Slashdot Mirror
Spanish Internet Provider's SMTP traffic Blocked
Andrew D Kirch writes "After being barraged by spam and 419 scams from Rima-TDE and telefonica.es [translated], the AHBL has announced that all of Spain's national ISP's e-mail will be blocked by their blacklisting service. One has to ask though, is blocking an entire country like this the future of spamfighting, or has something gone horribly wrong?"
A few other countries that can use this are found here.
Dude, where's my packet?
Telefonica is the biggest ISP in Spain. There are others, but Telefonica's servers route a huge portion of Spain's emails, so this is significant.
Pragmatism as an ideology is not particularly pragmatic in the long term. Keep it in mind when you dismiss Free Software
The United States produces more spam than any other country.
Rima-tde's long time treatment of abuse complaints has lead to them being labeled by many in the community as a rogue provider.
This has continued for quite some time, as evidenced by archived usenet posts (http://groups.google.com/groups?q=rima-tde&ie=UT
Getting up there along with the likes of HINET and Chinese state-run providers takes some serious work, and in goes to show Telefonica De Espana's commitment to its spammers!
Congratulations to them on this well deserved moment of (in)fame.
TDE is blacklisted.
They are as government independent as the BBC or DeutscheTelekom or the BundesPoste. If they were independent and a commercial enterprise, perhaps they would take the actions of those trying to preserve the Internet for the rest of us from the spammers, script-kiddiez and terrorists as seriously as they should.
Remember guys, this is Amerika. Just because you have the most votes, doesn't mean you get to win.--Fox Mulder
Yeah, that happens pretty regularly where I work, too. We provide inbound and outbound mail service for corporate clients, but do not allow spamming. Nevertheless, it seems like all it takes is one dimbulb somewhere to decide (usually erroneously) that something is spam, and one of our hosts will wind up on the spamcop list. They've really gone around the bend.
There is one blacklist I trust day in and day out, though: ORDB. That's because ORDB will only list confirmed open relays. This is a conservative approach but it means that if a host is listed, there is no question of whether or not it belongs there. Also, there is an automated retest-and-removal system. I can't use ones like SPEWS because even though I mostly sympathize (although I think they are *way* too quick on the trigger), in my business that would block far too much legit mail and we just can't do that.
We have real life IDs that are difficult to forge and even if you can forge them, you'd get hit by hefty penalties for doing it.
This is a silly argument. Criminals will forge i.d.'s regardless of the law *because - duh! - they're criminals. It's what they do*.
And if you think it's difficult to forge a driver's license or a passport, from *any* country, you've been swallowing too much government bullshit. For $500-$1000 you can get a completely new, legal identity that'll check out if the government investigates it, because it was purchased directly from the folks who control the system that issues i.d.'s in the first place. I could, in 48 hours, get a perfectly valid (and new) SSN, drivers license, and birth record entry which will hold up under government scrutiny *because the folks who control the system will sell them to me, and they aren't forged*. I can get decent forgeries for just a few hundred bucks, if I don't need to pass a serious security check.
Internet i.d.'s will be no different, and no harder to forge. Or to buy, from the right people.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Telefonica.es is the ISP, as RIMA-TDE (another hat it wears) it has been responsible for the continuing incredible 419 spams out of Spain, though they're a BIG ISP, and they are, this does not excuse them from policing their network and ensuring that such things are kept to a minimum, and terminations occur when appropriate. The issue here was they refused to identify corrective actions, refused to terminate abusive customers, and refused to return contact after they initiated contact.
What can politicians possibly do to stop spam?
This is a social problem. Not a political problem. Trying to make it a political problem is just going to make the situation worse.
- Politicians run the government.
- The government of Spain runs TDE.
- TDE is blacklisted as a spam ISP.
Who *but* the politicians can do something about this?
Don't you wish your girlfriend was a geek like me?
The AHBL is the redesign of the older blackholes.2mbit.com DNSbl from years ago. We've just changed its main focus on abuse in general - which includes e-mail, DoS attacks, etc.
We are apparently in wide enough use that we deal with TDE customers on a daily basis that are complaining that they are blocked.
Its not our primary focus to be the biggest.
Our primary focus is to protect our systems, and the systems we manage, from spam and abuse. We make our data available to anyone and everyone, because we know that our data will improve on the feedback of our users.
So far, we have had zero complaints from our users as to our blocking methods, even if they are extreme at times.
Brielle
The AHBL is very open to working with providers to solve their problems. On a daily basis, I can be working with several ISPs to figure out how to better tune our listings, or help them track down a spamming customer.
We only resort to this wide range listings when we're run out of options. In the case of TDE, we just do not have any more patience.
We gave them time. We sent them abuse reports. We even asked them to provide us with accurate information on their netblocks so we can tune our listings down to only their dynamic customers.
However, they ignored our requests.
The AHBL has very strict policies on what we will and will not do.
We are taking a strong stance on 419 and phishers right now - just take a look at our ongoing fight with megamailservers.com - we caught them in a lie with their phishing customers, and we are holding them responsible.
If we are having an effect or not, it doesn't really matter to me. All I do know is that we are taking a stance and asking others to support us.
The hope being that with enough people working with us, we will be able to force providers to do something about their problems.
Feel free to flame me all you want.
Brielle
Umm... it isn't out of the blue. Telefonica De Espana is well aware of what is going on and has turned a blind eye to it. This has been going on for a LONG time. If you can't police your users, then I don't want any of them talking to my servers.
A 419 e-mail refers to a particular kind of Nigerian fraud e-mail, not the number of e-mails sent.
outblaze is the worst peice of crap ISP in the world at the moment..
if you block their MANY spamming servers.. they block you completely as retaliation because "they are too big to be blacklisted"
god those bastards suck.
Telefónica de España (TDE) is like AT&T in the USA or BT in the UK. If you're expecting them to fix something just because those guys put them on a blacklist... you're living in the magical world of oz.
I think it is interesting that you call them arrogant fucksticks, when you have no clue at all how this stuff works. Hint: a block only becomes this big when the ISP has repeatedly ignored abuse reports over a long period of time. The only way to get their attention is to block them.
And, in fact, now that they have been blocked, they suddenly have shown an interest in dealing with their spam, and have contacted AHBL.
Note also that AHBL asked for details on address ranges, so they could tune the fine-tune the blocks to just catch the dynamic addresses (the ISP claims that most of the problems are from users at Internet cafes), and was ignored. Note also that the ISP could solve this problem with a simple block on outgoing port 25 from their Internet cafe customers.
How about sending the Telco's CEO a registered letter,
This rubs me wrong. Why should a non-commercial, volunteer service have to spend time and money sending out a registered letter. Do you realize that DNSBLs block *several thousand* IP addresses. Do you really expect them to send out registered letters for each and every one?
The CEO of a large ISP has no more right to be treated like a king than a kiddie with a cable modem. A registered letter... sheesh. Maybe it should be wrapped in silk and sealed with wax too.
Look, the company was spam-friendly. They were notified by email on several occasions that they would be blacklisted if the situation was not addressed. They had plenty of warning, and plenty of time to respond. They did not, and this is the consequence. C'est la vie.
I don't think any blacklist group is worthy of such trust.
You are right. No single blacklist is worthy of making a "accept/reject" decision for your mail.
But most are somewhat trustworthy. The problem is not so much "do I accept data from this particular blacklist, yes/no", but "how trustworthy on a float scale between 0 and 1 is this particular blacklist". Once you accept shades of grey, and once you accept a multitude of spam indicators, some of which need to be scaled, you get a pretty good trust metric.
Essentially, this is what SpamAssassin does. SpamAssassin is a collection of spam indicators, and an automatically generated set of prescaled factors for these indicators. And all of them nicely integrated.
The problem with SpamAssassin is that it mixes up predelivery checks and postdelivery checks. It would be worth the effort to extract all predelivery checks from SpamAssassin (DNSBL checks, mostly), throw in Milter Sender like checks and create a predelivery milter-sender Spamasssassin which would catch most of the Spam in transit and reject it with fivehundreds.
The key concept is the introduction of shades of grey, though, instead of simple single source blacklisting.
Wrong. My ISP is blacklisted by SORBS. I checked their automated service and the reason they are blacklisted is that some messages were sent to spamtrap addresses. How on Earth can the largest ISP in the country avoid that? They are already very proactive in fighting spam, for example, when I send out a legitimate mail message with 100 addresses in Bcc field, they slow down the sending terribly. But how can you prevent all your hundreds of thousands of subscribers from sending mail to spamtrap addresses? Collect all e-mails for approval first? That's just ridiculous. Personally I agree that blacklists have the right to provide the service and others are free to use it, but this is not a solution, this is a missolution gone horribly wrong.
Future Wiki -- If you don't think about the future, you cannot have one.
China's another popular place to block, not because of badly administered machines, but because of policies of tolerance of spammers and scammers and lack of useful response to abuse complaints. I haven't gotten much spam in Chinese in a while, but I still get lots with either the email origin or the web site located in China. And China's Internet access is controlled by the government telecom monopoly, who obviously don't mind spammers if they pay their bills.
So blocking a whole country isn't a new thing. But this isn't a whole country, it's just one of the major providers there. Spain doesn't censor their users' internet service - if you're blocking their mail, they can get themselves a Hotmail or Yahoo account to reach you.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
They aren't exerting anything. GAFC. AHBL doesn't even get queried unless the mail admin KNOWINGLY edits his SMTP server's configuration files to use it.
In those cases, the MAIL ADMINS give them the right to exert that power, and they have full rights to do so, since they do not and CAN NOT grant that right outside their own network.
I can only assume none of these people asking questions like this have ever run any sort of real mail server.
As Spaniard...
It's true that the announcement does'nt say that they'll block the whole country, but telefonica rents his lines to other companies, so they will be blocking a lot of people, a lot more than the 50%.
Its incorrect that telefonica is the gov's isp, it was few years ago, but the previus government privatized it so the new government (we have elections a month ago) doesn't have any control over the company.
The process of privatizacion was very obscure, a lot of directives getting a large amount of money, the new president that was designed was a friend from school of the old government president, etc etc.
We've got only a pair of alternatives and isn't as easy as it seems to change provider, for example you can't change company in the first year whithout paying a large amount of money.
We're paying what the previous government do, they do their worst in exterior relationships, they had a very bad plan about new technologies, education, etc. For example Spain got the worst number of internet connections, internet services and the most expensive connections of Europe.
Telefonica got the worst client hot line you can imagine and they don't pay any attention to what the users says, but you've got no alternatives in the most of the cases.
So as a Spaniard and as a Telefonica user i thought that it isn't fair to ban the whole company ips but it's fair to make telefonica pay a large amount of money or punish it other way.
PD: sorry for my english
Now, I ask you, if the registrar does not respond to the complaints about one of their clients (who is not playing fair), what do you think IS fair and equitable treatment?
I'm going to give you the benefit of the doubt and assume you're relatively young and/or inexperienced in the ways of the Internet, and not just plain stupid.
Get this straight: There is nothing a registrar can do about an alleged spammer.
Nothing, as in nothing legally. Registrars have absolutely no legal right to just arbitrarily cancel a domain name. At no point to registrars "own" the domain names, so it is not theirs to take away. Domain names are doled out by ICANN, not the registrar. The registrar is just a proxy. A registrar that cancelled or changed ownership of a domain name because some clueless newbie sent them a spam complaint would very quickly lose their registrar status, and would not have the right to sell any more domain names at all.
Before you do any more posting on this topic, go do a little research about registrars, registrants, ICANN, and how the whole process works. Seriously, you are quite clearly stepping well outside your area of expertise here.
The bigger problem with spamassassin is that it's not built into the SMTP daemons, so you have to accept the mail before you can process it. If Spamassassin worked during the DATA phase of the SMTP transaction, then you could still drop the email and return a 550. If you receive it and THEN process it with SA, you get several problems.
- The mail has already used up storage space. You're basically automating JHD.
- There is no way to notify the sender that the mail was rejected. If a 550 is returned then the sending mail server generates the DSN. If you bounce it, you are an idiot. Spammers FORGE from and envelopes. You'll just be harassing some innocent 3rd party. If you just drop it silently, and it was not spam, its gone forever and no one knows about it.
- Etc... Google for more info.
I use SA for things that get around my personal blocklist, to move it to a seperate mailbox. Then I can easily find out what needs to be added to the blocklist. SA alone doesn't cut it. If it had the Milter style interface you mentioned that could be used during DATA, that would be thrilling, but unless it's been added recently, I haven't seen it.TFA article is wrong. TDE is a private company, BUT a badly privatized company. The same retard that put Spain in the war of Iraq, fucked it big time when they "liberalized" the company. By the way, the landlines that every company in spain uses belong to TDE. And we have to suffer them.
So I unblocked their relays a week ago to see the input IPs and LART each spam originating from worm-infected Wanaspew customer PCs. Surprisingly, the whole mess hasn't been coming from thousands of wormed Weendoze boxes, but merely from *four* (later six) different input IPs. A responsible ISP wouldn't have any problem in preventing a handful of customers from emitting spam.
Wanapoo did nothing. In spite of 44 (!) complaints to Spamadoo and some further communication with the French ISP association AFA France, the same customer IPs I've been LARTing up to 10 times since Sunday last week were still spamming on Friday.
So there are only two solutions left - either eat your spam or dig a deep hole, put Wanadoo's netblocks including their email relays in and let them rot there. Writing spam complaints to Wanadoo is futile.
First at all, I am connected throught TDE and *not blocked*. My organization is fully connected and identified and is responsible for everything it does. I think teh network blocked are the ADSL networks.
I have worked for a company with a very popular website acessed in Spain. We received a lot of agressive hacking attacks from TDE networks, and send multiple complains to the abuse contacts. We never receive a response. After that, we decide to block the TDE proxys on our firewalls, no one from Tde could access our website. They receive a lot of complains from their customers, then and only them they contact us in order to know why we block them. I agree with AHBL if they are not competent admins and tehy could be blocked.
TDE Customers!!
Complain TDE! Not AHBL
So many posts complaining that this won't solve the problem...
Blacklisting the entire ISP does not solve the problem in a technical sense. It's designed to achieve one thing. It gets the attention of top management who can fix the problem.
As in human nature, the problem isn't important until it affects you. This is especially true in large organizations, and becomes more and more true the further up in management one gets. It's a given in political jobs at any level.
Polite emails are not an affect; I doubt top management even knew about them. The decision makers at TDE haven't cared because they haven't had to care.
If AHBL is large enough to have an effect, now the top management has something to care about. Since their positions at the top are governed by politics, this notoriety is exactly what's needed to get their attention.
Blacklisting like this solves the problem by affecting the top management in a way that motivates them to act. Now policies will be enacted, procedures will be followed, closing down forwarding on port 25 will happen, so on and so forth... And those changes do help fix the SPAM problem.
Yes please, do something.
Take a look to www.senderbase.org and then begin to block one to one the most sender of spam.
comcast, road runner, yahoo, pacbell, and many others.
Hi all,
:)
My family actually lives in Spain, and uses Telefonica as their ISP. During my last visit, I discovered a wonderful surprise: Slashdot already blacklists the entire Telefonica data block. Whenever you select a link to read a story's comments, etc., it comes up with some message about not allowing that operation due to abuse from the netblock. It was pretty cool, really.
In any event, Telefonica is a big, monolithic telephone operator. They used to be the official, national telephone monopoly company before the market was opened up to other operators. Telefonica is still huge, nonetheless. They have voice, data, and cell phones in Spain; I think they also own a good chuck of media there. They run a pretty sizeable percentage of the telco business in South America (possibly the largest telco in the region). They bought our Terra back in the 90's, which bought out the Lycos networks for those that actually care.
Telefonica could probably have worse service, but they would need to train their personnel for it. As with most old monopolies there's this pervasive company culture that they are the center of the universe and if you don't like it you can go jump off a cliff or something. So I'd suggest not holding your breath for this situtation to be resolved. Although, as with every bureaucracy, every once in a while messages accidentally make it to the desk of the one guy who has a clue...
-Jack Ash
You conceited-up-your-own-arse pedantic fuck. Telefonica used to be a government monopoly on telephony. It's been a private company for quite a while now. Look under your own nose if you want to find lack of liberties and government regimes holding citizens in iron grips.
Of course, you also get what you ask for.
ISP should shut off port 25, because it defends the rest of us from the clueless. However, if your ISP blocks prot 25 and you have a legitimate reason to use a different MTA, you can still do so by having the administrator of the MTA open a port other than 25. for example, you and several of your friends can get together and rent a cheap server somewhere on the internet (e.g., www.linode.com, $20/mo) and run your own MTA (sendmail or postfix.) You can either set up a VPN connection via SSH, or simply open a separate port and then change the settings on your e-mail clients to send to that port instead of port 25. As the administrator of the MTA, you will of course restrict the use of this port to only you any your friends. Note that your e-mail will no longer originate from the blocked ISP, but from your own tiny little home on the net. OF course you will need to rent your server from an organization that enforces a serious anit-apam policy, or they may get black-holed themselves.
My company is in Spain. This is my experience with Telefonica... My company is based in a small town 40 miles away the third largest city in Spain (Valencia). Until now, the only way to get broadband in small cities is to get an ADSL. Many ISP companies offer their broadband services, but all physical hooks to the backbones go through Telefonica (that means, when I buy broadband services from any ISP, the ISP actually buys the service from Telefonica and resells it to me). When I got the ADSL for my company, all IPs were static. Telfonica wouldnt admit it, because they were still working on the implementation of ADSL through PPPoE, with dynamic IPs. Later, I got a second ADSL for home, this time with PPPoE, or I had to pay an extra fee of 12 for the static IP. Since this was just for my home network, I thought having a dynamic IP would be ok. Almost all Telefonica routers come with NAT enabled so the routers are in charge of the PPPoE connection. However, I wanted my linux box to handle the connection and the routing processes with ip tables and shorewall, and dhcp for the LAN. So I put a Windows machine for the techie-guy to configure the modem/router in bridge-mode, disabling the router capabilities of the modem. Thank God I was there when he came, because he had no idea on configuring the service in bridge-mode!!!!! I had to do it myself while he was watching me do it!!! My company ADSL (Static IP, no PPPoE) works ok. Its a 2Mbps downstream, 300kbps upstream. In reality, I get 1.6Mbps downstream, almost 300kbps uptream. And I must be vey happy and thankful to mighty Telefonica, because although they sell me this connection as 2Mbbps/300kbps, there is a clause in the contract that says that they will only guarantee 10% of the speed you contract! My home ADSL basically sucks! Its a 512/128kbps, and I get synchro problems almost everyday. Each time I get a synchro problem I loose connection, therefore rp-pppoe has to restart (1-2 minute blackdown). Download speed ranges from 400 to 430kbps max. Well, under this scenario, you live in the US, for instance, and you call to complain, and there is a chance you get results. Under this scenario in Spain, you have to kiss their asses, because theyre still a monopoly everywhere but in large cities. I lived for 8 years in the US, and when I came back I had to switch my brain-chip so I wouldt get burned after speaking whith these people for 5 minutes. Until a couple of weeks ago, that I told them to either kiss my ass very very gently each time I spoke with them, or kiss my ass goodbye in less than 6 monts, where Ill be switching to a cable company that is now starting to offer telephone and broadband in some areas of the city I live. Finallym they understood me. About what happened with their mail... I have already checked that my primary company IP is in the range already blacklisted (yes, we are in the RIMA subnet, and it is, as of now, the best one Telefonica has). I called technical supoort to ask questions about this issue, and THEY DIDNT EVEN KNOW THAT THIS IS ALREADY HAPPENNING!!!!! In few words... Telefonica is the largest communications company in Spain and othre countries. They used to be a monopoly, they still are a monopoly in certain areas, and they still treat their customers as a monopoly, with bad support, assuming we are ignorants who live in oblivion, and charging high-rates for high-sucking-services. Examples: - In the mid 90s, the Infovia network of modems (what spaniard used to connect to the internet) had a maximum number of 10000 simultaneous connections for a country of almost 40 million people (Univerity of Austin in Texas had more for their students at that time) - Services such as caller id, and similar are still in development in many areas of the country - Telephone rates, in absolute terms, are not the hihest in Europe, but salaries in Spain are less than half than Europes, making these the higher rates in Europe. - Their technical and commercial staff lack manners, and knowledge, and be careful, they could charge you for unsolicited servi
I know nobody that works with computers at this level (configuring routing, email servers, DNS records and servers, etc.) that does not have at least some rudimentary knowledge of English.
I have worked in 3 different continents in as many as 10 countries (only one had English as a main language), so I believe I know what I am talking about.
IANAL but write like a drunk one.
Maybe you're saying that because you haven't done any research. I worked for an ISP, for many years. More than once my boss decided that maintaining the list on the email server was too difficult and he should just open it up (and didn't tell me). After about a week of a couple people not being able to send email to server x and y, I figure it out, close the relay, go submit the server to the blacklists it's on. People blamed us because they couldn't send email, and we were the magic email thing in the sky. They don't know what a blacklist is, they don't care. They wanted us to fix it or we wouldn't be any use to them and they'd close their account. So yes, I believe blacklists are effective.
You're also making the assumption that the ISP doesn't know about spam and that they need a warning. I've had spammers email me and ask "Are you guys friendly towards mass mailings? (aka spam).", "I need DNS hosting for mass emails, I can take care of the servers, I just need DNS." Of course I told them no we didn't. And if they singed up for a regular account and we got a complaint, we had their cc number.
For a better analogy, think of someone providing a service, milk deliveries or something. Then one day the deliveries stop because there's a milk shortage, and they still expect you to pay for the milk you're not getting!
My spam code automatically blocks anything from rima-tde and let me tell you, it's never blocked anything but spam. I get mail from around the world for my mailing lists and not one Spanish ColdFusion programmer has complained.
i n.cfm/d omain=rima-tde.net
I keep an online DB of all the spam I get and this is the (not current) list of spam from them.
http://www.houseoffusion.com/spam/viewdoma
Michael Dinowitz
House of Fusion
http://www.houseoffusion.com
Michael Dinowitz House of Fusion http://www.houseoffusion.com
They joined the EU in 1986.
The EU didn't exist in 1986, the EEC did. Spain's a founding member of the EU, but not of the EEC.
And, my /etc/mail/access contains blocks like this:
/etc/mail/access has another 200 or so similar lines - want your domain in it? Spam me.