Slashdot Mirror
Why Blacklisting Spammers Is A Bad Idea
Roland Piquepaille writes "For the last two months, an eternity in Internet time, I was unable to reach -- and to contribute to -- Smart Mobs, the collective blogging effort around the next social revolution initiated by Howard Rheingold. Why that? Because an unknown customer of Verio decided it was a spamming site and asked the company to blacklist the site. Verio complied -- probably without even checking it -- and my problems started. It took me dozens of e-mails and phone calls and two visits to the headquarters of my french ISP, Noos, to fix the situation. More about this horror story is available here."
And other RBLs require usually multiple reports from multiple sources. And you have fairly straightforward way of getting de-listed, too.
What's with the current boo-hoo over blacklists? Do we have some kind of spammer astroturf going here?
Break into the lobby of the ISP, guns in hand, and force them to remove the site from the blacklist. It's what I do when I'm pissed.
And why did you staple the trout to the RAM?
This article should have been called...
"Why it's important to have good policies and procedures in place when blacklisting spammers"
I use blacklists to mark probable spam, but still generally see it. Recently, some people had reported an email from GoDaddy (domain registrar) that was only sent to customers, and it was asking them to very information. If, say, my ISP was blocking email from them based on this, I'd never see it. ISP's should err on the side of caution, let users take more risks if they personally desire.
Yet another confusing explosion of tiny letters with a bad color scheme. Yeah, this is going to change the world. Or something.
Hyperbole much?
slashdot broke my sig
"blacklisting" in this article refers to completely block an ip address. This is not a "bad idea", but complete nonsense. First time I've heard of something like that. This is not to be mistaken for using an open relay blacklist or similar, which only blocks mail from a certain address. I bet those "network administrators" clicked on some fancy "block site" button, not knowing what they were doing...
RTFA. Verio was doing blacklisting on ALL PROTOCOLS for this ISP. The guy could not even GET TO THE SITE.
Verio blocking HTTP access to other people's spam pages? I have I wandered into another universe again?
One line blog. I hear that they're called Twitters now.
for your courriel
Now THAT is funny!
The fact that a strategy (such as blacklisting) can be mismanaged and that it is not invulnerable to abuse does not necessarily make it a "Bad Idea". It just means it needs to be managed more carefully, and better secured from abuse.
Why is the blacklist being done on a domain level. Spam is usually email....so block the email address. That is simple enough to do with intrusion detection systems, some application level firewalls, and if your really bored....an access list on a router. Whoever decided to block ftp or http to stop spam was not all there. They should have stopped smtp traffic from there instead and been done with it.
Black listing of spammers is a good idea, we just have to make sure we are only blocking them and not innocent bystandards.
Stop signs are only Suggestions
Use some common sense editors when presented with a story that seems unusually slanted please take it at face value. This is why corporations such as verio need to be made aware of their policies not working not that black lists do not. Blacklists are the only thing that works against spammers and they know it. So how do they fight back by using the blacklists against regular sites to try and disrupt users service so that people might think twice about using them.
Instead this article should be title "Why Blacklist Do Work" and what spammers are doing to try and disrupt them.
Quoting from the article:
Maybe it is a good time to change ISP?
The school system of my county (MCPS) blacklisted all the .com.br domains as spammers, just because I was sending about 10 e-mails per week, talking to one of my teachers.
And they didn't even notify me. Can't they have some smart system such as spamassasin in a organization that has a traffic of about 1000 messages/day?
What a crappy system they have.....
Where was this in the FA? I'm interested in the technical details, but I can't seem to find any.
Your credit card information wants to be free.
From the article: My ISP has a partnership with Verio to handle its traffic in the U.S. When Verio blacklisted Smart Mobs, any request from Noos went unanswered -- sorry, there was the (in)famous 404 error.
I want to be sure I understand this correctly. Verio wasn't (only) discarding mail from Smart Mobs, because they thought it was spamming site, they were refusing to pass through http (or other) connections to it?
Discarding mail is one thing, but blocking an IP address is quite another. What's the justification for this? To prevent the (supossed) spammer from profitting from the spam, by preventing anyone from connecting to it to (presumably) buy the product touted in the spam?
Discarding mail from a spammer can be justified, by, among other things, the argument that spam mass-mailings strain system resources. But connecting to sites happens all the time -- an ISP should should be set up to handle that traffic, and can traffic to sites touted in spam really increase the volume that much?
To me, this seems like a dubious policy on Verio's part -- even without the problem of mis-identifying sites as in the case of Smart Mobs.
Opinions on the Twiddler2 hand-held keyboard?
I left an HTTP proxy on on an open port - on the same machine that does SMTP. I didn't even know that spammers could relay via an http proxy using a PUT to the local SMTP server. mea culpa.
I fixed it in 3 days (too long, I know).
I contacted mail-abuse.org and submitted a removal request. It took them 2 weeks to take me off the list.
It frustrates me that their site is so unresponsive to removal requests, and that they fail much of their process. They were supposed to send email at several stages, which they did not do. The email they did send was badly formatted (broken urls, urs that weren't relevent).
I won't ever use an RBL because they just don't seem responsible.
Yeah, I know - pot kettle black. But I'm not supplying a service to thousands of users.
Someone anonymously submitted our MS Exchange server (I don't blame em *grin*) as a spam relay, despite the fact that it is not. As said in the original post, they didn't even check the server they just blacklisted it.
:(
The first thing we know about it is when members of staff come to us and complain that they are getting error messages such as 'denied' when trying to email important people.
Sigh.. in fact I have that very same problem waiting to be tackled when I get back on Monday morning. And its always such a ballache to get your mail servers removed from these block lists...
"Hey! Unless this is a nude love-in, get the hell off my property!!"
Isn't 'Smart Mobs' and oxymoron?
puts ("Python r0cks\n");
I had my site black listed by Spam Cop and they were imposable to work with regarding the issue.
Daniel Connor
First of all, the idea of Verio blocking spammers is laughable. They have always been a haven for spammers and everyone here probably already knows that.
The real issue, however, seems to be this guys ISP. I mean honestly, what the hell is wrong with them? If I had called Speakeasy with this sort of problem, it would have been taken care of that day.
-sirket
There must be more to this, I can't imagine Verio (of all people) suddenly dropping all packets from a /16 range simply for spammer pages.
One line blog. I hear that they're called Twitters now.
It's not blocking wide IP ranges. It's blocking wide port ranges.
At first glance, blacklisting spammers might seem like a good idea, and it even might produce positive results in a short term, just like prohibition did. In a long run, however, it will make things worse because "hardcore" spammers will adopt to get around blacklisting while countless businesses will suffer from being blacklisted in error. One other dangerous side effect is that blacklisting may be used as a tool of political censorship.
It is clear that more fundamental solution is needed. How about making use of micropayments so that sender's account is charged some nominal amount that goes into receiver's account? Otherwise, e-mail gets bounced. This should have almost no impact on the average Joe user who sends a few dozen e-mails per week. However, it might wipe out spammers profit margin since real spammers need to send millions of e-mail out to make a decent living.
"You mortals are so obtuse." -Q
The tite should read: "One of the many problems with spam blacklists" -Jaxn
http://radio.weblogs.com/0105910/categories/sideba rs/2003/11/09.html
Read that.
I have an earthlink.net account and a couple of weeks ago I was issued an IP address in the dreaded slashdot BANNED! file. Pity poor me, getting the big orange screen telling me about the terms of use and how, as a BANNED! IP addy, I was unable to even read them. Fortunately, the evil orange BANNED! page quoted me a few of the offenses that might have gotten 'my' IP banned. I must have spammed the input queue or posted a PWP (page widening post) or somesuch.
/. never forgets.
/. -- can you imagine the suffering that such a fate would cause *you*??!
Of course, it wasn't me. It was some other Earthlink customer who, sometime in the past, was issued that same dynamic IP address and committed the unpardonable offense. That customer has moved on to a new IP, but
It was hell. I spent *hours* unable to access
Eventually, I was issued a new IP address from earthlink and was back online as the ageless Sun Tzu once more. But I still live in fear that someday, perhaps when I least expect it, the evil orange BANNED! page will return to haunt me. This is the personal hell that I inhabit and it is here that I shall remain, until I get a clean static IP address of my very own. I live for that day.
--
Send us your Linux System Administration articles
Geeky modern art T-shirts
The last time I checked, being a user of an ISP or the company that carries the packets means you're a customer of that ISP/provider ... your money is used to pay for their services.
i am a soviet space shuttle
So the question presented by this article would be "WHY is blacklisting spammers a bad idea?" Unfortunately, it doesn't answer the question.
The blurb mentioned by the article submitter is the entire coverage of any such activity. The rest of the piece then goes on to complain about the user's ISP. Those who haven't RTFA'd can feel comfortable in skipping this one.
I'm sure this submission will provide nice fodder for expressing annoyance over spamming and horror stories of "collateral damage". But then - we've had plenty of those before. It would have been nice if an article had provided some framework around this kind of conversation.
This article doesn't.
There's nothing wrong with blacklisting as long as each customer can choose which blacklist they want to use (if any). That's the way most blacklists work: they are opt-in.
What is wrong here is that the ISP itself makes the decision unilaterally and uniformly for all its customers.
Blacklisting spammers is a bad idea. Hey, I hate spam just as much as the next guy but it sets a dangerous precedent. Blacklisting gives one entity, such as an ISP, the ability to censor what others can read. Rather than trying to eliminate spam, we should be trying to manage it. For instance, my university quarantines all messages that are likely spam and sends me a daily report. I quickly scan the report to make sure the software didn't snag a legitimate piece of e-mail. In fact, the software has, on occasion, quarantined legitimate e-mail. Now, if the sender had been blacklisted, I would never have gotten it. However, I was able to rescue my poor e-mail from quarantine. It may be just a coincidence, but the e-mail that was unjustly quarantined was of a political nature. Thus, there is a fine line between what the governing body considers spam and what I do. If the sender had been blacklisted, it would have been equivalent to political censorship. That is why blacklisting is such a bad idea. We need to manage spam, not blacklist.
Long live Schrodinger's cat...
I once tried to subscribe to a mead mailing list that I found on a web page with my rogers.com Address.
I got a letter saying 'YOUR SPAM HAS BEEN REJECTED!'
I wrote the guy who ran the web page and told him and he laughed and subscribed me.
Still - to have the whole domain rejected because of BS is wrong, IMO.
Interestingly enough, very shortly afterwards Rogers adopted a policy of having to have a password to get on the mail server, and my excellent mailer PMMAIL already had a new version that could handle it.
It's Christmas everyday with BitTorrent.
The good it does is far outweighed by the bad. Just like everything else in life, mistakes will be made. You can have a problem with the process to correct mistakes, but advocating RDNS blacklisting should go away doesn't make sense.
I love hearing these "horror stories" about people listed by some well-known DNSbl like SpamCop or SPEWS, telling us how unfair it was and how impossible it was to work with the list maintainers, but they never provide any details so we can't investigate their case.
Of course, in one case a company did provide extensive details that, when looked into, showed that their listing was perfectly justified.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
The thing we all forget is that spammers are human. If a single address is being blocked, then they change the addresss. If they are spoofing, there's a chance you can incorrectly block a whole domain because of one idiot who setup an open relay. Case in point, at work, all e-mail on the .biz top-level domain is blocked because of the amount of spam taht is recieved from it. What if someone we'd like to do bisness with is on that domain? Alot of the typical comapnies you do musiness with have the .com tied up but if your starting a new business, sometimes the only one available might be the .biz. I personally have given up and try to filter as much as I can knowing that even that won't help.
Gorkman
This is totally off topic and I hope it gets modded as a troll or -1 Ignorant.
But... the Noos web site really pissed me off. The fronsay is no big deal, je le parle comme tout le monde. But what is the deal with the animated text, the little blinking lights saying 'clickez ici, you big dumb user you', the text highlighting gizmo, and that terrible, terrible logo that looks like a genetically-modified O with extra ears.
I mean... an ISP like that and you expect service? What the fuck?
OK, I had to say it. I'm feeling calmer now. You can mod me down, thanks.
Ceci n'est pas une signature
I believe that generally blacklisting still works, heck I'm filtering out all emails from Russia, and Hong Kong, places I know that I won't get email that I care about. If properly enacted, blacklisting is a great idea, we can't just declare it a bad idea since Verio implimented it wrong. I bet other places we haven't heard of are having wonderful success with blacklistings.
So many times /. takes on the spam issue. Sometimes it is whitelists, sometimes blacklists, sometimes legislation, sometimes filters. The only answer is education of the public to not patronize. It seems to me that /. readers could mount a campaign (perhaps in the form of public PSAs)or possibly getting politicians (this is an election year coming up) to include in their message "we all hate spam and until we can (heehe) regulate, do not read or respond to spam e-mails."
Long shot for sure but grassroots campaigns have worked before.
TG
Yep, I am tired of getting the dreaded pink slashdot screen (DPSS), after hitting several times F5 it loads the page correctly (weirdly developers.slashdot.org is the hardest to bypass) /. bans spain? /. ban on spain lame /., one of the addresses listed in the DPSS, but to no avail , the /. admin want me to contact my adsl proxy administrator and from there the Telefonica "techies" (another joke) and /. admin resolve the matter, what a JOKE any one in Spain will LOL at that thought, its impossible to talk to any one in Telefonica, they have a monopoly and frankly they dont care about each users because they know we CANT switch) /. is very kind to ban ,thx very much. (and no its impossible to change that, i cant switch adsl provider because all of them are resellers of the main one, and since the main one uses a "transparent" proxy .....
Why
Yep I know my evil "isp" hijacked the internet and put a transparent firewall but I CANT switch "isp" there is only one "real" adsl provider in spain Telefonica, the other ones are resellers of the same product.
(I tried once emailing
Note: All adsl in spain goes to port 80 using only a handful of IP adresses which
To get kicked from Verio, you have to burn down a network center or something like this. About 500 mails from users to abuse@verio.net for one spamvertized website netmails.com and no action taken ==> They do nothing against spam. They tolerate spam.
.
Check for yourself: Verio's Listing
I use blackholes.us to block (port 25) entire countries (cn, kr, tw) and ISPs (Verio, interbusiness.it...) that do not qualify (in my standards) for connecting to my mailserver.
NSG
Grundgesetz * 23. Mai 1949 - 30. November 2007 - http://www.vorratsdatenspeicherung.de/
Blacklists, and pretty much any other spam detection technique, work just fine as long as people are intelligent enough to realize that they're not absolute indicators of anything. If you use a combination of multiple blacklists, content analysis, and whatever else you can come up with, weighing each one according to the correlation between messages matching it and actually being spam, you'll generally do just fine. Rejecting mail solely on the basis of its presence in a single blacklist or its matching a single heuristic will pretty much always lead to lossage sooner or later.
For instance, my university quarantines all messages that are likely spam and sends me a daily report. I quickly scan the report to make sure the software didn't snag a legitimate piece of e-mail.
So you bury your head in the sand and if you can't see the spam, you assume that it didn't cost you or your university anything for the bandwidth or storage. You're what I refer to as a spam ostrich.
If the sender had been blacklisted, it would have been equivalent to political censorship.
Even assuming that the university chose to blacklist the sender because of his political views, it would not be censorship. The university owns the computers. They pay for the network infrastructure, bandwidth, mail servers, and storage. The sender has a right to say whatever he wants, but the university is under no obligation to receive, store, and forward those messages. If the University wants to blacklist e-mail from NAMBLA, they have every right to.
I dare you to try and contact the Earthlink Network Abuse department. At my work, we are a (legal) online betting site and were getting pounded by several Earthlink IPs grabbing our free odds.
With megs of apache logs for each IP address, Earthlink network abuse must have taken the week off. 17 Emails and 8 calls. With NO answer, NO response on anything.
We cannot just block all of Earthlink's dynamic numbers because of ten insipid users. I wish death on all the sysadmins at Earthlink and I curse their children with webbed genitailia.
((Before replying with suggestions to do on my end, they have been tried. mod_throttle wasn't an option, dynamic temp bans had to be watched, blah, blah, blah.))
When modding "Informative", please make sure it both has a source and IS actually informative.
Gah, this story is not what it appears to be from first glance. This is a story about an ISP (a known Spam Supporting ISP at that) blocking access to a website through its network.
Most times, a blacklist is used only for e-mail blocking and not website blocking. Alot of DNSbl maintainers specifically tell you that their list should NOT be used to block anything but e-mail.
Its just stupid and pointless to filter out websites - unless you want to support censorship.
Now, onto Verio blocking a spamming website. What a crock! Maybe they should start cleaning up their own act and throwing the spammers off of their network FIRST before trying to be a netkop.
Now for a shameless plug - the AHBL is online for those of you who use DNSbl on their mail servers.
Brielle
Actually, something similar happened to me, I was sitting on a domain, and all of a sudden I started getting spam complains. Turns out they were using a link to my domain as to divert attention to the real link they wanted to send people to, however the person who reported it didn't see what the spammer was trying to do, and ended up logging the complaint with spamcop. Spamcop gives you the ability to reply to said spammer and I tried to explain what the spammer was trying to do in their email, item by item. Never received a reply from the person.
I'd have to say this is pretty rare. That's just bad policy. At the ISP where I work it takes multiple offensives and the offending ISP has to either not respond to our multiple complaints for over 30 days or flat out refuse to do so. At such time we will blackhole them.
/16 or something because someone in a /30 is spamming. That seems to be more of an issue these days than what the author of the story is writting about.
Personally I see this more as an overzelous or undertrained staff at one ISP. I haven't heard too much of this happening myself. I think the biggest issue with blacklisting is when you end up blocking say a
Based on this story, it seems Verio decided to block the presumed source of spam by means of the routers. That's a rather extreme measure. Doing such things in routers, whether by access list, or by blackhole routing table entry, is not nearly as easy, and does not scale as well, as blocking at the receiving mail server. But they may have wanted to do so because so many mail servers are run by clueless people that can't configure their way out of a paper bag.
I block spam source at mail servers, not routers (except in very extreme cases, but there are current none blocked at routers). That gives me the option to whitelist specific senders and/or specific recipients. So I'd say the real issue he is not that blocking/blacklisting spammers is bad, but that blocking them in stupid ways that lose control is what is bad.
Blocking spam and spam sources should be an end-point decision. There are risks in blocking, and different people have different needs and different sensitivities to that risk. Even your own ISP shouldn't block spam for you unless you agree to it with the understanding of how they are doing it. The best solution is for you to have total control if you wish, particularly in the ability to whitelist, and even blacklist, specific exceptions you want. Those who don't know the details of how this is done would have to delegate that to someone (such as their ISP).
Even content based spam filtering can be broken. What if my girlfriend sends me mail telling me what she's going to do with certain parts when she comes over tonight. I sure would not want that to bounce. Of course I can whitelist her email address (and hope her computer doesn't get infected by some spamming virus).
Blacklisting spammers is good ... when done right. Verio didn't do it right.
now we need to go OSS in diesel cars
First of all, it could be reasonably argued that it is still censorship, but that it is within the university's rights.
However, the more important question is whether the university is public or private. If the university is public, blacklisting based on political content violates 1st amendment speech protections (assuming he is in the US), and sets a dangerous precedent of government interference in political communication.
I don't like NAMBLA either and an argument to censor based upon obscenity could reasonably be made, but what about censoring the NRA or Greenpeace or the Earth Liberation Front?
Of course, if it's a private university, yeah, they can blacklist away.
I prefer filtering mail based on the content. Every mail with the words free+porn etc. get blocked.
How could i try to find a girl in my town when even the companies in the USA knows that I'm a boy in need of viagra, penis enlarment who looks for pr0n all over the internet?
All work and no play makes me a dull boy
Yeah, I'd like to say to the AOL users on my lists 'tough luck', but I cannot do that.
Our corporate site was moved by our ISP to a new IP block, and spamhaus.org seems to think the entire IP block is 0wn3d by spammers. Funny, I didn't know our fire department was in the spam business. We run an exchange server for our internal and external email, from our ip. 3 emails later, all I get is snotty replies from them, no practical advice on how to get off the blacklist. Even if the IP block is the property of a slightly shady group, what prevents them from entering legitimate business, and consequently trying to do the right thing... Basically the only information I received from spamhaus was to get my ISP to move us to a new IP block. Easier said than done, since they just moved all of their clients to this block over the last couple of weeks. Aggravated. Still blacklisted. Pretty much never going to use a service like this in my environment.
Ocean is land, covered with water.
I understand the reasons for blacklisting ( I won't argue about the due process issues in which some people get wrongly blacklisted or find it hard to be un-blacklisted). Blocking evil senders of spam is good, even if some people are overzealous. But the situation here is the recipient was prevented from accessing data that they wanted.
If I, the requestor and recipient of communications, want web pages, e-mail, etc. from a given domain, why shouldn't I be able to get them? Since when is the ISP in loco parentis for my communications? I appreciate the blacklist, but shouldn't each user have the right to create whitelist exceptions to any blacklist? One person's spam is another person's interesting newsletter, web page, or whatever.
Signed,
Hates spam, but hates overlords even more.
Two wrongs don't make a right, but three lefts do.
You're welcome to your opinion, but I happen to think you're dead wrong.
The combination of RBLs and personal block list I use block over 200 messages per day. In four years, I've had only four reported false positives. Two from known spam-haven ISPs and two from servers that were open relays.
Seems to be a pretty good ratio to me.
A very similar thing happened to me. I run a reseller hosting account for myself and my clients on a machine with a few hundred other reseller accounts (and therefore probably thousands of domains). Somebody using the server either sent or was reported to have sent spam to somebody with an AOL address. It was reported, and AOL started refusing any email directed to any AOL account.
This created havoc for myself and my clients (and everybody else on my server, and one other server run by my hosting provider) for months before it was finally repaired. They sure took their sweet time about it, my hosting provider was in dialogue with them for probably four or five months about the problem.
Punctanym: alternate spelling of words using punctuation or numerals in place of some or all of its letters; see 'leet'
Too bad about using Noos. They don't do jack to rein in their spammers, let alone disconnect their compromised customer boxes. The result:
... ad infinitum
Nov 3 16:45:17 postfix/smtpd[22369]: reject: RCPT from m85.net81-67-178.noos.fr[81.67.178.85]: 554 <twilaknox_mf@anu.andong.ac.kr>: Sender address rejected: anu.andong.ac.kr does not accept bounces (DSNs).; from=<twilaknox_mf@anu.andong.ac.kr> to=<A SPAM TRAP ADDRESS>
Nov 3 16:45:20 postfix/smtpd[4701]: reject: RCPT from m35.net81-64-230.noos.fr[81.64.230.35]: 550 <m35.net81-64-230.noos.fr[81.64.230.35]>: Client host rejected: blocked dom spam inject.; from=<whatcher_kd@centraalbeheer.nl> to=<ANOTHER SPAM TRAP ADDRESS>
Noos is bad news, and is generally not allowed access to my servers for SMTP. Full firewalling is near.
Checking the server has many legal risks. First of all, this is going to be triggered by the fact that spam came through. While some blacklists probably do just scan around for open relays, others don't (they wait for spam to happen).
Once the spam comes through, it still isn't clear how it got through. It might be an open proxy and the spammer is adding extra headers to mislead people into thinking it's an open relay. Or it might actually be coming from a real spammer directly (who is also adding those headers). Or it might be an open relay. If it is an open relay, which trick was used to get it through? There are some address re-writing tricks that fool many (older) mail servers (like MS Exchange) and won't be obvious in the spam that was received since the addresses have now been changed. There are a few dozen different ways to trick mail servers, and they would all have to be tried to verify if the mail server is indeed an open relay. Many of those methods involve forgery of the mail server's own domain name and possible of real users there. This has in fact resulted in at least legal threats (a lawyer who actually requested a re-test felt it was improper for the test to forge his domain name, even though that's likely what the spammer actually did to get through in the first place ... and he threatened legal action due to his own stupidity).
But regardless of what method was used, or how the spam came through, if it was indeed spam, why bother testing. Since at least one problem exists, just block it anyway, and let the administrator figure it out and fix it. Once spam delivery attempts stop for a while (perhaps for as long as spam delivery attempts continued to happen), then automatically unblocking would be a good idea (we just presume the administrator figured it out). If spam resumes later, block again (and add some more time for 2nd offense). No need to test anything.
now we need to go OSS in diesel cars
I have setup a whitelist in mozilla that allows email from people I know, but moves all spam to my spamfiltered email box. It works VERY effectively. I cna then look at my spam filtered folder and see if there is any that I need to move elsewhere.
I wonder how long spammers keep email addresses that don't show any kind of reply. If I never open the emails, or reply to them and for all intents and purposes they just disapear, how long will they continue spaming that email address?
Only 'flamers' flame!
Does slashdot hate my posts?
I do just that, but run into another spammer generated PITA. Since my IP is included on some blacklists as a dynamic IP (which, unfortunately it is) many mailservers (especially lately) have begun rejecting any mail sent directly from my IP.. Not a big deal, I just relay it through my ISP's SMTP server for those domains, but it's still a PITA. And all becuase of our friends, the spammers. Thanks.
"Why Blacklisting Spammers is a Bad Idea: It Takes Up Valuable Time that Could Be Spent Tracking Them Down and Killing Them"
...."Why Irresponsibly Blacklisting Spammers Is A Bad Idea...? To say that all blacklisting is bad is irresponsible in and of itself.
it doesn't appear as if Roland has any point about spam or blacklists, but that his article is primarily about an isp using bad practices and thus causing him hassles. If people would take the time to read and understand what he claims occured, it seems to me that he had issues with any access, which isn't a spam blacklist, it is probably a route drop or universal block, and that can happen for many more reasons than spam.
in any case, i don't think this has anything to do with spam, nor does it speak poorly about blacklists. in fact, properly used, blacklists are very effective against spam and form a vital part of the anti-spam toolbox as any filter system does.
Verio doesn't blacklist spammers. Verio HOSTS spammers. Verio is friends with spammers. Verio has a long and storied history of supporting spammers, so I think it's far more likely that Verio got blacklisted and not the other way around. This guy should have switched ISPs but he completely misunderstood what happened here - he thinks that Verio is blocking him from viewing some random web site. What actually happened is Smart Mobs' ISP blacklisted Verio, probably with good reason.
Spamcop only requires one complainant and since it is fully automated any mail can be used to blacklist a site.
More and more people are being affected by both spam and blacklists. Usually people are only aware of blacklists when they block legitimate mail - as with most things in computing when something works well there is very little comment, but when there are a few small problems all you hear are complaints.
First, it's obviously a bad idea to block all IP traffic for an entire netblock (except under extreme circumstances -- attacks, for instance).
Spam is a huge problem, and there are some very effective DNSBL's (DNS blocklists) out there that can let a mailserver reject mail coming from a certain IP address. There are many different DNSBL's out there, and each has their own policies on what IPs they will list, how they will de-list, etc.
I don't like DNSBL's that list IPs based on non-spam related criteria. Examples include: country/continent of origin and service class (consumer vs. commercial). Blocks based on such criteria just divide the Internet, and don't even take into account where spam is coming from. I think it's a slap in the face of the Internet for a company to say, "I'm going to block all traffic from dynamic IPs, because they are not commercial connections".
Then there are the blocklists that block IPs that send spam. I like this approach because the lists are designed to block what I don't want; spam. sbl.spamhaus.org blocks regions of the Internet that perpetually send spam. blackholes.easynet.nl similarly list established spam sources. relays.ordb.org and list.dsbl.org block open relays and proxies that were found to be points of abuse.
Of course, those who compile blacklists don't do much checking, either, and there's almost no way to get yourself off a blacklist once you're on, but that's maintaining a blacklist blindly. Even if your blacklist isn't maintained blindly, it's undoubtedly implemented blindly.
If all this should have a reason, we would be the last to know.
If you report spam (via spamcop) and the ISP "refuses" to take action against the spammer (outside the USA), is there a way to go further so as to hold the ISP where the spam originated or the ISP hosting the advertised site accountable?
Thanks
Policies and procedures? Like SPEWS, "Don't call us, we won't call you either, we'll just blacklist as much collateral damage as possible while being ineffectual."
You paid $80/mo for cable, you had to spend
Sign me up!
But then again... those tech support people are there for a reason. So there must be a way to call them. Clearly, you didn't know what it was, but if they took no calls, they'd at least fire the support people.
As for them not accessing the internet...well, it is an ISP, but ISPs hire the lowest common denominator for tech support. The only competent people are just those who slip through the cracks -- and trust me, having been there, we escape quickly. That said, the tech support people will only be capable of one thing: following a script. If your problem isn't on it, tough. And you don't need internet access to follow a script.
So some bandwidth provider accidentally stuck a site on a blacklist. And then it got fixed. Is there some important angle I'm missing here?
Don't tell me, because of this upset you missed meeting up with four thousand other bored office workers in a public place to do something 'wacky'? Boo freaking hoo.
Preferences > Homepage > Customize stories on homepage > Authors > Zonk > Uncheck
Blacklists are bad, they foster lazyness, splinter access, and all sorts of other nasty problems that make the Internet fall short of what it promises. I recently started using Eudora 6 with Bayesian filtering, it has worked really well so far.
Choose another ISP...If enough people do this those that blacklist without checking will eventually learn better.
As a regular slashdot reader, this is the sort of non-biased, non-flaming discussion we need. If you ask me, too many people just leap on the burn-the-heretic bandwagon around here. I run my own smtp server, apache, etc. (because I *need* to - I'm freelance, I need a good site, and related email to work).
If those of you who know better don't educate those of us who don't, and point out where we're going wrong so we know how *not* to do things (for example, I know enough now not to let my smtp server accept requests outside my internal address range after reading
Respect to the poster, and the replies. There will alway be those of us who *aren't* dedicated network admins who *need* to run services for which we can't afford professional help.
Thanks to the likes of you, I at least have an idea of what I should be looking out for, and I know enough to shut everything down when something odd turns up.
Flame me as you like, but at the moment, I can't afford to turn work down. I am thankful, however, that I read enough here (and in the appropriate links - yes, I did rtfa), to try my best not to add to the problems of the web.
Dammit, I think I just bigged up all of slashdot, trolls'n'all...
I've learnt a lot around here. Most of it has been from people like the above post, and the replies to it. Keep this up,
Warning: May contain nuts
The amount of spam email the company I do IT work for has gone up by a factor of more than ten in the month or so since two of the RTBH sites we used were DOSed to death. We're currently signing on with Postini, because it's gotten so bad that our CTO was getting upwards of 200 spam messages in the time between leaving work in the evening and coming in the next morning.
Me? I use a Mac, and mail.app filtering, so I didn't even *notice*. My spam went from 1-3 a day to 3-5 a day.
Postini is expensive, but a dedicated anti-spam service looks like it might be the only corporate-wide solution in days to come. Filters work fine until you get lots and lots of people using them. Once you hit a critical mass, the spammers will start taking them apart to see how they work and then designing spam to fly in under the radar.
I must admit I can't imagine who would possibly buy medicines from a spammer, though. I suppose someone must, but it sounds like about as good an idea as putting your hand in the garbage disposal, removing the switch plate from the wall, and inserting your tongue into the switch box.
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
Just start sending out lots of spam featuring their URL!
In fact, it'd make a great BOFH response.
You're not interested in making your coworkers' lives easier. You would rather dick them around. 'I'm getting a lot of spam from AOL.' Okay, we'll block all of AOL. 'But I have a student who signs on using AOL.' Okay, well, we'll unblock EVERYTHING for you, so you don't get your spam blocked at all. That'll teach you to complain about anything ever again.
Funny, the way I look at the job of an IT person, it is to enable the people who do the actual work at my place of employment to do their jobs more easily (or, in some cases, at all). Not to make them keep their heads down and then call in their friends over the weekends to set up secondary email accounts, so they can actually get the email necessary for them to do their jobs. For example.
Sheesh.
-fred
Who is having an enormous amount of trouble making Exchange behave itself, and who wishes he'd never heard the words 'Industry Standard', but who is still game. For a while, anyway.
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
At least Oracle has real, decent, non-brain-dead installers for Windows.
They have a Solaris programming team, who writes the Solaris installers when they find time, and then ports everything to linux.
They have a dedicated Windows porting team for the database, and another (small) one for the installer.
That's why you can install Oracle on basically any version of windows with very little fuss, and on one or two versions of Linux by beating yourself about the head with a hammer. Metaphorically, of course.
I shudder to think of what the MacOS X version is going to look like... because it's almost certainly going to be a straight port of the Linux one, written when the Solaris developers have a few free minutes...
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
Over the past 6 months, some 65% of spam (and spam attempts) that my ISP received came from less than 0.16% of the assigned IPv4 address space.
Almost 2/3's of the spam we saw was sent over SMTP connections from one of 77 CIDR blocks (ranging from /16 to /30 in size).
These 77 CIDR blocks represent less than 1/6 of
1 percent of the assigned IPv4 address space.
BTW: The CIDR list growth factor is not much when you move from the 65% level to the 90% level.
Spam is truly a world wide problem. Those 77 blocks, by national/region, break down as follows:
"Yes, Virginia", a few IP address blocks do transmit most of the spam.
chongo (was here)
...that you're perfect, and have never done anything ill-informed, spiteful, purely accidental, or just plain stupid. Therefore, you can tell people not to fuck up in the first place, because clearly the rest of us just aren't trying hard enough.
The rest of us, sadly, aren't interested in trying hard enough, especially if it results in as much difficulty as you seem to have in extracting your cranium from the depths of your large intestine.
That said, I do agree that two weeks isn't an irrational amount of time for this. If it had been two months, though, I would say that they were, in fact, being irresponsible, because they said they were doing something, and then they didn't actually do it, and in fact damaged someone's personal life and potentially their business for making one simple, easy-to-make mistake.
At some point, if you volunteer to undertake a project, and then in the course of doing so you dick someone over in an easily-prevented manner, you are acting unethically. Doesn't matter that you volunteered: if your actions can screw up someone else's life, you have the obligation to be careful of them.
I try to avoid killing pets in the road, if I can do so safely. It's certainly not illegal to run over a cat, but it's certainly not nice. The argument that 'they shouldn't have let fluffy escape out the window that their nine-year-old accidentally left open' does not, somehow, cause me to decide not to (gently) step on the brake.
I know, I know, I'm the anti-libertarian, right? Saying that we actually have some sort of obligations not to actively screw over our fellow man? God, I'm a pinko commie symp! Shoot me now! Or something.
Sheesh.
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
Either way, you lose data. One way, the spammers lose more.
Blacklists may be bad; the alternatives are substantially worse.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
What's needed is a two pronged approach. One prong is legal and is being followed fairly well; pass laws that make spamming illegal. The other prong, which is still under development, is to make technical changes to email so that spammers can't hide their addresses.
First, I don't share your glee about current laws and the direction they are taking. I fear email will end up like broadcast radio and TV - only people who pay big bucks to the government will be alowed to run a mail server. The result will be as dismal as broadcast media is, but worse because mail is personal. Imagine licensed spam and every email service being like Hotmail - a spam in every can! Your email will always be searchable by government agencies and spammers if people like AOL and Microsoft have their way.
How do they get there from here? They are already half way there. Blacklists are a part of it. Any ISP that does not prevent their users from running mail servers gats on M$ and AOL blacklists, regardless of the actual volume of spam. Convienetly enough for them, this puts further pressure on smaller ISPs and eliminates competition, compliance or no. Another way to get there is by creating mechanisms "so that smappmers can't hide their addresses". This would create the kind of central authority that the internet was designed to avoid. Wanna bet who will run that central authority? The smarter you make the net, the dumber and less free it becomes.
Laws making spam illegal, with reasonable definitions of spam are the only way to kill spam. The IP address of the spammer should leave a large enough trail for people who really want to bust spammers to follow, so it is indeed practical. Some recent turns are good, I just hope it applies to the big boys the same way it applies to the smaller ones. Somehow I doubt it, despite small charges against ATT. No spam is ever acceptable on a medium that was designed to work on pull and our laws should reflect it. If France can keep people from selling Nazi junk, the USA can halt spam if it wants to.
Friends don't help friends install M$ junk.
I was subscribed to FlashMob mailing list (in NZ) for a while, until around two months ago, a subscription script update caused every new subscriber's information to be forwarded to the entire FlashMob announcement list. The list didn't have moderation and everything could get through. A massive flood of email followed with three kinds of topics: (1) people's subscription information (including their mobile phone numbers!), (2) replies from people asking to be unsubscribed, (3) people asking others to stop abusing their cell phone numbers and stop texting or phoning them. Because many of these emails were people's work addresses, quite quickly the FlashMob distribution list and associated domain (flashmob.co.nz at the time) got added to the official block lists for programs like Spam Assassin. This information could have easily flowed up to the official spam block lists and a more general FlashMob or SmartMob web site could have been "identified" as a potential cause of troubles like this one, cause it to be officially blocked.
Cheers,
Alex.
What a maroon.
Still trying to push fads on the public and claim visionary status.
I wonder how much this scam makes him after taxes.
There seems to be a fair amount of fear in the community that Spam is a problem for which there does not exist a solution.
Short of shutting down the internet.
Hmmm.
I don't think that is the case.
I do think though that creating laws and litigation against spammers (except special circumstances, such as sending porn to children) is a slippery slope that will almost cirtenly backfire.
At some point the spammers are going to get smart and realize that they are sitting on a free speech case. If the Supreme Court finds in there favor then we have real problems.
Besides, when we are dealing with laws one is left asking 'just what is spam?'. If my kid sends out an email to every kid in his class, is that spam?
And if it isn't, then why not?
For me that is something worth protecting.
I feel strongly that Spam can be solved. The solution is a 2 pronged attack. The first bit is at the ISP's end. The 2nd bit is on my computer at home.
In the next couple of years an anti-spam filter will be just as common as a virus filter.
That is the solution.
Unfortunately, these Windows viruses that make a broadband customer act as a spam relay are a big reason that ISPs are considering blocking mail from dialups/dynamics.
This is ridiculous! Viruses could be completely eradicated if ISP's would apply an outgoing email filter. If it detects a dangerous attachment coming from a specific customer, they drop that customer into a sandbox, and the only webpage they can receive is one that explains that they are infected.
With sender forgeries now, the only ones that can stop viruses are the ISP's that allow their customers to continue pouring these emails outbound.
All it will take is one good lawsuit against a large ISP for damages due to neglect.
Ironically, the word ironically is often used incorrectly.
Job, now that you have posted it on /. no one will be able to see it for months
Vote for new mod!!! Score:-2,Imbecile
what I'm trying to say is that there will never be a perfect way to stop spam, and it will always be there... the only thing we can do is create better filtering software. the whole blacklisting idea already has huge vulnerabilities... and the lists can't evolve fast enough. whitelisting has a problem when your a company that needs an email address out there, like tech support... people won't like having to call a number to send an email... why not just call the number in the first place?!
I think the only real way to go about it is to get better filtering software and enter into an eternal war between spammers and anti-spam software.
"Their private e-mail is not a public forum."
..."
From a constitutionality standpoint, this doesn't matter for a publicly-funded institution. If an agent of the state, e.g. a public university, intentionally limits speech based upon political content, this constitutes a first amendment violation (abridgement freedom of speech).
Note that I said the argument could be reasonably made, not that I agree with it. I actually do NOT advocate censorship of even them. The point I meant to make was that blacklisting addresses based upon it being an origin of obscene content MIGHT be LEGAL considering precedent. I assumed that NAMBLA e-mails would probably contain obscene content (legally obscene: definition depends upon local social mores). If none of them did and they were merely political arguments, then the legality of a public university blacklisting them is highly questionable.
"... University has a right to limit what traffic they carry on their mail server
If they are a public university, I would argue that because they are an agent of the state, they are limited in their exercise of discretion by constitutional guarantees. A public university that is censoring e-mail from the Sierra Club due to political content is unconstitutionally abridging their freedom of speech. Any lawyers want to cite relevant case law for me?
There will alway be those of us who *aren't* dedicated network admins who *need* to run services for which we can't afford professional help If you *need* to run a service and don't know how to do so (which I am assuming from the reference to "professional help") then you have to keep in mind that if an incompetently run service becomes a nuisance (or worse) to another network or its users, then the admin of that network has a responsibility to lessen or eliminate that threat. Leaving a proxy open for raping by spammers doesn't make you a bloodsucking demon, but it is definitely grounds for having your IPs locally blocklisted. (Just as an aside, threatening to sue an admin after getting blocklisted is a great way to make sure you stay in that list until the sun goes nova or Windows is GPLed, whichever comes first)
Better a million spammers go free, annoying billions of people, rather than temporarily inconvenience a handful of innocent domains? I'll take that inconvenience as acceptable risk for living in a world populated by asshats.
Mr. Spock had it right.
It's easy to forge headers, everyone can read your email, it's stored on public record, and sometimes ISP's delete it for no reason at all.
GET OVER IT!
Leaving a proxy open for raping by spammers doesn't make you a bloodsucking demon, but it is definitely grounds for having your IPs locally blocklisted.
It frustrates me that the http proxy:
1. Didn't warn me that this was an issue upon install
2. **Allowed this to happen at all**
I have submitted a bug to the developers. This is a known issue, though I'd never heard of it before, nor had 2/3rds of my geek (professional programmers, recreational sysadmins - which describes myself as well) friends. If http proxies blocked all requests (or at least PUTs) to localhost/127.0.0.1 and all know network interfaces on the local machine, this kind of thing either wouldn't be a problem, or would be much less a problem.
Again, pot - kettle - black. Still, good software wouldn't allow this kind of thing in the first place, and recreational sysadmins wouldn't have to worry so much.
Finally, as I'll mention in another thread, I only discovered I was an open relay when my DSL line acted up (total "lucky" coincidence) and I did a lot of investigation on the server. I discovered a huge email queue (which I nuked) and lots of RBL delivery rejections in the mail log. If they had sent ONE message to root@[my ip address] I'd have found out immediately and shut it down within a day.
The lack of comas is annoying, but the use of "your" instead of "you are" or "you're" is flat out offensive. Once could be a typo, but twice -- in just four lines of text -- is alot.
In Soviet Washington the swamp drains you.
I was customer of Noos years ago (was called Cybercable in 1998), but still subscribe to the customers' mailing list: it's so funny to see that some things never change.
I've never seen anywhere else in France such a mix of technical incompetence and arrogance. Billing department and technical support are be firewalled from the rest of the firm to maximize client frustration. Written contracts (small grey prints on yellow paper) are LOST in their internal process. Snail-mail is ignored (even 'official' with signature required).
In the past, these people were selling only water and TV cable, and are used to deal with local authorities to establish local monopolies, not to deal with customers that deserve a bit of respect. My English is too weak to explain all the frustration they raised.
And it is lasting for YEARS... The perfect example of the bad effects of big conglomerates : Noos is owned by Suez, a big financial firm, and the darwinits side of capitalism (the best one) can't apply.
The positive side : to keep my e-mail safe ('disk full' on a SMTP server, and e-mails waiting days to be delivered drive me mad), to keep a sane DNS, I was forced to learn Linux, and manage all of that myself.
As soon as ADSL was available (2000), I switched, although it was more expensive. France Telecom is not perfect, but there are still some compentent techies there. Now, there are much more competiton on the market, I don't understand how Noos can keep a single Internet customer.
Christophe (Don't hesitate to point out my spelling and grammar mistakes, I want to learn - Thanks).
Basically, the more effective the blacklisting system becomes, the more controlled the process has to be. If we will have a world-wide, effective blackilisting system, it will eventually have to have the same kind of protections a court (in some countries at least) offers. With the inherent bureaucracy and delays.
This is not necessarily a bad thing, except that the delays contradict with the efficiency.
Jarmo
your ISP has explicitly signed up to SPEWS because it works. it works because it encourages ISPs to be RFC compliant. it's for the greater good: i don't *care* if it breaks your email to your mom on a blacklisted ISP: it's your ISP's business decision to ignore spam complaints and become spam-friendly. natural selection says their customers get pissed off (step one: looks like it's working so far) and then jump ship to an ethical ISP. eventually the spamhauses go bust.
It takes more than 1 complaint. And the less complaints there are, the shorter the duration of blacklisting. Starting from hours.
So the ISP did something idiotic without checking it. HUH. The blocked site was not a spam site. Then why does this mean spamming spam sites is bad? It just means that the ISP has idiotic, clueless employees.
Next!
If all protocols were blocked, he wouldn't see that 404 error, right? I don't really understand why the Verio/Noos connection should matter. I'd probably imagine that Verio's blocking would have a global affect, not just on their peerings/downstream customers.
He would if it were redirecting to a non-existant page on Verio.
Ah-HAH!
I'm a part time IT guy for a small legal firm. They use Exchange internally (good shared calender).
Recently we've been unable to send email to AOL addresses. AFAICT we're not on any black list DBs, and (also AFAICT) we're not an open relay.
I've tried contacting AOL about this, but, well, I've never actually spoken with a wall, but I imagine it must be something like this...
I got news for you... you can't send e-mail to any servers I administer, either.
A quick look here will tell you why.
noos.[fr|net] harbors spammers, and doesn't deserve to talk to the non-spamming parts of the Internet until it cleans up its act.
My wife works for a government child protection organization in the Netherlands. Last few months the major ISPs over here have started using spam filters for their clients, and the organisation's email accounts are now continually blacklisted, once even by the Ministry of Justice ISP. On average, about 60% of email reaches its destination. In the past, angry fathers hijacked domain names and search terms. Now blacklisting lets them interfere directly with daily work.
These blacklisting schemes are criminally stupid, and their use should (and probably will) be prohibited. Interfering with the delivery of a paper letter is usually treated as an offense, and could (in a similar context) theoretically lead to max. 18 months in prison here. A complaint of spam should at least be verified in an acceptable way before mail interception (and that includes being read by a speaker of the language it is written in, of course, and verifying that the sender is not a government agency legally competent to "spam" citizens in the public interest).
Now this is the official logic of the infamous Spamcop: "If people report your site as a source of spam, it will be listed. If people stop reporting your site as a source of spam, it will be de-listed after 48 hours. The only way you can be removed from this list is to avoid users reporting your site as a source of spam - either by changing your behavior, or by negotiating a cease-fire with the unhappy users." Has anyone ever pointed out to these guys that there are other roles in communication than that of "user". Surely sometimes you are justified in not "negotiating" with your "unhappy users".
I like the idea of distributed hierarchal cut-offs to enforce good behavior.
If a spammer sends me something from dialup213.somenet.isp.com, then instead of blacklisting all of isp.com, they could blacklist somenet.isp.com while they address the problem of isolating the bad customer.
Unfortunately, we have a broad flat tree.
Once the originator is at hotmail.com or aol.com, hierarchal decomposition doesn't work because you have to commit mass killings.
"Provided by the management for your protection."
Isn't this why spam is a bad idea rather than why blacklists are a bad idea?
-Rich
Of course it would be better to find some friendly admin at a non-http-redirected site who would give you access to his proxy server, but then not everybody has this kind of friends.
There's always the Anonymizer service. I've had great luck using them when my IP address got banned from Slashdot. (It was my own dumb fault, so I wasn't complaining.) Their site has Yahooified -- it used to be easy to find stuff, but now it appears to have been portalized. But if I'm translating correctly, they're now offering anonymous surfing in the "Privacy Manager" package for us$30/year (payable by PayPal, credit card, or other methods).
Or, for another type of proxying, you could always just read Slashdot in Pig Latin...
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
!!~~Flamebait Warning~~!!
My Fellow Americans!
Our country is a sad shape nowadays!
And those of you who wish to attribute it to anything other than our own misdeeds are lying yourselves!
This country will never be ours until we take full responsibility for it. "It's not our fault, it's the terrorists!" is *not* a valid argument. ("Our president is a blithering idiot" isn't, either - although you'll never hear me argue against such a point.)
I personally don't see myself moving outside its borders, but still find myself quite ashamed at our behaviour as a whole. I was born and raised here, by parents who were born and raised here, as well - and yet I find myself angered and stupefied by the actions of a nation who is no more than a disgruntled toddler in the eyes of the rest of the world, pointing guns at each other while pointing fingers at everyone else.
If you agree with me, fine. If you disagree, that's fine, too. But whatever your standpoint is, for God's sake, STOP waving your little flag and acting like anyone is to blame for this mess but us.
Yours Very Truly,
One Extremely Disappointed American
Sure Bill Gates' hair is fugly, but give his barber some credit! At least he managed to cover the horns on his forehead.
Got a better idea, have you? Or perhaps a nice new line in snake oil?
You're good with the SPEWS line, there, but there's good reasons why any admin with a clue doesn't use that fucked up list.
(1) SPEWS is ineffective. It might have some effect if your goal is to drive spammers away from a given ISP, or drive customers in general away from a given ISP. But it won't significantly reduce the amount of spam you get compared to using the lists with a philosophy that involves far less collateral damage. But by using SPEWS, you WILL block hundreds or thousands of times more legitimate emails. If you (the list USER) wish to use the inconvenience of your customer base as a means to punish an ISP with spamming customers, then by all means, use SPEWS. However, if you think your first duty is to maximize spam droppage while minimizing false positives, SPEWS is NOT for you.
(2) SPEWS is inaccurate because of how it is organized. For example, one ISP I used had a spammer, and a clueless staff. After the SPEWS listing hit us, we worked with them to clear out their spammers. They did so; but one set up across town with their own space, and had a very similar name to the ISP. SPEWS decided the ISP was "hiding" its spamming on another block, and listed all blocks (the ISP and their former customer) together, despite different names and addresses on their ARIN registrations. To this day, the ISP remains in SPEWS because the other company spams. Of course, since Collateral Damage is SPEWS middle name, this is of no concern.
(3) Run by fanatics. Much like the 'Eat Your Spews' crowd; they're just the shame of all of us who'd like to see spam stop and would like to take reasonable countermeasures. I get over 1000 spams per day to my 8-year-old email address (most of which are oblitterated by spamassassin), and I wouldn't think of using SPEWS.
(4) SPEWS damages the innocent and does so without warning. Even if you're incredibly conscientious about NOT spamming, you may one day discover a horde of bounces because you are on SPEWS. Now without warning or cause, you will now suffer significant economic damages even if you do immediately exactly what SPEWS would like you to do: switch ISPs.
(5) Because of the sudden effect of (4), you probably will not; you will probably begin immediately routing your mail through a third party, thus rendering SPEWs useless, and simply costing you more money, slowing delivery, wasting bandwidth, etc.
(6) Because SPEWS must, by necessity, delist organizations who stop sending spam, the whole process only serves to make spammers be clandestine and move from ISP to ISP. And so they do; they still show up in ALL the same places. They just move on more often. And the problem is never solved. I'm sure you've noticed that there's still no shortage of spam and years of SPEWS listing places hasn't even dented the problem. But it has cost billions of dollars of productivity and other collateral damage trying to deal with the effects of SPEWS.
Basically, SPEWS is the terrorist anti-spam organization. It is threatening to blow up mail delivery if the spammers don't capitulate. Whether SPEWS works or not is really irrelevant; spammers will always move on and find new ISPs, and at best, SPEWS makes them move more often. Meanwhile, the innocent suffer, because the cure is worse than the disease.
Now, one thing I do agree with: you have every right to use SPEWS. But realize that most of your users would never concur with what you're doing, and they only accept it because they are clueless. Almost every ACCOUNTABLE organization (typically, corporations) that tries to use SPEWS stops immediately, because it is UNACCEPTABLE to have a 100:1 ratio of false positives:true positives. The shame is moronic ISPs like pacbell.net signing their servers onto SPEWS and fucking their ignorant customers out of a ton of their legitimate email.
So, it is perfectly accurate to call SPEWS the nuclear bomb of blacklists. It can and does do enormous collateral damage, most of the IPs it blocks are used by responsible or at least innocent net
It takes one complainant - that means only one person needs to make a complaint.
Spamcop requires two complaints from ONE person within seven days to blacklist a site.
This is not FUD, this is how Spamcop works and why Spamcop is easily abused. ONE person is able to get a site blacklisted - just ask samspade.org, monkeys.com, etc - supporting evidence/complaints from others is not required and ALL complaints are assumed as valid.
Main Entry: complainant
Pronunciation: k&m-'plA-n&nt
Function: noun
Date: 15th century
: the party who makes the complaint
http://radio.weblogs.com/0105910/categories/sideba rs/2003/11/09.html
"Why that? Their management took this tules. Why an ISP provider can decide that his technical people don't have the right to access Internet is way behind my comprehension."
Because they have to pay them salaries. Internet tends to grasp the entire attentionspan of people(techies) who loves it. Then they won't answer the phone or they'll think of other things when they do. It's a pure efficiencybased decision from management. It's pretty horrid that they can't access the web when it's jobrelated tho'. And so I don't get bashed by anyone thinking I'm a manager. I'm a floorworker. A techie ;)