Slashdot Mirror
Osirusoft Blacklists The World
NSXDavid writes "Earlier today our site mysteriously ended up on Joe Jared's Osirusoft SPAM blacklist which is used by lots of antispam software (like SpamAssassin and sendmail). Since he is currently under a serious DDoS attack, there was no way to appeal this decision. We contacted Mr. Jared by phone who informed us that 'everyone needs to stop using Osirusoft and that he's going to be shutting the service down.' Then he says he's going to blacklist 'the world' (aka, ban *.*.*.*) to get his point across. Later on this evening, he apparently went ahead and did just that. Succumbing to lawsuits and DDoS, a once great blacklist is dead. SpamAssassin is removing it from their config in the next release (rc3) and email admins around the globe are reconfiguring their mail servers."
It may take a little more work, but the only solution to spam is the whitelist.
The non-communication only breeds rumours.
long live whitelisting
This isn't any different from any time spews blacklists anybody; They've never claimed to not blacklist legitimate people. And, it's impossible to contact spews to get yourself removed if unfairly blacklisted. Everyone in the world, who has been blacklisted unfairly by spews is now celebrating. Hopefully now, people using spews will realize that spews really is a poor solution to the problem, that causes more harm than it prevents.
get 0wned. irc.w30wnzj00.com
I guess Jeff K and Jerry, with their 1337 h4x0r 5|!11z, have finally retaliated for the blacklisting of somethingawful.com. G
I'm glad I read this; I got a bounce message earlier saying one of my emails was blocked due to our corp. mail server being blacklisted by relays.osirusoft.com, and I drove myself just about mad trying to figure out how or why.
It's August 27th... why isn't Slashdot showing the protest page, huh?
Ding dong the witch is dead!
AC comments get piped to
My co-located server has been blacklisted by SPEWS for months now. And it's only because of a spammer elsewhere on my two-providers-up-the-chain regional ISP. And the spammer is on a different C-class entirely, yet my IP range was still included as punishment to the ISP. The fact that I suffer as a result doesn't matter to these people. Changing providers is not an option for me at this point (long story) so I've just had to live with it. I can't email several friends, and regularly field complaints from people who host on my server.
I believe in fighting spam, and I think that blacklists are a good idea to a certain degree, but I've always felt that SPEWS was too draconian, and had no option for recourse for those of us who were (as they put it) "collateral damage".
I posted to the referred newsgroup a few times, and got nothing but venom from the locals.
I'm not sad to see them go.
-- b0rk.
For mail admins around the world try these alternatives.
bl.spamcop.net
one of the best blacklists, it catches a huge % of incoming spam, and virtually no collateral damage.
blackholes.easynet.nl
almost as good as spamcop, and seems to nail a lot of the spam hauses
dynablock.easynet.nl
nukes a lot of the dsl and dialup spammers
argentina.blackholes.us
south american country, what more needs be said ? : )
brazil.blackholes.us
ditto
cn-kr.blackholes.us
china and korea, what more need be said ? : )
turkey.blackholes.us
whole lotta spammers here
sbl.spamhaus.org
a bit too conservative for my tastes, but gets a lot of spam gangs, and has very low collateral damage
bl.reynolds.net.au
if you want to use the spews list, this provides a feed for it
malaysia.blackholes.us
another spammy asian country
wanadoo-fr.blackholes.us
one of the worst european isps
hongkong.blackholes.us
another spammy asian country
Lawyers, MBA's, RIAA? A jedi fears not these things!
Due to all these viri and ddos's over the last month the reachability index at xaffire has been pretty rocky. Fun to watch though.
I'm sorry, but this guy is a true blue asshole. My condolences for being DDoSed, but by banning "the world" to try to tell people to stop using his service ASAP, plenty of legitimate non-spam email got blocked, meaning that people may have to resend, and in some cases may not even know their email was missed. That's worse than spamming, people.
Oh, I forgot, the standard propaganda line from these SPEWS.ORG type anti-spam fundamentalists is "we didn't block your email, the ISP using our service did, blame them."
One idea I've had (or maybe I've heard it somewhere else, I can't remember) is authorization. Change the protocol, or maybe just implement at server, so that before anyone can send you an email they have to request permission. In that request they would identify themselves, and before they start emailing you stuff you would have to send them back permission. Anyone that is in your contact list would automatically be given permission. If it turns out to be spam you could revoke permission. Also analyze the email header and do reverse lookup to see if the domain names resolve properly. If a domain is spoofed, deny it automatically.
Perhaps this has been done before, and I'm sure there are flaws, but I am tierd of hearing about how big a problem this is, without hearing any good ideas about fixing it. Any other thoughts?
Sigs are out of style, so I'm not going to use one...oh wait..
I can't completely describe my satisfaction with Bayesian filtering. I've been using SpamBayes for a few weeks w/ Outlook (please don't smite me), and it hasn't let me down. I have received absolutely no spam in my inbox these last couple of weeks. Granted, I built up a collection of >500 unwanted e-mails, but it only took a couple of days :)
Robert Bindler
A Computer Science student's views on technology.
"w30wnzj00.com" ? Sounds like troll...
A blacklist is like the death penalty -- there is no 100% surefire positive no-mistakes without prejudice way to protect the innocent.
Look at the results of blacklists as similar to the casualties produced in a war -- you may kill a good many of the enemy, but how many of them were civilians?
It's nice that they tried to fight spam, but when your lists interfere with legitimate business, it's time to back down.
Assholes.
As someone who was blocked by both osirusoft and spews as part of their policy of blocking entire IP blocks, I feel no pity for them or for those who use them. In fact, I hope that at least some of them are learning their lessons.
The IP address of my server happened to fall a few dozen numbers away from that of a spammer. As a result, it cost me thousands of dollars in lost time and expenses to track down the issue, contact my isp and have them contact whoever it is on Mt. Self-Righteousness that takes you back off the list. Getting on the lists takes day(s), while getting off the lists takes weeks.
Blocking entire IP blocks is nothing short of techie-terrorism. In other words, you can't convince the real wrong doers to stop, so you harm the innocent bystanders to try to get them to revolt.
SPEWS and those that support them point the finger at the ISP while purposely hurting innocent small businesses like mine. It's time they take responsibility for the tools they provide, and in this way, they are no different than Microsoft.
This could turn into the same sort of gang-induced protection rackets as in meatspace. What would a company or individual do if a cracker group sent them an email saying, in effect, "Do $this or you're off the net."
It's hard to see a good technical solution for this. It's a tort--and possibly assault---like any other physical intimidation tactic, and will probably only stop if legal means are brought to bear.
Unfortunately, tort suits are hard to press across continents.
My equipment, my rules. Don't like it? tough shit, you damn spammer.
A DDoS attack will just as effectively block a whitelist as a blacklist - leaving you in the same information void as currently.
If you meant only that it will help avoid future lawsuits you may be correct.
Q.
Insert Signature Here
isn't it fairly obvious that Joe simply wants legitimate clients to stop using the zones immediately, so that he can see who the gits doing the DDoS are?
> set querytype=TXT
> 1.2.3.4.relays.osirusoft.com
Server: x.x.x.x
Address: x.x.x.x
Non-authoritative answer:
1.2.3.4.relays.osirusoft.com text = "Please stop using relays.osirusoft.com"
Authoritative answers can be found from:
osirusoft.com nameserver = ns4.osirusoft. etc...
>
Personnaly, Ive never liked blacklists that much. A whitelist system, combined with HashCash to allow people youve never contacted to get on your whitelist is the most ideal solution. The use of HashCash means spammers can't bulk mail millions of people to get on their whitelist, but it is very easy for someone to get on a few peoples whitelist at a time. The guys over at 'camram.org' are working on such a system. I think Microsoft is working on something called 'penny black' or something which does something similar.
I.O.U One Sig.
It's weird... 3x the amount... I got four messages in ten minutes at one point...
Sounds like you should actually LOOK at w30wnzj00.com.
Couldn't have happened to a better registry.
All I know is that every time I had a system
listed with them, I was unable to get it removed
in a timely fashion. Even if the problem
had been resolved.
I remember one time, a client with groupwise called. THey were listed, but they weren't actually relaying. THe server was misconfigured so it took everything it was given, then rejected it later. But even after the problem was fixed, I still couldn't get them off it. THe scripts for testing would always time out, etc.
Maybe it wasn't a spammer that DOSed them. Maybe it was just a pissed off admin that couldn't get de-listed!
The only solution to spam is to stop the spammers.
How do you propose to do that, Einstein?
The coolest way we could stop spam from being distributed is to require mail servers to register with a trusted signer, and do the delivery over ssl. anyone distributing spam via a trusted mailhost would be promptly identified by their ssl signature, and anyone sending mail from an untrusted source could be rejected. there is already enough infrastructure in place for this to occur now. verisign and friends as trusted signers, and smtp-ssl. the only other thing required is the will to put it to work.
In your prefs file:
score X_OSIRU_OPEN_RELAY 0
score RCVD_IN_OSIRUSOFT_COM 0
score X_OSIRU_DUL 0
score X_OSIRU_SPAM_SRC 0
score X_OSIRU_SPAMWARE_SITE 0
score X_OSIRU_DUL_FH 0
Everything's gonna be all right.
I once got modded down for saying this, and I'll risk it again. SPEWS rots... good riddance... their policies have always been irresponsible, and offer no reasonable notification or means to dispute a listing.
I'm a happy user of many other RBL style lists... but this one I would never have touched with a 10 foot pole, and I always advocated others do likewise.
Hopefully this final anti-social act of theirs ensures their complete demise.
Mod away....
Have you painted a shed today?
SPEWS probably only had about 2 or 3 IPs left that weren't blacklisted anyway.
Does this include www.subway.com ?
I'm willing to bet the big news carriers would give an account to any legitimate operators of such a service. Sign every post from trusted list creators with a public key to ensure validity, and it would be nearly impossible to ddos the service.
Ooooh... what about making the list itself a p2p app? Perhaps this could be a great excuse to motivate some big corps to install some freenet nodes...
im not in charge of the servers. im just a programmer. my boss is in charge of our 5 servers. i know for a fact one of them is currently being used as a spam relay. its exchange 5.5 on NT.... the reason i suspect this is that there is a large amount of outbound messages rejected, being sent during non-working hours. I shudder to think of the messages that are getting through compared to my reject log.
well im not in charge of the servers, it took several days to convince my boss that there was a problem, several more for him to understand how much this problem sucks...
so if you could tell me how to secure my(bosses) server i would greatly appreciate it... (and yes, i understand linux would not have this problem but that is not an option right now)
i dont want to get blacklisted. the economy sucks enough right now.
Thanks.
I run a Postfix setup which uses Osirusoft as one of its blacklists, and going through my maillogs I see that the RBL was unresponsive early on the 24th, and then started answering again later in the day. It was down the 25th and most of the 26th, until it briefly came on and started answering only some of the requests with "blocked using relays.osirusoft.com, reason: Please stop using relays.osirusoft.com". But it wasn't rejecting everything as the 2nd article says - just a subset of our mail. The rejects might even have been legitimate blacklisted IPs - perhaps they just changed the rejection message so admins would see it in their logs?
Additionally Postfix is a smart enough MTA so that during the RBL downtime it didn't reject any mail - the default behavior is to deliver if the RBL can't be contacted.
But if I try to look at it
they might be able to 0wnz my box!
Having been myself unfairly blacklisted (not by Spews, but by another list) because of the actions of my ISP, I really have come to have serious issues about the blacklisting process. I understand the principle - get innocent bystanders pissed off at their ISPs, then have them complain to their ISPs, or switch ISPs, and then ISPs change their behavior.
The problem is that many people, for a variety of reasons (geography being one) can't change ISPs, and many ISPs (mine included) did nothing in response to my complaints (because they knew I wasn't going to move). So what does this do? It certainly doesn't help anyone!
I hate spam as much as the next gal, and I think that the SpamAssassin approach (which is to label mail as spam depending upon certain criteria) is a much, much better approach than blacklisting.
They want you to get flamed to death as further punishment.
"Switch ISPs." So if a major residential cable modem ISP's mail server gets blacklisted, then how is anybody in any of the towns serviced by that cable company supposed to send e-mail to users of ISPs that use SPEWS?
Will I retire or break 10K?
This shutdown seems to be in response to a several-week-long DDoS attack on Osirusoft,
They guy is dealing with a huge DDoS attack and we link his page from the front page of /. ??
I guess we can't make things any worse, but come on. Give the guy a break.
FIX ME!
I recently saw a copy of this email from the Spamhaus project saying that they would no longer be making their blacklist available through other 3rd parties such as Osirusoft. Perhaps this sparked the shutdown of the Osirusoft project?
Date: Wed, 6 Aug 2003 18:42:07 +0100
From: Steve Linford
To: nanog@merit.edu
Subject: SBL soon only from sbl.spamhaus.org
If you currently use the SBL by querying the master zone
sbl.spamhaus.org then you can ignore this message.
If you are using the SBL via 3rd party composite DNSBLs and not
directly from sbl.spamhaus.org, then please read this as the
following change affects your DNSBL setup.
For a long time the SBL has been available either directly from
Spamhaus (as sbl.spamhaus.org) or via 3rd party composite zones such
as relays.osirusoft.com (as spamhaus.relays.osirusoft.com) and
blackholes.easynet.nl which import SBL data from Spamhaus. This
distribution is now changing. In order to better manage SBL
logistics, DNSBL zone and query traffic, from Monday 11 August 2003
the SBL should only be available from sbl.spamhaus.org.
The fact the SBL was available from multiple DNSBLs was causing some
confusion, plus other small factors (such as the different zones
having different build times - which for example meant that we'd tell
someone an IP had been removed, but they'd contact us a few hours
later to say it was still blocked), plus the likely emergence of
further composite lists which may add confusion, meant that it was
time to make a change now rather than in a year or two.
So, if you are not using sbl.spamhaus.org but would like to continue
using the SBL, please add sbl.spamhaus.org to your mail server's
DNSBL list.
--
Steve Linford
The Spamhaus Project
http://www.spamhaus.org
Install OpenBSD first ;)
I maintain a few smtp servers and use the osirusoft quite extensively. This kind of things really hurts when I lost a hell of a lot of emails because the admin can't be bothered to publish the fact that he is blocking the entire flaming world and only finding out about from people that are trying to email me and /.
So god sake, blocking the world is worst than not blocking at all. The decent thing to do was to either take the service down (rbl client times out) or unblock everything. This is just plainly vindictive behaviour. This pisses me off more than bloody spammers.
As a good blacklist? They are notoriously difficult to get off if you find yourself on the wrong end of their 'mission'.
-EB
Do you ever walk alone like a drifter in the dark?
I have been using relays.osirusoft.com in my Postfix configuration and also with SpamAssassin for the last few days. I've been unable to access relays.osirusoft.com at all since 6:15 A.M. New York time on Monday 8/25. I checked my mail logs and no messages were bounced because of their supposed blocking of the whole world.
With the millions of dollars spent on blocking spam, one wonders why not upgrading the old mail servers. Quite a lot of spam goes through open relays. If there was a simple verification (dare I say the actual origin should be the origin listed by the mail) there would be a huge decrease in spam. As the world starts to adopt IP6, perhaps we should update email with loopholes being invalidated. If the email you receive isn't "updated" to ensure its origins, then discard it. In this case would people be so retisent to change?
I have been fighting problems with spews for months with the last 3 Class C IP blocks that we have recieved. It was the worst attempt that I have ever seen at a blacklist. Seems like they should have whitelisted everyone instead of blacklisting them. Going to be a lot of pissed off people tomorrow im sure.
the DDoS has been going on for a looong time now (not that the fat asses at the FBI have been doing more than squat about this particular felony).
it should be fairly obvious that stiff linefeed wants clients of the sbl to be getting the most up to date version of his zone, i.e. using the previous osirusoft mirror is a bad idea at the moment.
put the batteries the wrong way round in your causality meter, did you?
See:
/not/ use the spamcop DNSBl for blocking, as Spamcop themselves state.
http://spamcop.net/bl.shtml
You should
Spamcop list on a statistical basis, based on headers of spam reports they receive. This means they also blacklist the upstreams of regular spamcop users (because if all of spamcop user X's mail comes to him via ISP Foo, then ISP Foo's mail server will be in all of user X's spamcop reports).
Do not use spamcop DNSBl for blacklisting - use it tagging or scoring.
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
Although the vast majority is filtered, I get as many as 2000 spams per day, personally (the downside to having the same email for 8 years). And I am NOT sorry to see SPEWS go. There's no question SPEWS was effective at getting spammers kicked off their networks. Likewise, arresting everyone in a town every time a crime was committed would probably be effective at stopping crime. That doesn't mean it is a good idea. When a blackhole list has something like a 100:1 legit-mai:spam ratio for blocked messages, the ends no longer justifies the means, in my book. I've had more legitimate mail blocked to or from me or companies I've administered servers for by SPEWS than any other cause in the past few years.
Now, let's continue to turn our attention towards methods of stopping spam that don't involve dropping 100x as much legitimate mail.
it's called a zone mirror, einstein.
there's plenty more spews mirrors out there, too.
I think you also need to add this line:
score RCVD_IN_OSIRUSOFT_COM 0 0 0 0
because all those X_OSIRU_* rules add on to the score of this base rule.
I use procmail and SA to filter my mail. One of my procmail.rc recipes opens a pipe to the SA on my hosting company's server, and SA does its thing.
Do I need to change my spamassassin.rc file? Do I need to ask my mailserver admin to make changes?
Humpty Dumpty was pushed.
Personally the idea of privately-owned black/whitelists horrifies me. People complain about elected governments interfering with the Internet but then those same people trust un-elected and unaccountable individuals to decide who has the right to communicate by e-mail!
Oh and of course these individuals usually have a "no right to appeal" policy. Well any similarity to PayPal should ring a loud warning bell...
From just reading the headline, I thought this article was going to be satirical.
Reprise the theme song and roll the credits!
maybe you should have found out about it months ago when Jared announced the fact in various online forums -- forums that any responsible person calling themselves an admin should take it upon themselves to read, especially when they are using an RBL whose policies are not under their control. hell, you could have just bothered to occasionally read the news updates on his website.
blocking the world is what happens to clean up the idjits who are still using a DNSBL weeks or months after it's been announced that the list is shutting down.
jeez.
They finally figured out the solution to spam!
---
WARNING:Slashdot karma not redeemable in the afterlife.
I don't see the problem. Well, personally at least. I mentioned to the wife, in March I believe, that I sensed something and nailed it on the head (spammers hi-jacking Windows PC's for relaying).
.01 of nothing that I'd want to show any REAL programmer at least. :) It's dirty, ugly, yet very effective...
:)I started peppering the Internet with email address' on USENET, and then web pages, etc.
:) -- and I frankly don't personally see it anymore. Literally. NONE. I read about it in the logs, of course. :)
/24 subnet. I arbitrarily see X number of subnets and I block the /16 subnet.
/8 ball after that and those are pretty much final. 210, 211, or 212 ring a bell to anyone?
... I'll take care of it...
/24 subnets [255]) :)
I have got to say. I sure do like the Unix's. Linux, BSD, OS X -- doesn't matter. A little thinking, some *shell* scripts, and even a few hack job "vi" scripts. Version
I've tried spamassassin, this filter, that filter. For me, my way seems to be working _very_ nicely. I use it at home (Linux), at work (Linux & BSD) and for a few architect friends/clients (OS X). Years ago now (right after the lawyer's emailed me
Those are my harvesting address'. Nobody should EVER email them, realistically. Oh the spammers like to try dictionary type attempts/attacks. Thanks -- I added those to the alias database as well for future attempts.
A couple of hacked up scripts (I'm working on it in C for even FASTER speed and some learning
Can it scale? Sure -- I'm figuring between 3-500 messages a _second_ isn't a problem. More will simply get queued and then I may notice a "lag" on my server. Bring it on. 1 IP and I whack the entire
It's the
Sure -- sometimes somebody will in inadvertently get blocked. The bounced message directs them to a web page explaining what to do next. BEST solution is to call me. You know me right? Heck, you probably have my 800 number... Oh, you DON'T? Piss off then.
Heck, I even spell out a completely external email address (@Mac.com) that you can forward the blocked message to
Ever wonder what those MAILER-DAEMON messages are all about? The Windows user's machine _starts_ the transmit of the message and disconnect. Your mail server sits there waiting for data from them to a local user -- which becomes un-deliverable and drops a note to whatever you use for the postmaster (can't publish THAT anymore, can we?).
Re-routed now. Thanks, got ANOTHER IP subnet to black ball.
I've racked up a large chunk of the Internet already -- and the stat's only seem to be increasing. Of course I've "white-listed" specific IP's of ISP's mail servers as needed. 3 so far I think. Most ISP's will put their mail server on a different subnet than their assigned IP's. Thanks. 1 white-listing was for a dedicated single IP user who's neighbor turned out to be a spammer. He had words with his ISP -- the spammer was kicked after that turned into conference call.
Sure -- some loser ISP will see more money from the spammer and side with them. We all know those ISP's -- and I've seen the same IP ranges in their listings as mine. I doubt the legit customer will remain there for long as I know I'm not the only one blocking them. Ultimately $$$ talks and the spammers are going to run dry eventually. They're now resorting to theft of services since they can't find legit connections anymore...
REJECT(S) TODAY: 482
Subnets Blocked: 434210 (110289340 total hosts in the
Percentage: 2.834% (3906250000 Internet addresses' [~3.9 BILLION] Served
Subnets TODAY? 142 (36068 total IP's)
Harvested: 49 messages
URL Lookups: 0
That's 49 messages today to some dummy account. No hits for the right web page (from a blocked message) in the logs... 142 IP's (now complete subnets
I understand that they want to get a point across, but blocking *.*.*.* is a very bad way of doing it. This'd probably break the default and current configurations on thousands of systems relying on SPEWS for blacklisting. They should ALLOW *.*.*.* instead, which would allow anything that depended upon SPEWS to operate as it would if SPEWS simply didn't exist. Since SPEWS doesn't exist anymore, that would make perfect sense.
Blocking *.*.*.* is a way to get people to stop using the server very quickly, though.
Simple solution charge more on the monthly cost to users that send more than 250 emails a month or make darn sure that they are legit businesses with genuine e-mail adverts. Charge them more for that based on the mail out rate. Spammers will evaporate overnight. If the isps would make this one move and be in agreement with users to impliment this. Make mass e-mailers that are not legit business pay through the nose. It can be done the ISPs will need to do that or change the protocol to stop forged addresses. One or the other take your choice. The opt out thing is a friggin' joke. Flame me but the situation is that simple.
OH THE SHAME I fell off the wagon and use sigs again!
I wonder how many places with crazy zealot admins. are left without any internet access at all now--some people actually used this for DNS blocking, http blacklisting, and denying routing.
My email providers are a large regional cable modem ISP, and hotmail. Today I got 2 unfiltered spams on hotmail, and 1 on my regular ISP. pretty much regular traffic. And neither of them used SPEWS.
They were DOOMED as are the other blackholes; to suck, but they did pull in a mass of spam along with the innocents.
Democracy Now! - uncensored, anti-establishment news
There are actually two different anti-spam goals. A few people have both of these goals, but quite many people have only one or the other:
The first goal includes such things as making sure children and sensitive adults don't see porn spam. But lots of people are simply offended by the spam, especially porn or body part enlarging spam. And others are simply offended by someone assuming they were interested in a great money saving offer for something they have no need for. This first goal seems to be what most people have, and what the current political rumblings are about.
The second goal is one a lot of people are not aware of, or don't understand. yet it is as serious a goal, if not more so, by certain groups of people. This involves reducing the network bandwidth and server processing resources used by the spam, or stopping it entirely. These things cost money, and it costs about 10 to 40 times as much money to receive (delivered) spam as to send it. It still costs 5 to 10 times as much just to take the SMTP connection, carry out the talk, discover it's a spammer, and refuse the spam.
In other words: the spam problem is not solved by blocking spammers ... just reduced in cost a good bit.
Solutions that involve scanning spam content for the nature of what spam looks like does not help reduce the costs at all. In fact it increases it because all this extra processing is now done by the server, and the network bandwidth is used to send the content that might otherwise not have been sent.
To those, like myself, whose goal is to reduce costs, SPEWS was a great tool. It was very effective in blocking spammers, plus it forced quite a number of ISPs to terminate the spamming scumbags that slipped into their networks under the guise of legitimate customers. In that way, it worked; it did what it was supposed to do. Too bad a few other ISPs were too stubborn to deal with the problem, and too many customers of spammer harboring ISPs whined more about why SPEWS was targeting them, and making excuses why they could not switch to a decent ISP (excuses that didn't apply in 99.9% of cases). Unfortunately, quite a lot of people simply never "got it" as to what the purpose of SPEWS was. The SPEWS web site was more geek/admin talk, and not well enough written for the average person to understand. I was starting to work on my own "how to get out of SPEWS" document, but I just haven't had time to put in on it.
There are a lot of things people say as to how to stop spam. The one I hear most often is that if people would just delete the spam, or if network admins would just block only spammers and no one else, then spammers would cease making money and would stop. This is simply not the case. First, not everyone will do this. We see from these recent worms and virii that way too many people don't patch their computers anyway. There will always be gullible people who respond, and there will always be spammers to take their money.
The real way, and I think possibly the only way, to stop spam, is to treat all spammers as equivalent to cyberspace terrorists. Take no prisoners, and take no excuses.
Remember, spammers don't care what people who will never respond do with the spam they send. They don't care if you press delete, or filter it out with SpamAssassin, or even block them. They don't care because you aren't going to make any difference to them anyway. And if you do block it, you won't be complaining to the spammer's ISP, and hence, they get to spam even more. To a spammer, someone who blocks their mail is better than someone who gets their ISP account terminated. This is part of why just blocking spammers is actually making the problem worse.
now we need to go OSS in diesel cars
What about local blacklists? Am I under some legal obligation not to use a blacklist on my server which I use to host e-mail accounts? What's the difference between my local blacklist and SPEWS?
Idiots need to learn that no one is obligated to allow others unrestricted use of their private resources. You don't have a legal right to tie up MY CONNECTION and MY HARDDRIVE with YOUR CRAP.
Can't send an e-mail to my server because I blocked your domain? Too f-in bad. Contact your "customer" with a letter or by phone. The first amendment doesn't override my ability to mark you as trespassing on my property if you attempt to tell other people who reside on my property how you like to suck on a horse. In fact I have a right to ban people who wear funny hats from my property if I so choose. It's MY PROPERTY. I CHOOSE who can be on it.
Blacklist == restraining order.
Last I checked those were still legal. You don't have a first amendment right to talk to your ex wife who you beat and banned you from comming near her.
People who try to pretend the first amendment grants them some kind of right to my resources needs to go back to kindergarten and start the educational process all over again.
Ben
Work Safe Porn
you do know that you can still use SPEWS, right?
many zone mirrors (of which osirusoft was one), a good one is at bl.reynolds.net.au
(but in this case it's nice to drop them a note first saying that you want to use the zone...)
I've seen a LOT of people here who are glad that osirusoft is down because they've got listed along with the spammers in the past. I think they are missing the point on why they got listed and I will attempt to explain the philosophy of the more militant blacklists like Spews, Osirusoft, etc.
/24 then he was orginally in.
Many mail admins (including myself) consider spam to be network abuse and liken it to a criminal offensive. Simply blocking the IP of the spammer itself has been shown to not work very well or for long as the spammer jumps to a different ip addy, often in a different
In response to isp's shuffling the spammer around, more agressive blacklisting was done by the above mentioned blacklists. This instantly got a lot of the isps to pay attention and clean out their spammers. It also pissed off a lot of "innocent" users as well.
I say "innocent" because technically they are not pure white innocent, but more of a gray color innocent, because directly or indirectly, they ARE supporting spam. How so? Imagine the following.
Your next door neighbor is an islamic terrorist (spammer). Definitely a criminal. And his landlord (isp) (who is also your landlord) knows he is a terrorist and continues to willingly provide housing from him. In response, the FBI (the blacklists) blocks off your entire street (/24) (which the landlord owns all the housing on) and conducts house to house searches looking for terrorists. You complain when your house is searched. "But I am not a terrorist (spammer)". After finding out your landlord is housing terrorists, you continue to live there and pay rent to him, even though he is harboring terrorists and refuses to remove them off his property. As a result of you continuing to support your landlord finacially, your house keeps getting searched every so often (you stay on the blacklists with the spammer).
Now what do you do? Do you keep paying the landlord and supporting terrorism indirectly? Or do you move out and get a better landlord ?
Thats why you guys are on blacklists. Its not that you've done anything directly wrong, but your supporting spammy isps. The quickest way to find out if your isp is a spam haus, go here.
http://www.spamhaus.org/sbl/isp.lasso
Lawyers, MBA's, RIAA? A jedi fears not these things!
the death knell of a horrible service and a horrible idea led by machiavellian retards
good riddance
Somebody call the waaaaambulance.
I'm an anti-spam nazi, and SPEWS gave us all a bad name. I'm glad SPEWS is dead, and it needs to stay dead. It did nothing good for the anti-spam movement, only exacerbated the situation. With no appeal process and the total lack of caring for innocents leaves me with nothing but happiness to see this travesty of justice get blown into oblivion.
Sometimes, the enemy of my enemy is my friend...
Goodbye Spews... we won't miss you, you hulking piece of ill-thought out crap. Let me wave goodbye with my middle finger.
Now, maybe System Admins without a clue will be forced to take real steps to protect their users from spam, instead of playing the lazy asshole and taking the Hail Mary approach that is SPEWS and hoping for the best.
I feel greasy, now... to have agreed with spammers. I think I'll go take a shower.
"How much have you paid for the services provided by Osirusoft?
What rights do you have under the contract you signed with Joe Jared?
That's what I thought.
You can't be bothered to watch what your mail server is doing?
Then you're stupid, lazy, or both."
A lot more than just spammers hate spam blacklists. Most of them block entire subnets, which allows them to fit the entire blacklist uncompressed into a 2mb bit array for very fast lookup. But they don't consider or don't care that they block as many if not more non-offending mail servers as they do offenders with that optimization.
I wouldn't be surprised at all if the people who knocked them out hated spammers just as much. I know some innocent victims who would like to see most blacklist maintainers go out of business or worse.
deny connections to non-resolving hosts and you kill about 50% of the shit. block these addresses, and you'll eliminate 99% of the rest:. *.*.*
218.*.*.*
12.*.*.*
24.*.*.*
66.*.*.*
67.*.*.*
80
81.*.*.*
172.*.*.*
200.*.*.*
217.*.*.*
and somebody needs to declare whatever country "at" is to be a terrorist nation, and nuke their infrastructure. and the french. friggin wanadoo.fr anyway. and interbusiness.it can kiss my ass. and chello.whatever too. and adelphia and comcast and brazil and mexico and argentina. hong kong and taiwan suck bad.
How about the following solution to spam:
It's not the best solution for all email situations, but I'm getting so sick of SPAM that I think I might like to have an ultra clean account that used the following...
Require the sender to have a password of some sort stored in their system. How they get the password is up to the as yet uncontacted recipient. How about a phone call? Or snail mail? The vast majority of the people I want to email me are easily contacted this way to get the ball rolling.
If ever someone who knows the password gets JIGGY in some way that the recipient no longer wants to recieve email from them, the receivers client could send a password change notice to all registered senders except for the soon to be ousted offender.
All of this could be managed in the background.
The cleanliness of email from such an account would be staggering!
Now I'm not suggesting that ALL email accounts be like this, but I sure as hell would like to have the option on an account or two.
Experiment!
That we need to get the mafia to take out hits on the spammers. We just need to get them a domain, and get them on some SPAM lists :)
same reasoning used to pass DMCA, patriot act, and any of the other crap legislation.
do you support that as well, or do you only use this sort of arguement when its convenient for you to do so?
http://www.somethingawful.com/articles.php?a=160 5
we had an open relay when our (very small) mail server was set up (still no clear consensus on how to batten down appleshare ip - so in goes the PO for server x...) , apparently osirusoft was a default check in a lot of systems, never actually toggled on in many of them until ashcroft warned everyone to do blacklist checking for open relays that terrosists could use to do something... a lot of mail servers suddenly refused our traffic based on a listing with osirusoft that was nearly a year old and never came up in any significant way - and it took a lot of finagling to get retested and off the list(s). from this perspective there has to be a better way. sorry for jared's troubles, let's hope something springs from this...
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
If SPEWS has blown their credibility, then no one is using them. I guess that Somethingawful.com's ranting against them was just immature whining, since obviously no one is using SPEWS.
Say, how did SPEWS blow their credibility in the first place?
STOP MISUSING APOSTROPHES, YOU MORONS!!!
I would guess it will take no more than three months for another blocklist, very similar to SPEWS, to rise from the ashes. Remember that SPEWS, and the anonymous group of admins that made it up, are still Out There -- they're just without DNS at the moment.
One important point to remember is that Joe Jared himself was NOT SPEWS. No one ever knew who they were (at least no one that will admit to it). He merely acted as a reflector for their listings.
Another thing to remember is that a DDoS attack -- ANY DDoS attack -- is a criminal act. If the release of the recent incarnations of the SoBig worm and the DDoS attacks against SPEWS are indeed related, then it only proves that spammers are indeed criminals.
For my part, I've already seen an increase in spam as the result of losing access to the SPEWS DNSBL. I've had to update our local blocklist six times today, and that's really unusual for my setup. I suspect I'll be fairly busy over the next couple of weeks, doing a little of the same each day.
Spammers may have won a battle today. They're a LONG way from winning the war.
Bruce Lane, KC7GR,
Blue Feather Technologies
...is to immediately kill anyone who buys anything as the result of receiving spam.
Anyone that fucking stupid doesn't deserve to live.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Look...spam is dangerous. Stairs are dangerous. Do any of you have stairs in your house?
They're now resorting to theft of services since they can't find legit connections anymore...
Spam is always theft of services. They're just doing it more blatantly now.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
I do not like SPEWS's policy of using collateral damage in order to indirectly pressure ISP's to remove spammers. I do like their aggressive policy of adding spammers to blocklists. For these reasons, I was happy when they split their listings into the Level 1 list (known spewers only) and the Level 2 list (lists bigger blocks for political/pressure purposes). Osirusoft was using their Level 1 list, and I found it helpful to use osirusoft. Having relays.osirusoft.com at the end of my list of chosen RBL's (list.dsbl.org, dnsbl.njabl.org, sbl.spamhaus.org, bl.spamcop.net, and blackholes.easynet.nl) didn't leave much spam for their list to catch though.
SPEWS' main problem was a complete lack of concrete methodology for who gets added to the list and who gets taken off. My company, who I won't name, was placed on SPEWS several months ago for the crime of being in the same state as a company with a similar name. Apparently, the people who run it have a fetish for conspiracy theories, because no less than 3 large companies were listed in the "trail" that lead to mine.
Even worse, since we were already "guilty", they wouldn't listen to our pleas of innocence, the dirty spammers that we were.
No, I don't feel sorry for these guys one bit. Their methods were about as good as the Salem Witch Trials. Most likely they weren't DDoS'd by spammers, but by people tired of the carpet bombing approach. You don't get away with banning a large ISP for one spammer, and you don't get away with trying to force your agenda on the world.
Good riddance.
Finally, a blacklist that doesn't let any spam mail through.
Sigs are like bumper stickers.
I just heard on tech news/geek site Slashdot that spam-blacklister Osirusoft was found dead in his parents' basement at age 55. There weren't any more details. Even if you have no idea what the fuck Osirusoft is, there's no denying that you took the time to read this post in its entirety. Truly an American icon.
... SPEWS, the (in)famous blacklist that got spammers mad enough to launch a massive attack, will new be distributed to end users via P2P file sharing networks.
now we need to go OSS in diesel cars
My Emale si working good, but Jerrys mom siad he cant use EMAil anymnore bacause of teh virusses.
I was actually thinking about this today after my boss got nailed by SoBig.F and started sending out all sorts of spoofed email. After digging through previous slashdot stories, I think the first step to make things a hell of a lot saner can be found here.
SMTP+SPF is an idea long overdue in production. The owner of a domain should have the right to dictate which IPs are allowed to send mail its name, and blacklisting becomes a lot more meaningful with that right IMHO. If servers maintained & endorsed by a domain are spam havens, just do away with the domain. No more banning entire subnets with all sorts of collateral damage on lots of different parties. And given the substantial control that can be exerted over a mail server, I believe there is a far slimmer chance a responsible domain would get blacklisted on the account of a few bad apples.
Granted, spammers will still be moving targets, and domain registrars will have their pockets lined by them, but I rather sully a jibberish domain than useful & easily transferred IP addresses.
Please tell me more about these ISP-critical machines that don't affect innocent users. But then why are they critical?
As for narrowly listing spammers, it's been tried. Sleazy ISPs move the spammers around to evade such blocks.
Just one zero is needed, as it will disable the test for all modes.
By default, the OSIRU tests are enabled only when running network mode only, so if you havent customized your configuration and changed that, then you are in the clear - but it's a good idea to disable these tests nonetheless.
not just The World.
president, The World, www.TheWorld.com
This has caused much discussion on n.a.n-a.e, including the suggestion that the attack is somehow related to the SoBig worm. The spammers must be hurting if they can devote these kinds of resources to attacking blocklist
I think that the attacker being a somethingawful zealot is more likely.
forget it.
Can you cite some examples of such manipulation?
Maybe it will come back as a series of signed files on Freenet. After all, Freenet was designed to resist censorship. Of course that would put an end to the speedy de-listings many ISP's got after booting their spammers. I guess it would go to a daily release of the zone file.
I think that the default is to run in network mode, so you do need to disable the Osirusoft tests if you do not want their blocklist consulted by SA.
Default is running network and bayes mode - to run in network mode requires turning off bayes (use_bayes 0). skip_rbl_checks 0 is default (see comments in 10_misc.cf)
Spam is starting to hurt me a lot worse than I would have ever imagined. It's not the volume of spam I get, which is obscene, but rather the shotgun anti-spam efforts that we somehow get caught in.
:(
About a month ago Earthlink decided we were sending out spam and cut us off. So, despite the fact that we have no relationship at all to spam, we were unable to communicate with any of our customers who use Earthlink. After appealing, they realized the mistake and removed the block. How did it happen? Seems that if an Earthlink customer just accuses you fo spam you can end up on the list. Thankfully cooler heads prevailed at Earthlink and the matter was resolved quickly.
We were blocked by AOL once too. How ironic since we use to be their #1 3rd party content provider back-in-da-day (remember hourly?). They should have know about us. (grin) Fortunately that was resolved too.
Then, of course, today we got hit by SPEWS and that lead to our phone call to Mr. Jared. The poor guy was frazzled, and rightly so. But we had a legit beef...
Our business is entirely web based. We have to deal with a heavy volume of customer feedback, all of which want fast responses. Any hickup and we can get really far behind. But when we get blocked, we're almost helpless. We get an email "Hey, my character got killed by a ravenous bugblaster beast from trall!" And we write back, "Oh my, let me restore your character!" only to have it be filtered out by some shotgun blacklist. They get no response and start flaming us for "not responding". A day or more of this and things get really messy.
You start to feel like you are at the mercy of some so-called "authority" that could not care less about your guilt or innocence. If he or she wants to, they can just take you out. We've participated in opensource, contributed back, done the good netizen thing... yet this real-time blacklist thing hangs over us. We never know when something else like this is going to bite us. And maybe next time there won't be any appeal.
David Whatley
"I have a firewall blocking all incoming mail from China, but I never get any incoming mail from China anyway."
paintball
I've only seen it a couple times, but I get an email with a paragraph of words that are both fairly common AND fairly unlikely to appear in spam, then the spam plug. Since it has words in it that, due to your corpus of previously received mail, are very common in non-spam and non-existent in spam, it walks right through the filter.
Now, you could flag this message as spam, but then you slowly destroy half of what makes Baysian filtering work: The list of words that are not in spam.
Baysian filtering will probably be effective for a year at best.
paintball
You're financing the enemy.
paintball
Can anyone enlighten me as to why there is not a tax on emails? Perhaps, $0.001, (one-tenth of a cent). This would cost $1 for every thousand emails you send, effectively making emails "free" for the average person. But for spammers it might be several thousand dollars, possibly hundreds of thousands. If this sounds like a naive question, that would probably be because I don't understand exactly how spammers make any money.
It would be nice if SPEWS only blacklisted your street. But when that doesn't work, they blacklist your suburb, then your entire city.
They don't care about your email. All they care about is stopping spammers.
The cure is worse than the disease.
This is the most intelligent idea I have heard about spam in a long time. Beats things like signed email hands-down...
:)
It would also help tracking down spammers - if spam came through an ISPs general @superisp.com domain, and it can only be sent through their network - then they can more easily find out who sent it. Blacklists of domains would be a lot better...
Only problem I see is that domains are cheap - up to a certain point.
Rob
I know how to whois. But how can I figure out the entire ip block of CI Net or another organization?
Better yet, how can I find out the ip blocks of countries that I know I'll never need to send an email to, or receive one from, such as China or Korea?
Is there a command (non-sco, non-dickhead mcbride unix) that does this? Or do I need to go to a site that lists the above info?
tia.
Right, the default in version 2.55 is to run in Bayes and network mode. SA will actually run in Bayes and network mode as soon as its Bayes classifier has learned enough messages. It's going to start out in network mode, and quickly switch to Bayes and network mode. Since the scores in the 2nd and 4th positions of the default "score RCVD_IN_OSIRUSOFT_COM 0.0 0.552 0.0 0.864" line are non-zero, that means that SA will run this test in its default configuration, whether it's currently operating in either network, or network and Bayes mode. So either way, you need to set the score for this test to zero to disable it.
Your next door neighbor is an islamic terrorist (spammer). Definitely a criminal
Get it all over with now, just nuke Canada. They're socialist, techno-aware, stealing our jobs and didn't sign-on to "Operation Get Saddam". Plus, they're border leaky and are seriously considering homo marriages and legal pot-smoking. Need I say more?
"Servers using [lists on osirusoft] are currently rejecting ALL email."
;)
;)). They don't work, for too many reasons to list here.
/. enough to warrant making an account. I post on NANAE with the above semi-pseudonym).
That just pinged the bogosity meter. I was using Osirusoft for SPEWS lookups when it went down (I've since switched to one of the other mirrors). I didn't lose any mail. The worst side effect was actually helpeful: the timeout on the DNS lookup at osirusoft made most spammers drop the connection, but anyone with a properly configured mail server got through. Even when it was sick it stopped spam!
You folks suggesting Whitelisting and CR should google the NANAE threads on the subject (There are only two or three thousand
The IDEAL solution is the make spamming a capital offense.
-Ciro The Spider-man
(I don't post to
What are all still doing here then?
Ok, this is really awful but...I wonder if it would be possible to implement an HTTP blocker based on these blackhole lists. Let me explain: my father's company has a huge problem with bogus (fraudulent) online orders being placed from Indonesia, Russia, Malaysia, etc. I love Russians, Indonesians, etc, but filtering out these orders from the queue is a pain the butt. Worse yet, new employees sometimes process these orders without knowing any better. Fortunately, our shipping clerks are wise to this and catch them but it's still a big waste of time.
But what if I was able to use these blackhole lists to stop these people from visiting our site to begin with. It's horrible, it's definitely not the way the Internet should be, but it's our business.
I read a lot of fanfic, and original fiction on the net. I like to zip off little 'Hey, I liked your story' notes, often to people I have never communicated with. I can do this because its easy and I like giving authors feedback. Your solution will make it incredibly difficult to start a dialogue with strangers.
Whitelists and blacklists, 'us and them' policies... I'm guessing you're american.
Yay me!
Well, first of all:
Terrorism is when people bleed and die.
No, actually, terrorism is when you traumatize people who would have otherwise remained uninvolved in order to create pressure for change. So, literally, SPEWS and it's ilk are terrorism of the highest form.
Secondly:
Nobody is forced to use SPEWS; every piece of your mail was rejected by servers whose admins chose to use SPEWS.
Actully, I could be forced to use SPEWS, and I wouldn't necessairly even know it. You see, I don't have a choice of ISPs where I live. I either go with the one choice or I don't use the internet. So if my ISP begins to use SPEWS, I'm screwed.
On to the false analogies:
Or refusing to go to a bad neighborhood. Or voting against a candidate just because you don't like the last president from that party. Or supporting trade sanctions against a country that engages in terrorism or human rights abuses.
What about people who can't afford to live in a better neighborhood (equivalent to only one ISP available)? Also, it isn't like not voiting for the canidate, it's like imprisoning everone who happens to live in the same city as the canidate. Trade sanctions don't hurt the regime, they hurt the people, much like blacklists.
You're right, it does suck for a worker to get fired because his employer is disliked. However, causing his children to starve is can only even masquerade as a good thing if he can scream at someone who will listen. With ISPs, all to often the managment doesn't care and the users don't have a choice.
Are directing their anger in the wrong place to the wrong people....amazing what ignorance can do.
This was a nice surprise for me at 2:30 AM!
Must-not-watch TV!
Why the fuck not? His stupidity, blacklisting the whole world, has just made all offsite blacklists useless.
Watch this Heartland Institute video
First, this is more like because there's a terrorist in a town 30 miles from you, the military parks a tank in your living room until that terrorist moves out of state.
/10 as my ISP happens to have a similar name to my ISP. (the spammer was once a customer of my ISP; they spammed, they were removed. They moved across town to ISP #2, and continued to spam. But customer name and my ISP name are highly similar. Spews concludes they are the same company, despite NO evidence but the name. Result: my ISP is permanently blacklisted on spews because of a spammer that is NOT on their network). Both sets of IPs -- my ISPs and the spammer's new ISP -- are in the same evidence file, and my ISP continues to look 'fresh' as a spammer because of activity on the other net.
Second, were you aware that by consuming fossil fuels, you are funneling money the middle east, which produces almost all terrorist threats to the United States? That's supporting terrorism. I don't see you volunteering to stop buying fossil fuels until the OPEC countries clean up their terrorist problem.
Third, the idea behind spam prevention is to make email MORE USEFUL for legitimate users. SPEWs does not meet that criteria, because it causes more problems for legitimate users than gain. Moreover, it hides the true cost because few people are fully aware of what spews is doing and why. Even most email admins using spews are NOT AWARE of how it operates. They should publish their philosophy everywhere related to it. If every SPEWS doc had said, "We block enormous blocks of legitimate users, trying to use collateral damage to force ISPs to take action against their tiny fraction of spamming users", SPEWs would be irrelevant today.
Finally, spews is horribly non-responsive and error prone. I still have a colocated server blocked because some ISP on a block that's not even in the same
put the following line in your local.cf:
score RCVD_IN_OSIRUSOFT_COM 0
I live in a major metropolitan area. I also happen to do both my job and a large part of my schooling online. This means I have to have broadband. Due to some interesting regulatory bullshit in my Republican-dominated state, there aren't allowed to be two providers in the same area. Oh, sure, they "share" the market, but in a "you get that street, I get this on" kind of way. The upshot, if I want to change ISP, telco, or cable provider, I have to sell my house and buy another one. Tell me, how much choice in ISPs do I have again? Second case, I have relatives that live in the middle of nowhere on a island in the Bearing Strait. Their ISP is packet radio. Hmmm, looks like there's only 1 ISP for a thousand miles in any direction. I guess they can switch ISP by placing penguins in the water alternatingly on their backs and bellies (white for 1). Error correction'd be a bitch though.
Yes, I know there's no penguins there, it was the only binary animal I could come up with at 3:30am
This is exactly what I just looked at SpamAssassin's site to put in my local.cf file, and was about to post it here. This is the most useful post on the subject here. When SA's web site is updated for the removal, it may be harder to find this line for those who aren't runnig SA from CVS.
We've had so much discussion o nthe faults/ virtues of RBLs that I'm more sick of it than SCO trolls.
The online checker repeatedly told me that my server would be scheduled for more tests, and would then be removed from the blacklist.
But this never happened. No further checks were made. My server was never removed from the blacklist. And what's more, Osirusoft refused to reply to any of my e-mails. They refused to even explain why they were blacklisting, despite the fact on several occasions I politely requested either removal from the blacklist, or an explanation as to why I was on it. Ultimately I had to get a different IP address for the machine in question, which was exteremely inconvenient.
I'm strongly opposed to spam. However, any company that offers services to block spam have to accept that they will sometimes accidentally cause problems for legitemate users, and they have to have mechanisms in place for such users to sort the situation out. Ignoring people who have legitemate complaints against you is not the way to do it.
The new internet postage: for every email you send, you have to give up one drop of your blood. I think that would solve the spam problem for good.
There's already newsgroups devoted to exchanging spams for the purposed of filtering. Why on earth is it so hard to believe this would work for exchanging DNS blocks?
It appears in fact SPEWS are just a bunch of bigots and childish censors. Their fanatical anti supposed spam zelotry shows they are persons with ill minds and serious power triping issues. If I find a system administrator at my companies using this list they will be fired. I don't like getting sued for the acts of stupid persons whom are paid to do a good job out of my wallet.
Your job to administer the systems given unto your care. Using SPEWS kind of list is lazy. If you need such a list to do your job I will pay for it. Meaning you will be expected to prepare it your self or I will purchase it for your use. Other wise I am paying for the bandwidth. This is a service company. We rely on email from all over the world to stay in that business. Your use of this list precludes our making money from addresses you block when using this kind of list.
Do your fucking job or find another.
The Boss.
You got it wrong: by signing with your public key you, and only you can verify that it was intended for you. That is not what you want, what you want is email signed with their private key, so you can use their public key to verify who sent it. If I sign all my email with my private key, everyone in the world knows that it is me who sent it, and I cannot deny it. If I sign outgoing email with your public key (because I can't know your private key) then only you can verify it, and then all you know is I inteded for you to read it. To a Spammer that may cost enough CPU that it isn't worth it, but it does nothing to help you track down who sent it. (Since much spam is for illegal things tracking down who sent it would be very useful)
I have been trying for 2 months to get a site removed from this blacklist, the removal procedures from most of these sites simply dont work or are a pain in the ass, requiring support of [] in email addresses etc which ofcause ms exchange doesnt so you cant get sites that run exchange of the blacklist at all, even when they have been made secure.
...dont you understand?
Time again to discuss greylisting?
Looks to me to be an elegant, viable alternative to traditional black/white -listing, both of which require lists be maintained -- and well maintained. Sometimes very large, very centralized lists, which have ugly consequences when they fail.
From the Greylisting Web site (with bolding from me):
The Greylisting method is very simple. It only looks at three pieces of information (which we will refer to as a "triplet" from now on) about any particular mail delivery attempt:
From this, we now have a unique triplet for identifying a mail "relationship". With this data, we simply follow a basic rule, which is:
If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure.
Anybody know where we are as far as a working implementation of this idea goes?
Boycotting mail from spam-friendly ISPs may "work" in that it makes life harder for spammers, but it doesn't work for the poor end user who is losing mail from contacts with "unlucky" IP addresses
Central to SPEWS success was the pretence that it was providing a service to its users, when in fact it was providing a service to the internet at large at the expense of its users.
The end result was that dedicated admins and advisors would force or trick people to bear this cost, who would not have chosen to do so if they knew what was going on.
Incidentally, another good reason for relying on local block lists is that all centralised blocking lists - either DNSBL or per-message like Razor - are vulnerable to deliberate spoofing by third parties who want to deny particular email.
i registered a new domain through ukreg.com and am getting spam to it already. mail at that account has never been used and the only online presence it has is a holding page at that domain's web page without an email address on it.
In response, the FBI (the blacklists) blocks off your entire street (/24) (which the landlord owns all the housing on) and conducts house to house searches looking for terrorists. You complain when your house is searched. "But I am not a terrorist (spammer)". After finding out your landlord is housing terrorists, you continue to live there and pay rent to him, even though he is harboring terrorists and refuses to remove them off his property. As a result of you continuing to support your landlord finacially, your house keeps getting searched every so often (you stay on the blacklists with the spammer).
Holy crap...I couldn't agree less. So I'm supposed to think that it's reasonable for the FBI to block off any street and search any house, for any reason or no reason at all? Without providing any evidence of any wrondoing, much less proving wrongdoing through the system of justice that we established to deal with such things?
You should seriously think about this -- I disagree with some parts of your position on the blocking question, but see plenty of room for discussion there. If this example actually represents your idea of appropriate government measures that might be taken to ensure security, however, then I am absolutely terrified.
* * *
It is a dada story -- it has no moral.
But what will be left? What with the DOSes and Spews refusing to whitelist anyone, I see high casulaties. In fact, I'm getting flashbacks to those Daffy Duck/Marvin the Martian cartoons, the one where both Daffy and Marvin were left standing on the one remaining piece of a shattered planet.
In this instance the obvious motive for the DoS is to protect spammers' interests, so there's a good chance the attacker is a spammer (well, either that or someone *really* angry about a bad blocking decision). I think it's worth devoting special effort to finding and prosecuting the originator of this attack, since it might lead to a spammer being locked up as well, which can only ever be a good thing. :-)
Typical tough-talking pro-spam pussy. You don't make the rules, your network admins make the rules.
Don't like it? Too bad.
In your zeal to stop SPAM you will blacklist persons who have never sent one peice of SPAM in their lives. I understand you make the asumption that they have the time, know how or money to change their hosting company, the behaviour of the hosting company or the one person who actually is a spammer according to your methods. I understand that you feel making it difficult or impossible to remove ones self from such a blocklist impossible or near impossible is a just or reasonable thing to do> Even if they can't get removed it's OK with you "fuck'um". I also understand you fell putting economic pressure on some mom and pop web operation who is not a spammer is a fair and reasonable thing as well you don't want to know about it as long as you don't have to work too hard for Mega Corperation "hell you have yours fuck everyone else".
In short I understand you are an asshole.
Wasn't that the same reasoning that Osama used? I.e. americans have 'democratically' elected their president and they pay taxes to support the military. Therefore, they are legitimate targets since they support that which is being fought against.
;-)
Sometimes it's just impossible to move to a different landlord because the landlord owns too much or you don't have enough money to make the move.
Nice analogy, but it doesn't really cover everything
I plan to plan / Dutch course in The Hague
In addition to your whitelist, you can have a rotating password to include in e-mails from new contacts that will be filtered into a folder to decide whether you want to put the address on your whitelist. You can change the non-whitelist password whenever spammers get a hold of it.
This sounds like a lot of trouble, but it is actually pretty easy to implement with the current e-mail system. Here's how:
My address is "person@site.com". Give your e-mail address as person(foo)@site.com. This mail will show up as to "foo". Before applying your whitelist, filter mail to foo into your approve/disapprove folder or your inbox. If it is from someone you trust, add their address to the whitelist. Otherwise, shift to putting another password in parentheses and notify those people on your whitelist that still use that password to move on. This is also a convenient way to track who sends you spam. Register with the site's name in parentheses.
You get the benefits of a disposable e-mail address without the overhead.
Pro Spam my ass. When did I say I was not seriously concerned with SPAM? That is totally besides the point. Blocklisting keeps customers who my business has a relationship with from communicating with us. This is a bad thing. What happens when we are put on suck a list mistakenly? This is a bad thing. Blacklisting and blocklisting are not ever going to be a workable system for dealing with SPAM any more than passing laws will. The last thing we need is a bunch of vigilanties who will not reval who they are forcing their ideas of how to deal with the issue on the people who have to use the system and pay the bills.
When the Network Admins start buying the equipment, paying for the OC-3 and power they can make all the "rules" they want. Until then we live by the golden rule. I got the gold I make the rules. You don't like it quit. If I catch you defing my rules you get fired.
The Boss.
They shouldn't have blocked Something Awful.
So because your neigbour is a terrorist, it is ok for the police to kill you, just because you happen to live next to a terrorist? Or even better, it is ok for a govenment to nuke your city because a terrorist lives in that city?
Now The militant blacklist are not even the police! They are civillians taking justice into their own hands, without first having tried to get the police involved in the problem they are trying to solve. "We'll just kill a bunch of random people, maybe nuke a city or two, maybe that draws attention to our case", this attitude is not less criminal than the terrorist acts you are trying to fight!
Now, as to how to fight the real problem, getting decent laws in place is the first step. This will probably never happen unless you make it very clear to the politicians you elect that this is important to you, as important as fighting any other crime. The second step is getting the police involved once the laws are in place. This will cost money, your (the taxpayers) money, but hey, you thought this was important, so you are probably willing to pay some extra tax.
Which is more likely not true that it is likely that it is. Remember, you are only shooting nukes at a city, there is no police involved. The policy has no right to search a house without a judge having looked at the case. Where is the judge in your story? There is none! It is not up to the landlord to put people out of their house, that is up to the police to do on order from a judge, based on a fair trail. This is where blacklists go wrong, they don't obey the basic principles of justice....
Here Here!
In WWII in Germany (but AFAIK in the Soviet Union as well) there was a similar thing called Sippenhaft. That meant: If the ruling powers had the feeling that a soldier or an officer was not showing enough courage or even was lacking enthusiasm (which also could be an euphenism for people voicing dissent with the respective regime), not only he was shot but also all of his family was arrested and often put into concentration camps. Family was often interpreted in a very far-reaching way: If a more or less distant relative was the evildoer, but the regime's thirst for revenge was big enough or no one else was there you still would lose your job, put into prison etc.
I think they use the same line of thought you are using here.
for telling me, I wouldn't have noticed this myself. This is the first time I'v encountered a real problem with having your own mail server and making it as spam-proof as possible...
Are you kidding? Of course this fanatic supports the DMCA, patriot act, &etc. He's probably counting the days until Microsoft fully imbeds DRM into Windows and knocks all other systems off the internet. "Then the evil spammers will be no more!" Yeah right...none of these extreme measures will stop spammers, but they believe it because they don't want to accept reality.
Here is a proposal/idea on how to do it. You are welcome to provide me with feedback on the idea. There is only one loophole in the theory I am aware of, and that is not a very significant one.
I'd love to hear from everybody.
because I'm laughing right now. And when your unwashed freinds at nanae or whatever the fuck crufthole of usenetland decide to unleash "pandora's box" (OoOoOOooOooOooooO) and start getting fired because all of a sudden the boss isn't getting email, I'll laugh even harder. When your ISP goes titsup because people start deciding that the old 'hit d and forget it' is STILL better than missing real emails, and their freinds at AOL don't have this problem, I'll have problems breathing from all the laughter.
To continue your analogy...
What do you do if this is the only apartment block for miles around, and its either live there or sleep on the streets?
I have no sig yet I must scream.
Yeah, perhaps Indy1 took it a bit too far. A better analogy would be the following. Your country (your ISP) is harbouring terrorists (spammers). These terrorists use our planes (network) to bring down skyscrapers (e-mail system) and kill civilians (annoy users). My country's Ministry of Exterior (SPEWS) publishes a warning (blacklist), suggesting that our citizens avoid travelling to your country (receiving e-mail from you).
I think this is perfectly acceptable. And even if our airline will cancel some of the flights and inconvenience some of our citizens, because they have to fly to Frankfurt and then to your country (use another SMTP server or webmail), this is perfectly legal and accepted way to deal with the problem.
Future Wiki -- If you don't think about the future, you cannot have one.
You "Sys admins and Network admins don't get it. Most of the world doesn't operate like your "mega corp" that you all seeem to all work for.
Many people are their own admins while trying to run a business that hasn't a thing to do with IT except they have a few workstations and a server. They don't have all your know how or skill. They are to busy trying to feed their families to allow others like me who know what is up to allow you to get away with this eliteist bull shit you are trying to pull. No they are not able to figure this all out and doubtfully can afford to pay someone who can. They are trying to make a living. But you insist your sysadmin job is more imoportant than them. You by endorsing vigilante banlists that put their mail servers out of business are as bad or worse than any spammer ever could be. Spammers are thiefs but you by using these lists are corperate oppressors. Don't try to justify your discrimination and opression in any way. If you use these lists and they have no simple method and fair imeadate way to be removed or the "secret group" running them refuses to whitelist them you are just a Daryl Mcribe clone. An exploiter of others and an opressor. So quit trying to justify fucking over other people who may not have the financial resources or skills equal to you or the place you are lucky enough to have a job.
Nice try blocklist and Blacklists are bad. Secretly maintained ones are even worse since you know you are fucking people over you are hiding out. The KKK was secret too it wasn't right and thsi isn't either.
wow a list for spammers to find new isp's.
very informative!
You are a member of Spews. All you have been doing is defending them. With all the posts of how they have fucked innocent persons over with their blocklist and refusals to whitelist people one has to determine that you are a Spews member.
You don't have to explain your crap to us, we understand your reasoning just fine...
It's not that different from the reasoning that those Al Qaeda bastards used for bombing the WTC.
Fuck blacklists.
In a pigs eye. I understand where they are comming from, really I do. However Spews's mision statement of attempting to encourage real users to move from their spam infected ISP just didn't work. If all the real users left, and only spammers remained, it does jack shit for discouraging that form of behavier. If all the real users just switched to hotmail, again it does jack shit to discourage the behavier. The only way that their mission would be successful if their list was in wide spread use cutting off the spammers income and making it a pointless business venture.
While quite a few people actually used spews, mailadmins whom i've spoken with pretty much didn't want the headache complaints generated both spammers and legit users attempting to get e-mail out.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Open your eyes, take a look around- plenty of people who aren't spammers hate SPEWS, and SPEWS makes it obvious that such is very much their intention. They're attempting to break the internet, and hide behind "It's entirely volentary" when people point out that they're encouraging people to, on an entirely volentary basis, break the internet- by spreading lies and telling people that innocents deserve what they get when they unknowingly exist on a host that somebody may have spammed once. Do you know what this is called in the modern age? Why, that's Terrorism! It's a terrorist organization which is entirely volentary to join, good job!
is SPEWS legal? Yes
should SPEWS be legal? Yes
is SPEWS full of shit? Yes
should SPEWS shut down? Yes
Will SPEWS shut down? no.
-- 'The' Lord and Master Bitman On High, Master Of All
That's funny, damnit. Stupid mods. :/
I didnt see this post before, modding this up would be worth more than the rant I posted, sorry
-- 'The' Lord and Master Bitman On High, Master Of All
Did you know that..
it's illegall to yell "Fire" in a crouded theater?
This is because, even if you dont take direct action, you can be deemed responcible for the actions of those who react to something you say when you knowingly say something intended to provoke them into doing something which causes damage.
This is a basic concept of society. Figure it out.
SPEWS in no way denies that what it is doing is harmful- check their page, they INTEND it to be harmful, they want to scare people into submission. They are Terrorists.
The same people hunting Osama Bin Ladin would assure you that he never flew a plane in his life, and certainly was not one of the pilots which crashed into the WTTs. Yet somehow, they can believe him to be responcible. Imagine that!
-- 'The' Lord and Master Bitman On High, Master Of All
Pick either side, and they are using the same tactics. The Palestinians are blowing up civilians in the hope that the civilians left alive will do something about their problems. And the Israelli government is firing missiles into crowded cities to kill some suspected criminals and anyone else who happens to be within 100 meters of these guys...
Um, those aren't the same tactics ... oh, never mind.
Bah, no need to use blacklists. Just do what I did. I blocked all of APNIC from being able to connect to port 25 of my mail servers. Maybe a little drastic, but it has cut down spam by more than 70%.
It's better to burn out than to fade away
SPEWS in no way denies that what it is doing is harmful- check their page, they INTEND it to be harmful, they want to scare people into submission. They are Terrorists.
Now wait a second. I'm on your side, I'm anti-SPEWS. I've never (to my knowledge) had outgoing mail blocked, but I hate the idea that my ISP might stop a message reaching me because SPEWS doesn't like the sender's netblock.
But refusing incoming email messages isn't terrorism. It isn't even a crime. In my book, it's bad service, but unless you've got a contract that says differently it's not even defective service.
The answer is not to rant about "terrorism", but to advertise the idea that consumers should make sure that some "spam filtering" service provided to them by the ISP that they pay money to isn't following an agenda beyond just blocking messages reasonably determined to be unwanted.
you falsely assume that I think it is a crime, or think that all terrorism is a crime. I don't. I think they're full of shit and that people who claim SPEWS is innocent because they are not physically going out to people's servers and shutting them down are fucking idiots.
But it Is terrorism. They are using fear to push a political agenda, that's terrorism.
-- 'The' Lord and Master Bitman On High, Master Of All
Round up the top 10 spammers in the world and shoot them. Repeat every 2-3 months. Watch the amount of spam decrease exponentially.
Sorry about that, just venting. Seriously, something must be done, or else email as we know it will become completely unusable in the next year or two.
SPEWS suddenly cut off my email
No they didn't. The person you were sending to chose to cut off your email. SPEWS just suggested it.
I'm not sure it can be correctly called censorship - that requires a governmental entity.
That is a fucking myth, and I am sick and tired of hearing people parrot that nonsense. Saying a business can't censor because it isn't a government is akin to a black man saying he can't be racist because he is black. These are both examples of the same logical fallacy: just because a behavior is traditionally associated with one entity or group doesn't mean it is impossible for another entity or group to begin behaving in exactly the same behavior.
Obviously, anyone of any ethnicity is capable of becoming a racist, just as anyone with any power or influence over others is capable of engaging in censorship.
Responsible parents routinely censor what their kids see and hear. We as a society, by and large, find this to be an acceptable form of censorship.
Many religions routinely censor what their congregations are and are not allowed to see and hear (the Catholic church has had a censorship office for centuries, but they are hardly alone. The Mormons censor what they deam inappropriate for their membership, just as the Jehovah's Witnesses do, and I really don't need to cite example after example for Islam, do I?).
And finally, yes, many, many companies engage in censorship, both the obvious 'media' companies that bury stories they don't like or can't be bothered with, as well as other more subtle businesses (like Monsanto pressuring Fox News into not running a news story on how their hormone saturated milk was actively harmful to the health of children, an action that resulted in Fox News firing two reporters who refused to disavow their story, and said reporters winning a lawsuit against Fox News under Florida's whistleblower laws).
Anyone with any form of power over another, be it parental, religious, corporate, or governmental, has the power in some capacity to censor information available to those less powerful. It is a telling, and appalling, commentary on our culture to observe just how common this sort of censorship is, and how eager we have become to silence those with opposing viewpoints, rather than to argue the counterpoint (as I am doing here, for example).
Your Libertarian Newspeak definition of censorship is plain wrong. You may have the right to censor what comes across your network, and you may chose to excersize that right, but don't think for a moment you aren't engaging in censorship, or think you can convince the rest of the world (a few gullible moderators aside) you are not simply by trying to spin your verbiage.
And lest there be any doubt as to what censorship is:
censorship
n.
1. The act, process, or practice of censoring.
2. The office or authority of a Roman censor.
3. Psychology. Prevention of disturbing or painful thoughts or feelings from reaching consciousness except in a disguised form.
censor
1. A person authorized to examine books, films, or other material and to remove or suppress what is considered morally, politically, or otherwise objectionable.
2. An official, as in the armed forces, who examines personal mail and official dispatches to remove information considered secret or a risk to security.
3. One that condemns or censures.
4. One of two officials in ancient Rome responsible for taking the public census and supervising public behavior and morals.
5. Psychology. The agent in the unconscious that is responsible for censorship.
tr.v. censored, censoring, censors
To examine and expurgate.
(source: dictionary.com)
You will notice, that with the exception of historical references to Rome, none of these definitions presuppose governmental authority over just plain authority, indeed, quite the contrary.
The Future of Human Evolution: Autonomy
Proscecute the businesses that hire the spammers. Roll on them extra hard if they don't give up the spammers they hire. Granted this only takes care of the domestic businesses doing this but if enough countries do it then spamming is no longer a low-cost/low-risk endevour.
An ISP should be permitted to filter spam on their server. Most users want this, the ISP wants it.
Users should be able to opt out of this filtering if it is broken. Yahoo has a nice "bulk mail" folder that routinely catches stuff that is not spam.
Properly done Parents concerned about spam could check the Bulk mail box for false positives. Little sally doesn't see the porn, which is what most parents care about anyway.
Just sign the IP with an appropriate GPG key.
You could select whos keys to accept, and let the "web of trust" keep it clean.
Just use the set of keys that have a spam policy you agree with.
My private key leaked for a bit, but a shot at the clinic helped that.
I mean, it wasn't SPEWing or anything, just a little leak...
Darn, sucks doesn't it?
Fighting against SPAM will occasionally interfere with other peoples email.
You are complaining that you just get sucked into this "war on spam". But wars don't ask permission from the people either.
I'm sure the average Iraqi isn't all that happy about having their country invaded, government overthrown, losing security, power, clean water and generally in a big mess.
They didn't ask for it either, and all the bitching and complaining by the world didn't stop it either.
Check out somethingawful.com's ongoing issues with SPEWS. They don't just block individual servers, they block entire ranges affecting many legitimate, non-spamming servers. Yes it's good to block open servers, but at the cost of many other closed servers is a shame.
I have not received a spam for years, despite not having any filtering in place. Wanna know how to do it?
You too can be spam-free for only $4.99! Just send an email to spam.me@spot.the.dog with your credit card details to find out!
What seems to be lost in all of this discussion about whether SPEWS is a reasonable thing to use or not is that it is up to the mail administrator (and whomever employs the mail administrator) to use it. Are you on SPEWS and upset about it? Can't get your mail to that all-important recipient whose mail administrator blocks based on SPEWS? Instead of complaining to your upstream providers to try to get your measly little IP off of SPEWS, complain to the mail administrator's boss, to get them to stop using SPEWS. If that does you no good, then you have to accept that your intended recipient doesn't want your e-mail, and quit whinging.
I've found these Procmail rules to judge Hotmail very effective.
:0
:0
>
:0
# Hotmail addresses never start with a number:
:0 H
* ^From:.*\<[0-9][^ ]*@hotmail\.com\>
{
LOG="Hotmail_numstart "
$SPAMDIR
}
# Hotmail addresses never have a host part:
:0 H
* ^From:.*@[^ ]*\.hotmail\.com\>
{
LOG="Hotmail_hostpart "
$SPAMDIR
}
# Hotmail messages have Originating-IP, except mail from abuse/policy.
:0 H
* ^From:.*@hotmail\.com\>
* ! ^From:.*\<(postmaster|abuse|policy)@hotmail\.com\
* ! ^X-Originating-IP: \[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\]
{
LOG="Hotmail_noIP "
$SPAMDIR
}
One of my old ISPs got blocked when their upstream ISP started selling bandwidth to spammers. The situation was bad enough that my ISP, and many similar ISPs, were forced to change providers. The upstream ISP lost most of their customers and sold what was left to another ISP, who shot spammers on sight.
Mea navis aericumbens anguillis abundat
It's kinda funny that the week after somethingawful was complaining about being blacklisted and not being able to rectify it that SPEWS gets handed their ass. Don't mess with immature geeks with too much free time would be the moral of this story. I'm not saying that it was a somethingawful fanboy. Just that it appears to coincide with somethingawfuls complaints. Hmmmm?
I'm pretty sure if you use your awesome mind powers you will be able to surf to various dictionary websites. You might notice that the definition of censorship only implies authority, not government. If my ISP uses SPEWS it gives spews the authority to remove or supress email it thinks is objectionable. If you restrict people from voicing their opinion on your network it IS censorship. But you have every right to censor them because you are a private entity.
If it really worked, would you have the same companies with TONS of legitimate customers, such as RackSpace, continuing to remain on SPEWS lists? There are plenty more examples. All SPEWS does is block spam by increasing your false-positive ratio enormously.
I was wondering why postfix was complaining:
blocked using relays.osirusoft.com; Please stop using relays.osirusoft.com;
My brain was starting to hurt (more than it usually does).
Postfix users comment out:
maps_rbl_domains = relays.osirusoft.com
And remove reject_maps_rbl from smtpd_sender_restrictions etc.
Freedom is still the most radical idea of all.
truly, white listing and bayesian filtering (Mozilla Thunderbird or Mac Mail) is the way to go. those guys running the blacklists wear black hats just like the spammers. for every spammer that they've stopped (spam increases every year exponentially ) there's a new one to replace them and an innocent company that eats shit by accident because of black lists. good riddance.
"You never want a serious crisis to go to waste." - Rahm Emanuel
Many ISP have Egress filters for OUTgoing email to make sure that none of their clients are spoofing/faking their sender's email address.
Why not do the same for INcoming messages?
-If the DNS address is bogus ==> it must be spam
-if the IP it came from and its DNS address do not corrolate ==> it must be spam.
Heck why not even check the reply-to address too!
No blacklist required!
Yes, this will chew up lots of CPU cycles and require its own DNS server but it will stop a good 50% of SPAM. And maybe, just maybe, it might make bogus email addresses a thing of the past.
You are dead on. SPEWS -- please die a painful death. (Coming from an innocent bystander that got hit.)
Yes, let's kick blind people off the net!
That's unnecessary. Just hide their keyboards instead.
This morning SpamAssassin tagged the daily cron email as spam.
My company was collateral damage on SPEWS last month and I kicked the *^&^#$* out of our ISP for hosting Global Travel on our netblock. They got booted and we got cleaned off the list. Bada-bing bada boom.
RBL's are like a fever. They tell you when something it wrong and only a dork blames the fever when the problem is the disease. Get your ISP to whack the spammer or change ISP's.
Google Thread
My God! It's full of Voids!
Every time the subject of spam comes up here on SlashDot, everyone rushes to come up with a technical solution to the problem. In the case of spam, I think the solution is not a technical one, but a social one. Spammers are driven by greed, and do their 'bulk marketing' on behalf of other companies. Instead of targeting the spammers, target the companies that are sponsoring these campaigns. I'm sure that some negative publicity will cause them to think twice about using this method to get their message out. Once people don't want to use spammers to send out bulk mailings, the spammers will move on to some other get rich scheme, and the spam will at least subside somewhat.
Instead of shooting the messenger (the spammers), go after the one who is paying to have the spam sent.
http://bike.stu.ph/rides - free GPS routes available for Garmin, Magellan, GPX and Google Earth
The simple fact is that big bandwidth providers profit from spam and viruses because metered customers like us have to accept the packets, bounce them or filter them, but it all adds up to bursting up to the next price bracket and can easily double the cost of bandwidth. Blocking is good and filtering is good too but they both use my bandwidth and that costs me money.
I hope at least SPEWS doesn't come back online. They've become pretty well-known in the last month or two for wrecking huge numbers of people's ability to send mail without any accountability at all. My favorite part of their site is the part that says, "If you're not an ISP and you're trying to get your IP removed, you're wasting your time. If you ARE an ISP trying to get IPs removed, you're probably wasting your time too, unless you've stopped all avenues for spam." Allowing machines to CONNECT TO THE INTERNET allows spam! What, is every ISP going to add a clause, "Thou shalt not run sendmail?"
Sounds like heaven ;) If only it were half that good, though.
After all, if spammers saw a lot of it, wouldn't they just learn to send the same spam several times at one hour intervals?
Clear, Dark Skies
I can't even do a lookup on sbl.spamhaus.org. Did they get Spamhaus also?
The anon admins that run SPEWS should simply do what they told us to do when we were unfairly blacklisted due to an alleged spammer on a class C eight class C blocks away from ours - Just change ISP's or IP blocks.
What's that? It's a huge PITA that would be highly disruptive to your business? Well maybe the DDOSers have a newgroup you can post to and be either a) ignored or b) ridiculed.
Looks like SPEWS is 'collateral damage' in the spam war. Yeah, sucks doesn't it.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" - BF
What happens if you a locked into a 1 year contract with this landlord (ISP)? If you move out you a liable for the rest of the rent for the remainder of your contract period.
That sucks. Osirusoft is responsible for tens of millions of dollars worth of collateral damage, that in my mind makes them worse than the spammers.
I am NaN
when SPEWS blacklisted somethingawful.com?
Clear, Dark Skies
What about distributing signed spam lists through Freenet or Bit Torrent or something similar?
Do you think that would work?
VOS/Interreality project: www.interreality.org
both consider my little website a spammer for the simple reason that it uses dynamic dns. The only mail that leaves my site is replies to mail sent to the webmaster (me) and to do registration e-mails for YABB.
Clear, Dark Skies
contradictory, obsolete and conflicting versions of SPEWS flood the internet, including one containing an MP3 of Madonna saying "WTF are you doing?!?"
Clear, Dark Skies
Make all your 'non white list' users ( i.e., customers ) use a web form to send email with.
While its true that could be manipulated with a script.. at least it would buy you time.
Several companies do this now for tech support.. they don't accept raw email. you MUST use their web form to submit issues to them.
---- Booth was a patriot ----
If I invite you to my house and your friend stops by and I send them away, I'm under no legal obligation to let you know they even stopped by.
If I'm throwing a party and you paid a cover, you paying me in no way grants you the right to tell me who I can and can't have on my property. I can still turn your friends away without telling you they even stopped by. They're more than free to contact you later by another means.
An ISP is no different than an other server that hosts e-mail accounts. That's why they can legally block spam all day long. The "accuracy" of their blocking is irrelevant from a legal standpoint.
You have no legal right to use another person's property. It's a privilage that person grants you. Either by charge or free. By using their property you agree to abide by their rules.
They're under no legal obligation to tell you who came to the door and was sent away. If someone sends you an e-mail and it doesn't get through it's up to THEM to find another way to contact you. The ISP or e-mail host has no legal obligation to forward any of their information to you.
Just because they granted YOU the priviage of using their property doesn't mean they granted all your friends, and everyone else who wants to contact you, the right to.
Ben
Work Safe Porn
Good Riddance to BAD rubbish!
My favorite idea is to implement a White List.
If a mail comes in from someone not on your list, it is moved to a spam folder.
Periodically check the spam folder for valid messages and make any changes to the list as needed.
This post encoded with ROT26. If you can read it, you've violated the DMCA. Handcuffs please, sergeant.
Something a few people mention but no one ever seems to get into their heads is that SMTP already accounts for most of the ways people can spam you. A decent MTA is supposed to strip off the domain name of the originating address and ask that server to verify that the user exists on the domain. For instance, if you receive a mail from me@mydomain.com, your MTA will ask mydomain.com if "me" is a real user there. If so, it next checks the sender's IP address--does the address match up to the same IP as the mail server? If not, the address is real, but was spoofed. Those two things right there--validating addresses and IPs--would eliminate the vast majority of spam. The only people who'd still be able to spam would be people who got a REAL email account on a REAL ISP and used that--and those are easily shut down.
Check out my world simulator thingy.
Ive had my isp be blacklisted with warning. Im sorry I dont hop on down the office at 3 am and take are of John Q Public that is hit with the latest worm proxy.
I don't have much hope for this post getting very much attention, seeing as this thread has already been taken over by crackpots an thinly disguised bulkers, all spreading their FUD.
/. because they didn't like some of the articles posted here. A little far fetched, but that's exactly what has happened to Osirusoft. It distresses me that more people haven't caught on to this yet.
But that ain't gonna stop me from trying...
Let me just start out by saying that I don't agree with what Joe has done with the list. I would be more inclined to support him if he were to just 'killall -9 named' and be done with it.
First: Osirusoft is *NOT* SPEWS. Joe Jared simply provided, free of charge, a copy of the SPEWS zone file via his RBL DNS server. He did not at any time have any influence over the content of the SPEWS list. People here complaining about talking to Joe and not getting a response obviously never read the FAQ on his site which clearly states this.
Second: SPEWS is *NOT DEAD*. There's another group out in Australia (I think) that offers a copy of the SPEWS zones, but I can't think of the name off the top of my head. Even so, it's only going to be a matter of time before three or four DNS servers pop up to take over for Osirusoft.
Third: SPEWS does *NOT BLOCK E-MAIL*. They simply provide a list. It's entirely up to system administrators to do what they wish with that list. Admittedly, though, I've seen some sysadmins do some really stupid things with SPEWS.
(IMHO, anyone who uses SPEWS (or any other blocklist for that matter), (a) should have an out-of-band contact method for people who are blocked, and (b) should maintain a whitelist of IPs that have a legitimate need to exchange mail but are blocked.)
Fourth: Nobody here seems to grasp the concept of private property. My server, my rules. If you don't like it, FOAD. It costs me money to maintain a mail server, and I've got every right to try to protect it from being slammed by spammers. If you are blocked as a result, that's just too bad. If you're someone I want to talk to, you can contact me out-of-band and I'll whitelist you.
Fifth: Imagine for a second if Microsoft decided it was going to DoS
So, I hope this clears a few things up. Joe Jared deserves a lot of credit for having supported such a controvercial project such as SPEWS, and it's disappointing to see him taken down like this. It's equally disappointing to see so much FUD being tossed around in this thread.
Let this be a lesson to anyone who doubts what lengths a spammer will go to in order to protect their livelihood.
Some argue that they simply have to make the ISP close their access. That's BS !. Do you think that a spammer which is able to send 100 millions mails a day is stupid enough to rely on only one access ? With the money he earns, he can easily dedicate two persons full time to search new providers every day, and keep a 100% service availability despite a few blockings.
I'd prefer admins stop harrassing end-users, and let them get all the spams so that it is the end users who realize how many spams are really sent on the net. These are the persons who will finally vote for the one with a project of law which will make it very hazardous to be a spammer. I don't think that much of them would continue what they do if they were facing 20 years in jail or even death penalty in some countries. At the moment, they only risk to pay a small fine, which is already projected in their total cost of operation. Here is the problem !
Willy
Extremely well put. It need not even be considered satirical; it's simply accurate. Bravo! -Hope
Kazaa isn't responsible for the actions of those who use the service but SPEWS is?
It's a "bad idea" is a valid argument but claiming any kind of legal basis to take them down is ludicrous. Nobody is forcing anybody to use their lists.
Personally, I don't care to have my server wasting time using their massive list. I block on an "as it comes" basis. I'm also moving to a better mail server which allows better filtering to use on top of the blacklist.
My property, my resources. No one has any expectation of the PRIVILAGE to use those resources. On my list? Find another way to contact your customers or friends or whatever.
Ben
Work Safe Porn
from The Register
http://www.theregister.co.uk/content/56/32510.ht ml
Why Sobig is bad for privacy and AV vendors
By John Leyden
Posted: 27/08/2003 at 12:00 GMT
Eight years ago when I first used the Internet, while doing support work in a Manchester cyber cafe, email was a joy.
I could contact my friends, even when they were on the other side of the world, on the click of a mouse. It was so much easier and cheaper than the alternatives - snail mail or the phone.
Email is still enormously useful as a journalist (not least as an important source of news leads) and but the increased prevalence of spam and viral messages is undermining this.
Drowning in malicious code
Email services firms such as MessageLabs and Brightmail will tell you that one in two emails is now junk email. At The Register this figure is more like four in five emails, and that was before the recent outbreak of Sobig-F.Currently the ratio of legitimate email to malicious junk is approximately two in 100. Clearing out my email inbox is becoming a near Herculean task.
Outsourced security
To get around the junk mail overload, home users can use tools such as Spam Assassin or Mailwasher while small businesses can use managed services like MessageLabs, Avecho.com, intY and the rest.
With Spam Assassin - the most accurate anti-spam package we've found so far - you still have to download email, so if you get sent in excess of 3,000 copies or bounced messages over the weekend (a real figure for us here) that's still a problem.
And if you use managed services (which alleviate the bandwidth headache) then privacy is undermined. By definition you have to trust a third-party - an undesirable consequence of using services that do reduce the signal to noise ratio of email traffic down to sensible proportions.
The emerging breed of anti-virus firewalls and all-in one security appliances enable larger businesses to tackle the problem in-house but these are prohibitively expensive for home users and many SMEs.
Internet moves to an ex-directory model
As well as the expense, the increased prevalence of malicious and nuisance emails creates an uncomfortable dilemma for news services and Net-facing email firms.
In response to Sobig-F, many firms will be forced to make their customers jump through more hoops (Web-based forms being one of the more elegant approaches) to get in touch with them. Some will be tempted to abandon existing email addresses as hopelessly compromised.
Although Sobig-F is, at least for net-facing firms, an order of magnitude worse than anything we've seen before, things have deteriorated over the last three years or so.
Every day, in every way, it's getting worse and worse
Starting off with the Love Bug and moving on through the Anna Kournikova worm, Nimda, Klez and the rest each new worm is more ferocious. Virus writers have upped their game in terms of social engineering tricks and propagation techniques; the ability to scour hard drives for email addresses and spoof viral-laden messages are examples of this.
In particular the speed at which viruses take hold is outpacing the capacity of AV firms to develop fixes for users to deploy them. The critical path has gone critical.
Managed services firm MessageLabs reckons that at the height of the Sobig outbreak one in 17 emails were viral.
Rival firm intY, which specialises in providing services to SMEs, reckons smaller businesses were particularly affected by the prolific worm. At the height of the outbreak last week, intY was blocking one in three emails. Even now one in seven emails that intY analyses are viral.
According to Paul Richards, development manager at intY, the higher rate of virus interceptions among its user base is accounted for because smaller businesses were disproportionately targeted by the worm. Smaller businesses generally have a wider diversity of email contacts and this too helps
I just posted this post, saying to stop pretending to be URBL (which blacklists the world on purpose), and lo-and-behold, they go about and pretend to be URBL.
:)
Maybe I can pretend to be surrounded by Swedish blondes next
Zodiac Survey
Many individuals using these ISPs that spam-block are most likely unaware that any measures are being taken on their behalf to filter their mail. Most would probably be quite happy to discover that if they realized there was a torrent of spam that was being diverted from their account. But all it takes is one that is thoroughly pissed at not getting a job because a potential employer was being ignored for a week (because he's on a blacklisted ISP without knowing it) to pop a hole in your private property argument as defense.
People would have no problem with spam if it was opt-in only... hell, that'd defeat the definition. I'd have no problem with spam filters if they worked the same way. But many of these anti-spam individuals -- people with whom I think I share a great deal of ideology about the problem -- think it's OK for these filters to be fobbed off onto individual users by sysadmins. Obviously, administrators have a choice whether or not to apply the filters, but the unknowing users are subject to injury by such an action. Surely an intelligent argument cannot be made that the users have a choice if they aren't even aware of the problem.
The weak link in using any of the current RBL's is that your email server has to send out a connection to lookup every IP address, every time email is smtpd to your server. Anyway, it seems like the solution has already been found. Bittorrent was designed to distribute distribution of large files amongst many servers. You could setup your email server to download via bittorrent the current RBL every day, or week, whatever works for you. Then you do your lookups locally.
Then again, keeping with maintaining the RBL locally, you could use rsync or diff's. By keeping the RBL's centralized at one address it forces everyone to keep connecting and creates the weak link.
Like the brain dead trolls and their moronic followers at something retarded have something to do with this. I say it is spammers and not some brain dead script kiddy.
Besides, they are not so innocent. Just look at each awful link of the day, even though they deny it, just about every single one is used to encurage their users to abuse said link. They always make sure to point out the site runners email, message board, large files, with the intent for having their users harass said site. All they do use their "humor" angle to hid the fact that they are a troll site that trolls for flamewars, as well as encurages and supports DoS attacks and abuse. They also claim to be resposible for their viewers if they act abusive, but that is just a big lie.
Still don't belive me? See the anti-spews rant Zack wrote. He essentaly ecuraged readers to find info about spews so that he could sign them up for spam, as well as implying for them to fight the something awful way of abuse. Also the something awful forums brats were encuraged to spam and flood complaints to anti-spam newsgroups.
Modify /etc/mail/spamassassin/local.cf
# Osirus has blacklisted the world by mistake.
score RCVD_IN_OSIRUSOFT_COM 0
score X_OSIRU_OPEN_RELAY 0
Stop and start spamd.
Karma: Chameleon (mostly due to the fact that you come and go).
I have had very good luck with some blacklists. SpamCop, in particular, is extremely effective at keeping spam off of my server. And it has not yet generated a single false positive that I am aware of. But I am not sorry to see Osirusoft/Spews go.
I tried using Spews for a while, and found it generating false positives, so I stopped using it.
For a while, my server was blacklisted by Spews because of the ISP at which it was hosted. The fact was that my ISP (like most, I am sure) had indeed been the source of spam, but reacted reasonably to stop it. And Spews blocklisted all of the subnets belonging to the ISP rather than the actual spam source IP addresses.
I found it strange, and grossly irresponsible, that there was no way to contact the blacklist operators except for using the news.admin.net-abuse.* newsgroups. When did it become normal to use public newsgroups as the way to communicate with a private organization?
Their last act of blacklisting the world just seems so typical. Rather than giving time for people to reconfigure their servers, they just blacklist everyone and force people to reconfigure their servers under the gun. I could see doing that months down the road after everyone has had time to update their servers. But doing so this quickly was as irresponsible as the rest of their actions.
I'm trying to find out if any warnings were sent out. I look though the google USENET archive and only see some indications that there we techinical problems with osirusoft.
If anyone can offer a pointer to a warning message about the impending doom of osirusoft I would appreciate seeing it.
It takes a lot less time and energy to acan a junk mail folder a couple of time a year, than to manually sort your inbox several times a day. It is a lot less aggrevating too.
I appreciate your (back-handed) point about the need of political action to stop spam, but meanwhile we have to make mail useable again, which it isn't for a lot of us.
man, that's a damn shame. oh well, at least we can all say for a little while that "TEH INTARWEB WAS FREE OFS TEH SPAMMERS!!" thanks to the wanton chickenhawks at Spews.org and all of the whiney asshats on n.a.n.a.e. who have nothing better to do with their lives than refresh their nntp browser, looking for the next person requesting removal they can jump in and flame (read: GET A LIFE).
Let me paint you a picture:
Some bottom feeding marketing contractor rents a crappy, darkly-lit, 1-room office in some crappy part of town, orders a cable line, 3 or 4 dsl connections and maybe a fractional t1 to boot. He buys a list of a few million email addresses and begins spamming like mad over one of the lines. After x amount of warnings, gets shut down, moves operation to another line, reorders service on the one that got shutdown under a different name, and keeps going. This is a very typical scenario of a spam gang. I've seen/dealt with it many times. So taking cause/effect into account: what protection against spammers does a blacklist offer in this capacity? Nothing. At all. Spamming is a completely mobile enterprise. Only the isp gets hurt. Spammers aren't the least bit concerend about spews.org, or any other blacklist for that matter.
They don't sweat getting shutdown by the isps because they have other connection mediums waiting in the wing, and actually budget the service costs into their overhead without thinking twice, because the money they make is incredible.
I don't work for, nor have any association with brightmail, but they have a great product (if only my ISP would cough up the scratch and buy it...), but I think the mentality of spews could be summed up in their product review of brightmail (paraphrasing here, as the site is down and I can get an actual quote):
"only stops spam in real time, does nothing
punitive against the spammer".
HELLO???!?!! Missing the point a little?? If you're not getting the spam, who gives a crap about the spammer?
It's pretty clear that these people and their associated usenet scene whores are just looking to skewer people, anybody really, over alleged spam. In this method of blacklisting, you're only hurting the ISPs. Nearly all (not all unfortunatley) isps in the US will shutdown a spammer if enough people complain. killing email for (in some cases) up to 65536 other non-related ips doesn't help. If it did, spews (or any blacklist for that matter) would have been more successful. In the last year, we've had more active blacklists to utilize than at any other point in the history of the internet and spam has only gotten worse, not better. Spews & Osirusoft are a shameful failure.
Solutions: Whitelisting is an excellent option on an individual email account level. On a grander scale, make your representatives pass laws, put you're money where your mouth is, and sue the spammers. They're in it for profit, when it becomes a greater liability, they might find a more worthy means of revenue.
Something that seems to be missing from the first 500 posts or so:
Osiru is NOT SPEWS. SPEWS and Osiru are entirely different.
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
The thing I don't like about the idea you listed above is that it takes out some of the ease of emailing. If I want to send someone something I want to send it right then before I forget. If I have to wait for permission things will never get done.
I kind of like the idea of the sender storing email on their server. Then ISPs could easily control spam by using smaller quotas for outboxes.
Then the mail sits there until the recipient accepts mail from the sender.
Also, there are a few valid reasons to spoof domains from time to time so that's a no go either.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
No, this seems like a final flip-off to me. It's great that he decided to provide this service in the first place, but he had people's trust, and he burned them. Nice. I can't excuse that, personally.
Luck favors the prepared, darling.
who said he was providing a service in exchange for money? the way i read it, he was talking about his own personal PC with his own personal accounts (or accounts for his personal friends).
you have no legal right - period - to intrude on personal private property in order to sales pitch.
Blacklists are great, but they've got strictly limited utility - The originating IP needs to be listed with some blacklist maintainer for it to do you any good.
But I noticed something about the spam that makes it past the blacklist - my mailserver happens to be the only one listed in the headers. That is, the email went from the spammer's workstation directly to my mailserver, and into my inbox.
All of the 'legitimate' email I receive either goes through one or more mailservers before it reaches mine, or comes from an IP address that I have explicitly told sendmail is OK to relay.
What I'd like to see happen when a computer tries passing off an email is:
1) do a DNS lookup on name the computer gave in its HELO to make sure it matches the machine's actual IP address.
2) If it does, check to make sure that there exists a valid MX record for it somewhere. If so, THEN check the RBLs, and block or allow as appropriate.
3) If not, check to see if relaying is explicitly allowed for that IP. If not, block it.
There were some definite fatal flaws in a blacklist that posts a "sample" spamtrap (blockme@relays.osirusoft.com) address on their homepage making it public knowledge and still blocks lists where this email address has been subscribed (in most cases maliciously).
I get hundreds of double-bounced spam in my postmaster-for-90-domains mailbox. chello.se is high on the list of spam sources. I try to leave legit mta's unblocked, but when I get 20 or 30 double-bounces from one, it's gone. And I loathe and detest PacBell and AT&T for sprinkling a few legit domains in the middle of a DSL block. Sorry about that, guys, bitch to them and get your IP numbers reassigned. Brazil and Mexico send nothing but spam, same with HongKong and Taiwan. And I don't know anybody in Poland or Italy or France, so as long as they keep sending me spam I'll keep adding the offending class C (and sometimes class B) blocks to the shit-list. I haven't shut down any x.*.*.* blocks yet, but honest to gawd it's getting real close. I do have several x.y.*.* blocks gone, tho. Why do people think I'd want larger firmer breasts *and* a bigger dick? And why are so many people concerned with the size of my dick anyway?
someone tell me why he couldn't leave a txt msg on his website and just pull the plug on his blacklist machine. no wonder i haven't gotten any of the emails i've been expecting this morning...
One reason spam is so ubiquitious is that it is ridiculously easy to send it, due to deprecated email protocols and irresponsible usage of email addresses.
:-)
First off, there are SMTP servers which will relay mail for any domain (the so-called open relays). You can send mail to any recepient with any From address through these.
Then there are SMTP servers which blindly assume you are who you say you are. All you need to do is obtain one email address that that server allows relaying for, and you can send email seemingly coming from that address.
Then there are the slightly smarter servers which require you to authenticate first (for example by checking mail over POP3). With millions of users checking their POP3 mail periodically, using plaintext passwords for authentication, sniffing a password should not be all that hard. Voila, now you can send mail as the unfortunate user whose credentials you have obtained.
There are other ways, like writing virii that will infect a computer and use that computer to send out mail, but a spammer needn't even go there.
Then there's the question of how to obtain email addresses. Again, this is ridiculously easy. One possibility is sniffing, which was mentioned above, but there's an even easier way. Many email addresses can be found on publicly accessible websites (including but not limited to blogs, forums, personal webpages, contact information) in usable or trivially mangled form.
Another method that has enjoyed particular popularity with virus writers is harvesting MS Outlook Express address books. I remember my indignation when someone accused me of having sent him an email virus, which turned out to actually come from someone else, who had been infected by said virus and happened to have me in his address book.
The alternatives are out there. Something as simple as connecting through SSL could help a lot, by both giving sniffers a hard time and allowing proper authentication of both server and client.
BSMTP, IMAP and running a local mail server each allow mail to be pushed to the recipient instead of polled, resulting in quicker response times (checking mail every minute versus immediate delivery) and fewer authentication sequences (which tend to be uniform and thus prone to sniffing even through SSL).
IMAP could be used for sending mail, which would put everything nicely in one protocol (instead of having SMTP for sending and POP3 or IMAP for reading) as well as allow for authentication.
In summary, if we want to avoid spam there are two things we should do:
1. Be careful with our email addresses. I have some addresses that I use for personal communication but that are not published anywhere, and I have never received any junkmail on those (apart from what came in through the catch-all). Related to this point is that we should shun programs or services that are known to reveal addresses either willingly (e.g. many free services on the web) or through well-known exploits (e.g. buggy software).
2. Migrate to protocols that more adequately reflect contemporary reality, rather than the utopistic model that worked fine in the academic settings it was developed, but not in the Real World.
I reckon I've earned my two cents with this.
Please correct me if I got my facts wrong.
Those of you saying "Use C/R, or use Filtering, etc" Are all missing the point. When you only take care of spam by filtering it at the receiving end, you are still letting the spammer abuse your resources and those of every other network on the internet. The only way to stop this is to *stop the spam from being sent in the fist place*. The only way to do *THAT* is to punish the ISP's that allow this trash to be spewed from their networks.
SPEWS hurts people who give money to spam supporting ISPs, they're only innocent until they find out they're listed.
If someone posts a timescale for moving out of listed space, SPEWS has been known poke a temporary hole in a listing for them. This indicates that they don't want to block real innocents, just people who give financial support to spammer-friendly ISPs.
Spammers are also hurting innocents by bombarding everyone with spam in an attempt to force a party totally unconnected to the victims to accede to their wishes.
You want a terrorist analogy? Spammers are terrorists, spam friendly ISPs are obviously terrorist umbrella organizations, and your 'innocents' are financial sponsors of terrorism.
The truth of the matter is that SPEWS is just a consumer boycott by people with a different definition of innocent to yours.
Custom Rules For SpamAssassin
An ISP needs legit customers. I'd be amazed if there are enough spammers to pay the overhead at an ISP. If an ISP has nothing but spammers, they will absolutely be blacklisted and manually blocked. They will have a hard time getting bandwidth--They need at least plausable deniability.
If they have spammers, they need people to say "Don't punish me because my ISP supports spammers! Wah!"
The business of selling things from a web site. What a concept a person makes a purchase on a secure site and has that purchase confirmed by email. The are business that haven't spammed a soul in their entire existance. These transactions happen a few million times a day. Wake up SPEWS is bad. It hurts these people.
These people are NOT spammers. Yet Spews will block entire IP ranges and hurts these folks.
But I seen now Spews and it's supporters don't give a fuck about anyone but themselves. I keep seeing this "my servers" shit. I doubt very seriouslty 99% of the people spouting this are actually the leagal owners of the so called mail servers they administer. They work for other people who pay them so they can send and recieve email. Blocklisting totally breaks email by throwinhg the baby out with the bath water.
you religous argument about Spews are bull shit.
Allowing a secret group to deterimine who may send email is bull shit. The childish way they go about this showd they only want to break things not fix them.
Question has anyone ever been removed from Spews blocklist?
Finally you admins that claim you "own" the servers and get to decide with to do with them.
Are people paying you to host their POP accounts?
If so where do you get off possibly blocking mail they wish to recieve are the paying you for getting? If they are you are fucking your customers and are as bad as any spammer ever will be. If these server soley server your personal self you can do what you want. If you are a business you are blocking mail that may be directed at you by persons you do business with. What an impression you must leave when you bounce their mail and accuse them of being a spammer or supporting spammers.
Spews is a secret group of little kids who are bigots and censors who intentionally are breaking the internet in ways that spam never will.
As you can see I don't care about my karma.
Or, to put it another way, the rumors of SPEWS demise have been greatly exaggerated.
;-)
Here's what's going on. Joe Jared opted to take down Osirusoft.com's MIRRORING of the SPEWS database, and also chose to stop providing his relays.osirusoft.com DNSBL.
The SPEWS DNSBL listings, I'm happy to report, are still very much alive and well. SysAdmins desiring to resume using this resource can point their MTA's DNSBL lookup to l1.spews.dnsbl.sorbs.net. Other mirrors are available as well, and a polite query in the newsgroup news.admin.net-abuse.email should provide all the info one would need.
So, in summary, to the spammers who blew a whole $1.49 on that bottle of cheap wine at your local Circle-K or 7-11 to celebrate -- sorry! Looks like you wasted your money.
Bruce Lane, KC7GR,
Blue Feather Technologies
There are currently (at least) 4 different proposals that I know about to end the process of domain spoofing (which is part of the battle).
RMX proposal
SMTP+SPF proposal
DMP proposal
DRIP proposal
Wolde you bothe eate your cake, and have your cake?
No system is secure if key to the lock is compromised.
I've spent the last nine years building and running ISP's in the Orlando area, and have done more than my share of tracking down the owners of IP blocks to make sure that when I block an IP block, I don't block too many people close to the spammer.
/16 block belonging to AT&T, but there is no further information available.
One problem I have always run into is the lack of information about the owners of these netblocks. The spam situation is one of the reasons ARIN maintains a SWIP database, showing who owns each particular block of IP addresses. Whenever SWIP information is out there, I use it as the basis of how big a block to add to my list, especially if the owner of the smallest block is "ABC Internet Marketing" or something similar.However in many cases the information just plain isn't there.
For example, I have received 257 spam messages from 204.127.131.(111-133) over the past three weeks. The SWIP database shows this as part of a
I had to GUESS and block 204.127.131.0/24, but I may have blocked others in the same class c by mistake. If AT&T would make specific netblock information available through SWIP or an RWHOIS server, I wouldn't have to guess and I wouldn't be running the risk of accidentally blocking people who don't deserve it.
Maybe if the ISP's would actually publish their SWIPS like they were supposed to, this type of collateral damage wouldn't have to happen. (Are you listening, AT&T?)
Boy, what great logic you have there. By this reasoning I assume you are a rabid teenaged acne scarred fanboy from somethingretarded.
I have determened from their site that they are terroists who engage in and encurage their cult of morons to comit illegal acts(i.e. DoS attacks, harassment, breaking into computers, etc). I say they are a threat to the security of the internet and need to be investigated by the FBI.
Hi spammy! You are going to hate this, but SPEWS is still alive.
An ISP needs legit customers.
No, an isp needs customers, legit or otherwise.
Under the Spews model, there is no reward for corrected behavier. So while an ISP may get blocked for supporting spamers, there is no motovation to stop if there is no reward involved. If they loose all their legit customers due to blocking, guess who pays their bills? *The Spammers*.
This has been noted many times when legit people pick up blacklisted IP addresses. They are stick stuck with the legacy of prior abuse whether their intent is legit or not. This ends up being counter productive because an ISP holding these blacklisted blocks can't get legit customers.
The idea should be to encourage ISPs to conform to a set of rules regarding spam, rather then blanket blacklisting. Without an acceptable procedure to address legit customers the "Don't punish me because my ISP supports spammers! Wah!" crowd wins. ISPs who are actually concerned with getting legit e-mail would have second thoughts about adopting a Spews like standard for fear of loosing legit customers.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
How many of these "FUCK blocklists, T3hy T3H SUXXORS!!!1LOOL" anonymous cowards are either one person, a wacked spammer, or several wacked spammers?
BTW, this is just like the RIAA situation. When one method of killing spam gets killed, several popup to replace it. From what I have read it looks like there are a lot more people who want to pick up from where Joe left off.
DSBL and ORDB list open relays. They have a clear (i.e. programmatically implementable) listing/de-listing process. Spamhaus actively investigates spam gangs. Their policy is not programmatically implementable, but it's pretty clear.
DSBL even has three flavors to choose from:
I have a relatively small and spam-free system (only six domains, very few email addresses that are not publicly visible), so for the last 7529 emails (since I configured to use these RBLs) processed by Postfix the server has rejected:
- 103 via list.dsbl.org
- 1 via relays.ordb.org
- 8 via
sbl.spamhaus.org
The frequency can probably be largely attributed to the order I chose: maps_rbl_domains = list.dsbl.org relays.ordb.org sbl.spamhaus.orgIf you're griping about collateral damage, then don't choose a wanton list, and advise others not to use one. Just don't go maligning all RBLs like ignorami.
Ignoring the fact they picked a bad host, their recent actions are more to blame.
On his site claims the same old tired suff the news group advises one not to do. He also encuraged his fellow mononic troll followers to find every thing the can about SPEWS so that he could sign SPEWS up for spam.
He claimed to have posted in the group, when he never did so. He has now resorted to writing FUD "articles" about SPEWS.
His moronic troll follower flooded the news group, which unlike the other geocitties type sites they encurage their followers to abuse, it was a bad idea to pick a fight with NANAE because they could fight back. This got them in perminit local blacklists they will never get out.
Unfortunately, the only real solution is going to have to be a legal one. Spam technology is moving too fast, and anti-spam tech is either ineffective or does entirely too much collateral damage.
Tech Public Policy stuff
> Spam.com: Hello, [mta.com], [realhost.com] has mail to send.
> Mta.com: (resolves 'realhost.com')
> Mta.com: Hello, [realhost.com]; you have mail to send me.
> Realhost.com: [Mta.com], I don't have any mail to send you.
Sounds like DMP:
http://www.pan-am.ca/dmp/
This has been in development for five months and will be submitted to the RFC editor later this week.
Use Evolution instead of Outlook? Bewa
this is probably subjective, but imo that term is quite harsh and very unspecific at the same time.
all they did, was to publish a list of IPs and netblocks saying that these were associated with spammers and/or spam supporters. they are|were probably free to do so. they can't be blamed for the fact that other people configured their servers using that information. so what gives you the right to use a word like "aggressive"? aggressive towards whom? the user? the worst that can happen, is silently dropped mail, though most servers are kind enough to reply with an error. besides the possibility of using some kind of send_ack_at_receive (to lazy to lookup the name) in case both ends of the chain support it, there is no way you can be sure an email reaches someone else. if you mean, you get aggressive, when you notice that you can't send mails: relax; meditate on the perpetual goodness of life; open a free webmailer in a browser or relay that mail through another account.
this depends on your local interpretation of law and ianal. here, a witness to a crime has to speak (with exceptions), a private company has to publish certain stats (annual earnings...) and the government should (in theory) have a plausible explanation about where all the money went. this reaches the other end of your faulty 'no government => no censorship' logic, which already has been bashed to pieces.
And that admin knows exactly what he/she is doing if he/she is currently using SPEWS. The point is that you can cry to them all you want, doesn't change the fact that you are paying money to an isp that doesn't mind polluting the net.
The great thing about greylisting is that spam never makes it to the user's folder, there is no possibility of false positives, and it's impossible for spammers to detect that we're using the feature.
This takes a lot of the workload away from SpamAssassin (which we consider to be a rather blunt weapon that generates a lot of false positives) and doesn't upset the users.
-BvB
I think the best solution would be to use some sort of p2p blacklist system to elude such problems. Much like has done to elude tracking and offer an alternative to centralized file sharing.
These same companies could create software that would *all* have black lists in them, and all blacklists would be available to anyone using *any* piece of software with the required protocol written into it. Each client software would then ricochette their existence off several other hard-coded (myabe another way) server, and retrieve the blacklist from another client. These black lists would be updated by some mysterious power. It could easily be checksumed or encrypted or key'd somehow so clients wouldn't download 'fake' blacklists... I dunno.. just a thought.
If every single person who used sendmail, also allowed a way of someone getting a list off them.. the blacklist would probably never have such DDoS issues. That's why kazaa and such is still around.. can't DDoS every single kazaa user..... can you?
on the sixth day God created man.
on the seventh day, man returned the favor.
Has someone yet thought of how simple this all really is? Spammers advertise a PRODUCT. A COMPANY. Don't worry about blacklisting, whitelisting and all that other happy horse shit. Ban the company.
Bayesian filtering does that in an imperfect way right now. The images have to come from somewhere, the links have to go link to something.
Lies like this are claimed all the time. Prove it... What's your Class C block.
Stop your lying you spammer.
(I'm not SPEWS and I don't know who SPEWS is.)
Publishing a list which identifies my ISP as a spammer is slandering my ISP unless it is true. Facilitating others in blocking my email by intentionally inflicting harm on ME is a tort. Filing one suit when I have been harmed is NOT barratry.
Well, let's look at this for a sec: is it your ISP listed, or their upstream? If it's the upstream that's in SPEWS, your ISP definitely has a case for being sold faulty goods, breach of contract, etc.
If it is your ISP that is listed, and they can stand in front of a judge and state under oath that they have never facilitated in the sending of spam, they might have a case. A quick google search will yield anything thats been posting to news.admin.net-abuse.sightings all the way back to 1997 I think... search for your ISP and see what you find. You may be surprised.
And as far as chosing an ISP, perhaps you should try to understand that many people have exactly ONE choice in a high speed ISP.
In other words, my choice is to cease practicing my profession from my current office, or use this ISP.
And that's unfortunate that your only ISP choice happens to be a spam sewer. In an effort to mitigate damages, it would be very easy to make arrangements with a third party to smarthost your mail through their mail server (which is hopefully not blocked).
Don't get me wrong: collateral damage sucks. The only thing that sucks more though is half-cocked irrational responses. If people would be a little more rational, and would put a little thought into working *WITH* the blocklists and not *AGAINST*, we'd all be a lot better off (i.e. less spam *AND* less collateral damage).
Stopping spammers requires cooperation, something that's long been prevelant on the 'Net and needs to continue. The only way to stop spam is for legit mail server admins around the World to come together & make some major changes to smash it out. One of the biggest problems with stopping spam is there is no accountability. You force accountability you know the actual sender & can thus enforce rules. Rules determined by law-abiding netizens. Many pieces are already in place, but a few things need/should be changed:
- A database of mail servers should be created. To be on that database you must submit proof of who you are & sign an agreement to abide by the rules set forth including no unsolicted email. If you messages come from your IP you are warned & should enforce the rules to their users. Repeat offenders are removed from the list. Period.
- This database could be utilized as a sort of RKL (Real-time Known List) similar to RBL's such as spamcop, etc. Of course this would be optional, but for obvious reasons mail admins would probably want to make use of this info in determining if a message should be accepted or not.
- This database of servers in conjuction with other rbl's would force force spammers to go through the hassle of registering, providing confirmable contact information in order for servers utilizing this RKL to accept mail from them to just be blacklisted & banned rather quickly by the RBL's. This would put a tremdous hurdle in front of spammers & therefore cut down or eliminate spam.
- A side effect of this RKL is it would almost eliminate email-bourne worms & viruses unless a mail server or other machine behind NAT/Proxy on same IP as a RKL'd server gets infected because most IP's will not be on the RKL & therefore would only be able to spread to servers not utilizing the RKL.
Of course there would be many required to implement this, but with the cooperation of all good netizens I believe it would work & stomp out virtually all spam & email worm/viruses.
I welcome comments & suggestions but mostly action by all those who want their email back.
A concerned netizen
Kill the spammers, one by one;
It's a better woeld when we're done!
You can hide, but when we find you.....
The quickest way to find out if your isp is a spam haus, go here.
http://www.spamhaus.org/sbl/isp.lasso
Unfortunately, _every_ isp in my area providing broadband services is listed...
Great analogy on blacklists, BTW.
I don't spend lots of time filtering since I regard ALL unsolicited mail as junk. This means that any message not from a friend is ignored. If someone wants to mail me I add their address to the list of acceptable ones. That way these scum don't waste my time. I also don't waste my bandwidth as this process takes place before I download anything.
Looks like another great service. I like the fact that replies are automatically stripped of your real e-mail address.
The only reason SpamGourmet made me nervous was that I was afraid the company might fold. It looks like this might be the case with this company as well. Also, I need professional-looking e-mail addresses to give out when looking for work or sending out resumes.
"There are actually two different anti-spam goals."
I go for the BIG GOAL: end spam. Why settle for less?
If you limit the goal you limit the range of solutions that can be tried.
Waht I actually aim at is spam sent by abuse, not all spam (so spam sent directly by the spammer to the recipients isn't included. That's a small portion of the spam.) There's two closely-related tools to do this: open relay honeypots and open proxy honeypots. Both accept spam directed elsewhere, both keep that spam from being delivered. If the initial source of the spam can be identified (as it frequently can be for open proxy spam) then the ISP can be notified of the abuse by the customer. Many ISPs will boot the spammer on the basis of that evidence. If the spammer gets a new account but spams in the same way he'll get caught again, get booted again.
These are real good, but what I've described is single-IP honeypots. If ISPs would watch for abuse traffic coming in (particularly proxy port traffic) they could run ISP-wide honeypots. The ISPs could strike a significant blow against the spammers and fairly quickly cause the spammers to leave their IP space alone. If spammers feared they'd get caught and punished when they sent spam they'd lose a lot of their motivation. Being booted is a weak punishment but even that could, if repeated, get the spammer thinking about no longer sending UCE.
That's what my 2nd item is, when everyone has that goal.
I do have the goal to eliminate spam. But to do it, everyone has to also have the goal and co-operate.
What the hell are you talking about? ALL spam is abuse. That includes spam sent directly by the spammer (assuming you mean not bouncing it via open relays or open proxies). My mail server logs are full of connection attempts, and subsequent refusals, by spammers connecting from their own high speed access lines or colocated servers. That's abuse, too, because it uses up some bandwidth and server resources to fork the SMTPD process, receive the MAIL and RCPT commands, look up the reverse DNS of the connecting host, and send back a 55X error response if they are not whitelisted and either have no reverse DNS, or it fails a forward verification, or their domain name is blacklisted, or another DNS blacklist lookup shows them to be a spammer. At least I keep my costs to a minimum by not accepting the DATA and not running some content analysis on the message body and not trying to save what looks like spam in a separate folder.
A great many ISPs refuse to terminate their big spammers. And I'm talking about spammers that colocate or rent dozens to hundreds of servers. These are big revenues sources to the ISPs, so they often look the other way.
Even the small time spammers, who seem to be the ones you focus on, can get lots of spam out over and over through the use of multiple accounts. By the time the ISP does discover there is spam going out, and terminate the account, it's been 24 to 48 hours, and the spammer has usually quit using that account (it's generally considered you can get 12 to 24 hours of spam run out of one dialup/ISDN account, when spamming direct, and a bit longer when going through safe open proxies).
If ISPs really wanted to stop these kinds of accounts from spamming, they would block outgoing connections to port 25 or any proxy ports (except port 25 would still be allowed to the ISP's smart host mail server ... which needs to have quotas limiting the volume of mail from any one customer to say about 30 per hour).
What about having ISPs also watch for abuse traffic going out from their own customer base?
Running honeypots isn't even necessary for this. They can block incoming ports for open proxies either at the border routers, or in the customer RADIUS profiles, and blocking incoming port 25 in the RADIUS profiles (except for those authorized to run a mail server). Same for any ports eventually discovered to have been deployed by viruses.
now we need to go OSS in diesel cars
"That's what my 2nd item is, when everyone has that goal."
I don't think everyone is needed. Significant effects have been seen from single systems. If I were going for everyone I'd say "Just Hit Delete." If you get EVERYONE involved then it's trivial.
"What the hell are you talking about? ALL spam is abuse."
Excellent point. Since you understand I'll rephrase it as targeting spam that can be targeted using a honeypot. If you're seeing the spammer connection attempts but stopping them how do you know they aren't looking for an open relay? In any case you get bonus points for seeing it - if more people watched then more reports could go to ISPs about the abuse. Even those ISPs who smugly harbor the spammers might change attitude if they saw even a small stream of ABUSE reports - not SPAM reports. I know I've gotten a spammer knocked off UUNET when all others were saying UUNET harbored them. I didn't have to "raise my voice" or issue threats: I just sent them the SMTP logs that showed the abuse, along with a sample spam. For that matter Michael Tokarev got Ralsky knocked off UUNET again and again, all in the same weekend. The spam stopped when Ralsky ran out of his then-current stock of throwaway accounts in his Dallas operation. More recently Ron Guilmette has gotten what appears to be Ralsky's own servers in his $3/4 million house near Detroit knocked off. This is easy stuff.
"Even the small time spammers, who seem to be the ones you focus on..."
With a honeypot you catch who you catch. See above: Ralsky is NOT a small-time spammer. I believe most spammers now use abuse (open relay abuse, open proxy abuse, Jeem-type abuse) to send spam. Direct spam is fairly easy to stop using blocklists. It's also fairly easy to trace. I don't think most spammers use it. Scelson has claimed he does but then Scelson has filed for bankruptcy.
"What about having ISPs also watch for abuse traffic going out from their own customer base?"
(Slaps head.) DOH! Why didn't I say that? You are absolutely correct. Both the ISP on the sending end and the ISP at the abuse end can look for the same traffic, using traffic analysis tools. I'm familiar with ntop - I'm sure there are others. Cable modem users could watch for spammers probing for open proxy ports on their cable segment using ntop (there's even a low-cost Windows version.) Until spam is gone I think all ISPs who could look for abuse should look for abuse (and not simply secure the ports subject to abuse - that is too easy on the spammers.)
"Running honeypots isn't even necessary for this. They can block incoming ports for open proxies either at the border routers, or in the customer RADIUS profiles, and blocking incoming port 25 in the RADIUS profiles (except for those authorized to run a mail server). Same for any ports eventually discovered to have been deployed by viruses."
Frankly, I can't understand why 99+% of ISPs don't do this automatically. Your point is an excellent one.
But I'd really love to see (as a good example) telesp.br start watching for and honeypotting spam traffic. Of course they could block it - I'd just like reading about the shock when the spammers discovered their abuse of that domain was failing 100% (even though it looked just the same form their end.) But that's my mean streak. [I don't, however, apologize for my mean streak.] The next step would be for telesp.br to tell other ISPs how they defeated the spammers abusing their space. Might that word spread fast?
True, not everyone is needed. What I was referring to is what the definition of my goal is. That 2nd goal is to prevent even so much as a DNS lookup to find my servers, and certainly not a SYN packet to try to make a connection (which can be stopped at this point with a border router access list, but still, that uses up some bandwidth and router cycles, which I should not have to pay for, but wouldn't have worried about had it stayed at a miniscule level). By extending my goal to "everyone", it eliminates all spam.
They may well be looking for an open relay. I've seen those. I can tell because the recipient address is not one which would have led any normal MX-record-following SMTP client to my server. I have seen an "attack" by several hundred (worst case was a little over 23 thousand) such hits from the same IP, doing the relay thing. But that has only been on the server of one of my clients, who once many years ago did have an open relay there (and perhaps someone is running an antique list). My own have never seen any significant open relay attemps, so I suspect what I do see are test probes, either by spammers looking for lush new territory (didn't find it here), or by an operator of some open-relay blocking DNSBL. But the vast majority of hits on my servers are some combination of big colocated spammers (such as yourbigvote.com), and thousands of small time hustlers on cable modems and such. I've blocked both at the mail servers, so I see logs of attempts to deliver that fail. And they keep coming and keep getting 550 responses, and never clean their lists on the basis of that. The small time ones I can understand as they are running from some CDROM, typically. But the big ones could do this ... they just don't.
You're still using "abuse" in a restricted venue. Relaying spam through someone else's server is TWO cases of abuse ... 1: the abuse of the open relay (IMHO, they got what t
now we need to go OSS in diesel cars
You're still using "abuse" in a restricted venue. Relaying spam through someone else's server is TWO cases of abuse ... 1: the abuse of the open relay (IMHO, they got what they deserved for having it open) ... and 2: abuse of the recipient. Lots of spammers do use the direct method, and lots of them are still in the USA (but lots of others have moved to places like Hong Kong).
Yes, I am. I could get technical and call it "3rd party abuse" (of which there could be and often is more than one) but that just makes the definition exact - it doesn't convey much information. (Many spammers hit the open relays through open proxies. That's why I see proxypots as having a high value - they may be the first 3rd party the spammers abuse. That reveals the spammer's IP. Are you familiar with Ron Guilmette's top 40 spammer lists in news.admin.net-abuse.email? All the IPs and IP blocks in the lists were learned using proxypots.)
And then there's the Hananet spammer who spams From Taiwan to Taiwan addresses, through US computers. Sometimes he sends spam to apparent relays strictly on the basis of his test message being accepted, not on the test message reaching its destination. He's been a real pest lot's of places.
I don't know of any use for a proxy port to go across the public internet.
Your whole discussion here is very sensible. If some ISPs would do what you advocate and report the success (if any) of doing it then I'd hope many more ISPs would have the simple good sense to do so themselves - if you are anti-spam there's nothing to lose. I'd like to see the spammers whacked (on the basis of honeypot operation) but if they just fade to nothing because the pathways get narrow and then vanish I'm not going to be upset. I'll rejoice. It does seem to me that having honeypots might speed the process (as opposed to blocking ports.) It's similar to the campaign to secure open relays - until the available abusable bandwidth drops below what the spammers need they aren't very inconvenienced. Honeypots, even single ones, can have an effect right away.
Reporting 3rd party abuse has more bang for the buck in terms of a complaint sent to an ISP. If the ISPs learn to give such complaints precedence they can nuke spammers quicker (pressure will have to be applied to the ones who don't want to nuke the spammers) and that should lead to the complaint level going down (no spammers, no complaints, of course.) Everyone wins except the spammers.