Slashdot Mirror
SPEWS Adds DSL Reports to Block List
Kylow writes "Last year, Slashdot publicized our efforts at DSL Reports to pursue a group of spammers who had spammed our forums. The Slashdot community immediately pitched in to help, and the publicity wiped the sites owned by the spammers off the internet. Fast-forward to today, and the popular yet often draconian block-list SPEWS has added DSL Reports to their blocklist due to the activities of other websites hosted on NAC.net. DSL Reports users are less than happy. This is hardly the first time SPEWS has been accused of going too far."
Is that it swats flies with sledghammers. Surely there's a more elegant way to deal with this issue now?
Remember the Alamo, and God Bless Texas...
If your ISP is also providing spam services to spammers, do you really want to be grouped in with them?
I think the black girl behind me at the screening of The Ring said it best. "Get the fuck out of there!"
Everyone loses when you patronize businesses who willingly accept spammers. Don't give them your money. Do it and feel good about yourself and for the good of your subscribers.
I have been pwned because my
I can't tell you how much we hate spews, this is far from a common occurrence and it seems that the only to fight this is to not use spews. Their are plenty of better alternatives like spamcop and orb.
Hmmm... Pie...
But, from the SPEWS FAQ, The Level 2 list
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
from openrbl.org
SPEWS/spews.org: 209.123.109/24: 553 SPEWS2 [2] nac, see http://spews.org/ask.cgi?S2814
from the SPEWS FAQ
Q22: What is Level 2?
A22: This includes all of Level 1, plus anyone who is spam-friendly, supporting spammers, or highly suspicious, but not blatant enough to be included in the Level 1 list yet. If it becomes obvious that someone at Level 2 has become a real problem, they will be escalated to Level 1 after some attempt at education. The Level 2 list will have some inadvertent blocking (non-spammer IP addresses listed), but can still be used by small ISPs or individuals who want a stricter level of blocking/filtering. By having a two tiered list, you can make the hardcore spamfighters happy; those who want to block first and ask questions later. Also, a listing in the Level 2 list may exert a bit of pressure on spam friendly sites and may keep them from turning totally bad - but that is not really the point, stopping spam is. (note: a Level value of "0" means that area is not listed)
You wanna make an omelette? Then you've got to break a few eggs.
For the same reason, the massive amount of "collateral" damage done in Iraq doesn't bother me. Just a few broken eggs.
DSLR/BBR sucks anyways. I should know. I've been posting there since September 22, 2001. Their news is slow to get posted and the forums are way overmoderated.
Case in point:
Your account has been banned from posting until 2048-02-23 23:28:33 for TOS violations.
Stuck? try the help forum
This is another example of the cure being worse than the diease.
One spammer buys a few IPs on a block with an ISP, and SPEWS takes out the entire block. Which is worse - junk email, or the thought that someone else controls if your mail gets delivered.
Far too many people depend on email for it to be potentially dropped into a black hole like this if a neighbour of your ISP happens to be a spammer.
Spam in the inbox isn't desirable either, so where does this leave us ?
[ Monday is a terrible way to spend one seventh of your life. ]
From the linked forum posts:
1) your mail server is NOT BlackListed! If you look at the listing it is at level 2 the [2] means level 2. Read the SPEWS FAQ. No one blocks on level 2 listings.
Level 2 listings are netblocks which are watched carefully for evidence of abuse, usually because the adjoining netblocks are in use by spammers, and because the provider (NAC in this case) is ignoring complaints about the abuse, or is doing nothing to remove the abusers.
2) There is something you CAN do other than rant, which will not do you any good at all; and that is to complain to NAC about their spam-friendly policies. It's NAC's hosting network abusers which is the problem. If the listing is upgraded to level [1] then there will be a problem getting your e-mail out; if this is intollerable, the ONLY solution would be to change providers.
3) If NAC persists (usually for a prolonged period of time) in it's disregard for the rest of the Internet, by allowing our mailboxes to be filled up by their customer's garbage, then many system administrators including myself, will choose to refuse mail from larger and larger portions of NAC's IP-Space, IMHO this is a perfectly reasonable choice. It puts presure on the service provider not to host spammers, something, which in the long run will help stop spam.
Understand, that SPEWS does not block anyone, all they do is make available a list of spam-friendly, and spam-supporting providers. Many systems will choose not to communicate with providers who support spam operations in a direct effort to hurt spammers by denying them access to providers.
Yes I run an ISP, and YES we use SPEWS as one of many BL's we use to eliminate UCE/SPAM from our customer's mailboxes. Spews comes in seccond only to spamhaus.org in it's effectiveness. We receive less than 10 spams/day across a user population of over one thousand. Spews alone is responsible for about 30% of the blocking.
This is a perfect example of why you should never just arbitrarily block email because it comes from an IP on a list. Instead, programs like SpamAssassin are useful because they use blocklists as a factor, one among many, in determining whether to treat a message as "spam".
The problem with RBLs is how people use them. There are actually ISPs who block all email from IP (ranges) in a RBL (even to postmaster or abuse!). That is clearly wrong and lazy.
RBLs should be used as they were intended. As advisory to extra check email against. A good idea is to add RBLs to e.g. spamassasin and assign them a +2 score. Then you can take into account other things, like the headers and body of the email to determine if it actually counts as spam. That works very well. But blocking all email just because it comes from a certain IP on some random RBL is stupid.
By hosting on NAC.net, they are providing support for an ISP that supports spammers where it counts -- in the pocketbook, with money.
Find a new host and quit whining.
The SPEWS level 2 list is pretty agressive, so much so that I can't imagine it being used for blocking by commercial operations of any significant size. Individuals are another matter - do you really want to make a fuss over a few people who don't want to receive your mail?
That being said, netblocks get listed for a reason. SPEWS does a pretty good job at providing a history of abuse. If this proves to be true, then you should choose a different provider - I wouldn't want my money going to someone supportive of spam operations.
- dslreports.com has address 209.123.109.175. That address only appears in a level 2 listing. Very few people use level 2 listings, the "real" SPEWS are the level 1 addresses. What level 2 really means, is explained in their FAQ (Q22).
- SPEWS did not add dslreports.com to their blacklist (search the linked page for dslreports, it's not mentioned). This does not make it less annoying for the owners of dslreports.com obviously, but there are differences. E.g., if a spammers moves, the blacklisting will be moved too, for dslreports.com it obviously wouldn't (no, that doesn't mean I think dslreports should simply move and shut up, I know things like that cost money).
- The blacklist that SPEWS publishes is an *opinion*. Everyone is free to follow their opinion or not and use it to (over-)protect their property or not. If an ISP uses it (or any other blacklist) and doesn't clearly inform its customers about that fact, then this ISP is at fault.
Nevertheless, I completely agree it's sad that the spammer situation has gotten so much out of hand that people resort to this kind of carpet-blacklisting to try to force ISP's to stop their spam support (as larger ip-blocks are only added when an ISP refuses to remove its spammers, or starts moving them around to non-blacklisted IP-addresses).It's however pretty much the last resort that other people have to do anything about it. If an ISP does not experience any significant harm from hosting spammers (and in facts profits largely from it) and does not want to remove them because it's the right thing to do, what else can you do to tell the ISP to FOAD if you don't want to become a vigilante?
(putting on asbestos suit)
Donate free food here
I actually think blocking the wider IP ranges of the ISP is a positive thing, and I'm sysadmin for one, and I've been involved in a similar dispute in the past with SPEWS. To be fair in our case we were actually caught in the collateral damage and weren't even hosting the spammer in question.
The point is, blocking a sizeable portion of the ISPs IP range inconveniences them and their non-spammy customers. It encourages them (if nothing else) to take responsibility instead of going for the cheap buck. If blocking wide-ranging ISP IP ranges means that they wake up and stop hosting spammers (or implement stricter controls) then surely that's a good thing in the grand scheme of things.
... and they are right, people who use spews block people. But thats like saying, "rocket propelled grenades dont kill people, people kill people." Spews recommends not blocking level 2 listings which is what they are listed as, yet people are still blocking it. If you provide a tool that can provide massive harm, shouldnt you be responsible for it? Remember they are just on the lvl 2 list because theres just a possibility of it being used for spam, so why should it even be reported? If someone makes a mistake it blocks innocent people, if they stop reporting those then those mistakes cant happen.
I have bad karma....
Open source is heavenly, Microsoft is the devil, SCO is going to hell
So, I understand the DSL Reports site is getting a great deal from nac.net, and this is why they don't want to switch hosts, even though nac.net is known to be spam-friendly. DSL Reports are perhaps indirectly profiting from spam because spammers are partially funding the discount. But they refuse to accept any blame in this matter, or even consider switching hosts.
I looked at nac.net's homepage and saw that they offer to charge their DLS/Dialup clients a FEE for spam filtering. So it's actually in their interest to propogate spam!
I see lots of comments in the forum like 'spews blocked my server'. Spews did no such thing. Spews is listing their provider. That's what spews does. They list providers. Spam friendly providers.
When your provider is listed by spews, it's time to move away. You are supporting your provider, which is supporting spammers.
When legitimate customers move away, providers will feel that supporting spam costs them real money. They will figure it out sooner or later: the community hates spam. Really, really hates it. And the community will hate you for not hating spam.
This is your sig. There are thousands more, but this one is yours.
I can't believe what I'm reading on this site today! Targetted advertising or so called "Spam" is a commercial venture that goes to the very heart of a great American capitalist tradition. IT IS YOUR DUTY AS A GOOD CITIZEN TO READ ALL THE SPAM IN YOUR INBOX.
The cold war may be over, but does the term "Economic downturn" mean anything to you? We need Americans to buy herbal remedies (many of which are extraordinarily effective) and penis extenders, to consume, consume, consume before our great country becomes yet another footnote in some future history book, PROBABLY SCRAWLED IN SOME CHINESE PICTOGRAM. Is that what you want? DO YOU? ANSWER ME??
Support your country. Reject communism. Read spam.
Meine Schwester ist sehr, sehr reizvoll - Nietzsche
Therefore nac.net is correctly listed. I don't see the problem here.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
By merely blocking spammer ips, they will just move to the next free trial but by causing minor inconvience to legitiment users (they are only blocked at level 2, which means few if any people will be blocking) you are forcing the ISPs to take action. When the competition sees the bad press, if they have any sense they will follow suit too.
No trees were harmed in the posting of this message. However, a great number of electrons were terribly inconvenienced.
The Rock being SPEWS and the hard place being your ISP. Yes! Keep moving your web site from ISP, costing you time even if you get every ISP to agree a SPEWS victim insurance clause. SPEWS demands you choose an ISP they consider acceptable or you just don't get to email. SPEWS reserves the right to change its mind and kick you about as a political football as and when it feels like it.
The solution is to have every NANAE weenie garrotted and replaced by mature, sensible people who don't destroy the email system by using SPEWS.
Make sure that you understand what the list is meant for, and how aggressive the list is. Some lists tell you right off of the bat that they should be used for experimental or reference purposes only, and shouldn't be used in a production environment. Talk to friends and colleagues, reference newsgroups. Start small, and see how effective your beginning measures are before increasing your efforts. Your customers and/or company depend on email, and I have seen too much legimate traffic blocked by aggressive lists being used without proper research beforehand.
Eat recycled food - it's good for the environment, and OK for you.
-- Nil of Broadband Reports
Them sounds like fighting words to me!
This one catches all spam:
0.0.0.0/32
Actually, this part is incorrect. Spews (and several other blacklist providers) don't even bother to notify the ISP before listing (or after for that matter).
SPEWS as an organization does not send mail, however the people who are behind SPEWS DO send LARTs to the responsible hosting providers for the spams that they receive. They just don't identify themselves as SPEWS when they do it. This is so that ISPs will either learn to take ALL complaints seriously (because they can never know when one of the complaints comes from someone at SPEWS) or learn to enjoy their new intranet.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
With a name like SPEWS do you really expect a quality service here? If I just heard that name I would imagine it was a porn site dedicated to streaming video.
;)
Hmm.. maybe that is a quality service, I may have spoken too soon.
Have DSLreports.com been mistreating their house elves?
Well this is strange, it's not like they've been added though, that's a bit of a mis-truth as NAC.net have been in SPEWS for a long time.
:) (Plus the whole damn Data Centre is in there)
Security Forums are also hosted in NAC.net so we are also 'SPEWed' which is a pain as it means anyone using an Outblaze related service doesn't get their sign up e-mail and their account will stay inactive. There is nothing you can do to get out of SPEWS, you can just moan about it
We got around the problem by relaying all of our mail through another SMTP server run by a friend at an unamed ISP.
We didn't report this though as we didn't really think it was slashdot worthy news.
From what I have gathered, the SPEWS philosophy isn't just indifference to collateral damage (ie, 'civilian casualties'); they actively do this damage in order to try to force ISPs into changing their habits. And they are extremely difficult to both reach and reason with; you can post on a newsgroup and hope someone pays attention to your pleas.
I don't know if the actual newsgroup replies come from people who make decisions with SPEWS, but those replies are amazingly hostile. "Oh, you're blocked? That's because you're on a crummy ISP that allows spammers. You're on a contract and can't switch? Well, you'd better start calling your ISP, because the block on your addresses isn't going away until the spammer adjacent to you does, and maybe not then, because you're a whiner."
(ok, ok, that last part was a bit of hyperbole, but it's not that far off... check dejanews!)
Admittedly, they're not killing anyone, but the tactic of deliberately attacking people who are only tangentially related to your real target is often called 'terrorism'. The consequences here are far less serious, but the fundamental tactic remains the same.... someone is doing something you don't like, and so you hurt a whole lot of people to try to force them to stop. So I don't use SPEWS.
There are a number of other, much saner, blocklists available, and the advent of Bayesian filtering is a VERY big deal. I am personally using a combination of postfix, maildrop, SpamAssassin and bogofilter, and I get amazing results; I only started training about two weeks ago, and the spam I have to deal with has dropped by over 99%. I get 1 or 2 false negatives per day, and I have had only one false positive since I started using this system. It does take a little maintenance, but it's much less annoying and intrusive than the constant attention digging through spam takes.
It is possible, in other words, to do an exceptional job of stopping spam without contributing to a form of terrorism.
WaterKeeper.ca, the site for the Lake Ontario Waterkeeper (part of Robert F. Kennedy's Waterkeeper Alliance) had the same problem, but with SORBS. WaterKeeper.ca is hosted on a server at a hosting company, shared by many other customers. The problem is, one or more of the other customers were allegedly sending spam messages, and SORBS blacklisted the whole box, leaving Lake Ontario Waterkeeper unable to communicate with many people who depend on their newsletters to keep up to date with environmental battles they are fighting.
Since 1996, I've been involved with running SMTP servers in some capacity, and I've always felt that the real-time blacklist services, while good intentioned, are a poor way to deal with the problem of SPAM. Too often, legitimate organizations get blacklisted because a few (and sometimes, only one) twit(s) forget that they've opted in to something and decide to report a message as spam. We're not talking about someone or some organization buying a mailing list here, either. In 100% of the circumstances that I've been involved with where someone has been blacklisted by an RBL, the messages that triggered the "spam" complaints have been totally opt-in newsletters - the people sending the messages haven't purchased their mailing lists, but instead, compiled them by having the users -specifically- request the content.
What makes things worse is that SORBS, for example, requests a "donation" to a charity in order to have you removed from their list. To me, that borders on extortion.
What makes it even worse still is that with SORBS blacklisting the whole box, all the other legitimate use e-mails being sent from that machine to SORBS-enabled mail servers are left out of luck. It's one thing to punish -one- "spammer", but with hosting companies as popular as they are, blacklisting an IP sometimes blacklists dozens (or even hundreds) of customers at a time, all sharing the same server. Suddenly, many people sharing a server have a problem, because one person was "spamming" and the RBL's are far too wide a net to cast over that single offender as they try to deal with the problem. When does the "service" they provide become a disservice because of the collateral damage it causes?
It's high time we abandon the clearly flawed RBL concept (and any other technological forms of dealing with spam) and start -really- putting pressure on our elected officials to enact sufficiently strong anti-spam legislation. Consider that many forms of copy protection and DRM have been cracked, replaced or upgraded, then cracked again... and you see that where there is a will, there is a way. Everytime we suceed in blocking spam by some means, it takes little time for the spammers to find another way to get their junk into our inboxes.
Not until we make spam a significantly expensive proposition (in the form of fines - I personally would love to see chronic spammers tarred and feathered, but I digress), will the "internet marketing" companies finally be stopped from flooding my mailbox with their messages.
Clearly, there are issues of jurisdiction standing in the way of this... but in my opinion, if copyright laws can be shared and upheld through a multi-national treaty, why can't a similar anti-spam treaty exist?
Now, I should point out that the unrealistic elitist in me remembers when spam didn't really exist, because not everyone and their grandmother had decided to rape the internet so that they could make a quick buck. Spam just reminds me - hundreds of times a day - that for all things good in the world, humanity finds a way to take advantage of it, use it until it's ruined, then move on to the next thing... you know... kind of like what 2nd wave style industry (to reference Toffler) is doing with our planet. Spam is just the next form of pollution that
bash-3.00$ uname -a
SunOS panda 5.10 Generic sun4u sparc SUNW,Ultra-2
Is there any reasonable list left that has open proxies (trojan infected Windows PCs)?
Those are the prime source of spam these days, but they need a quick-acting blocklist.
it's the only way they have any incentive to sort it out.
That's logic, not trolling.
http://www.ifn.net/classic/rblstory.htm covers SPEWS in detail (i don't agree with all of it, but it is pretty spot on).
but you are sure to find lots more on http://www.google.com/search?q=spam+hate+spews.
Notice how it seems to be mostly innocent people complaining about SPEWS and the way it operates?
I hate spam just like the next guy, so I would recommend the wonderful Spamassassin and use it with Spamcop.
**FREE** Track and view your phone's via CellID and/or WIFI and/or GPS
Those scumbags forward spam complaints to spammers, tell people reporting spam to "get a life", and generally abuse anyone who dares to say anything about thier spammers.
I don't think the SPEWS listing is going to make a big difference. All of NAC.net has been locally blocked on my domain for over a year now, and they're going to stay there until the heat death of the universe or Windows XP is released under the GPL, whichever comes first.
If DSL Reports doesn't like it, they need to get themselves a provider that has the first clue on how to run an ISP.
Why is slashdot equating forum spammers with email spammers? It's slashdot's fault that they let people post anonymously (like I am doing right now). With that there is only one recipient regardless of how many people actually see it. Email spammers have hundreds/thousands/millions of recipients. It is not the same thing.
Nigerian Advertising Careers?
First thing, it doesn't seem as if they are blacklisted yet, only that their IP-block is on some sort of warning level before being blacklisted if their ISP doesn't do anything about spammers.
Secondly, I don't understand why people blame SPEWS. All SPEWS does is provide a list of what they think a black-list should be. They are not forcing anyone to use it. They are not a government body or even a standards organisation. They are not trying to trick anyone with false promises or advertising a dangerous product. Obviously the people who are using it agree with its philosophies (ie. collateral damage) and believe that the false positives are worth it to get rid of the spam. ISPs that implement it are businesses first and formost. If they were losing more customers due to complaints about false positives than to complaints about spam they would have disabled it ages ago. As for complaints that SPEWS have too much power, they get the power by people who run ISPs deciding to voluntarily and of their own free will give it to them. They don't dictate terms to anyone, they don't force anyone to use their blacklists. SPEWS is a symptom of the problem not the cause. Just like fevers and boils are often the body's attempt to get rid of the disease. Mighty inconvient but useful. The cause is spammers and ISPs that support them. Managing to wipe out SPEWS is like popping smallpox boils. It does nothing to get rid of the disease. The question is whether SPAM is a disease that SPEWS can get rid of or whether the disease is so severe that the fever is useless and the inconvience was all for naught.
I think the issue is that the problem with spam is so huge that any anti-spam action you take is going to cause problems for someone somewhere. No approach is NOT going to cause problems. Legal approaches either seem to legitimise spam or add more government control and often seem to be useless with little teeth anyway. Technical approaches like changes to email protocols seem to be going no-where quickly and take lots of money and inconvience to implement. If people fustrated with the slow technical changes start implementing different protocols we could end with a Balkanisation of email. Making people pay for each email sent will cause big problems with people who legitimately need to send out mailing lists. End user filtering tends to be more complex than the average user likes and doesn't address the problem that the email still costs money to the ISP (and hence to you). Blacklists tend to cause collateral damage. It's like the solution to any major problem - someone somewhere is going to have to give. Either you allow the government exert more control over the internet, you are willing to spend a lot of money fixing the problem technologically or you accept that blacklists are going to cause collateral damage. What are people willing to sacrifice to get rid of spam, because you are going to have to sacrifice something because it is the legal and technical status quo that allows it to happen. Just like if you want to get rid of pollution, you are going to have to sacrifice something because it is our current way of life that causes the massive pollution problems that exist today.
Personally I think the best approach would be for spammers to all get struck by lightning and suffer in the 7 Hells for the rest of eternity but somehow I doubt that will happen.
You can expect this system to behave this way. In fact, it has in the past. So why is this news?
Somewhere, there is an answer to the spam problem. Someone will become very rich when he finds it.
The latest Slashdot meme.
SPEWS suck - collateral damage to the extent they do is not appropriate. Don't use them. End of story
You could say that SPEWS is primarily an attacking weapon to hurt spammers, rather than a defensive weapon to protect its users from incoming spam (although it does that as well, of course).
Whining about SPEWS is pointless. Complaining to its users might be more sensible, in case they are under the mistaken impression that the service exists to directly benefit its users, rather than to indirectly benefit all email users by hurting spammers.
I used to poll SPEWS, as I really, really, hate spam.
However we quickly got reports form our users about false positives. While my attitude was "Then your friends should switch ISPs", my users were not happy with that response.
After some discussions, I stopped using SPEWS. I may poll it again as an advisory (i.e. marking, but not blocking messages).
However, currently I am polling the Spamhaus SBL and XBL, and me and the users are very, very happy. The XBL catches loads of spam, and we did not have a single false positive.
Alex
Absinthe makes the heart grow fonder
Score:5, Troll... Only on slashdot.....
Not Buzzword 2.0 compliant. Please speak english.
We got around the problem by relaying all of our mail through another SMTP server run by a friend at an unamed ISP.
So, essentially, you were forced to use a technique commonly used by spammers to avoid blacklists, in order for you, as a non-spamming site to avoid the same blacklist? Am I the only one that sees the irony of this?
Like here
As someone involved with running some servers I can tell you some facts about these ISP. The first are way more expensive then the last. Strange eh?
Either move to a better ISP or learn to live with the fact the email has freedom. This includes the freedom for me to block you. There is no right to send email to anyone.
Ask yourselve this. Do I gotta open your mail? Do I gotta answer your telephone call? Do I gotta open the door for you? Do I have to answer your question when you approach me in the street? No, no, no and no. So why on earth do you demand that I accept your email?
If you are on SPEWS or another blacklist then your ISP sucks. Get a better one for email (you can still host your site there just requires slightly more skill to setup) alone, shouldn't cost much unless of course you spam.
BUT STOP THINKING THE WORLD HAS A DUTY TO RECEIVE EMAIL FROM EVERY KNOW SPAMHOLE IN THE WORLD.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
After a run in last year with SPEWS, and after some investigation, I believe I have found SPEWS owner/administrator, and posted last March as SPEWS no longer anonymous
Pete Carr Owner Chatmag.com
welcome are new spam blocking overlords.
Spews makes my point to management stick. (we never ever can block all spam, but using static keyword based exchange filters, instead of RBL's and baysian filtering makes the problem WORSE.)
Their shit works.
"/Dread"
Moderating this as troll is more than a little unfair. I hope it pops up in my meta-moderation later.
We've tried relaxing it, using smaller netblocks and it DOESN'T PROVIDE ENOUGH INCENTIVE TO WORK. If you get blocked because your ISP's blocked as they're an RFC-ignorant Spamhaus, then you'll take your business elsewhere. If you can't take it elsewhere then you'll shout and maybe change their minds.
No ISPs forced to use SPEWS: if they do, then it's the ISPs servers the spam's clogging up, and their choice to block based on any criteria they want to.
Basically that's it yeh.
We weren't aware of the SPEWS listing at the time we signed up with our host (we had to move from shared hosting to dedicated as the site grew) so we got caught out. It's tough as we are really happy with our host and the uptime/latency/bandwidth of the NAC data-centre so we don't really want to move.
But yes we have pretty much employed the tactics of spammers to get around this so we can send legitimate, requested sign-up e-mails and activation notices and yes it's fairly ironic.
Not that many services seemed to use SPEWS as an authoritive bounce, but there was enough that we got 1-2 a day bouncing (10-30 sign-ups per day). Just enough to make us want to do something about it, things have been fine since we switched SMTP server.
Wonderful piece of software that works quite nicely and for small independent mail servers you will not be disappointed.
http://tmda.net/
In case you don't have this running already, that is.
Maybe I'm just being paranoid. But isnt it entirely possible that 'professional spammers' could set up mail relays under a subnet of highly regarded anti-spam sites?
This would mean that the spammers would get blacklisted, but much to the spammers glee the anti-spam sites (in this case DSL Reports) also gets blacklisted. It has a double effect of the anti-spam site being blacklisted, plus the anti-spam site (DSL Reports et al) owners arguing for the blacklist hosts (SPEWS) to be more lenient.
It wouldnt suprise me if 'professional spammers' were acting this way to protect their own interests.
There are ways to reduce the harm done by a SPEWS listing.
Yeah, well, if my ISP were to participate in SPEWS, and, I lost an important business document or a sales lead because some self-righteous administrator felt it was right.... well, I can tell you they wouldn't have my business any longer.
Personally, I can't wait for end user lawsuits against ISPs who participate in SPEWS and other RBLs but don't advertise it. I paid for a fully fuctional email account -- not one that's crippled and can't receive messages from my customers and business associates.
Not only that -- and I posted this in a 7-depth thread somewhere else -- but I'm not paying my ISP to have some dick censor my email.
To wit: if my ISP were to participate in SPEWS, and, I lost an important business document or a sales lead because some self-righteous administrator felt it was right.... well, I can tell you they wouldn't have my business any longer.
Personally, I can't wait for end user lawsuits against ISPs who participate in SPEWS and other RBLs but don't advertise it. I paid for a fully fuctional email account -- not one that's crippled and can't receive messages from my customers and business associates.
Your clients might be none to pleased when they discover that you're blocking legitimate messages from their friends, family, business partners, existing customers, potential customers, and so on.
;)
In fact, participation in SPEWS could have the exact opposite effect on your business: SPEWS-friendly ISPs could see the exodus of customers, who, shock-horror! want to get all their email.
In fact, if you're an admin at a company, I'll be the CFO won't be none to happy when his latest negotiations are scuttled because you've been blocking his messages.
Go and tell him (or her) that, well, shit man, we need to stick to spammers!
I'll lend you bus fair to the unemployment office.
Get your facts straight.
In Soviet Russia, I ruled you
There is a HUGE difference between "False Positive" and "Intentional False Positive".
SPEWS defends their actions by saying that they cannot eliminate all False Positives, and so shouldnt try.
However, that is a lie. SPEWS intentionally blocks legitimate e-mail for the purpose of causing people to complain to their ISPs to the point that their ISPs complain to their provider, to the point that a legitimate customer who is not violating any terms of service is asked to change their practices or move to another region of the country.
Is this effective? Of course not. Certainly, someone who uses the list will not recieve as much spam, as well as blocking much legitimate mail at the same time. But SPEWS is not about blocking Spam, it is about trying to get high-level service providers to violate their contracts.
Any list you use is going to have False-Positives. The difference is that SPEWS does it on purpose.
SPEWS claims that they are innocent, because they don't block anyone. This is a lie. They publish lists which are in turn downloaded by automated scripts and are applied to e-mail servers as filters. They are aware of this. Their lists have no other purpose. Remember when SPEWS blocked everybody, and many automated scripts did the same?
When you publish a list which has no other purpose, then tell people how to configure their servers to automatically download and use the list, you Are blocking people. It's entirely possible for someone to exist who is stupid enough to not see the connection between publishing an IP to a list which is used by many automated servers which you have helped to set up for the purposes of blocking the IPs on the list, and the subsequent blocking of that IP. Those people don't have anything to do with SPEWS, though.
There is more, but I need to head off. I may post again later.
-- 'The' Lord and Master Bitman On High, Master Of All
None too pleased
bus fare
stick it to spammers
Gah.
I've recently started submitting data to the Weighted Private Block List project.
Basically, it's an attempt to use statistical filters (eg Bayesian based ones) to identify what IP's are sending spam. I'm sure that they would love to have more people involved in the collection of data, particularly if they've already trained their client side filters to a high level of accuracy.
I give my email out to REAL customers and they can't even contact me to check on orders or for support? I have to infact spam them with my new email address just to make sure my customers are up to date? So I HAVE to spam BECAUSE of the spammers?
1888 Franklin St.
You do not understand what you are frothing about.
Read, digest, and come back when you do.
I suggest hanging around in news.admin.net-abuse.email - post your opinions there and see how the pros treat you.
Unfortunately, this solution may not be available to everyone this affects. NAC.net is also our ISP where I work. If this escalates to where NAC is put in SPEWS' "level 1", we may end up with our company emails being dropped. Should the company switch ISPs, possibly breaking contracts?
As far as NAC itself goes... I know of at least one open mail relay controlled by the ISP itself (not some home user with a misconfigured or trojaned box). Granted, it's not listed in their MX records, and you can only use it to send mail to NAC customers, but I personally get enough spam at work through that machine I have added a spamassassin rule specifically to check for that hostname. And complaining to NAC about it a dozen or so times over the past few years has done absolutely nothing. I guess they can only blame themselves for the SPEWS listing. *sigh*
B*B,
-Smoke.
OK, for those of you who read NANAE, this is old news, but for the rest of you...
I'm a sysadmin who worked very hard to get a /24 listed in SPEWS delisted. The netblock was in the list because a customer of ours decided to provide DNS service to a known and notorious spammer. We earned the listing, period. I killed the bastard, reported the fact, and got the listing lowered to a zero, historical. In the process of doing that job, I learned a lot about the whole blocklist thing and realized that even the operators didn't see what they are really doing. They think it's about spam. Wrong.
Follow along with me a moment, and you'll see why I think this way. First, the Internet is, by definition, a "network of networks", a large anarchy run by a very large number of system administrators (greater than 10,000) who make private decisions about who and how they allow to access their bandwidth, systems, and services. The Internet Society and its sub-units provide a forum to publish community notes, the Requests for Comments, which are nothing more and nothing less than agreements for how to play nice in this employee-owned swimming pool.
The Internet community has decided on standards of behavior, and each system operator trusts every other system operator in the pool to conform to the rules of society, and to ensure that the users conform to the community rules -- not unlike CC&Rs in a neighborhood development that form part of the purchase contract of many homes and condominiums. Some operators have become lax in their expected enforcement of the rules on particularly not-nice people, the ones who break the rules in order to win money, or some other benefit. There are enough of these Internet con men out there that the community coined a word to describe them: "spammers."
Back in the NSF days, a lapse in administration resulted in disconnection, quick and swift, so the system adminstrators, up and down the line, toed the line to avoid being banished. In the Commercial Internet that replaced the NSF Internet, personal greed gets in the way of this remedy, and so the disdain of social customs is left largely unpunished by the society.
Just about every system operator who runs a mail service with more than three users has been yammered at by those users: "WE WANT LESS SPAM -- DO SOMETHING." Complaints to ISPs who take spammer money go largely ignored, and appeals "upstream" -- to the connection providers and to the Tier One networks -- have also gone largely ignored. So the small administrators started to implement mail filters and blocks on "spammy" IP addresses in the hopes that they can block the crap and thus appease their users.
Spammers countered by having their providers move them around in IP space, and by using techniques to "get around" the content filters. It's become a war, frankly. First there were keyword filters, and so spammers started to "do things" to their messages, like replace the letter 'o' with the digit '0' -- you've all seen the tricks. Hash identification of bulk messages were thwarted by inserting random nonsense text. Learning filters are poisoned by spammers injecting random words. And so on and so on. In addition to these content-based counters, spammers also steal resources of innocent people: open mail relays, open proxies, and hijacked Web scripts like formmail.pl, so that the wrong person gets blames for their flood of commercial feces.
What the block-list people decided is that having each of the 10,000 to 100,000 system administrators deal with this individually was eating up too much time, and there was this nifty thing already in place that could be used to reduce the system overhead of id
I am quite surprised that a forum dedicated to broadband telecommunications can't or won't understand hat.
CEE5210S The signal SIGHUP was received.
Perhaps in the future, it would be wise for companies to include a clause in their ISP contracts that allows the company to break the contract without penalty should the ISP be listed in SPEWS for some period of time.
CEE5210S The signal SIGHUP was received.
Personally I use a spam filter on my e-mail server, but I use Spamhaus, as my primary, which is a much more professionally run list, they remove listing automatically after 90 days without spam complaints (SPEWs generally only removes you after you beg in the newsgroup), actually have e-mail addresses that you can contact them at, and actually target the spammers nets, not blocking class B networks.
I believe that any admin of an ISP that uses SPEWs is really doing a disservice to their customers, who will have a number of e-mail problems from some very large hosting companies.
Please, please stop using SPEWS to block!
[1] - Any time you see /16's and /12's and stuff blocked, that's way to freakin' broad.
Luck favors the prepared, darling.
Damn people, how dense can you get. SPEWS added their DSL Reports nac.net for hosting spammers. They haven't "added DSL Reports" to the list. They are a customer of a spam-supporting ISP. What the hell do they expect will happen to them? DSL Reports shouldn't have 5 minutes worth of investigative research into nac.net before they signed on as a customer. It never ceases to amaze me at how incompotent some administrators can be when it comes to things as simple as this. And yes I use SPEWS on ALL my MTAs. I added SPEWS to my list of DNSBLs a couple years ago and never looked back.
Nobodies talking about "100% SMTP efficiency."
We're talking about selling intentionally b0rked email to customers without advising them of the fact that the accounts are intentionally b0rked.
One, EarthLink can't warrant against the implied warranties of FITNESS FOR A PARTICULAR PURPOSE, in this case, especially when they market their service as being fit for a particular purpose -- the issue is not one of whether email is reliable, it's that they're not selling email, they're selling something else, something SPEWS-infected.
Two, they're lying to customers if they say you're getting an email account -- which to any sane consumer means, a non-censored email account -- and instead provide one that cannot receive messages for arbitrary reasons that are, I repeat, fully within the ISPs control.
Since SPEWS-blocked email is non-standard email and outside the realm of what a consumer would expect when he/she signs up for "an email account," well, I'd say these ISPs who aren't disclosing their particication in RBLs are open to some first-rate lawyering.
And, anyway, you the admin are not the ISP -- if you run an ISP with administrator contempt of your users, well, you'll see your former customers on their way out the door. What you're doing is lying and stealing from your customers and it's wrong.
Your high and mighty administrator privs be damned.
Branched out a bit from advocating house-elf rights, haven't they?
Swim in sewage, you'll get a little shit on you. Find a hosting provider that isn't spammer-friendly, or expect people to complain about the smell.
If an ISP actually tried to cover themselves with "not warrant that they will be uninterrupted, error-free or free of viruses or other harmful components" (which covers non-intentional losses) then they are worse off in the brains department then I thought. At the very least, if they are using a blocklist they SHOULD spell out that they do not warrant that the blacklist they happen to use doesn't block legitimate mail. A content-based filter blocking legit mail is a false-positive (error), outright denying mail because SPEWS says so is not.
Then you have a funny definition of "false positive"
Parent modded as Troll?
Because it says SPEWS is unethical?
I understand why they think this is effective -- there are many broadband users with trojaned machines that do relaying. 30% of spam according to AOL.
However, there is collateral damage to users like me who run their own outgoing `sendmail`. Perhaps acceptable, but do we want all email to get centralized through "approved servers". Eventually, it will become the Post Office.
You know, people have sued companies, and won, even though their agreement would appear to excuse the company.
In this case, of course, this term only covers problems that are outside of the company's control. If the company deliberately blocks a customers email, they would be liable.
Here's the actual story missing in the slashdot blurb: Blacklisted.
Operations like DSL Reports can't afford to move to a new provider every other week just because some spammer decides to make his operations there before the hosting provider gets a chance to do anything about it.
SPEWS harms innocent bystanders who often have no other choice of hosting providers or cannot afford a politically correct one.
Shame on SPEWS
There's too much behind-the-scenes profiteering from spam, and ISPs or others who turn a blind eye or practice willful ignorance are part of the problem. Getting their wider netblocks listed forces them to at least pay better attention to the networks if not forcing them to clean up their business practices.
It'd be nice to know which major banks are willfully providing credit card merchant services to spammers as well so we could boycott and publicize their sleaze as well.
they blocked an entire ISP which includes DSL Reports, an innocent bystander who does not spam.
thats like saying that innocent people in Iraq deserved to be killed just becuase they happened to be living in a country with Saddam in charge
These guys are zealots they always make the radical choices. They will not talk to you unless you are one of them.
If you ever see SMTP requests coming from my IP address, feel free to drop them in the bit bucket. Then call the police, because a spammer has broken into my house and attached a PC to my router.
is here.
I meta-mod all positive moderation Unfair, because it's abuse of the system.
is to do whatever you can to remove support for SPEWS. Notify your customers that, if you're on a netblock shut off by SPEWS, they may have their email from you blocked. Folks will go get another freebie email if they really want your nonspam email.
Perhaps, though, they should talk to the source of the problem instead of complaining about the solution. The problem, after all, isn't that SPEWS listed a spam source network, but that NAC.net is hosting spammers alongside it's legitimate customers. Those customers should make it clear to NAC.net that either the spammers go, NOW, or they'll take their hosting elsewhere, also now.
Don't call a black a black(use what THEY want you to use)
and
Don't call spam spam then.
You guy(or black girl) are a racist.
What the hell, is there now a B word not to be used?
What am I then if not white? What terms do 'blacks' use to describe non-blacks? Whitey I guess is ok?
And don't tell me that you all, once in a group do not dare use the word WHITE. Like as in white policeman or white asshole or whatever.
I was in a theatre is a suburb that was once unmixed. I sat down in a upper row seat with no one around. A large group of teenage blacks walked in a did a very odd dance just so that one of them would not have to sit in a chair next to me.
Had the same thing happen in a restaurant at the table next to me and my wife where a black dude and a black chick would NOT sit down at the table next to us but continued to stand and wait for the waiter to come back and move them.
Don't preach this bullshit fella.
Last month in Washington DC a group of 'white-challenged- gangbangers surrounded our car and we almost got ripped. Yeah they can have firearms there and rape and pillage but whiteboy can't or he goes to jail.
Funny how things are seen different on YOUR side of the color line. Funny how gangbangers are given a free ride. How the mayor of DC could be a pimping druggie and get by with it.
Yep its OT just like the parent is so mod it the hell down why don't you?
How many of these posts are spammers doing some astroturfing.
Marketshare dictates whether SPEWS is "ethical", and it seems that enough people think that it is because enough people are tired enough of spam that they're willing to try it.
As far as any particular rejected email goes, this is about two people (email sender and recipient) and their ISPs. People focus on the sender and how they've been screwed by SPEWS, and should switch. Maybe - but shouldn't the recipient be the one to switch, if they're getting service from any IP address that someone said had an IP address kind of like a spammer? Particularly if they're rejecting the level 2 lists, which even SPEWS doesn't recommend.
What might be nice is if SPEWS used level 2 listings only internally for info, publishing only the level 1. I imagine most of the egregious blocking problems are from misuses of level 2 blocks, which SPEWS in no way recommends. I think it's unfair to blame them for such actions.
-Looking for a job as a materials chemist or multivariat
Others on this thread have cited the potential (or expressed capacity) of blocklists (BL) to block desired mail (false positives) as well as spam. If that's the case, doesn't that mean that you still have to use the resources that BL are supposed to save - you have to store the messages to be able to sort them, and so much of the infrastructure that you would require without BL is still required to sort BL mail. BL seem to be a good way to sort spam (and to more accurately assess whether an email is spam or not), but not as a first line of defense, because it still requires the same committment of resources that a lower-level spam blocker or filter would require.
Am I missing something here?
It's that easy, eh? You share netspace with some Bad Guys and that means that, despite the fact you've done NOTHING "WRONG", you're supposed to pack up and move your presence elsewhere. "Hey, you're from Detroit? Detroit has too much crime as a result of a lax attitude toward law enforcement and education. Go away. Come back when your driver's license says you're from Lansing."
You guys... man, people like you make the 'net a rotten place...
It seems to me that MANY of you here are missing the point of DNSBL. It is INTENDED to cause pain. Most spammers mix in with legit companies. If the company hosting the legit traffic is friendly to spammers, then THEY are the cause of everyone's pain. by everyone, I don't just mean the legit companies they host, I also mean the users who get 200+ spams a day (yes I have users that used to get that much).
I don't use SPEWS because I HAVE found they are too aggressive, but spamhaus, and spamcop are great. Add in SA with BAYES and it's all good. I have several customers who are on mail lists that are being hosted with known spammers and when I explained to them what I'm doing....well, exact words.
"If they aren't going to move to a non-spam friendly network, then I don't want anything to do with them"
Spam is a menace, and the only 100% sure fire way to make sure they don't get passed filters is to block the traffic from known sources. Otherwise they work to get around spam filters. Take for example wholesalebandwidth.com which is a known spam haven and believe me, they don't respond to any "please stop". Stats to my network show that one network alone was responsible for 43% of my spam problem. If I still let that mail come in, the 60k that was being used to pass spam to my network wouldn't have dropped at all. 60k is a HUGE amount of $ to be paying for 2000 mail boxes for mail they don't even want in the first place.
Now, to top it off with a little cherry on top. It IS my network. I own it, I own all the equipment on it (aside from a couple of colo boxes), I have to feild all the complaints from my customers about spam (and then of course why they aren't getting mail they think they want which is usually spam anyway). Spam costs me a huge amount of money each month in lost time, wages, bandwidth, server upgrades every year instead of every 2. If I don't want traffic coming to MY network it's MY business, but if YOU want to send traffic to my network, then YOU need to make sure you're not mixed in with the element I don't want sending my network mail.
You see, if you end up on a blacklist, it's not anyone's fault but your own. Put pressure on your provider to remove the problem....or move. I'm sure you all have heard "a screw up on your part doesn't constitute and emergency on mine". Most secretaries like to have signs like that on or near their desks.
I'll repeat myself because it continues to apply. It's that easy, eh? You share netspace with some Bad Guys and that means that, despite the fact you've done NOTHING "WRONG", you're supposed to pack up and move your presence elsewhere. "Hey, you're from Detroit? Detroit has too much crime as a result of a lax attitude toward law enforcement and education. Go away. Come back when your driver's license says you're from Lansing."
You guys... man, dopes like you work right alongside spammers to make the 'net a rotten place... but I take comfort in the fact that you black t-shirt types never end up really running the show.
Here is a website detailing basically what happens with SPEWS:
http://www.satlug.org/~kjar/spews/
My company has had prety much the exact same experience.
Anyone using SPEWS is either lazy, ignorant, or could care less about the right way to do things.
In other words, just don't use SPEWS. Use ANY list but SPEWS.
This is my sig. The post is over.
Nobody requires anyone to use SPEWS. If your ISP utilizes SPEWS and you don't like it, either complain till the policy changes - or move to another ISP.
.
Similarly, nobody has some special magical right not to be blocked - that's one of the joys of server ownership..you can block any domain or ip that you find annoying, and since the *box belongs to you* its' really only your business.
In short, what's the big deal? The various anti-spam lists vices/virtues are known to those who'd care to investigate, and since we're all big boys and girls, we makes our choices and takes our chances
"It is morally wrong to initiate the aggressive use of force.." Of course, defensive force is fair game...
Wait, you made a cart00ny threat, looked up the meaning, saw that Terry Gilsenan owned that site, and thus he some how must be SPEWS? I don't see any connection at all, just an assumption. A lot of other sites list that USENET group as a place to address thier issues. The USENET group News.Admin.Net-Abuse.Email is not just used for SPEWS, it is used for other spam related topics.
Besides, it isn't like anyone can't be on and use the same network as SPEWS. If I had a site hosted on or posted from the same network does that make me SPEWS as well?
You also mentioned the frivolous lawsuit brought by felstein against a bunch of anti-spammers. Felstein listed those who mirrored spews, and just about any anti-spammer he had a problem with. He doesn't know who spews is, and his credibility is laughable.
Even if you do, finding a new ISP or smarthost is a five minute job
5 minutes? Sure, then contact me, and I'll pay you for 5 minute's work of work to move all of my co-located servers to a new ISP. You have no idea what you're talking about.
I don't do business with anyone who uses SPEWS.
I know who runs spews, it is Scott Richter!
Ummm, no that can't be right, a spammer running spews...
No, after some long and hard research here they are!
It is on the internet, thus it must be true!!!!!111!!
SPEWS is just for the lazy admin who can't be bothered with setting up his or her network properly.
Admins that use SPEWS should be fired, plain and simple. If you can't be bothered to use a reputable and logical spam RBL, or at least use SPEWS as part of a weighting scheme, then you have no business admining a network. The retarded monkies running SPEWS are welcome to do so, but it's the admins that use them that need to be taken out an beaten.
SPEWS is a joke, yes... but it shouldn't be shut down. I'm sure it has it's place with the zealots who have no concept of how the real world works; I mean, seriously, if you only have access to one ISP where you live, how, exactly, do you go about switching? You can't... and using draconian measures to punish people who have nothing to do with, aside from the fact that they happen to live in some backwater with only one option, is utterly childish and sad.
I've never been hit by the SPEWS stupidity, thank god... and even if I was, at least I have have the technical expertise to get around it fairly easily and quickly... but the poor schmucks who can barely turn their computer on would be screwed. I have sympathy for them. I don't condone DDoS's, but the DDoS's on SPEWS awhile back is about the best use I can think of to put DDoS's to use, if they are going to be used anyway.
SpamAssasin w Bayes + Exiscan for life!
And of course there's a variety of other blocklists, all with their own published criteria and standards.
Of course, it would be a bit nicer if the listing of each blocklist on rbls.org contained a <= 10 word summary of the blocklist's policy like the ones you gave, such as "confirmed open relays", "Republic of [South] Korea", or "spam gangs that have been TOSsed thrice for spamming". I've e-mailed my suggestion to the contact address listed on the page.
Beyond that point, it's the ISP's problem.
So if "the ISP" with a problem is the only residential high-speed ISP in the geographic area, what do you expect all the other residential users in that area to do? Move house? Go back to dial-up?
Instead of blocking spammers, just filter out the links they include in e-mails. They can't be obfuscated because they won't work if they are and countless spammers use the same domains to host their affiliate pages and/or ad images.
Block one IP, you block nobody you wanted to because the spammer that sent it doesn't use it anymore. Block one URL and you've just blocked dozens if not hundreds of spams regardless of who's advertising it.
Includes source for automating the process as much as possible
It takes just a few minutes to go through any number of e-mails and remove all the legitimate domains that were linked to and then to update the Mercury Mail rule file.
SPEWS is retarded and counterproductive. IPs are a finite resource and are reused constantly. You cannot realisticly block spammers by blocking IPs. SPEWS has probably done more damage to the internet by it's idiocy than spammers have. It's about time some of the businesses that are being hurt by them form a class action lawsuit. Or, even better, everyone should just stop using them until they pull their heads out of their asses and start being productive instead of just an internet bully.
I found a simple solution that results in getting virtually no spam. And any spam I do get is taken care of on the next update. I have a domain that was getting lots of spams now pointing to a catchall at my home IP. Since I had no legitimate e-mail addresses using that domain it's now a very effective way to preemptivly block links before a spammer tries to use them in a spam sent to one of my real e-mail addresses.
No solution is going to make spam dissappear entirly. The idea is to make it go away as much as possible so it's down to a reasonable level without causing collateral damage. SPEWS has taken the stance to act like an idiot and then blame the ISPs for SPEWS being retarded. There's no excuse or need to block IPs. Especially ones in use by people who have never sent spam.
The best part about blocking links is that the header is meaningless. Every line of it could be forged but if the e-mail contains a link to a blocked domain it will not get through.
Ben
Work Safe Porn
A company I work for used to host DNS for spews once upon a time. This type of thing, and other reasons, are why we kicked them out of our DNS servers. Spews has to be one of the worst spam blocking sites out there. I can't believe anyone actually uses their databases.
Wouldn't the ISP have broken the contract at that point? Their action (or rather, inaction in failing to remove a spammer from their network) would at that point have caused massive disruption to your business. If you had a janitorial company that, because they didn't keep their trucks maintained and they were now all broke down, couldn't get anyone to your building to clean it, would you say "Well, we can't break our contract with them."? Or would you say "They're failing to perform as contracted and why they aren't isn't our problem, we've got overflowing trash cans we need emptied."?
If I stand in front of a store and physically prevent people from going in, I'll get thrown in jail. Preventing solicitors that the store didn't want anyway is one thing. Blocking legitimate customers is quite another.
SPEWS shouldn't be any different. Spammers could possibly sue SPEWS but the odds of them winning a suit are minimal because they're sending unsolicited advertisments. However, established legitimate businesses would probably have little trouble getting a class action lawsuit going against them and winning.
Domains should be assumed to have a "no solicitations" sign posted. That would allow companies like SPEWS to block spam from going to domains. However, it would also allow them to be sued off the planet if they blocked legitimate customers.
I suggest companies that have been affected by them test the law out on them and that anyone currently using their braindead lists, switch to something intelligent.
And the parent post is right, you can't just move a business. I have a coloed server with a one year contract. If that ISP gets blacklisted by the retards at SPEWS you can bet I'll be pitching the "sue them" idea. Maybe SPEWS would like to pay for everyone's setup, contract breaking and moving costs.
I find it pathetic that the same community that thinks sacrificing liberty for security is a bad idea thinks it's okay as long it's for the sake of blocking spam. Destroying countless people's ability to send e-mail is perfectly okay since it's for the security of not getting spam from that one guy.
Oh but wait, that one guy already moved somewhere else. But at least we only screwed over innocent people.
Absolutly retarded.
Ben
Work Safe Porn
Yeah, like that is a creditable source.
Hope the "Sign them up for spam" site runners are enjoying the permanent blacklists their fanboy script kiddy wantabes caused. I recall a bunch of them got reported to their ISPs, and their parents probably didn't like hearing about that.
You are not invincible, and unlinke the geocities and other similar crummy webpages/blogs/email/bbs/etc you harass, there is usually someone with more power and authority then you. Get use to the fact that there are people with more power then you, and they will act when challenged.
you and everyone who modded you up insightful are fans of the Patriot Act.
I block URLs that spammers use in their e-mails. I get virtually no spam. I don't get a rip who sent me the e-mail with a link to that URL, it doesn't get through. My mail server kills it before it gets to my inbox.
If a spammer wants to pay an ISP a buttload of money, fine. I have an intelligent way to not get their spam that doesn't involve headers or IPs.
The ISP gets paid, the spammer doesn't. Everyone that matters is happy.
Ben
Work Safe Porn
1. Find innocent users who are only weakly associated to the actual people you have a disagreement with -- in this case, customers on netblocks belonging to higher-level companies who, in one way or another, harbor spammers. (Analogy: people in WTC buildings whose only connection to American foreign policy is the fact that they are Americans.)
2. Hold these people hostage by making it impossible for them to use email, in an effort to extort them into placing pressure on the aforementioned higher-level company to stop harboring spammers (Analogy: blow up the building, threaten to do it again and again until demands are met.)
3. Endure a hostile backlash when your plan doesn't work out -- sysadmins, hackers, tech-savvy victims of this approach use massive DDoS attacks to take down multiple RBLs (Analogy: USA blows the shit out of Afghanistan, Iraq, redoubles efforts to decimate the terrorist networks.)
SPEWS and other "services" like it share the same moral motivation as terrorists, and I find their behavior repulsive, unethical, and deserving of punishment.
There is the fact that most people go in the news group with this attitude, and don't pay any attention to what they and others are saying. Most of the time people just ignore what those in the group say, and/or end up misinterpreting what they have to say. The common attitude of people post like this is "they didn't do what I wanted, thus they are bad."
Also watch what you say, if you treat them with a pissed off attitude, don't be surprised if you get it back. Treat them with respect, and while you might not get what you want, they will treat you with respect and try to help you out.
And for the grandparent's comment about how SPEWS doesn't remove you when you beg, they do remove listings if a mistake is pointed out or the ISP has cleaned up their act. I don't recall any beggers getting their way, and the mistakes don't mean they will remove your block.
So smarthost your mail with an ISP that doesn't suck.
What smarthosting service would you recommend for the customers of the only residential broadband ISP in town, once the ISP has ended up on a SPEWS list? It must have some form of secure SMTP because some ISPs block outgoing ports 25 (SMTP MX) and 587 (SMTP MSA per RFC 2476).
If e-mail servers that use SPEWS were to start rejecting e-mails sent through your residential high-speed ISP monopoly's mail server, you would be presented with the following dilemma. In such a situation, which would you choose?
Please tell us how DSL Reports are "spammers mix in with legit companies".
DSL Reports doesn't spam. SPEWS blocked them. Therefore the block is wrong.
It was Osirusoft, and they are not SPEWS! While it wasn't handled in the best way, they did that to inform those who used them to stop using them.
Gee, and I bet the rest of your post is just as creditable.
If DSL Reports valued money over integrity, then they got what they deserved.
DSL Reports provides a service to their people. Why should it be their business to heed to the desires of a few arrogant SPEWS people?
Thats like saying that if you live in a bad neighborhood you deserve to get mugged.
SPEWS blocks legitmate users. Therefore SPEWS is no longer a SPAM blacklist, but a blacklist of people who do not agree with their views.
I don't advocate the use of such block lists.
SPEWS especially has a long history of adding non-spammers to block lists, or large blocks of addresses exceeding the ip addresses used by spammers.
I am positive dsl reports is a far better customer for an ISP to have, than spammers. They should simply tell them they won't tolerate the ISP hosting spammers and ruining their business.
The ISP needs DSLreports more than DSL reports needs the ISP.
Back up the servers first ; )
"Since when the hell did "liberty" mean that you get to send email to absolutely anyone, even if they don't want it?"
Pay attention: SPEWS is blocking e-mail that people DID WANT.
Got it?
Think you can handle an intelligent retort now? Didn't think so.
Typical braindead "crush the innocent on the way to the bad guys" attitude you got them.
If YOU were paying attention you'd know there are highly effective ways to block spam that don't involve IPs or headers and that don't inflict collateral damage.
SPEWS is the most retarded attempt at blocking spam ever made.
"after all, it's their own negligence that landed their netblocks into SPEWS's "
No, it's SPEWS idiocy that lands them there. Classic blame the victim. SPEWS is a retarded bully and needs to go. It's time to grow up and find ways to block spam that don't hurt anyone but the spammers.
If you'd think a little you'd realize those ways already exist and are in use by people. I guess you'd rather be a vigilante bully. Whee power.
Ben
Work Safe Porn
...you don't get blacklisted for a single spammer, you get blacklisted for being RFC ignorant and not working your abuse desk properly. You are wrong, full stop.
I call Godwin...
i personally sometimes get too caught up in defense of cyberspace to the detriment of greater causes, but if i were part of an organization, i'd hope to do better -- the kind of effort SPEWS and other black holes have directed would be wonderful if it were expended against forms of commerce that cause real human suffering.. in most cases a chain of contractual responsibility could be followed, rather than an unfocussed taint of casual association with malfeasance
Then I guess Microsoft is the most ethical company on the planet, eh?
Clear, Dark Skies
And in response to your POSTING
by the ALLEGED SPEWS
owner/administrator:
Peter J. Carr is an Idiot
Opinion by Terry H. Gilsenan
My opinion agrees with Mr. Gilsenan.
I'd list you as level 1 on the IBL (IDIOTS Block List)
The first part of this rant is directed to the admins of BBR. (dslreports is also known as BBR)
I can understand your frustration at being listed and at the "scorched earth policy" of spews. However, there is ample and damning evidence that your isp, nac, is a MASSIVE spam haus
First piece of evidence:
12 sbl listings (with 3 of the really nasty yellow ones) at www.spamhaus.org
Second piece of evidence: the well mentioned spews listing, which has bucko evidence contained inside.
third piece of evidence: 1970 listings found at http://groups.google.com/groups?q=nac.net+group:ne ws.admin.net-abuse.sightings&hl=en&lr=&ie=UTF-8&oe =UTF-8&group=news.admin.net-abuse.sightings&sa=G&s coring=d
I think we can all agree, nac has a MASSIVE spam problem and does jack shit about it. So lets move on. BBR obviously doesnt spam, but because you are hosted with a pro spam isp, your being used as human shields by your isp. So what are your options here to get your mail working?
option one: bitch at nac to punt all their spammers, which will cause spews to descalate (yes spews DOES remove entries when spammers are terminated) the listing so your mail doesnt get 550'd. Problem is, nac is likely to not give a shit, and not lift a finger.
option two: smart host your mail with a non spammy isp. There are a variety of ways to do this, and usually its not very expensive. I've leave it up to you (i am sure you guys are fairely clueful in a network sense) on the best way to accomplish this. This is probably the quickest and easiest solution, though the one negative to it is that your still supporting a spam haus, but if that doesnt bother you, then so be it.
option three: the probably least practical solution for you, but morally the best solution. Tell nac to eat shit and die, and move your operations to a non spam haus (and despite what some people are saying, there ARE isps that dont get blacklisted, they agressively nuke any spammer on sight. Spews doesnt list you for one spam, they list you for ignoring repeated spam complaints). On a practical level, i understand this may not be a realistic option for you due to the extreme complexity of moving servers, but i figured i mention it since it is technically possible.
ok, now for my rant directed at the non mail server admins of this forum.
As others has said, spews does NOT directly block your mail.
The mail admin is the one that blocks or doesnt block incoming mail. When he configures the mail server you use, he decides what if any rbls (aka blacklists) he uses. The critera for which rbls he uses depends on management's attitude (assuming its a business server), the admin's stand on spam (is he a rabid block spammers on sight type, or a "screw it, not my inbox or bandwidth" type), and the user base of the server (do the users need to recieve mail from china or south america, or can those countries be blocked with out losing legit mail?).
Spews does not communicate directly with the outside world or provide a method to be communicated with directly for very good reasons. In the past, spammers and spam hauses (verio comes to mind) have sued rbls for completely bullshit reasons. Because spews can and does play hardball with spam hauses, they remain safely anonymous so when spam hauses try to send bullshit lawsuits (aka cartooneys in the anti spam world) to spews; well it doesnt go far when you dont even know who to send the process server to The only way to communicate with spews is by posting on the usenet group NANAE that you've removed the spammers you host. Failure to remove your spammers or lying that you've removed the spammers only gets more and more of your network listed.
People complain about spews listing non spammers along with the spammers. Spews philosophy is similar to the following analogy. Lets say you live in the same apartment complex as the unabomber. People in your town keep getting mail bombs
Lawyers, MBA's, RIAA? A jedi fears not these things!
Needless to say the relay was closed, the New Admin learned a lesson, and you're still incompetent.
Translation of that article, for those short on time:
"Wahh wahh wahh, SPEWS listed our ISP because our ISP subsidizes legitimate clients by selling to spammers, Wahh, wahh, wahh, we're too cheap to go somewhere else, wahh, wahh, wahh" followed by a bunch of lies about SPEWS, followed by "wahh, wahh, wahh."
Sounds pretty similar to DSLReports.
If you put the names of people who didn't shoplift you can be sued for defamation among other things. I'd really hate to show up at a store only to find out I can't go in because some asshat like SPEWS falsly accused me of shoplifting. If I couldn't sue the person who made the list, then I'd sue the store that used it. This is what SPEWS is counting on. By hiding, they can't be sued and so you're forced to move. If they're ever found, SPEWS will be gone very fast.
Seriously PAY ATTENTION. You act like SPEWS only blocks spammers. They are blocking far more innocent people than spammers and they admit this.
And it's not illegal for an ISP to host a spammer so there's nothing to sue them about. They didn't do anything wrong. The ISP can report the spammer to the government under the CAN-SPAM act and or drop their account.
So yes, suing SPEWS is the way to go. If my ISP ever gets blacklisted, I'll suggest legal action against SPEWS or even possibly those who utilize their lists. It's moronic the way they go about "blocking" spam.
Ben
Work Safe Porn
Either nac.net kicks all ths spammers off and keeps them off, or they start losing customers.
I say it again: Fuck SPEWS.
...a load of cum right into each wrongly-blacklisted mouth.
Let me modernize those paragraphs for you:
The Internet is, by definition, a "network of networks", a large anarchy owned by corporations who make private economic decisions about who and how they allow to access their bandwidth, systems, and services.
The owners of the networks establish TOS to limit liability and help ensure profitability.
Do you really believe that the techies at the ISPs still have the authority to decide who does or does not remain a customer?
Since SPEWS-blocked email is non-standard email
If it wasn't so standard, we wouldn't be hearing so much whining.
Where is SPEWS hosted?
Pity it's not in NZ, otherwise it could get its ass sued for harming NAC.net's business
If you didn't get blacklisted then your story is misplaced. It is a good story for telling the hidden cost of spam but not to attack blacklists.
Note that I do not equit size with quality. Just that you get what you pay for no matter what the size of the company may be. Sure size matters when it comes to available man power. A 1-man operation can't waste two days just fighting such an incident but a large company may have only 1 man with different duties as well to fight spam.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
This story fits very well into the "Your Rights Online" category. It's my mail server, and it's my right to decide who can talk to it. As the admin of my mail server, I am participating in a boycott of spam supporting ISPs. It's that simple.
Nobody has "the right" to call me at midnight to sell me stuff, or junk fax me, or bang on my door until I open it. Similarly, nobody has "the right" to put an e-mail into my inbox.
When SPEWS is used as much as MSIE on the internet, its the same as making a page MSIE-only. If 30% of the sites on the internet were configured so nobody on linux could see them, so no Mac, or alternative windows browsers were compatable with or without spoofing, you would see an outroar from people who actually see the effects when their page doesn't load instead of a bounced email.
It's everyone's blocklist, its used on a massive number of servers, and there is no getting around it. When it screws up, its as bad as when a dns server goes down. There needs to be overhaul and oversight in email.
I run several mail servers that serve a LOT of email recipients. Not high-profile-ISP caliber, but I'm definitely in the same boat as mom-and-pop ISP's (probably serve more users than most of them).
There are *much* better alternatives than SPEWS out there. First off, things like spam-assassin are great tools, but you definitely are filtering spam at a real cost (CPU time). RBLs are a very nice tool also, but *as* a systems administrator, I don't want to subscribe to a list that flogs sysadmins on a regular basis (like SPEWS).
Other rbls, like open-relay RBLs, I fully support. If I have an open relay and get put on that list (which means I have probably been used as a spam relay), it's my fault *and* I need to know about it. Annoying as that is.
As I work for a company, I look for professional solutions to problems. Not necessarily commercial solutions, as I use open source on every server I can, but solutions that are clear, responsible, and trustworthy. SPEWs blacklists entire ISPs (ones who I know are doing their damnedest to stop spam), entire subnets, and doesn't seem to have anyone to talk to, other than a bunch of 15 year olds who flame people on their forums. Not professional grade.
Screw spews.
I have to agree with their actions here. This is the sort of 'collateral damage' I agree with. Asking ISPs nicely to clamp down on spammers doesn't work - after all, spammers are customers too. To get an ISP's attention, you have to talk their language: money, and the easiest way to do that is to cause their customers to move elsewhere, and the easiest ( and most defensible ) way to do that is to blacklist IP blocks belonging to the ISP. It's just cold, hard reality. Note that I'm not saying that we have to bomb the Christ out of the ISPs and kill hundreds of thousands of innocent customers and steal their computers ... that would be taking things too far!
"...for all I know the marketing company has legitimate addresses." No they don't. SPEWS works as follows: 1. Spam hits a SPEWS mailbox never used for anything. SPEWS email addresses have never subscribed to anything nor have they appeared in newsgroups or web pages. 2. SPEWS complains to the spammer's ISP. 3. More spam from same spammer arrives, implying ISP did nothing. 4. Spammer's IP is listed and another complaint sent to spammer's ISP. 5. More spam hits. Another complaint and block expands. 6. Eventually the ISPs entire IP space is listed. When the ISP evicts the offending spammer(s) - root and branch - the block is removed within a few hours. If the spammer 'reforms' (but stays a customer with the ISP), the block ages off as SPEWS becomes more and more convinced that the spammer has indeed Come to Jesus. This takes about a year (some say six months). By giving money to a SPEWS-listed ISP you are implicitly assisting a spammer. Your ISP is using you as a human shield.
"We're all eagerly awaiting your solution to this problem, since you seem to think that it's so easy."
Click on the link in my sig.
"Effective methods for blocking spam that don't require you to waste CPU cycles by processing spammer messages?"
You can be lazy and ineffective (use SPEWS) or be intelligent and effective.
I don't consider it a waste of CPU cycles to get rid of spam without losing a single legitimate e-mail.
I see you've chosen the lazy, ineffective, "napalm the village" method of SPEWS. SPEWS is braindead. No thought goes into their method. It's kneejerk bullying.
"Uh, no, it's blame the spam-friendly ISP"
Okay, so blame the terrorist friendly nation for the need to nuke the citizens. It's retarded reasoning. One day you'll get a clue.
Ben
Work Safe Porn
so since *you* don't have legitimate customers that happen to have signed on to an ISP that got a spammer onboard, nobody should.
Punish all the customers of an ISP for the actions of a single spammer who no longer is using their services.
I can't think of any other way to point out how retarded this is.
"Until the spammer morphs their domain name, as they have been doing constantly for the past five years."
And? A spammer gets new IPs constantly. countless thousands of spammers use the same domains to send their crap. Block one URL and you block countless spammers. Block one IP and you miss the spammer entirely and solve nothing. I've blocked far more spams than there are URLs in my rule file.
"'Probably?' Citation, please."
I realize you're too dense to get it through your skull that napalming a village to get a single target is not effective and does more damage than good.
"Odd, it seems to be working so far."
So does napalming a village but it's a retarded way to go about getting someone.
You have a very twisted definition of "works" if you think SPEWS works. It's lazy, ineffective, and counter productive.
Ben
Work Safe Porn
Innocent people do not support spammers. If my email were to be blocked by SPEWS, I would be thrilled that someone had warned me that my host was supporting spammers... and I would have a new host by the end of the week.
There are no innocents in the spam war. There are spammers, spam supporters, and victims...
SPEWS is not the culprit, your spam friendly ISP is. Once the spammers are gone, so will the SPEWS listing.
As a NAC net customer i have a take a few issues with this. 1) where is the proof., yes they have had spammers use thier network, and they have killed those acocunts, what else are they supposed to do? As for this guilt by assocation apprach its BS, saying i should buy out of my contract, and spend a fortune moving to another ISP is like saying that If a landlord breaks the law then all the tenats should go to jail.
Reading through all of these replies, it's the same tired arguments, both for and against spews that I've heard at least 2 dozen times before in other forums (mostly hosting related).
/19 with spammer (yes /19 my humble /26 was within the /19 they blocked). The listing was removed within a week after I crawled all over the data center to solve the problem or ELSE (and else meant losing my business and more). Oh and the complaint against the data center? Do you think spam was being sent? No, there was a DNS server resolving some ips that were part of a spammers domain. Yeah DNS, golly. The DNS servers were null routed, the newsgroup for spews notified and within 4 days the block was gone.
Spews hurt innocent businesses - fact
Spews is a shadow organization and cannot be held accountable for their actions - fact
Spews pisses me off - fact
Spews works - fact
Spews pisses me the hell off, hardcore, they block innocent bystanders and hurt the business of people who have no affiliation whatsoever to spam, other than having the bad luck to be using a connectivity provider listed in spews.
I have yet to find any major data center that does NOT have a few ips listed in Spews - ev1, nac, gnax, xo, he, and a few others I've checked in just the last few -days-.
But, begrudgingly I have to admit those spews blocks work, the last time I was splattered with the spews dirt thanks to sharing a
So, as much as they piss me off, Spews' tactics do seem to work.
--- www.f-theocean.com
you have no idea how SPEWS works.
That would explain why you're such a blind fan of it. Or maybe you just enjoy the power of it. Hooray for nuclear weapons, huh?
"He has a new domain name for shilling his fraudulent goods every week."
So? Filtering out his domains is as good as blocking him. And you don't have to napalm a village in the process to do it. Blocking a Ralsky domain == 100% accurate filter. Blocking an IP of his is 0% accurate and results in collateral damage. Why do you think SPEWS has to napalm an ISP to claim any sort of effectivness?
But, apparently you prefer to napalm villages. Reason isn't up your alley.
Ben
Work Safe Porn
Yeah, like that is a creditable source.
Yeah, I'm sure they'd make up a story about having a run in with the SPEWS and the gang. Considering everyone that has the problems tells a virtually identical tale about how they are treated when trying to get themselves delisted I think SA is pretty spot on.
there is nothing you can do but change ISPs.
Many of the contracts between an ISP and a customer imply a commitment of months or years to stay with a particular ISP. How can small customers negotiate a term of a contract that terminates the commitment once the ISP becomes widely thought of as harboring spammers?
What steps of investigation would you perform on an upstream provider before agreeing to, say, a 2-year hosting deal? And what if your upstream turns from heavily anti-spam to heavily spam-friendly during the term of your commitment?
You cover every possible contingency when signing a binding agreement
This is the ideal situation, but what if the provider, who is usually much bigger than the customer, won't budge on a particular provision of the contract, such as what constitutes bad faith?
any such contract that had been vetted by a lawyer (and even many that haven't been) should have an escape clause along the lines of "if they're not fulfilling their end of the bargain, you can pull out."
Actually, it appears you're right. For instance, Verizon Online's TOS states that "a service-related problem that Verizon has not cured" can lead to a waiver of the termination fee. However, other monopoly providers' escape clauses for residential accounts may not be so airtight, possibly along the lines: "As long as the web works, your service is considered to still work."
So, essentially, you were forced to use a technique commonly used by spammers to avoid blacklists, in order for you, as a non-spamming site to avoid the same blacklist? Am I the only one that sees the irony of this?
It sounds to me like he was explicitly allowed to use said mailserver. That's not what spammers do -- spammers illegally hijack insecure third party mailservers without the consent of the owner. What he did is actually a recommended means of sending mail when your normal IP space is listed in SPEWS. It's called "smarthosting".
STOP MISUSING APOSTROPHES, YOU MORONS!!!
look like an idiot, but you are. I used the word spamming my customers because they would want to see offers and not "Hi!, my new email is..." Ever learn how to use a term loosly?
1888 Franklin St.
Did anyone who knows anything about spam issues see the total idiocy of this post? I don't think there's one sentence that is fully factual and most are just plain wrong.
Actually, the more I read it, the more my "he's a spammer" radar starts beeping.
You can't report anything to SPEWS, they don't even have email.
You can't report anything to Spamhaus, they don't accept "outside" spam reports.
www.arothman.com = liar or moron - take your pick.
If you complain about spammers to nac.net, their admin Dave DiGiacomo will post on his personal website and tell people to "fuck with you hardcore"
1 EF 3E0A%40hotnail.com
2 2F 5%25stinky%40chickenvboner.com
http://groups.google.com/groups?selm=3E571D71.B
A history of their abuse is well documented, let them rot in SPEWS.
http://groups.google.com/groups?selm=BC340F78.C
Spammers use relays to hide their true origins of operation. Whether that's insecure proxies or hosts they're explicitly allowed to use is irrelevant in this case, because they use both.
Yes, he's forced, by anti-spammers, to use an RBL evasion tactic commonly used by spammers.
Then I guess Hitler was ethical, since the majority of Germans agreed with him at the time.
Sorry, I don't buy that. Right is right, even when everyone else is wrong.
Clear, Dark Skies
We all know the bad ISPs, if you don't, run a black list for awhile. Some of them will rent rack space to the devil yet others like Earthlink deserve 3 cheers!
If spam is to be curtailed, then black listing a bad ISP makes it unattractive to be bad. I recently black listed an ISP sending 12500 spam/virus messages a day to our 6000 users. There tech contact didn't reply (unless a auto reply is a reply).
So with management permission we cut them off about October last year and sent hundreds of angry users (many our own employees) to their help desk. Two weeks ago we went a whole week without a spam or virus from their official email servers and lifted the block. Lesson learned, black listing does work
List the vagrant spam scum bags! And if nothing else it feels good to choke their servers.
just because your favorite gay porn site crashed last week.
Well you are sort of right, the way they treated it is identical to other posts. They sent their stupid fans into a news group with the intent to DoS and distrupt the group. Most people who do this end up getting blocked, and those who sent the people there get in blacklists. Blacklist are worse then SPEWS, most of them are permanent.
If you don't treat them nicely, don't expect them to be nice back. A majority of the posts come from people like SA, whinning about how they are blocklisted, making threats, not listening, and taking it out on other group members when the complainer doesn't get what they want.
If you mean "spot on" cluelessness FUD you are right. What else could you expect from a troll site that begs for attention, makes stuff up, and encourages abuse?
Anyone else Godwin's Law needs an update to include terrorists?
Sorry, but "the majority is always right" is also known as "fascism" so, no, it's not a trite example.
Did the civil rights movement of the past 50 years mean nothing to you?
Clear, Dark Skies
Spammers use relays to hide their true origins of operation.
Spammers typically use illegally hijacked mail relays. He is legally using another person's mail relay with their permission. This is suggested quite often on NANAE when someone is stuck under a SPEWS listing because their ISP allows criminals to run rampant.
There is a difference: he doesn't deserve to be shot for what he's doing.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
known for belligerence and terrorism? Or for oppressing people they disagree with?
Lol.
Clear, Dark Skies
what the FUCK? please explain why you think shooting people over email is okay.
... does not make being caught up in a SPEWS listing OUR problem.
You can stamp your feet and whine all your like. SPEWS is actually one of the least of anyone's worries - at least getting out of a SPEWS listing is relatively easy - move providers or get the provider to remove the spammers.
Whereas by the time any IP is in SPEWS, it's already in dozens, if not hundreds of "write ones, remove never" router blackholes and mailserver local blacklists.
*Mad at SPEWS* DAMN YOU SPEWS! You are the reason I can no longer get into www.deviantart.com, I hope you get sued and everybody in SPEWS dies a horrible death!