Slashdot Mirror

← Back to Stories (view on slashdot.org)

DoS Assaults Underway Against Spam Blocklists

Posted by CmdrTaco on from the the-attacks-keep-coming dept.

Hiawatha writes "The same sort of denial of service attacks that drove spam blocklist Osirusoft off the Internet are battering many other blocklist services as well." Apparently spammers aren't going to sit by and let people try to ignore their unwanted pitches.

8 of 797 comments (clear)

  1. Re:Why does he think it's spammers? by P!Alexander · · Score: 5, Informative

    My own email provider (Fastmail.fm) is very proactive about eliminating spammers and has a very strict anti-spam policy; however, it has been erroneously listed on Spamcop on at least one occasion causing problems for all of its legitamite users.

    Here's a great blow by blow report of one such incident by Jeremy Howard, one of the directors of the company, as well as some reasons the list doesn't work.

  2. Re:ever tried to get off SPEWS? by sqlrob · · Score: 4, Informative

    BZZZT.

    They start with the IP, then list class C, then widen the number of class Cs. It takes a fucking lot to get expanded. There is less than 1% of the internet listed by SPEWS (after removing IANA reserved space)

    I have Brazil, Argentina, Korea and China tagged on my server. Number of false positives: 0. YMMV.

  3. Re:Why does he think it's spammers? by seanadams.com · · Score: 4, Informative

    How is it "evil" to publish a list of IP addresses that match a listing criteria?

    I will tell you precisely why, and these points are almost never brought up by the usual SPEWWS critics:

    1) Those listing criteria are not publicly specified - only a small group of network admins, and readers of NANAE, who are familiar with SPEWS understand their method. The vast majority of admins using these blacklists are people who are just desperate to stop spam so they install tool XYZ without realizing the implications. SPEWS feeds on this desperation to get their foot in the door - it's not until someone finds that a ton of their legitimate mail is being blocked due to deliberate "collateral damage" that they realize they need to ask their administrator to stop using SPEWS (or whitelist the hapless victim with whom they're trying to communicate).

    2) SPEWS keeps logs which are not deailed and often downright inaccurate.

    3) SPEWS does not provide a way for spam filters to differentiate between real spammers and collateral damage. It's all listed the same.

    There is a reason why civilized countries have laws against libel/slander, and SPEWS walks a *very* thin line.

  4. Re:Why does he think it's spammers? by ahodgson · · Score: 5, Informative

    The US government essentially said spam wasn't their problem, and that the industry should self-regulate. Blocklists are self-regulation in action.

  5. Re:Why does he think it's spammers? by BasharTeg · · Score: 4, Informative

    These blocklists are very effective in stopping the entry of spam into a user's network.

    These blocklists are also very effective in keeping me from sending email from my T1 from Lightyear Communications.

    I'm sure there are a million other guys out there with a thousand dollar a month T1 that is completely worthless for emailing customers thanks to these blocklists.

    Go ahead and shout "spam-haus" and tell me I'm doing business with spammers or companies that support spammers, or in this case, our company's T1 is provided by a company (Lightyear) that gets their upstream from a company (UUNet), that supports spammers.

    I guess by associating with spammers through about 4 levels of indirection, we are guilty and need to be punished.

    Spam-Nazi apologists are worse than Spam-Nazis themselves. I was a Spam-Nazi myself until suddenly the punishment was applied to me, and there was nothing I could do about it.

    I hope SPEWS is pinned by packetting until they shut down.

  6. Re:ever tried to get off SPEWS? by ZorinLynx · · Score: 4, Informative

    Trouble is when you're not a spammer and you're hosting at an ISP and the class C you're on gets listed.

    Yes, some may say "find another ISP", but that's not always easy; contracts may make that impossible for many months and the ISP may otherwise be fine as is.

    If they block anything, they should only block the IP's that cause the problem, not large netblocks.

  7. Am I the only one who did not have this problem? by junkgoof · · Score: 5, Informative

    I took over an SMTP server that was an open relay. Spam had been relayed, so the server was blacklisted. I secured the server, contacted the various blacklists, and the server was removed from the blacklists. I had no problem with any of the blacklists, and had no problem getting the server removed. Of course I was polite, and I went through the appropriate channels...

    The volume of spam is sufficient without removing the blacklists.

    --
    You got me into this! You were the ideologue! I'm only a poor assassin! - Twenty evocations, Bruce Sterling
  8. Re:Why does he think it's spammers? by ZoneGray · · Score: 4, Informative

    Sure it's effective. So is shutting off your mail server.

    The problem is that collective IP blacklisting is so mistake-prone that it's just unacceptable. I had a server, one that hosted e-mail for several domains (none of which do anything remotely spam-like), and somebody forged the IP in a header, and the server got into some darned blacklist based on three anonymous "reports". Thankfully, most people are smart enough to use better anti-spam measures such as keyword or header filtering, which don't cede control to external mobs.

    On a corporate server, you'd be nuts to use one of those blacklists; at the very least, you want to be able to whitelist your important business partners. Perhaps the DDOS attacks are from some disgruntled syadmin who got canned when an important e-mail to the CEO mistakenly bounced.