Slashdot Mirror

← Back to Stories (view on slashdot.org)

SPEWS Adds DSL Reports to Block List

Posted by timothy on from the but-they're-good-guys dept.

Kylow writes "Last year, Slashdot publicized our efforts at DSL Reports to pursue a group of spammers who had spammed our forums. The Slashdot community immediately pitched in to help, and the publicity wiped the sites owned by the spammers off the internet. Fast-forward to today, and the popular yet often draconian block-list SPEWS has added DSL Reports to their blocklist due to the activities of other websites hosted on NAC.net. DSL Reports users are less than happy. This is hardly the first time SPEWS has been accused of going too far."

9 of 814 comments (clear)

  1. As a small webhost by Nazmun · · Score: 5, Informative

    I can't tell you how much we hate spews, this is far from a common occurrence and it seems that the only to fight this is to not use spews. Their are plenty of better alternatives like spamcop and orb.

    --
    Hmmm... Pie...
  2. Level 2 listing, by spydir31 · · Score: 5, Informative

    from openrbl.org
    SPEWS/spews.org: 209.123.109/24: 553 SPEWS2 [2] nac, see http://spews.org/ask.cgi?S2814
    from the SPEWS FAQ

    Q22: What is Level 2?
    A22: This includes all of Level 1, plus anyone who is spam-friendly, supporting spammers, or highly suspicious, but not blatant enough to be included in the Level 1 list yet. If it becomes obvious that someone at Level 2 has become a real problem, they will be escalated to Level 1 after some attempt at education. The Level 2 list will have some inadvertent blocking (non-spammer IP addresses listed), but can still be used by small ISPs or individuals who want a stricter level of blocking/filtering. By having a two tiered list, you can make the hardcore spamfighters happy; those who want to block first and ask questions later. Also, a listing in the Level 2 list may exert a bit of pressure on spam friendly sites and may keep them from turning totally bad - but that is not really the point, stopping spam is. (note: a Level value of "0" means that area is not listed)

  3. They didn't block it by CaptainBaz · · Score: 5, Informative

    From the linked forum posts:

    1) your mail server is NOT BlackListed! If you look at the listing it is at level 2 the [2] means level 2. Read the SPEWS FAQ. No one blocks on level 2 listings.

    Level 2 listings are netblocks which are watched carefully for evidence of abuse, usually because the adjoining netblocks are in use by spammers, and because the provider (NAC in this case) is ignoring complaints about the abuse, or is doing nothing to remove the abusers.

    2) There is something you CAN do other than rant, which will not do you any good at all; and that is to complain to NAC about their spam-friendly policies. It's NAC's hosting network abusers which is the problem. If the listing is upgraded to level [1] then there will be a problem getting your e-mail out; if this is intollerable, the ONLY solution would be to change providers.

    3) If NAC persists (usually for a prolonged period of time) in it's disregard for the rest of the Internet, by allowing our mailboxes to be filled up by their customer's garbage, then many system administrators including myself, will choose to refuse mail from larger and larger portions of NAC's IP-Space, IMHO this is a perfectly reasonable choice. It puts presure on the service provider not to host spammers, something, which in the long run will help stop spam.

    Understand, that SPEWS does not block anyone, all they do is make available a list of spam-friendly, and spam-supporting providers. Many systems will choose not to communicate with providers who support spam operations in a direct effort to hurt spammers by denying them access to providers.

    Yes I run an ISP, and YES we use SPEWS as one of many BL's we use to eliminate UCE/SPAM from our customer's mailboxes. Spews comes in seccond only to spamhaus.org in it's effectiveness. We receive less than 10 spams/day across a user population of over one thousand. Spews alone is responsible for about 30% of the blocking.

  4. Re:Am I my keeper's brother? by Alranor · · Score: 4, Informative

    No.

    Spews will list the IP that their spamtrap received mail from.

    Then they will make a complaint to the ISP.

    If the ISP ignores complaints, THEN the listing is progressively expanded, but they don't start out by listing a whole block.

  5. Re:Abuse. by Trillan · · Score: 4, Informative

    One spammer buys a few IPs on a block with an ISP, and SPEWS takes out the entire block.

    You don't know what you're talking about. As long as the ISP acts to terminate spammers in a reasonable fashion, they don't get listed in SPEWS. It's only after several months of protecting a spammer that an ISP gets added to the block.

  6. More accurately... by Dimensio · · Score: 4, Informative

    Actually, this part is incorrect. Spews (and several other blacklist providers) don't even bother to notify the ISP before listing (or after for that matter).

    SPEWS as an organization does not send mail, however the people who are behind SPEWS DO send LARTs to the responsible hosting providers for the spams that they receive. They just don't identify themselves as SPEWS when they do it. This is so that ISPs will either learn to take ALL complaints seriously (because they can never know when one of the complaints comes from someone at SPEWS) or learn to enjoy their new intranet.

    --
    STOP MISUSING APOSTROPHES, YOU MORONS!!!
  7. Re:Never use blocklists to block by Pete · · Score: 5, Informative
    fo0bar:
    This is a perfect example of why you should never just arbitrarily block email because it comes from an IP on a list. Instead, programs like SpamAssassin are useful because they use blocklists as a factor, one among many, in determining whether to treat a message as "spam".

    The problem with just using SpamAssassin is that it's very CPU-intensive. And when the spam's already got onto your mailserver, has already cost you in storage space and bandwidth.

    SpamAssassin is good as a second (or third) line of defense, but an RBL is much cheaper from the CPU/bandwidth/storage perspective - hence one or more RBLs is preferable as a first line of defense.

    The cool thing about RBLs is the wide selection. Are you happy to block confirmed open relays? No worries. Do you want to block all of South Korea, as you never recieve legit mail from there? No worries. Do you want to block known and thoroughly reprehensible spam gangs that have been booted off three or more ISPs? No worries.

    And of course there's a variety of other blocklists, all with their own published criteria and standards. No one says which ones you have to use. No one says you have to use any of them.

    But the major point is, if you're a target of a blocklist, there's a reason for it (assuming the list admins didn't make a mistake, which does happen very occasionally). And there are always ways you can deal with the listing, ranging from ignoring it to smarthosting email to changing your mailserver IP.

    SPEWS are absolutely consistent with their listing criteria, and always have been. If you're not a spammer and you've been included in a netblock listed by SPEWS in Level 1, it is always after your ISP has been repeatedly warned and they've done nothing about the problem spammer.

    A SPEWS listing always starts with individual IPs. Beyond that point, it's the ISP's problem.

    Pete.
  8. I'm sure DSL Reports isn't happy by Todd+Knarr · · Score: 4, Informative

    Perhaps, though, they should talk to the source of the problem instead of complaining about the solution. The problem, after all, isn't that SPEWS listed a spam source network, but that NAC.net is hosting spammers alongside it's legitimate customers. Those customers should make it clear to NAC.net that either the spammers go, NOW, or they'll take their hosting elsewhere, also now.

  9. Re:SPEWS == the wrong way by Ledskof · · Score: 5, Informative

    Like I said, Ignorant.
    You are ignorant of this scenario:
    Your ISP has Company A (You) and Company B with a bad administrator.
    Company B screws up and installs a Microsoft patch that opens up their Exchange SMTP server as an open email relay.
    So they become a spam email relay just because they applied a patch. Unbeknown to the ISP, someone accidentally became a SPAM relay. Then some idiots get this attitude that the ISP is a Spam friendly ISP.
    My company was blocked because a company that had been shutdown 2 years beforehand was listed in the same IP block.

    So here's what we did when we discovered we were on SPEWS:
    1. Looked up SPEWS database.
    2. Tried to contact the Company listed in our block as a SPAMMER.
    3. Discovered Company didn't exist.
    4. Contacted ISP to find out why we were being blocked.
    5. Discovered ISP wasn't doing business with the company anymore.
    6. The IP address in this block that was listed on SPEWS wasn't even assigned to anyone.
    7. For the hell of it, tried to use the IP address for an SMTP relay. Didn't work.
    8. Tried contacting SPEWS (HAHAHAHAHAHAHA) on the newsgroups, for about a year.
    9. Gave up.
    10. Half a Year later was removed from the list.

    If any administrators are reading this and think SPEWS is worthwhile... please quit and get a job in Marketing. Thanks.

    --
    This is my sig. The post is over.