Osirusoft Blacklists The World

ariehk writes "As of today, Osirusoft, distributer of the SPEWS and open relay blocklists, among others, is no longer operational. Servers using these lists (including the FTC) are currently rejecting ALL email. This shutdown seems to be in response to a several-week-long DDoS attack on Osirusoft, SPEWS and others, resulting in both sites being down. This has caused much discussion on n.a.n-a.e, including the suggestion that the attack is somehow related to the SoBig worm. The spammers must be hurting if they can devote these kinds of resources to attacking blocklists." Read on below a related submission.

NSXDavid writes "Earlier today our site mysteriously ended up on Joe Jared's Osirusoft SPAM blacklist which is used by lots of antispam software (like SpamAssassin and sendmail). Since he is currently under a serious DDoS attack, there was no way to appeal this decision. We contacted Mr. Jared by phone who informed us that 'everyone needs to stop using Osirusoft and that he's going to be shutting the service down.' Then he says he's going to blacklist 'the world' (aka, ban *.*.*.*) to get his point across. Later on this evening, he apparently went ahead and did just that. Succumbing to lawsuits and DDoS, a once great blacklist is dead. SpamAssassin is removing it from their config in the next release (rc3) and email admins around the globe are reconfiguring their mail servers."

Blacklists and reality

[Dancin_Santa]

It may take a little more work, but the only solution to spam is the whitelist.

Re:Blacklists and reality

[WolfWithoutAClause]

What happens when the spammers start using worms and viruses to create open relays on people you trust?

Re:Blacklists and reality

[Pig+Hogger]

Whitelists are unworkable. How do you reach someone for the first time?

Re:Blacklists and reality

[JoeBuck]

Yes, let's kick blind people off the net! If they can't parse your machine-unreadable image, screw them. Right?

Me, I do pretty well with Bayesian spam filters.

Re:Blacklists and reality

[leviramsey]

This is exactly why I think that SoBig is the perfect spamming mechanism. AFAICT, it essentially gets around nearly every non-content-based spam filter (ie Bayesian and SpamAssassin et al).

By sending spam from an amazing depth and breadth of compromised networks, it forces blacklist operators to go into "block everything" mode, which is so draconian that users of the blacklists will disable them.

As I posted in another story, if ISPs start blocking outbound port 25, the next iteration of the worm simply uses the Outlook SMTP settings to relay through the official MXs of the ISP. Given the flood of abuse reports, many ISPs (especially larger ones) are simply going to /dev/null abuse reports; they can be reasonably sure that their servers aren't going to end up in blacklists used by a lot of people (because heads will start to roll among the admins who use the blacklists).

By pretending to come from an address that has at most two degrees of separation from the recipient, they will get around a fair amount of whitelisting (this is exploiting the greatest flaw in TMDA and the like: trust of the From: address).

Re:Blacklists and reality

[magores]

This is fine for person to person, but what about person to business?

Let's pretend I'm a business. I WANT you to send me an email.

I WANT emails from every single person in the world that isn't a customer yet.

I NEED to accept every email on the chance that one of them might be a sale. (Yep. This means I need to look at the ones that include *details* in the subject.)

Whitelist doesn't work here.

I do NOT want a phone call from you as first contact. A one minute email response is now a 40 minute phone call explaining that "Yes you must turn on your computer first if you want to actually use it"

White-list is unworkable for business, because everything must be "whited" by default.

Challenge-Response is unworkable because I/we (as a small to mid business) simply could not keep up with that. Sure. One of the real programmers we have (i'm not one of them) could come up with an auto-bot to respond to challenge-response, but then we end up back where we started, don't we?

I don't have the answers. But I do know what the answers aren't. And Whitelist/Challenge-Repsonse aren't it

Just my 3 cents worth of rant for today.

Sweet, Sweet Justice.

[eyez]

This isn't any different from any time spews blacklists anybody; They've never claimed to not blacklist legitimate people. And, it's impossible to contact spews to get yourself removed if unfairly blacklisted. Everyone in the world, who has been blacklisted unfairly by spews is now celebrating. Hopefully now, people using spews will realize that spews really is a poor solution to the problem, that causes more harm than it prevents.

Re:Sweet, Sweet Justice.

[gid]

spews listens to usenet for unblock requests, my work's class c was black listed when we got it. I had to post to usenet, eventually I got a response and was unblocked, but ya, it's kind of a pain. I think spam assassin/filtering is a much better method, but I suppose a dual pronged attack is better, SA can use blacklists to rate email as well I think....

Re:Sweet, Sweet Justice.

[eyez]

[i]If an ISP has 5000 customers and 3/4 of them are unable to email family at AOL or Yahoo because they're being blocked due to ISP having a spammer or two, the spammers tend to get dropped.[/i]

Yes, this is indeed a poor policy. SPEWS exists so that the people who are violently against spam can pass the burden of fighting it onto the innocents who aren't as bothered by it.

Re:Sweet, Sweet Justice.

[josh+crawley]

First they blacklisted the porno spammers... ...and I emailed nobody, for I was not a porno spammer.
Then they blacklisted the open relays... ...and I emailed nobody, for I was not an open relay.
Then they blacklisted the ISP dialup subnets.... ...and I emailed nobody, for I was not on an ISP dialup subnet.
Then they blacklisted everyone... ...and there was nobody left for me to email.

Re:Sweet, Sweet Justice.

[Mr+Bill]

Here again is another move that shows how responsible these idiots really are. To notify people to stop using their blacklist, they decide to blacklist the world. What a brilliant idea. After all email isn't really that important.

Email used to be one of the most reliable means of communicating on the net. You were always guaranteed that your message would either arrive, or you would hear about it (bounce). But with all of the email worms Microsoft has written (you have to admit these email worms/viruses practically write themselves), and the idiotic attempts at stopping the SPAM problem, email is becoming practically useless. mail admins are using blacklists and just dropping mail, which is effectively breaking the mail system. SPAMers may be the cause, but what is the point in destroying email all together. I would rather receive 100 SPAMs a day that loose one legitimate email that was intended for me. Sort of the same reason I am against the death penalty.

As blacklists go, SPEWS is the worst of them. They block entire netblocks so that innocent bystanders will fight their fight for them. If my IP gets blocked even though I haven't sent any SPAM, I am expected to bitch to my ISP and/or move to another ISP, and then maybe in a couple of months my IP might get removed from the list.

Reminds me of the way things work in the middle east. Pick either side, and they are using the same tactics. The Palestinians are blowing up civilians in the hope that the civilians left alive will do something about their problems. And the Israelli government is firing missiles into crowded cities to kill some suspected criminals and anyone else who happens to be within 100 meters of these guys...

Guerilla tactics like SPEWS employ won't work in the long run, and I am happy that SPEWS is getting hit hard.

SPEWS is claiming that the SPAMers are hitting them with this DDos, but I wouldn't be surpirsed if it was some disgruntled and innocent bystanders who were hit by the SPEWS "Collateral Damage" misile.

Re:Sweet, Sweet Justice.

[eyez]

No, SPEWS exists so that the people who are violently against spam can pass the burden of fighting it onto the people who are responsible for causing it, i.e. spam-friendly ISPs.

The fact that "innocents" are caught up in the block is unfortunate, but unavoidable from a practical standpoint. SPEWS doesn't list netblocks because they have a spammer or two present.

Idiotic rambling like this is exactly why spews was accepted at all in the first place.

When you post on NANAE and say "Help, i've been blacklisted but my company has nothing to do with spam!", Everyone replies with "Sorry, SPEWS is run by mighty space robots from the future who have travelled back in time to stop it SPAM from destroying the world. Unfortunately, we have no way of contacting them. Your only hope is to talk your isp into kicking off their spammer clients, or change isp's. Maybe the robots will unblacklist you then."

SPEWS doesn't consider the innocents being caught up as unfortunate, they consider them the target. The collateral damage is where they're trying to affect the internet.

If it was about blocking spam and ISP's they'd strategically blacklist ISP-critical machines and the spammers. There's no reason to blacklist the innocents. ISP's won't listen to them about not hosting spammers, and have you tried to find good decent hosting that doesn't rip you off? Especially if you're a larger site.

The "Collateral Damage" is the main damage spews hopes to cause, to try to get innocent people to fight their battles for them.

Good riddance to bad rubbish

[Sebastard]

My co-located server has been blacklisted by SPEWS for months now. And it's only because of a spammer elsewhere on my two-providers-up-the-chain regional ISP. And the spammer is on a different C-class entirely, yet my IP range was still included as punishment to the ISP. The fact that I suffer as a result doesn't matter to these people. Changing providers is not an option for me at this point (long story) so I've just had to live with it. I can't email several friends, and regularly field complaints from people who host on my server.

I believe in fighting spam, and I think that blacklists are a good idea to a certain degree, but I've always felt that SPEWS was too draconian, and had no option for recourse for those of us who were (as they put it) "collateral damage".

I posted to the referred newsgroup a few times, and got nothing but venom from the locals.

I'm not sad to see them go.

sad news, but there are alternatives

[Indy1]

For mail admins around the world try these alternatives.

bl.spamcop.net
one of the best blacklists, it catches a huge % of incoming spam, and virtually no collateral damage.

blackholes.easynet.nl
almost as good as spamcop, and seems to nail a lot of the spam hauses

dynablock.easynet.nl
nukes a lot of the dsl and dialup spammers

argentina.blackholes.us
south american country, what more needs be said ? : )

brazil.blackholes.us
ditto

cn-kr.blackholes.us
china and korea, what more need be said ? : )

turkey.blackholes.us
whole lotta spammers here

sbl.spamhaus.org
a bit too conservative for my tastes, but gets a lot of spam gangs, and has very low collateral damage

bl.reynolds.net.au
if you want to use the spews list, this provides a feed for it

malaysia.blackholes.us
another spammy asian country

wanadoo-fr.blackholes.us
one of the worst european isps

hongkong.blackholes.us
another spammy asian country

Garbage

[josh+crawley]

I'm sorry, but this guy is a true blue asshole. My condolences for being DDoSed, but by banning "the world" to try to tell people to stop using his service ASAP, plenty of legitimate non-spam email got blocked, meaning that people may have to resend, and in some cases may not even know their email was missed. That's worse than spamming, people.

Oh, I forgot, the standard propaganda line from these SPEWS.ORG type anti-spam fundamentalists is "we didn't block your email, the ISP using our service did, blame them."

So what DO we do?

[RealisticWeb.com]

I would like some serious talk about just what exactly we ARE supposed to do about spam. Government moves too slow to pass an effective law, and the spammers don't abide by the law anyway. Filters don't work effectivly, blacklists are not working either apparently. Does anyone have a usefull suggestion about how to fix this problem?

One idea I've had (or maybe I've heard it somewhere else, I can't remember) is authorization. Change the protocol, or maybe just implement at server, so that before anyone can send you an email they have to request permission. In that request they would identify themselves, and before they start emailing you stuff you would have to send them back permission. Anyone that is in your contact list would automatically be given permission. If it turns out to be spam you could revoke permission. Also analyze the email header and do reverse lookup to see if the domain names resolve properly. If a domain is spoofed, deny it automatically.

Perhaps this has been done before, and I'm sure there are flaws, but I am tierd of hearing about how big a problem this is, without hearing any good ideas about fixing it. Any other thoughts?

Bayesian Filtering

[someguy456]

I can't completely describe my satisfaction with Bayesian filtering. I've been using SpamBayes for a few weeks w/ Outlook (please don't smite me), and it hasn't let me down. I have received absolutely no spam in my inbox these last couple of weeks. Granted, I built up a collection of >500 unwanted e-mails, but it only took a couple of days :)

perhaps this is a lesson that needed learned

[Cogneato]

As someone who was blocked by both osirusoft and spews as part of their policy of blocking entire IP blocks, I feel no pity for them or for those who use them. In fact, I hope that at least some of them are learning their lessons.

The IP address of my server happened to fall a few dozen numbers away from that of a spammer. As a result, it cost me thousands of dollars in lost time and expenses to track down the issue, contact my isp and have them contact whoever it is on Mt. Self-Righteousness that takes you back off the list. Getting on the lists takes day(s), while getting off the lists takes weeks.

Blocking entire IP blocks is nothing short of techie-terrorism. In other words, you can't convince the real wrong doers to stop, so you harm the innocent bystanders to try to get them to revolt.

SPEWS and those that support them point the finger at the ISP while purposely hurting innocent small businesses like mine. It's time they take responsibility for the tools they provide, and in this way, they are no different than Microsoft.

Re:perhaps this is a lesson that needed learned

[Cogneato]

My point exactly. You hit me to get me to complain. Did you ever think that I don't want to take that active of a role in your war? Did you even bother to ask me if I wanted to participate? Are you, or anyone who uses the list offering to help me out with the costs of forcing me to be your soldier?

Here's the deal I am willing to make: if you are going to block an entire C block that I am part of, send me an email and let me know and then I will happily complain to my ISP until I am red in the face. I am willing to make that promise.

But... if you want to just slam me on a list without any regaurd for the costs it will incur for me, then don't expect me to be a happy little soldier. It's just not going to happen.

How *do* we fight spam?

[michellem]

Having been myself unfairly blacklisted (not by Spews, but by another list) because of the actions of my ISP, I really have come to have serious issues about the blacklisting process. I understand the principle - get innocent bystanders pissed off at their ISPs, then have them complain to their ISPs, or switch ISPs, and then ISPs change their behavior.

The problem is that many people, for a variety of reasons (geography being one) can't change ISPs, and many ISPs (mine included) did nothing in response to my complaints (because they knew I wasn't going to move). So what does this do? It certainly doesn't help anyone!

I hate spam as much as the next gal, and I think that the SpamAssassin approach (which is to label mail as spam depending upon certain criteria) is a much, much better approach than blacklisting.

Monopoly

[yerricde]

They want you to get flamed to death as further punishment.

"Switch ISPs." So if a major residential cable modem ISP's mail server gets blacklisted, then how is anybody in any of the towns serviced by that cable company supposed to send e-mail to users of ISPs that use SPEWS?

Oh, that's great

[El+Cubano]

This shutdown seems to be in response to a several-week-long DDoS attack on Osirusoft,

They guy is dealing with a huge DDoS attack and we link his page from the front page of /. ??

I guess we can't make things any worse, but come on. Give the guy a break.

Spammers: BRING IT ON

[krray]

I don't see the problem. Well, personally at least. I mentioned to the wife, in March I believe, that I sensed something and nailed it on the head (spammers hi-jacking Windows PC's for relaying).

I have got to say. I sure do like the Unix's. Linux, BSD, OS X -- doesn't matter. A little thinking, some *shell* scripts, and even a few hack job "vi" scripts. Version .01 of nothing that I'd want to show any REAL programmer at least. :) It's dirty, ugly, yet very effective...

I've tried spamassassin, this filter, that filter. For me, my way seems to be working _very_ nicely. I use it at home (Linux), at work (Linux & BSD) and for a few architect friends/clients (OS X). Years ago now (right after the lawyer's emailed me :)I started peppering the Internet with email address' on USENET, and then web pages, etc.

Those are my harvesting address'. Nobody should EVER email them, realistically. Oh the spammers like to try dictionary type attempts/attacks. Thanks -- I added those to the alias database as well for future attempts.

A couple of hacked up scripts (I'm working on it in C for even FASTER speed and some learning :) -- and I frankly don't personally see it anymore. Literally. NONE. I read about it in the logs, of course. :)

Can it scale? Sure -- I'm figuring between 3-500 messages a _second_ isn't a problem. More will simply get queued and then I may notice a "lag" on my server. Bring it on. 1 IP and I whack the entire /24 subnet. I arbitrarily see X number of subnets and I block the /16 subnet.

It's the /8 ball after that and those are pretty much final. 210, 211, or 212 ring a bell to anyone?

Sure -- sometimes somebody will in inadvertently get blocked. The bounced message directs them to a web page explaining what to do next. BEST solution is to call me. You know me right? Heck, you probably have my 800 number... Oh, you DON'T? Piss off then.

Heck, I even spell out a completely external email address (@Mac.com) that you can forward the blocked message to ... I'll take care of it...

Ever wonder what those MAILER-DAEMON messages are all about? The Windows user's machine _starts_ the transmit of the message and disconnect. Your mail server sits there waiting for data from them to a local user -- which becomes un-deliverable and drops a note to whatever you use for the postmaster (can't publish THAT anymore, can we?).

Re-routed now. Thanks, got ANOTHER IP subnet to black ball.

I've racked up a large chunk of the Internet already -- and the stat's only seem to be increasing. Of course I've "white-listed" specific IP's of ISP's mail servers as needed. 3 so far I think. Most ISP's will put their mail server on a different subnet than their assigned IP's. Thanks. 1 white-listing was for a dedicated single IP user who's neighbor turned out to be a spammer. He had words with his ISP -- the spammer was kicked after that turned into conference call.

Sure -- some loser ISP will see more money from the spammer and side with them. We all know those ISP's -- and I've seen the same IP ranges in their listings as mine. I doubt the legit customer will remain there for long as I know I'm not the only one blocking them. Ultimately $$$ talks and the spammers are going to run dry eventually. They're now resorting to theft of services since they can't find legit connections anymore...

REJECT(S) TODAY: 482
Subnets Blocked: 434210 (110289340 total hosts in the /24 subnets [255])
Percentage: 2.834% (3906250000 Internet addresses' [~3.9 BILLION] Served :)
Subnets TODAY? 142 (36068 total IP's)
Harvested: 49 messages
URL Lookups: 0

That's 49 messages today to some dummy account. No hits for the right web page (from a blocked message) in the logs... 142 IP's (now complete subnets

OH boo hoooooo

[NitroWolf]

Somebody call the waaaaambulance.

I'm an anti-spam nazi, and SPEWS gave us all a bad name. I'm glad SPEWS is dead, and it needs to stay dead. It did nothing good for the anti-spam movement, only exacerbated the situation. With no appeal process and the total lack of caring for innocents leaves me with nothing but happiness to see this travesty of justice get blown into oblivion.

Sometimes, the enemy of my enemy is my friend...

Goodbye Spews... we won't miss you, you hulking piece of ill-thought out crap. Let me wave goodbye with my middle finger.

Now, maybe System Admins without a clue will be forced to take real steps to protect their users from spam, instead of playing the lazy asshole and taking the Hail Mary approach that is SPEWS and hoping for the best.

I feel greasy, now... to have agreed with spammers. I think I'll go take a shower.

At Last!

[Poeir]

Finally, a blacklist that doesn't let any spam mail through.

Re:If major blacklists can be sued...

[hazem]

an't send an e-mail to my server because I blocked your domain? Too f-in bad. Contact your "customer" with a letter or by phone.

But if YOU are my ISP, and I'm a paying customer with an inbox, I expect that I will receive mail that is sent to me. If this is not the case, you need to specify that to me so I can decide whether I want to use your service.

By blocking mail to my inbox, which I've paid for, you could possibly even be considered in breach of contract.

Of course, if you're just running your own server, you're free to do what you want with it.

RBL Consequences

[nsxdavid]

Spam is starting to hurt me a lot worse than I would have ever imagined. It's not the volume of spam I get, which is obscene, but rather the shotgun anti-spam efforts that we somehow get caught in.

About a month ago Earthlink decided we were sending out spam and cut us off. So, despite the fact that we have no relationship at all to spam, we were unable to communicate with any of our customers who use Earthlink. After appealing, they realized the mistake and removed the block. How did it happen? Seems that if an Earthlink customer just accuses you fo spam you can end up on the list. Thankfully cooler heads prevailed at Earthlink and the matter was resolved quickly.

We were blocked by AOL once too. How ironic since we use to be their #1 3rd party content provider back-in-da-day (remember hourly?). They should have know about us. (grin) Fortunately that was resolved too.

Then, of course, today we got hit by SPEWS and that lead to our phone call to Mr. Jared. The poor guy was frazzled, and rightly so. But we had a legit beef...

Our business is entirely web based. We have to deal with a heavy volume of customer feedback, all of which want fast responses. Any hickup and we can get really far behind. But when we get blocked, we're almost helpless. We get an email "Hey, my character got killed by a ravenous bugblaster beast from trall!" And we write back, "Oh my, let me restore your character!" only to have it be filtered out by some shotgun blacklist. They get no response and start flaming us for "not responding". A day or more of this and things get really messy.

You start to feel like you are at the mercy of some so-called "authority" that could not care less about your guilt or innocence. If he or she wants to, they can just take you out. We've participated in opensource, contributed back, done the good netizen thing... yet this real-time blacklist thing hangs over us. We never know when something else like this is going to bite us. And maybe next time there won't be any appeal. :(

I'll dance on their grave

[jarran]

Quite frankly, they desserve it. I've had no end of problems with one of my mailservers after it was incorrectly blacklisted by Osirusoft, even though:

1. It was not an open relay, and as far I could tell from my logs, prior to banning it they never actually checked to see if it was an open relay.
2. Their own online checker, which I activated several times, repeatedly showed that the server in question was not an open relay.

The online checker repeatedly told me that my server would be scheduled for more tests, and would then be removed from the blacklist.

But this never happened. No further checks were made. My server was never removed from the blacklist. And what's more, Osirusoft refused to reply to any of my e-mails. They refused to even explain why they were blacklisting, despite the fact on several occasions I politely requested either removal from the blacklist, or an explanation as to why I was on it. Ultimately I had to get a different IP address for the machine in question, which was exteremely inconvenient.

I'm strongly opposed to spam. However, any company that offers services to block spam have to accept that they will sometimes accidentally cause problems for legitemate users, and they have to have mechanisms in place for such users to sort the situation out. Ignoring people who have legitemate complaints against you is not the way to do it.

Libertarian Newspeak Doesn't Negate Censorship

[FreeUser]

I'm not sure it can be correctly called censorship - that requires a governmental entity.

That is a fucking myth, and I am sick and tired of hearing people parrot that nonsense. Saying a business can't censor because it isn't a government is akin to a black man saying he can't be racist because he is black. These are both examples of the same logical fallacy: just because a behavior is traditionally associated with one entity or group doesn't mean it is impossible for another entity or group to begin behaving in exactly the same behavior.

Obviously, anyone of any ethnicity is capable of becoming a racist, just as anyone with any power or influence over others is capable of engaging in censorship.

Responsible parents routinely censor what their kids see and hear. We as a society, by and large, find this to be an acceptable form of censorship.

Many religions routinely censor what their congregations are and are not allowed to see and hear (the Catholic church has had a censorship office for centuries, but they are hardly alone. The Mormons censor what they deam inappropriate for their membership, just as the Jehovah's Witnesses do, and I really don't need to cite example after example for Islam, do I?).

And finally, yes, many, many companies engage in censorship, both the obvious 'media' companies that bury stories they don't like or can't be bothered with, as well as other more subtle businesses (like Monsanto pressuring Fox News into not running a news story on how their hormone saturated milk was actively harmful to the health of children, an action that resulted in Fox News firing two reporters who refused to disavow their story, and said reporters winning a lawsuit against Fox News under Florida's whistleblower laws).

Anyone with any form of power over another, be it parental, religious, corporate, or governmental, has the power in some capacity to censor information available to those less powerful. It is a telling, and appalling, commentary on our culture to observe just how common this sort of censorship is, and how eager we have become to silence those with opposing viewpoints, rather than to argue the counterpoint (as I am doing here, for example).

Your Libertarian Newspeak definition of censorship is plain wrong. You may have the right to censor what comes across your network, and you may chose to excersize that right, but don't think for a moment you aren't engaging in censorship, or think you can convince the rest of the world (a few gullible moderators aside) you are not simply by trying to spin your verbiage.

And lest there be any doubt as to what censorship is:


censorship
n.

1. The act, process, or practice of censoring.
2. The office or authority of a Roman censor.
3. Psychology. Prevention of disturbing or painful thoughts or feelings from reaching consciousness except in a disguised form.

censor

1. A person authorized to examine books, films, or other material and to remove or suppress what is considered morally, politically, or otherwise objectionable.
2. An official, as in the armed forces, who examines personal mail and official dispatches to remove information considered secret or a risk to security.
3. One that condemns or censures.
4. One of two officials in ancient Rome responsible for taking the public census and supervising public behavior and morals.
5. Psychology. The agent in the unconscious that is responsible for censorship.

tr.v. censored, censoring, censors

To examine and expurgate.

(source: dictionary.com)

You will notice, that with the exception of historical references to Rome, none of these definitions presuppose governmental authority over just plain authority, indeed, quite the contrary.