Spanish Internet Provider's SMTP traffic Blocked

Andrew D Kirch writes "After being barraged by spam and 419 scams from Rima-TDE and telefonica.es [translated], the AHBL has announced that all of Spain's national ISP's e-mail will be blocked by their blacklisting service. One has to ask though, is blocking an entire country like this the future of spamfighting, or has something gone horribly wrong?"

Inevitable, and other countries are next.

[joeszilagyi]

The message is clear: police your people's usage and abuse of the Internet, or prepare to enjoy your new Intranet.

A few other countries that can use this are found here.

Re:Inevitable, and other countries are next.

[dtfinch]

I guess paying off SCO warrants a blackhole entry as well:
EV1

Re:Inevitable, and other countries are next.

Now that is a cool idea!
I don't recieve email from friends in other countries. NEVER. So if a mail service could filter out anything that wasn't comming from the good ol USA, that would we sweet!

Granted I know some places have servers elsewhere, but then the should put some here in the US then shouldn't they?

Re:Inevitable, and other countries are next.

[Daengbo]

Indeed, my living in Thailand blocks me from many things on the internet:

• Paypal is unusable;
• Many other online ordering service block my whole area;
• I have been unable to find a colo provider with php/mysql that will either accept my payment or allow FTP from SE Asia for their free account;
• Loxinfo (the largest ISP here, I believe) users cannot post to Slashdot stories.

Living in a country that is a home for spam relays, FTP assaults, whatever... makes life much more difficult online, though I do none of this.

Re:Inevitable, and other countries are next.

[LostCluster]

Uh... the site says:

Blackholes.us does not list spammers, spam supporters or vulnerable hosts at the present time. These lists are meant to contain all known networks assigned or allocated to the respective provider or organizations within the respective country. Lists are created for research purposes, primarily, and are made public for any use others see fit.

Really, all they're giving you is a list of IPs assosicated with the named nation or company. If you were to use all of those blacklists at once, you will have blocked out nearly every major hosting firm in the USA, and a good chunk of the world. Not just the spammers, but everything within those ranges. This is definitely a "We can't find the criminals, so we're nuking the town!" defense plan.

These lists are valuable if you want to lock out an entire provider... but realize that you're going to throw out a lot of legitimate servers in your quest to block a few Spammers. Unless you're sure you're never going to have customers in Mexico, don't throw out all of Mexico's IP space in one swipe.

Also, beware that these lists don't sort datacenters from customers. EV1's IP space for example is mostly servers, but they do operate a regional ISP as well. Block that whole range, and some dial-up customers might try to reach you and fail.

Think before you block...

Re:Inevitable, and other countries are next.

[kinzillah]

"Blackholes.us does not list spammers, spam supporters or vulnerable hosts at the present time. These lists are meant to contain all known networks assigned or allocated to the respective provider or organizations within the respective country. Lists are created for research purposes, primarily, and are made public for any use others see fit."

It seems the purpose of the site is to list the IP ranges associated with various bodies in the event you should wish to block their traffic.

Re:Inevitable, and other countries are next.

[sweetooth]

A list of EV1's IP blocks was available long before the whole SCO debacle. The reason being there was a time when it didn't appear EV1 (aka RackShack) didn't appear to be policing violaters of their AUP. Hence if you want to block EV1 you can add that particular blackhole. Of course it's something you have to add manually.

Re:Inevitable, and other countries are next.

[rixstep]

I agree all of this can seem damned ugly, but we really have no choice. If some people fly through the roof, let them. The alternative, a legislated and policed Internet, is not an alternative.

And they must succeed, for if they do not, the legal eagles will be here to clean up and then the world will have to go off searching for a new Internet.

The freedom of the Internet is, IMHO, the top priority here. It is the one thing we may never trivialise. We're a fifth column here. The net is powerful - /. is powerful - and if it's legislated and policed, you can kiss most of that goodbye.

So let them let off steam. Let them blacklist all of Spain. After all, Spain should do something. Let Spain work it out. If it does work out, it's not only a victory for anti-spam forces like us, it's a victory for a free Internet.

Tada.

Re:Inevitable, and other countries are next.

[PhotoBoy]

I see ChinaNet are on that list. Some !#@%er on ChinaNet is joe-jobbing our webmail system, we have virus and spam scanning but that takes up a lot of processing time, coupled with the vast barrage of bounces from the spammer its bringing our system to its knees.

Complaining to ChinaNet has made no difference, all we've had is an automated response that was in Chinese.

The sooner we just start blocking sources of spam wholesale the sooner we could see results I believe. I know it's a very extreme response, but if you look at the case where Blueyonder removed themselves from the Usenet system (before they were banned instead), it forced them to sort out their spamming problem. Since then they have been able to sort out the spammers and rejoin the rest of usenet.

When the rest of an ISPs customers cannot send or receive email the ISP will have to respond or face losing their customers.

Re:Inevitable, and other countries are next.

[hoofie]

Great !!

Perhaps it would also filter out all of the crap about offers for cheap mortgages, cheap medications etc. etc. that are off no interest to me MAINLY BECAUSE I LIVE IN THE U.K.!

Re:Inevitable, and other countries are next.

[noselasd]

Then you'll know what to do. Complain to your ISP till they take action,
and get rid of the bad people/spammers.
And, gather up more people to complain.

Re:Inevitable, and other countries are next.

So let them let off steam. Let them blacklist all of Spain. After all, Spain should do something. Let Spain work it out. If it does work out, it's not only a victory for anti-spam forces like us, it's a victory for a free Internet.

"People willing to trade someone elses freedom for a temporary lack of spam deserve a damn good kicking" - as Ben Franklin may wished to have said on reading this.

Are you sure that we should break that tenet of law that the UK and US hold very dear - "That we shall not send against the innocent in cause of the guilty" ie we don't punish the innocent just because the guilty are harder to catch.

Re:Inevitable, and other countries are next.

[aqua]

Chinanet's attitude is utterly hostile. To the extent that one can communicate with them at all (only slightly worse than trying to communicate with any large american ISP, to be fair), they not only don't care, they will defend the spammer ("is not spam") or lie about its origins ("IP in report is wrong.") [quotes here from n.a.n-a.e] Giving them the benefit of the doubt (i.e. that they're not pernicious malevolent cretins and merely have a very different view of right and wrong in this matter), it's still impossible to deal with them on an individual basis. Maybe a government could. Or MSN, or AOL. But until that happens, all of Chinanet's known IP address blocks have a nice shiny DROP rule in my mailservers' firewalls, and any URL to a host in those blocks earns several points for spamassassin to work on.

Unfortunately for this sort of problem, there isn't an email equivalent to a Usenet Death Penalty (UDP). UDPs threatened or applied against major ISPs often tend to produce some meaningful action. Partly it works (to the extent that it does) because Usenet has a replication fabric controllable by a relatively small number of people, whereas email has no such system.

Maybe someone will stage a worm attack in the opposite direction from the usual -- writing a worm to scan the top spam sources lists and spamvertized website lists and DDoS them. It would do little for the problem directly, but it would increase the cost of doing business substantially for Chinanet and their kind. (okay, vigilante justice is usually very bad. But it's a fun fantasy.)

Re:Inevitable, and other countries are next.

[4ntifa]

This reminds me of the highly scientific statistical research I did based on spam I receive, most of which originates from USA...

The conclusion of the research:
Americans have small, limp penises.

Re:Inevitable, and other countries are next.

[spacefrog]

Which is exatly why reputable spam filters (Spamassassin, etc) only use a positive match on a blacklist to increase your 'spam likelyhood' score. Ditto, as the primary mx for a dozen or so domains, I *NEVER* block or delete email based upon it's spam scorecard or whether the sending server is in a 'blacklist'.

If it goes past a certain threshold (in my case, an SA score of 5 or greater) my server will prepend ****SPAM**** to the subject line. What you choose to have your mail client do with such mail, based upon the subject line match as well as whether the sender is in your adress book, etc. is 100% your decision.

In my personal case, I have a couple of sender domains, namely yahoogroups.com that while not spam are *sometimes* misflagged as such... Not surprising since they are mass-emailed messages that *DO* have advertising. My mail filters move these into a seperate folder before procsssing '***SPAM****" messages.

Spam is a bitch and I hate it as much as the next admin. Deleting or blocking said email is the *wrong* choice.

Re:Inevitable, and other countries are next.

I say, filter everything. Stop the SMTP protocol and hey presto, no spam. Personally, I would make it unlawful to have the 25 port open.

Blacklists like this are the nazi way to fighting spam. Admins (and I'am an admin, too) use their godly powers to crash those spammers -- and just a few nearby unlucky innocent people. I have nothing against personal blacklists, but huge public lists are definitely not the way to go and this is exactly the example why.

Every anti spam tool should be measured in the terms of false positives and false negatives. Well, no false negatives this time, but look at the huge false positive count. And as Paul Graham said:

"False positives are innocent emails that get mistakenly identified as spams. For most users, missing legitimate email is an order of magnitude worse than receiving spam, so a filter that yields false positives is like an acne cure that carries a risk of death to the patient."

Re:Inevitable, and other countries are next.

[frankie]

a "We can't find the criminals, so we're nuking the town!" defense plan

Bad analogy. First, the criminals are easily found, but the remote ISP refuses to shut them down. Second, blocklists do not DESTROY the provider's network, they merely refuse connections from there to here. A more accurate version would be: "you allow criminals who rob us to hide out on your land, so we're closing our border with you". I think that's a perfectly reasonable way to deal with rogue ISPs.

The future of email depends on aggressive blocklisting. The internet needs to be divided in two: ISPs that allow spammers and ISPs that don't. I know which side I want to be on.

Re:Inevitable, and other countries are next.

[Paulrothrock]

The conclusion of the research: Americans have small, limp penises.

And you Europeans wonder why we drive huge SUVs and build gigantic houses!

Re:Inevitable, and other countries are next.

[weijiao]

This is just egocentric crap! We are frequently blocked because our netblock is a source of spam. The ultimate provider is controlled by a branch of the Chinese government. Like most people here, we have no choice, or influence over our ISP. The logic in the post is therefore fatally flawed. Be aware, that the fastest growing power in IT and related is China. Do you really want to exclude that potential source of business enquiry? If so, it is not surprising that you are exporting your jobs to India and China. Ironically, 99% of the spam I receive is for products whose ultimate source is the USA.

Re:Inevitable, and other countries are next.

[Shurhaian]

I wish my provider was half so responsible. If their filter flags something as spam, it's dropped on the floor. I've missed legitimate e-mail because of it - some from Yahoo Groups, indeed, and also mail that I tried to send to myself to have a copy when I did a reformat. Gone. Who knows what else I've missed that I didn't have any way of knowing about.

When I was in my latter years at university, they had the decency to flag messages as spam and send them anyway. Then a tech-savvy user could incorporate that in his/her own filtering rules. Good thing, because even with the little traffic I had on that address, I had enough false positives to notice.

The best part? Cogeco doesn't have ANYTHING in place whereby I can complain, or become exempt from the filter, or anything like that. Tech "support" just tells me to talk to the sender and get them to change things.

Yeah, right.

Is there such a thing as a reputable blacklist?

[LostCluster]

It seems to me like this whole concept of Spam blacklisting is a matter of the blind leading the blind.

If you trust your mailservers to automatically block whoever's on a blacklist, you've basically handed control of your mailserver's main function over to somebody else... but those somebody else's are just self-appointed dimwits who eventually get drunk with power and do something crazy like blocking a whole country worth of IP space.

Sorry. This ain't the solution to Spam. It's a band-aid on a system that's much too wounded, but we use it anyway...

Re:Is there such a thing as a reputable blacklist?

[trelanexiph]

not so much a bandaid as a trust metric. It's the equivalent of saying "I am incapable of doing this research, however I will trust persons x y and z to do it, until I say otherwise, I still retain control of my server because I can revoke that trust at any time". However your comment is quite valid, some of them are "self appointed dimwits"

Re:Is there such a thing as a reputable blacklist?

[jhunsake]

Then is it your fault or the blacklist's? If you hand your keys to a person you know is drunk, and they crash your car, is it your fault that your car it totalled or is it their's?

I say it's yours.

Re:Is there such a thing as a reputable blacklist?

[jcam2]

Personally, I've found that many blacklists are getting rather over-zealous lately. For example, one of my ISP's mail servers is on the SpamCop and Dynablock lists, causing pretty much everything I (and many hundreds of thousands of other people) send out to be classified as spam!

Fortunately, I can work around this by relaying mail through a non-blacklisted server, but most subscribers won't have the ability or access to do that. And if the ISP ever turns off port 25, I may have no choice but to relay through their servers :-(

Re:Is there such a thing as a reputable blacklist?

[LostCluster]

I don't think any blacklist group is worthy of such trust.

Do we really know that isn't being run by some group of spammers bent on making sure only their spam gets through? It might operate reliably for a while, then start to get compromize itself slowly...

Those who are operating real blocklists need to do something to earn trust besides putting a blocklist forward, that's the suspicious package we're trying to investigate the contents of.

Re:Is there such a thing as a reputable blacklist?

[maxpublic]

It might operate reliably for a while, then start to get compromize itself slowly...

Much like the U.S. government.

Max

Re:Is there such a thing as a reputable blacklist?

[BigDish]

That is the point of Blacklists - you should be complaining to your ISP that they are blacklisted. If they are blacklisted, it means they are hosting spammers and this (customers like you putting pressure on them) is the only way to get them to clean up their act.

Re:Is there such a thing as a reputable blacklist?

[gujo-odori]

Yeah, that happens pretty regularly where I work, too. We provide inbound and outbound mail service for corporate clients, but do not allow spamming. Nevertheless, it seems like all it takes is one dimbulb somewhere to decide (usually erroneously) that something is spam, and one of our hosts will wind up on the spamcop list. They've really gone around the bend.

There is one blacklist I trust day in and day out, though: ORDB. That's because ORDB will only list confirmed open relays. This is a conservative approach but it means that if a host is listed, there is no question of whether or not it belongs there. Also, there is an automated retest-and-removal system. I can't use ones like SPEWS because even though I mostly sympathize (although I think they are *way* too quick on the trigger), in my business that would block far too much legit mail and we just can't do that.

Re:Is there such a thing as a reputable blacklist?

[kris]

I don't think any blacklist group is worthy of such trust.

You are right. No single blacklist is worthy of making a "accept/reject" decision for your mail.

But most are somewhat trustworthy. The problem is not so much "do I accept data from this particular blacklist, yes/no", but "how trustworthy on a float scale between 0 and 1 is this particular blacklist". Once you accept shades of grey, and once you accept a multitude of spam indicators, some of which need to be scaled, you get a pretty good trust metric.

Essentially, this is what SpamAssassin does. SpamAssassin is a collection of spam indicators, and an automatically generated set of prescaled factors for these indicators. And all of them nicely integrated.

The problem with SpamAssassin is that it mixes up predelivery checks and postdelivery checks. It would be worth the effort to extract all predelivery checks from SpamAssassin (DNSBL checks, mostly), throw in Milter Sender like checks and create a predelivery milter-sender Spamasssassin which would catch most of the Spam in transit and reject it with fivehundreds.

The key concept is the introduction of shades of grey, though, instead of simple single source blacklisting.

Re:Is there such a thing as a reputable blacklist?

[danila]

Wrong. My ISP is blacklisted by SORBS. I checked their automated service and the reason they are blacklisted is that some messages were sent to spamtrap addresses. How on Earth can the largest ISP in the country avoid that? They are already very proactive in fighting spam, for example, when I send out a legitimate mail message with 100 addresses in Bcc field, they slow down the sending terribly. But how can you prevent all your hundreds of thousands of subscribers from sending mail to spamtrap addresses? Collect all e-mails for approval first? That's just ridiculous. Personally I agree that blacklists have the right to provide the service and others are free to use it, but this is not a solution, this is a missolution gone horribly wrong.

Re:Is there such a thing as a reputable blacklist?

[geminidomino]

The problem with SpamAssassin is that it mixes up predelivery checks and postdelivery checks

The bigger problem with spamassassin is that it's not built into the SMTP daemons, so you have to accept the mail before you can process it. If Spamassassin worked during the DATA phase of the SMTP transaction, then you could still drop the email and return a 550. If you receive it and THEN process it with SA, you get several problems.

1. The mail has already used up storage space. You're basically automating JHD.
2. There is no way to notify the sender that the mail was rejected. If a 550 is returned then the sending mail server generates the DSN. If you bounce it, you are an idiot. Spammers FORGE from and envelopes. You'll just be harassing some innocent 3rd party. If you just drop it silently, and it was not spam, its gone forever and no one knows about it.
3. Etc... Google for more info.

I use SA for things that get around my personal blocklist, to move it to a seperate mailbox. Then I can easily find out what needs to be added to the blocklist. SA alone doesn't cut it. If it had the Milter style interface you mentioned that could be used during DATA, that would be thrilling, but unless it's been added recently, I haven't seen it.

Re:Is there such a thing as a reputable blacklist?

[extrarice]

I agree - some black hole lists are getting over-zealous. My ISP's SMTP server was recently listed by dnsbl.sorbs.net. Check out their removal policy:

"Third and finally, if you are really not a spammer, or you are truly reformed, de-listing is relatively easy. You pay US$50 to a charity or trust approved by, and not connected with, SORBS for each spam received relating to the listing (This is known and refered to as the SORBS 'fine')."

(http://www.dnsbl.us.sorbs.net/SpamDBFAQ.html)

Who the hell do they think they are, demanding payment of a "fine" to remove your server from their block list? It's extortion. It's just like the protection rackets the mafia used to do: "You've got a nice store here...it would be a shame if anything were to happen to it...we can protect you, guarantee nothing happens to your store for $500 a week..."

For this reason, and many others, I strongly disagree with black hole lists. They think they can change the world by saying "Hey, I'm important, and I'm blocking you! You better shape up, or else!" I understand their cause, their desire to stop spam, but they are just going about it the wrong way.

Re:Is there such a thing as a reputable blacklist?

[analog_line]

If they are blacklisted, it means they are hosting spammers and this (customers like you putting pressure on them) is the only way to get them to clean up their act.

For way too many people their current ISP is their only choice, and the people who are most likely to complain are the "power users" that most ISPs would love to get rid of in order to lower their bandwidth costs. I fail to see what complaining will do. What in the world do you have to threaten them with? Making their lives easier?

It's not something that'll ever go away

[inflex]

This is crazy, blocking an entire country because of spam - while I can appreciate the 'irritation' of receiving spam, the dis-service imposed by this massive block will greatly outweigh the 'service' it's supposed to perform.

It's like back in school, when the entire class would be put into detention because of the actions of one person, it was a pathetic method then and it's a pathetic method now. Ultimately, it comes down to the teacher/blocker being lazy and hoping that such drastic measures will induce the 'masses' to seek out and obliterate the offending party. I never saw such 'action' succeed at school, I doubt we'll see much happen from this either (apart from iritate a lot of people).

*disclaimer: school was more than half a lifetime ago - so perhaps my brain is rusty by now.

Re:It's not something that'll ever go away

[NSash]

"Blocking off an entire country" is meaningless in this context. You make it sound as if no one in Spain can send e-mail now; that's completely untrue. What has been blacklisted is e-mail originating from Spain's national ISP: that won't affect the Yahoo Mail, or hotmail, or GMail, or any other mail service accounts of people in Spain. Only the accounts provided by Telefonica De Espana, or companies that rely on them for hosting, will be blocked.

This is far less extreme than say, a spam filter that automatically flags email originating from hotmail and aol addresses as spam.

Re:It's not something that'll ever go away

[inflex]

You make it sound like no one ever uses their own corporate mail servers?

Not everyone uses yahoo, hotmail, gmail etc. A lot of local businesses will have localised mail servers, these people will now feel the crunch... I can imagine export type companies would really be wailing.

It's not like they all have time on their hands to start phoning up and complaning, let alone even KNOWING who to complain to (imagine if they're a few tiers down from the top ISP). How many of those business would know why their email all of a sudden wasn't being responded to.

Clients love getting email from joe@hotmail.com, very professional looking :-\

While this may actually induce something to happen, I still feel the cost on the innocents is just too high.

PLD.

Re:It's not something that'll ever go away

[_Sprocket_]

You make it sound like no one ever uses their own corporate mail servers? ...
While this may actually induce something to happen, I still feel the cost on the innocents is just too high.

If I were a company who rented IP space from Telefonica De Espana, I'd be upset. They should be able to police their own network. I would have to consider taking my business elsewhere. Or, failing that, seek compensation for the increase in expense of hosting my company email server elsewhere.

The key here is generating a cost to ISPs who harbor spammers. After all, a spammer's fee is certainly incentive to sign them on. Without a counter incentive, we will quickly find ourselves in a classic tragedy of the commons situation.

A final point - email and the Internet in general is a powerfull, valuable resource that exists because various entities work together. When one (or more) entities threaten the workings of that resource, it should be of no suprise that others will decide to no longer work with them.

It might be unfair...

[dawg+ball]

... but it's about time that something serious was done to combat spam. It's a pity that some innocent ISPs have had to suffer because of this but maybe they, in turn, will also put pressure on ISPs that host spammers?

Re:about time

[Narkov]

Bad luck to those ligitimate ISP's out there that get brought down by a few big National ISP's.

Blanket measures like this are wrong. Target the individual ISP's that are known bad.

The future of blocking?

[Animats]

The near future of blocklists may include all of these highly spam-tolerant areas:

• China
• Romania
• Sub-Saharan Africa
• Florida

Re:The future of blocking?

[aqua]

That does seem to be the current most typical case. Random cablemodem host acting as a zombie, pitching a website hosted by a spam-friendly ISP in China, Brazil or less commonly other places outside the US. There's still a not insignificant fraction being sent from China, Italy and Wanadoo Espana.

The tricky thing about summaries like this is that different spammers exhibit different techniques, and distributions of received spam are not at all uniform. Spammers reuse address lists, control hosts which are configured in various ways and are better or worse connected to different sections of the network, etc. So while I certainly get most of my spam from infected Comcast and similar hosts, I hestitate to say that's how it would be for, say, a user of one of the big email services, which might be attacked by spammers with different specialties.

The good news about the increased prevalence in use of compromised windows zombies as spam emitters is that it's legally more perilous to the spammer than direct-to-MX delivery. Safer in terms of improved concealment, but potentially more criminal. I say "potentially" because if there existed no provable collusion between the spammer and the virus author, and there probably wasn't, then it might legally be no worse than exploitation of an open SMTP relay, and those incidents never saw substantial prosecution. Depending on how careful the spammers are being chaining together zombies, it may be quite feasible to catch and prosecute them using honeypot zombie hosts. The DoJ just needs to take an interest. Or maybe of the cablemodem companies paying for this cost, like the negligent Spanish ISPs cited here, would be interested in backing a civil action.

Shoot on sight...

[silentbozo]

You may or may not like blacklists, but you gotta admit, they take their work seriously (from their list of return classifications when querying their blacklist DNS lookup):

Shoot On Sight (Response: 127.0.0.10)
This IP address is listed for one of several reasons. The provider, individual, or company did one of the following:

* Cart00ney threats made towards the AHBL, SOSDG, other blacklists, and spam fighters.
* Attempted and unsuccessful legal attacks against the AHBL, SOSDG, other blacklists, and spam fighters.
* Promotes, supports, or incites attacks against the AHBL, SOSDG, other blacklists, spam fighters, and others on the Internet.

Been suggested before, but it's not the answer...

[Mindcry]

some suggested other countries be blocked in the past, but i believe over half of all spam originates from the US... i figure they probably should have tried to get the isp to kill the accounts sending the e-mails instead of blocking the country though... that seems kinda insane, cause you know once the kiddies see that they can get whole countries blocked, they'll jump right on it, and then the blacklist would be pretty worthless wouldn't it ;)

Wait'll someone figures out....

...that since most spam originates in the US, the entire country should be blocked.

I, for one, would welcome it, living in the US. Get rid of my spam AND my e-mail. Productivity would go through the roof.

Re:about time

Sounds like the post-9/11 mentality. You know, that "I don't care what you have to do, do SOMETHING!" mentality.

Look where that got us, eh?

The answer is yes

[Rosco+P.+Coltrane]

One has to ask though, is blocking an entire country like this the future of spamfighting, or has something gone horribly wrong?

What went horribly wrong is that Telefonica should allow spammers to operate on their network. So yes, blacklisting them would, perhaps, send a much-needed signal to them.

Actually, if it was running a spam blocklist, I'd suggest that administrators using it automatically send out, every 1000 blocked mail or so, at random, an email explaining why an email from this domain was blocked. Eventually, such an auto-reply is bound to reach one of the domain's legit customers (in this case, Telefonica) who would in turn demand explanations from the ISP they leave money to.

Getting ISP customers to fight the spam war they would normally don't give a toss about is, in my opinion, the way to go against spammers.

Re:The answer is yes

[Rosco+P.+Coltrane]

Sounds sorta like the North Korean mentality of "torture the families of political dissentors": get the familes of anyone who wants to speak out to go against anyone who might say something that is considered dissent.

Well, yeah :-)

However horrible the purpose, NK seems successful at it.

Re:The answer is yes

[dinodrac]

While there are sometimes reasons to delay blacklist checks, the best (and probably the most common) current practice is to reject immeadiately, during the SMTP transaction, with a perminant failure code (usually 550). This failure message can be customized in most modern SMTP daemons, and on many SMTP daemons, its trivial to include TXT records from a DNS blacklist in such a custom message automatically.

In a configuration like this, the sender gets something like the following:

Your message could not be delivered because one or more recipients were rejected by the server.
550-Access restricted - Your host is currently blacklisted at:
550-dnsbl.example.com - See http://www.example.com/dnsbl/lookup.php?ip=127.0.0 .1
550 You may contact postmaster@someisp.example.net for further assistance.

Such a message is not only informative to end users, but it also encourages senders of legitimate mail to make contact with an address that's been made exempt from filtering (mail to postmaster shouldn't be filtered, except in a denial of service situation, per various RFCs.)

Blocking later and sending bounces, or silently deleting (at least at the provider level) actually causes more problems than its worth - spammers will forge, so if you bounce later, you bounce to the wrong person, creating MORE spam, and silently deleting makes legitimate customers upset when mail doesn't go through, and makes troubleshooting missing mail very difficult.

Wonderful

[Neo-Rio-101]

This is amazing really.

All the democratizing functions, promises of free education, free dispersion of information, increased international communication and understanding..... all these things that the internet promised is being brought to it's knees because of penis enlargements, nigerian fraudsters, and greedy marketers all wanting to make a buck!

Don't mod this funny! It's NOT!

(Actually, now that I think of it, TV suffered the same fate. Originally touted as an educational resource, it turned into the junk box it is today. It's just history repeating.)

Re:Wonderful

[statusbar]

Maybe the real problem is PEOPLE themselves. The people who put the crap up, and the people who actually fall for it. When the internet started the people were all focused on specific research. Now it is a tv replacement.

--jeff++

National ISP

[GSPride]

The article didn't make this too clear, so maybe someone can answer... Is this the only ISP in spain? Is it run by the spanish goverment? Because the way that AHBL phrased it announcement, it seems more like TDE is a smalltime provider in Spain. Can anyone clear this up?

Re:National ISP

[LibrePensador]

Telefonica is the biggest ISP in Spain. There are others, but Telefonica's servers route a huge portion of Spain's emails, so this is significant.

Re:National ISP

[Guus.der.Kinderen]

According to this ( http://www.telefonica.com/quienes/ing/ ) they're pretty big; the major telephone company of Spain, as far as I can tell.

Please clarify.

[joeszilagyi]

...and if this forces TDE to address their issues, this would be a bad thing why?

This is the same reason why organizations such as Spews.org, when leveraging their clout correctly, can get things fixed: they get the regular end users after the ISP to fix their problems. Spain now can't email a LOT of places. Spain. Not just TDE customers, but ALL people there. Now, all of TDE will be complaining to TDE, along with TDE's partners. Their competitors. Heck, maybe the government. They'll clean up their act, or else. If they don't, that's fine too, if they don't want to email anyone.

Remember that no one on the Internet is obligated to accept traffic from anyone. Be it email or otherwise. If I choose to block you from mailing me via my website, or from even viewing my site--or if I decide this of your entire country--that is my decision. My IP address(es), my mailbox, my rules. ISPs flaunt my wishes by spamming me, and they get dropped.

So, again, why is this bad if it forces them under huge pressure to fix their issues?

Re:Please clarify.

[LostCluster]

Oh, TDE addressing the Spam issues would be great... but the collateral damage of blocking e-mail you want to get is not something you should be taking chances with.

If you have a large number of customers in Spain, and you're configured to use this blacklist... you're screwed. It'll take several hours before you realize why you stopped getting customer e-mails.

Using these blocklists in an automated mode is a very dangerous thing. You never know what collateral group of non-spammers will be blocked next.

Re:Please clarify.

[Monkelectric]

but the collateral damage of blocking e-mail you want to get is not something you should be taking chances with.

Well thats the whole point, its a last resort issue. The ISP should have been warned several times and refused to do anything. I remember when orbit was operating it stumbled onto a few mail servers at the university I was an admin for. I was way overworked -- didn't know I had open relays (this was still when spam was an under the radar issue), I fixed it within four hours of getting the warning and I was grateful they provided the service.

Now if I hadn't responded, they would have tried to contact me a few times and then added me to the block list... that's really pretty reasonable. You aren't allowed to drive a car that polutes the air, why should people put up with a mail server that polutes the internet?

Blocklists don't block email

[jhunsake]

e-mail will be blocked by their blacklisting service

Nope, only *you* can block email to *your* server.

Re:Blocklists don't block email

[LostCluster]

Nope, only *you* can block email to *your* server.

Those who blindly trust a blocklist will get burned eventually. Don't just trust some stranger you meet on the Internet to do your work for you... they will eventually screw up when you're not looking.

Re:Blocklists don't block email

[49152]

Collateral damage, happens in every war ;-)

>So, in short, your statement, while superficially correct, is not relevant except to
>the few people who have *their own* servers.

Utter bullshit, most people does not forward their email through mydomain.com or any other "free forwarding providers" but uses the email address their ISP gave them directly.

If your email is "mission critical" then you should better make damn sure you have control over how this email is delivered and that your capable of receiving it. Dont blame AHBL (or your ISP) because you screwed up yourself using a stupid scheme to receive important email.

BTW: If a potential employer wants to send out interview invitations to job applicants, dont you think they would suspect they have a problem when half the invitiations bounces telling them they are blacklisted?

Basicly your trying to shift the problem from sender to receiver, it's not the receiver that's blacklisted and generally (assuming not using stupid redirect trick) would not have a problem.

its fine

[P0lyh34)]

I've been blocking all of china for 2 years now. Basically if its in unicode, my server rejects it.

It's really quite simple...

[jollis]

If you don't agree with a BL's listing criteria or policies, don't use it.

There's a variety of DNSBLs out there. Some attempt to list spam sources (IPs from which spam is injected) with surgical precision whilst others go for the 'spam support' services, typically listing increasing swaths of space as the responsible party refuses to act (SPEWS for one).

In many cases the surgical approach simply won't do. Playing whack-a-mole with a fake ISP/spam support service isn't everybody's game.

Re:perhaps?

Nonsense, the government has no say in what policies a private Spanish company implements.

This is seen as a technical issue for the company to resolve.

spamfighting?

Too many people (usually in end-user magazines which say "Squash Spam Forever!" on three out of every four covers in bright bold covers) state too much spam is coming from overseas. This is a partial truth. The spammers live in the US but they are using ISPs overseas to spam us here. Why? Because Chinese ISPs aren't going to say, "no" to nice, crisp, American currency. Now, there are more and more US ISPs which are blocking *.cn, *.jp, *.kr (China, Japan, and Korea, respectively, but in no particular order).

What's really funny is to see Chinese ISPs who hit US blocks when the US response is "Sorry, we don't accept spam" and the China response is, "Take off Block!" and it goes back & forth until the Chinese ISPs back off.

China is starting to wonder what they should do to reduce spam - in all places - in China. The funny thing is, they don't understand what volume the electronic turds their clientele are sending because so it's not directed at them.

Update SMTP ...

[psilonaut]

With things like this happening, isn't updating/replacing SMTP with something new to address the current problems, a viable option yet ?

Gandi.net

[azav]

I have noticed that the vast majority of spam that I get reference domains registered at http://gandi.net

I'd LOVE to be able to block by registrar.

Does anyone know how to get a registrar shut down??

Re:Gandi.net

[Professeur+Shadoko]

Gandi.net just happens to be a cheap registrar. I bought a domain there, and their service is perfect AND cheap. Now your idea is just as plain stupid as blacklisting an entire country.

Note also that with a few simple scripts blocking by registrar should be fairly easy.

Re:Gandi.net

[azav]

Well, if you consider that my idea is stupid, please take note that I have complained directly to them about the domains responsible for spamming. They are all ignored.

FYI, the domains are a .biz domain that push cealis and penis extension pills.

Now, I ask you, if the registrar does not respond to the complaints about one of their clients (who is not playing fair), what do you think IS fair and equitable treatment?

One problem with blocking entire countries

[dtfinch]

The United States produces more spam than any other country.

This doesn't happen overnight.

[dinodrac]

Rima-tde's long time treatment of abuse complaints has lead to them being labeled by many in the community as a rogue provider.

This has continued for quite some time, as evidenced by archived usenet posts (http://groups.google.com/groups?q=rima-tde&ie=UTF -8&oe=UTF-8&hl=en&btnG=Google+Search)

Getting up there along with the likes of HINET and Chinese state-run providers takes some serious work, and in goes to show Telefonica De Espana's commitment to its spammers!

Congratulations to them on this well deserved moment of (in)fame.

Re:Blacklist 'em all.

[LibrePensador]

Are you drunk, crazy or both?

Spain is one of the largest economies in Europe and one of the largest tourist venues in the world.

Apart from this, are you preparing to negate the value of communicating with a whole country for the convenience of not having to delete a few emails?

You must be nuts!

Re:about time

I believe Poor Richard's Almanac (written by Benjamin Franklin) which went something like this:
When solving a problem it is common to take a method and try it. When it fails, try another. But above all, do something."

Re:perhaps?

[Ded+Mike]

TDE is blacklisted.

They are as government independent as the BBC or DeutscheTelekom or the BundesPoste. If they were independent and a commercial enterprise, perhaps they would take the actions of those trying to preserve the Internet for the rest of us from the spammers, script-kiddiez and terrorists as seriously as they should.

Re:Internet passports

[jettoblack]

This article advocates a

(x) technical (x) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may
have other flaws which used to vary from state to state before a bad federal
law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential
employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been
shown practical
( ) Any scheme based on opt-out is unacceptable
(x) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.

Bah, typical slashfoo

[crucini]

This is a typical demagogic attempt to get slashdotters riled up against an otherwise unnown blocklist operator. Simply put, most slashdotters do not run ISP's and therefore see only the downside of blocklists.
Most slashdotters are benefiting from some kind of mail filtering and don't even realize it. They are like peaceniks bitching about the very defense establishment that keeps them free to bitch.

I never heard of the AHBL before this article. There are tons of lists. A list that would block a major ISP is probably a niche list aimed at small domains who are not going to have 10,000 angry customers. If SPEWS blocked this ISP, it might be news. If some unknown list does it, so what?

If you find it shocking that a list would shoot from the hip, don't ever query xbl.selwerd.cx. Fast, broad and unforgiving!

Before the inevitable whining chorus of broad-listing-is-bad-what-about-the-innocent-victi ms, let me remind you that SPEWS has gotten the attention of some extremely inattentive spam havens. Companies that unrepentantly spammed like mad in the face of every kind of complaint, peer pressure, and narrowly targetted listing have suddenly come to the table when facing a broad SPEWS block. Broad listing works where diplomacy has failed.

And remember, also, that you are almost certainly benefiting from a lot of filtering implemented by your postmasters or even network admins (at border routers). They spend a huge amount of time compiling lists of bad domains and netblocks - why shouldn't they share that knowledge with other admins? Such sharing is most efficiently done by publishing a DNS-based list like SPEWS. The high profile lists are more professionally maintained than most ISP's in-house lists. Would you rather they share in secret, so small operators can't benefit from their knowledge?

Re:Bah, typical slashfoo

[bruns]

The AHBL is the redesign of the older blackholes.2mbit.com DNSbl from years ago. We've just changed its main focus on abuse in general - which includes e-mail, DoS attacks, etc.

We are apparently in wide enough use that we deal with TDE customers on a daily basis that are complaining that they are blocked.

Its not our primary focus to be the biggest.

Our primary focus is to protect our systems, and the systems we manage, from spam and abuse. We make our data available to anyone and everyone, because we know that our data will improve on the feedback of our users.

So far, we have had zero complaints from our users as to our blocking methods, even if they are extreme at times.

Re:Internet passports

[maxpublic]

We have real life IDs that are difficult to forge and even if you can forge them, you'd get hit by hefty penalties for doing it.

This is a silly argument. Criminals will forge i.d.'s regardless of the law *because - duh! - they're criminals. It's what they do*.

And if you think it's difficult to forge a driver's license or a passport, from *any* country, you've been swallowing too much government bullshit. For $500-$1000 you can get a completely new, legal identity that'll check out if the government investigates it, because it was purchased directly from the folks who control the system that issues i.d.'s in the first place. I could, in 48 hours, get a perfectly valid (and new) SSN, drivers license, and birth record entry which will hold up under government scrutiny *because the folks who control the system will sell them to me, and they aren't forged*. I can get decent forgeries for just a few hundred bucks, if I don't need to pass a serious security check.

Internet i.d.'s will be no different, and no harder to forge. Or to buy, from the right people.

Max

This is a good idea, but...

[SiliconEntity]

This is a good idea, but it doesn't go far enough.

I didn't just block Spain. I set my system to blackhole the whole damn world!

Just think of it! All over the world, anybody tries to send me email, and it disappears into a black hole. Eat dirt, spammers!

And of course all the legitimate email disappears as well. But that's the point! When I talk to someone and they complain that I didn't respond to their email, I explain that it's not me - it's their world's policies about spam! Once you get your act together and get spam off the net, then I'll unblock you, I say. Until then, don't come crying to me - talk to your ISP, to your elected representatives, to the UN. That's where the problem is, and until you can solve it with them... you're blocked.

Yup. I figure this spam business is going to get cleaned up PDQ once people realize what it's costing them. We're going to get a nice, spam-free net, and it's all because of me. You're welcome.

Re:about time

[trelanexiph]

Telefonica.es is the ISP, as RIMA-TDE (another hat it wears) it has been responsible for the continuing incredible 419 spams out of Spain, though they're a BIG ISP, and they are, this does not excuse them from policing their network and ensuring that such things are kept to a minimum, and terminations occur when appropriate. The issue here was they refused to identify corrective actions, refused to terminate abusive customers, and refused to return contact after they initiated contact.

Re:Internet passports

[icebike]

At least the system would government controlled and thus a lesser evil than the tyranny of vigilante groups like SPEWS.

Boy you are a True Believer(tm) aren't you!?!

Name one thing the Government (any government) does well?
As For SPEWS and others, their actions are based on actual monitored events (spam) and not the whim of some dictator or someone doing a favor for a bribe.

Further, the use of these BlackLists is TOTALLY voluntary. You don't have to use them. Run your own MTA.

But let the government get ahold of this and no one will speak out of turn.

I say block it.

[Mustang+Matt]

Block every country that's sending tons of spam. Yes, I know the US is responsible for most of it, but that's exactly my point. Keep blocking countries until the US spammers have to send from US servers and then let us all attack them with a multitude of lawsuits.

China is the worst for me because some jerk spammer is sending junk with my domain on the reply-to. His stuff is hosted in China and there's not a thing I can do.

Re:What action?

[Ironica]

What can politicians possibly do to stop spam?

This is a social problem. Not a political problem. Trying to make it a political problem is just going to make the situation worse.

- Politicians run the government.

- The government of Spain runs TDE.

- TDE is blacklisted as a spam ISP.

Who *but* the politicians can do something about this?

AHBL policies

[bruns]

The AHBL is very open to working with providers to solve their problems. On a daily basis, I can be working with several ISPs to figure out how to better tune our listings, or help them track down a spamming customer.

We only resort to this wide range listings when we're run out of options. In the case of TDE, we just do not have any more patience.

We gave them time. We sent them abuse reports. We even asked them to provide us with accurate information on their netblocks so we can tune our listings down to only their dynamic customers.

However, they ignored our requests.

The AHBL has very strict policies on what we will and will not do.

We are taking a strong stance on 419 and phishers right now - just take a look at our ongoing fight with megamailservers.com - we caught them in a lie with their phishing customers, and we are holding them responsible.

If we are having an effect or not, it doesn't really matter to me. All I do know is that we are taking a stance and asking others to support us.

The hope being that with enough people working with us, we will be able to force providers to do something about their problems.

Feel free to flame me all you want.

Re:AHBL policies

[DaveTheTriffids]

Just out of interest, in which language did you write to tell them all this?

It's a little-known (in the U.S.) fact that people in other countries speak languages other than English.

For instance, I live in France, and my mail provider in the U.S. uses a whole bunch of these predominantly U.S.-based blacklists. Much of the mail sent via French ISPs by my friends is blocked because just once, perhaps seven or eight months ago, someone managed to send some spam from an account with those ISPs before having their account closed. Those ISPs are doomed to remain on the blacklists forever because, although the problem has been solved (open relays closed, AUP tightened up and closely followed) their technical staff can't get off the black hole lists because the lists' documentation and (in the case of one list) ransom demands are in American English. To a non-U.S. ISP, email from a black hole list operator looks very much like Korean or Brazilian spam must do to you: gibberish.

I've written to a few of these ISPs, explaining the problem and translating some of the information for them, but I don't have time to compensate for the weaknesses of two countries' education systems single-handedly.

If you want someone to do something for you (whether it be to fix the leak in a hotel room or to secure an open mail relay in a network) then it helps to talk to them in their language, rather than shouting at them louder and louder in your own.

Blocking Entire Countries

[RWarrior(fobw)]

It would be nice if these kinds of things would get administrators' attention. I don't have high hopes.

Personally, I get anywhere between one thousand and one hundred thousand spams a week directed at my domain from some asshat in Brazil. They come addressed to user1@mydomain.com, user2@mydomain.com, etc., in alphabetical order. Tens of thousands of them. And that's just the Brazilian stuff. That doesn't include the mortgage ads, 419 scams, porn ads, and advertisements that will help me make my wife's penis larger.

Since I'm the only person who uses my domain, and I don't read Portuguese anyway, these are nothing but a drain on my bandwidth and resources, even if I were inclined to buy penis enlargement cream for my wife.

And since I use a hosting service I can't implement a connection-level block because I don't have root on the box. Implementing SpamAssassin on the hosting server brings their box to its knees (I know because I've done it and they shut down my account); instead, I have to dedicate one of my own boxes to scanning all this shit -after- downloading it. My box does virtually nothing else.

And since my domain is my last name, I can't exactly change it easily.

SMTP is broken. It has outlived its usefulness, and it is past time for it to die. Born in an era when the internet was a far safer place, patches and scanning placed on top of it to stop spam do nothing to put the burden of sending mail where it belongs: on the sender. While tools like SpamAssassin, SpamBouncer and RBLs help us to avoid seeing the crap in our inboxes, they remain kludges that still eat up our processor time, bandwidth, infrastructure and money.

But all my work in call centers has taught me that stupid people will always exist, and that some of them can never be taught to behave properly. This means that any schmuck with enough money and enough time and some basic Google literacy can set up a broken copy of $YOUR_FAVORITE_SMTPD on $YOUR_FAVORITE_OS and become the latest spew.

Proposals exist (Dr. Dan Bernstein's Internet Mail 2000 is one of several) to shift the burden of storage and processing from the receiver to the sender. All well and good, but nobody's bothered writing a bunch of cross-platform implementations that everybody will actually switch to, and that Microsoft won't be able to embrace and extend.

So where does that leave us mere mortals, except to use the hypersonic planet-smashing axe to kill the maggot-laying fly?

Re:Blocking Entire Countries

[87C751]

Proposals exist (Dr. Dan Bernstein's Internet Mail 2000 is one of several) to shift the burden of storage and processing from the receiver to the sender.

IM2000 is interesting on the surface, but the proposal is incomplete and it misses one essential point. Putting the storage burden on the sender is meaningless when the sender is sending millions of identical copies. There's also the point that under IM2000, the receiver must know to seek out and download notifications of waiting mail. This does well against unsolicited spam, at the expense of unsolicited non-spam. I suppose you could develop a network of trusted introducers to provide the thousands of maildrops you would now be required to periodically check, but then there would be the issue of how to extend trust. And if spammers are willing to forge every last bit of identifying data save for the essential sucker's URL in an email now, nothing suggests that they would be any more responsible about creating introducers.

The essential problem is that email is a push technology by necessity. A successful antispam technology protects the entry point to the system, but protecting the entry point is a Hard Problem.

But If We Block Their IPs...

...the Spammers have already won!

Re:about time

[eddeye]

do SOMETHING

If the choice is this or nothing, I'll take nothing. Would you be happy with this if you lived in Spain?

Now if you want to do something constructive, switch to cryptographic tagged aliasing (basically, what Spam Gourmet does). It works, you're in control, and it doesn't break anything. My recent paper shows why this approach is much more suitable than white|black-listing.

Re:about time

[trelanexiph]

hrm.. nothing is definately not enough, they terminated no customers, sent no warnings, they demanded to see our previous complaints because they'd never recieved any complaints from ahbl.org. news flash we have quite a few domains, we're not going to complain from the blacklist. Frankly we shouldn't have to wave around a blacklist to get attention, and to get abusive customers removed. A customer who has abused is already abusive before the first complaint is sent. TERMINATE THEM THEN!

Re:What action?

[DrHyde]

Not to mention that politicians can pass laws sending spammers to prison. I can just see it now, J. Random Spammer, in a cell with Samson The Serial Sodomist, who wants to have words about that "herbal viagra" that didn't work so well.

As a Spaniard...

[JCAB]

As a Spaniard living abroad, I care deeply about this. I do exchange plenty of legit email with Spain, you see, so this will affect me personally.

Contrary to what many people seem to think here, the announcement doesn't say thay'll block the whole country. That measure would be draconian, along the line of nuking a city to quench a major disturbance.

Instead, they say (correctly) that they are blocking the offending IDE, which "is the govt run ISP of Spain" so it can be expected that this ISP provider is a major provider, and many people will be affected. I believe that. Telefonica was, until a few years ago, _the one and only_ telephone communications provider of Spain. It is BIG.

This is unfortunate, but _if_ this provider really is such a non-cooperative major source of spam and hack attacks, then I can't blame them for blocking it, much as it pains me.

Re:As a Spaniard...

As Spaniard...

It's true that the announcement does'nt say that they'll block the whole country, but telefonica rents his lines to other companies, so they will be blocking a lot of people, a lot more than the 50%.

Its incorrect that telefonica is the gov's isp, it was few years ago, but the previus government privatized it so the new government (we have elections a month ago) doesn't have any control over the company.
The process of privatizacion was very obscure, a lot of directives getting a large amount of money, the new president that was designed was a friend from school of the old government president, etc etc.

We've got only a pair of alternatives and isn't as easy as it seems to change provider, for example you can't change company in the first year whithout paying a large amount of money.

We're paying what the previous government do, they do their worst in exterior relationships, they had a very bad plan about new technologies, education, etc. For example Spain got the worst number of internet connections, internet services and the most expensive connections of Europe.

Telefonica got the worst client hot line you can imagine and they don't pay any attention to what the users says, but you've got no alternatives in the most of the cases.

So as a Spaniard and as a Telefonica user i thought that it isn't fair to ban the whole company ips but it's fair to make telefonica pay a large amount of money or punish it other way.

PD: sorry for my english

Re:about time

Blocking specifics doesn't work. History does not bear out your suggestion.

SPEWS may be despised by some, but they aren't at fault. They do nothing but create a list. It's up to everyone else to decide what, if anything, they want to use from that list. It's no different than any other BL floating about out there - perhaps it's because SPEWS is willing to pull the trigger a bit sooner?

I'll wager good odds that if an IP address is in SPEWS it's at at least one [or more] of the other most-frequently used BLs. It's a fad - it's easier to bitch about something everyone else is whining about.

All SPEWS does is list an offending address. If that doesn't work [after a period of time], then moves upstream to list the next level of the tree. This captures the next branch and the first opportunity for another ISP to be involved. Each period of time in which there is no positive response (removal of the offending resources), the BL listing keeps moving up. Eventually, the customers will complaining to their ISP about their email bouncing.

Why is it done this way? The spammers aren't going to undo themselves. But putting everyone else on their back will.

It's really no different than blocking entire countries such as China, Korea, and Japan. Unless|until they (the countries) crack down on spammers (native and US making use of their utilities), open relays, and open proxies, most places really see no reason to uncork them.

Society doesn't work like an ideal...

[Animaether]

Ideally, people would complain to their ISP. But, society is hardly an ideal...

-----

Somebody robs a bank and flees.
The cops don't know where he is, but know that he can't have fled beyond 5 blocks.
The cops cordon off those 5 blocks.
Everybody within can't leave, everybody outside can't get in.
Does society, in general, get pissed wtih :
A. The bankrobber, for robbing the bank, making this a likely necessity
B. The police, for preventing people from going where they want

Answer : B

-----

A local TV transmitter gets notice from a commercial network that the commercial network will no longer pay the transmitter to be aired. They'll have to put them on the air for free.
The local TV transmitter gives them the finger and pulls them off the air.
Delicate issue : the commercial network carries soap operas that are hugely popular within the local region.
Does society typically blame :
A. The commercial network for using their show's/shows' popularity to try and strong-arm the local transmitter for a better deal
B. The local transmitter for making it impossible to watch their favorite show

Answer : B. Real story where I'm from, and people ended up getting TV dishes en-masse.

--

Same thing with this...

Do you really think all those Spanish people are going to blame their ISP for hosting (known) spammers once they get word/realize that their mails out to the world are bouncing/getting eaten ?
Of course not. They're going to say "wtf. stupid blacklists - that e-mail has to be there today, and that blacklisting of my ISP is the reason it can't. I guess I'll have to hotmail it. *expletive*"

That's how cause and effect is going...
effect : ISP is blacklisted
cause : ISP hosts spammers
NOT the legitimate people's problem!

at least, until...
effect : people can't send e-mail
cause : blacklists
Therefore - blame the blacklists!

you see, there is no :
effect : people can't send e-mail
cause : ISP hosts spammers
relationship to most of society, so they're not about to blame the spammers.

And as much as I disagree with that stance, and would poke at my ISP to see if they can get off the blacklists a.s.a.p., I can't say that I blame users who point at the blacklists instead.

Maybe if blacklists could warn ISPs' users 3 days in advance. Maybe... mass e-mail them :x That's spam I wouldn't mind receiving it means I could ring up the ISP and warn them that if 3 days later the ISP still finds itself listed, I'd take my business elsewhere - and find a decent alternative in the mean time, rather than being caught off-guard.

Re:Society doesn't work like an ideal...

[Monkeyman334]

Maybe you're saying that because you haven't done any research. I worked for an ISP, for many years. More than once my boss decided that maintaining the list on the email server was too difficult and he should just open it up (and didn't tell me). After about a week of a couple people not being able to send email to server x and y, I figure it out, close the relay, go submit the server to the blacklists it's on. People blamed us because they couldn't send email, and we were the magic email thing in the sky. They don't know what a blacklist is, they don't care. They wanted us to fix it or we wouldn't be any use to them and they'd close their account. So yes, I believe blacklists are effective.

You're also making the assumption that the ISP doesn't know about spam and that they need a warning. I've had spammers email me and ask "Are you guys friendly towards mass mailings? (aka spam).", "I need DNS hosting for mass emails, I can take care of the servers, I just need DNS." Of course I told them no we didn't. And if they singed up for a regular account and we got a complaint, we had their cc number.

For a better analogy, think of someone providing a service, milk deliveries or something. Then one day the deliveries stop because there's a milk shortage, and they still expect you to pay for the milk you're not getting!

Re:Society doesn't work like an ideal...

[hysterik]

Based on your analogies, the people in Spain would likely blame their ISP, not the blacklists. What is more visible to a person? The robber or the cop? Answer: the cop. What is more visible, more immediate: commercial network, or transmitter? The transmitter. What is more visible? Your ISP or some blacklist further up the chain? The ISP.

If people are going to get pissed, they will get pissed at their ISPs, they can't comprehend any further than that. Understand?

Re:you mean BIG?

A 419 e-mail refers to a particular kind of Nigerian fraud e-mail, not the number of e-mails sent.

Telefonica has it all

[McKlain]

Telefónica de España (TDE) is like AT&T in the USA or BT in the UK. If you're expecting them to fix something just because those guys put them on a blacklist... you're living in the magical world of oz.

Re:Geeks

[harlows_monkeys]

What a bunch of arrogant fucksticks...How about sending the Telco's CEO a registered letter, pointing out what will happen within a month if things don't change?

I think it is interesting that you call them arrogant fucksticks, when you have no clue at all how this stuff works. Hint: a block only becomes this big when the ISP has repeatedly ignored abuse reports over a long period of time. The only way to get their attention is to block them.

And, in fact, now that they have been blocked, they suddenly have shown an interest in dealing with their spam, and have contacted AHBL.

Note also that AHBL asked for details on address ranges, so they could tune the fine-tune the blocks to just catch the dynamic addresses (the ISP claims that most of the problems are from users at Internet cafes), and was ignored. Note also that the ISP could solve this problem with a simple block on outgoing port 25 from their Internet cafe customers.

Re:you mean BIG?

Moderator, please ban this user who is spamming slashdot with a 419 scam.

Re:about time

[thogard]

This does work. It worked with Telstra.

Your concept of the money flow with spamers is wrong. Spamers get paid by compaines that think they will sell something to the end users. The result is most of the people who paid the spamers never make any sales at all.

Oh give me a fucking break

[Sycraft-fu]

Block lists are NOT torutre, or anything like it. It is a private entity (person or corperation) deciding to not allow certian IPs. That's all. Much as I have the right to decide who is and is not allowed to come in to my house or store, I have the right to decide who is and is not allowed to access my server. If a given ISP continually abuses the service I provide and refuses to respond to complaints regarding that, I am quite justified in blocking them.

In fact, I don't really need any justification in blocking anyone. There are plenty of servers on the Internet that are accessable by only a select few. That is just fine, they are private property and it is the owner's right to decide who gets access.

The Internet is not your personal playground, and if you act like an ass, don't be supprised to find people denying you access to what they offer.

Re:about time

[trelanexiph]

your paper also doesn't really provide any emphasis or responsibility on ISP's to police their traffic, therefore it's more or less functionally useless at stopping spam. The best way to stop spam is to deny access to our mail servers from ISP's harboring spammers.

Re:Geeks

How about sending the Telco's CEO a registered letter,

This rubs me wrong. Why should a non-commercial, volunteer service have to spend time and money sending out a registered letter. Do you realize that DNSBLs block *several thousand* IP addresses. Do you really expect them to send out registered letters for each and every one?

The CEO of a large ISP has no more right to be treated like a king than a kiddie with a cable modem. A registered letter... sheesh. Maybe it should be wrapped in silk and sealed with wax too.

Look, the company was spam-friendly. They were notified by email on several occasions that they would be blacklisted if the situation was not addressed. They had plenty of warning, and plenty of time to respond. They did not, and this is the consequence. C'est la vie.

Not the first time

[Halo1]

In the past, the whole of Costa Rica has already been blocked once because their national ISP (racsa.co.cr, which was (is?) the only one available) did nothing against Ralsky's bestiality and incest porn spamming via their networks and hosting his sites on their network.

And since this is in the "Your Rights Online" category: I think everyone has the right to refuse mail from anyone else. If an ISP uses this blocking list without properly informing his customers and without offering a way for his customers to opt-out of this kind, then this ISP is obviously at fault, not the people who publish the blacklist. The latter are simply like a consumer magazine that advises against buying a particular product because it performed very bad compared to other tested products.

Re:Internet passports

[kris]

Criminals will forge i.d.'s regardless of the law *because - duh! - they're criminals. It's what they do

Actually, most IDs even work in such a context. They are not constructed to be unforgeable, they are construced to be hard (read: expensive) to forge, and this is their sole purpose. They increase the cost of "doing business" for criminals.

And even if an ID is forged, as long as it is expensive to forge, most criminals will have few of them, and losing or exposing one of their IDs will be a heavy loss for them. A forged ID may to reveal the identity of a criminal, but it will still create a traceable and linkable trail. Which is what really counts when you try to catch such people.

A blessing in disguise

[D4C5CE]

They cannot claim that it wasn't a scenario waiting to happen.
Back in 2000 already, Tom Geller made this statement in a discussion with the EFF:

The saddest part of the spam problem is this: The "technical solutions" you name above already cause entire nations to be blackholed in thousands of servers around the world. Many postmasters have received only spam from .cn and .kr, so they dump all mail from those TLDs in the trash.

Mind you, it is the Spanish government's explicit duty under EU legislation to stop precisely this situation from happening to all of Europe - this is the very reason why Directive 2002/58/EC was adopted in the first place, and its wording is crystal clear - anything that is not opt-in (with the onus on the sender to prove it) is strictly illegal:

Article 13
Unsolicited communications
1. The use of [...] electronic mail for the purposes of direct marketing may only be allowed in respect of subscribers who have given their prior consent.

It was a long hard fight getting this on the statute books almost all across an entire continent - but now, finally, the law is definitely not on the spammers' side.

Blacklists are a bad idea in the first place, but if legitimate eMail gets blocked because a provider fails to fight spam, it is that ISP (rather than the blacklist operators) who deserves all the wrath of its customers.

Sad as the current situation is, combined with the onslaught of Trojan eMail it will hopefully make Spanish businesses and citizens pressure their authorities to enforce a draconian crackdown on the perpetrators - finally treating spammers as the cyber-terrorists they are.

Korea was First, China Second

[billstewart]

Korea was the first country to get massively blacklisted. It's probably the most wired country in the world, with a large number of cookie-cutter badly-administered machines (mainly in the school districts) that had open relays on them, language barriers that meant that if you did send mail to the bad administrators, they couldn't read them and you couldn't read their replies, and it has a relatively small set of industries that do Internet-related business with US locations - if you don't make chips or consumer electronics, and don't have friends over there, you're highly likely not to get many false positives by simply blocking the whole country and its huge spammer load. And if you _do_ have friends over there, you can still block any email that's not in Korean character sets :-)

China's another popular place to block, not because of badly administered machines, but because of policies of tolerance of spammers and scammers and lack of useful response to abuse complaints. I haven't gotten much spam in Chinese in a while, but I still get lots with either the email origin or the web site located in China. And China's Internet access is controlled by the government telecom monopoly, who obviously don't mind spammers if they pay their bills.

So blocking a whole country isn't a new thing. But this isn't a whole country, it's just one of the major providers there. Spain doesn't censor their users' internet service - if you're blocking their mail, they can get themselves a Hotmail or Yahoo account to reach you.

Re:Korea was First, China Second

[BlueUnderwear]

China's another popular place to block, not because of badly administered machines, but because of policies of tolerance of spammers and scammers and lack of useful response to abuse complaints.

However, Chinese authorities have no tolerance against people who download anti-regime propaganda, or who sympathize with Falun Gong.

Hence, I solved my Chinese spam problem by adding the following to my sendmail.mc (it's only 4 lines, but Slashdot will probably cut the 3rd...):

# Really give the Chinese Spammers a mouthful...
changequote([[,]])dnl
define([[confSMTP_LOGIN_MSG]], [[EFGIC: U.S. Congress Condemns China's Oppression of Falun Gong on\nU.S. Soil and in China\n\nHouse Concurrent Resolution 304 calls on China's agents in\n the United States to halt all operations being carried out against\n practitioners of Falun Gong on United States' soil, as well as the brutal\n persecution of millions inside China.\n\nLONDON (EFGIC) - Last week, the US Congress introduced a concurrent\n resolution calling on the Chinese government to end its brutal\n persecution of Falun Gong in China and stop all activities against Falun\n Gong practitioners inside the United States.\n House Concurrent Resolution 304 (full text), introduced by Congresswoman\n Ros-Lehtinen of Florida, references China's own constitution and\n international human rights accords in calling for China to uphold\n freedom of belief, assembly, and speech for the millions of Falun Gong\n practitioners in Mainland China.\n Resolution 304 also specifically mentioned section 401(a)(1)(B) of the\n International Religious Freedom Act of 1998 (22 U.S.C. 6401(a)(1)(B)):\n \"Whereas the Constitution of the United States guarantees freedom of\n religion, the right to assemble, and the right to speak freely, and the\n people of the United States strongly value protecting the ability of all\n people to live without fear and in accordance with their personal\n beliefs...\"\n Harassment, libel, and imprisonment have been widespread in\n Jiang Zemin's four-year campaign to eradicate Falun Gong. Torture and\n abuse in custody have led to thousands of wrongful deaths.\n]])dnl
changequote(`,')dnl

This will change your sendmail banner in such a way that spammers, should they dare to send to you, get a surprise visit from the political police ;-)

Re:Korea was First, China Second

[Reziac]

So what happens when it's some upstanding Chinese citizen whose home PC has been zombied and is sending spam without his knowledge or consent?

Re:Internet passports

[geminidomino]

They will when the alternatives are 1) having to change one's e-mail address every week because your ISP just got on SPEWS blacklist and 2) drown in spam.

3) Change once to an ISP that doesn't tolerate spamming on its network. They DO exist.

Have worms on your Windows box: your ID is revoked.

Which means a huge subset of users would lose the ability to send mail anyway. Same supposed problem with blacklists, except in your solution, they lose it completely.

x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical

No-one has even tried because the ideas got shot down by professional hand-wringers

It has been tried, repeatedly. It has failed, just as repeatedly. This idea of yours is not new, not practicle, and all but unimplimentable.

(x) Sending email should be free

I disagree. E-mail "stamps" would be a good idea.

Email stamps would be a very BAD idea. Spammers already steal accounts, bandwidth, server space... what makes you think they wouldn't steal "stamps?"

All in all, a very naive suggestion.

Re:The key problem

[geminidomino]

They aren't exerting anything. GAFC. AHBL doesn't even get queried unless the mail admin KNOWINGLY edits his SMTP server's configuration files to use it.

In those cases, the MAIL ADMINS give them the right to exert that power, and they have full rights to do so, since they do not and CAN NOT grant that right outside their own network.

I can only assume none of these people asking questions like this have ever run any sort of real mail server.

Re:about time

Funny, that reminds me of how rich people talk about poor people --- too bad for them, they shouldn't "associate" those people or live in those spammy countries, surely people in Brazil have the power to force their ISP to stop spammers the same way people in the US were able to force Comcast to tell them exactly what the monthly bandwidth caps are. Oh, well, let them eat cake, change ISPs, complain to your ISP, its not SPEWS, they just create a list and then they wash their hands of it.

Elitist fuck, many people have as much power to switch ISPs as you do to make SBC stop using PPPoE. If you were in a situation where you were fucked as collateral damage by SPEWS or the war on drugs or the war for big oil or the war against terrorist hackers, then you wouldn't be so flip.

Regular people don't have power - ISPs, spammers and SPEWS (in these types of situations) have the power and regular people are just fucked as usual.

SPEWS - "We try to pressure ISPs into stopping spammers by drawing innocent parties into the line of fire and having them howl like tortured cats. We call it 'Coercive Recruitment' but we feel good about recruiting them because our cause is just" and as we know from history, when people are recruited against their will to fight for a cause they are always the better for it...

Just a typo

[ocie]

They accidentally typed the following in a config file:

.es TLD for spamish servers

See, just that one letter messed up the whole country when it was caught by a filter run on the config file. Look for similar things to happen to:

.vi TLD for U.S. virgin islands
.ng TLD for Nigeria
.ph TLD for the Philipenis

Seriously, haven't these folks ever heard of a spell checker?

Re:Just a typo

[al_fruitbat]

Can you tell me where Philipenis is? Inside Philipants?

The internet is NOT a human right!

[erroneus]

Working and playing on the internet is a priviledge. It's that simple. And allow me to draw a parallel to my own experience.

I had a roommate. This roommate has a child. This roommate's babysitter would enter my home and during that time, things would disappear. And after changing the locks twice, I arrived at the conclusion that the items were disappearing either through my roommate or the roommate's babysitter. I decided to notify the police and before my roommate would give me the babysitter's contact info, the roommate called the babysitter to inform about the situation.

They both deny any wrong-doing and no property was recovered however, once I booted the roommate, my theft problem disappeared with the roommate.

Living in my home was a priviledge and when that priviledge was abused I needed to take action since all other outlets were met with opposition, denial or attempts to evade. Ultimately, just like the blocking of SMTP traffic from Spain, I had to cut off the problem from the source.

Obviously no one expects the situation with Spain to be permanant. I expect when the lesson is learned and enough cries are heard, they will be restored without the scam-spam problem they once had.

The Public Internet is a priviledge, not a right.

Re:about time - Telefonica incompetance

[@madeus]

I quite agree Telefonica.es are an insuferable source of spam (much of the 419 spam I get is relayed through there, as you say). Telefonica is in fact the single largest source of all the spam in my mailbox and I have tried to get them to take notice for years. I welcome this action with open arms.

Telefonica.es administrators are simply utterly incompetant and have been for years - they don't care one hoot, maybe now their own sence of self preservation will take over (though it's sad that it has to go this far before there is any hope of them taking action).

There was a large degree of debate when they first joined the European Union that less wealthly nations such Spain and Portugal joining would upset the balance, so they were 'eased in' thanks to legislation allowing for a transition period. Now, they are economicaly fully integrated, but cultural issues still remain. I think their behavior in this reguard is glaring example of the level of sophistication and competance in a highly technical field not being up to par.

Spain, South America, Africa and the less developed parts of Asia are main sources of spam (at least, the spam I receive). While South America, Africa and Asia all have understandable economic reasons for being sources of such abuse, the Spanish ought to be able to keep order and it's a damning indictment of their abilites that they have been unable to for so many years. What's even more depressing is I predict that we see a new influx of spam from the Eastern European nations now joining the EU in the not-too-distant future.

Unfortunately, large blocklistings are necessary.

[DocSnyder]

rima-tde.net is a major European spam source. So is wanadoo.fr whose official email relays (193.252.22.21-30) are sending me about 50 spam emails per day. Almost everyone in Europe is blocking their entire netblocks, but that can't be a solution as not everyone is able to block them.

So I unblocked their relays a week ago to see the input IPs and LART each spam originating from worm-infected Wanaspew customer PCs. Surprisingly, the whole mess hasn't been coming from thousands of wormed Weendoze boxes, but merely from *four* (later six) different input IPs. A responsible ISP wouldn't have any problem in preventing a handful of customers from emitting spam.

Wanapoo did nothing. In spite of 44 (!) complaints to Spamadoo and some further communication with the French ISP association AFA France, the same customer IPs I've been LARTing up to 10 times since Sunday last week were still spamming on Friday.

So there are only two solutions left - either eat your spam or dig a deep hole, put Wanadoo's netblocks including their email relays in and let them rot there. Writing spam complaints to Wanadoo is futile.

Re:Geeks

[BiggerIsBetter]

I'm not defending the company in question, and presumably notifications were being sent as per usual. My point is that the reports were possibly being intercepted by some admin or middle manager who wouldn't have made a difference. Going by the amount of spam coming out of this place, odds are it generated some amount of revenue for some department within the company, so unless the issue is raised at an appropriate level it's not going to get addressed.

When you're blocking a national carrier I think that different rules need to apply. This is possibly the first that a higher-up has known about it. I'd imagine that the interest now shown is a direct result of someone being told to "deal with it". Had a formal registered request (with results spelled out) been made to someone with authority it's quite likely it wouldn't have come to this.

OTOH, it might have been viewed as attempted to exert unreasonable leverage. One organisation telling another to stop or we'll tell our friends you're bad. Spam can be caught fairly effectively on a message by message basis, so I don't think this is particularly worthwhile action anyway. Yes, it would be nice if we didn't have to deal with it, but whatever, they made a fuss and it'll probably get sorted - along with adding a great deal of ill-will towards AHBL.

SMTP extensions

[GnuDiff]

Speaking of spam, I see at least one immediate solution I have used myself.

As DNS is a much more hierarchical and restrictive system, use it to assist you. Configure your mail servers to drop mails from ip addresses that do not have associated valid MX records. That would take care of 99% of the hacked boxes, which are typically end-user computers that have some reverse DNS at best.
Ie. if a 1.2.3.4 host contacts your mailserver and wants to give you something, accept it only if 1.2.3.4 is listed as an MX for a domain.

This, as I understand, _is_ contrary to a particular RFC, but what is the percentage of valid (and most probably DNS misconfigured) hosts that won't be able to contact you, and what is thus the price? I have done it on my domain mailbox, and this has effectively shut down 100% of all the spam that has been pouring due to the recent Windows spam worms.

Re:Internet passports

[maxpublic]

it's still better to have it under organized control than have a group of crazed vigilantes blocking entire countries.

No, it isn't. Government has proven to be entirely ineffectual at doing anything to stop, slow down, or even reduce spam by one teeny tiny little bit. Government efforts are, in this context, laughable at best.

The 'crazed vigilantes' stand a much better chance of getting some action than any government law has in the past. Fact is, I think this is a good thing; it shows that while governments may be oppressing us more and more in the real world, as yet they have little, if any, power in the virtual one. Citizen groups, for better or worse, are mightier than the nasty fuckers that control most government bodies today in at least one way.

And until there's a one-world government - which only happen over my cold, dead body - this situation is likely to persist for the foreseeable future.

Max

Re:Internet passports

[geminidomino]

If SPEWS proved ineffective or untrustworthy, the list would stop being used. Look what happened to MAPS if you don't beleive me. Once one of the widest-spread lists out there, before the were sued and changed their policies to be all but worthless.

Blacklisting at this level can help

[DeanFox]

So many posts complaining that this won't solve the problem...

Blacklisting the entire ISP does not solve the problem in a technical sense. It's designed to achieve one thing. It gets the attention of top management who can fix the problem.

As in human nature, the problem isn't important until it affects you. This is especially true in large organizations, and becomes more and more true the further up in management one gets. It's a given in political jobs at any level.

Polite emails are not an affect; I doubt top management even knew about them. The decision makers at TDE haven't cared because they haven't had to care.

If AHBL is large enough to have an effect, now the top management has something to care about. Since their positions at the top are governed by politics, this notoriety is exactly what's needed to get their attention.

Blacklisting like this solves the problem by affecting the top management in a way that motivates them to act. Now policies will be enacted, procedures will be followed, closing down forwarding on port 25 will happen, so on and so forth... And those changes do help fix the SPAM problem.

Re:incompetence outside of the US?

[sofar]

I'm a european and the occasional relayed-by-spain spam message doesn't even make the 95% that is relayed by US based machines.

Don't assume, measure, balance, and do something about your own country's companies. It could be your neighbour.

And that guy 3 postings up has a valid point: 80% of all spam topics are US centric. I should blacklist all US IP numbers for that. The US is capitally guilty of keeping spam in place, either by the largest DEMAND (companies and customers), or by non-conclusive legislation.

Bad neighborhood.

[CrystalFalcon]

The equivalents exist IRL too.

I live in a place where I have difficulty finding a cab. If I call for one on the phone, they tell me to be out in the street waving for the cab, or they will drive past without stopping in the area. I never go out on a Friday or Saturday night without a bulletproof vest, and I'm always armed with at least one combat knife - often several.

This is where you live online. This is why people won't come to your place to deliver pizza. Or SMTP, or any other service.

Re:Bad neighborhood.

[PerlMonkey]

Have you considered a radical solution to your problem - moving, for instance?

Re:about time - Telefonica incompetance

[BobTheLawyer]

Bad troll. The EC was formed in 1957 and Spain joined in 1986, at the same time as Portugal.

This is news? Slashdot already blacklists TDE

[JackAsh]

Hi all,

My family actually lives in Spain, and uses Telefonica as their ISP. During my last visit, I discovered a wonderful surprise: Slashdot already blacklists the entire Telefonica data block. Whenever you select a link to read a story's comments, etc., it comes up with some message about not allowing that operation due to abuse from the netblock. It was pretty cool, really.

In any event, Telefonica is a big, monolithic telephone operator. They used to be the official, national telephone monopoly company before the market was opened up to other operators. Telefonica is still huge, nonetheless. They have voice, data, and cell phones in Spain; I think they also own a good chuck of media there. They run a pretty sizeable percentage of the telco business in South America (possibly the largest telco in the region). They bought our Terra back in the 90's, which bought out the Lycos networks for those that actually care.

Telefonica could probably have worse service, but they would need to train their personnel for it. As with most old monopolies there's this pervasive company culture that they are the center of the universe and if you don't like it you can go jump off a cliff or something. So I'd suggest not holding your breath for this situtation to be resolved. Although, as with every bureaucracy, every once in a while messages accidentally make it to the desk of the one guy who has a clue... :)

-Jack Ash

The spammers win . . .

[dheltzel]

. . when the collateral damage becomes so great that people start losing the benefits of the internet.

It looks to me like we are segregating the internet into 2 nets:
1) Free of Spam
2) Free from regulation

I suppose some people think this is a great idea, but I find it disturbing because innocent people are punished without any recourse (don't give me the "switch ISP" baloney, it's not always possible, and you know it).

Of course, the first one will still have Spam, just less of it, the second will still have regulations, just less of that. Personally, I like option #2 and deal with Spam at my server with SpamAssasin and at my clients with Thunderbird. No blacklists required.

Re:incompetence outside of the US?

[schon]

80% of all spam topics are US centric.

It's not the topics that causes spam to be relayed.

I should blacklist all US IP numbers for that.

As you have control of your mailserver, you're entirely welcome to do so.

However all you'd be doing is proving that you have absolutely no grasp of any of the issues involved.

Working around a blocked port 25

[Arch_dude]

ISP should shut off port 25, because it defends the rest of us from the clueless. However, if your ISP blocks prot 25 and you have a legitimate reason to use a different MTA, you can still do so by having the administrator of the MTA open a port other than 25. for example, you and several of your friends can get together and rent a cheap server somewhere on the internet (e.g., www.linode.com, $20/mo) and run your own MTA (sendmail or postfix.) You can either set up a VPN connection via SSH, or simply open a separate port and then change the settings on your e-mail clients to send to that port instead of port 25. As the administrator of the MTA, you will of course restrict the use of this port to only you any your friends. Note that your e-mail will no longer originate from the blocked ISP, but from your own tiny little home on the net. OF course you will need to rent your server from an organization that enforces a serious anit-apam policy, or they may get black-holed themselves.

Telefonica are the most incompetent Ive ever seen

[cremat]

My company is in Spain. This is my experience with Telefonica... My company is based in a small town 40 miles away the third largest city in Spain (Valencia). Until now, the only way to get broadband in small cities is to get an ADSL. Many ISP companies offer their broadband services, but all physical hooks to the backbones go through Telefonica (that means, when I buy broadband services from any ISP, the ISP actually buys the service from Telefonica and resells it to me). When I got the ADSL for my company, all IPs were static. Telfonica wouldnt admit it, because they were still working on the implementation of ADSL through PPPoE, with dynamic IPs. Later, I got a second ADSL for home, this time with PPPoE, or I had to pay an extra fee of 12 for the static IP. Since this was just for my home network, I thought having a dynamic IP would be ok. Almost all Telefonica routers come with NAT enabled so the routers are in charge of the PPPoE connection. However, I wanted my linux box to handle the connection and the routing processes with ip tables and shorewall, and dhcp for the LAN. So I put a Windows machine for the techie-guy to configure the modem/router in bridge-mode, disabling the router capabilities of the modem. Thank God I was there when he came, because he had no idea on configuring the service in bridge-mode!!!!! I had to do it myself while he was watching me do it!!! My company ADSL (Static IP, no PPPoE) works ok. Its a 2Mbps downstream, 300kbps upstream. In reality, I get 1.6Mbps downstream, almost 300kbps uptream. And I must be vey happy and thankful to mighty Telefonica, because although they sell me this connection as 2Mbbps/300kbps, there is a clause in the contract that says that they will only guarantee 10% of the speed you contract! My home ADSL basically sucks! Its a 512/128kbps, and I get synchro problems almost everyday. Each time I get a synchro problem I loose connection, therefore rp-pppoe has to restart (1-2 minute blackdown). Download speed ranges from 400 to 430kbps max. Well, under this scenario, you live in the US, for instance, and you call to complain, and there is a chance you get results. Under this scenario in Spain, you have to kiss their asses, because theyre still a monopoly everywhere but in large cities. I lived for 8 years in the US, and when I came back I had to switch my brain-chip so I wouldt get burned after speaking whith these people for 5 minutes. Until a couple of weeks ago, that I told them to either kiss my ass very very gently each time I spoke with them, or kiss my ass goodbye in less than 6 monts, where Ill be switching to a cable company that is now starting to offer telephone and broadband in some areas of the city I live. Finallym they understood me. About what happened with their mail... I have already checked that my primary company IP is in the range already blacklisted (yes, we are in the RIMA subnet, and it is, as of now, the best one Telefonica has). I called technical supoort to ask questions about this issue, and THEY DIDNT EVEN KNOW THAT THIS IS ALREADY HAPPENNING!!!!! In few words... Telefonica is the largest communications company in Spain and othre countries. They used to be a monopoly, they still are a monopoly in certain areas, and they still treat their customers as a monopoly, with bad support, assuming we are ignorants who live in oblivion, and charging high-rates for high-sucking-services. Examples: - In the mid 90s, the Infovia network of modems (what spaniard used to connect to the internet) had a maximum number of 10000 simultaneous connections for a country of almost 40 million people (Univerity of Austin in Texas had more for their students at that time) - Services such as caller id, and similar are still in development in many areas of the country - Telephone rates, in absolute terms, are not the hihest in Europe, but salaries in Spain are less than half than Europes, making these the higher rates in Europe. - Their technical and commercial staff lack manners, and knowledge, and be careful, they could charge you for unsolicited servi

You must be joking.

[jotaeleemeese]

I know nobody that works with computers at this level (configuring routing, email servers, DNS records and servers, etc.) that does not have at least some rudimentary knowledge of English.

I have worked in 3 different continents in as many as 10 countries (only one had English as a main language), so I believe I know what I am talking about.

Using blacklists is OPTIONAL

[WoodstockJeff]

The use of ANY blacklist is OPTIONAL on the part of an ISP. And, in the case of the article in question, the lists mentioned are (and have been) more agressive than most people would like.

We only block based on a few external lists (ORDB, SpamCop, Blitzed Proxy), and then, not unconditionally. 90% of our blocks are done by internally generated lists, because we do have to receive mail from compromised sources at times... our business customers have clients in countries that are notorious for spamming, and even on ISPs that are bad.

That said, we do not accept any mail on the first pass from a large number of subnets, varying in size from /24 up to /8's, and a growing number of European subnets are on that list - not just Spanish ones. Mail from these subnets is "soft-bounced" (given a 451 error code) until it can be reviewed for legitimacy. And anything that doesn't have at least 1 retry is judged to be a proxy-based spam attempt.

Now, I will check bounces against some of the more agressive lists in deciding whether to make exceptions for these "soft bounces", but the final authority is a check with the customer on anything questionable. A million-customer ISP can't do that; that's one of our advantages...

Yes, something *has* gone horribly wrong...

[PinkFreud]

Spamming has become this prevalent. *That's* what has gone wrong.

I don't care which ISP or hosting service allows spammers to operate on their network - if they allow it, they need to be blacklisted. Hell, I'm of the opinion that they should be blocked at the router level - the Internet is an ISP's lifeblood, and without connectivity, their customer base goes elsewhere.

At this time, where at least one third of all email is spam, we *need* to be proactive in seriously limiting where spammers can find Internet access. If an ISP is going to be spam friendly, then it's time to kick them off the 'net.

Re:about time

[mdinowitz]

My spam code automatically blocks anything from rima-tde and let me tell you, it's never blocked anything but spam. I get mail from around the world for my mailing lists and not one Spanish ColdFusion programmer has complained.

I keep an online DB of all the spam I get and this is the (not current) list of spam from them.
http://www.houseoffusion.com/spam/viewdomai n.cfm/d omain=rima-tde.net

Michael Dinowitz
House of Fusion
http://www.houseoffusion.com

Re:incompetence outside of the US?

[@madeus]

I'm a european and the occasional relayed-by-spain spam message doesn't even make the 95% that is relayed by US based machines.

I'm a European too, and I've been getting Spam from Telephonica for 6+ years. Just because you don't understand the reasons behind why this course of action has taken place, doesn't mean it's not warrented, and it certainly doesn't mean you should defend their behavior.

I receive virtually zero spam from US based source IP's and many from telephonica.es - given that the US has *VASTLY* more internet users than the smaller, less well connected Spain is quite damning on Telephonica's part.

Dispite your assertions the US does more than any other nation to prevent and clamp down on spam. Impefect as it is, no comparible level of anti-spam ligitation has been passed in any other nation (though a few sops have been thrown here and there).

Don't assume, measure, balance, and do something about your own country's companies. It could be your neighbour.

I'm from the UK, we do comparibly quite a good job here (dispite poor legislation, largely thanks to the watchful behavior of ISP's), and yes it is one of our neighbours that's reponsible for a very high volume of Spam, that 'neighbour' is Spain.

Telephonica is such a problem child that this is long over due. Many of us (who keep track of the source IP's of our spam) are frankly sick and tired of their **** and it's about time this happened.

You can automatically bash the US all you like (for all the good it will do you), but the problem here is a company in an EU member country pisses of thousands of people all over the world though it's lax and unprofessional business standards, because they are too incompotent to sort out a problem I can recall them having for at least the last 6 years (thanks largely to it's proximity to North Africa and the large number of Cyber Cafe's no doubt).

Go on and black list US IP's if you like, I'd find that amusing. That's actually likley to INCREASE your spam to genuine mail ratio.

Re:about time - Telefonica incompetance

[luisdom]

They joined the EU in 1986.
The EU didn't exist in 1986, the EEC did. Spain's a founding member of the EU, but not of the EEC.

Re:about time - Telefonica incompetance

[BillKaos]

There was a large degree of debate when they first joined the European Union that less wealthly nations such Spain and Portugal joining would upset the balance, so they were 'eased in' thanks to legislation allowing for a transition period. Now, they are economicaly fully integrated, but cultural issues still remain. I think their behavior in this reguard is glaring example of the level of sophistication and competance in a highly technical field not being up to par.

You're nothing but a troll insulting all of us spaniards. For your info, Spain has one of the most active Free Software comunity and contributors and the majority are very skilled.

You should note that I administer a medium volume mail server (10000-30000 real e-mail a day), and 70% of the spam comes from your highly sophisticate and competent country.

And I'm very proud of our "cultural issues", those issues that prevent us of having a DMCA, software patents, simulating the democracy, going to useless wars, and not having healthcare for everybody.

Re:you mean BIG?

[AndroidCat]

While a few posts have explained what a 419 scam is, none have mentioned one thing: This kind of scam has been around for hundreds of years. One of the many names for this fraud is .. The Spanish Prisoner.

Re:Unfortunately can't block wanafoofoo

[anticypher]

Emails and complaints to their abuse inboxes are completely ineffective. Neither are face to face meetings with wandadoo's legal team. BTDTGTTS. Changing French law to make them liable for failing to disconnect criminals from their network might make them take notice.

They are hiding behind a serious mis-interpretation of some antiquated laws that they cannot interfere with their customer's communications. The equivalent idea in American terms would be Common Carrier status. Not one other ISP in France has such a wrong headed idea. I've talked with their admins, and they all pointed to the legal team for the policy forbidding them from cutting off spammers.

Fortunately, the French government is changing the law, they are working on updating the law* to clearly state that a carrier can punt a customer after receiving complaints about spam, scams, pr0n, or other bad stuff. I have been championing a few articles which would make ISPs both civilly and criminally liable (code civile et code penale) for failing to investigate complaints against their users. The penal code parts may not make it through more readings before the senat, due to pressure from only one French ISP (I'll give you one guess whowho).

The spam coming through wanadoodoo's servers are most likely coming from zombie windoze machines. We can't cut off wankaqueue, because there is such a huge number of francophone lusers on their system. So the only alternative, after sparring with their legal team to allow their few, overworked and completely clueless admins to cut off a few lusers, is to help put really bad laws on the books to punish ISPs.

Not an ideal solution, but fuck, if they weren't so obstinate in their refusal to help with the spam flood, they get what they deserve. All the other ISPs in France actively punt spammers or cut off zombie machines, so its too bad to punish the whole industry with such a broad law. I'm normally against laws like this, but after a couple of years of banging my head against this problem, views change.

the AC

* - there is a public hearing on these amendments this thursday, if any locals care. There are many good articles in this projet, which clearly define who is responsible for content, postings, and forces opt-in on all spam and commercial communications.

Re:incompetence outside of the US?

[frost22]

It's not the topics that causes spam to be relayed.

Well, in a way, it is.

If the US of a would finally start to get serious with spamming companies, it would all come to an end. Just follow the money.

Sucks to be you

[metamatic]

I own my Internet connection, and simple cost/benefit analysis suggested that the number of Taiwanese people sending me legitimate e-mail was close to zero, whereas the cost of dealing with spam from China and Taiwan ran into hours per month.

I fully appreciate that there are nice Taiwanese people who know how to run a server and are competent and responsible and don't spam... However, the cost of continuing to accept their e-mail is too high, because of their countrymen's bad behavior. So I block everything with Asian character sets in it, everything on the blacklists, and so on.

Similarly, there's some nice useful Windows software--but the cost of running Windows exceeds the benefit I'd get from running the software.

Re:If you are interested in some facts

[mabu]

From my experience as ISP sysadmin, I thing blacklisting is a stupid way to fight spam. Is like raiding all the houses of a town because you don't know in house lives the criminal.

I'm sorry you're caught in the RBL, but I'm not that sorry. What you fail to leave out is the fact that the blocks were blacklisted only after an untold number of complaints were summarily ignored. TDE brought it upon themselves and this is the only way to get them to act responsibly.

As an ISP, you also have a responsibility, just like as a person, to be aware that who you choose to associate yourself with may have consequences. If there's a guy in your neighborhood that's a criminal and you know it, and you don't do anything about it, you won't get much sympathy when your house is raided.

It's a bad situation for people like you. Sorry about that. But you're in the wrong [IP] block. You might want to move to a different neighborhood or clean up your own.

A better analogy would be: I live in a nice neighborhood that is clean, but the nearby town trucks all their garbage over to my town. I'm sure there are some fine people in that neighboring town that have nothing to do with it, but repeated complaints have gone on deaf ears. So now we're going to build a big wall around that town so they can stop dumping their trash elsewhere.

Re:incompetence outside of the US?

[budgenator]

What determine "who have no business sending smtp"? virus or trojan ridden computers

That's not an unreasonable start for a definition. If your the webmaster of example.com, and your ads are coming through an smtp server in example.com's domain, your going to be careful not to get your domain blacklisted. Most hosting provider's have some way of alowing you to compose Email on your local machine, and sending through your hosted domain. Even if they don't, a perl or asp script on your websever can do the trick real easy.
Anyone with the knowhow that is paying for an internet conection deserves the right to use that internet conection as they see fit. No you don't, you have the rights given in your ISP's Terms of Service. And I'd bet that all of those rights are subject to change without prior notification. If you don't like the service provided by your ISP, simply find one who does. You can even look into getting a raw pipe for yourself, then you can deal with all of an ISP's headaches.

The Bottom line is an Internet cafe that doesn't block out-going port 25 is just an open-relay that requires your physical presence.

Re:incompetence outside of the US?

[sumdumass]

Terms of service and blocking applications port traffic are 2 different things. if I buy an internet connection then i expect just that. Not some half bread slimed down connection that only allows port 80, 8080 or some game traffic. The idea of an isp blocking ports seems just stupid to me. That's like saying lets set up check points all across town to make sure no one drives without insurance or has a drivers license.

Oh and by the way I did go round and round with an isp blocking port 25 traffic and I won. It was with a local isp in Logan Ohio and after telling them my intentions of a law suite if necessary they opened the ports for me. This problem wasn't because I was spamming people either. It was because some customers had changed service accounts and held the previous email addresses for business purposes. They weren't able to send mail thru their other mail service and that wouldn't cut it.

You also mentioned an Internet cafe should block port 25, again this is totally wrong. If I go to an Internet cafe with my laptop and compose a message in the normal manner I shouldn't have to wait until I get home to send it. Blocking port 25 will stop my mail program from connecting to the regular email server and sending it. I have several accounts with white lists and only accept mail from certain domains.

Your approach is effective but is like killing the first-born son of every family because he will someday take your job from you. You don't take freedoms away from everyone because you are inconvenienced. That's just wrong. Maybe you should stop signing up for everything on the Internet and your spam problem will diminish. I have a junk mail account that i only check to delete the messages and a regular account that only gets about 3 spam messages a month. Yes you read right 3 spam messages a month