Osirusoft Blacklists The World

ariehk writes "As of today, Osirusoft, distributer of the SPEWS and open relay blocklists, among others, is no longer operational. Servers using these lists (including the FTC) are currently rejecting ALL email. This shutdown seems to be in response to a several-week-long DDoS attack on Osirusoft, SPEWS and others, resulting in both sites being down. This has caused much discussion on n.a.n-a.e, including the suggestion that the attack is somehow related to the SoBig worm. The spammers must be hurting if they can devote these kinds of resources to attacking blocklists." Read on below a related submission.

NSXDavid writes "Earlier today our site mysteriously ended up on Joe Jared's Osirusoft SPAM blacklist which is used by lots of antispam software (like SpamAssassin and sendmail). Since he is currently under a serious DDoS attack, there was no way to appeal this decision. We contacted Mr. Jared by phone who informed us that 'everyone needs to stop using Osirusoft and that he's going to be shutting the service down.' Then he says he's going to blacklist 'the world' (aka, ban *.*.*.*) to get his point across. Later on this evening, he apparently went ahead and did just that. Succumbing to lawsuits and DDoS, a once great blacklist is dead. SpamAssassin is removing it from their config in the next release (rc3) and email admins around the globe are reconfiguring their mail servers."

Blacklists and reality

[Dancin_Santa]

It may take a little more work, but the only solution to spam is the whitelist.

Re:Blacklists and reality

[WolfWithoutAClause]

What happens when the spammers start using worms and viruses to create open relays on people you trust?

Re:Blacklists and reality

[Zeinfeld]

Will yahoo and hotmail be on that whitelist? Most of the spam I get comes from those domains, or at least it is spoofed to appear its from there.

The vast majority of spam is sent with some form of false address. Developing a way to be able to trust the origin of email is the way to end the spam crisis.

This type of action does not surprise me. SPEWS and the other blacklists are poor solutions to spam because they are in effect private censorship with no accountability. They are also single points of failure for the Internet as today's episode proves.

The backwash caused by this event was huge. It wasn't just spews and spews users who were affected, the load on the backbones was causing severaql nets to brown-out repeatedly.

It is just as well that we did not have as many idiotic 'hack-back' schemes in operation as some have been calling for.

Re:Blacklists and reality

[Pig+Hogger]

Whitelists are unworkable. How do you reach someone for the first time?

Re:Blacklists and reality

[JoeBuck]

Yes, let's kick blind people off the net! If they can't parse your machine-unreadable image, screw them. Right?

Me, I do pretty well with Bayesian spam filters.

Re:Blacklists and reality

[magores]

This is fine for person to person, but what about person to business?

Let's pretend I'm a business. I WANT you to send me an email.

I WANT emails from every single person in the world that isn't a customer yet.

I NEED to accept every email on the chance that one of them might be a sale. (Yep. This means I need to look at the ones that include *details* in the subject.)

Whitelist doesn't work here.

I do NOT want a phone call from you as first contact. A one minute email response is now a 40 minute phone call explaining that "Yes you must turn on your computer first if you want to actually use it"

White-list is unworkable for business, because everything must be "whited" by default.

Challenge-Response is unworkable because I/we (as a small to mid business) simply could not keep up with that. Sure. One of the real programmers we have (i'm not one of them) could come up with an auto-bot to respond to challenge-response, but then we end up back where we started, don't we?

I don't have the answers. But I do know what the answers aren't. And Whitelist/Challenge-Repsonse aren't it

Just my 3 cents worth of rant for today.

Well, fine, but...

[Pig+Hogger]

Well, this is fine, but why doesn't Joe Jared tels us HIMSELF to stop using his lists???

The non-communication only breeds rumours.

Sweet, Sweet Justice.

[eyez]

This isn't any different from any time spews blacklists anybody; They've never claimed to not blacklist legitimate people. And, it's impossible to contact spews to get yourself removed if unfairly blacklisted. Everyone in the world, who has been blacklisted unfairly by spews is now celebrating. Hopefully now, people using spews will realize that spews really is a poor solution to the problem, that causes more harm than it prevents.

Re:Sweet, Sweet Justice.

[paitre]

Collateral damage, as much as I detest it and is why I do all blocks locally as opposed to using a "published" DNSBL, -works-.
If an ISP has 5000 customers and 3/4 of them are unable to email family at AOL or Yahoo because they're being blocked due to ISP having a spammer or two, the spammers tend to get dropped.
There are exceptions to this, but by and large, collateral damage works.

And like I said, I think it's piss poor policy.

Re:Sweet, Sweet Justice.

[gid]

spews listens to usenet for unblock requests, my work's class c was black listed when we got it. I had to post to usenet, eventually I got a response and was unblocked, but ya, it's kind of a pain. I think spam assassin/filtering is a much better method, but I suppose a dual pronged attack is better, SA can use blacklists to rate email as well I think....

Re:Sweet, Sweet Justice.

[eyez]

[i]If an ISP has 5000 customers and 3/4 of them are unable to email family at AOL or Yahoo because they're being blocked due to ISP having a spammer or two, the spammers tend to get dropped.[/i]

Yes, this is indeed a poor policy. SPEWS exists so that the people who are violently against spam can pass the burden of fighting it onto the innocents who aren't as bothered by it.

Re:Sweet, Sweet Justice.

[Daniel_Staal]

No, it is different. This one is shutting down, and this is how the operator is making sure that everyone knows it is no longer functional.

It is a public service, of sorts. He is guaranteeing that no one is using the blacklist. That way it can't be misused by someone hijacking it, or just left in place by someone who doesn't care. It is shut down. And everyone will know it.

Re:Sweet, Sweet Justice.

[Mr+Bill]

Here again is another move that shows how responsible these idiots really are. To notify people to stop using their blacklist, they decide to blacklist the world. What a brilliant idea. After all email isn't really that important.

Email used to be one of the most reliable means of communicating on the net. You were always guaranteed that your message would either arrive, or you would hear about it (bounce). But with all of the email worms Microsoft has written (you have to admit these email worms/viruses practically write themselves), and the idiotic attempts at stopping the SPAM problem, email is becoming practically useless. mail admins are using blacklists and just dropping mail, which is effectively breaking the mail system. SPAMers may be the cause, but what is the point in destroying email all together. I would rather receive 100 SPAMs a day that loose one legitimate email that was intended for me. Sort of the same reason I am against the death penalty.

As blacklists go, SPEWS is the worst of them. They block entire netblocks so that innocent bystanders will fight their fight for them. If my IP gets blocked even though I haven't sent any SPAM, I am expected to bitch to my ISP and/or move to another ISP, and then maybe in a couple of months my IP might get removed from the list.

Reminds me of the way things work in the middle east. Pick either side, and they are using the same tactics. The Palestinians are blowing up civilians in the hope that the civilians left alive will do something about their problems. And the Israelli government is firing missiles into crowded cities to kill some suspected criminals and anyone else who happens to be within 100 meters of these guys...

Guerilla tactics like SPEWS employ won't work in the long run, and I am happy that SPEWS is getting hit hard.

SPEWS is claiming that the SPAMers are hitting them with this DDos, but I wouldn't be surpirsed if it was some disgruntled and innocent bystanders who were hit by the SPEWS "Collateral Damage" misile.

Re:Sweet, Sweet Justice.

[eyez]

No, SPEWS exists so that the people who are violently against spam can pass the burden of fighting it onto the people who are responsible for causing it, i.e. spam-friendly ISPs.

The fact that "innocents" are caught up in the block is unfortunate, but unavoidable from a practical standpoint. SPEWS doesn't list netblocks because they have a spammer or two present.

Idiotic rambling like this is exactly why spews was accepted at all in the first place.

When you post on NANAE and say "Help, i've been blacklisted but my company has nothing to do with spam!", Everyone replies with "Sorry, SPEWS is run by mighty space robots from the future who have travelled back in time to stop it SPAM from destroying the world. Unfortunately, we have no way of contacting them. Your only hope is to talk your isp into kicking off their spammer clients, or change isp's. Maybe the robots will unblacklist you then."

SPEWS doesn't consider the innocents being caught up as unfortunate, they consider them the target. The collateral damage is where they're trying to affect the internet.

If it was about blocking spam and ISP's they'd strategically blacklist ISP-critical machines and the spammers. There's no reason to blacklist the innocents. ISP's won't listen to them about not hosting spammers, and have you tried to find good decent hosting that doesn't rip you off? Especially if you're a larger site.

The "Collateral Damage" is the main damage spews hopes to cause, to try to get innocent people to fight their battles for them.

Re:Sweet, Sweet Justice.

[eyez]

HUNDREDS OF THOUSANDS of spam emails, OVER AND OVEr.. consumes bandwidth, cleanup AND has been known to knock machines off line from the sheer amount of crap.

You try running a mail server, even at a small ISP, and see how much crap you have to deal with.

I've done it. My point is that while blacklisting can have it's uses, there's two big problems with spews:

a) They blacklist people specifically to cause harm.
b) USING ANY BLACKLIST AS A CATCHALL IS STUPID. Nobody should be doing this, and anybody who is should be fired for incompetence. It takes more than 'Some group of people who have nothing to do with us have decided that there's a small chance that this could be spam' to efficiently block spam.

SpamAssassin seems to have this down; give everything a score, and if it has a high enough score, then you can block it. But trusting a single source whose purpose is to hurt spam rather than to efficiently block it and only it, and using that as a sole source, like so so so so so many people do, is just plain fucking idiotic.

Garbage

[josh+crawley]

I'm sorry, but this guy is a true blue asshole. My condolences for being DDoSed, but by banning "the world" to try to tell people to stop using his service ASAP, plenty of legitimate non-spam email got blocked, meaning that people may have to resend, and in some cases may not even know their email was missed. That's worse than spamming, people.

Oh, I forgot, the standard propaganda line from these SPEWS.ORG type anti-spam fundamentalists is "we didn't block your email, the ISP using our service did, blame them."

trusted signing of mail servers

[d00dman]

The coolest way we could stop spam from being distributed is to require mail servers to register with a trusted signer, and do the delivery over ssl. anyone distributing spam via a trusted mailhost would be promptly identified by their ssl signature, and anyone sending mail from an untrusted source could be rejected. there is already enough infrastructure in place for this to occur now. verisign and friends as trusted signers, and smtp-ssl. the only other thing required is the will to put it to work.

Monopoly

[yerricde]

They want you to get flamed to death as further punishment.

"Switch ISPs." So if a major residential cable modem ISP's mail server gets blacklisted, then how is anybody in any of the towns serviced by that cable company supposed to send e-mail to users of ISPs that use SPEWS?

Re:perhaps this is a lesson that needed learned

[Cogneato]

My point exactly. You hit me to get me to complain. Did you ever think that I don't want to take that active of a role in your war? Did you even bother to ask me if I wanted to participate? Are you, or anyone who uses the list offering to help me out with the costs of forcing me to be your soldier?

Here's the deal I am willing to make: if you are going to block an entire C block that I am part of, send me an email and let me know and then I will happily complain to my ISP until I am red in the face. I am willing to make that promise.

But... if you want to just slam me on a list without any regaurd for the costs it will incur for me, then don't expect me to be a happy little soldier. It's just not going to happen.

OH boo hoooooo

[NitroWolf]

Somebody call the waaaaambulance.

I'm an anti-spam nazi, and SPEWS gave us all a bad name. I'm glad SPEWS is dead, and it needs to stay dead. It did nothing good for the anti-spam movement, only exacerbated the situation. With no appeal process and the total lack of caring for innocents leaves me with nothing but happiness to see this travesty of justice get blown into oblivion.

Sometimes, the enemy of my enemy is my friend...

Goodbye Spews... we won't miss you, you hulking piece of ill-thought out crap. Let me wave goodbye with my middle finger.

Now, maybe System Admins without a clue will be forced to take real steps to protect their users from spam, instead of playing the lazy asshole and taking the Hail Mary approach that is SPEWS and hoping for the best.

I feel greasy, now... to have agreed with spammers. I think I'll go take a shower.

It matters not... "Son of SPEWS" will rise...

[KC7GR]

I would guess it will take no more than three months for another blocklist, very similar to SPEWS, to rise from the ashes. Remember that SPEWS, and the anonymous group of admins that made it up, are still Out There -- they're just without DNS at the moment.

One important point to remember is that Joe Jared himself was NOT SPEWS. No one ever knew who they were (at least no one that will admit to it). He merely acted as a reflector for their listings.

Another thing to remember is that a DDoS attack -- ANY DDoS attack -- is a criminal act. If the release of the recent incarnations of the SoBig worm and the DDoS attacks against SPEWS are indeed related, then it only proves that spammers are indeed criminals.

For my part, I've already seen an increase in spam as the result of losing access to the SPEWS DNSBL. I've had to update our local blocklist six times today, and that's really unusual for my setup. I suspect I'll be fairly busy over the next couple of weeks, doing a little of the same each day.

Spammers may have won a battle today. They're a LONG way from winning the war.

The usual glib criticisms of SPEWS

[crucini]

If it was about blocking spam and ISP's they'd strategically blacklist ISP-critical machines and the spammers.

Please tell me more about these ISP-critical machines that don't affect innocent users. But then why are they critical?

As for narrowly listing spammers, it's been tried. Sleazy ISPs move the spammers around to evade such blocks.

Re:sad news, but there are alternatives

[targo]

Then be part of the solution and start fighting network abuse in your country.

BTW, what have you done to fight abuse in the US?
To me personally, spam blacklisting is a much bigger problem than spam itself because many organizations abroad (like some departments of my former Uni) with whom I sometimes have to communicate (I live in the US right now) blacklist all major US ISPs (MSN, AOL, Yahoo, AT&T) and justify this behavior with the arrogance of US sys-admins that tend to block all foreign mail. This tit-for-tat behavior does not benefit anyone and if anything pisses me off it's the arrogant attitude of sys-admins who for some reason forget their place and think they have absolute power to decide with whom the people in their organization may communicate with and with whom they cannot.

Libertarian Newspeak Doesn't Negate Censorship

[FreeUser]

I'm not sure it can be correctly called censorship - that requires a governmental entity.

That is a fucking myth, and I am sick and tired of hearing people parrot that nonsense. Saying a business can't censor because it isn't a government is akin to a black man saying he can't be racist because he is black. These are both examples of the same logical fallacy: just because a behavior is traditionally associated with one entity or group doesn't mean it is impossible for another entity or group to begin behaving in exactly the same behavior.

Obviously, anyone of any ethnicity is capable of becoming a racist, just as anyone with any power or influence over others is capable of engaging in censorship.

Responsible parents routinely censor what their kids see and hear. We as a society, by and large, find this to be an acceptable form of censorship.

Many religions routinely censor what their congregations are and are not allowed to see and hear (the Catholic church has had a censorship office for centuries, but they are hardly alone. The Mormons censor what they deam inappropriate for their membership, just as the Jehovah's Witnesses do, and I really don't need to cite example after example for Islam, do I?).

And finally, yes, many, many companies engage in censorship, both the obvious 'media' companies that bury stories they don't like or can't be bothered with, as well as other more subtle businesses (like Monsanto pressuring Fox News into not running a news story on how their hormone saturated milk was actively harmful to the health of children, an action that resulted in Fox News firing two reporters who refused to disavow their story, and said reporters winning a lawsuit against Fox News under Florida's whistleblower laws).

Anyone with any form of power over another, be it parental, religious, corporate, or governmental, has the power in some capacity to censor information available to those less powerful. It is a telling, and appalling, commentary on our culture to observe just how common this sort of censorship is, and how eager we have become to silence those with opposing viewpoints, rather than to argue the counterpoint (as I am doing here, for example).

Your Libertarian Newspeak definition of censorship is plain wrong. You may have the right to censor what comes across your network, and you may chose to excersize that right, but don't think for a moment you aren't engaging in censorship, or think you can convince the rest of the world (a few gullible moderators aside) you are not simply by trying to spin your verbiage.

And lest there be any doubt as to what censorship is:


censorship
n.

1. The act, process, or practice of censoring.
2. The office or authority of a Roman censor.
3. Psychology. Prevention of disturbing or painful thoughts or feelings from reaching consciousness except in a disguised form.

censor

1. A person authorized to examine books, films, or other material and to remove or suppress what is considered morally, politically, or otherwise objectionable.
2. An official, as in the armed forces, who examines personal mail and official dispatches to remove information considered secret or a risk to security.
3. One that condemns or censures.
4. One of two officials in ancient Rome responsible for taking the public census and supervising public behavior and morals.
5. Psychology. The agent in the unconscious that is responsible for censorship.

tr.v. censored, censoring, censors

To examine and expurgate.

(source: dictionary.com)

You will notice, that with the exception of historical references to Rome, none of these definitions presuppose governmental authority over just plain authority, indeed, quite the contrary.

Re:Libertarian Newspeak Doesn't Negate Censorship

[Abm0raz]

As a Liberatarian, I have to say ... you are 100% right. The act of censoring is NOT limited to the government. ANYONE can censor. Censorship (in layman's terms) is preventing another individual or group from receiving all or part of a communication. What the ORIGINAL poster SHOULD'VE said is that it's only ILLEGAL for the Government to censor private citizens, except in the cases where the lack of censorship would lead to injury (yelling "FIRE!" in a movie theater), intimidation (blackmail, threats), or immediate damage to public or private property (unauthorized protests). There are a few other minor cases such as outlawing porn to minors and where the act disrupts public proceedings or safety, like a mime performing on a major interstate.

Now, that being said, the Government is in no way OBLIDGED to reward "free speech" either. If the government gives an art museum $1,000,000 in grants a year to showcase art through the National Arts Endowment and then the bigwigs there see a statue of the virgin mary covered in blood and feces displayed as art, they are well within their rights as a governing body to NOT renew the grants. This is not censorship. The government is NOT required to reward behavior that it doesn't find acceptable, regardless of whether that behavior is legal or not.
The same way the Lesbian, Gay, BiSexual, Transgender Association on here on campus had a "SexFaire" and "CuntFest" a few years back that "promoted safe sex and raised awareness of students inherant sexuality". About 200 of the university's 45,000 students went to it, but it became a big deal cause they handed out condoms, gave kissing lessons, and other stuff that escapes me at the moment. The state government heard about it and decided to cut the universities funding because the groups that put on these events used campus funds. Were the censored? No. They were no longer rewarded for their behaviors. The money was given to them for free before and they lost that priviledge.

"Don't bite the hand that feeds you" comes to mind.

-Ab