Now, second of all, SPEWS does not delist ISPs even when it turns out it was an incorrect listing or when the spammer has been booted out. My companys netblock is still listed despite:
1) Only one spammer referenced in the listing. 2) This spammer was booted out 10 months ago. 3) No new complaints at all. 4) Repeated requests in NANAE.
Being known as a spammer is bad for business. Being falsely identified as a spammer in people's block lists is bad for business as they may not get legit mail.
SPEWS does not list spammers. SPEWS lists spam-supporting ISPs by listing their netblocks. As such, there is no implication that the IP addresses in SPEWS listings are all used by spammers. SPEWS is up-front about how their list works and what goes into their list. There is no false implication or reputation attacking.
Punish all the customers of an ISP for the actions of a single spammer who no longer is using their services.
That's a rather extreme measure. I don't know of anyone who lists on that basis.
A spammer gets new IPs constantly. countless thousands of spammers use the same domains to send their crap. Block one URL and you block countless spammers.
Obviously you've not been paying attention to the criminal known as Alan Ralsky. He has a new domain name for shilling his fraudulent goods every week.
I realize you're too dense to get it through your skull that napalming a village to get a single target is not effective and does more damage than good.
In other words, you have no arguments, just invalid analogies.
I see, kind of like how pro-life activists publish hit lists. They're just making a list, right? They're not responsible for what people do with that list, right?
A "hit list" has an implied threat in its existence. People who use SPEWS listings do so on their own property in a perfectly legal fashion. Of course, your analogy is inept in that SPEWS is more like a list of businesslandlords who knowingly rent out space to crack dealers and whorehouses.
You're a liar. RBL operators know damn well that there are innocent people who will be affected by their actions.
I never claimed that they didn't know this. You're an idiot for calling me a liar.
I notice that you didn't respond to my quesiton as to how exactly SPEWS should be punished. Really, I'm interested in hearing how SPEWS -- a completely anonymous organization that publishes the IP blocks of known spam-friendly ISPs -- should be "punished".
Instead of blocking spammers, just filter out the links they include in e-mails. They can't be obfuscated because they won't work if they are and countless spammers use the same domains to host their affiliate pages and/or ad images.
Filtering at the message level is already done. DNSbls like SPEWS serve to stop the spam before it becomes a real cost-problem -- if the mail never hits your network, then you don't have to endure the expense of processing and storing it.
You cannot realisticly block spammers by blocking IPs.
Odd, it seems to be working so far.
SPEWS has probably done more damage to the internet by it's idiocy than spammers have.
"Probably"? Citation, please.
It's about time some of the businesses that are being hurt by them form a class action lawsuit.
Against whom? How do they contact SPEWS, and for what do they sue? SPEWS just publishes a list of IP blocks owned by known spam-friendly ISPs, with evidence to back up the listings. How do you turn that into a lawsuit?
SPEWS has taken the stance to act like an idiot and then blame the ISPs for SPEWS being retarded.
Huh? It's idiotic to blame spam-friendly ISPs for being spam-friendly? From what bizarro universe did you get this?
There's no excuse or need to block IPs.
Yes, there is. I get absolutely no legitimate email from South America or China. As such, it would be perfectly reasonable for me to block all incoming traffic from Chinese or South American ISP. Sure, I could filter it after the fact, but if I block the connection in the first place, I save on bandwidth and storage. Perhaps you should actually study how mail systems work before criticizing methods used to prevent spamming?
The best part about blocking links is that the header is meaningless. Every line of it could be forged but if the e-mail contains a link to a blocked domain it will not get through.
Until the spammer morphs their domain name, as they have been doing constantly for the past five years.
Find innocent users who are only weakly associated to the actual people you have a disagreement with -- in this case, customers on netblocks belonging to higher-level companies who, in one way or another, harbor spammers. (
SPEWS is not targeting the "innocent users". SPEWS is targeting spam-friendly ISPs. SPEWS targets these spam-friendly ISPs by listing the IP blocks of said spam-friendly ISPs. "Innocent users" are only affected when they are hosted on the listed IP blocks. Your analogy fails here. The WTC terrorists deliberately sought to kill innocent people. SPEWS just lists IP blocks, and if innocents are there, their IP blocks get listed (also, SPEWS has never killed anyone, though it's clear that you're too stupid to see how utterly asinine your analogy is on that level).
Hold these people hostage by making it impossible for them to use email, in an effort to extort them into placing pressure on the aforementioned higher-level company to stop harboring spammers
SPEWS does nothing to anyone's email. SPEWS is just a DNSbl. They just list IP blocks. They don't affect my mail in any way. SPEWS does not send mail and they do not route mail. SPEWS only lists spam-friendly ISP's IP blocks, and mail admins who CHOOSE to filter based upon SPEWS listings will CHOOSE to block mail from those IP blocks.
Endure a hostile backlash when your plan doesn't work out -- sysadmins, hackers, tech-savvy victims of this approach use massive DDoS attacks to take down multiple RBLs
You're comparing a retaliatory strike against terrorists to an illegal denial of service attack against antispam groups?
Wouldn't the more appropriate analogy be comparing spammers to terrorists?
SPEWS and other "services" like it share the same moral motivation as terrorists, and I find their behavior repulsive, unethical, and deserving of punishment.
Your analogy is inadequate, asinine and stupid. What kind of "punishment" would you deem appropriate for what SPEWS does -- but first, be sure to state exactly what it is that SPEWS does. From your statements thus far, it seems like you don't actually know.
SPEWs blacklists entire ISPs (ones who I know are doing their damnedest to stop spam),
Uh, if the ISP were doing their damndest to stop spam, they wouldn't be listed in SPEWS. SPEWS only lists after an ISP ignores repeated abuse on their network.
I live in a town with one local non-cable ISP. Who would I switch to if they got listed? Answer: noone. Since paying for a remote colo is outside my budget, I'd have no options except to cease operations.
Or smarthost your mail. Or scream and bitch to your ISP, since it's their actions that got them into the status of "ISP from whom no one wants mail".
SPEWS is just the messenger, but everyone wants to shoot them, for some reason. Probably easier than doing something responsible.
Pay attention: SPEWS is blocking e-mail that people DID WANT.
Wrong. SPEWS is not blocking any mail at all.
If YOU were paying attention you'd know there are highly effective ways to block spam that don't involve IPs or headers and that don't inflict collateral damage.
Effective methods for blocking spam that don't require you to waste CPU cycles by processing spammer messages? A means to block spammer email at the router but nothing else? Do tell. Also name methods for putting pressure on spam-friendly ISPs that do not involve "collateral damage".
Classic blame the victim.
Uh, no, it's blame the spam-friendly ISP. Or are you going to claim in spite of the evidence that nac.net does not host spammers?
SPEWS is a retarded bully and needs to go.
SPEWS will "go" at such time that all mail admins choose to stop using SPEWS. No one forces mail admins to use SPEWS, they choose it on their own. Unless you pay them for services, you have absolutely no business telling them how to run their systems. Even if you are paying for their services, the level of input that you give them is weighted by the fact that you're probably not the only one paying them and the fact that ultimately, they own the machines.
It's time to grow up and find ways to block spam that don't hurt anyone but the spammers.
We're all eagerly awaiting your solution to this problem, since you seem to think that it's so easy.
Don't be too confident in that pseudo-anonymity. I'd be willing to bet that a John Doe subpoena to their hosting company for financial records and connection logs would be reasonably possible for a highly-motivated plaintiff.
Interesting, you'd think that with all of the "big, ethikul bidnezzez" that SPEWS has honked off, someone would have tried this already.
If I stand in front of a store and physically prevent people from going in, I'll get thrown in jail. Preventing solicitors that the store didn't want anyway is one thing. Blocking legitimate customers is quite another.
SPEWS shouldn't be any different. Spammers could possibly sue SPEWS but the odds of them winning a suit are minimal because they're sending unsolicited advertisments. However, established legitimate businesses would probably have little trouble getting a class action lawsuit going against them and winning.
SPEWS does not block anything. Only the admins of mailservers can block mail. SPEWS is just listing information. Your analogy is false, and your suggestion of suing is asinine.
Domains should be assumed to have a "no solicitations" sign posted. That would allow companies like SPEWS to block spam from going to domains.
SPEWS is not a company. SPEWS does not block spam.
However, it would also allow them to be sued off the planet if they blocked legitimate customers.
Besides the fact that you would have to find SPEWS to sue SPEWS (no one knows who they are), SPEWS does not block anyone, legitimate or otherwise. If you had been paying attention here, you would have known that.
If that ISP gets blacklisted by the retards at SPEWS you can bet I'll be pitching the "sue them" idea.
Of course you will. You don't want to take responsibility for choosing an ISP so criminal that they willingly allow spammers on their network, so you'll just blame a service that rightfully points out that your ISP is spam-friendly, even though that service is not blocking any traffic from your network.
Maybe SPEWS would like to pay for everyone's setup, contract breaking and moving costs.
Maybe spm-friendly ISPs would like to pay for everyone's setup, contract breaking and moving costs -- after all, it's their own negligence that landed their netblocks into SPEWS's lists.
I find it pathetic that the same community that thinks sacrificing liberty for security is a bad idea thinks it's okay as long it's for the sake of blocking spam. Destroying countless people's ability to send e-mail is perfectly okay since it's for the security of not getting spam from that one guy.
Since when the hell did "liberty" mean that you get to send email to absolutely anyone, even if they don't want it? If I run a mailserver, I get to choose whether or not I want traffic from your domain. It's MY property, MY rules. Your whine about "liberty" just because some admins CHOOSE not to accept mail from spam-friendly ISPs is a classic spammer whine about "frea speach!"
If I sign up with what appears to be the best provider for me (or even the only one avilable), am I to blame because some stupid git sign up for a free trial and sends out spam?
No. Fortunately, no sane DNSbl (including SPEWS) will list an ISP because "some stupid git signs up for a free trial and sends out spam". ISPs only get listed in SPEWS after refusing to terminate repeat spammers, or sign up a known "block on sight" spammer like Alan Ralsky.
Its not always easy for a large site to just change hosts. Someone is being punished here who does not deserve it, and I think we can agree that is wrong.
I assume, then, that you have a better method for pressuring spam-friendly ISPs to drop their known criminal customers?
Here's an example. Verizon.net. They host a criminal outfit called digitalcable4free.com. This outfit not only spams, but also sells an illegal product. Verizon has yet to terminate these criminals -- apparently Verizon has a policy of openly endorsing criminal activity. I think that if everyone refused traffic from Verizon's network until that site were down, it would be an effective tool for pressuring Verizon into actually doing the right thing, but apparently you have a better solution that will work just as well (if not more effectively) and without any so-called "collateral damage". Let's hear it.
Actually, this part is incorrect. Spews (and several other blacklist providers) don't even bother to notify the ISP before listing (or after for that matter).
SPEWS as an organization does not send mail, however the people who are behind SPEWS DO send LARTs to the responsible hosting providers for the spams that they receive. They just don't identify themselves as SPEWS when they do it. This is so that ISPs will either learn to take ALL complaints seriously (because they can never know when one of the complaints comes from someone at SPEWS) or learn to enjoy their new intranet.
NAC has been what I would call a "good supporter of internet society" offering decent services and a good location without degrading into a plain and outright capitalist corporation.
NAC.net harbors known spammers, despite repeated spam runs and subsequent complaints. This means that nac.net is not a "good supporter of internet society".
Slashdot Mirror
Now, second of all, SPEWS does not delist ISPs even when it turns out it was an incorrect listing or when the spammer has been booted out. My companys netblock is still listed despite:
1) Only one spammer referenced in the listing.
2) This spammer was booted out 10 months ago.
3) No new complaints at all.
4) Repeated requests in NANAE.
What is your SPEWS reference number?
Spews loons would see that as an attempt to evade their blocks, and they might well list the smarthost's ISP as well.
Really? Do you have evidence for this bizarre assertion, or are you just making it up because reality does not conform to your prejudices?
Being known as a spammer is bad for business. Being falsely identified as a spammer in people's block lists is bad for business as they may not get legit mail.
SPEWS does not list spammers. SPEWS lists spam-supporting ISPs by listing their netblocks. As such, there is no implication that the IP addresses in SPEWS listings are all used by spammers. SPEWS is up-front about how their list works and what goes into their list. There is no false implication or reputation attacking.
Punish all the customers of an ISP for the actions of a single spammer who no longer is using their services.
That's a rather extreme measure. I don't know of anyone who lists on that basis.
A spammer gets new IPs constantly. countless thousands of spammers use the same domains to send their crap. Block one URL and you block countless spammers.
Obviously you've not been paying attention to the criminal known as Alan Ralsky. He has a new domain name for shilling his fraudulent goods every week.
I realize you're too dense to get it through your skull that napalming a village to get a single target is not effective and does more damage than good.
In other words, you have no arguments, just invalid analogies.
If it were that easy to figure out who ran SPEWS, don't you think that someone would have made this information very widely known?
I see, kind of like how pro-life activists publish hit lists. They're just making a list, right? They're not responsible for what people do with that list, right?
A "hit list" has an implied threat in its existence. People who use SPEWS listings do so on their own property in a perfectly legal fashion. Of course, your analogy is inept in that SPEWS is more like a list of businesslandlords who knowingly rent out space to crack dealers and whorehouses.
You're a liar. RBL operators know damn well that there are innocent people who will be affected by their actions.
I never claimed that they didn't know this. You're an idiot for calling me a liar.
I notice that you didn't respond to my quesiton as to how exactly SPEWS should be punished. Really, I'm interested in hearing how SPEWS -- a completely anonymous organization that publishes the IP blocks of known spam-friendly ISPs -- should be "punished".
It's power comes the ability to cut off legitimate users.
How, exactly, does SPEWS "cut off" legitimate users?
Ah, yes, another whiny website that blamed the messenger for truthfully reporting that cogent/nhi hosting harbors known criminals.
Instead of blocking spammers, just filter out the links they include in e-mails. They can't be obfuscated because they won't work if they are and countless spammers use the same domains to host their affiliate pages and/or ad images.
Filtering at the message level is already done. DNSbls like SPEWS serve to stop the spam before it becomes a real cost-problem -- if the mail never hits your network, then you don't have to endure the expense of processing and storing it.
You cannot realisticly block spammers by blocking IPs.
Odd, it seems to be working so far.
SPEWS has probably done more damage to the internet by it's idiocy than spammers have.
"Probably"? Citation, please.
It's about time some of the businesses that are being hurt by them form a class action lawsuit.
Against whom? How do they contact SPEWS, and for what do they sue? SPEWS just publishes a list of IP blocks owned by known spam-friendly ISPs, with evidence to back up the listings. How do you turn that into a lawsuit?
SPEWS has taken the stance to act like an idiot and then blame the ISPs for SPEWS being retarded.
Huh? It's idiotic to blame spam-friendly ISPs for being spam-friendly? From what bizarro universe did you get this?
There's no excuse or need to block IPs.
Yes, there is. I get absolutely no legitimate email from South America or China. As such, it would be perfectly reasonable for me to block all incoming traffic from Chinese or South American ISP. Sure, I could filter it after the fact, but if I block the connection in the first place, I save on bandwidth and storage. Perhaps you should actually study how mail systems work before criticizing methods used to prevent spamming?
The best part about blocking links is that the header is meaningless. Every line of it could be forged but if the e-mail contains a link to a blocked domain it will not get through.
Until the spammer morphs their domain name, as they have been doing constantly for the past five years.
Find innocent users who are only weakly associated to the actual people you have a disagreement with -- in this case, customers on netblocks belonging to higher-level companies who, in one way or another, harbor spammers. (
SPEWS is not targeting the "innocent users". SPEWS is targeting spam-friendly ISPs. SPEWS targets these spam-friendly ISPs by listing the IP blocks of said spam-friendly ISPs. "Innocent users" are only affected when they are hosted on the listed IP blocks. Your analogy fails here. The WTC terrorists deliberately sought to kill innocent people. SPEWS just lists IP blocks, and if innocents are there, their IP blocks get listed (also, SPEWS has never killed anyone, though it's clear that you're too stupid to see how utterly asinine your analogy is on that level).
Hold these people hostage by making it impossible for them to use email, in an effort to extort them into placing pressure on the aforementioned higher-level company to stop harboring spammers
SPEWS does nothing to anyone's email. SPEWS is just a DNSbl. They just list IP blocks. They don't affect my mail in any way. SPEWS does not send mail and they do not route mail. SPEWS only lists spam-friendly ISP's IP blocks, and mail admins who CHOOSE to filter based upon SPEWS listings will CHOOSE to block mail from those IP blocks.
Endure a hostile backlash when your plan doesn't work out -- sysadmins, hackers, tech-savvy victims of this approach use massive DDoS attacks to take down multiple RBLs
You're comparing a retaliatory strike against terrorists to an illegal denial of service attack against antispam groups?
Wouldn't the more appropriate analogy be comparing spammers to terrorists?
SPEWS and other "services" like it share the same moral motivation as terrorists, and I find their behavior repulsive, unethical, and deserving of punishment.
Your analogy is inadequate, asinine and stupid. What kind of "punishment" would you deem appropriate for what SPEWS does -- but first, be sure to state exactly what it is that SPEWS does. From your statements thus far, it seems like you don't actually know.
SPEWs blacklists entire ISPs (ones who I know are doing their damnedest to stop spam),
Uh, if the ISP were doing their damndest to stop spam, they wouldn't be listed in SPEWS. SPEWS only lists after an ISP ignores repeated abuse on their network.
I really think that's a little far.
I don't. Verizon's management has not yet shown any hint of ethics.
You need to come up with something better.
Why? Your analogy is stupid.
Oh my Mr Kettle, look how black you are, thus spoke a champion of SPEWS.
What the hell is that supposed to mean?
If you send them a nice notice on letterhead, however, you might see some action.
So I shouldn't expect Verizon to kick of a known spamming, criminal outfit until I send them a nice notice on letterhead?
Sorry, I think that I'll just keep swamping their corporate inboxes with complaints. After all, they're openly ignoring abuse@verizon.com
They're whores who would sell out their own children to child pornography websites if they were paid enough. Why should I have to be nice to them?
I live in a town with one local non-cable ISP. Who would I switch to if they got listed? Answer: noone. Since paying for a remote colo is outside my budget, I'd have no options except to cease operations.
Or smarthost your mail. Or scream and bitch to your ISP, since it's their actions that got them into the status of "ISP from whom no one wants mail".
SPEWS is just the messenger, but everyone wants to shoot them, for some reason. Probably easier than doing something responsible.
1. Call Verizon, get as far up the chain as you can, and then hassle the droid about how irresponsible it is.
Well, yes, I can do this. Over and over and over again, until they stop taking my calls. This has been done before by antispammers.
2. Encourage people to boycott Verizon.
Funny, I thought that's what I proposed -- boycott Verizon by not accepting their traffic.
3. Put up a web site listing spammers on Verizon's network.
Been there, done that. It's called SPEWS, funnily enough.
4. Hassle cable companies to sue Verizon.
I do, in fact, forward such messages to cable companies.
5. Get your local attorney to crack down on their spamming.
My local attorney isn't going to be able to do anything, thanks to CAN-SPAM.
6. Forward all spam to the Verizon CEO.
I already do that.
Any of these might well work better than a tiny fraction of Verizon customer email being blocked.
"Tiny fraction"? I suggested EVERYONE blocking ALL Verizon traffic.
Pay attention: SPEWS is blocking e-mail that people DID WANT.
Wrong. SPEWS is not blocking any mail at all.
If YOU were paying attention you'd know there are highly effective ways to block spam that don't involve IPs or headers and that don't inflict collateral damage.
Effective methods for blocking spam that don't require you to waste CPU cycles by processing spammer messages? A means to block spammer email at the router but nothing else? Do tell. Also name methods for putting pressure on spam-friendly ISPs that do not involve "collateral damage".
Classic blame the victim.
Uh, no, it's blame the spam-friendly ISP. Or are you going to claim in spite of the evidence that nac.net does not host spammers?
SPEWS is a retarded bully and needs to go.
SPEWS will "go" at such time that all mail admins choose to stop using SPEWS. No one forces mail admins to use SPEWS, they choose it on their own. Unless you pay them for services, you have absolutely no business telling them how to run their systems. Even if you are paying for their services, the level of input that you give them is weighted by the fact that you're probably not the only one paying them and the fact that ultimately, they own the machines.
It's time to grow up and find ways to block spam that don't hurt anyone but the spammers.
We're all eagerly awaiting your solution to this problem, since you seem to think that it's so easy.
Don't be too confident in that pseudo-anonymity. I'd be willing to bet that a John Doe subpoena to their hosting company for financial records and connection logs would be reasonably possible for a highly-motivated plaintiff.
Interesting, you'd think that with all of the "big, ethikul bidnezzez" that SPEWS has honked off, someone would have tried this already.
If I stand in front of a store and physically prevent people from going in, I'll get thrown in jail. Preventing solicitors that the store didn't want anyway is one thing. Blocking legitimate customers is quite another.
SPEWS shouldn't be any different. Spammers could possibly sue SPEWS but the odds of them winning a suit are minimal because they're sending unsolicited advertisments. However, established legitimate businesses would probably have little trouble getting a class action lawsuit going against them and winning.
SPEWS does not block anything. Only the admins of mailservers can block mail. SPEWS is just listing information. Your analogy is false, and your suggestion of suing is asinine.
Domains should be assumed to have a "no solicitations" sign posted. That would allow companies like SPEWS to block spam from going to domains.
SPEWS is not a company. SPEWS does not block spam.
However, it would also allow them to be sued off the planet if they blocked legitimate customers.
Besides the fact that you would have to find SPEWS to sue SPEWS (no one knows who they are), SPEWS does not block anyone, legitimate or otherwise. If you had been paying attention here, you would have known that.
If that ISP gets blacklisted by the retards at SPEWS you can bet I'll be pitching the "sue them" idea.
Of course you will. You don't want to take responsibility for choosing an ISP so criminal that they willingly allow spammers on their network, so you'll just blame a service that rightfully points out that your ISP is spam-friendly, even though that service is not blocking any traffic from your network.
Maybe SPEWS would like to pay for everyone's setup, contract breaking and moving costs.
Maybe spm-friendly ISPs would like to pay for everyone's setup, contract breaking and moving costs -- after all, it's their own negligence that landed their netblocks into SPEWS's lists.
I find it pathetic that the same community that thinks sacrificing liberty for security is a bad idea thinks it's okay as long it's for the sake of blocking spam. Destroying countless people's ability to send e-mail is perfectly okay since it's for the security of not getting spam from that one guy.
Since when the hell did "liberty" mean that you get to send email to absolutely anyone, even if they don't want it? If I run a mailserver, I get to choose whether or not I want traffic from your domain. It's MY property, MY rules. Your whine about "liberty" just because some admins CHOOSE not to accept mail from spam-friendly ISPs is a classic spammer whine about "frea speach!"
If I sign up with what appears to be the best provider for me (or even the only one avilable), am I to blame because some stupid git sign up for a free trial and sends out spam?
No. Fortunately, no sane DNSbl (including SPEWS) will list an ISP because "some stupid git signs up for a free trial and sends out spam". ISPs only get listed in SPEWS after refusing to terminate repeat spammers, or sign up a known "block on sight" spammer like Alan Ralsky.
Its not always easy for a large site to just change hosts. Someone is being punished here who does not deserve it, and I think we can agree that is wrong.
I assume, then, that you have a better method for pressuring spam-friendly ISPs to drop their known criminal customers?
Here's an example. Verizon.net. They host a criminal outfit called digitalcable4free.com. This outfit not only spams, but also sells an illegal product. Verizon has yet to terminate these criminals -- apparently Verizon has a policy of openly endorsing criminal activity. I think that if everyone refused traffic from Verizon's network until that site were down, it would be an effective tool for pressuring Verizon into actually doing the right thing, but apparently you have a better solution that will work just as well (if not more effectively) and without any so-called "collateral damage". Let's hear it.
Actually, this part is incorrect. Spews (and several other blacklist providers) don't even bother to notify the ISP before listing (or after for that matter).
SPEWS as an organization does not send mail, however the people who are behind SPEWS DO send LARTs to the responsible hosting providers for the spams that they receive. They just don't identify themselves as SPEWS when they do it. This is so that ISPs will either learn to take ALL complaints seriously (because they can never know when one of the complaints comes from someone at SPEWS) or learn to enjoy their new intranet.
Yeah, but what about the other sites hosted by NAC. Its not just DSLR/BBR that's effected by this block.
Yeah, what about the poor spammers who can't send mail from their bulletproof nac.net hosted space?
NAC has been what I would call a "good supporter of internet society" offering decent services and a good location without degrading into a plain and outright capitalist corporation.
NAC.net harbors known spammers, despite repeated spam runs and subsequent complaints. This means that nac.net is not a "good supporter of internet society".