Slashdot Mirror
Osirusoft Blacklists The World
NSXDavid writes "Earlier today our site mysteriously ended up on Joe Jared's Osirusoft SPAM blacklist which is used by lots of antispam software (like SpamAssassin and sendmail). Since he is currently under a serious DDoS attack, there was no way to appeal this decision. We contacted Mr. Jared by phone who informed us that 'everyone needs to stop using Osirusoft and that he's going to be shutting the service down.' Then he says he's going to blacklist 'the world' (aka, ban *.*.*.*) to get his point across. Later on this evening, he apparently went ahead and did just that. Succumbing to lawsuits and DDoS, a once great blacklist is dead. SpamAssassin is removing it from their config in the next release (rc3) and email admins around the globe are reconfiguring their mail servers."
It may take a little more work, but the only solution to spam is the whitelist.
The non-communication only breeds rumours.
long live whitelisting
This isn't any different from any time spews blacklists anybody; They've never claimed to not blacklist legitimate people. And, it's impossible to contact spews to get yourself removed if unfairly blacklisted. Everyone in the world, who has been blacklisted unfairly by spews is now celebrating. Hopefully now, people using spews will realize that spews really is a poor solution to the problem, that causes more harm than it prevents.
get 0wned. irc.w30wnzj00.com
I'm glad I read this; I got a bounce message earlier saying one of my emails was blocked due to our corp. mail server being blacklisted by relays.osirusoft.com, and I drove myself just about mad trying to figure out how or why.
AC comments get piped to
My co-located server has been blacklisted by SPEWS for months now. And it's only because of a spammer elsewhere on my two-providers-up-the-chain regional ISP. And the spammer is on a different C-class entirely, yet my IP range was still included as punishment to the ISP. The fact that I suffer as a result doesn't matter to these people. Changing providers is not an option for me at this point (long story) so I've just had to live with it. I can't email several friends, and regularly field complaints from people who host on my server.
I believe in fighting spam, and I think that blacklists are a good idea to a certain degree, but I've always felt that SPEWS was too draconian, and had no option for recourse for those of us who were (as they put it) "collateral damage".
I posted to the referred newsgroup a few times, and got nothing but venom from the locals.
I'm not sad to see them go.
-- b0rk.
For mail admins around the world try these alternatives.
bl.spamcop.net
one of the best blacklists, it catches a huge % of incoming spam, and virtually no collateral damage.
blackholes.easynet.nl
almost as good as spamcop, and seems to nail a lot of the spam hauses
dynablock.easynet.nl
nukes a lot of the dsl and dialup spammers
argentina.blackholes.us
south american country, what more needs be said ? : )
brazil.blackholes.us
ditto
cn-kr.blackholes.us
china and korea, what more need be said ? : )
turkey.blackholes.us
whole lotta spammers here
sbl.spamhaus.org
a bit too conservative for my tastes, but gets a lot of spam gangs, and has very low collateral damage
bl.reynolds.net.au
if you want to use the spews list, this provides a feed for it
malaysia.blackholes.us
another spammy asian country
wanadoo-fr.blackholes.us
one of the worst european isps
hongkong.blackholes.us
another spammy asian country
Lawyers, MBA's, RIAA? A jedi fears not these things!
I'm sorry, but this guy is a true blue asshole. My condolences for being DDoSed, but by banning "the world" to try to tell people to stop using his service ASAP, plenty of legitimate non-spam email got blocked, meaning that people may have to resend, and in some cases may not even know their email was missed. That's worse than spamming, people.
Oh, I forgot, the standard propaganda line from these SPEWS.ORG type anti-spam fundamentalists is "we didn't block your email, the ISP using our service did, blame them."
One idea I've had (or maybe I've heard it somewhere else, I can't remember) is authorization. Change the protocol, or maybe just implement at server, so that before anyone can send you an email they have to request permission. In that request they would identify themselves, and before they start emailing you stuff you would have to send them back permission. Anyone that is in your contact list would automatically be given permission. If it turns out to be spam you could revoke permission. Also analyze the email header and do reverse lookup to see if the domain names resolve properly. If a domain is spoofed, deny it automatically.
Perhaps this has been done before, and I'm sure there are flaws, but I am tierd of hearing about how big a problem this is, without hearing any good ideas about fixing it. Any other thoughts?
Sigs are out of style, so I'm not going to use one...oh wait..
I can't completely describe my satisfaction with Bayesian filtering. I've been using SpamBayes for a few weeks w/ Outlook (please don't smite me), and it hasn't let me down. I have received absolutely no spam in my inbox these last couple of weeks. Granted, I built up a collection of >500 unwanted e-mails, but it only took a couple of days :)
Robert Bindler
A Computer Science student's views on technology.
A blacklist is like the death penalty -- there is no 100% surefire positive no-mistakes without prejudice way to protect the innocent.
Look at the results of blacklists as similar to the casualties produced in a war -- you may kill a good many of the enemy, but how many of them were civilians?
As someone who was blocked by both osirusoft and spews as part of their policy of blocking entire IP blocks, I feel no pity for them or for those who use them. In fact, I hope that at least some of them are learning their lessons.
The IP address of my server happened to fall a few dozen numbers away from that of a spammer. As a result, it cost me thousands of dollars in lost time and expenses to track down the issue, contact my isp and have them contact whoever it is on Mt. Self-Righteousness that takes you back off the list. Getting on the lists takes day(s), while getting off the lists takes weeks.
Blocking entire IP blocks is nothing short of techie-terrorism. In other words, you can't convince the real wrong doers to stop, so you harm the innocent bystanders to try to get them to revolt.
SPEWS and those that support them point the finger at the ISP while purposely hurting innocent small businesses like mine. It's time they take responsibility for the tools they provide, and in this way, they are no different than Microsoft.
This could turn into the same sort of gang-induced protection rackets as in meatspace. What would a company or individual do if a cracker group sent them an email saying, in effect, "Do $this or you're off the net."
It's hard to see a good technical solution for this. It's a tort--and possibly assault---like any other physical intimidation tactic, and will probably only stop if legal means are brought to bear.
Unfortunately, tort suits are hard to press across continents.
The coolest way we could stop spam from being distributed is to require mail servers to register with a trusted signer, and do the delivery over ssl. anyone distributing spam via a trusted mailhost would be promptly identified by their ssl signature, and anyone sending mail from an untrusted source could be rejected. there is already enough infrastructure in place for this to occur now. verisign and friends as trusted signers, and smtp-ssl. the only other thing required is the will to put it to work.
In your prefs file:
score X_OSIRU_OPEN_RELAY 0
score RCVD_IN_OSIRUSOFT_COM 0
score X_OSIRU_DUL 0
score X_OSIRU_SPAM_SRC 0
score X_OSIRU_SPAMWARE_SITE 0
score X_OSIRU_DUL_FH 0
Everything's gonna be all right.
SPEWS probably only had about 2 or 3 IPs left that weren't blacklisted anyway.
I'm willing to bet the big news carriers would give an account to any legitimate operators of such a service. Sign every post from trusted list creators with a public key to ensure validity, and it would be nearly impossible to ddos the service.
Ooooh... what about making the list itself a p2p app? Perhaps this could be a great excuse to motivate some big corps to install some freenet nodes...
im not in charge of the servers. im just a programmer. my boss is in charge of our 5 servers. i know for a fact one of them is currently being used as a spam relay. its exchange 5.5 on NT.... the reason i suspect this is that there is a large amount of outbound messages rejected, being sent during non-working hours. I shudder to think of the messages that are getting through compared to my reject log.
well im not in charge of the servers, it took several days to convince my boss that there was a problem, several more for him to understand how much this problem sucks...
so if you could tell me how to secure my(bosses) server i would greatly appreciate it... (and yes, i understand linux would not have this problem but that is not an option right now)
i dont want to get blacklisted. the economy sucks enough right now.
Thanks.
I run a Postfix setup which uses Osirusoft as one of its blacklists, and going through my maillogs I see that the RBL was unresponsive early on the 24th, and then started answering again later in the day. It was down the 25th and most of the 26th, until it briefly came on and started answering only some of the requests with "blocked using relays.osirusoft.com, reason: Please stop using relays.osirusoft.com". But it wasn't rejecting everything as the 2nd article says - just a subset of our mail. The rejects might even have been legitimate blacklisted IPs - perhaps they just changed the rejection message so admins would see it in their logs?
Additionally Postfix is a smart enough MTA so that during the RBL downtime it didn't reject any mail - the default behavior is to deliver if the RBL can't be contacted.
Having been myself unfairly blacklisted (not by Spews, but by another list) because of the actions of my ISP, I really have come to have serious issues about the blacklisting process. I understand the principle - get innocent bystanders pissed off at their ISPs, then have them complain to their ISPs, or switch ISPs, and then ISPs change their behavior.
The problem is that many people, for a variety of reasons (geography being one) can't change ISPs, and many ISPs (mine included) did nothing in response to my complaints (because they knew I wasn't going to move). So what does this do? It certainly doesn't help anyone!
I hate spam as much as the next gal, and I think that the SpamAssassin approach (which is to label mail as spam depending upon certain criteria) is a much, much better approach than blacklisting.
They want you to get flamed to death as further punishment.
"Switch ISPs." So if a major residential cable modem ISP's mail server gets blacklisted, then how is anybody in any of the towns serviced by that cable company supposed to send e-mail to users of ISPs that use SPEWS?
Will I retire or break 10K?
This shutdown seems to be in response to a several-week-long DDoS attack on Osirusoft,
They guy is dealing with a huge DDoS attack and we link his page from the front page of /. ??
I guess we can't make things any worse, but come on. Give the guy a break.
I recently saw a copy of this email from the Spamhaus project saying that they would no longer be making their blacklist available through other 3rd parties such as Osirusoft. Perhaps this sparked the shutdown of the Osirusoft project?
Date: Wed, 6 Aug 2003 18:42:07 +0100
From: Steve Linford
To: nanog@merit.edu
Subject: SBL soon only from sbl.spamhaus.org
If you currently use the SBL by querying the master zone
sbl.spamhaus.org then you can ignore this message.
If you are using the SBL via 3rd party composite DNSBLs and not
directly from sbl.spamhaus.org, then please read this as the
following change affects your DNSBL setup.
For a long time the SBL has been available either directly from
Spamhaus (as sbl.spamhaus.org) or via 3rd party composite zones such
as relays.osirusoft.com (as spamhaus.relays.osirusoft.com) and
blackholes.easynet.nl which import SBL data from Spamhaus. This
distribution is now changing. In order to better manage SBL
logistics, DNSBL zone and query traffic, from Monday 11 August 2003
the SBL should only be available from sbl.spamhaus.org.
The fact the SBL was available from multiple DNSBLs was causing some
confusion, plus other small factors (such as the different zones
having different build times - which for example meant that we'd tell
someone an IP had been removed, but they'd contact us a few hours
later to say it was still blocked), plus the likely emergence of
further composite lists which may add confusion, meant that it was
time to make a change now rather than in a year or two.
So, if you are not using sbl.spamhaus.org but would like to continue
using the SBL, please add sbl.spamhaus.org to your mail server's
DNSBL list.
--
Steve Linford
The Spamhaus Project
http://www.spamhaus.org
As a good blacklist? They are notoriously difficult to get off if you find yourself on the wrong end of their 'mission'.
-EB
Do you ever walk alone like a drifter in the dark?
I have been fighting problems with spews for months with the last 3 Class C IP blocks that we have recieved. It was the worst attempt that I have ever seen at a blacklist. Seems like they should have whitelisted everyone instead of blacklisting them. Going to be a lot of pissed off people tomorrow im sure.
See:
/not/ use the spamcop DNSBl for blocking, as Spamcop themselves state.
http://spamcop.net/bl.shtml
You should
Spamcop list on a statistical basis, based on headers of spam reports they receive. This means they also blacklist the upstreams of regular spamcop users (because if all of spamcop user X's mail comes to him via ISP Foo, then ISP Foo's mail server will be in all of user X's spamcop reports).
Do not use spamcop DNSBl for blacklisting - use it tagging or scoring.
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
Although the vast majority is filtered, I get as many as 2000 spams per day, personally (the downside to having the same email for 8 years). And I am NOT sorry to see SPEWS go. There's no question SPEWS was effective at getting spammers kicked off their networks. Likewise, arresting everyone in a town every time a crime was committed would probably be effective at stopping crime. That doesn't mean it is a good idea. When a blackhole list has something like a 100:1 legit-mai:spam ratio for blocked messages, the ends no longer justifies the means, in my book. I've had more legitimate mail blocked to or from me or companies I've administered servers for by SPEWS than any other cause in the past few years.
Now, let's continue to turn our attention towards methods of stopping spam that don't involve dropping 100x as much legitimate mail.
I think you also need to add this line:
score RCVD_IN_OSIRUSOFT_COM 0 0 0 0
because all those X_OSIRU_* rules add on to the score of this base rule.
maybe you should have found out about it months ago when Jared announced the fact in various online forums -- forums that any responsible person calling themselves an admin should take it upon themselves to read, especially when they are using an RBL whose policies are not under their control. hell, you could have just bothered to occasionally read the news updates on his website.
blocking the world is what happens to clean up the idjits who are still using a DNSBL weeks or months after it's been announced that the list is shutting down.
jeez.
I don't see the problem. Well, personally at least. I mentioned to the wife, in March I believe, that I sensed something and nailed it on the head (spammers hi-jacking Windows PC's for relaying).
.01 of nothing that I'd want to show any REAL programmer at least. :) It's dirty, ugly, yet very effective...
:)I started peppering the Internet with email address' on USENET, and then web pages, etc.
:) -- and I frankly don't personally see it anymore. Literally. NONE. I read about it in the logs, of course. :)
/24 subnet. I arbitrarily see X number of subnets and I block the /16 subnet.
/8 ball after that and those are pretty much final. 210, 211, or 212 ring a bell to anyone?
... I'll take care of it...
/24 subnets [255]) :)
I have got to say. I sure do like the Unix's. Linux, BSD, OS X -- doesn't matter. A little thinking, some *shell* scripts, and even a few hack job "vi" scripts. Version
I've tried spamassassin, this filter, that filter. For me, my way seems to be working _very_ nicely. I use it at home (Linux), at work (Linux & BSD) and for a few architect friends/clients (OS X). Years ago now (right after the lawyer's emailed me
Those are my harvesting address'. Nobody should EVER email them, realistically. Oh the spammers like to try dictionary type attempts/attacks. Thanks -- I added those to the alias database as well for future attempts.
A couple of hacked up scripts (I'm working on it in C for even FASTER speed and some learning
Can it scale? Sure -- I'm figuring between 3-500 messages a _second_ isn't a problem. More will simply get queued and then I may notice a "lag" on my server. Bring it on. 1 IP and I whack the entire
It's the
Sure -- sometimes somebody will in inadvertently get blocked. The bounced message directs them to a web page explaining what to do next. BEST solution is to call me. You know me right? Heck, you probably have my 800 number... Oh, you DON'T? Piss off then.
Heck, I even spell out a completely external email address (@Mac.com) that you can forward the blocked message to
Ever wonder what those MAILER-DAEMON messages are all about? The Windows user's machine _starts_ the transmit of the message and disconnect. Your mail server sits there waiting for data from them to a local user -- which becomes un-deliverable and drops a note to whatever you use for the postmaster (can't publish THAT anymore, can we?).
Re-routed now. Thanks, got ANOTHER IP subnet to black ball.
I've racked up a large chunk of the Internet already -- and the stat's only seem to be increasing. Of course I've "white-listed" specific IP's of ISP's mail servers as needed. 3 so far I think. Most ISP's will put their mail server on a different subnet than their assigned IP's. Thanks. 1 white-listing was for a dedicated single IP user who's neighbor turned out to be a spammer. He had words with his ISP -- the spammer was kicked after that turned into conference call.
Sure -- some loser ISP will see more money from the spammer and side with them. We all know those ISP's -- and I've seen the same IP ranges in their listings as mine. I doubt the legit customer will remain there for long as I know I'm not the only one blocking them. Ultimately $$$ talks and the spammers are going to run dry eventually. They're now resorting to theft of services since they can't find legit connections anymore...
REJECT(S) TODAY: 482
Subnets Blocked: 434210 (110289340 total hosts in the
Percentage: 2.834% (3906250000 Internet addresses' [~3.9 BILLION] Served
Subnets TODAY? 142 (36068 total IP's)
Harvested: 49 messages
URL Lookups: 0
That's 49 messages today to some dummy account. No hits for the right web page (from a blocked message) in the logs... 142 IP's (now complete subnets
I understand that they want to get a point across, but blocking *.*.*.* is a very bad way of doing it. This'd probably break the default and current configurations on thousands of systems relying on SPEWS for blacklisting. They should ALLOW *.*.*.* instead, which would allow anything that depended upon SPEWS to operate as it would if SPEWS simply didn't exist. Since SPEWS doesn't exist anymore, that would make perfect sense.
Blocking *.*.*.* is a way to get people to stop using the server very quickly, though.
This is bull. relays.Osirusoft.com was mainly a composite zone - data from other sources (eg SBL, SpamHaus, SPEWS) made available via a convenient DNSbl service. Joe had little to do with the content, only with hosting it, at considerable expense to himself.
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
There are actually two different anti-spam goals. A few people have both of these goals, but quite many people have only one or the other:
The first goal includes such things as making sure children and sensitive adults don't see porn spam. But lots of people are simply offended by the spam, especially porn or body part enlarging spam. And others are simply offended by someone assuming they were interested in a great money saving offer for something they have no need for. This first goal seems to be what most people have, and what the current political rumblings are about.
The second goal is one a lot of people are not aware of, or don't understand. yet it is as serious a goal, if not more so, by certain groups of people. This involves reducing the network bandwidth and server processing resources used by the spam, or stopping it entirely. These things cost money, and it costs about 10 to 40 times as much money to receive (delivered) spam as to send it. It still costs 5 to 10 times as much just to take the SMTP connection, carry out the talk, discover it's a spammer, and refuse the spam.
In other words: the spam problem is not solved by blocking spammers ... just reduced in cost a good bit.
Solutions that involve scanning spam content for the nature of what spam looks like does not help reduce the costs at all. In fact it increases it because all this extra processing is now done by the server, and the network bandwidth is used to send the content that might otherwise not have been sent.
To those, like myself, whose goal is to reduce costs, SPEWS was a great tool. It was very effective in blocking spammers, plus it forced quite a number of ISPs to terminate the spamming scumbags that slipped into their networks under the guise of legitimate customers. In that way, it worked; it did what it was supposed to do. Too bad a few other ISPs were too stubborn to deal with the problem, and too many customers of spammer harboring ISPs whined more about why SPEWS was targeting them, and making excuses why they could not switch to a decent ISP (excuses that didn't apply in 99.9% of cases). Unfortunately, quite a lot of people simply never "got it" as to what the purpose of SPEWS was. The SPEWS web site was more geek/admin talk, and not well enough written for the average person to understand. I was starting to work on my own "how to get out of SPEWS" document, but I just haven't had time to put in on it.
There are a lot of things people say as to how to stop spam. The one I hear most often is that if people would just delete the spam, or if network admins would just block only spammers and no one else, then spammers would cease making money and would stop. This is simply not the case. First, not everyone will do this. We see from these recent worms and virii that way too many people don't patch their computers anyway. There will always be gullible people who respond, and there will always be spammers to take their money.
The real way, and I think possibly the only way, to stop spam, is to treat all spammers as equivalent to cyberspace terrorists. Take no prisoners, and take no excuses.
Remember, spammers don't care what people who will never respond do with the spam they send. They don't care if you press delete, or filter it out with SpamAssassin, or even block them. They don't care because you aren't going to make any difference to them anyway. And if you do block it, you won't be complaining to the spammer's ISP, and hence, they get to spam even more. To a spammer, someone who blocks their mail is better than someone who gets their ISP account terminated. This is part of why just blocking spammers is actually making the problem worse.
now we need to go OSS in diesel cars
What about local blacklists? Am I under some legal obligation not to use a blacklist on my server which I use to host e-mail accounts? What's the difference between my local blacklist and SPEWS?
Idiots need to learn that no one is obligated to allow others unrestricted use of their private resources. You don't have a legal right to tie up MY CONNECTION and MY HARDDRIVE with YOUR CRAP.
Can't send an e-mail to my server because I blocked your domain? Too f-in bad. Contact your "customer" with a letter or by phone. The first amendment doesn't override my ability to mark you as trespassing on my property if you attempt to tell other people who reside on my property how you like to suck on a horse. In fact I have a right to ban people who wear funny hats from my property if I so choose. It's MY PROPERTY. I CHOOSE who can be on it.
Blacklist == restraining order.
Last I checked those were still legal. You don't have a first amendment right to talk to your ex wife who you beat and banned you from comming near her.
People who try to pretend the first amendment grants them some kind of right to my resources needs to go back to kindergarten and start the educational process all over again.
Ben
Work Safe Porn
I've seen a LOT of people here who are glad that osirusoft is down because they've got listed along with the spammers in the past. I think they are missing the point on why they got listed and I will attempt to explain the philosophy of the more militant blacklists like Spews, Osirusoft, etc.
/24 then he was orginally in.
Many mail admins (including myself) consider spam to be network abuse and liken it to a criminal offensive. Simply blocking the IP of the spammer itself has been shown to not work very well or for long as the spammer jumps to a different ip addy, often in a different
In response to isp's shuffling the spammer around, more agressive blacklisting was done by the above mentioned blacklists. This instantly got a lot of the isps to pay attention and clean out their spammers. It also pissed off a lot of "innocent" users as well.
I say "innocent" because technically they are not pure white innocent, but more of a gray color innocent, because directly or indirectly, they ARE supporting spam. How so? Imagine the following.
Your next door neighbor is an islamic terrorist (spammer). Definitely a criminal. And his landlord (isp) (who is also your landlord) knows he is a terrorist and continues to willingly provide housing from him. In response, the FBI (the blacklists) blocks off your entire street (/24) (which the landlord owns all the housing on) and conducts house to house searches looking for terrorists. You complain when your house is searched. "But I am not a terrorist (spammer)". After finding out your landlord is housing terrorists, you continue to live there and pay rent to him, even though he is harboring terrorists and refuses to remove them off his property. As a result of you continuing to support your landlord finacially, your house keeps getting searched every so often (you stay on the blacklists with the spammer).
Now what do you do? Do you keep paying the landlord and supporting terrorism indirectly? Or do you move out and get a better landlord ?
Thats why you guys are on blacklists. Its not that you've done anything directly wrong, but your supporting spammy isps. The quickest way to find out if your isp is a spam haus, go here.
http://www.spamhaus.org/sbl/isp.lasso
Lawyers, MBA's, RIAA? A jedi fears not these things!
Somebody call the waaaaambulance.
I'm an anti-spam nazi, and SPEWS gave us all a bad name. I'm glad SPEWS is dead, and it needs to stay dead. It did nothing good for the anti-spam movement, only exacerbated the situation. With no appeal process and the total lack of caring for innocents leaves me with nothing but happiness to see this travesty of justice get blown into oblivion.
Sometimes, the enemy of my enemy is my friend...
Goodbye Spews... we won't miss you, you hulking piece of ill-thought out crap. Let me wave goodbye with my middle finger.
Now, maybe System Admins without a clue will be forced to take real steps to protect their users from spam, instead of playing the lazy asshole and taking the Hail Mary approach that is SPEWS and hoping for the best.
I feel greasy, now... to have agreed with spammers. I think I'll go take a shower.
I would guess it will take no more than three months for another blocklist, very similar to SPEWS, to rise from the ashes. Remember that SPEWS, and the anonymous group of admins that made it up, are still Out There -- they're just without DNS at the moment.
One important point to remember is that Joe Jared himself was NOT SPEWS. No one ever knew who they were (at least no one that will admit to it). He merely acted as a reflector for their listings.
Another thing to remember is that a DDoS attack -- ANY DDoS attack -- is a criminal act. If the release of the recent incarnations of the SoBig worm and the DDoS attacks against SPEWS are indeed related, then it only proves that spammers are indeed criminals.
For my part, I've already seen an increase in spam as the result of losing access to the SPEWS DNSBL. I've had to update our local blocklist six times today, and that's really unusual for my setup. I suspect I'll be fairly busy over the next couple of weeks, doing a little of the same each day.
Spammers may have won a battle today. They're a LONG way from winning the war.
Bruce Lane, KC7GR,
Blue Feather Technologies
They're now resorting to theft of services since they can't find legit connections anymore...
Spam is always theft of services. They're just doing it more blatantly now.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
SPEWS' main problem was a complete lack of concrete methodology for who gets added to the list and who gets taken off. My company, who I won't name, was placed on SPEWS several months ago for the crime of being in the same state as a company with a similar name. Apparently, the people who run it have a fetish for conspiracy theories, because no less than 3 large companies were listed in the "trail" that lead to mine.
Even worse, since we were already "guilty", they wouldn't listen to our pleas of innocence, the dirty spammers that we were.
No, I don't feel sorry for these guys one bit. Their methods were about as good as the Salem Witch Trials. Most likely they weren't DDoS'd by spammers, but by people tired of the carpet bombing approach. You don't get away with banning a large ISP for one spammer, and you don't get away with trying to force your agenda on the world.
Good riddance.
Finally, a blacklist that doesn't let any spam mail through.
Sigs are like bumper stickers.
Please tell me more about these ISP-critical machines that don't affect innocent users. But then why are they critical?
As for narrowly listing spammers, it's been tried. Sleazy ISPs move the spammers around to evade such blocks.
Just one zero is needed, as it will disable the test for all modes.
By default, the OSIRU tests are enabled only when running network mode only, so if you havent customized your configuration and changed that, then you are in the clear - but it's a good idea to disable these tests nonetheless.
Logical depends on how you look at it - the problem is that if he simply takes it down, people dont deconfigure their systems to query his map and he continues to receive a flood of DNS queries - relays.osirusoft.com was high traffic, in excess of 300 queries/sec per server (at a time when there were 6 of them).
In order to stop the traffic he has to *force* people to deconfigure.
Does it seem more logical now?
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
Spam is starting to hurt me a lot worse than I would have ever imagined. It's not the volume of spam I get, which is obscene, but rather the shotgun anti-spam efforts that we somehow get caught in.
:(
About a month ago Earthlink decided we were sending out spam and cut us off. So, despite the fact that we have no relationship at all to spam, we were unable to communicate with any of our customers who use Earthlink. After appealing, they realized the mistake and removed the block. How did it happen? Seems that if an Earthlink customer just accuses you fo spam you can end up on the list. Thankfully cooler heads prevailed at Earthlink and the matter was resolved quickly.
We were blocked by AOL once too. How ironic since we use to be their #1 3rd party content provider back-in-da-day (remember hourly?). They should have know about us. (grin) Fortunately that was resolved too.
Then, of course, today we got hit by SPEWS and that lead to our phone call to Mr. Jared. The poor guy was frazzled, and rightly so. But we had a legit beef...
Our business is entirely web based. We have to deal with a heavy volume of customer feedback, all of which want fast responses. Any hickup and we can get really far behind. But when we get blocked, we're almost helpless. We get an email "Hey, my character got killed by a ravenous bugblaster beast from trall!" And we write back, "Oh my, let me restore your character!" only to have it be filtered out by some shotgun blacklist. They get no response and start flaming us for "not responding". A day or more of this and things get really messy.
You start to feel like you are at the mercy of some so-called "authority" that could not care less about your guilt or innocence. If he or she wants to, they can just take you out. We've participated in opensource, contributed back, done the good netizen thing... yet this real-time blacklist thing hangs over us. We never know when something else like this is going to bite us. And maybe next time there won't be any appeal.
David Whatley
I've only seen it a couple times, but I get an email with a paragraph of words that are both fairly common AND fairly unlikely to appear in spam, then the spam plug. Since it has words in it that, due to your corpus of previously received mail, are very common in non-spam and non-existent in spam, it walks right through the filter.
Now, you could flag this message as spam, but then you slowly destroy half of what makes Baysian filtering work: The list of words that are not in spam.
Baysian filtering will probably be effective for a year at best.
paintball
First, this is more like because there's a terrorist in a town 30 miles from you, the military parks a tank in your living room until that terrorist moves out of state.
/10 as my ISP happens to have a similar name to my ISP. (the spammer was once a customer of my ISP; they spammed, they were removed. They moved across town to ISP #2, and continued to spam. But customer name and my ISP name are highly similar. Spews concludes they are the same company, despite NO evidence but the name. Result: my ISP is permanently blacklisted on spews because of a spammer that is NOT on their network). Both sets of IPs -- my ISPs and the spammer's new ISP -- are in the same evidence file, and my ISP continues to look 'fresh' as a spammer because of activity on the other net.
Second, were you aware that by consuming fossil fuels, you are funneling money the middle east, which produces almost all terrorist threats to the United States? That's supporting terrorism. I don't see you volunteering to stop buying fossil fuels until the OPEC countries clean up their terrorist problem.
Third, the idea behind spam prevention is to make email MORE USEFUL for legitimate users. SPEWs does not meet that criteria, because it causes more problems for legitimate users than gain. Moreover, it hides the true cost because few people are fully aware of what spews is doing and why. Even most email admins using spews are NOT AWARE of how it operates. They should publish their philosophy everywhere related to it. If every SPEWS doc had said, "We block enormous blocks of legitimate users, trying to use collateral damage to force ISPs to take action against their tiny fraction of spamming users", SPEWs would be irrelevant today.
Finally, spews is horribly non-responsive and error prone. I still have a colocated server blocked because some ISP on a block that's not even in the same
put the following line in your local.cf:
score RCVD_IN_OSIRUSOFT_COM 0
The online checker repeatedly told me that my server would be scheduled for more tests, and would then be removed from the blacklist.
But this never happened. No further checks were made. My server was never removed from the blacklist. And what's more, Osirusoft refused to reply to any of my e-mails. They refused to even explain why they were blacklisting, despite the fact on several occasions I politely requested either removal from the blacklist, or an explanation as to why I was on it. Ultimately I had to get a different IP address for the machine in question, which was exteremely inconvenient.
I'm strongly opposed to spam. However, any company that offers services to block spam have to accept that they will sometimes accidentally cause problems for legitemate users, and they have to have mechanisms in place for such users to sort the situation out. Ignoring people who have legitemate complaints against you is not the way to do it.
You got it wrong: by signing with your public key you, and only you can verify that it was intended for you. That is not what you want, what you want is email signed with their private key, so you can use their public key to verify who sent it. If I sign all my email with my private key, everyone in the world knows that it is me who sent it, and I cannot deny it. If I sign outgoing email with your public key (because I can't know your private key) then only you can verify it, and then all you know is I inteded for you to read it. To a Spammer that may cost enough CPU that it isn't worth it, but it does nothing to help you track down who sent it. (Since much spam is for illegal things tracking down who sent it would be very useful)
Time again to discuss greylisting?
Looks to me to be an elegant, viable alternative to traditional black/white -listing, both of which require lists be maintained -- and well maintained. Sometimes very large, very centralized lists, which have ugly consequences when they fail.
From the Greylisting Web site (with bolding from me):
The Greylisting method is very simple. It only looks at three pieces of information (which we will refer to as a "triplet" from now on) about any particular mail delivery attempt:
From this, we now have a unique triplet for identifying a mail "relationship". With this data, we simply follow a basic rule, which is:
If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure.
Anybody know where we are as far as a working implementation of this idea goes?
i registered a new domain through ukreg.com and am getting spam to it already. mail at that account has never been used and the only online presence it has is a holding page at that domain's web page without an email address on it.
In a pigs eye. I understand where they are comming from, really I do. However Spews's mision statement of attempting to encourage real users to move from their spam infected ISP just didn't work. If all the real users left, and only spammers remained, it does jack shit for discouraging that form of behavier. If all the real users just switched to hotmail, again it does jack shit to discourage the behavier. The only way that their mission would be successful if their list was in wide spread use cutting off the spammers income and making it a pointless business venture.
While quite a few people actually used spews, mailadmins whom i've spoken with pretty much didn't want the headache complaints generated both spammers and legit users attempting to get e-mail out.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Bah, no need to use blacklists. Just do what I did. I blocked all of APNIC from being able to connect to port 25 of my mail servers. Maybe a little drastic, but it has cut down spam by more than 70%.
It's better to burn out than to fade away
I'm not sure it can be correctly called censorship - that requires a governmental entity.
That is a fucking myth, and I am sick and tired of hearing people parrot that nonsense. Saying a business can't censor because it isn't a government is akin to a black man saying he can't be racist because he is black. These are both examples of the same logical fallacy: just because a behavior is traditionally associated with one entity or group doesn't mean it is impossible for another entity or group to begin behaving in exactly the same behavior.
Obviously, anyone of any ethnicity is capable of becoming a racist, just as anyone with any power or influence over others is capable of engaging in censorship.
Responsible parents routinely censor what their kids see and hear. We as a society, by and large, find this to be an acceptable form of censorship.
Many religions routinely censor what their congregations are and are not allowed to see and hear (the Catholic church has had a censorship office for centuries, but they are hardly alone. The Mormons censor what they deam inappropriate for their membership, just as the Jehovah's Witnesses do, and I really don't need to cite example after example for Islam, do I?).
And finally, yes, many, many companies engage in censorship, both the obvious 'media' companies that bury stories they don't like or can't be bothered with, as well as other more subtle businesses (like Monsanto pressuring Fox News into not running a news story on how their hormone saturated milk was actively harmful to the health of children, an action that resulted in Fox News firing two reporters who refused to disavow their story, and said reporters winning a lawsuit against Fox News under Florida's whistleblower laws).
Anyone with any form of power over another, be it parental, religious, corporate, or governmental, has the power in some capacity to censor information available to those less powerful. It is a telling, and appalling, commentary on our culture to observe just how common this sort of censorship is, and how eager we have become to silence those with opposing viewpoints, rather than to argue the counterpoint (as I am doing here, for example).
Your Libertarian Newspeak definition of censorship is plain wrong. You may have the right to censor what comes across your network, and you may chose to excersize that right, but don't think for a moment you aren't engaging in censorship, or think you can convince the rest of the world (a few gullible moderators aside) you are not simply by trying to spin your verbiage.
And lest there be any doubt as to what censorship is:
censorship
n.
1. The act, process, or practice of censoring.
2. The office or authority of a Roman censor.
3. Psychology. Prevention of disturbing or painful thoughts or feelings from reaching consciousness except in a disguised form.
censor
1. A person authorized to examine books, films, or other material and to remove or suppress what is considered morally, politically, or otherwise objectionable.
2. An official, as in the armed forces, who examines personal mail and official dispatches to remove information considered secret or a risk to security.
3. One that condemns or censures.
4. One of two officials in ancient Rome responsible for taking the public census and supervising public behavior and morals.
5. Psychology. The agent in the unconscious that is responsible for censorship.
tr.v. censored, censoring, censors
To examine and expurgate.
(source: dictionary.com)
You will notice, that with the exception of historical references to Rome, none of these definitions presuppose governmental authority over just plain authority, indeed, quite the contrary.
The Future of Human Evolution: Autonomy
My private key leaked for a bit, but a shot at the clinic helped that.
I mean, it wasn't SPEWing or anything, just a little leak...
truly, white listing and bayesian filtering (Mozilla Thunderbird or Mac Mail) is the way to go. those guys running the blacklists wear black hats just like the spammers. for every spammer that they've stopped (spam increases every year exponentially ) there's a new one to replace them and an innocent company that eats shit by accident because of black lists. good riddance.
"You never want a serious crisis to go to waste." - Rahm Emanuel
Yes, let's kick blind people off the net!
That's unnecessary. Just hide their keyboards instead.
This morning SpamAssassin tagged the daily cron email as spam.
Every time the subject of spam comes up here on SlashDot, everyone rushes to come up with a technical solution to the problem. In the case of spam, I think the solution is not a technical one, but a social one. Spammers are driven by greed, and do their 'bulk marketing' on behalf of other companies. Instead of targeting the spammers, target the companies that are sponsoring these campaigns. I'm sure that some negative publicity will cause them to think twice about using this method to get their message out. Once people don't want to use spammers to send out bulk mailings, the spammers will move on to some other get rich scheme, and the spam will at least subside somewhat.
Instead of shooting the messenger (the spammers), go after the one who is paying to have the spam sent.
http://bike.stu.ph/rides - free GPS routes available for Garmin, Magellan, GPX and Google Earth
After all, if spammers saw a lot of it, wouldn't they just learn to send the same spam several times at one hour intervals?
Clear, Dark Skies
The anon admins that run SPEWS should simply do what they told us to do when we were unfairly blacklisted due to an alleged spammer on a class C eight class C blocks away from ours - Just change ISP's or IP blocks.
What's that? It's a huge PITA that would be highly disruptive to your business? Well maybe the DDOSers have a newgroup you can post to and be either a) ignored or b) ridiculed.
Looks like SPEWS is 'collateral damage' in the spam war. Yeah, sucks doesn't it.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" - BF
man, that's a damn shame. oh well, at least we can all say for a little while that "TEH INTARWEB WAS FREE OFS TEH SPAMMERS!!" thanks to the wanton chickenhawks at Spews.org and all of the whiney asshats on n.a.n.a.e. who have nothing better to do with their lives than refresh their nntp browser, looking for the next person requesting removal they can jump in and flame (read: GET A LIFE).
Let me paint you a picture:
Some bottom feeding marketing contractor rents a crappy, darkly-lit, 1-room office in some crappy part of town, orders a cable line, 3 or 4 dsl connections and maybe a fractional t1 to boot. He buys a list of a few million email addresses and begins spamming like mad over one of the lines. After x amount of warnings, gets shut down, moves operation to another line, reorders service on the one that got shutdown under a different name, and keeps going. This is a very typical scenario of a spam gang. I've seen/dealt with it many times. So taking cause/effect into account: what protection against spammers does a blacklist offer in this capacity? Nothing. At all. Spamming is a completely mobile enterprise. Only the isp gets hurt. Spammers aren't the least bit concerend about spews.org, or any other blacklist for that matter.
They don't sweat getting shutdown by the isps because they have other connection mediums waiting in the wing, and actually budget the service costs into their overhead without thinking twice, because the money they make is incredible.
I don't work for, nor have any association with brightmail, but they have a great product (if only my ISP would cough up the scratch and buy it...), but I think the mentality of spews could be summed up in their product review of brightmail (paraphrasing here, as the site is down and I can get an actual quote):
"only stops spam in real time, does nothing
punitive against the spammer".
HELLO???!?!! Missing the point a little?? If you're not getting the spam, who gives a crap about the spammer?
It's pretty clear that these people and their associated usenet scene whores are just looking to skewer people, anybody really, over alleged spam. In this method of blacklisting, you're only hurting the ISPs. Nearly all (not all unfortunatley) isps in the US will shutdown a spammer if enough people complain. killing email for (in some cases) up to 65536 other non-related ips doesn't help. If it did, spews (or any blacklist for that matter) would have been more successful. In the last year, we've had more active blacklists to utilize than at any other point in the history of the internet and spam has only gotten worse, not better. Spews & Osirusoft are a shameful failure.
Solutions: Whitelisting is an excellent option on an individual email account level. On a grander scale, make your representatives pass laws, put you're money where your mouth is, and sue the spammers. They're in it for profit, when it becomes a greater liability, they might find a more worthy means of revenue.