25
jobs@lanterncom.com, jobs@sapphirecommunications.com, employment@net.com, jobs@terraspring.com, llievonen@BrassRing.com, staffing_ca@maxtor.com

San Jose Mercury News - July 29, 2001
JOB26
sgonia@lightwavemicro.com, staffing@ms2.com, jobs@pumpkinnet.com, careers.us@southamptonphotonics.com, hr@flashelec.com, employment@pge.com, career@symmetrycomm.com, jobs@beckman.com, jobs@katsinaoptics.com, uscareers@metrophotonics.com, hr@na.teleatlas.com, career@exar.com, hr@presenter.com, liubo.hong@digilens.com, empowertel@rpc.webhire.com, davidv@ciena.com, resumes@iready.com, hiring@frogdesign.com, jobs@bytemobile.com, vishay@rpc.webhire.com, ads@internec.com, jobs@esurance.com, HR@atce.com, hr@sdocorp.com, angela.martin@hcd21.com, college@newport.com, emcresumes@EMC.com, jobs@saic.com, ResumesBR@vetronix.com, lydia_pine@udlp.com, cwright@equipetech.com

San Jose Mercury News - August 5, 2001
JOB27
opportunities@gecareers.com, careers@pacwest.com, jobs@dejima.com, hr@themis.com, careers@noveraoptics.com, jobs@avnisoft.com, jobs@coronanetworks.com, careers@altoweb.com, jobs@nthorbit.com, electrical@laeng.com, kayeb@polarvision.com, knoxcorp@excite.com, employment@starfish.com, ENGresumes@mobilesys.com, hr@afop.com, jobs@abeona.com, careers@bcone.com, bogara@hyperion.com, Mcantwell@compeq.com, jobs@hba.com, jobs@comdev.cc, employment@lbl.gov, Rowena.Tolentino@corp.palm.com, tfrtec@aol.com, hr@caeultrasonics.com, abukhari@catalyticaEnergy.com, jobs@fortuna.com, hrd@metabyte.com, hr@activeoptical.com, sharonberman@rpse.com, jobs@purpleyogi.com, employ@teacengineers.com, jobs@realtip.com, cchang5@acer.com

Santa Clara Convention Center - August 7, 2001
JOB28
Jobs@hds.com, adept@rpc.webhire.com, Careers@EnsembleCom.com, lzhang@broadstorm.com, careers@cloudshield.com, hr@dmscorp.com, jobs@9oclock.com, jobs@digitalarchway.com, resumes@lsscorp.com, jobfair@mmcnet.com, jobs@3ware.com, jobs@netlogicmicro.com, michelle@etak.com, jobs@accordionnet.com

HOME

TABLE OF CONTENTS

Amen.

[FreeUser]

No, they're not unreasonable.

[...]

You wanna get bandwidth with a company that provides services to spammers and relocates spammers to IP addresses to avoid blocking of single IP addresses, don't come whining to /. when the rest of the world wants nothing to do with your ISP.

Thank you.

The only way you get blacklisted is if you (or your ISP) is stupid enough to run a promiscuous mail server that allows anyone to use it as a maildrop/forwarder. Fix the problem (either getting a new ISP, closing up your server, or highering competent people to run your service) and you will be de-blacklisted.

If you cannot be bothered to do any of these things you (and your company) don't deserve to be on the internet, and certainly don't diserve to have any contact whatsoever with me.

Since all of these lists are voluntary, if I have chosen to shun you on the basis of one that is my choice. You do not have a right to be able to contact me if I don't wish to allow it, so get over it, learn from your mistakes, and don't make them again. If you can't be bothered to learn, then, well, enjoy being a component particle of the Black Hole.

Re:Amen.

Let me give a take on this.

I work for a medium-size-ish ISP which recently (mid-Jan) subscribed to the ORBZ and ORDB lists.

Our admins saw the result: Thousands of messages per hour being filtered, resulting in a much happier server. Certainly, some are probably valid, but it provides incentive to the other administrators trying to send *valid* email to investigate and clean up one of those servers.

We at lower levels get the flack, however - "We *NEED* those emails and you'll let them through or else!" type. Not if the remote admins don't want to clean up their server. (One of those contacted actually *wanted* an open relay to allow all their customers to send mail from a common access point for the domain. Dumb idea.) But you can't as easily tell a customer that without getting some negative feedback.

However, the signal/noise ratio has been good. Not that a lot of people notice enough to tell us...

The next - our own users are our worst enemy. By setting up Winproxy with SMTP open and forwarding to our outbound, or other such actions, they get *our* mail server on those self-same lists.

However, when that happens, we act. "Clean it up, or you get disconnected." Generally, they're willing to work within that, when they realize the alternative. I've had good experience with ORDB and ORBZ, and consider them a good enough service for the price. :) Anything else - is probably in that margin that business wouldn't care about much anyway, but I can't speak directly for 'em.

Re:Amen.

[DodgyGeezer]

Did you not read the story dickhead? He has fixed the problem, but unlike what you claimed would happen, he hasn't been "de-blacklisted". Next time, engage your brain before posting.

Re:Amen.

Glad to hear you all emerged from the womb knowing how to admin mail servers.

Re:Amen.

[punkki]

Glad to hear you all emerged from the womb knowing how to admin mail servers.

Do you truly believe that one should get a responsible job without proper training? Like flying a plane?

Re:It's anti-democratic ! There are other (better)

[dbucher]

Ok, you misunderstood me. I agree with you about today's situation. You can do an apt-get upgrade under debian and your maybe old mailserver is immediately corrected. But I am speaking about Linux/Internet in 1997, for example...

But most importantly : I am speaking about systems that didn't get SPAM, that were just reported as being open, not as being generating and providing spam.

Don't forget that the first victim or relaying SPAM is the open mailserver itself ;-)

And most importantly these lists are not based on any RFC or any standard

Re: Exclamation marks

[dietz]

That reminds me. Another great thing about SpamAssassin is that any email address that sends you three non-spam messages gets automagically added to a whitelist so none of their emails will ever be counted as spam again.

Re:No. Deal with it.

[lazy_greenhouse_gas]

You livin that name son: when you gonna run out of spaces to kill brotha?

Yes Big Kudos to Spamassasin

[sterno]

I started running spamassasin a few weeks ago and it works wonderfully. I've got it set up on my box so that users can choose to use it or not by some simple procmail configuration.

The way I use it is have all spam messages get dumped to a common directory. This way I can verify that I didn't lose something important. In the 169 messages it filtered out during my last cleaning, 3 (all from mailing lists I'm on) we filtered improperly, and none of them were that important.

The beauty of this approach is that I can deal with wiping the spam out all at once and not have to be digging through my mail box wondering from subject lines if something is worth reading or if it's spam. I'll just do a "grep Subject: * | less" in the directory I use for storing the filtered messages and check for any mistakes. I add the mistakes into my procmail filter and voila, I get maybe half a dozen spams a week now.

Pot: Kettle, you're black!

[Chagrin]

Sysadmin A, whom didn't take the time to check the security of his mail server, is complaining about sysadmin B whom doesn't take the time to maintain his spam list?

Please tell me what company you work for. I'd like to see how well-maintained and secure your systems, apparently employed by some type of financial company, really are.

...or feel free to move your mailserver to another IP or subnet if you can't get it unblocked. Testing it could be a pain in the butt, but isn't the spam that you let through a pain in the butt also?

Re:Pot: Kettle, you're black!

[bruns]

>...or feel free to move your mailserver to another IP or subnet if you can't get it unblocked.
---SNIP---

Funny, thats what most of the people we block do to try to get off. Its become procedure to scan 5+/- IPs of the mail server to check for the actual open relay when the main server seems to reject relays. More then half the time we find the right ip 1 up or below the spam output. Both of them get added, and we wont remove both until the whole netblock is scanned and there is no relays left. My advice to open relay runners is to fix the problem or dont ask to be removed.

Give your users the control: EXIM and RBL-Warning

[Sosarian]

Use EXIM as your mailserver and you can have the best of all worlds.

1) Messages are checked for RBL
2) A X-RBL-Warning header is added to the message
3) Users can choose to filter these messages themselves

If you had an open relay

[www.sorehands.com]

If you had an open relay that was used by spammers, go after a few of them in court. Go after the people who sell the SPAM software that uses the open relays.

Bankrupt a few spammers, show others it is not cheap to spam. Maybe get some charged criminally.

All spammers should be tortured, then executed.

Blacklists not the answer...

[curunir]

IMHO, Blacklists are just a small band-aid on the gaping wound that is SMTP. SPAM has proliferated to the point where it needs to be dealt with in a more sane manner than just punishing the offenders.

I'm usually all for privacy, but I think we need to be using an email transport protocol that involves some form of authentication. I'm not sure if some such protocol exists already, but it doesn't seem like it would be too hard to create.

Am I way off base here, or wouldn't this cut way down on SPAM?

Re:Blacklists not the answer...

[tymesf]

Why not require everyone that sends mail to you to use pgp? You can check for pgp signatures or encryption and filter if it's missing. There are pgp versions and hooks for every major MUA and operating system, and this has the added bonus that you can verify who you're talking to, and that more people start using pgp.

Re:Blacklists not the answer...

[Senior+Frac]

Why not require everyone that sends mail to you to use pgp?

Aside from being onerous to the sender.

Why not make everyone who writes me put "FRED" in the subject line? Same effect. Solves nothing.

The eternal problem with content filters is that you're paying for delivery, whether your read it or not. IP blacklists stop the delivery entirely.

Lazy end-users

[Aiee]

In my experience, the most efficient way to decrease spam is to educate the users on how to use filtering. Simple mail filtering comes in most popular email clients these days, and after adding a few notorious spam domains as well as some of the most common phrases included in spam, it quickly drops to a point where it's hardly even annoying.

Personally, I've made it a habit to immediately add a specific persons email address, as well as the topic of their mail to my spam filter. At the present, I get 1, perhaps 2 spam mails per month, using only my internal spam filters to get rid of it.

I realize that this will not decrease the amount of bandwidth the spam mails consume, as the filtering is done on my machine, but I find it a relatively small price to pay in exchange for a minimal risk of non-spam mail not reaching me.

Re:No. Deal with it.

[dattaway]

Try actually having to deal with spammers. They lie and threaten to sue often if I complain.

If you do the crime, be prepared to do time on the blacklist. Ignorance of spam administration is no excuse.

Simple solution

[gUmbi]

The rehabilitated system or network should be able to submit there address to a server to be crawled for open relays (much like submitting a URL to a search engine).

The server would connect to each address in the resubmission list and test if the relay was open. If an open relay wasn't detected then the system is put into a probationary state or taken off the list entirely. It's an automated solution that doesn't require any work by spam list administrators.

If necessary, the list of resubmissions could be distributed to volunteered machines (similar to seti) on many different networks. The volunteer machines then double-check the result. This reduces the chance of someone closing the relay exclusively for the spam list server.

A three-strikes and you're out policy could also be put into place.

Jason.

Re:Simple solution

[Enigma2175]

The rehabilitated system or network should be able to submit there address to a server to be crawled for open relays (much like submitting a URL to a search engine).

I don't know about the other RBL lists. but ORBZ allows you to do this. The URL to submit your server for re-testing is http://www.orbz.org/sysadmin-darkside.php.

Re:ObPeeve: SPAM(tm) vs uce spam

[geekoid]

the poster was just asking for common courtesy towards Hormel.
sheeesh, Hormel could of gotten all uppity about it, sent its lawyer out. We all know that cease and desist letters work. If you get a cease and desist letter, and don't, you end up in court. do you have enough money to fight this in court?

Now if I could only get one of those flaming SPAM hats.

Your IT guys are morons.

Seriously. They need to be canned. NOW.

My employer's corporate office email system is an open relay, so that outlying offices (like ours) can send email, and so the company can track what we're doing.

Your employer's corporate office needs to emply a VPN.

My employer is baffled why we can't get off of the blacklists, even after the move to the new ISP.

Tell him it's because th IT guys are incompetant. Point him to this message if he thinks it's just you. You NEVER need an open relay. Tell him that you need VPNs between sites - that with the email flying around unencrypted, that anyone can view all of your internal memos as they fly between sites.

Re:Your IT guys are morons.

[tweek]

No shit. That was the first thing I thought when I read it.

Use a couple of fucking openbsd boxes or linux boxes for vpn gateways and tell the IT wankers to take a fucking leap.

Re:Your IT guys are morons.

[SuiteSisterMary]

Hell, configure your mailservers to only relay for the IP addies of your other mailservers, then use TLS encryption, if you don't care for a full blown VPN/WAN solution. But you don't need to be open to the world.

I've been there... and it sucks

[sparkz]

I've done the exact same thing as the poster of this article - and it took ages (weeks, IIRC) to get off the list, despite being "clean" for all that time.

One item of spam had been sent through our server, I spotted the problem, fixed it, and got told that I'd been blacklisted. I then applied to be retested ("oh please Mr. Self-Appointed Cop, please say that I am good"), and was not removed from the list for a long long time. It should be automatic. Maybe test that server once a day for the next few weeks to make sure that it stays closed, if you feel such an urge. But everybody loses when the lists are not updated promptly - the admins of previously-open relays cannot send email, innocent recipients of email from the previously-open relay don't receive email they were expecting, and the maintainers of systems using the blacklists lose faith in the accuracy of the list, and stop using them (hopefully!).

I really don't know why people bother using these lists - I've not seen anyone claim here that they've benefitted significantly from doing so, and many people are harmed.

Re:I've been there... and it sucks

[bruns]

Do you know what it takes to run one of these lists? Its not that easy. We dont like blocking people, but when your server is an open relay, you are a liability, which means I must keep you from causing my server a possible problem.

I dont ask much. All that I expect is for people to setup their access lists correctly - use pop before smtp, smtp auth, ANYTHING BUT OPEN RELAY.

We process removals once a week because we make it a requirement all additions/removals be done by hand to prevent errors in the file. If you dont like that, then either #1 learn your lesson about running an open relay and not do it again or #2 support those people who are running these lists so they can work faster and better.

Blacklists are bad - DNS fascism is WORSE!

[bourne]

As other people here have said, blacklists can be bad but most often only need some patience to get off of.

What's far more annoying, in my opinion, is those sites who've configured their mail server to be utterly anal about DNS. Forward mapping, reverse mapping, no underscores, etc. etc. Since many otherwise decent mailservers are stuck with ISP "What's DNS?" level support, this can be a pain in the ass for completely innocent victims.

Re:Blacklists are bad - DNS fascism is WORSE!

Utterly anal is bad, yes. Making sure that the system's claimed hostname matches its reverse-lookuped name is NOT. We insituted this rule and the ONLY stuff that was caught was stuff from ISPs that had NO dns set up for servers in their outgoing mail pool. We virtually eliminated spam from our system.

Most of the ISPs we contacted fixed the problem within a matter of hours. If you don't have proper DNS set up, you shouldn't be running a mail server...and our checks didn't prevent you from running your domain etc off a DSL line etc...we had no problems with false bounces because of odd virtual domains etc...just ISPs with really, really bad(missing entirely) DNS.

Re:Blacklists are bad - DNS fascism is WORSE!

[Phil+Hands]

... just ISPs with really, really bad(missing entirely) DNS.

I agree, DNS facism can be quite useful, but unfortunately one such incompetent ISP is BTOpenwoe, who are responsible for a massive number of UK dial-up & DSL lines.

Check this out:

sheikh:~$ host 213.122.0.74
Name: host213-122-0-74.in-addr.btopenworld.com
Address: 213.122.0.74

sheikh:~$ host host213-122-0-74.in-addr.btopenworld.com
host213-122-0-74.in-addr.btopenworld.com does not exist (Authoritative answer)
sheikh:~$

and they've been told about repeatedly, bat apparently cannot be arsed to fix it.

Re:Blacklists are bad - DNS fascism is WORSE!

[21mhz]

What's far more annoying, in my opinion, is those sites who've configured their mail server to be utterly anal about DNS. Forward mapping, reverse mapping, no underscores, etc. etc.

Underscores? Quit smoking crack and read the RFCs.
Reverse mapping is a good thing for legitimate mail servers to have. Don't let slimy "direct marketers" make you believe otherwise.

Re:Blacklists are bad - DNS fascism is WORSE!

[Skapare]

Doesn't matter. I don't want mail from generic dialup/DSL/broadband connections, anyway. If you're running a BSD or Linux box on such a connection, then either forward outbound mail through their central (presumably correctly DNS'd) mail servers, get a static IP with correct PTR+A entries, get a better ISP, or write to your MP.

Re:Blacklists are bad - DNS fascism is WORSE!

[Skapare]

It can't be a decent mailserver if the administrative staff who configure the network can't get it right. I'd worry that if they are too incompetent to get DNS right, they're probably too incompetent to get the mail server right. If it's not an open relay today, it might become one tomorrow.

Requiring reverse PTR names to provide a forward A record that matches the connecting IP is a bozo sysadmin filter. And it does a damn good job of filtering out huge numbers of direct marketers and eastern Asian pirated open relay MS Exchange servers.

I do have a list of a few IP addresses that I accept mail from regardless of any DNS problem or blacklist. If you really need to send me mail, have a static IP and an incompetent ISP, get on Hotmail and send me your story (why you can't change to competent ISP, and what your static IP address is), then I can open it up for you.

Re:Blacklists are bad - DNS fascism is WORSE!

[bourne]

It can't be a decent mailserver if the administrative staff who configure the network can't get it right.

The point is, many decent sysadmins run decent mail servers and - wait for it - have no control over their DNS. DNS is often handled by incompetent ISPs (I don't want to name names but it starts with two U's...)

Re:Blacklists are bad - DNS fascism is WORSE!

[Skapare]

They do have some control. They, or the company boss calls up and says "Get in-addr.arpa delegation working NOW or we have breach of contract!" and if they don't, you move on to another ISP because you're gonna lose if you stay with them. It is not my responsibility to let through 40% of the spam I'm now blocking because your business won't get a better ISP.

As for UU..., they will do it if you ask. I've set up about 20 businesses on UU... and never had any problems with in-addr.arpa delegation, even though the delegation went over to servers not even in the UU... address space. A couple times I had to repeat what I wanted, and got the call handed over to someone who actually knew what I was talking about.

Now there is one major ISP that seems to be very lame, brought to you by the letters Q and W).

Re:No. Deal with it.

[JordoCrouse]

Don't like living in a crack house? Move.

What about the people living next door to the crack house? Should they not be able to get a pizza as well? How about the good houses that get anonymously accused of being crack houses?

The fact of the matter is, for every legimiate spammer on the list (even the well administrated ones), there is another placed there unfairly.

In the three weeks preceding the much awaited dumping of ORBS, we started dropping mail from 4 different valid mailing lists and 1 valid business (it was a brick and mortar business - no web presence, just an e-mail server). One of the lists was LKML (and I have no idea why it was on the list), and the other three had the misfortune of being on the same web hosting service as a spammer.

The brick and mortar was on the list because of an open relay (which was a good reason to be listed), however once it was closed, they were not allowed to be removed, though their level of e-mail is about 20 - 30 message a day, and they have never send a spam in their existance.

The problem is that we are all living in close proximity here - legit businesses are only a few digits away from spammers (just like the real world). And the knee jerk reaction that most sysadmins take in dealing with the situation is similar in nature to burning half your mail daily because the postmark is similar to a known junk mailer. And burning is a reasonable analogy, because blocked emails don't get archived or analyzed, they get tossed, lock stock and barrel.

Its so easy for a sysadmin to install a blacklist and never worry about it again (unless of course, *he* starts losing messages).

The price for having a spam free existance is to constantly monitor and evaluate the system, not to light a match and walk away.

The same thing happened to me. I'm all for it.

[RexDevious]

It wasn't until I checked the fine details of our server log that I found out we'd been blocked by the RBL, and they made it clear how to remedy the situation of us being an open relay. Even if it turned out to be a serious pain (which it didn't) to remove ourselves from the list; it's still a heck of a lot better than what was going on before: namely that people were getting unsolicited porn promos, ostensibly from our investment bank.

As far as the part-of-the-problem/part-of-the-solution matter goes, there's no question in my mind the spam blacklists are part of the solution. ISP's can subscribe to any list they choose. If a list starts getting careless, ISP's stop using it. As far as "innocent" companies like yours and mine getting stuck on these lists for longer than we'd like - hey, we deserve it for behaving irresponsibly in the first place. It would be like if we were inadvertantly supporting some reprehensible regime with our regular business. Sure, we didn't mean to - but we did it and don't deserve to be instantly trusted again the second we stop. The strong reactions of anti-spam groups should make people like us, would rather not deal with the issue if we don't have to - realize that WE HAVE TO. And to the groups which do this intentionally, the lists hold force their ISPs to decide between enforcing their own AUPs, or lose all their decent customers. And we get all this without having to rely on the impartiality of a Bush/Ashcroft/Enron solution. What more could ya ask for?

Re:No. Deal with it.

[Tackhead]

> If they maintain the lists, they should *maintain* them, not just treat them like a brick wall and simply pile up the addresses and leave it at that.

*nodding* - I'd never recommend anyone other than "me" use my blacklist. (And that's why I don't publish it :)

I'm too lazy to take entries out on a day-by-day basis. I believe public blacklists (in general) are a Good Thing, on the grounds that they're easier (for the admin) to use than private blacklists, easier (for the admin) to maintain, and easier (for legitimate customers if and when the ISP cleans up its act) to get out of.

Re:No. Deal with it.

[ahde]

you must use BSD

Internet Darwinism

[KFury]

Rather than try to 'rehabilitate' those blacklists that are too rigid, count on those who subscribe to the block lists to pick those that are most responsible.

Think about it: If I run a mail server and use the biggest, least lenient blacklist provider out there, my users will start to complain when they're not getting important emails from people.

As in everything there's a middle ground between blocking too much and blocking not enough (or even none). the right answer is tu make sure mailadmins listen to their users, so they can find the right black hole list, striking the balance between spam and legitimate access.

Who knows, we may even get a responsible public organization out of this, recognized for specific rules and procedures for blacklist inclusion and removal. the sooner there's one list, the sooner we have less spam and less illegitimate blocking.

Re:No. Deal with it.

[Tackhead]

> First of all, your crack-house metaphor is absurd. Secondly, your "if you dont like it, move" mentality is so amazingly worthless, I'm surprised i'm even taking the time to point it out.
>
> If you don't like it, try to make it better.

Moderators - give that guy back a point.

I really should have written "If you don't like it, ask your landlord to evict the dealers. Then think about moving."

Or "If you don't like being listed in SPEWS, and you're not a spammer, ask your ISP to boot the spammers. You, as a customer of the listed ISP, have a hell of a lot more pull with that ISP than the spam recipients do."

take your lumps and you'll

eventually get allowed back into polite society. You were blacklisted for a reason, whatever that may be, the ability for your email to tranverse my systems is not a right but a privilegive you must work to maintain.

if only people would fix their mail server's DNS

we found a solution that eliminated almost all of our spam. We turned on full checks in postfix on the RCPT info, the HELO/EHLO information, etc...ie, if you claim you're coming from ducttape.hampster.net, your IP dang well better reverse to that etc etc. I think we did some checks involving the FROM stuff too(ie, it had to be a real domain as well; hampster.net doesn't exist? Bubye.)

Almost -ALL- of the spam stopped immediately, because spammers fake so much...the email stands out like a sore thumb.

We had to turn it off. Want to guess why?
Every 2 days, a member of one of our mailing lists(we have 1,500 members), someone would email us(I have an off-site address) saying "hey, i got this host not found error."

In EVERY single case, it was because the ISP was being run by numbnuts who hadn't put in forward OR reverse entries for the DNS servers. Usually it was because they had a cluster of mail servers for outgoing mail(pointless if you run a good MTA etc) and hadn't bothered to set up proper DNS for each member of the cluster. mail023.dumbisp.net would not have any DNS set up for it, so postfix would say "sorry, I dunno who the hell you are, go away."

It wasn't small ISPs, either. BellSouth was one; a major Florida ISP was another. All involved(save one annoying ISP which did nothing but argue with me that the problem was their user was trying to send email through a mail server on HIS machine, despite the obvious headers etc that showed otherwise) had the problem fixed usually within about an hour of being told of the problem...most of the case, it was "you're kidding? Oh shoot, ok, we'll have it fixed in a jiffy."

The solution is very simple. Slashdotters, look at hte postfix website to see how to get your copy of postfix to do checks; just don't implement anything that's marked as "unsafe" etc. http://www.postfix.org/uce.html#header_checks

Now, be polite when you get questions. I simply wrote a very polite form letter that explained what the problem was that I could paste into emails. Set your mail server to be strict. ISPs will get complaints from users and realize their mistakes.

Now, here's the really cool thing. Spammers, if they try to fake hostnames etc, will get shut down...their email will get rejected! So they'll have to use mail servers with valid hostnames etc...

...which means they become MUCH easier to track down!

It really does work great...we didn't have any falses caused by people with weird virtual domains and stuff...just people whose ISPs had outgoing mail servers that lacked dns entries!

sorry, it's your problem

[markj02]

Sending out spam is no different from any of a number of other activities that give your business a bad name. If you publish an insensitive ad in a newspaper, you'll have to deal with that for years to come. If you send out spam, you'll end up in people's kill files. The fact that some of those kill files happen to be public for the convenience of users doesn't change that. Even if you could force all the public blacklists to remove your name, people would still have you in their private kill files.

You'll just have to be more careful next time. As you discovered, the cost of relaying spam is higher than you may have thought originally. Eventually, those entries will go away. But even consumers have to wait many years before bad credit information goes away.

Re:sorry, it's your problem

[slashdoter]

" Sending out spam is no different from any of a number of other activities that give your business a bad name"

But he wasn't sending out spam, his server wasn't configured correctly. It's not his problem any more, he fixed the problem.

Re:sorry, it's your problem

[oldstrat]

BOZO
Your as much a part of the problem as an open relayer is.
Odds are this Clown/Clone has no idea how much he relayed, but if it was enough to get him multiple blacklist, then it was too much for an "I'm sorry, it's all ok now, trust me".

Re:sorry, it's your problem

[Senior+Frac]

But he wasn't sending out spam, his server wasn't configured correctly. It's not his problem any more, he fixed the problem.

His problems don't necessarily end the instant he fixes the configuration. The cleanup efforts are part of the disincentive to misconfigure another.

And, it clearly is still his problem. "Our" end is fixed. The spam is stopped.

The email system is under attack

[SSpade]

Email as a communication medium is under attack.

The deluge of spam itself causes some of the damage, causing people to be wary about giving out their email addresses, afraid to post publically on mailing lists, or in some cases changing their email addresses and only giving them out to close family and friends. This retreat into 'email enclaves' destroys one of the best things about email - the ability to communicate with someone on the other side of the world, even if it's just a "Hi from China, I really liked your webpage!".

The other widely used approach to avoid spam is the use of aggressive blocking lists to ghettoize huge sections of the internet, preventing them from communicating with those sections of the internet that use those lists. This, too is causing massive damage to email as a medium for communication.

The third part of the problem is the fear some organizations have of being labelled spammers for behaviour that would have been considered quite reasonable a few years ago. This chilling of communication isn't as big a problem as the previous two, but it's getting worse.

A combination of spammers and ill-conceived responses to spammers is balkanizing email, making it less and less viable as a means of person-to-person communication. And losing email would be a huge, huge loss, as more than anything else it sums up what is good about the growth of the Internet - letting people talk to other people.

It's not just about open relays

There seems to be the beleif that blackholes are purely about open relays and that closing them gets you off the list. This is just not correct.

Any company performing virtual hosting or dedicated hosting can tell you the damage a blackhole listing for a /24 or virtual hosting ip can do when the initial responsibility relies with the client.

A lot of these cowboy's operating RBL's ban a providers network without even so much as a notification to the administrator. Rather than help providers take action against a spammer they take action against the provider themselves.

How can providers be proactive in removing spammers and supportive of RBL lists when they are damaging their business by not notifying them of their inclusion.

Most hosting providers will remove spammers once they are identified.

UCE and Open relays are not allways related to each other, the problem of removing spamers goes beyond the configuration of a mail server and puts the onus of proof on ISP's, and beleive me, this can be legally dubious and taxing on a business.

Re:It's not just about open relays

[chunkin]

>How can providers be proactive in removing spammers and supportive of RBL lists when they are damaging their business by not notifying them of their inclusion.

what makes you think there wasn't any notification?

if you have an abuse dept with a clue and the clout to be able to actually dump the scum..er clients when the complaints start rolling in you would know who your spammers are WELL before you get listed.

it is hosters that fail to respond to complaints about their spamming/spam supporting clients that wind up listed.

IS RACKSPACE A SPAM HAVEN?

As far as I can determine, Rackspace is just a fucking spam haven. I am getting very close to completely blackholing all traffic to/from Rackspace.

Re:IS RACKSPACE A SPAM HAVEN?

I've gotten spam from Rackspace. Not from a customer of Rackspace, but from Rackspace itself.

Fake open relays needed

[magarity]

What we all need to do is fake open mail relays. Just report "Yeah Mr. Spammer, those 50,000 mails were sent" while not doing a thing. The spammer will think the mail has been sent, we won't get the mails; everyone will be happy!

Re:Fake open relays needed

[Lumpy]

Tarpits like this would be awesome.. it will make the spammer doubt every open relay they find. and if they doubt it they'll start worrying.

the key is to make them doubt that things are working, getting denials for relaying tells them that it isnt. so we need to modify sendmail to act like it accepted and is sending but is actually /dev/null ing it.

if you make the internet a hall of mirrors to them, they will lose their mind

Re:Fake open relays needed

[SomeoneYouDontKnow]

What you're proposing has already been thought of. It's called a Teergrube. What it does is hold the spammer's SMTP connection open for as long as possible, appearing to slowly accept mail, but in reality doing nothing but wasting the spammer's time. You can do a Usenet search on that term to get more information. Here's an FAQ that may help you out. The post I pulled the link from is several years old, so you may want to look for something more up to date.

Re:Fake open relays needed

[vadim_t]

Nice idea, but flawed. How about this:
The spammer connects to open.relay.net, and sends the first message to his/her own hotmail account made for checking purposes. If the email arrives the server is good, and the spammer sends the 50,000 messages. If it doesn't, the spammer tries another server.

How would you avoid that?

Re:Fake open relays needed

[S.Lemmon]

When I see a spammer "testing" our faux formmail.pl script (it's NOT the original), sometimes I'll "forward" it manually. The script we have actually does nothing but log to a file. It's fun to see them sending hundereds of posts to nowhere and generating a nice weblog for me to give to their ISP's abuse department!

I guess I just need to be sure I don't do this to a blackhole list test! ;-)

An auto reject message and backdoor

solves that problem. My procmail filter sends a message to the sender saying that his mail was filtered out. If it is a legit message, then please send it again, with a specific subject, which will allow it through. This works, since spam houses never read their incoming mail, so they won't use the backdoor.

It's democracy and freedom in action.

[fmaxwell]

I don't accept ORBS having decided what's permitted and what's not !

ORBS does not decide what is "permitted" nor do any of these other databases. They have a set of criteria for deciding whether and when your mail server ends up in their database. If their criteria matches mine, then I can choose to use them as part of my mail filtering.

1. These list should inform you have been added
2. They should leave you 10-15 days to fix the problem before blocking you
3. They should help you. I was *very* shocked by ORBS attitude "we block you, and we don't care if you cannot correct it"

I'm sick of the attitude that ORBS owes you something when your mail server is an open relay. If your system is an open relay, your fuck-up will cost them time and effort as they add your system to the database. Now you think that they owe it to you provide you an absurd amount of warning (10-15 days), notification that you were added, and then you want them to provide free consulting services (see item 3). If you don't know how to run a mail server, then stop trying to.

It's like being ticketed for driving your car down the wrong side of the road at 90 miles per hour and then being pissed off that the cop did not provide you with free driving lessons and give you 10-15 days to stop driving like that.

If your system is an open relay, unplug the Ethernet cable immediately and leave it unplugged until the system is fixed. If you don't know how to fix it, then pay professionals to provide your SMTP & POP services. A spammer could spew tens of thousands of messages per hour through an open relay and you owe it to everyone else on the net do whatever it takes, including pulling the plug, to make sure that your system is not an open relay.

I think that ORBS should charge a processing fee for "expedited removal" from their database and, otherwise, just remove systems once a week.

Re:It's democracy and freedom in action.

[aulendil]

I'm sick of the attitude that ORBS owes you
something when your mail server is an open
relay. If your system is an open relay, your
fuck-up will cost them time and effort as they
add your system to the database.

This is BS, by the same logic used above, you owe me for adding your email-adress to my hypothetical spamlist... Would you pay me to remove?

Spam needs to be fought, but not by principles based on such faulty logic.

Re:It's democracy and freedom in action.

[wizkid]

There are many different blocking services out there. Orbs is one. They have an automated system to block and unblock your site. If you fix the open relay, you can fill out the form and get retested fairly easily. If you contact them, and hit them up with a bad attitude, they will respond with the same attitude.

They are one of the better filter services. I've run mail servers in the past, and dealing with them is a pain nowdays. Especially becuase of the spam problem. Using rbl and orbs blocking is getting to be a requirement because of the morons out there who have open relays and won't bother to fix them.
Giving someone 10-15 days to fix a problem is a bad idea. Having a painless way to have your server quickly is the right way to do it. If you leave an open relay there for 10-15 days waiting for some over-worked administrator to fix it won't work. Postmaster mail on an open relay will generally get buried almost immediately, and the administrators won't see it until the 10-15 days have expired, if at all. If the server is bouncing mail left and right, the administrator will be motivated to fix it quickly.

Yea, it's the Nazi approach, but that seems to be the only way that works these days. There's days where life sucks!

Re:It's democracy and freedom in action.

[stickyc]

It's like being ticketed for driving your car down the wrong side of the road at 90 miles per hour and then being pissed off that the cop did not provide you with free driving lessons and give you 10-15 days to stop driving like that.

Not quite. You're required to take a test and become registered with a central database to become a legal driver. Any idiot with a 486 and a net card can set up a mail system after reading a few how-to's and I've seen plenty of highly underqualified people get sucked into maintaining the corporate email servers. Not that I'm siding with the defendant here, but maybe the solution is stricter codes on who can actually set up and administer a "legal" mail system. Oops, that's starting to sound like government intervention.

Re:It's democracy and freedom in action.

Or your system could be RFC 2821 compliant, in that it attempts to notify the sender that the message is undeliverable, and be listed as a result.

A couple of systems that do that are:

GroupWise (5.5.. not sure about 6.0)
qmail (there is a patch on qmail.org for this.)

The RFC clearly states that an MTA MAY return a notification message upon receipt of a message that cannot be delivered.

orbz.org requires one substitute MAY NOT in the RFC to avoid an eventual listing in their service.

Re:It's democracy and freedom in action.

[fmaxwell]

This is BS, by the same logic used above, you owe me for adding your email-adress to my hypothetical spamlist... Would you pay me to remove?

That is such an illogical and poor analogy that I hardly know where to start...

Unlike spammers, open relay database services do not send the people in their database anything. They don't harass them. They don't use up their bandwidth and storage. They don't have a business relationship with those listed in the database. They are simply reporting the information: "IP X.X.X.X was an open relay last time we tested." If the New York Times runs a story stating that you were arrested and jailed, do you think that they are legally and morally obligated to immediately report when you are released from jail?

These database projects to not owe you anything unless you are paying them for a service. If they do remove your system after you fix it, you owe them a letter of apology (for causing the problem) and thanks (for taking the time to remove you), not a complaint that they didn't do it fast enough to suit you.

I think that ORDB should make you pay them for the time that they spend removing your database entry.

(note that the use of the word "you" was in the hypothetical sense in the above examples)

Re:It's democracy and freedom in action.

[aulendil]

That is such an illogical and poor analogy that
I hardly know where to start...

Well, obviously you did... As for an answer:

Not removing now closed relays from the list is like not releasing prisoners from jail. Something which might or might not be a good idea...

Also, I think the usefulness of DBs like ORBD lies in them staying current, as I think it might cost more losing one important mail than wading through tons of spam.

I really too should point out that I, for myself favours strict filtering of mail(servers), the reason being I'd rather miss out something not so important that most of my mails are, than d/l spam. Though I think this might not be true for others. You (fmaxell) seem to reason along the same lines as I do, but are you sure others do?

Of course, they do! otherwise it wouldn't exist services as ORBD! ;-)

Re:It's democracy and freedom in action.

[10.0.0.1]

I think that guy should go ahead and add your email address to his spam list. After all, it is postmaster@127.0.0.1, isn't it? :)

Re:It's democracy and freedom in action.

[fmaxwell]

Not removing now closed relays from the list is like not releasing prisoners from jail. Something which might or might not be a good idea...

That's assuming that you consider the list to be a punishment. I believe that they are information sources -- IP X was, and may still be, an open relay.

Also, I think the usefulness of DBs like ORBD lies in them staying current, as I think it might cost more losing one important mail than wading through tons of spam.

I agree. But keeping the open-relay databases current is not a responsibility the database providers have to those listed in the databases. It may affect the popularity and usefulness of their service, but that's another matter altogether.

If some person/group decides to create such a database, they have only the following two responsibilities:

1. Do not defame/slander by listing a system incorrectly. That said, they make up the rules and if they say their databases are "IP addresses that were open relays within the last six months", they have up to six months after a relay is closed to remove the record from the database.

2. Provide services paid for. If they accept payments to remove entries within, say, 24 hours (rather than the normal cycle), they have to remove those entries within 24 hours. Otherwise, they can remove them in conformance with the criteria that they set (see item 1).

Again, you are viewing this as punishment and I'm viewing it as information. Since ORDB does not block e-mail, harass ISPs listed in the database, etc., they aren't punishing. They are just providing information Now if bobco.com rejects your e-mail because your IP is listed in the ORDB, then maybe bobco.com is punishing you, but ORDB is not.

Re:It's democracy and freedom in action.

> Except that driving down the wrong side of the road is against the law! Until someone makes it so, spam is NOT. Neither is Open relay! You yourself are acting as if mistakes do not happen, or errors do not happen. Personally I think blacklists should be blacklisted. I'm not for spam by any means, but I've SEEN what blacklisting can do to a web provider before they even know what's hit them. On top of that, there are so many lists out there, you may think you are off them all, only forgot one! Either make there be a SINGLE standard, or go away, that's what I say!

Re:It's democracy and freedom in action.

I'm glad these blacklisting services exist for those that use them, but I think it's a shame so many find the need to.

I wish I had the guts to be a "moron" with an open-relay. A bad thing? For people who don't like spam, of course. But what if I needed to send a hard-to-trace e-mail, and had good reason... for example, DeCSS source code and the like.

Oh well. I guess the "'Net" is turning into a corporate and consumer heaven and hell.

So much for freedom of information :-\

(Posted Anonymously by the orange squid)

Re:It's democracy and freedom in action.

[fmaxwell]

Except that driving down the wrong side of the road is against the law! Until someone makes it so, spam is NOT. Neither is Open relay!

And a being entered into the ORDB is not a law enforcement action, doesn't result in you getting a criminal record, and isn't a punishment imposed by the courts.

You yourself are acting as if mistakes do not happen, or errors do not happen.

When mistakes happen, there are consequences. That's why there is the legal term of "negligence." If your mistake of leaving an open relay causes 250,000 people to be spammed, then I'm not going to have a lot of sympathy for your inconvenience of being blacklisted.

Personally I think blacklists should be blacklisted.

By whom and for what purpose?

I'm not for spam by any means, but I've SEEN what blacklisting can do to a web provider before they even know what's hit them.

Have you seen what can happen to a small company when some spammer uses a fictitious "From:" address in their domain? They are often paralyzed by bounced messages and angry complaints. So don't tell me about the poor (negligent) web provider that left an open relay.

Web providers are supposed to be professionals. They aren't supposed to make amateur mistakes of leaving open relays on mail servers. It's something that's easily tested and that can cost others thousands of dollars if configured wrong.

On top of that, there are so many lists out there, you may think you are off them all, only forgot one!

There's your business opportunity. Create a service that assures that people are removed from all of the major blacklists -- once they fix their open relay problems.

Either make there be a SINGLE standard, or go away, that's what I say!

Okay. I hereby declare that the single standard open relay database shall be ORDB and that all others must immediately cease operation.

Let me know if that takes care of it.

Re:It's democracy and freedom in action.

[Anomie-ous+Cow-ard]

I think that ORDB should make you pay them for the time that they spend removing your database entry.

A few years ago i took over administration on a server that was, among other things, an open relay (i just backed up the user data, trashed the ancient Red Hat that was on there, and installed Debian). Went to ORBS, filled out the "i've fixed my server" form, and a week or so later it was off the list.

You're trying to tell me i should've had to pay for that? You're as bad as the guy claiming they owed him!

Re:It's democracy and freedom in action.

It's easier than that. Go drive around with a laptop until you find an open network, then send your mail through their ISP. Easy, and damned near impossible to trace unless you do something stupid.

If one network doesn't work, drive around until you find another.

Re:It's democracy and freedom in action.

Thank you for your eloquent rebuke to the namby-pamby.

Re:It's democracy and freedom in action.

[GreyPoopon]

You guys need to be a little careful here. I agree with you that nobody this day and age has any business running an open relay. If you don't know what you're doing with your mail server, keep it on the other side of your firewall.

However, here's a scenario that brings the point home. Let's pretend that I'm ISP A and you are ISP B, and some of my customers are trying to send e-mail that must route through your service. Joe Newhire makes a mistake when setting up a new SMTP server and accidentally leaves it open. This is detected and added to ORDB, which you happen to be using to block e-mail from open relays. Once we realize we've been black listed, we make the necessary contact to be removed from ORDB. But two days later, you're still blocking our e-mail. We notify you of the problem and provide proof that we've fixed it and requested removal from the list. Do you think you can wait for the next update? Guess again. If you didn't start letting the e-mail through again within 48 hours, I would be taking you to court.

Now, the whole point to all of this is that there needs to be a spirit of cooperation here. If we all walk around with our noses in the air shouting "holier than spam," we'll miss the whole point of the exercise: to eliminate or greatly reduce spam. I don't think we're required to provide consulting services for each other, but there certainly needs to be some mutual consideration. If we make the process so arduous that it encourages resentment, it won't be nearly as effective.

Re:It's democracy and freedom in action.

Is A paying B to accept or relay messages? Without a contract, what makes you think B can't decide to reject A's messages whenever they feel like it?

Re:It's democracy and freedom in action.

[demon]

However, if it's too easy, spammers will just remove themselves without changing their ways. Yes, they'll eventually end up back in one or more of the open-relay databases out there, but in the meantime, more of their spam gets shuffled around, wasting time and bandwidth.

So there is some benefit to not making it too simple for people whose servers get blacklisted to remove them.

Re:It's democracy and freedom in action.

You wouldn't be removed without a "retest", so I don't think there's much motivation for a spammer to submit "remove" requests for every site.

Unless it's just to waste more bandwidth and time.

Re:It's democracy and freedom in action.

[mysticalreaper]

Your opinion is so strong, and yet so skewed that i felt compelled to respond to you here. At first glance, your arguments make sense, and appear sensible and thought out. However, the reason your argument is valid is your attitude. Let me explain.

If your goal is to PUNISH the open-relay mail server, then certainly don't tell them, don't give them any leway to change and most certainly don't go out of your way to correct them. If you are out to get the 'offending' servers, then block hard, block fast, and if it's inconvient or bad for people, well then, that's their problem. Your system, as described above, would work just fine. (ps, i loved how you threw in the greedy capitalist ideals at the bottom there, trying to make a quick buck of the poor saps once they corrected themselves).

HOWEVER, if your goal is CORRECT the offending mail server, then the 3 points that dboucher ask for are entirely resonable and good. If you consider the offending server admin your buddy, think of what you would do. 1) You'd give him warning. 2) You'd give hime time to change. 3) You'd point him in the right place for instructions on how to change (for the better).

So if you want to improve the email community by helping out your fellow man, you'd do all the things listed above, ESPECIALLY if he is not actually relaying spam, just having an open server. And if it's actually in a group like ORBS interest to improve things, then of COURSE they'd post a page of info (even links to pages) of how to lock down your mail server. Of course, if they're out to get the mail servers, then they'd punish first, tell them afterward.

So yes, fmaxwell, getting them hard and fast is good, but only if you intend to punish, not to improve. I, for one, would definately try the improve method first. (Unless the server is actually relaying spam, then i'd block first, inform later)

Re:It's democracy and freedom in action.

[punkki]

orbz.org requires one substitute MAY NOT in the RFC to avoid an eventual listing in their service.

Interesting. I've submitted several of my mailservers for orbz ot test. None of them have been listed, although each one of them will return an error message to the sender if they run into an error (like recipient address doesn't exist).

Re:It's democracy and freedom in action.

[punkki]

1) You'd give him warning. 2) You'd give hime time to change. 3) You'd point him in the right place for instructions on how to change (for the better).

Have you actually ever tried to warn somebody who runs a server in ip addres x.x.x.x about something? Although it is easy to say that you should warn it is often next to impossible due to a few factors: 1) the system doesn't accept mail for postmaster (or the message doesn't get read and/or understood) 2) rDNS is totally wrong 3) whois information about that domain and/or netblock is wrong 4) you get accused of spamming if you do manage to get your message thru. As for the time to change, well, is it reasonable NOT to tell others that the guy is running open relay? Remeber, the system spews all the time before it is fixed (and the others have to deal with the spewage). Many (if not most) sites that run dns based lists of open relays do have pointers on instructions for how to fix the relays. In my experience the only sure way to get the admin notice is to start bouncing messages. And that even doesn't work 100%.

Re:It's democracy and freedom in action.

[wheany]

driving down the wrong side of the road is against the law! Until someone makes it so, spam is NOT.

Yes it is. At least in Finland...

Re:It's democracy and freedom in action.

[fmaxwell]

HOWEVER, if your goal is CORRECT the offending mail server, then the 3 points that dboucher ask for are entirely resonable and good.

The goal is to protect the rest of the Internet community from the offending mail server. And that's best done by raising the flag early so that those who want to filter open relays can do so effectively. Do you have any idea how much spam can be funnelled through an open relay on a broadband connection in 10-15 days?

ESPECIALLY if he is not actually relaying spam

How, pray tell, can ORDB tell if server X is relaying spam to servers A, B, and C? All that they know is that someone reported an open relay and that their test confirmed it.

The people running these databases would have to take on an enormous workload increase to handle warnings, grace periods, and assisting those with open relays. Ever tried to figure out who is responsible for an open relay in Korea? Have you ever tried to communicate with them? I have. It's often impossible.

i loved how you threw in the greedy capitalist ideals at the bottom there, trying to make a quick buck of the poor saps once they corrected themselves

Hardly. The efforts of ORDB, Dorkslayers, and others are typically volunteer efforts that cost those who undertake them time and money. Getting some compensation from those responsible for the hassles might help to pay for the bandwidth and computing equipment. The people running these databases are not about to be made rich by their efforts. By the way, I am a liberal and am very much against the "capitalism over all else" mindset to which you allude.

Re:It's democracy and freedom in action.

[fmaxwell]

If you didn't start letting the e-mail through again within 48 hours, I would be taking you to court.

I run a mail server and I can block anyone that I choose (right now, almost all of China and Brazil is blocked). If you want to test your theory about a court case, I'd be happy to block your server, too.

A mail server is private property and the owner has no legal obligation to accept mail from any other mail server. If I choose to, I can block AOL because I don't like their users, MSN because I don't like their owner, and christiancoalition.org because I don't like their politics. And they can't do anything about it.

Now, the whole point to all of this is that there needs to be a spirit of cooperation here.

I'll give you a list of IPs in Asia that are open relays. Your mission, should you accept it, is to locate the owners of the mail servers, explain to them that they have open relays, and get them to fix them. Good luck.

The ORDB model is easy now. Someone enters an IP address, ORDB sends an automated relay test message, if the message comes back, the IP address is blocked. When the owner fixes it (if he does), he enters the address, the test is rerun, and the system is removed. Turning it into something where people would have to track down and contact the owner of each and every open relay would make it impossible to run such a database.

Re:It's democracy and freedom in action.

[fmaxwell]

Went to ORBS, filled out the "i've fixed my server" form, and a week or so later it was off the list.

You're trying to tell me i should've had to pay for that? You're as bad as the guy claiming they owed him!

What I said in my response to him was I think that ORBS should charge a processing fee for "expedited removal" from their database and, otherwise, just remove systems once a week. You were satisfied with waiting a few days. That guy wanted his system removed within milliseconds of fixing it. For that, he can pay.

Are you aware that ORDB runs totally off of donations? It hardly seems unreasonable to collect a fee from impatient mail system administrators who demand instant removal from the database.

Re:It's democracy and freedom in action.

[Floody]

I'm not for spam by any means, but I've SEEN what blacklisting can do to a web provider before they even know what's hit them.

Have you seen what can happen to a small company when some spammer uses a fictitious "From:" address in their domain? They are often paralyzed by bounced messages and angry complaints. So don't tell me about the poor (negligent) web provider that left an open relay.

Wait a second, he said web provider, not open-relay. Since when does a professional web hosting company automatically equate to open-relay?

In reality, many hosting providers are added (without warning) to blackhole lists due to spamvertising web customers, not because of open-relays they run. When this happens, specifically with poorly maintained blackhole lists, it can be very difficult for the provider to get de-listed, even if they have a tight anti-spam AUP and have dealt with their customer accordingly. I've seen this happen personally.

I've seen one or two blackhole lists with absolutely no contact information. No way to get off of them. This is just pure irresponsibility, plain and simple.

Poorly maintained blackhole lists can be worse than no blackhole lists at all, so I would have to agree that their should be some sort of blackhole blacklist, if for no other reason than to alert SMTP admins that they may be inadvertantly blocking perfectly legit and professional hosting companies that don't run open-relays.

Re:It's democracy and freedom in action.

[fmaxwell]

With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay?

When you are talking about one that is listed in ORDB, which only lists open relays. The ones that list spamvertised web sites are a different matter and not the one we were discussing.

If you don't like the criteria that the blacklist service uses, then don't use that service. If someone else chooses to use it and your mail gets blocked, tough! They have every right to block systems that host spamvertised web sites.

But this is all hypothetical. I have never seen a blacklist that adds web providers hosting spamvertised web sites without giving the providers fair warning and time to shut down the site. If your site ends up on there, it's damned likely that you refused to take down the spamvertised web site in a timely manner.

Re:It's democracy and freedom in action.

[GreyPoopon]

I run a mail server and I can block anyone that I choose (right now, almost all of China and Brazil is blocked). If you want to test your theory about a court case, I'd be happy to block your server, too.

Hang on a second. I wasn't challenging you. Besides, I don't run a mail server with access outside my firewall -- it isn't worth the effort for me. But the assumption is that there are partnerships in place between some of the larger ISPs that allow routing through their servers. My question to you is, what would YOU do if Earthlink started blocking you because of a claim that you were running an open relay?

I'll give you a list of IPs in Asia that are open relays. Your mission, should you accept it, is to locate the owners of the mail servers, explain to them that they have open relays, and get them to fix them. Good luck.

I agree with you here -- big time. I've had my share of dealings with some of the Asian "companies." It's really hard to deal with companies in countries where outright lying is considered a valuable (and legal) part of the business process. There are no ethics there whatsoever. Please note that I'm not classifying all Asian countries or companies in this -- that's just the area from which I've had the most annoyances.

Re:It's democracy and freedom in action.

ISPs have contracts (often involving large sums of money from smaller ISPs to larger ISPs) agreeing to route each other's IP packets. AFAIK nobody commits to accepting and storing email from anyone else's customers.

Re:It's democracy and freedom in action.

[DavidTC]

Do you think you can wait for the next update? Guess again. If you didn't start letting the e-mail through again within 48 hours, I would be taking you to court.

And the second you mention 'court' your message get posted to news.admin.net-abuse.email and you get added, forever, to dozens of private blocklists for posting a cartooney threat. (Some people would literally add you to their blocklist now if they knew who you were, just for posting that you would sue under such circumstances.)

Here's a heads up, in advance. Their servers, their rules. You threaten lawsuits, many people choose never to accept mail from you again, as does anyone who hears about it.

Re:It's democracy and freedom in action.

[GreyPoopon]

And the second you mention 'court' your message get posted to news.admin.net-abuse.email and you get added, forever, to dozens of private blocklists for posting a cartooney threat. (Some people would literally add you to their blocklist now if they knew who you were, just for posting that you would sue under such circumstances.)

OK, since you're the second person to respond this way, it's obvious that people actually thought I was making a threat. So, let me apologize for misleading people. I was posing a hypothetical. That'll teach me to post when I haven't had any sleep. At any rate, what I was envisioning was the potential for some nasty politics. I mean, what would happen if one ISP blocked another, and then the blocked ISP returned the favor? Couldn't that eventually cause problems for all of us? Actually, I'm kinda surprised that that hasn't happened before. Or has it? Anybody with knowledge on this?

Re:It's democracy and freedom in action.

Not removing now closed relays from the list is like not releasing prisoners from jail. Something which might or might not be a good idea...

More like a newspaper continuing to report that you're in jail, or indeed that you're committing a crime, long after you've stopped and paid your dues.

IMO it's fine for them to list anyone who breaks the rules; but once the problem is fixed, they also have to be responsible for updating that. I don't know if you could call it defamation to keep reporting the relay as open, but that'd be an interesting threat to get the blocking services moving...

Re:It's democracy and freedom in action.

[fmaxwell]

My question to you is, what would YOU do if Earthlink started blocking you because of a claim that you were running an open relay?

It depends on whether the claim was true. If it was not true, I would ask the organization making the claim to retract it and I would provide proof of that retraction to Earthlink.

It the allegation was true, I would shut down the open relay, inform the blacklist, beg them to remove me as soon as their time permitted, and then beg Earthlink to start accepting mail from my server again. Should either of them cooperate, I would send humble "thank you" messages and apologies for the trouble my open relay had caused.

I view the ability to send mail to any other server as a privilege granted by that sys admin, not a right. And I believe that a private database operator (e.g., ORDB) has a right to run their database in whatever way they choose -- so long as the data is not slanderous.

Re:It's democracy and freedom in action.

[fmaxwell]

I don't know if you could call it defamation to keep reporting the relay as open, but that'd be an interesting threat to get the blocking services moving...

It is defamation if they say "system x is an open relay" when it is not. If they say "system x was an open relay when we last tested it in 1997", that's not defamation (assuming that it is true).

The argument people on here are making is that a blacklist has a legal obligation to remove entries promptly. That is simply untrue -- unless the database has obligated themselves to remove the entries promptly by publically promising to do so. The database owners could choose to list all systems that were ever open relays, whether they have been fixed or not -- and they would never have to remove a system from the list.

Re:It's democracy and freedom in action.

[kalimar]

I agree. But keeping the open-relay databases current is not a responsibility the database providers have to those listed in the databases. It may affect the popularity and usefulness of their service, but that's another matter altogether.

Keeping the open-relay database current isn't the responsibility of the provider, it's the responsibility of the maintainer. If they are going add me to their list without me asking them to and they aren't going to tell me that I'm on their list, then if I find out I'm on their list and fix the problem, I shouldn't have to do anything to get off their list.

I inherited a mail server from someone and found out 4 years after the mail server was up that it was an open relay. I also found out that it was on a blacklist for less than a month before I discovered it. And yes, I fixed it in about 15 minutes and 2 days later it was removed from the RBL. The point is that had I been told by the list that "Oh btw, you've been added to this RBL for being an open-relay", I would've fixed it right away. I couldn't care if they warned me first and then checked a couple of days later or not. But getting an email letting me know that something is broken on my system, would've been nice.

And no I didn't check the mail server when I inherited it because I trusted that the person I got it from had already made sure it was closed. My bad.

Point: If you put someone on a RBL, at least tell them. That way those who made an honest mistake can correct themselves. Those who are doing it on purpose couldn't care anyway.

Re:I've been e-mailing the admins of those lists,.

first off, don't email the admins of Open Relay databases, they don't have time for your lame brain questions. Read the FAQ! your question has probably already been answered. Don't think you have listed unfairly! the testing systems provide PROOF, in the form of relayed email in their per-IP webpage reports. If you wish to have your system removed, configure it to not be an OPEN RELAY and submit it to be retested. Most of these sites, Orbz and Ordb, maintain automated testers, use them!

It's real simple

[tuxlove]

If someone runs an open relay, they deserve to be blacklisted. Those sites who enjoy receiving spam can choose not to use blacklist information. Those who do not like spam can use blacklists.

However, those who repent and fix their open relays should be immediately removed from any open relay blacklist they might be listed with. It's totally irresponsible to run a blacklist without provisions for keeping them up to date in near-realtime.

An example of a great service was ORBS (the Open Relay Blackhole Service), may it rest in peace. It was largely automated, and would add and remove sites simply based on observations made by their relay-checking robot. There were some manual entries (for sites who refused to be probed), and that was cause for a bit of controversy. But by and large it was quite excellent. I can see absolutely no reason whatsoever for anyone to complain about the creation and use of such blacklists, unless they are a spammer. I have never heard a valid reason why an open relay should be considered okay (I do *not* agree with John Gilmore, just about the only slightly credible dissenter I've heard on this topic. He's just too lazy to use one of many available alternatives to what he's trying to accomplish. See this to see what I'm talking about.)

Too bad most of the great blacklist services seem to be going away or becoming (highly overpriced) commercial endeavors.

Re:It's real simple

[Lazy+Jones]

If someone runs an open relay, they deserve to be blacklisted.

That's just stupid. What's wrong with an open relay, if no-one has ever sent spam e-mail through it (because, perhaps, it may have its own black list of domains that may not send mail through it)? If even a single user who has not sent spam is affected by blacklisting, then this blacklisting is wrong, it's like denying someone his First Amendment rights because someone else might say something illegal ...

Re:It's real simple

[tuxlove]

What's wrong with an open relay, if no-one has ever sent spam e-mail through it (because, perhaps, it may have its own black list of domains that may not send mail through it)?

What's wrong with it is that, 1) when a spammer discovers it, he can send thousands of spams through it before the owner notices the problem and blocks out the spammer, 2) regardless of whether the owner has his own "blacklist", he can't possibly protect against all of the domains out there that are potential spam sources (basically *every* domain is a potential source), 3) there is no good reason, no benefit to running an open relay.

An open relay is a sign of incompetence/laziness on the part of the administrator. There are numerous safe alternatives to open relays if the admin wants to allow valid users to be able to relay from outside the site. There is no excuse.

it's like denying someone his First Amendment rights because someone else might say something illegal ...

How is it denying the right to free speech? Nobody is blocking a user from *sending* anything with a blacklist. A blacklist is only used by those who don't want to *receive* unwanted email, and they have the right to receive or block whatever they see fit. Just because you want to send email to a site containing some expression of your right to speech doesn't mean you have the right to force them to receive it. It's kind of like radio, TV or some other broadcast media. They send out information of all sorts, but people only tune into it if they care to listen. And often your local government, not you, decides which channels to carry in the first place, depending solely on their judgement. Is it abridging the Sci Fi channel's right to free speech that my local carrier has decided not to include them on my basic cable? I'm irritated by it, but I realize Sci Fi is not having any of their 1st amendment rights violated.

You might also compare it to how broadcast media is regulated. Is it violating my free speech that the FCC won't let me have my own radio station? No, because pragmatically it would make no sense to allow it. If everyone had their own radio station it would be pandemonium. I really want to send my important views to the world via radio, but I guess that's just not going to happen. So instead, I use the methods available to me, such as putting up my own website and making sure it's listed on Google - or posting to Slashdot so 500,000 people can hear what I have to say.

Mmm...

[Greyfox]

I wonder if spammers who exploit open relays can be labelled terrorists under the new anti-hacking laws...

This "ask-slashdot" looks familiar

[Sarin]

I think I've seen this message on more sites that use the slash engine, today ;)

Using Sendmail how do you stop being a open relay?

[Boap]

I have inherited a sendmail server that I know is a open relay unfortunately while I know Solaris sendmail has been a pain to administer. It is version 1.15 on a old Sparc 20 running SunOS 4.1.4. I have tried several times to use Sendmail 8.10 however I have kept running into stability issues (user error) that have so far prevented me from bringing this version to a live server.

I know the current version that I am using is a open relay from the tests that I have ran and so far there is no way that I have been able to secure it so far from the information that I have been able to pick up at this time.

Not True...

[Myuu]

"...one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen..."

Its not that bad having open relay, you would be surprised about how many email boxes are open...Qwest was running open relay servers until 3 weeks ago (but of course that defeats my point about it being a sin =/)

Re:No. Deal with it.

[McSpew]

So, I guess you've never wound up the victim of a poorly-administered blacklist, have you?

My experience with open relays is virtually identical to that of the person who inspired this thread. My server was used as an open relay for part of a weekend.

Near as I can tell, the first spam fired its way out of my server on Friday night around midnight. I closed off the relay on Sunday morning around 10:00 am. In that time, literally thousands of spams were sent, so I fully expected to be blacklisted and even warned my bosses and co-workers.

What I didn't expect, however, was to still be trying to get myself off those blacklists SIX MONTHS LATER.

I think blacklists can be a valuable tool for fighting spam, but only if they're sensible. Blacklists that permanently block without ever rechecking blocked IPs are irresponsible. They're adding to the difficulty of using the Internet, not improving it. They're also reducing their value to their subscribers because they're blocking IPs they shouldn't.

In short, I agree with the post that called for an RFC. If there were some sort of standard for relay blacklists, it would be a damn sight easier getting off the lists once you've resolved the problem.

Re:No. Deal with it.

You wanna live in a crack house? Don't go whining to the cops when you can't get a pizza delivered at midnight.

Yeah, but the problem is that you move to a new town, ask around about the apartment, and move in. THEN the bad-guys start selling crack in the apartment building. In response, the cops arrest everyone in the apartment complex, and give every resident exactly the same sentence. With no trial. Sounds fair to me.

dialup is the devil. mmk.

[iomud]

I'm a dialup user, and I run exim from my debian machine to send mail. Of course I'm rbl'd from sf lists which makes a ton of sense. Feh. I can understand wanting to lock things down but there's no point in being a nazi about it. This isnt really related directly to spam but it's under the same umbrella.

There's such a thing as a spam blacklist?

[TheRealFixer]

Could have fooled me. If there is one, it sure doesn't seem to work. I continue to get increasing levels of spam on accounts that I haven't even used...

...but on the other hand, I've got this really cool diploma from a prestigious non-accredited university!

Stop The MAPS Conspiracy

http://www.dotcomeon.com/

not only an entertaining read, but informative. give the history of the MPAS RSS project, with some interesting behind the scenes details.

Re:Stop The MAPS Conspiracy

cool! I'll block these dotcomeone morons first thing monday morning. Fucking dipshit spam lovers.

Re:Stop The MAPS Conspiracy

[SpacePunk]

I don't know if their spam lovers or not, but they certainly are dipshits.

Anybody that needs to set up a relay server for far-flung clients can always, and I mean always, set up a server that relays using SMTP authentication. For the unitiated the sender MUST log into the SMTP server to send out mail just as they MUST log into the POP server to retrieve mail. There's absolutely no excuse to have an open relay. Even for those with a userbase on an NT PDC/BDC scheme, a linux box can be set up using sendmail with SMTP and POP authentication against the NT domain, and it won't cost $1500 dollars just in mail server software to do it (which is exactly what I've done using sendmail, sasl, and PAM_SMB).

Re:It's anti-democratic ! There are other (better)

[Twilight1]

"Don't forget that the first victim or relaying SPAM is the open mailserver itself ;-)"

No, the first victim is whoever receives the first piece of spam as a result of your misconfigured server. Ignorance is no excuse.

Open relays are just as much a part of the problem as the people sending the spam.

Regards,
Twilight1

so I have this "friend"

[brarrr]

My friend is a smart guy, but he is running an open relay, mostly unprotected server(s) on a T1 that is just waiting to get nailed. He doesn't understand what kind of pain he could end up in and how much more difficult his life could become without precautions.

What do I do? Let him learn the hard way or is there some easy way to teach him a lesson without making him hate me for ruining his server. (and no, I'm not posting the URL here)

He likes the open relay part so that he has his own smtp server he can use from anywhere anytime - even though he has a secure server on DSL at home.

Re:so I have this "friend"

[Phil+Hands]

Suggest that he uses one of the several authentication tricks, such as POP before SMTP (where the server will only accept relay mail from IP addresses that have had a successful POP authentication in the last 5 minutes) to limit the relay.

If he still ignores you, Submit his IP to ordb.com --- at least that way I won't have to see the spam that evenually starts pouring through his server.

Re:ObPeeve: SPAM(tm) vs uce spam

Why?

Re:No. Deal with it.

[Brendan+Byrd]

I argee. If you're stupid enough to not know how to lock your mail server, you don't deserve to be a system administrator for a mail server. Not making your server an open relay should be the --FIRST-- thing on your list of things to do when you set one up. Most configurations do that by default anyway.

Most of the open relays out there are because mail adminstrators don't know jack about their job. As such, people get spammed at our expense. Open relays are no trivial matter.

Now, I don't quite argee with the Spamhaus policies. Just because a business was unlucky enough to use a web host that supports spam software sites doesn't mean they should be punished. Punish the spam software sites, and try to punish the web host without killing their own customers who are innocent of the crime.

Earthlink is *awful*

That's because the Earthlink mail admins are assholes.

Earthlink (a) doesn't let you connect to any mail server other than their own, and (b) when you try to send something that it doesn't like through the server, it silently drops it after accepting the letter and not giving a warning.

*AOL's* email policies are better than Earthlink's.

As a newbie, I still think you deserve it

[entrylevel]

When I set up my mailserver, I was a total newbie, but evey piece of documentation I read warned of the evils of open relays, and that all my friends would hate me if I had one.

This was only for my home cable network, so worst case scenario I can expire my DHCP lease and change my dynamic domain name, but I still never had an open relay.

Unless you are on these blacklist because of something you did before spam was a problem (what, 10 years ago???), I think you deserve it, especially if this is a business network you are administering. If it is someone else's fault, feel free to forward my comment to them.

Re:As a newbie, I still think you deserve it

[tweek]

Good call. I haven't read the rest of the posts just yet but I found someone who agrees with me.

At this point in my career, I am tired of dealing with half-assed admins who can't tie a shoe.

You were hired based on a particular compentance level. You said you knew how to administer a mailserver. If you say you can administer a mailserver, you should know about open relays. If this was your first job administering a mailserver, you shouldn't have gotten the fucking job.

As an admin, YOU and you alone are responsible for what comes out of your network.

Back when codered was flooding the internet (and still is,along with nimda, based on my fucking log files), I had to call this company that was sending out codered scans from no less than 5 different IP addresses. At ONE company! I searched through internic records (I'll be damned if I was going to load the company's website) and finally got in touch with someone who claimed to be the network admin. I explained the situation to him and he proceeded to tell me that he wasn't aware that these servers were even running! How in the fuck can you not know what goes on with your network?

You see, I'm paranoid. I want to know everything that goes on with my network at any given time. I do my damndest to make sure everything is secure as possible (short of pulling the damn cat 5 out of the switch). I've got the switches locked to MAC address so no one can just plug in a machine. I've got a external mail relay that only forwards mail to our firewall that is then passed to our Exchange server ( the one halfway decent product MS makes). Not only is the external mail scanner running some stuff to check for basic attachment viruses, but our exchange server is running Norton for Exchange. The client machines have NAV as well which uses a central server to update definition files daily. The outlook clients are running the Attachment and Zone patch from Microsoft. And to top it off, you can't relay trough our server without authentication which most email clients support nowadays.

Some people call that paranoid but while our clients got slammed by the latest outlook bugs, we happily zoomed along without a single infection (should have seen the NAV logs on the email server though ;> ).

The point of all this is this. You were hired to do a job. If you aren't compentant to do the job then get the hell out of the way and go work under someone who can.

Re:As a newbie, I still think you deserve it

" If you aren't compentant to do the job then get the hell out of the way and go work under someone who can. "

Its going to be ironic when you fall on your nose and screw up.

Nobody's as smart as they think they are, so I'm going to be curiuos when you screw up if you're going to 'get the hell out of the way'.

Nah, you'll make an excuse that "it wasn't your fault". Human nature I suppose.

BTW, Exchange really does suck.

If you're not using Unix for SMTP, its probably because you're not smart enough to configure it.

At least that's what smart people say.

Re:As a newbie, I still think you deserve it

You were hired based on a particular compentance level

Oh, blow it out your ass. What the fuck is "compentance?" You're just lucky and overpaid and without the wisdom to see either. People living in your level of denial would do well to fall victim to more accidents involving small arms and beer.

Re:As a newbie, I still think you deserve it

[Sethb]

Go one step further, disable the Windows Scripting Host. It's easy to do, and we do it for all of our users at my shop, with a simple command in the login scripts. Symantec makes a free tool, which you can find here.

This renders those nasty .vbs files as harmless as .txt files, very handy for when a hot virus/worm sneaks past Norton before the new definitions are out. Of course, if you block attachments with executable extensions, you're fine, but, you can never be too paranoid. :)

Re:As a newbie, I still think you deserve it

Gee, I guess you're one of the suck-ass Admins he's talking about!

Just because one lacks expertise in one area (spelling) doesn't mean he's incompetent in ALL areas.

Just because YOU are an absolute fraud of an Admin (meaning, you don't know SHIT about adminning, you just lied your ass off in the interview), doesn't mean no one else is.

Re:As a newbie, I still think you deserve it

Bullshit, you bleeding-heart, touchy-feely, everyone's allowed to make mistakes idiot.

Some ARE that damn smart. But more telling, you are NOT a mailserver admin if you DON'T KNOW ABOUT THE CONCEPT OF OPEN RELAYS! Ok?

This shithead DIDN'T!

And about putting words in other people's mouths - how do YOU know he'll screw up? And how do you KNOW he'll exactly what you say, hmm? Maybe he has more integrity than you.

Know what pisses me off more than anything? Senior UNIX SysAdmins that know LESS about UNIX than the Junior admins under them!

Re:As a newbie, I still think you deserve it

[Keybase]

Get Real.
There are probably always twice as many jobs as sys admins who know what they are doing. If some small companies set up a server and they have a guy who knows how to move files in Windows Explorer they think he is a genius. They give him the job and he has to learn on his own, sometimes the hard way.

Re:No. Deal with it.

If someone spams me, I block the IP address. If the ISP relocates the spammer to another IP address in the same netspace, I say "fuck it", and block the /24. Or the /16, if need be

Well, at least you imply that you bother to check who the spammer actually is. I guess that means you don't block many people who accidentally leave an open relay. Of course, you'd never find out whether they fixed their open relay, because you've blocked their attempts to tell you. Looks good to you...why should you care?

I suppose you'd throw out all the paper mail originating in your crackhead's zip code, too.

Re:It's anti-democratic ! There are other (better)

[Carlos+Laviola]

Are you sure?

Re:Amen from a jackass

Maybe you should try reading the post, moron. He _DID_ fix the problem as soon as he discovered it. He _CANNOT_ get delisted from the lists "maintained" by lazy bastards who don't care about rehabilitated systems.

Get a clue and learn to read.

lmfao

heres a little story, about how a popular open relay database decided to add a tier 1 isp's entire ARIN/RIPE listed address space to their list. after being told repetitively that a tier 1 isp isn't responsible for the thousands of mail servers it's downstreams have (and therefor the associated open relays) , they refused to understand what they were doing was downright moronic.

The result? shrugs, they call it selective routing i guess. they blacklist our mail, we send all traffic to and from them to null0 . you wouldn't believe how quickly they became cooperative to get our null0 route removed.

Re:lmfao

[Arker]

heres a little story, about how a popular open relay database decided to add a tier 1 isp's entire ARIN/RIPE listed address space to their list. after being told repetitively that a tier 1 isp isn't responsible for the thousands of mail servers it's downstreams have (and therefor the associated open relays)

I disagree. You are very much responsible. Now, granted, you can't be expected to actually administer those systems. If one of your sub-leased addresses winds up used by a spammer, that doesn't mean right off you've done anything wrong. But... if reasonable efforts are made to address the situation with the sub-leasee, and they aren't willing to deal with the situation, then it does become your responsibility.

If that was actually what happened, and you just said "not our problem" then you were as guilty as the spammers. Moreso really.

Re:lmfao

[NeurfBallz]

That surely resembles a Tier1 which currently has a growing internal spammer problem on their *hosting.

Gee whiz. We're the big guy on the block. Tier1 so "we're invulnerable because we can fraudulently retaliate when we are legitimately listed" or "have a difference of opinion with the listing". At least one has fallen in the past. Let's hope that not ALL Tier1's have the attitude that an INFORMATIONAL posting is a legitimate reason for fraudulently inserting BGP null routes which directly affect the operation of the Internet.

Re:lmfao

Doesn't the blocking directly affect the 'operation' of the internet?

Re:lmfao

Doesn't the blocking directly affect the 'operation' of the internet?

Are you really so lacking in a sense of proportion as to consider your question meaningful?

Couldn't install the bugger.

This package is an installation pain.

Re:ObPeeve: SPAM(tm) vs uce spam

[Carlos+Laviola]

Cease and Desist Order
To: An Unknown Number of Anti-Spam Activists, regular Internet users, Tech Magazines Writers, and... stuff
(...)


I don't think so...

suck ass hosting providers already know

The shithead hosting providers know they are signing up spammers when they take the money. duh. fuck 'em all.

Get somebody else to relay

[em.a18]

If you feel that you have been unfairly blacklisted, or some open-relay list doesn't remove you from their list fast enough, get somebody else to relay your mail. If somebody else is willing to vouch for you, then the problem is solved. Your upstream ISP. A business partner.

Unreasonable for innocent systems!

[khodsden]

My system was recently blacklisted on half a dozen lists because another system within my IP block was spamming. The blacklist used xxx.xxx.xxx.* instead of the specific IP address - a range that included my system. The end result for me was that I was unable to communicate with a large number of my customers, and had to move my server to a new IP range.

Requests to remove my old IP addres were, of course, ignored. My system didn't spam, had never spammed, wasn't an open relay, and was still blacklisted.

Personally, I think the spam blacklistings are a good idea in theory. As implemented, I find them annoying and worthless.

Lets put the blame where it belongs

[Steepe]

on you.

So lets get this straight. First you say you screwed up and are willing to pay your penance, but then you say that spam is completely legal and you should have every right to send it.

Please let me know what service you work for so I can NEVER use it.

You ran an open relay, perhaps if you spend some time trying to get taken off the lists, then perhaps you will be more careful next time.

Or, perhaps your employer will figure out that if they simply hire an administrator who knows what he is doing, they won't have these problems.

I just love this crap of spammers blaming everyone else.

From USENET Chad/WhiteLion's defese of spammers

http://groups.google.com/groups?rnum=10&selm=eKvj1 NJQBHA.1228%40tkmsftngp04

Good point.

[fmaxwell]

Not quite. You're required to take a test and become registered with a central database to become a legal driver. Any idiot with a 486 and a net card can set up a mail system after reading a few how-to's and I've seen plenty of highly underqualified people get sucked into maintaining the corporate email servers.

Then that company can pay the price for not hiring a qualified person to do the job. When their mail starts bouncing, maybe they will get a clue and hire a qualified person.

I'd hate to see more tests, government approvals, etc. associated with the Internet. I think that these databases are doing a good job of whacking clueless people's wee-wees.

Use the power of Usenet

[SomeoneYouDontKnow]

What you might try is to bring this issue up on news.admin.net-abuse.email and see if you can get things straightened out. If you go this route, have all your information in order, including your mail server name and IP, the time period in which it was open, what blacklists you were added to and which ones you're stuck on, and, most importantly, the date you got things fixed.

If you've never been in NANAE before, keep in mind that the people there are, by and large, very nice folks who are genuinely interested in solving the spam problem and not persecuting anyone who doesn't deserve it. Don't jump in there with flamethrowers blasting away. Just state your problem clearly and ask if anyone can help you out. If you're running a clean server now, you'll find all the help you'll need.

The other thing I hate about blacklists...

[technopinion]

I like to run my own SMTP mail server on my local machine. It's behind my firewall, so no one can connect to it from outside. I trust it much more than I trust that my ISPs mail server to deliver my mail. The problem is, I'm finding more and more companies/people that I deal with are automatically blocking my mail sent this way, because it originates on a dial-up IP block.
Now I know that plenty of spammers use throw-away dial-up accounts, but maybe ISPs should have some sort of blacklist that they share, such that they don't keep selling accounts to known spammers. Maybe they should have harsh fines in their user agreements for spammers. Who knows... I just hate having legitimate email returned because it didn't come from an ISP's mail server.

Re:The other thing I hate about blacklists...

[SuiteSisterMary]

Can you not tell your mailserver to consider your ISP's server it's smarthost?

Re:The other thing I hate about blacklists...

[technopinion]

But that would mean I'd then have to trust my ISP's server again.

Pain in the butt...

I maintain a server at rackspace.com -- Which, as it turns out, is blacklisted on some blacklist or another that's widely used enough to generate half a dozen bounce messages a day from us. (I don't remember the blacklist name right now -- It's not one I'd heard of until this).

Why are we blacklisted? Not because we spam. Not because we've ever spammed. Not because we've had an open relay, for even a minute. We're blacklisted because someone that controls the list doesn't like rackspace (presumably because they're slow taking care of spammers or somesuch) and blocked off big chunks of their network.

.. and the best part is, there's no way to contact the people running the list! They basically say "If you have objections, post to x.x.x newsgroup and maybe you'll get lucky, but don't count on it"

So .. what can I do? I'm basically getting screwed by this blacklist, but short of leaving rackspace (which I'd rather not do), the best I can do is post to a newsgroup and whine about it a bit and hope that I mysteriously dissapear from the list, but the attitude they take on their website just doesn't seem to make me think that's real likely.

Sigh.

Re:Pain in the butt...

[DavidTC]

The unreachable blacklist is probably SPEWS. I use SPEWS, and people who use SPEWS know full well that it blocks companies, not servers.

Rackspace is a spam supporting colocation service. SPEWS is listing you, yes, you, on purpose. Yes, you specifically. You are being listed as someone who support a spam operation.

The only way to get off SPEWS, like any blacklist, is to stop doing the action that they listed for you. If this was ORBS, you'd have to close your open relay. As this is SPEWS, you have to stop giving money to the scum at rackspace, which means you're going to have to get colo somewhere else. As an extra bonus, you don't have to go though any forms or get 'retested' when you fix the problem, your new IP address will automatically be not listed.

Disclaimer: I am not SPEWS, but I think it would be funny if you assumed I was.

The spam blacklists are really really bad things

I work for a large ISP and we've had entire mail servers blocked because spam happened to be routing through them at some point but the lists refused to remove the server
so basically thousands of innocent people were unable to recieve or send e-mail properly without a workaround because these blacklist servers were blocking network traffic to our hosts

Whaa

In other words, you were too lazy to Do The Right Thing until you got blacklisted, and now you have a problem because not everyone is jumping right up and forgiving you. Forgive me if I don't shed a tear for you.

email

Just remember e-mail is neither secure nor reliable...

Punish somebody or solve a problem?

[k2r]

Thats the question.

To me, blacklists are a way to solve a problem.
They do this by listing open relays.
So there is no reason for keeping a host
on the list, after the malconfiguration
has been fixed.

Every attempt to keep hosts on the list for having
been open relays once is meant to punish or brandmark somebody.

This is nobodys business and people should have
come over it since they finished puberty.
We are not the usenet-military-court.

And of course every list who keeps fixed
hosts on not by purpose is maintained by
irresponsible people.

It reminds me of people who are blocking the
lane on purpose because _they_ think that I'm
driving too fast.

regards,
k2r

Re:Punish somebody or solve a problem?

[NeurfBallz]

No. It's somebody having your car towed out of their driveway because they don't want it parked there.

They aren't keeping your mail from flowing down the highway they're protecting their own locale from it.

Kind of like a store banning convicted shoplifters from the premesis, even after they've served their time. Too bad. You MIGHT some day get in the door for legitimate shopping again. Probably not. Send your mail to someone else. Find a different ISP and behave there so you blend with the crowd.

Re:Punish somebody or solve a problem?

[k2r]

> ou MIGHT some day get in the door for
> legitimate shopping again. Probably not.

This is exactly my point.
You are talking about punishment.
Therefore you are judging about somebody.

I'm talking about a problem and a neutral
solution, not about interfering with somebodys
life/work/whatever.

You talk about getting rid of your problems
and cause somebody else a problem instead
_willingly_.

I think that we're in a better situation
if we try to fix something without breaking
something else that hadn't to be broken
necessarily.

To get back to the car example:
Imagine I did something wrong causing you
to break heavily.

Would you then pass me by and force me
to crash into your trunk just to show me
how it feels ?

(disclaimer: this example is not meant to be taken personal :-)

We have a technical problem here and we
shouldn't make it a personal problem if
we can avoid doing this.

k2r

Re:Punish somebody or solve a problem?

Being banned from a store isn't punishment. Your rehabilitation is not their problem and they don't care how you feel, they simply don't think the risk is worth taking again.

Spam consumes resources so severely that (left unchecked) it'll quickly grow to threaten the very usability of public SMTP. It's much more important to deny access to spammers worldwide than to restore access to one system's legitimate users. Ideally blacklists ought to be cleaned, but I can't blame maintainers for putting little effort into it.

Re:Punish somebody or solve a problem?

[k2r]

> they simply don't think the risk is worth
> taking again.

OK. How high would the risk be that somebody who configured an open Relay and ended up on a
blacklist will ever make this mistake, again?

I think that even the threatening_of_the_very_usability_of_public_SMTP (tm) doesnt justify blocking somebody for longer than necessary. Necessary from a rechnical perspective.

And again:
If you block something to avoid a specific situation (spam-on-my-users-accounts) you should
stop blocking it, if the risk is gone.

It's tit-for-tat.
"I trust you until you fsck with me, but I'll let you off the hook after the next move."

k2r

Re:Punish somebody or solve a problem?

Oh, I agree that taking systems off the list when they're no longer abusable is low risk and a Good Thing (they shouldn't be assumed to be malicious unless let it happen again and again). I'm arguing that taking them off the list is far less urgent than putting them on it was, and that we can't really expect them to put a lot of work into making sure it happens promptly.

Re:Punish somebody or solve a problem?

[k2r]

> I'm arguing that taking them off the list is
> far less urgent than putting them on it was,

Of course, I don't expect the list-owners continuously scanning the net for relays that
have been fixed.

But original author of the post wrote that he
had still problems to get off the lists.
After a period of time that is way longer
than what I'd call okay.

I'd say that at least two or three _days_
should be enough to update the lists.
This would make them more useful because
I could call them accurate, then.

Could we agree on that?

k2r

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:No. Deal with it.

orbz is 100% automated and once you fix your server, you can be off of the blacklist in under an hour.

You obviously read the documentation without ever having actually tried it. I've been on their list. "an hour"? Try over 24 hours. Never believe the marketing.

I'm on a blacklist and I can't get off.

Yup. I'm on SPEWS. I hate this piece of shit blaclist. They realize that their methods will get them sued successfully, so they don't have any contact points. You have to use a newsgroup and then you get 15 replies from random people all advising you of what THEY want you to do to get unblacklisted. It seems plain stupid.

Now, I'm not an open relay. I keep my configs current and everything is run as a tight ship. But, that isnt why I'm on SPEWS. You see, I signed a multiyear contract with Level3 a while back and that is why I'm on SPEWS. All of Level3 is blocked as a spamhaven. I'm one little link on Level3 and I have 3 years left on my contract. What can I do? Nothing. Everyone on the newsgroup told me to move, but I can't exactly do that. I'm not even sure Level3 at large is a spam haven, I don't exactly get much spam from there.

It affects me in one spot only. I can't email the ISP in my little home town. So, I have problems talking to my parents, my grandmother, and my sister. The little ISP ignores my emails because they're SURE I'm a spammer. How else could I be on their SPEWS blacklist, right? Even if they did try, I doubt the spews system allows for easy "let this mail through" features.

What has all of this taught me really? Spam blacklists are no good. It is a technical solution to a social problem. I am acceptable "collateral damage" to the SPEWS system. And that pisses me off. I'll never support an antispam technical solution again. If these people would spend time developing awareness projects and getting others to contact lawmakers we'd be seeing some real spam solutions, and not some piece of shit technical solutions.

SPEWS is the problem

[BCTECH]

I thank the person for this thread. First off I am a user of DNSRBL's I was using MAPS for a long while until they went subscription. Spam is virtually none for myself and my customers so I thank those who run legitimate RBL's

A client of mine (also an RBL users) has been black listed by SPEWS for months now. This is a legitimate ISP with over 4000 dialups, few hundred DSL lines, and 100 or so collocated servers. They have been in business since 1993.

Someone built a case based on three different incidents over as many years to blacklist this ISP's entire netbock. Perhaps they should apply this same logic to UU.net.

When trying to appeal to them to be removed they were told to post to the mail abuse news groups as this is spews vehicle for removal. Well they did this and all they got was libelled by what sounded like a bunch of kids.

Here is the real bad thing about this. Spews blackholed a /18 when in fact this ISP only had a /19. I contacted a maintainer of one of the RBL's that utilizes SPEWS and gave him a heads up that not only is this listing in error but Spews has blocked an additional 32 class C's that belong to another ISP. I informed him of a possible liability for such a mistake. He did not want to hear it and pointed me back to the news groups.

Seems that he was nice enough to contact the guys at spews as the /18 changed to a /19 but my client remains blacklisted to this day.

In reallity it has not been a huge problem for them as I think even the hard core anti-spam advocates have distanced themselves from spews.

Blacklist of blacklist sites?

[mike449]

>Seriously - letting people know about this is the best way to get what you want. If your site is not a relay, any blacklist maintainer is doing their users a disservice by listing you.

>As a mail admin, I'd want to know.

Let's create a blacklist of blacklist sites and not allow blacklists from the blacklisted blacklist sites!

Re:Blacklist of blacklist sites?

[Iffy+Bonzoolie]

How many sites could a blacklist site blacklist if a blacklist site could blacklist sites?

How many sites could a blacklist site blacklist site blacklist if a blacklist site blacklist site could blacklist blacklist sites?

Whee!

-If

Re:Blacklist of blacklist sites?

[Sabalon]

Until the blacklist site of blacklist sites refuses to remove blacklist sites who have changed there ways, then we need a blacklist of blacklist sites of blacklist sites.

Is the room spining for everyone else now?

Re:No. Deal with it.

[thogard]

If you live next door, there is a good chance you can physicaly find them. If their business ethics cause you to lose business then there are things you can do. You can complain to your ISP. You can find a better ISP. You can complain to your local Better Business Bureau. You could even sue them in court depening on your location. You could get your good buddy Guido have a talk to them about their kneecaps. You have options.

There's a reason you're on a blacklist

[CaptainSuperBoy]

Am I way off base here, or is this self-appointed mail police thing going in the wrong direction?

Yes.

The 'self-appointed mail police' aren't your problem. Your problem is with the sites that are still blocking you, after you have fixed your open relay. They may be using an old blackhole list. In any case, your mail has no god-given right to be accepted by their servers. List maintainers discourage sites from using static lists for this reason, but nobody's forcing the sites to take you out of their list.

Some lists have reasonable policies, and we've since been removed. Other places are a little more arbitrary as to removal policies, and although I can prove we're not a relay, we're still listed

Read news.admin.net-abuse.email. Every day there's a new poster ranting about the spam nazis blocking their mail, you people have no right, I fixed the problem, blah blah blah. If you've truly fixed the problem, they'll be more than happy to take you off the list. Don't expect overnight service - after all, nobody's to blame but your company for running that relay.

I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system?

Please don't - the analogies have been drawn before, they've been heard, and they've been rebutted. Are the lists infringing your right to free speech? No. You have a right to speak, but you have no right to be heard.

You're saying no one owns the e-mail system, so everyone has the right to flood it with crap? Try, no one owns the e-mail system, so it is everyone's responsibility to keep it from being abused.

I'm trying to move data from one point to another, and some machines in the middle are discriminating against my data because a corrected, perfectly legal system configuration error.

Hardly. You're trying to move data, which is being actively refused by the recipient - they've made a choice NOT to receive your e-mail. Their action is a response to your failure to act in correcting your e-mail system. There is no 'machine in the middle.' Also, what does it matter that it's legal to run an open relay? It's legal to let garbage pile up on your lawn.. but it's not nice.

Has SPAM really decreased universally thanks to these lists?

If you didn't get blacklisted, would you have ever fixed your open relay?

Re:There's a reason you're on a blacklist

"Don't expect overnight service "

Let me translate for those of you who don't speak this language:

"I'm only doing this as a hobby, and I'm not quite sure how the system works exactly".

Sorry dude, you seem to be a straight talked, but then you end up making excuses for incompetence. Either run the list or shut it down. Don't tell me about how you can't be bothered to run it like a professional. Don't be a loser who makes excuses for himself all the time.

Re:There's a reason you're on a blacklist

[CaptainSuperBoy]

Hey, I don't run any blacklists! Bring it up with them, or post it in news.admin.net-abuse.email.. should give those guys a good laugh.

Re:There's a reason you're on a blacklist

[k2r]

> In any case, your mail has no god-given right
> to be accepted by their servers.

hey, the use-/internet works because people/systems _cooperate_.

and because admins act _reasonable.

Nobody wins anything if we keep some host on the
blacklists.
Everybody wins if we keep the blacklists
up-to-date. Admins will actually consider using
these lists, then!

k2r (I'm so naive tonight)

P.S. except from the spammers, of course...

Re:Using Sendmail how do you stop being a open rel

[SuiteSisterMary]

Jeepers krikies! I'd be FAR more worried about the basic security holes in a system that old. Remember, Sendmail was THE canonical 'drive a truck through the security holes' daemon. Hell, you used to be able to get root access to the machine by typing one of a few single words!

Blacklists actually create more SPAM.

[SonicBurst]

Instead of making the scum actually *look* for open relays, we GIVE and MAINTAIN current lists of open servers for them!

So, tell me again who the smart ones are?

Re:Blacklists actually create more SPAM.

Hi Mr. Troll, how are you today?

Instead of making the scum actually *look* for open relays, we GIVE and MAINTAIN current lists of open servers for them!

GREAT way to look at the problem!

All open relays are on blacklists because the spammers are already using them. Since they're not added to the lists until after they've been used for spamming, how do you suppose the spammers found them?

THEY LOOKED FOR THEM

Spammers don't look for open relays already in databases, because they know that they've already been milked, and are already blacklisted. So they go looking for their own.

Re:Blacklists actually create more SPAM.

[SonicBurst]

You're crazy if you think every spammer out there looks for new relays every time they send out a mass mailing. Of course they use these lists. Half the mail server admins out there have no idea what an open relay is, let alone close it. I'm sure that a very large proportion of the relays in those databases are still open. Some people actually DESIRE an open relay. These lists just make the abuse worse.

Yes, you're right, the reason these servers are on the list is because they were discovered and abused already, but what's the point in making it easier for others to find them?

And, getting right down to it, open relays are not the problem. Spammers are the problem. Let's compare mail servers to routers for a second. Think of what would happen if internet backbone routers didn't relay packets to other routers -- no internet. Mail servers were originally designed in much the same manner: get the mail wherever it needs to go, in case some other server is down. Granted, this is no longer necessary, but you get the idea.

Tough cookies

A blacklist is intended to do what again? Stop mail from domains of known spammers.

So you left your server open, and people exploited it to send spam. Now you're blacklisted. Looks like the blacklists are working just fine.

Fact of the matter is that YOUR SITE was used to spam people. You've fixed the hole since then? Big deal. You screwed up, and the price you pay for this accident is being blacklisted.

Here's a revolutionary idea: accept some responsibility for your mistake, and deal with the consequences. Can't get off the blacklist? Change your domain and don't screw up again.

There's far too many admins that aren't accountable and don't take the time to (a) learn about the services they're providing, and (b) check to make sure their systems are secure. If you don't know how to run a service, you have no business running it. Don't go crying when you get called on it.

Re:It's anti-democratic ! There are other (better)

[CaptainSuperBoy]

1. These list should inform you have been added

If you were added to a list without any knowledge that you had a spam problem, you are not qualified to run a mail server. If you were in any danger of being blacklisted, your postmaster@ account must have received hundreds of spam complaints. If you just ignored them, what did you expect to happen?

2. They should leave you 10-15 days to fix the problem before blocking you

Why, so spammers can abuse your servers for 10-15 more days? It was eating up YOUR bandwidth too, you know..

3. They should help you. I was *very* shocked by ORBS attitude "we block you, and we don't care if you cannot correct it"

ORBS WAS the exception, not the rule. ORBS is gone now btw, but they weren't known for their user-friendliness or their accessibility. Nevertheless, it's YOUR responsibility to fix your server, not theirs.

Example : Accept any IP address for relay except ORBS, you won't be blocked but you're an open relay ;-)

You didn't come up with this idea you know.. it's been done before. What did we call the people who did that? Oh right, spammers.

Are Blacklists unreasonable? No.

[wdr1]

The sad fact is that a lot of admins would not take action if they were not faced with the consequence of being blacklisted. Given that fact, while this solution isn't perfect, or even great, I'm not sure that there's a better one out there. In fact, it sounds like you guys may not have even been aware of the problem of running an open relay, had you not been blocked in the first place.

You've taken steps to fix the problem, which is great! I'd imagine that most of the major blacklists will begin to remove you. Some, yes, will be slower that others, but hey, consider that your penance. ;-)

Some other points:
Is this making spam less of a problem, or are we trading one problem (SPAM) for another (the reliablility of proper maintenance of SPAM Blacklists)?

Absolutely not. In fact, I don't even see any trade at all. Instead, what it is doing is moving punishment from the victims (those spending time, money, cpu cycles, etc. dealing with spam) to the offenders on the shoulders of those having done wrong (flat out spammers to lesser offenses, such as yours, running an open relay).

I'm sorry if in your particular case, you're having trouble getting off lists, but I still think that's more fair than me dealing with even more spam.

The fact that your relay was never used is meaningless too, BTW. It would have happened sooner or latter, as there certainly ARE *MANY* folks out there scanning the network looking for open relays. All they have to do is wait until most folks have gone home for the day and pound the heck out of it. You come in the next morning, hopefully notice something and stop it then, but in the mean time, damage done to the rest of us.

Expecting us to wait until you're used for spam is unacceptable.

And lastly:

...isn't the bottom line that no one owns the internet e-mail system?

No. Whoever told you that is just wrong. Internet email is not the absence of a owner, but an accumulation of shared owners. Each person who owns a SMTP server on the Internet has a small piece of ownership of Internet email. Each person is free to do what they will with their hard, and want to block others because they are causing massive problems, that's their right to do so. You can chose to ignore them, if you think they're being unreasonable, or you can chose to cooperate if you think they're not. Likewise, you could decide to block every domain with a the letter 'Q' in it if you so desire. You action may not have as much strength as you might not be able to garner much support from you fellow owners, but just because of that, you can't get mad at those who do have a good argument and *do* garner support.

My two cents,
-Bill

Rot in BlackList Hell

You got what you earned.

Wow

[CaptainSuperBoy]

Now that's a company I wouldn't feel guilty about working at and goofing off all day..

What helped us and our users the most

[shadie]

We (dds, a dutch isp) had a spam problem, and being a free email provider for such a long time did contribute to that. When we went out to solve this problem we did it in three steps:

- Implement RBL+ on our mailservers (got the load down a bit though)

- Created a global "spam filter" (weight system a la junkfilter) wich was opt-in for our users..

- We installed procmail, gave each user it's own .procmailrc and made a web interface to create procmail recipes in an "outlook" style.

This recipe maker could then be accessed by each user on their own user pages, or they could just make receipts through their shell access

Our end users didn't really notice much about our use of RBL. And most of them don't know what rbl is annyway.

But giving them the possibility of filtering email on the serverside _themseve_ did make a difference! It gave them a feeling we are fighting spam, and that THEY are also in control !

And last but not least... Giving your users info on how to _avoid_ spam is important!. We did this by writing clear faqs on avoiding spam, and pointing each new user to these faqs

(b.t.w... this was my first post on /. , lurking time is over i guess :-)

rlsnyder: Inadvertant sysadmin

rlsnyder continues: "Am I way off base here, or is this self-appointed mail police thing going in the wrong direction?

Looks to me like rlsnyder's going in the wrong direction. rlsnyder admits that he ran an open relay, and he figures that's a reasonable mistake. It's a bit more than that though.

A sysadmin that doesn't think to check to see whether a newly installed SMTP relay is wide open or not is like a mechanic that forgets to put motor oil back in the engine or doesn't add brake fluid after changing the master cylinder. Not very professional. The reasonable person is leery about allowing either of them another chance to abuse their machinery in the near future.

If rlsnyder was competant, he'd have fixed the open relay, identified the blacklists that list his SMTP relay's IP address (http://www.ordb.org/lookup/rbls/) and submitted retest requests. He'd have been out of the most widely used open relay blacklists (which is all that matters) in under 24 hours.

I don't maintain any blacklists, but I do make use of them, and I have every right to continue to make use of whatever blacklists I see fit. If the blacklist nomination or removal criteria doesn't fit my needs, then I won't use them.

People that have a problem with this have realized that there's nothing whatsoever they can do about my (or any other sysadmin's) decision whether or not to use distributed blacklists to filter email. So, they try to go after the blacklists themselves. That will never ever work, because the root cause of the existance of blacklists - a desire by reasonable people to protect their systems against spammers and incompetent or inadvertant sysadmins - will still be there.

An idea..

[kutulu42]

How about an automated removal process? When someone (who has fixed their open relay) requests to be removed from the spam blacklist, the blacklist's site could attempt to connect to and relay test-spam through the supposedly fixed relay. If the mail gets delivered (to e-mail addresses monitored by the spam blacklist site), then the relay hasn't been closed properly and thus won't be removed from the list.

Re:No. Deal with it.

[Flower]

Hey, that isn't exactly fair. When the old admin left I inherited the job of maintaining the mail server. I knew nothing about e-mail but did know Unix which few others in my department did.

Nobody told me the server had an open relay on it . Worse, nobody told me this was permitted to allow one department to relay off of us when they were at a customer site.

Needless to say, it wasn't long before we got listed and I got a quick education about smtp. Once I had a grasp of what was going on I immediately closed the relay and got us delisted.

Then after a sick day I came back to be informed that the relay was open again. The department in question had enough politcal clout to make it happen. Well, we got back on the lists and worse yet we got on Earthlink. I quoted RFCs, gave them alternatives to using our server as a relay (like configuring their e-mail client properly) and, in the end, I created a form letter and started turning other departments against the offender by basically telling it like it was. In a professional matter of course.

Getting off of ORBZ was easy and I'm happy to say I never landed on MAPS. But Earthlink was a chore. They run their own service and what made me unhappy is the technical contact listed in their whois entry is for desktop support. It took me a week of phone tag to find out I should be contacting a department called Corporate Escalates. Once I got to them it took less than an hour to be removed.

And fwiw, all lists are not equal. Strangely enough I did wind up on ORBZ again. It seems they changed the way they did their test and added one for name!domain_to_send_to@server2relay_from. The version of software I was using didn't stop this and I had to upgrade.

Now that I'm done with getting this off my chest (sorry, I had to.), the real issue isn't with admins who don't know anything. It's with admins who don't care enough to learn and do it right.

OFF.TOPIC!

I just realized... that pig image is made of spam!!!!!!!

Immediate solution to your problem

[lw54]

If you're really serious about getting your email back onto the Internet, you need to make some network changes. Changing the IP address isn't enough. You'll need to change the subnet the mail server is on as well as the domain name. If you're interested in backward compatibility, as I'm sure you are, you can set up a host on the old address to forward packets on to the new host.

I use SpamAssassin (but no Blacklists)

[Bloodwine]

I discovered SpamAssassin a couple months ago and I must say I am very pleased.

It has successfully stopped around 84% of incoming spams and no false-positives (marking non-spam as spam) thus far.

You can hook it into blacklists, but I never used that feature. I doubt it'd really help much, anyways and would probably end up doing more harm than good.

Yes, 16% of spam still gets through, but that's not nearly as annoying as having mailboxes fill up with spam and eat away the spool partition at an alarming rate. Not to mention I could probably stop 90%+ of spam, but that increases the change of incorrectly tagging non-spam as spam.

Best of all, I control the rules and the scoreboard... I don't rely on a third party to deem who sends spam.

Re:No. Deal with it.

[CaptainSuperBoy]

If you don't like your ISP's spam policies, change ISP. It's not the list's problem that you're one IP away from a spammer. It's also 'collateral damage' like this that forces a lot of ISPs to deal with their spam.

Info on SPWES

[Bruj0]

SPEWS
And his FAQ
And no, im not in for the karma, is just that i wanted a link, meaby others too.

Message to the Spammers

[Compenguin]

Thanks anyway but I'm completely satisfied with the size of my penis.

Re: Exclamation marks

[CatherineCornelius]

Of course the boss who sends you email with all block caps and exclamation marks is long overdue for some luser attitude readjustment, and if you're any good he'll know it. You alone should have a final say over what email you accept, and if you want to delegate that to a script, that's up to you. If your boss needs to contact you infallibly, arrange a system.

End users don't know...

their mail is being filtered. This is a major problem - we send mail to a customer and they never get it. Later, we find out their isp uses some stinking blacklist. Joe Customer has no idea his mail is being filtered. And no, we can't just "fix the problem" being we're using PacBell servers and PBI winds up blacklisted once or twice/year. For incoming mail we use our web hosts server and those bastards (who have been top notch in every other respect) implemented a blacklist without notifying it's customers. All of a sudden we're losing 5-10% of our legitimate mail from customers.

The bullshit associated with these lists is well documented. It's also not a matter of "running my own GD server how I like" because it's affecting a lot of users who never opted into the system and don't even no they can't reliably receive email.

Blacklists are a PITA for mailing list owners.

[elgee]

I have run a mailing list for a number of years on my local ISP. Twice, my ISP has invoked the services of a SPAM blacklister. First Orbis and now SpamCop. Both times, it has shut out subscribers to my list as they were on blacklisted isps. I hate spam as much as anyone, but using the shotgun approach to punish all when only a few are guilty, is fundamentally wrong.

The Internet is getting curiouser and curiouser.

Re:Blacklists are a PITA for mailing list owners.

[NeurfBallz]

Picture:

Five (to keep it simple) mains pumping from underground springs into a reservoir used to store drinking water before final treatment. One of them starts spewing raw sewage from a neighborhood cesspool.

Obviously, you cut it off (even though there might be some clean water mixed in the flow). When do you turn it back on? How much guarantee do you need that the pipe itself is cleaned out so that you are not as likely to get more sewage? How long must that water be sampled elsewhere before you're willing to risk it again? If it wasn't much of a well to begin with, maybe you just turn it off permanently.

Clueless E-Mail Admins

[NeurfBallz]

Three months ago, I was flying on my standard route complete with not only my own normal load, but (unknown to me) a cluster of portapotties in my cargo bay. Unfortunately the bay door was left unlatched and I scattered the contents of these uncleaned portapotties all over three neighborhoods. Now, it wasn't a BAD spill. Only a few thousand (or was it 10s of thousands) of people bothered. For some reason, the residents don't want me to fly on that route any more, and I don't think it's fair. It was a simple mistake, and it only affected a few people - but they told others, and now there are other places that don't want even my normal cargo flights, let alone ones with unexpected dumpage. It's just not fair and I'm gonna hold my breath until these unfair people notice that I turn blue! Why should I be humble about my mistakes. It only cost those people a few hours of cleanup, each. IT'S NOT FAIR!!!!! Why should I be penalized for someone ELSE putting those portapotties on my plane? I gotta be able to fly my route to keep my [ job | business ]. Why should I be penalized for something that happened MONTHS ago, and was small a the time. Trust me - I check the latch every time this time, and compare my cargo against what's supposed to be there. Puleeezzzz let me fly over your houses and businesses now - - puleezzzz! It's my constitutional rights! You gotta let me! You gotta be fair! It didn't really take me long to clean up the plane - why would it have taken you long enough to clean up. You shouldn't hold a grudge. You should trust me. Really!!!</SATIRE>

On the subject of open relays

[Henry+Stern]

On the subject of open relays, how does one tell sendmail to authenticate users (using login/passwd) coming from outside?

Re:On the subject of open relays

[NeurfBallz]

You set up SMTP-AUTH (e.g. SASL or STARTTLS with client certificates required on your MSA - which should probably not be the same server as your MTA). With STARTTLS for incoming satellite mail, you also get encrypted transmissions, presuming it's set up correctly, so that your inter-office memos aren't E-postcards.

I didn't find it hard to get delisted.

[justinstreufert]

My personal DSL mail server was used to send about 4,000 spam messages about a month ago.

I instantly showed up on about 5 of these spam blocking lists, including ORBZ, the MAPS RBL, etc. I fixed the open relay issue in an hour, submitted my IP and was off all of the lists in about a day. No problem. *shrug*

P.S. Anyone know a good way to delete messages on a regexp from the Qmail queue? ;)

Justin

I hate PHBs...

[Brendan+Byrd]

Now that I'm done with getting this off my chest (sorry, I had to.), the real issue isn't with admins who don't know anything. It's with admins who don't care enough to learn and do it right.

Now do you see what happens when you don't care about security? I'm sorry about the PHB a-holes you had, but that's the companies fault, not yours. However, if you're using a mail server, you better stick to your postfix/sendmail/etc. books if you want to keep your job.

Re:End users don't know... - WTF -- why not?

[NeurfBallz]

Then you should run your servers so that the users get the D.S.N returns that are actually generated. That's what it's for, after all. FYI PacBell filtered a .forward from a subscribed-to list for one of my users today. They refused delivery to the .forward-ed account, from a subscription here.

That's not to say that the place sending it wasn't a spamhaus and shouldn't have been filtered. They're able to deliver ONLY to my users that have asked for it. And now (it appears) not to them either. If the bounces continue, I'll zap the listings that allowed them thru to those users.

Re: Exclamation marks

Yeah. That scales. Brilliant.

Re:It's anti-democratic ! There are other (better)

[Desert+Raven]

3. They should help you.

I see, because you're too ignorant to properly run a mail server, anyone who wants to put you on their list of open relays owes you free technical support?

Tell you what, if I ever bounce an email from you, I'll give you all the help you want, at my standard hourly contracting rates.

Y'know, I might just put that in my bounce messages...

I don't accept ORBS having decided what's permitted and what's not ! Some relaying is permitted and some not.

ORBS didn't decide anything. The owner of the mailserver using ORBS decided what is permitted, and chose to use the ORBS list to help in that goal. You don't have a right to send mail through my server, I choose to allow you to send mail through my server.

I use blacklists. I'm very careful to choose lists that are automated or actively maintained. Yes, I've had legitimate mail to one of my users get bounced because her company was running an open relay. I told them how to secure their server, they told me they had to run it that way because of remote users. To my knowledge, they're still being blocked, no apologies.

Re:It's anti-democratic ! There are other (better)

Umm, well, if you don't want the responsibility of
running your own mail server, there's plenty of
companies out there who will handle your company's email for you.
You want to put a mail server onto the wide Internet, you need to be responsible. It's not fair for us to eat your exhaust fumes out there because of your irrasponsibility/lack of training/"me me me" attitude.

Re:Using Sendmail how do you stop being a open rel

1.15 is a bit older than anything I've mucked with. See if you have a function called checkcompat() in conf.c. If so, you can add an explicit check for your network or specific trusted machines there.

/* watch your endian... */
#define TRUSTEDMASK 0x00FFFFFF
#define TRUSTEDNET 0x00010203
/* some specific machines */
#define TRUSTED1 0x03040506
#define TRUSTED2 0x06070809

oh fer rice cakes.... well, I'd post the code, but I encounter the lameness filter. Anyway, it's pretty easy to do. Just mask RealHostAddr.sin.sin_addr.s_addr and compare it against your network and return EX_OK if you match or if you match any of the specific hosts. If you fall through without matching, call usrerr and pass a string like "550 Source IP address unacceptable for mail relaying", then set q_status and return EX_UNAVAILABLE.

Good luck.

Curious... this message board seems to allow me to include a little bit more code if I preface it with a wordy rant about not being able to post code. Must be a percentage thing. Posts must include at least a 2:1 ratio of rant to code I guess.

/* Test for acceptance if it came from an IP network */
if (RealHostAddr.sa.sa_family == AF_INET) {
/* Accept mail from our network */
if ((RealHostAddr.sin.sin_addr.s_addr & TRUSTEDMASK) == TRUSTEDNET ||
/* Or from specific machines */
RealHostAddr.sin.sin_addr.s_addr == TRUSTED1 ||
RealHostAddr.sin.sin_addr.s_addr == TRUSTED2) {
return (EX_OK);
}
}
/* reject */

Cheers

SMTP does all that

[kaisyain]

RFC 2554: SMTP AUTH.
RFC 2487: SMTP over TLS.

The first problem is that people don't use either of these things. The second problem is the don't really address the problem of dealing with spam.

If you only want to receive email from pre-designated people, you can already do that. Hotmail, for instance, provides a filter that says, "Throw everything in the trash unless I specifically tell you otherwise." But generally people don't know in advance who they want to receive email from. This is what spam takes advantage of.

Providing authentication doesn't solve this problem. One idea that has been put forward is to charge people to accept unsolicited email. The idea is that you have to pay me $1 if you aren't on my white-list. Then I can look at the email and refund you that $1 if I decide the email isn't junk. There are problems with this approach but it is an interesting idea.

Re:SMTP does all that

[Sabalon]

RFC 2554: SMTP AUTH.
I'm using this. We have a server for our students on campus. However they use any ISP they want, but are required to use their student e-mail for comminique (something about that way we always know we have the current and correct e-mail address for them, and we can prove they got a piece of e-mail).

Anyway, with SMTP_AUTH, from anywhere on the net(*) they can now send their e-mail and relay through us. They don't have to always be choosing the correct outlook account setting or any of that bs.

(*) well, anywhere on the net that does not block port 25 connections. AOL, Earthlink (who provides the complete unblocked internet - bullshit), and others will not allow connections on port 25 to anything but their mail servers.

They claim that this cuts down on spam since spammers can't use an account to use an open relay somewhere. Does this mean now that the spammers just use the earthlink smtp server instead? Anyway, a config setting, a listen on port 2525 and all is solved.

RFC 2487: SMTP over TLS.
Isn't this just an encrypted smtp? Yeah...that really doesn't do much for spam at all like you said.

Re:SMTP does all that

[curunir]

The second problem is the don't really address the problem of dealing with spam.

That was exactly my point. The point of adding authentication would be to establish a trail of accountability for the email. If a user had to login to be able to send an email, that user's login information could be added to the message's headers. The only time that authentication would not be necessary on the last message hop when the server is accepting mail for local delivery. You would still be able to recieve email from anyone, but each email would have a verified sender who would be accountable for his/her actions. If this "path" could reliably be determined, legislation preventing UCE (with civil penalties for sending it) would be all that's necessary to solve the problem.

The situation is analogous to someone continually calling you on the telephone. If a caller-id system is in place and there is no way to block caller-id then all that's needed to solve the problem is laws banning excessive calling.

The problem with SMTP AUTH is specifically that it *is* compatible with SMTP. What is needed is a protocol that is completely incompatible with SMTP. Then, anyone who gets fed up enough with SPAM can only accept messages by the new protocol. Anyone attempting to send them mail via SMTP would recieve a bounce message telling them they need to send their message through the new service.

Additionally, this would be a good time to sensibly implement some things that have been kludged onto SMTP (mandate PGP, intelligent attachment capability, html formatting etc)

Satire! Satire!

why not?

RFC 2505

[Flower]

Anti-Spam Recommendations for SMTP MTAs

'nuf said.

Mixed feelings

We all hate spam, right? I also think it's safe to say that the vast majority of the Slashdot's readers value freedom tremendously. The merits of the GPL are well accepted here, because it lets a programmer do whatever he damn well pleases, as long as he keeps his work free. Long live democracy!

Anyway, each link in the ordb chain is the result of someone exercising their freedom to either gather and maintain information, or refuse to transport e-mail messages based on the freely gathered data. Hard to find fault with that.

I also agree that there is little reason to run an open relay, other than convenience, and that most open relays are the result of either carelessness or inexperience. However, convenience is nice. An open relay is HANDY, even for legitimate, personal purposes. Regardless of whetehr there is a good reason, shouldn't a person have the RIGHT to run an open relay? There is nothing criminal in that. It is also possible to run said open relay in such a way that the administrator gets alerted as soon as a spammer tries to abuse it, A little Perl, and voila...

I submit that I have every right to have an open relay, and not risk having my e-mail blocked based solely on that basis. I liken it to assigning guilt without proof of a crime. Imagine losing your driver's license because you MIGHT someday run a red light, though you never have. Driving, like e-mail, is a privelege after all.

I know this is controversial, but I think the ordb mentality simply does not offer the kind of dexterity to be fair and just. Countless valid communication is lost every day, because of this. It is not up to some guy in Denmark or anywhere else to tell me how I should behave or run my server. Kinda like it isn't up to Microsoft to rule how we conduct business on our desktop.

I wonder, how would Slashdotters feel if Microsoft decided to block all non-Microsoft browsers from accessing any site running IIS, and left the check box in the server's options box for such a 'feature' enabled by default. It would be their right to do this, since an admin could just turn it off, but I can guarantee that the same people that support ordb would scream bloody murder because it would be another example of Redmond trying to take their freedom away.

Think about it. There is nothing wrong with running an open relay, if you manage it right and the volume is low enough that it is reasonable to do so. Shouldn't it be your right, without fear of someone else trying to modify your behavior?

Re:Mixed feelings

Your locale must license anyone who meets the requirements, making driving a conditional right. Email is nothing more than a convention between independent parties, lasting only as long as they feel they benefit from it. You can't have a right not to have your email blocked as long as any servers are privately owned.

Re:Mixed feelings

[Skapare]

I submit that I have every right to have an open relay, and not risk having my e-mail blocked based solely on that basis.

I submit that I have a right to not accept e-mail from your open relay for no reason whatsoever (but generally I will do so because it is an open relay). If mail is relayed through your server, then I see that as sufficient proof for my purposes. I'm not asking the government to come take your personal freedom away, or take your driver's license away, or even take your network connection away (though many would want that taken away). IMHO, you have the right to be connected to the internet with an open relay if you want, but you have no right to expect that everyone must accept mail from your server, or even accept any IP packets from you, because of being an open relay.

Liken open relaying to doing bizarre behaviour, or having serious body odor because you don't shower. It's your right to do that. But it's also my right to have nothing to do with you and not even hire you. We just keep apart.

There is nothing wrong with running an open relay, if you manage it right and the volume is low enough that it is reasonable to do so. Shouldn't it be your right, without fear of someone else trying to modify your behavior?

First of all, in reality, it won't happen. As soon as the first spammer discovers your open relay they will spam. And I got hold of one of these spam lists and found that the very first entries are of spamware authors and other spammers. So they are going to be among the first to be spammed by the spammer that found your open relay. Now several spammers have your IP address. It will be like a shark feeding frenzy. Eventually the spamming gets down to the addresses that have will alert the blacklist operators, and you get blacklisted.

I don't want the spam, and I'll accept the collateral damage of loss of legitimate mail from your server in exchange for protection from the spam. And that's my choice and I have the right to make that choice, and base it on information I believe to be factual (e.g. ordb and orbz). You have the freedom to choose which way you want to behave, and all that comes with it (or not).

Re:Mixed feelings

I agree with all of your points here. You indeed have the right to refuse mail from my server based on whatever criteria you deem sufficient. But you seem to have missed the point of my words. Using solely the criteria of an open relay means that you run the risk of blocking legitimate communications to those that depend on your server, without their knowledge. You may deem this sufficient criteria since you hold the cards as the server admin, and are willing to live with the 'collateral damage', as you call it. But I wonder...have you taken the time to ask your users if they mind having the occasional legitimate message blocked? What about business mail? If they mind, then your criteria would be insufficient. I am sure you would agree that running an e-mail server is a significant responsibility if you run it on behalf of other users.

My point is that ORDB is a very crude means of stopping spam- a real 'throw the baby out with the bath water' approach that is effective but also potentially damaging. There are better ways, and a number of posts in this thread have described them in detail.

>You have the freedom to choose which way you want to behave, and all that comes with it (or not).

That's the point. I don't have the freedom, as long as I might want to communicate with you or one of the people depending on your server, I must behave in a certain way. Even though after 2 years of running an open realy, not a single piece of spam was sent through my server, I could be presumed to be a criminal, unable to speak to anyone whose account you control. By using ordb, you are taking on a role which you should consider carefully. Your users have the right to receive their mail, regardless of it's origin, if they are paying you for that service.

I can only hope that you are open minded and are willing to consider the ramifications of controlling one's communication, without their knowledge. You have the right to do what you do, as does every link that makes up the ordb system, but by using the combined effect, you are inflicting potential damage. You can disregard this entire line of reasoning if your mail server is for you and you alone, but please reconsider, if others depend on it.

Re:Mixed feelings

[Skapare]

But you seem to have missed the point of my words. Using solely the criteria of an open relay means that you run the risk of blocking legitimate communications to those that depend on your server, without their knowledge.

My users are fully aware of the spam blocking I employ. I've received no complaints, and only investigation requests. Most cases of "I was expecting this mail but never got it" came down to what you might call "collateral damage". In all of those cases it was a misconfigured server at the sender side. One was an actual open relay. Three were missing or invalid reverse DNS. All got fixed when the errant sysadmins were told what to do.

If my users prefer a mail service with less collateral loss, and more spam, they can either ask for it (I could set it up using a separate server), or they can move along to another provider. So far no one has asked for it.

My point is that ORDB is a very crude means of stopping spam- a real 'throw the baby out with the bath water' approach that is effective but also potentially damaging. There are better ways, and a number of posts in this thread have described them in detail.

I employ a combination of mechanisms. First is my own list of IP addresses to allow through, bypassing the remaining tests. Then the connecting IP address is queried over reverse DNS. If no name, the mail is rejected. The name received is queried by forward DNS requesting A-records. If the connecting address is not received in an A-record, the mail is rejected. If the DNS test passes, then the domain name is checked against a list of domain names to allow through. Then SBL, ORDB, and ORBZ are checked. Then my list of domains to reject is checked. And finally my list of IP addresses to reject is checked. Anything not yet rejected is allowed through.

Many suggested mechanisms require first accepting the mail, so that one can, for example, examine the headers or the mail body. I might some day add those mechanisms, but I do not want to remove the mechanisms that reject the bulk of spam prior to accepting the mail. This is the key. I don't want my server to become responsible for delivering the rejection message. For most spammers, the mail can't be delivered and either the mail stays in the queue retrying for a while, or my postmaster box gets the rejection of the rejection reply.

I have found that checking for keywords in content is not effective. Much mail gets matched that is not spam. Much spam is now sent as MIME encoded attachments, making it necessary to further run a detach and decode. Some spam even comes in MS Word format (tempting to get their product serial number out of it).

I'll stick with the mechanisms that work before mail is even delivered. It has a very high spam rejection count to collateral damage (67000 to 4 in the past 7 months).

That's the point. I don't have the freedom, as long as I might want to communicate with you or one of the people depending on your server, I must behave in a certain way.

You do not have the freedom to barge into my home at 3 AM just because you want to communicate with me. You have the freedom to try to communicate with me using civil means that do not violate my rights. You do not have any right to be guaranteed this communication. I might simply not answer the door at 3 AM. I might not even answer it at 3 PM. I'm not presuming you to be a criminal just because my server doesn't want your mail, or because I don't answer the knock at the door. And my users know this is happening and are free to use another service.

By using ordb, you are taking on a role which you should consider carefully. Your users have the right to receive their mail, regardless of it's origin, if they are paying you for that service.

I have considered the role very carefully over the past 2 years. What I do today is the result of it. Yes, my users do have a right to receive their mail. And they can choose to fully exercise that right any time they wish by any means, such as operating their own mail server, asking me to operate a different class of service for them, or asking another provider for service. Right now they are not paying me to accept mail from absolutely anywhere it happens to come.

I can only hope that you are open minded and are willing to consider the ramifications of controlling one's communication, without their knowledge. You have the right to do what you do, as does every link that makes up the ordb system, but by using the combined effect, you are inflicting potential damage. You can disregard this entire line of reasoning if your mail server is for you and you alone, but please reconsider, if others depend on it.

They are quite aware of what I am doing. They may not understand all the details (they have little interest, for example, in how SMTP or DNS actually works). They know their spam load is down. And they know they (the ones with their own domain names) can ask me for service via a fully open server (which is easy enough to do by binding a new IP address, changing their MX records, and starting a new instance of Postfix with a different configuration ... I don't even need to invest in new hardware).

My big point is that even though I am providing a service to others, I am not obligated to provide that service in any way other than how I have agreed with my users to provide that service to them. Further, I can also decline to offer service of any type they might ask for, if that is my choice. While I might provide the fully open mail receipt service, if asked, I can tell you I will not provide a service of hosting a spam transmission operation (spamhaus) nor will I host an intentionally open relay. I will decline to offer any kinds of services which could in some way compromise those other services I do offer. And I do have the right to choose the business I will be in, including to choose not to provide any fully open mail reception, should I so choose.

RBL's help spammers

[Corvar]

One thing that I haven't seen pointed out is that spammers seem to use the RBL's to find open relays. They no longer have to look for them, they look on the lists, or look for rejects in their own logfiles.

Get listed in Osirusoft, and watch your mail volume skyrocket within hours.

Re:RBL's help spammers

[Skapare]

So be it. That means people running open relays get pounced on. Serves 'em right.

Re:It's anti-democratic ! There are other (better)

But I am speaking about Linux/Internet in 1997, for example...

Quit living in the past. It's been five years -- do you want to go back to 14.4 modems, too?

And most importantly these lists are not based on any RFC or any standard

BFD -- if mother doesn't say I can do it, I'm fornbidden? What childish crap.

And in case you hadn't noticed, spam contravenes any RFC dealing with how the Internet is intended to be used. The spammers' reply to those RFCs runs along the lines of, "RFC this, MF -- what I'm doing is not illegal, so stuff your RFCs."

Try DCC for spam control

[ooglek]

DCC, or Distributed Checksum Clearinghouse is a method where when the internet gets slammed with spam, this system adds a header to each of your e-mails. With this header, you can strip out e-mails which are most likely spam. Here's an example header:

X-DCC-wanadoo-be-Metrics: thermonuclear.org 1016; From=0 Message-ID=0
Received=0 Body=many Fuz1=many Fuz2=many

Basically every e-mail you get, you pipe through a program. The program takes all the headers and the body, generates a checksum on them, and stores it in a database. As you can see from above, you have From, Message-ID, Received, Body, Fuz1 and Fuz2. If everyone on the net gets 10,000 e-mails from the same From: line, it would show "many" instead of 0 (zero). Here the Body of the spam, as well as two Fuzzy methods (lossy?:-) identify this e-mail as something that has gone to tons of people, and is marked as such. Then I just have procmail spit it into /dev/null and voila! It's gone.

There are hooks for sendmail and qmail if you want to do it enterprise wide. I've been real happy with it. Only on a few occasions do I lose mail, but mostly because I haven't set up my "white list" or approved senders.

More info on Rhyolite's site.

Peter

Re:Try DCC for spam control

[Skapare]

I make the decision whether to accept or reject mail before the headers and body are ever received. I don't want to be handling the returns on the rejections because I've accepted delivery, and then have to deal with huge queues of rejections that can't be delivered. I let the sending server do that.

Spammers can try and get off blacklists too

[psykax]

What people seem to be missing is the fact that someone running a mail server for spam can claim to have fixed their configuration, get it automatically tested, and get off the blacklist. They can then change their configuration back again, and continue spamming. Any automatic testing service should keep a record of the number of times that the mail server has failed the test.

Re:Spammers can try and get off blacklists too

[Skapare]

These operations also get listed in other ways, too. The identity of their network generaly gets discovered and places like spamhaus.org will list them.

Re:ObPeeve: SPAM(tm) vs uce spam

Cease and Desist Order
To: An Unknown Number of Anti-Spam Activists, regular Internet users, Tech Magazines Writers, and... stuff
(...)

I don't think so...

Just think.....

[marktwain]

There's no way of knowing that the blacklists help. They sure don't hurt anyone but this yoyo who brought problem on himself. Anything that eliminates one piece of spam out of the millions/billions sent daily is worth it. Why should the admins who pay attention to business tolerate fools lightly?

Blacklists

[webworkz]

It's very interesting that I stumbled upon this post, as this happened to our company today. We have a $50/month dedicated server client who ended up on a SPAM list, as an immediate result of an open relay. Now, we're spending loads of our time as a result, and only receiving $50/month in return.

Anywho, I think SPAM Blacklists are a good idea, in concept, but many blacklist owners/moderators need to step up and take action to keep good, clean hosts off of their lists. If they can make an exception for reformed hosts, how can a host that was never deformed in the first place end up a permanent part of their list(s)?

The dirty thing to do would be to threaten a lawsuit on the owners/mods sighting that they are publishing false information about your company. It seems a bit ridiculous that they can leave listings in their databases that misrepresent other company's standards, simply because an open SMTP relay was left active inside the host's network.

Not to mention, I'm sure most people, and just about all /.'ers don't appreciate spending their time and resources cleaning up a mess that should've never been created in the first place, especially one that is out of the host administrator's control.

Re:Blacklists

[Skapare]

It seems a bit ridiculous that they can leave listings in their databases that misrepresent other company's standards, simply because an open SMTP relay was left active inside the host's network.

It is not ridiculous at all. In fact this is exactly what they are supposed to do. If there is an open relay, and they say there is an open relay, they are telling the truth, and you have absolutely no cause to complain. Blacklists are not saying that such-and-such company has bad standards ... they saying that such-and-such IP address or network has an open relay (or whatever the case may be).

If your customer configured the server wrong, making it an open relay, then it is that customer you should be collecting recovery costs from. In the future, be sure terms that specify this is in your contact that you have each customer sign. Be sure the spam and open relay issues are discussed with them before the service is turned on.

And further, set up a testing facility which will probe all the IP addresses on your own network for open relays. Your own customers should not be relaying for any other of your customers, nor for your own machines, so you can do this entirely in-house. Leave the IP address of this testing machine out of the "local networks" list of your own mail servers and it can test them, too. Have it cycle through the network several times a day sending mail to an outside domain name which gets forwarded from there back to you. The contents of the message would be what the tester is testing, and with that and headers, you can see what server suddenly became an open relay before the spammers find it and cause you all this massive grief. And since it is your network, you have all the legal rights to probe it (but add this to your contact terms just to be on the safer side).

Now your next problem is those nasty form mail scripts that use a hidden field for where to send the mail. There is spamware available to use those to send spam. They simply fabricate the browser submission, with a false hidden address field containing the spam victim's address, and submit it to the web server. Such scripts should not be allowed on any web server in your network, with no exceptions made. Scanning around for them is harder due to the variety of potential pathnames they could be found it. The only form mail scripts that should be used are ones where the destination address is stored in the script itself, or in a database the script uses to lookup using the referer URL.

Re:Blacklists

[webworkz]

First of all, they're not blocking SPAM by shutting down open relays. SPAM'ers do not require a system of relays to get their mail where it's going. Newsletter software and a Yahoo! Mail account will do that for you.

They're screwing people over just because they may not have a vast knowledge of mailing systems/software.

Remember: It doesn't take a genius to build a web site and buy a dedicated server. Heck, simple mistakes could be made simply by an inability to situate to an unfamiliar OS and the applications therein.

Some of the SPAM Blacklists won't remove the submission from their list, and now our customer's mail is often rejected simply because of a few lists inability to keep their data current.

The inability of these moderators/administrators is directly effecting an outside company simply because they don't feel the need to keep their data from going stale. If you don't have the time to manage a SPAM Blacklist; don't start one.

And I wrote the form-2-mail script myself. It was designed for just what you've explained. The addresses are stored in an array within the script, and are limited/protected. If spam'ers attempt to send spam through the system they will either get rejected by the a) referrer b) array limitations c) mail server or d) domain restrictions. I didn't just go pick it up at the first CGI directory that I came across.

And by the way, this article is about spam blacklists, so let's try to keep the criticizm to ourselves, or at least save it for a topic titled "Form-2-Mail Scripts", shall we?

If your customer configured the server wrong, making it an open relay, then it is that customer you should be collecting recovery costs from. In the future, be sure terms that specify this is in your contact that you have each customer sign. Be sure the spam and open relay issues are discussed with them before the service is turned on.

I also believe that Slashdot is for the sharing of information and opinions. I never asked you to suggest changes in how we deal with our customers.

Fixing servers not always easy

[MrRagu]

Fixing an open relay may be simple if you are a single user with your own domain, but its an entire different problem when you run a large network. The university I go to and work for (in a computing helpdesk position) is in the process of switching to authenticated smtp and its caused an unbelievable amount of headaches for us. The main problem is that a number of popular email clients do not support authenticated smtp very well (mainly on Macintosh) and yet we have users with all sorts of programs who won't switch over easily. We announced our plans a full three months before the scheduled switch-over and since the original email the helpdesk has received call after call from users who are either scared and confused or who are irate that they now have to give up using Eudora for Mac and switch to Netscape 4.78. No we can't recommend Mozilla or Netscape 6.2 because they are still basically beta - and Outlook poses a whole other range of problems.

Basically we've put off fixing our server thus far because of the headaches it would cause. Now we've got a ton of angry customers and alot of confused ones all because we got on the orbs list. And yet we've never received a complaint from our users about email being blocked -- just a bunch of threats from the orbs people. So now we're doing our part to prevent spam -- even if our customers don't understand why -- and man does it ever seem worth our while.

Re:Fixing servers not always easy

[Skapare]

You didn't indicate if this is an on-campus or off-campus problem. Since most other schools have solved the problem, I'm assuming yours could, too, if you applied the correct solution.

First of all, mail coming in from off-campus is the issue with regard to open-relay. If you have students/staff spamming from on-campus, you do have better access to identifying who they are and dealing with it. But for off-campus, it's much harder, so it needs to be denied.

Many schools provide dialup services for staff and students off campus (some free, some for an added fee). This won't be a problem for the open relay issue as long as the dialup access itself is authenticated as usual.

Those off campus using a commercial ISP have a couple of choices. One is to just use the ISP's mail server for outbound, while picking up the mail at the school POP3 server for their dot.edu address. Most ISPs allow "From: anywhere" in the mail (means nothing, really). If a local ISP does not, you could ask them to allow the school's domain through (else you'd have to recommend to the school community not to use that ISP). And of course there is the POP-before-send approach which you can use to let the off-campus community send through the campus mail servers.

So basically, this is easier than you are making it out to be.

Re:Fixing servers not always easy

[NeurfBallz]

>Basically we've put off fixing our server thus far because of
>the headaches it would cause. .. ton of angry .. we got on orbs ..

If the problem is with on-campus machines, then perhaps they need some kind of funnel MSA server, unreachable from outside, which can channel mail from their insecurity-forcing mail clientware. There are always answers. Occasionally they're not obvious.

Basically what you're saying, viewed from the victim side, "Our needs don't fit any of the wizard buttons, so we just will leave the problem a problem. It's not OUR problem anyways. It is the problem with unreasonable black hole listing."

That doesn't wash. If you had a team mascot that was escaping and being a nuisance in town, whoever tends the mascot would have to find a new way of containing it between games. They couldn't just say "it's too hard" .. "turnkey answers would keep the mascot from getting to events". They'd have to find a workable solution, or eventually repercussions from the community would occur. Well, that's what's happening with your E-Mail, if you're deliberately NOT fixing the problem. You're getting those repercussions from the community.

SpamAssassin vs. spambouncer?

[severian]

Can anyone comment on how SpamAssassin compares to Spambouncer? It sounds approximately the same (i.e. filtering based on a weighted score including the blacklists and various phrases found in the message body).

I've been using spambouncer for a while and it works pretty well but I'd be interested to know if there are significant differences between the two.

Blocking not the solution

[hyrdra]

Well I recently got an entry-level position in a large corporate enviornment, doing IT related stuff. I was surpized at the sophistication of the mail system in place for both dealing with spam and making sure company contact addresses (since there are thousands of new e-mail contacts established daily) are not blocked along with the adds for penis enlargement.

Our policy is to filter mail based upon client (e.g. employee) preference. If our client requests so, they can ellect to receive all mail, including any SPAM. If they want to, they can get SPAM from known spammers delivered to a specific folder, which is created when they download their folders in Outlook. They can block all mail except for known addresses. Domains they have ever sent mail to get put in the accept table automatically, with exception to a few (most notably hotmail and the like).

Another method we use is filtering bulk mailings. If a sever from X IP is connecting up everyday and spending several hours delivering mail to every address, you can bet that's spam and is thus filtered or at least flagged for human investigation. There are only a few major domains that deliver to a large percentage of our user base, such as humor mailing lists. And because spammers frequently change IPs, any IP delivering to over 20% of the population, which would easily be over 1,000 addresses, is flagged for review.

We have also found that often times spammers are setting up fake networks in areas of IPv4 that aren't even allocated to any network. We have even seen IP's connecting up which are supposed to be in the ameture radio range. This is either done via false route information to a helpless upstream ISP or spoofing in some way. This is increasingly common, and we have found doing a reverse-lookup on the IP address and reported hostname in ARIN works very well in stopping this. If it doesn't match, the mail is sent to the spam folder. This also works for people running dynamic DNS services on their DSL or cable connections, BUT with a registered domain name. So when you do a lookup on their domain, you get their IP address and can't tell it's on a cable or DSL network, unless you do a reverse lookup and compare the results. A true business doing a lot of e-mails will have an entry in ARIN. However, we use this with caution because it tends to flag e-mail from virtural web hosts or sites who aren't big enough to have their own netblock.

I think the solution to spam is to use the black-lists, but only within reason. I agree with many here and I also think the purpose of the lists should be to eliminate spam via open relays, and this should be done via closing those relays, not
'blacking' them out. Most are simple Netscape server-folk who have all kinds of other services open as well, including proxy, web cache, etc. and they need the blacklists to work with them to eliminate these problems.

I find the methods I've described an acceptable compromise. Although it doesn't solve the problem of wasting bandwidth, the risk is too great a valid corporate contact could be filtered due to various reasons, and the business would be lost. In a real corporate environment (read: not your home network of 5 linux boxen), you can't afford to block a complete, half, or even 1/4 of a subnet due to one abuse. There could be a client only one IP away who doesn't get through and decides to go somewhere else...

Anyway, just my 2 cents and 5 weeks experience...

Re:No. Deal with it.

In short, I agree with the post that called for an RFC. If there were some sort of standard for relay blacklists, it would be a damn sight easier getting off the lists once you've resolved the problem.

It would be a damn, damn sight easier if you read the RFC(s) advising against allowing open relays and stayed the hell out of trouble in the first place. Businesses who think thay can flop their lazy asses on the internet and suck up bux without understanding the environment should re-read the chapters in their MBA manuals about due diligence.

Ye Olde DJB pointer

[RedHat+Rocky]

A lot of this would be moot with a restructuring of email in general.

Food for thought from the man behind qmail: IM2000

Re:Ye Olde DJB pointer

[winnetou]

Errm, that is exactly how a lot of spammers operate today: they send a small message "Please visit my website at ....".

problem is...

when the hosts that the blacklisters use are a couple hops from a mail server
if one person spams and gets the server blacklisted...not a single user will be able to send email out or recieve it. It's happened before, and no the blacklister would not remove the server from the blacklist. Eventually the mail server was forced to be taken down and users were forced to use different mail servers because there was no way to use that server with a blacklister so close on the hops. The idea is good, but the implementation is too broad. Banning an entire domain causes way too many painful routing issues sometimes.

No, Spam is the problem! (Re:SPEWS is the problem)

Here is the real bad thing about this. Spews blackholed a /18 when in fact this ISP only had a /19. I contacted a maintainer of one of the RBL's that utilizes SPEWS and gave him a heads up that not only is this listing in error but Spews has blocked an additional 32 class C's that belong to another ISP.

WARNING - BS METER: 75%

As a usenet spam newsgroup reader and a Spam-l list memeber, I think their listing of a /18 or /19 that contained thousands of legit, not spamming users would have been and still would be big news. I haven't seen anything.

I informed him of a possible liability for such a mistake. He did not want to hear it and pointed me back to the news groups.

WARNING - BS METER: 85%

Why yes, he probably decided that taking legal advice from you about "liability" and who's email packets he was required to carry was total foolishness.

Seems that he was nice enough to contact the guys at spews as the /18 changed to a /19 but my client remains blacklisted to this day.

WARNING - BS METER: 95%

Everyone knows there is no way to contact spews. Known for months in the newsgroups, posted on their site.

In reallity it has not been a huge problem for them as I think even the hard core anti-spam advocates have distanced themselves from spews.

WARNING - BS METER: 100% }}} TROLL ALERT!!!!!!!!!

Hah, hello troll. The hard core anti-spam advocates who make up Spam-l, the "news.admin.net-abuse.email" newsgroup, etc., have come to love spews and the effectivness of these lists in general.

Methinks this troll could also be a spammer.

Re:ObPeeve: SPAM(tm) vs uce spam

Thanks for that offtopic, flamebait, troll, redundant, insightful, interesting, and informative post. Too bad it wasn't funny as well.

Open Relays & Blacklisting

There is no excuse for 'accidently' setting up an open relaying mail server in on a corporate network. Dumb moves result in bad things comming your way usually. You should make sure that you know what you are doing before you do it.

Re:Open Relays & Blacklisting

[Skapare]

This is (by being dumb and setting up an open relay at first) how you get on 3000 (estimated) private blacklists. You get off mine by asking me to take you off (I do the first 2 times). Part of the problem is that many businesses just have their MCSE kid set it up.

Just being on the same IP range is bad enough

[John+Percival]

Our host, Verio has several large blocks of IP addresses, and they allocate a few within that range to each customer. Say we are on 111.222.111.222 and a spammer decides to start sending spam from 111.222.111.1 , then in several cases I have seen the whole IP block 111.222.111.* being added to a blocking list. This practice is ridiculous. We get no notification, and because we send out a lot of automated emails (receipts, password requests), we never get to see the bounce until we investigate manually.

We have never been an open relay, never will be and yet we still get listed, and on lists that it is practically impossible to get off. This has provided us with several very annoyed customers, telling us that they have purchased, but that they have not received notification or login details.

</rant>

So I don't like spam blacklists :)

John

Re:Just being on the same IP range is bad enough

[zenasprime]

apparently the anti-spam fundamentalists don't see this as their problem. Eventually the problem will be solve because there will more ip on these lists then off. I hate spam but I am begining to believe these crusaders are just as bad.

Ever try to get help setting up a complient server? Try sifting through countless messages condeming any and everybody that doesnt fall into their radical camps.

Where are the moderates? http://www.dotcomeon.com/eff_011016.html

zenas

Re:Just being on the same IP range is bad enough

> apparently the anti-spam fundamentalists don't see this as their problem.

With "this" being the escalation of blocking a /24 instead of a single IP. If an ISP habitual moves spammers around their netblocks then they are apparantly not that interested in spam removal, but more interested in spam revenue. So instead of playing whack-a-mole and having to deal with yet another IP, you deal with the ISP and force them to deal with it.

Re:Just being on the same IP range is bad enough

[zenasprime]

Who gave the blacklisters the athority to make these decisions? Who is watching these anti-spamers to make sure that they just don't blacklist an IP just because they don't agree with someones viewpoint or perhaps they are pissed off at someone. It seems to me that any IP can be added to the list without any due process because a few people think it's OK to for them to be judge, jury and executioner.

Attitudes like the one above only provide evidence that those who support the anti-spam movement lack the responsibility to "regulate" internet email.

zenas

Re:Just being on the same IP range is bad enough

Freedom of speech. A blacklist maintainer has the right to say "I think you're a spammer", and any sysadmin has the right to reject your mail because of that declaration (or for any other reason, or no reason at all).

"Due process" is for state-sanctioned restitution or punishment for a crime, while nobody needs permission or "authority" to refuse to accept mail from you.

An unfounded accusation of spamming would destroy a blacklist's credibility and might even be libel.

Re:Just being on the same IP range is bad enough

[zenasprime]

Your an idiot. Grow up and get a clue. The maintainers of these blacklist do not just exclude spammers/open relays from their own servers, instead they are providing a "service" to other admistrators. They have a responsibility to maintain the integrety of their lists, even if they provide this service is given at no cost.

I can't wait until there will be nobody left that is capable of sending email because idiots like you are running things. lol, what a joke you freaks are.

Zenas

Re:Just being on the same IP range is bad enough

[winnetou]

I can't wait until there will be nobody left that is capable of sending email because idiots like you are running things.

That won't happen, xbl.selwerd.cx is far more extreme that the major blocklists, but it blocks less than 30% of all email
(a comparison).

I'm going to go along with the eff on this one...

[zenasprime]

"Any measure for stopping spam must ensure that all non-spam messages reach their intended recipients. " (http://www.dotcomeon.com/eff_011016.html).

Blacklists seem like a good idea on the surface but any system that prevents me from receiving or sending legitimate email becomes just as much a nusiance as the spam itself. Balance is the key.

Can someone tell me what resources are available for those that do want to set up compliant servers BEFORE they get blacklisted. A simple search for "open relay blacklist" did not come up with anything useful, only more retoric from anti-spam fundamentalists.

thanks,

zenas

Re:No. Deal with it.

[Skapare]

Part of the problem is that there are still new servers coming online all the time. And many of these servers are open relay right from the start. The reason I support being very harsh on sysadmins that did let a server do spam relaying is that I believe this problem won't get solved until it get so harsh that it becomes common public knowledge that you better do the job right from the very first day you get online, or you'll have trouble for a long time. Right now, new sysadmins are putting up open relays before they ever have any idea. That needs to change. Somehow they need to be educated about this before they ever have the root/Administrator password.

Bad analogy.

[achurch]

[Running an open relay is] like being ticketed for driving your car down the wrong side of the road at 90 miles per hour and then being pissed off that the cop did not provide you with free driving lessons and give you 10-15 days to stop driving like that.

Nice analogy, except that it doesn't work. If you're driving at 90 miles an hour on the wrong side of the road, then (1) your speedometer will tell you that you're driving at 90 miles an hour and (2) looking ahead will show you which side of the street you're on, which you can tell is the wrong side because of what you had to know to pass the test to get your driver's license.

With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay (and given how such tools work, they'll probably be banned as "hacker tools" at the rate things are going these days). In fact, I found out recently that I'd been placed on a blacklist for having an open relay, which took me by surprise because I'd been careful to avoid having anything like that happen; it turned out that I had missed one of the potential avenues of abuse (specifically, using error bounces to spam people).

So until running a (secure!) mail server becomes as simple as driving a car and people need licenses to run servers, your analogy is inappropriate.

Re:Bad analogy.

[fmaxwell]

With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay

There are numerous such tools. When I brought my mail server up, I submitted it to several of the Open Relay Databases for testing -- because that was the responsible thing to do. Anyone else bringing up a mail server should do the same thing and the open relay problem would go away.

So until running a (secure!) mail server becomes as simple as driving a car and people need licenses to run servers, your analogy is inappropriate.

The analogy works beautifully (see "+5 Insightful"). Maybe it takes a bit more knowledge and skill to operate a mail server than it does to drive a car, but that does not mean that the world owes you a break. It's harder to perform brain surgery than it is to drive a car, but that does not mean the brain surgeons are excused for their every mistake.

Re:Bad analogy.

[call+-151]

With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay

There are actually many tools for testing for an open relay. Try:

• abuse.net 's web form
  
• mail-abuse.org has a description of a number of tools (the tried and true telnet relay-test.mail-abuse.org and a good FAQ
  
• linux-sec.net
  has a list and lots of info
  

Re:Bad analogy.

[NeurfBallz]

You wrote:

If you're driving at 90 miles an hour on the wrong side of the road, then (1) your speedometer will tell you that you're driving at 90 miles an hour...

Unless your car happens to NOT have a working speedometer. That doesn't break the analogy. That re-enforces it.

The embittered Fighters of Evil...

[WeighingForGodot]

They're in the battle day after day-warriors against the ever encroaching frost giants of spam, seeing the lies, scams, floods, threatenings of lawsuits, DOS, obscenity filled email boxen, chickenboners getting support from the DMA suits...

It is their volunteer job, and if they failed for a moment the rest of the web would get as tainted as usenet was during the peak pink floods-unusenetable.

These are warriors, these are cops and investigators, and they fight for good. But all cops are told to never make mistakes, and if 99 of 100 times you are right, it becomes quite hard to admit that 1 time you were wrong. You've got an expert system supplying your gut reaction- if you're getting a bad feeling about a person, he must have done something wrong, and the very fact he is arguing, rather than immediately accepting your expertise, well, that's exactly what all spammers do- argue. That innocent people also argue is only of interest theoretically- if we've caught them, they are spammers.

I have seen the dangers with police and FBI investigations, where when an acually innocent person is released from jail, based on strong evidence, the procecuters cannot say "we were wrong." Because we as a society don't give them enough room to do so. The procecutor only says "well, procedurally we no longer have enough to hold him..."

In some antispam groups, there also is little room to be wrong. The people who disagree with the current anti spam methods, who worry about collateral damage to 'innocents' or 'ammendments', are nothing but appologists for the spammers themselves, even if they hate spam. The cause is so just there cannot be innocents and collateral damage is irrelevant.

Blacklist Blacklist

[Mike+McTernan]

What we need now is a black list of bad blacklists so that people picking a technology hopefully chose to go with one of the better projects...

And if that doesn't work, we simply have a black list of blacklist blacklists, and so on!

Re:Shout out for ... spamcop.net

[Skapare]

What good is it to depend on reports of spam stopping after the spamming server gets listed as a basis for delisting it?

1. Spam comes from some server.
2. Spam gets reported to SpamCop.Net.
3. Server gets blacklisted.
4. Spam can't be delivered anymore.
5. Reports cease coming in.
6. Server gets delisted automatically because of no reports.
7. Spam comes from some server.
8. Spam gets reported to SpamCop.Net.
9. Server gets blacklisted.
10. Spam can't be delivered anymore.
11. Reports cease coming in.
12. Server gets delisted automatically because of no reports.
13. Spam comes from some server.
14. Spam gets reported to SpamCop.Net.
15. Server gets blacklisted.
16. Spam can't be delivered anymore.
17. Reports cease coming in.
18. Server gets delisted automatically because of no reports.
19. Spam comes from some server.
20. Spam gets reported to SpamCop.Net.
21. Server gets blacklisted.
22. Spam can't be delivered anymore.
23. Reports cease coming in.
24. Server gets delisted automatically because of no reports.
25. ...

Hows this for a solution?

If the blacklists were maintained, how about a period of probabtion for previously 'open-relay' servers? If its not maintained and monitored during this time, they go back on the blacklist for an undetermined about of time? Sounds fair to me.

ASIP

[Huge+Pi+Removal]

There's a thread over at www.macintouch.com that talks about a problem I used to have with Apple's "AppleShare IP" server software.

Sure, you can configure it not to be an open relay, but it only checks the "From:" line in your hostname. So any spammer can just say "yes, I'm johndoe@mydomain.com" and get a relay going. No way round it.
I soon switched to using sendmail on FreeBSD...

Re:ObPeeve: SPAM(tm) vs uce spam

Sorry but, copyright does not apply when you are discussing personal experience.

What's a "low volume"?

Typical spammer - I only sent out a "low volume" of messages and now I'm being unfairly punished WWWWWWAAAAAAAAAHHHHH!

Well, too bad for you. *ONE* piece of spam is too much, and you have only yourself or your predecessors to blame.

If you're truly not an open relay anymore, and have taken appropriate steps to close the hole, then why not consider getting someone like TrustE or an auditor like Price Waterhouse in there to audit the email box. Then find out who's blocking you and send them a letter stating that things have been cleaned up, and include the statement from the auditor. Make sure everything is on company letterhead. Give the list maintainer that you're sending the letter to an 800# to call you back with. Enclose a SASE for them to use to send you a letter. Send a tub of popcorn with the letter (go to the Popcorn Factory www.popcornfactory.com I think)

In essence - MAKE IT FREE AND EASY FOR THEM TO DEAL WITH YOU. Put your hat in your hand and APOLOGIZE profusely. You'll be surprised at the results.

We Geeks are a forgiving lot, but piss us off and you're done...

Blacklists are a bane on ISPs

[JonathanF]

While the principle of a spam blacklist seems sound, from my own experience the hardest blows have been to the average user (and the ISP tech support that has to deal with them when they complain).

Working that tech support, I've had to deal with a few people who complained that they couldn't use a mail forwarding service, or otherwise couldn't get mail going, simply because the mail server had been put on some arbitrary blacklist with no regard for legitimate users (and given the ISP, this isn't exactly small). And yet the spam still manages to get through, somehow!

Admittedly, it isn't an overwhelming problem, but that only perpetuates it for the people who do experience it: a few reports (at best) per month, out of thousands of more pressing mail issues, are not likely to have ISPs changing their mail systems. It doesn't help that many of the people who do worry are using a 3rd-party mail service (which the ISP can't support), and that this can cause headaches for the people who want to use their ISP's mail from work (but can't get the SMTP server address for the office).

Given that the deluge of spam hasn't really been stopped, I suspect that blacklists are like plugging dam leaks with your fingers... it won't help much, and will probably cause you and others more trouble than it's worth.

blacklist em!

[xsteinberger]

easy...

how bout a few blacklists of bad spam blacklists?

and a few blacklists of bad blacklists of bad spam bla...

erm, nevermind, scratch that.

LEAVE RACKSPACE!

As far as I can tell, Rackspace are a pro-spam organization. There is so many spam leeches hosted at Rackspace that they must know what kind of scum they are selling to.

Is there any other way....

[pdcull]

For months now I have been receiving an unsolicited (ie SPAM) "Children Labour News Service" email. The message contains no unsubscribe information, and the return address (childlabournews@vsnl.net) always gives a message saying that the mailbox is full.

I've tried for months sending polite messages to any possible addresses on this host, and even the listed address in the whois database, always to no avail.

Short of a pre-emptive nuclear strike, I can only see some form of blacklist as the only possible solutions to stop these messages coming to me!

Does anyone else have a better idea?

Re:ObPeeve: SPAM(tm) vs uce spam

[Nodatadj]

No they couldn't have.
If /. were calling some other reconstituted meat product SPAM then yes, a cease and desist letter could have been sent. However trademarks are context specific. Hormel have a trademark on meat called SPAM. This means I can call other things spam if I want to, so long as it's not meat. Apple computers can't sue Apples the greengrocer in the high street, as the context is different.

Morons are known to hire idiots in IT

[Skapare]

An open relay is not necessary in order to make email function at the outlying offices. You don't even need a VPN. The mail server can be configured with the static IP addresses of each of the offices as valid "local" addresses. Of course a VPN is much better as that also improves your security.

As confirmed by another of your postings, your company management are morons who have apparently hired idiots for the IT department. Obviously you recognize it, and can leave if you feel that is necessary, or can stay as long as you can deal with it, and are not blamed for it. Should they ever offer to promote you into IT, be sure you insist that you be given the authority to fix the problems with no further permission from management to go ahead.

Re:Morons are known to hire idiots in IT

[not_anne]

The static IP idea is exactly what I had suggested to IT management. Unfortunately, the idea was nixed as being "too difficult to implement."

This is where I threw up my hands, hung up the phone, and picked up my book.

not_anne

Re:ObPeeve: SPAM(tm) vs uce spam

[CaptainZapp]

Hormel owns the trademark on the meat product, SPAM.

What? You're telling me this stuff actually contains meat???

MAPS, a bad? example

[JuanjoAI]

Recently, these facts demonstrated us massive blacklists may be innacurate or under abuse. During a few weeks, a lot of Spanish free software projects, such as GNOME-DB, were blacklisted in MAPS because "they are dial-ups connections". Altough we told to MAPS administrators that we have fixed IPs in DSL connections, it was neccesary a message from Telefonica, the main spanish telephony and Internet provider.

I had an interesting discussion with Sourceforge administrators about the accuracy of MAPS lists (SF is using MAPS lists so we had blocked all emails with SF users during a few weeks).

Now, I recommend not supporting MAPS lists. I think they are abusing on them.

Actually, I sign all outgoing messages with this:

Note.- This message may or may not arrive to you. This is because a lot of non-spammer's Static IP addresses are being listed in MAPS antispam blacklists. So, please, do not use MAPS blacklists or a lot of mail for you would be lost.

Good!

[jungd]

All I can say is, I'm glad you're listed. Even if you've never been a relay, the potential is there for it to happen one day. I'm sure a few SPAMs could get through before you noticed and closed the hole. Perhaps that is the case with most SPAM?

I don't think you should be removed. If more admins knew this was the case, perhaps less would risk leaving an open mail relay in the first place. Any negative impact on the amount of SPAM moving around is good in my opinion.

They seem to work fairly well

[glsunder]

Our company uses a host which uses an ordb, and we've had some people not be able to email us. It takes a few days to a week for them to get off of the list. But, I don't think I've ever seen any spam on someones account, so I say it's worth it.

I agree that it's too difficult to get un-listed. The sites should attempt to email someone useful if a server gets listed. And, there should be a single address that admins can email which will request a retest by all of the ordb servers. But, the ordbs are in no way responsible for providing tech support on fixing the problem.

Same Here...

[FireStorm69]

Same problem as you, we were an open relay (my bad) but we have since closed the holes many months ago, but are still blacklisted on many servers.. I understand, and I write them and get removed from their list, but there is another problem I have seen arise from the use of blacklists..

That is that our server is being blacklisted by some servers because OTHER **UNAFFILIATED** servers in the same CO-LO facility are spammers.. We have absolutely no affiliation with these businesses, yet we are still being blacklisted because we are on the same network..

Good example of blacklists getting carried away and the potential problems than can arise.. This has hindered us because we host web sites and many customers are complaining because some of their emails are being bounced.. this does not reflect well on us, they don't care if it's our fault or not, just that they can't do what they were told they could do..

Has this happened to anyone else?

-FireStorm69-

Re:Same Here...

Generally that means the ISP you're all using continues doing business with spammers and gives them different addresses to work around blacklists. Writing off your whole ISP is the only way to block their spam, until you and the other legitimate customers either leave or persuade the ISP to behave ethically.

Re:Same Here...

[DavidTC]

Let me guess, you're using those scum at RackSpace?

They are listed because they are known spam supporters, and thus everyone who uses them is a spam supporter.

It sure did for us

[macdaddy]

I consult with a small ISP in Kansas. We started using MAPS' DUL and RSS quite a while back (zone transfers). Then I added the ORSS (zone transfers) which also gave me SPEWS, Spamhaus Block List (SBL), and SpamSites.org. When MAPS went commercial, we bought zone transfer rights to the RSS and DUL. About that same time I also added RSL, Summit Blocking List (SBL), and FlowGoAway who doesn't have a website. On top of all that I also reject mail from domains that don't resolve and I maintain an extensive Sendmail access list full of Alan Ralsky's domains, spam supporting providers like Broadwing, spamware vendors, and domains and IPs of every spamming outfit I come across. In total I'm up to 4682 entries. Oh, and I also filter message bodies on certain content that identify unique pieces of spam like all those "Enter your email address on this website to be unsubsribed" things. Works great. This time last year I was filtering maybe 10,000 pieces of spam per week. I'm over 100,000 pieces of spam per week now. Considering we only have 2500 users, that's a lot of filtered spam. Roughly 40 per person per week.

What all of this rambling means is that you can filter out a great deal of spam with the right DNS blacklists. I only use DNSbl's that allow zone transfers because I don't want network latency to slow down mail delivery. It really is a worthwhile thing to do.

Finally the best thing that you can do for your users is educate them. Give them very clear examples of how doing simple things like giving your personal email to a credit card company, entering it in a guestbook, using it in USENET, using it on any public discussion board, and many more can increase their spam intake many fold. Explain that to them. Show them the proof. It's not hard to generate spam. Hell create a dummy account and make a few posts in the newsgroups. Never give the address to anyone else and don't use it yourself. Give it a week. Then show the results to your users as proof of USENET address harvesting.

Finally, don't be part of the problem (this is to the parent of the article). Be proactive in fighting spam. Sitting back and bitching about it doesn't help anyone. If you put up a server that's an open relay then you fucked up. It's your responsibility as an administrator to make sure you do your job right. Putting up and open relay isn't doing your job right (are you listening all of you damned Exchange admins?! 90% of the open relays I find and report are running Exchange!!!). When you get spam, report it (called LARTing). Drop a copy to uce@ftc.gov. Reporting stock spam to the SEC. Report bogus drug scams (loose 100lbs tonight while you sleep!) to the FDA. Report Nigerian Monet scams to the Secret Service. Report the spamertised sites to their providers and ask that they investigate (don't accuse in case it's a Joe Job). Parse through the headers and learn to identify relayed spam, BS headers, and other tricks of the trade. Submit open relays for listing in all the open relay blacklists. Report it to the owner of the IP as well. DO YOU PART! If you're not going to do you part to fight spam or ensure that you're servers are properly configured, THEN GET YOU SERVERS AND YOUR ASS OFF THE 'NET BECAUSE YOU DON"T BELONG IN THIS COMMUNITY!! Don't be part of the problem.

(ot)No mystery. SPAM� luncheon meat is ham.

[yerricde]

Meat product? I thought we were talking about SPAM?

SPAM® luncheon meat is a meat product. From SPAM Facts:

• Chopped pork shoulder meat with ham meat added
• Salt (for binding, flavour, and firmness)
• Water (to help in mixing)
• Sugar (for flavour)
• Sodium Nitrite (for colour and as a preservative)

"Pork shoulder meat" has the same characteristics as ham meat.

Yes, it does contain meat.

[yerricde]

What? You're telling me this stuff [SPAM luncheon meat] actually contains meat???

Yes. For details, see my other comment.

Chad: any other networks I should block?

Hi Chad!
Here is what I have so far:
63.165.130.0/24
63.165.176.0/24
208.192.202.0/24
63.67.24.0/24

Did I miss any? I want to make sure I've blocked SMTP for all of them. If you'd like to keep being a cunt I'll be happy to just blackhole everything.

Oh, and don't bother calling or writing from yahoo or hotmail after your users complain. The group that handles 1st level support won't know what you're talking about, and if they escalate the issue I'll ignore it.

Your's Truly,
Cock

Re:Chad: any other networks I should block?

[FaxiS]

Hey, at least I've got the GUTS to put my real name on the Internet. You, as well as all of your stupid anti-spam friends, are so SCARED, you are such weenies, that you can't even post your email address. You are AFRAID of EMAIL! Do you know how STUPID that is?! If I EVER meet you, by god I'm going to lay your ass out on the god damn pavement. I'm sick and GOD DAMN tired of your whiny, ass-biter attitudes. I used to think techies were cool people. Apparently I'm wrong. None of you have a SINGLE SHRED of common sense. You all hide behind your terminals and anonymity like the ANONYMOUS COWARDS you are.

Your Friend,

Chad

Re:Chad: any other networks I should block?

Are you making your threat of physical violence in an official capacity as an employee of whitelion.net?
I'm sure your boss is proud to have such a big man protecting his company's honor on Slashdot and Usenet.

Re:Chad: any other networks I should block?

[FaxiS]

Did you not read the post? WhiteLion.Net is dead and gone, along with 4 of the hardest working years of my life. So fudge on you all.

Re:Chad: any other networks I should block?

Hey, I work for this company, lets call them MS. We send out a lot of spam and operate dozens if not hundreds of open relays. How do we make sure we don't get on these lists?

Actually, we own and operate several hundred other companies that do the exact same thing. I would sure hate for them to get on those lists. Oh and we have some friends that operate open relays and I am sure some of their friends are spamers. My grandmother once operated an open relay, but that was back in 82, I want to make sure she doens't get on the list.

Prick!

Re:Chad: any other networks I should block?

[DavidTC]

Hey, Chad, it's David. Yes, that David, from high school. Lookie, I'm not hiding behind anything, you know me personally.

And, unlike you, I don't like spam, and I consider it theft. Yes, that's right, not an inconvience, but theft, pure and simple. And I think putting White Lion in SPEWS was the right idea considering this. I can understand how WL would want money from spammers, but that means I don't want mail from them, and a lot of people agree with me.

And I don't want email from them even after they decide that spammers cost to much, who knows when they'll start questioning if hosting spammer's web pages costs too much, or hosting a list that claims to be opt-in but they know isn't, etc.

At the best, they'll be unresponsive because the longer they keep the spammer, the more money they get. You see the problem as being added to the lists, but the problem is that you have no respect for private property and the AUP you signed with uunet. The list is a symptom of the problem, not the problem.

I would tell you to email me, but, gosh-darn-it, I doubt it would get through.

Re:Chad: any other networks I should block?

[winnetou]

Did you not read the post? WhiteLion.Net is dead and gone,

Hmm, mail.whitelion.net happily banners with

Connected to mail.whitelion.net.

Re:Chad: any other networks I should block?

I noticed the banner is off but nmap still shows

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on mail.whitelion.net (208.192.202.28):
(The 1538 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
110/tcp open pop-3
113/tcp open auth

Re:Shout out for ... spamcop.net

[MoNickels]

I agree with the praise for Spamcop. We implemented a DNS check against bl.spamcop.net a couple of weeks ago. Since then, from four different spot checks of the server logs, these are the stats:

Totals:
Total time Covered: 52 hours 52 minutes
842 emails rejected as spam
1691 emails received
422 emails sent

This is in a small office with about 50 users.

There is only one thing a blocklist can do wrong

and that's to not follow it's stated policy.

If the blocklist that's listed you has a policy of delisting within a certain period and hasn't, then tell us which blocklist and which IP and let us verify this. I, for one, will never use that list.

If it isn't breaking any stated policy, then there's no problem with the blocklist. You can try and persuade whoever is bouncing your emails that they should stop using it but, when it comes down to it, that's their decision to make.

To me the whole system of blocklists seems to be completely self-regulating. If a blocklist has harsh policies, only a few servers will use it. If it has too lax policies it won't be effective. Somewhere in between are the useful ones.

No, it's vigilanteism without responsibility

[Anonymous+Brave+Guy]

ORBS does not decide what is "permitted" nor do any of these other databases. They have a set of criteria for deciding whether and when your mail server ends up in their database.

Which they have all violated on numerous occasions, to the detriment of the innocent bystanders caught up in their incompetence.

I'm sick of the attitude that ORBS owes you something when your mail server is an open relay.

And what if it isn't? There have been numerous cases where the various blacklists have included servers

• completely in error
• because they shared the first n sections of their IP address with another box that was open
• long after they've fixed whatever problem there was.

I don't like open relays and spam magnets any more than you do, but I know how easy they are to overlook, and it will happen, even to generally competent people. It is in everyone's best interests to have a quiet word with the sysadmin at an open site first, because 90% of the time, that will solve the problem.

On the other hand, what we now have is a vigilante culture where totally unaccountable people can wipe out your company (quite literally, if you depend heavily on e-mail) on a whim, and there isn't jack you can do about it. As far as I'm concerned, if these people are blocking you inappropriately, they should be liable in the same way as anyone else who damaged your business by making a false claim, and you should be able to sue them to the other side of the galaxy.

It's like being ticketed for driving your car down the wrong side of the road at 90 miles per hour and then being pissed off that the cop did not provide you with free driving lessons and give you 10-15 days to stop driving like that.

No, it's not even slightly like that. Having an open relay is inconvenient but not immediately dangerous. Having an open relay is not illegal. You are not required to pass a test before running a mail server. The internet is not governed by generally well-reasoned laws. A generally competent driver will not accidentally find themselves driving at 90mph on the wrong side of the road because they just bought a new car. All in all, the two cases aren't even remotely the same.

I think that ORBS should charge a processing fee for "expedited removal" from their database and, otherwise, just remove systems once a week.

Do you also think that the media should be able to run business-destroying stories based on complete misinformation, and then charge extra to print an apology in the next edition (even though most of the damage is already done and they don't have to pay anything for doing it)?

Re:No, it's vigilanteism without responsibility

[fmaxwell]

I don't like open relays and spam magnets any more than you do, but I know how easy they are to overlook, and it will happen, even to generally competent people.

When I set up my mail server, I immediately submitted it to two different blacklists for testing as well as testing it from a dial-up account on another provider. Open relays are only "easy to overlook" if you are negligent when you set up mail servers.

No, it's not even slightly like that. Having an open relay is inconvenient but not immediately dangerous.

Yes it is. There is a danger that I, and millions of other users will be spammed.

Having an open relay is not illegal.

And ORDB can't give you a criminal record for it.

You are not required to pass a test before running a mail server.

So what? Do police let you go because you passed your driving test?

The internet is not governed by generally well-reasoned laws.

Which is why organizations like ORDB have sprung up to protect people.

A generally competent driver will not accidentally find themselves driving at 90mph on the wrong side of the road because they just bought a new car.

Neither will a marginally competent mail server admin find themselves with an open relay.

All in all, the two cases aren't even remotely the same.

They are analogous, meaning that they share characteristics that make it valid to compare them. The ORDB and the police both serve an enforcement role. Driving recklessly is analogous to operating a mail server recklessly (even if the ultimate risks are different). Expecting the police to give you 10-15 days to cease driving recklessly is analogous to expecting ORDB to give you 10-15 days to stop running an open relay. Expecting the police to give you free driving lessons is analogous to expecting ORDB to give you free consulting on how to run your mail server.

It works great as a analogy.

On the other hand, what we now have is a vigilante culture where totally unaccountable people can wipe out your company (quite literally, if you depend heavily on e-mail) on a whim, and there isn't jack you can do about it. As far as I'm concerned, if these people are blocking you inappropriately, they should be liable in the same way as anyone else who damaged your business by making a false claim, and you should be able to sue them to the other side of the galaxy.

You can. They are completely liable if their negligence injures your business or reputation. So quit pretending otherwise.

Re:No, it's vigilanteism without responsibility

[topham]

I've had the pleasure of sitting across the table from someone who was descriing his 'job' for one of the anti-spam groups. According to him, my home machine could end up on their list because it was an un-authorized mail server. Regardless of the fact NO-ONE except me could ever send mail from it.

He also acknowledged they would put a server on the list if it sent mail out but could not be tested. If a firewall prevented their accessing the box they would ASSUME it was hostile and put it on the list.

These are not the actions of a group of people wanting to prevent spam, these are the actions of a group of people attempting to wield control over the Internet.

They are all simply a bunch of bastards that have no regard for anyone other than themselves.

If they knew what the fuck they were doing they would automate the removale process (at a minimum) and deal seperately with those few organizations which would choose to abuse it. Instead they decided they are the arbiters of justice.

Re:No, it's vigilanteism without responsibility

[DavidTC]

As this is all simply poorly remembered crap on your part with no evidence to back it up, I don't know how to respond to it, but let me try:

According to him, my home machine could end up on their list because it was an un-authorized mail server. Regardless of the fact NO-ONE except me could ever send mail from it.

Yes, it's called a DUL, there are a few of them. Some people choose not to accept mail from dialup users who don't use their provider's SMTP server, so blacklist people sending mail from their dialup addresses straight to their servers. Providers usually want their IP ranges listed in these, as they do not want people sending spam using an SMTP server on their own machine (But they don't want to firewall outbound SMTP because some people have other mail accounts.), and it has nothing to do with whether or not you're actually running an SMTP server. It's simply s an cable modem user can't decide to send out 2m/s worth of spam directly to various email accounts.

As a side note, if you have a static IP, and are actually running a server, you can contact these lists and get your IP whitelisted off of them. Of course, that means anyone who gets spam from you can look up who you are.

He also acknowledged they would put a server on the list if it sent mail out but could not be tested. If a firewall prevented their accessing the box they would ASSUME it was hostile and put it on the list.

Some morons have decided the way to 'fix' open relays is to simply block the tests. If relay testers cannot connect to an SMTP server you're running from their network, but can from other networks, they will assume you firewalled them to keep from having to fix the problem, and will list you anyway. Obviously, if you firewall off everything but your internal network, they wouldn't even know you were a mail server, so wouldn't list you as an open relay anyway. It's when you keep an open relay for 'convenience' but try to cleverly firewall off the testers that you'll get busted.

As an aside, why should they be in a hurry to remove you from their lists? It's called a deterrent, and it will certainly keep you from setting up another open relay ever again if you can't send email to a major provider for a week. They don't have any obligation to allow you to send them email if you've proven to be an incompetent mail administrator.

Re:No, it's vigilanteism without responsibility

[topham]

1) I used my own SMTP server as, at the time, my ISP was damn near useless as a mail server. By the way, at the time, no ISPs were submitting their cable modem/ dialup pools to the lists.

2) They didn't 'bother' to verify it was just them that was firewalled. They ASSUMED it was just them and acted accordingly. (They would get the address of such servers by comparing mail from users to their 'correct' mail servers. downright obsesive if you ask me.).
3) Most of the fools who add these blacklists to their mail servers do not do so with management approval; customer service for such providers tend to say ' were sorry, but internet email is unreliable, it isn't a problem on our end because we still get mail'... sure, but not from everybody.
4) It isn't a deterent, its a fucking pain in the ass. They have, and continue to add people, and networks that should not be blacklisted. It happens. And they are NEVER quick to remove it when they screw up.

Had the blacklist services been implemented in a more friendly manner they wouldn't bother me; instead they are implemented as a 'all your mail are belong to us' crap.

Re:No, it's vigilanteism without responsibility

[Anonymous+Brave+Guy]

When I set up my mail server, I immediately submitted it to two different blacklists for testing as well as testing it from a dial-up account on another provider. Open relays are only "easy to overlook" if you are negligent when you set up mail servers.

But that's just not true. I've seen several otherwise competent sysadmins fail to close loopholes in the first few days of running a new system. A quick phone call or e-mail would immediately have made them aware of the problem and caused it to be closed, but instead, several of the sites were RBL'd without notice. The open relays were closed as soon as the sysadmins became aware of the problem, but there was still considerable damage to the businesses as a result, which continued for weeks after they notified the blacklists concerned that the relays had been closed.

There is a danger that I, and millions of other users will be spammed.

Too bad. There is a danger of that every day, open relays or not. If you think that is even remotely comparable to the danger of a serious road traffic accident, your priorities are really screwed up. Try learning first aid and treating the victims at the scene of an RTA. Watch one die, and tell me these two situations are comparable. You are a sick, sick person if you think your "analogy" is fair.

I'm not going to bother replying to your other points there, because I think those comments are equally off-base, and I think that's obvious to anyone else reading as well. If you really want to know my thoughts, scatter "undemocratic", "vigilante", "unaccountable" and "often wrong" liberally through your comments.

You can [sue the blacklists if they damage you by having you on their list inappropriately]. They are completely liable if their negligence injures your business or reputation. So quit pretending otherwise.

Maybe where you come from. I'd love to see the precedent, though. Certainly none of the companies I've seen damaged this way (in the UK) were ever able to take action. These guys have basically taken it upon themselves to sort out something that is not their responsibility, they're doing a pretty lousy job of it, and they're screwing people who can't fight back. So you quit pretending otherwise.

Re:No, it's vigilanteism without responsibility

[fmaxwell]

I've seen several otherwise competent sysadmins fail to close loopholes in the first few days of running a new system. A quick phone call or e-mail would immediately have made them aware of the problem and caused it to be closed, but instead, several of the sites were RBL'd without notice.

Did they submit their systems for testing by any of the open relay blacklists when they brought them up? Did they use a third-party ISP to test the systems for open relays? I did those things, so my mail server isn't an open relay. If they did not, then they were negligent. Period.

A quick phone call or e-mail would immediately have made them aware of the problem and caused it to be closed, but instead, several of the sites were RBL'd without notice.

So now you want volunteers running open relay databases to phone all around the world to negligent sysadmins? Get a clue. These databases are run on a shoestring budget. They cannot afford to turn every open relay discovery into an expensive, labor-intensive, investigative chore. Oh, and another clue for you: Many of the open relays are in Asia. How good is your Chinese or Korean?

You are a sick, sick person if you think your "analogy" is fair.

Did you ever hear the analogy that refers to "throwing out the baby with the bath water"? Do you think that the people who use that analogy are saying that abandoning a baby to die in dirty bathwater is the moral and ethical equivalent of whatever they are drawing the analogy to? If you don't understand something as simple as analogies, you need to spend more time in school and less on Slashdot.

I'm not going to bother replying to your other points there

That's fine since your replies to them would probably have been equally as ill-conceived as those replies you did make.

Maybe where you come from. I'd love to see the precedent, though. Certainly none of the companies I've seen damaged this way (in the UK) were ever able to take action.

Then look here. Next time, do your own research before you post.

Re:No, it's vigilanteism without responsibility

[Anonymous+Brave+Guy]

Did they submit their systems for testing by any of the open relay blacklists when they brought them up? Did they use a third-party ISP to test the systems for open relays? I did those things, so my mail server isn't an open relay. If they did not, then they were negligent. Period.

Probably not before the system was fully configured, no. In both cases I'm thinking of, they were blacklisted within a few hours of going on-line, before they'd even finished the diagnostics to find out if the system was working properly. Given another 24 hours, the relays would all have been blocked. They didn't give them those 24 hours, instead they jumped the gun and screwed the companies concerned for several weeks each. That is not reasonable behaviour, it's vigilanteism.

BTW, I notice we've somehow managed to lose all the cases where the blacklist just plain screwed up in the first place, and either added a server completely in error, or caught innocent servers up when blocking whole IP ranges. Having a competent sysadmin obviously didn't help all those companies, now did it?

So now you want volunteers running open relay databases to phone all around the world to negligent sysadmins? [...] They cannot afford to turn every open relay discovery into an expensive, labor-intensive, investigative chore.

I want them to do some basic fact-finding before they go around cutting people off from the world, yes. If they cannot afford to do the job properly, perhaps they should find a new line of work. As it is, they are screwing people and harming businesses left, right and centre. That is not justified by any of your over-excitable rants.

Then look here. Next time, do your own research before you post.

Perhaps you should do the same. The link you posted is obviously to a US court case. Do you now expect people in countries all over the world to take US-specific legal advice just in case they have a case there against someone there who's disrupting their network? Since you're so keen on giving out clues, here's one for you: many of the small businesses at risk from this practice can't afford to hire US lawyers to sort out US-based problems with US companies. Deal with your own problems, don't push them onto the rest of us, please.

Re:No, it's vigilanteism without responsibility

[fmaxwell]

Probably not before the system was fully configured, no.

If the mail server was not "fully configured", it should not have been live on the net. The sys admins did not do their jobs. They brought up mail servers that were open relays and didn't make it a priority to test them.

They didn't give them those 24 hours

They never said that they would give 24 hours notice. Do you know how much spam can be spewed through an open relay in 24 hours? Hundreds of thousands of pieces, assuming even a moderately fast connection.

BTW, I notice we've somehow managed to lose all the cases where the blacklist just plain screwed up in the first place, and either added a server completely in error, or caught innocent servers up when blocking whole IP ranges.

They don't "block" anything. They report where open relays have been found. Since it is now largely an automated process, the chance for human error is miniscule. As to the IP ranges, open relay databases don't use ranges. Databases of organizations that tolerate spamvertised web pages are the ones that use IP ranges. Sys admins can choose to block them or not.

I want them to do some basic fact-finding before they go around cutting people off from the world, yes.

Too bad. I, and many others, want them to identify threats and inform us of them as quickly and efficiently as possible. That means an automated system where someone enters an IP address, the system sends test relay mail, and, if it returns, an entry is automatically added. No human intervention or time is needed and human errors are eliminated.

And when will you get it through your head that these databases don't "go around cutting people off"? They are databases, not filters. If their criteria, methods, and accuracy satisfy me, then I can use them in my filtering. You don't like that? Tough. I don't have a legal obligation to accept mail from your server.

If they cannot afford to do the job properly, perhaps they should find a new line of work.

It's not a "job." They are mostly unpaid volunteers. If their "work" does not satisfy you, then don't use them for your filtering.

The link you posted is obviously to a US court case.

Yes, and you wrote:

Maybe where you come from. I'd love to see the precedent, though.

So, I showed you a precedent where I come from. There's no satisfying you, is there?

Do you now expect people in countries all over the world to take US-specific legal advice just in case they have a case there against someone there who's disrupting their network?

I did not give you "legal advice". I showed you a precedent -- as you requested (see above).

Let me summarize this for you since we seem to be covering the same ground over and over:

1. System adminstrators must be sure that their systems are not open relays if they want to avoid being listed. The very first test that they should run when putting their system on the net is an open relay test. If they don't do that, they have no right to complain when they show up in ORDB.
   
2. Open relay databases do not perform filtering or, in any way, block e-mail. They provide information just as a newspaper does: "IP X.X.X.X was an open relay on this date"
   
3. My mail server = my rules. Individual system administrators can block e-mail based on information in these databases, results of tarot card readings, or their own dislike of odd-numbers in IP addresses. It's their system so it's their choice.
   
4. Their database = their rules. Someone running an anti-spam database gets to decide the criteria for inclusion/removal and the procedures that they will use. You have no right to dictate how someone else runs their database.
   
5. The only time that you have a valid legal claim against an open relay database is if they listed you in error. If the listing was correct, then you have no grounds for complaint.
   
6. The people running the databases don't owe you anything. They don't owe you warnings, notices, consulting services, phone calls, e-mails, or any of the other things that have been proposed in this thread. They have no business or contractual relationship with you.
   
   Remember, you have a right to start your own database if you think that the existing open relay databases are going about it wrong. You can phone sys admins in places like Korea, Brazil, and Russia to tell them about their open relays. You can give grace periods. You can e-mail warnings to people. You can rush home from your job to immediately remove systems from the database the moment that the admins fix the problems. You can do all of those other things you think should be done. If others feel that you have the right idea, they will switch to your database. Of course, you'll probably have to deal with pompous twits who demand that you change the way that you run your own database, but it will be a learning experience for you.
   

Hopefully, this has cleared up the misconceptions you had when you entered into this discussion.

Re:Give your users the control: EXIM and RBL-Warni

[Senior+Frac]

4) Users can continue to pay for the delivery of their spam.

You think it's that people don't want to see spam? No. It's that they don't want to receive it. Procmail fixes nothing.

blacklists punish innocent users!

[Marvin_OScribbley]

Most of the comments people are making seem to be of the opinions that these blacklists and blackholes are a good thing. So what I am about to say will probably not be very popular. In my experience, blacklists punish users more than spammers.

A while back I got a reply to my e-mail that had the word SPAM with a question mark inserted into the subject. After some correspondence I learned that my ISP had been "blacklisted" because they maintain open mail relays. I was snidely told I should complain to my ISP, as if I could somehow force them to fix the problem. Well I did send an e-mail telling them about the problem and asking what they could do. Their position on the subject was quite different. They felt that to close the mail relays would hurt their customers by preventing them from sending mail through the server even when they were not connected locally. Now before you point out that I could simply switch ISPs, keep in mind that I live in an area where there is not a big selection of ISPs. Anyway, their reply sounded like a lack of technical expertise to me, but apparently a few weeks later they changed their mind.

But now I had a new problem. I've got two internet connections, one which is a direct connection from my office, and the other which is a dialup connection from at home. Suddenly I found I was unable to send e-mail from my office account through my ISP account, nor could I send e-mail from my work account from at home, because both mail servers were rejecting mail not from or to their domain. This was an added pain because it meant that I had to keep changing the smtp server in my mail program everytime I switched locations.

I guess the point I am really trying to make is that various administrators will set things up the way they feel is best for the situation. However in this case closing open relaying prevented me from sending legitimate e-mails. I have a feeling that customers care less about preventing spam than they do about the system working for them. Yes, I hate spam too. On one of my accounts I've set up the system to reject e-mails from anyone not on my accept list. I still get the e-mail, only in a low priority directory that I occasionally check. The sender also gets a message telling them how they can bypass the filter. I can do this because I've got shell access on this account.

But it seems to me that blacklisting is wrong because first, it filters mail that could be from legitimate users, and second, it makes no attempt to inform the user that their e-mail was silently deleted. In my case I was lucky that my e-mail was simply flagged as possible spam, and not just deleted. Had I not found out from the recipient what was going on I might never have known.

Re:blacklists punish innocent users!

[Mr.Spaz]

If you think they (the ISP) can handle it, ask them to install an SMTP-auth compliant mailer. Then you can send mail from anywhere with an SMTP-auth compatible client (quite a large number of them, actually), and your ISP will still not be an open relay. I did this with Qmail and it was (relatively) painless.

Major contributor to the world of spam

I doubt I was a major contributor to the world of SPAM

Perhaps not, but your class of server is. There are hundreds of thousands of MS Exchange boxes that are dropped onto networks by “inadvertant co-administrators” without proper configuration. Each only needs to relay a couple of spam runs to provide enough capacity to handle all the worlds spam.

Yes, you only make up 0.001% of the problem. Now why should we treat you any differently from the other 99.99%?

Re:Give your users the control: EXIM and RBL-Warni

[Sosarian]

This merely addresses the very political nature of RBL lists in our environment. I'd love to turn it on and just let people fend for themselves but they just keep complaining that X can't send me email anymore.

And procmail isn't the only filter. Netscape and Outlook both support filtering, as do most mail clients. Yes you still get the spam, and yes with thousands of domains and hundreds of thousands of users this adds up to a lot of money quickly but it removes the political angle.

Of course the other option with EXIM is use the warning on all domains and then to give the domain owners a choice to opt-in to the system for just plain blocking once they learn about how the system works and/or are being driven crazy by spam.

Only a SPAMMER

Only a spammer would think is FLAIMBAIT!

Baby/bathwater ratio

And how would anybody find out how much of the baby is being thrown out with the bathwater?

Easy - go through your mail log and collect a representitative sample of IP addresses that connect to it, then write a perl script to check these against the list. Net::DNS::Resolver is your friend.

This is exactly what we did when we were deciding which DNSBLs to use. In the end we went with ORBZ inputs and SPEWS. There were some discrepencies in the relays.osirusoft.com zone, however, which prompted us not to use it.

Re:Reply-To blacklisting goes too far

Reply-To: blacklisting is a BAD idea, given how trivial it is to forge it.

I'm guessing the previous poster thinks the spammer would use their own Reply-To because one must respond to the advertisement in order for it be be effective. Not true.

Someone sending out spam with Reply-To: pointing to a real person other than the spammer isn't so unusual. I personally know of two examples.

1. A relative's AOL account was hacked (imagine that), and used by a spammer. To AOL's credit, they shut down outgoing mail from the account within minutes, but it was still a few hundred msgs. They were a pr0n purveyor of some sort, with an embedded link to the web site they were hawking. The mail was sent with my parents' normal From: and Reply-To: headers. Thus, anyone who wanted some goat pr0n could click on the url, but anyone who wanted to fire off an angry email sent it to my parents, not the spammer.

2. More recently, someone on AOL was sending out a Windows virus using my work email address in the Reply-To: address. Since the intent is malicious rather than commerical, the sender presumably wants nothing pointing back to them. Given that my address could have been harvested from various institutional directories or web pages over which I don't have control -- or from lots of individuals' contact lists -- I don't think there's much I could do to have kept my email address from becoming known, short of being unemployed and living in a cave.

In either case, blocking Reply-To: would really be overkill.

Failure of the System

[DoWeHaftTo]

This last week three different people's email to me bounced back to them. I only found out by them telling me later. They came from three different systems, one was yahoo.com. I found out that my ISP was responsible, they said they had a filter of some sort that automatically popped up when they detected they were under a "spam attack".

I am only a little familiar with the technology of spam defenses, but I feel the bottom line is this: whenever a legitimate email is rejected, it represents a failure of the mail system. The penultimate goal, I feel, of any mail system is that legitimate mail gets through! This means that spam rejection is a secondary goal, and must be subservient to legitimate mail.

I am quite aware that the current state of non-neuron-based decision systems is inadequate to differentiate between spam and legitimate mail, and in the limit even neuron-based systems, e.g. humans, cannot guarantee 100% correct decisions everytime. However, this is not the issue.

The issue is the structure of the defenses. Why is my ISP making decisions for me, without my (real) consent, about what mail I receive? Isn't this like the local post office pawing through my snail mail and throwing away stuff that looks like junkmail? Of course it is. There are very strict laws against this in the US. That is why snail mail is now more reliable than the email I get via my ISP. What's up with that? (As well hopefully someday email will enjoy the same kinds of protections snail mail does in the US).

I am not for spam, I am against spam. I want tools to fight spam, and they don't have to be free. But more than that I want my legitimate email. When you throw the baby out with the bath water, as in the current situation, you have a broken system, no two ways about it.

Tom

Geographic monopoly

[yerricde]

If an ISP doesn't fulfil your specific needs, or has policies you disagree with, then there is nothing preventing you from using a different one.

If your ISP is the only one that serves your geographical area, then switching to a different ISP can cost upwards of six figures.

Re:Geographic monopoly

[NeurfBallz]

Then it's time to become active in your Geographic area to get that ISP corrected, or get them to fulfill your needs, or find a way to piggy back or tunnel what you need via the available resources. You are talking about a valid problem that hits everyplace but the highest concentration population areas in the world. It is, indeed a problem for an unknown (large) number of internet users. There are technological answers, and there are meatspace answers. Sometimes it's a shame that difficult tech answers are easier to go with than simple meat-space ones.

People DO make ISPs subscribe

[Nermal]

I realize no one makes ISP's subscribe to the blacklists...

That's not entirely true. For example I used to work at an ISP that was frequently blacklisted because the owner firmly felt that anyone who paid for an account was perfectly free to do anything legal with it, including send spam (which wasn't illegal at the time). So when I moved,the first thing when looking for a new ISP to get service from was to ask if they subscribed to the RBL. If they did, I knew chances were I wouldn't be able to get emails at my old email address reliably.

I called a local ISP, asked and when they said that they weren't subscribed, I signed up. Well, shortly thereafter I found I couldn't check my mail. I couldn't even bring up my old ISPs web page. A phone call confirmed that the old ISP was up. A traceroute showed that the traffic wasn't stopping at my ISP, but at their upstream, Above.net.

Ok, Here's the kicker. It turns out that not only does above.net use the RBL, their CTO is on the board of the RBL orgainization! Beyond that, they didn't just block email, they were blocking ALL traffic to and from my old ISP. To anyone that didn't already know about them, they simply would not exist on the net.

So my new ISP was telling the truth, they didn't subscribe to the RBL, but their upstream did. I mean, this is an upstream! It services THOUSANDS of users and they are willing to presume to filter our traffic? And when they block all traffic, not just email, it's no longer anti-spam, it's flat-out intimmidation.

Does anyone agree with me that there is simply no excuse for this, and that the one-and-only responsible way to implement these lists is to offer them on a user-level opt-in basis?

sigh

before making ridiculous assumptions that we would ACTUALLY manipulate bgp path selection for any AS other than ours, please think about what you are saying. we filtered IN OUR CORE all traffic destined for the said destination. there are still plenty of alternative path's, as we didn't advertise those routes to our peers. (please see http://www.cisco.com/warp/public/105/21.html for a tutorial on how route selection takes place with cisco routers. )

now look at it from this perspective. i have say, a /8 at my disposal. one of my downstream's is a smaller ISP, who's been alocated a /16 from my /8 for their needs. that downstream, ISP_B , has 4 downstreams, all small dialup mom and pop ISP's, each alocated a /23

now put that problem exponentially, and frankly as nested as it gets, as a carrier, it is NOT our resposability to police the internet. our downstream must follow our AUP. sure enough that DOES include an anti-spam clause in there. so far so good right?

the owner of the said open relay might have been contacted, at least thats what the said blacklist claimed. their upstream might also have been contacted. when neither of those options proved of any help to fix the said open relay, our entire address range was blacklisted. I'm not quite sure you realise how many people were then UNJUSTIFIABLY placed in the same blacklist my consequence. as a business, our first responsability is to our customers, and frankly, one open relay, a customer of our customer, affecting mail services for our other thousands of customers worlwide is not justifiable.

when those people refused to remove us from the list, NOT WANTING TO COMPREHEND that there was a better way to deal with this miserable open relay, we showed them just how much they were affecting us.

maybe this helped clarify it for you "NeurfBallz"

While you're at it, explain how you can "fraudulently" insert a bgp null0 route. I don't recall seeing any contracts between us and the said "open relay blacklist" to carry their traffic. It seems quite within our legal rights to use policy routing and route filtering to decide what to route, and how we want to route it.

Notice hoewever, that we did not advertise that route to our peers at the various IX's.

When they contacted us on the phoen to get that route removed, and the situation was talked over, they acknoledged the fact that we had been wrongfully added (that's the part where they admit they were WRONG) . We helped them track the right server and IP range, which they THEN listed AFTER contacting the apropriate parties, and the whole situation was smoothed over.

until ANTI-SPAM measures are regulated by a governing body, they are not MUST BE's on the internet.

Fake open relay software.

[Nonesuch]

It's been done.

http://www.msg.net/utility/small/chuckmail/

Looks like an open relay, optionally acts like a teergrube.

Whitelisting does scale

[yerricde]

(Any address that has sent three non-spams and no spams is added to a whitelist)

Yeah. That scales. Brilliant.

Because Slashdot strips the sarcasm tag, I have to ass-u-me that you're using a sarcastic tone. Fact is that searching an index built as a balanced search tree (such as a red-black tree or B+ tree) is O(log n), which means that to double the time it takes to look up a name in a whitelist, you'd have to square the number of entries in the whitelist. A hash table makes it even faster by letting the program skip the first 10 or so iterations of binary search. A good database such as PostgreSQL should take care of this for you. Could you explain how you think dietz's solution doesn't scale?

Or perhaps you aren't using sarcasm and are just agreeing.

It confirms your address

[yerricde]

[Autoresponding messages that don't use a subject keyword] works, since spam houses never read their incoming mail, so they won't use the backdoor.

Yes they do. Replying to spam confirms that your account exists, which lets spammers think that they can use even more of your bandwidth.

My problem with PGP

[yerricde]

Additionally, this would be a good time to sensibly implement some things that have been kludged onto SMTP (mandate PGP, intelligent attachment capability, html formatting etc)

My problem with PGP: how do I get into the web of trust if I don't know anybody who uses PGP?

So how do I get into the web of trust?

[yerricde]

Why not require everyone that sends mail to you to use pgp?

So how do I get my public key into the web of trust if I don't personally know anybody else who uses PGP?

Changing ISPs costs six figures

[yerricde]

why you can't change to competent ISP

Most of the time, the answer will be that changing ISPs while keeping the same level of service costs six figures because the user's current ISP holds a geographic monopoly in the area. "Don't like our cable modem service? Tough s***. We're the only broadband provider in town."

what your static IP address is

Sometimes, a static IP costs six figures because the user's current ISP doesn't provide one to any non-corporate customer.

The Solution (Guaranteed to stop 99% of Spam)

[Derleth]

Blacklist hotmail.com and aol.com. Wouldn't that solve most of the spam problem?

Re:No. Deal with it.

[Technician]

(In crackhouse terms, SPEWS reads police blotters, and if it stops seeing crime in a certain area, allows pizza delivery. I'm the crusty old Italian guy who says "No, you can't deliver to 48th street, it's a war zone, at least, it was the last time I tried to deliver a pie there sometime in 1996!")
I still apply that to reality. If I hit a town with wild traffic traps (like getting a parking ticket at 2 AM while in the car!) I take that as a unwelcome sign and refuse to do business there again ever. Not everyone is ready to fully trust a part of town with a bad reputation right away. I've noticed 15 years later a large number of boarded up and empty retail space where I got the weird ticket. I won't consider returning until it's all plowed under and rebuilt nice shiny and new. People must return as a sign it's no longer a place to be robbed. Most all the reputable businesses moved 5 miles South into the next county. This is how real world slums and internet slums are created.

It seems pretty reasonable to me..

[fuerstma]

My company had their port open, which was eventually found by the Spammers, who were routing just a ton of shit through it. I was too dumb to know how to close in spite of being the ad hoc Exchange Server Admin (I can tell you postfix wouldn't let that crap happen by default, but Exchange.. hell if I know...)

So of course eventually we were reported to the Blacklisters, and rightfully so. I wouldn't want the spam in my inbox (though I noticed 99% of the spam's destination was hotmail.com, so maybe they deserve it?), and it forced me to get off my last ass and fix it. Blacklists worked.

Of course the week, two week waiting period until we were unlisted... well that sucked ass big time... but.. we did the crime so we had to do the time.

Re:MAPS BGP, (was MAPS, a bad? example)

[NeurfBallz]

Since some MAPS subscribers block ALL IP traffic based upon listings, you may want to re-think the critical nature of being listed in it.

> We have fixed IPs
Good. Do you have non-anonymizing rDNS so that other people can tell that that's the truth?
Many spammers make false claims about their setups -- in fact -- half or more of the spam has unmatched MAIL FROM: envelope addresses, as compared to the point they're being relayed. Most of that is "relay rape" (abuse of servers that do uncontrolled relaying -- often misnamed "open" relaying). I'm not saying that you should be branded as a spammer. What I am saying is that your legitimate usages need to be obvious in the infrastructure.

The closest equivalent is asyncronous routing via multiple gateways. This can be very valid, especially where the underlying technology is assymetrical. But it's also a tool being used by spammers and other DDoS attackers to the point that some people are advocating the ending of all "source routing" by blocking according to known feed paths.

Re:MAPS BGP, (was MAPS, a bad? example)

[JuanjoAI]

> Good. Do you have non-anonymizing rDNS so that other people can tell that that's the truth?
It this 'x-y-z-y.uc.nombres.ttd.es' sufficient? Ok, we cannot request to TTD to change the rDNS, however the domain, ttd.es, tell yo to write to abuse@ttd.es and/or postmaster@ttd.es if you detect spam practices.
I did it recently, and I received an ACK from them.

> Most of that is "relay rape" (abuse of servers that do uncontrolled relaying -- often misnamed "open" relaying).
Ok, for this there are the open relay blacklists, no? So, I cannot understand why we was blacklisted in DULs (dial-up, since our addresses are not dial-up connections).

I think that, the solution: closing all potential open relay by closing all domestic connections to SMTP is the first step to closing freedom (or closing Internet).

The solution for avoiding the spam is to filter messages by header and/or body. I'm using procmail since three years and I block automatically 90% spam. By configuring this in MTAs you can avoid 90% spam to your users. Of course, this configuration must be optional because the filters are not perfect.

Re:There is only one thing a blocklist can do wron

[WebMasterJoe]

If a blocklist has harsh policies, only a few servers will use it. If it has too lax policies it won't be effective. Somewhere in between are the useful ones.

In theory, in a world where all ISP's are run by knowledgable and competent people, only the best few blacklist operators will survive. However, the best product doesn't always have the highest sales (another consideration - do ISP's have to subscribe to the blacklists as a service? Small ISP's are more likely to go with a cheaper list). This "Natural Selection" approach will only leave us with the blacklists with the best marketing force. Think about it - is AOL the best ISP?

Also, there is more that a blacklist can do wrong than not follow its own policy. It can create policies that are illegal for one reason or another.

Accidental Relays

[dinodrac]

While most system administrators are aware of the need to make sure that servers under their control do not relay to third parties, few are aware of all of the vunerabilites through which their mailserver can be used to relay mail, and which aren't exposed by the most basic form of relay tests.

I've seen many administrators insist that they were not an open relay, only to be shown that they had been used as a relay, and that some very simple method was used to trick the mailserver into relaying the mail.

One example, the relay_local_from option in sendmail (which you SHOULD NOT ever use!).
With this option, the mailserver will relay
any message supposedly originating from a local
email address. So any mail supposedly from postmaster@that.server.com would be blindly relayed. There are at least 15 or so vuenerabilities that I've heard of, which can be used to trick what at first glance appeared
to be a secure mail server into relaying spam.

At one point, these were commonly overlooked by both spammers and sysadmins. These days, the spammers are testing for even the most obscure relaying vunerabilities, as wide open
relays are getting harder to find, they are finding huge numbers of servers that were only secured against the most basic methods of unauthorized mail relay, and therefore, aren't
secure at all. Theres a pretty comprehensive tester on MAPS web site, as well as several standalone testers availible under various licenses. And yes, there are commercial mailservers that *CAN'T* be secured. If you are running one of them, its your responsibility to secure it by denying unauthorized users connectivity to it, either by physically disconnecting it, or by use of firewalls or other technical means to insure that only authorized users can connect to the SMTP port on the mailserver. Even if its not practical to replace one of these mailservers, it *is* practical, and perfectly reasonable to place them behind a firewall, and put a properly secured smarthost outside the firewall
to provide the means for authorized mail to
enter and leave the network. Any of several secure-by-default mailservers can be installed and configured by any competent administrator in less than a day, providing an instant replacement to (or gateway for) an insecure mailserver. As for those administrators that haven't yet found out that their relay is insecure:
Test regularly, especially after any configuration change. Adopt a policy requiring customer mailservers to be tested for relaying periodicly, and deny connectivity to those servers which are found to be open relays until they are fixed. Fully investigate any claim that your mailserver is relaying spam.
Deal with spammers on your network as soon as you learn about them. Consider checking the antispam newsgroups occasionally for evidence of major problems (hint: google makes it very easy to search news.admin.net-abuse.* :). Make sure abuse@ and postmaster@ works and is read regularly. Block port 25 inbound to hosts which aren't authorized to run mailservers so you don't have problems with unauthorized mailservers you don't know about. Block port 25 inbound AND outbound for your dialup hosts, cable modems, dsl , and other "consumer" links, which shouldn't be running mailservers, and should be using only YOUR mailservers to send email. This will stop direct-to-MX spammers from operating from your network, as well as prevent spammers from using your dialups to abuse open relays.

But what about mistakes?

[Sternn]

I have two mail servers that still are blacklisted on many services because of their configuration, not their ability to relay spam. I am an avid MS user (no comments from the cheap seats) and we run Exchange. I have installed some custom addons that run in Exchange to stop spam. I won't go into to much detail, but the gist of it is, it allows relays to send the spam to my server, then it moves it to an account I have to review it and either release it or kill it. Now, organizations like ORDB continue to let me know I am an 'open relay' but in reality I am killing more spam in a week than some people even get (about 180 or so a day, mostly from one or two sources overseas all destined for US addresses).

However, I can't send mail to friends from account on those boxes because they have been deemed relays by the ORDB. Emails to ORDB come back with automated replies, and there is no number I can call.

I have contacted an attorney on this and they are looking into some case law for me. The bottom line is I am being accused of something I am not doing, and being punished for it, because the software I run is different. I am wondering where simple mistakes end and liability begins.

Re:But what about mistakes?

[winnetou]

Now, organizations like ORDB continue to let me know I am an 'open relay'

Well, you have an open relay, unless you decide to "release" email that claims to be sent from spamtest@[your.IP.num.ber].

Re:Shout out for ... spamcop.net

[Erasmus+Darwin]

"What good is it to depend on reports of spam stopping after the spamming server gets listed as a basis for delisting it?"

I believe SpamCop doesn't use an absolute block. So it's still quite possible for users to file spam reports against spam that's been flagged as spam.

Also, if SpamCop uses external lists, the initial SpamCop listing only needs to last long enough for the spammer to get on a more permanent/human moderated list.

democracy always fails

[ONOIML8]

If you've read your history then you know that all attempts at democracy fail, and so will this one.

Thankfully I live in a democratic republic!

'penultimate'

From Merriam Webster's Collegiate Dictionary:
penultimate adj: next to the last (the penultimate chapter of a book)

Are SPAM Blacklists Unreasonable?

Well, there are two separate issues. The first issue is the right of a server to decide what traffic he wants to receive. The operator of a server is responsible to its owners and to their customers; he has no obligation towards those who might wish to send mail via his server or otherwise use its resources.

The second issue is the right of a person to publish his opinions. In the US the First Amendment protects such publication; some, but not all, countries of equivalent protections

Now, as a practical matter, if the operator of a blacklist fails to remove entries when the original problems have been resolved for an adequate period, providers will be reluctant to use that list. But sites listed have no standing in that decision.

It is intersting to note that the oldest of the well known black lists, the MAPS RBL, has been criticized for being to slow in adding offendors and too quick to remove them.

One factor to keep in mind is that if there were no public blacklist, operators would maintain private deny lists that might be impossible to get out of. With the public lists, you clean up your operation, possibly follow some administrative procedures, and after a reasonable delay your listing is removed for as long as you remain clean.

Re:No. Deal with it.

If they maintain the lists, they should *maintain* them, not just treat them like a brick wall and simply pile up the addresses and leave it at that.

My server, my rules. If I am publishing a list of open relays then I will provide a way to get off, but I am not obligated to. If I am maintaining a local deny list on my own machine, then, yes, I will simply pile up the addresses and leave it at that unless it causes problems for my users. They get to complain; they sites that I've blocked have no right to tell me what traffic to accept.

Re:No. Deal with it.

What about the people living next door to the crack house? Should they not be able to get a pizza as well?

No. The owner has the right to protect his delivery truck and the driver's safety.

The fact of the matter is, for every legimiate (sic) spammer on the list (even the well administrated ones), there is another placed there unfairly.

No. The list may include a domain name or an IP block in which a nonspammer resides, but it does not list any nonspammers. There is nothing unfair about such a list, and there is nothing unfair about an operator using the list to protect his network and his customers.

The brick and mortar was on the list because of an open relay (which was a good reason to be listed), however once it was closed, they were not allowed to be removed,

I don't believe you. I am not aware of any public list of open relays that does not provide for removal.

And the knee jerk reaction that most sysadmins take in dealing with the situation is similar in nature to burning half your mail daily because the postmark is similar to a known junk mailer. And burning is a reasonable analogy, because blocked emails don't get archived or analyzed, they get tossed, lock stock and barrel.

Their system, their rules. It may or may not be a good business decision. If their customers or their stockholders are unhappy, they will speak out. Your opinion and my opinion don't count.

Its so easy for a sysadmin to install a blacklist and never worry about it again (unless of course, *he* starts losing messages).

Correct. If he's doing his job he will notice and make an appropriate decision. Which might be to continue using the list as is.

The price for having a spam free existance is to constantly monitor and evaluate the system, not to light a match and walk away.

Using one of the blacklists does not imply ignoring your system. Plenty of people use blacklists in which they have punched holes and to which they have appeneded other sites to block.

Are you sure that you weren't informed

Do you have functioning abuse and postmaster role accounts? Is a human being reading your spam complaints? If the answer to either of these questions is no, then you have no reason to believe that you weren't notified. I've had lots of complaints addressed to abuse or postmaster bounce.

Godwin invoked

Be warned that there are *UNreasonable* people as well, spam Nazis who'd make you wear a yellow "known spammer" armband if they could. Good luck deailng with them. Those guys are proof positive that noone owns the Internet, and you DAMN well better play by THEIR RULES if you want to use THEIR SERVERS!!

Those aren't net nazis, just capitalists who paid their hard earned money for their kit and object to being ripped off by every scumbag with perfectly legal XXX hot wet preteen golf balls to sell.

So tell me, if I want to run for office may I paint a sign on the side of your house? Then why should the owner of a server allow me to approriate his network and do my advertising at his expense? If I've ripped him off once, why is he obligated to give me another crack at his network?

Welcome to the real world, kid!

[radsoft]

... And guess what? You're already doing your "pennance"!

Rickster/