SPEWS Adds DSL Reports to Block List

← Back to Stories (view on slashdot.org)

SPEWS Adds DSL Reports to Block List

Posted by timothy on Tuesday January 20, 2004 @09:14PM from the but-they're-good-guys dept.

Kylow writes "Last year, Slashdot publicized our efforts at DSL Reports to pursue a group of spammers who had spammed our forums. The Slashdot community immediately pitched in to help, and the publicity wiped the sites owned by the spammers off the internet. Fast-forward to today, and the popular yet often draconian block-list SPEWS has added DSL Reports to their blocklist due to the activities of other websites hosted on NAC.net. DSL Reports users are less than happy. This is hardly the first time SPEWS has been accused of going too far."

10 of 814 comments (clear)

Min score:

Reason:

Sort:

The problem with lists like SPEWS... by GodBlessTexas · 2004-01-20 21:15 · Score: 5, Insightful

Is that it swats flies with sledghammers. Surely there's a more elegant way to deal with this issue now?

--
Remember the Alamo, and God Bless Texas...
1. Re:The problem with lists like SPEWS... by Anonymous Coward · 2004-01-20 22:09 · Score: 5, Insightful
  
  If you think they list too many netblocks, try using another list, or no list at all.
  
  Oh, for FUCK'S SAKE, stop missing the point, would you?!
  
  Sorry, I'm getting a bit pissed off with this topic.
  
  Look, it's nice that you think you have free choice, but the innocent people who are on that list do not have any choice in the matter. And the people they're trying to stay in touch with might also have no choice but to use the list, if it's company policy, or if their ISP uses it.
  
  THIS IS A PROBLEM. You can claim it doesn't exist till the cows come home, but it will still be there.
Am I my keeper's brother? by ObviousGuy · 2004-01-20 21:18 · Score: 5, Insightful

If your ISP is also providing spam services to spammers, do you really want to be grouped in with them?

I think the black girl behind me at the screening of The Ring said it best. "Get the fuck out of there!"

Everyone loses when you patronize businesses who willingly accept spammers. Don't give them your money. Do it and feel good about yourself and for the good of your subscribers.

--
I have been pwned because my /. password was too easy to guess.
1. Re:Am I my keeper's brother? by WegianWarrior · 2004-01-20 21:24 · Score: 5, Insightful
  
  By that logic virtually all the major ISP should be blacklisted and all real users should find little mom and pop operated providers.
  
  Think your logic all the way thru. If I sign up with what appears to be the best provider for me (or even the only one avilable), am I to blame because some stupid git sign up for a free trial and sends out spam? Should the postoffice refuse to deliver mail sendt from your city becuse there is a company there that sends out junkmail?
  
  Blocking off entire subnets may be a "solution" to stopping spam, but so is taking a pair of pliers and cut your networkcable...
  
  --
  Everything in the world is controlled by a small, evil group to which, unfortunately, no one you know belongs.
A couple of clarifications by Halo1 · 2004-01-20 21:35 · Score: 5, Insightful
(I'm not SPEWS and don't know anyone at SPEWS). That said:
- dslreports.com has address 209.123.109.175. That address only appears in a level 2 listing. Very few people use level 2 listings, the "real" SPEWS are the level 1 addresses. What level 2 really means, is explained in their FAQ (Q22).
- SPEWS did not add dslreports.com to their blacklist (search the linked page for dslreports, it's not mentioned). This does not make it less annoying for the owners of dslreports.com obviously, but there are differences. E.g., if a spammers moves, the blacklisting will be moved too, for dslreports.com it obviously wouldn't (no, that doesn't mean I think dslreports should simply move and shut up, I know things like that cost money).
- The blacklist that SPEWS publishes is an *opinion*. Everyone is free to follow their opinion or not and use it to (over-)protect their property or not. If an ISP uses it (or any other blacklist) and doesn't clearly inform its customers about that fact, then this ISP is at fault.
Nevertheless, I completely agree it's sad that the spammer situation has gotten so much out of hand that people resort to this kind of carpet-blacklisting to try to force ISP's to stop their spam support (as larger ip-blocks are only added when an ISP refuses to remove its spammers, or starts moving them around to non-blacklisted IP-addresses).
It's however pretty much the last resort that other people have to do anything about it. If an ISP does not experience any significant harm from hosting spammers (and in facts profits largely from it) and does not want to remove them because it's the right thing to do, what else can you do to tell the ISP to FOAD if you don't want to become a vigilante?
(putting on asbestos suit)
--
Donate free food here
Positive discrimination by Durzel · 2004-01-20 21:36 · Score: 5, Insightful

I actually think blocking the wider IP ranges of the ISP is a positive thing, and I'm sysadmin for one, and I've been involved in a similar dispute in the past with SPEWS. To be fair in our case we were actually caught in the collateral damage and weren't even hosting the spammer in question.

The point is, blocking a sizeable portion of the ISPs IP range inconveniences them and their non-spammy customers. It encourages them (if nothing else) to take responsibility instead of going for the cheap buck. If blocking wide-ranging ISP IP ranges means that they wake up and stop hosting spammers (or implement stricter controls) then surely that's a good thing in the grand scheme of things.
Re:Nobody seems to understand spews by Anonymous Coward · 2004-01-20 22:05 · Score: 5, Insightful

When your provider is listed by spews, it's time to move away. You are supporting your provider, which is supporting spammers.

When legitimate customers move away, providers will feel that supporting spam costs them real money.

What you may not realise is that moving elsewhere costs US real money. Money not all of us can easily afford.

Telling people to switch ISPs because their current one is suspected of harboring spammers is like telling the people of Iraq (pre-invasion, obviously) to move away because their country was suspected of harboring terrorists. Easy to say, but far more difficult to put into practice. And the end result is that when the bombs start falling, innocent people get hurt.
Re:Nobody seems to understand spews by 91degrees · 2004-01-20 22:32 · Score: 5, Insightful

I see lots of comments in the forum like 'spews blocked my server'. Spews did no such thing. Spews is listing their provider.

They list it on a list that is used to determine which servers to block, for the sole purpose of causing said servers to be blocked.

Since their actions have the aim and result of blocking servers, I think your argument that they're not is somewhat lacking.

When your provider is listed by spews, it's time to move away. You are supporting your provider, which is supporting spammers.

When your provider uses SPEWS it's time to move away. SPEWS blocks too many legitimate emails to be worthwhile. The community hates being blocked as spam a lot more than it hates spam.
Re:Insightful? by Endive4Ever · 2004-01-21 00:38 · Score: 5, Insightful

People may begin to "start taking their business elsewhere" when a gestapo-friendly ISP just aligns themselves with an anti-spam outfit rather than providing the service the customer paid for.

And yes, I know I'll evoke a squeal of hysteria for even hinting that any form of anti-spam zealotry could be dubious.

--
---
It's not about spam, it's about TRUST by satch89450 · 2004-01-21 01:39 · Score: 5, Insightful

OK, for those of you who read NANAE, this is old news, but for the rest of you...
I'm a sysadmin who worked very hard to get a /24 listed in SPEWS delisted. The netblock was in the list because a customer of ours decided to provide DNS service to a known and notorious spammer. We earned the listing, period. I killed the bastard, reported the fact, and got the listing lowered to a zero, historical. In the process of doing that job, I learned a lot about the whole blocklist thing and realized that even the operators didn't see what they are really doing. They think it's about spam. Wrong.

It's not about spam. It's about TRUST
A listing in a recognized blocking list is a vote of "no confidence" in the IP owner's ability to run its network, to make its users -- ALL its users -- conform to the Internet society's accepted code of conduct.

Follow along with me a moment, and you'll see why I think this way. First, the Internet is, by definition, a "network of networks", a large anarchy run by a very large number of system administrators (greater than 10,000) who make private decisions about who and how they allow to access their bandwidth, systems, and services. The Internet Society and its sub-units provide a forum to publish community notes, the Requests for Comments, which are nothing more and nothing less than agreements for how to play nice in this employee-owned swimming pool.
The Internet community has decided on standards of behavior, and each system operator trusts every other system operator in the pool to conform to the rules of society, and to ensure that the users conform to the community rules -- not unlike CC&Rs in a neighborhood development that form part of the purchase contract of many homes and condominiums. Some operators have become lax in their expected enforcement of the rules on particularly not-nice people, the ones who break the rules in order to win money, or some other benefit. There are enough of these Internet con men out there that the community coined a word to describe them: "spammers."
Back in the NSF days, a lapse in administration resulted in disconnection, quick and swift, so the system adminstrators, up and down the line, toed the line to avoid being banished. In the Commercial Internet that replaced the NSF Internet, personal greed gets in the way of this remedy, and so the disdain of social customs is left largely unpunished by the society.
Just about every system operator who runs a mail service with more than three users has been yammered at by those users: "WE WANT LESS SPAM -- DO SOMETHING." Complaints to ISPs who take spammer money go largely ignored, and appeals "upstream" -- to the connection providers and to the Tier One networks -- have also gone largely ignored. So the small administrators started to implement mail filters and blocks on "spammy" IP addresses in the hopes that they can block the crap and thus appease their users.
Spammers countered by having their providers move them around in IP space, and by using techniques to "get around" the content filters. It's become a war, frankly. First there were keyword filters, and so spammers started to "do things" to their messages, like replace the letter 'o' with the digit '0' -- you've all seen the tricks. Hash identification of bulk messages were thwarted by inserting random nonsense text. Learning filters are poisoned by spammers injecting random words. And so on and so on. In addition to these content-based counters, spammers also steal resources of innocent people: open mail relays, open proxies, and hijacked Web scripts like formmail.pl, so that the wrong person gets blames for their flood of commercial feces.
What the block-list people decided is that having each of the 10,000 to 100,000 system administrators deal with this individually was eating up too much time, and there was this nifty thing already in place that could be used to reduce the system overhead of id