I would have said the same until the day before yesterday. Made a ps file on an old computer. Made pdf using ps2pdf. Printed on HP ps printer via lpr, pdf version via acroread identical to ps version. Sent pdf to another company to print using acrobat, one of the graphics moved by 10mm in its 'frame'. PDF is a better standard than most, but its not perfect. And, crucially, you can't edit it, which is very good in some settings and very bad in others.
But do Quest or Sprint offer the kind of hosting options used by spammers, ie leased machines in server parks or cheapish broadband connections? It's an honest question, I don't know the answer, what bothers me is that no-one seems to think that the answer matters...
This thread seems to have gone off in all sorts of slashdot-like tangents, but no-one seems to have picked up on what I assume was the original point, namely that bigger ISPs are always going to have worse spam records, simply because they have more customers. The spam vigilantes seem to count numbers of complaints rather than complaints as a percentage of customers, so of course the big guys come off worse!
If we all act on this logic, the only people allowed to send mail will be students with email servers in their dorm rooms, and, guess what, half of them will end up hosting spammers.
Before all those spam vigilantes flame me, could they provide some figures comparing ISPs that take into account the size of their customer base? If not, the figures are about as useful as the last byte of the ISP's nameserver's NIC MAC address in terms of dealing with spam.
I was wondering if anyone was going to mention this. It's exactly what the OP asks for, a Linux distribution that does it all for you, and you can run it on an old 486 or a mini-itx box with the software on CF. I'm using two of them plus a satellite uplink 400m away to browse atm...
I'm increasingly convinced that a lot of the secureness of Linux boils down to better and more cautious sys admins, and, if this is the case, things can only get worse from here on in. If you run all your linux code as root and your password is 'password' (and I've met at least one person who does this), I don't think you have a wonderfully secure system. OTOH, W2K Server with the Security Pack applied is not a trivial thing to hack.
They use Macs because they are the best tool for the job. If and when that is no longer the case, they'll get a PC running Windows, at least for that application. They probably already have one running their software RIP and another one for the accounts. Graphic designers may be sentimental about their macs, but they also like to eat.
I don't have a problem with any of this stuff, because it doesn't damage the business of people who aren't spamming. I would ask what the point is though. You are not going to beat spam this way. I don't think you are even going to slow it down much, because whatever the costs for the spammer, they would be much the same for the ISP on the other end of the eternally open connection. Who is paying for that 500Mb a day of bandwidth, it's either your mate, or his company, or, if he is on unlimited ADSL or something, all the other customers who only use 50Mb a month to collect email, but who get charged the same rate as your mate.
The only reliable solution is legislation. In the meantime, I still think that there would be mileage in ISPs charging their customers on a per-click basis for responding to spam. That way, people can send as much spam as they like, the ISPs are paid for the traffic by the people who use it, everyone is happy, and of course most people will stop clicking on the links in a matter of months, so the whole spam economy collapses. But it will never happen, because ISPs prefer systems that upset other people's customers, even though it is their customers who pay the spammers in the first place.
Um, I've told you that I have contacted my ISP, but please don't let this interrupt your shrink-wrapped ranting.
I have looked at your links, and what I see is data, not evidence. Let's look at this from a statistical point of view. Take an ISP with 10,000 machines, with an established pricing strategy and an established policy on dealing with spam (good or bad, it doesn't make any difference). Now take 10 of those machines and put them under a different company, which has an identical pricing strategy and identical spam policy. Run for a year, look for what you call evidence, and, hey presto, the company with 9,990 machines will have generated hundreds of times more complaints than the one with 10 machines, so any idiot can see that they have different policies. That, in essence, is what your 'evidence' boils down to. Oh, and the fact that they are in Spews so they ought to be in Spews, which looks a trifle circular to me. If you don't have a baseline that takes into account the number of machines and their suitability for spamming in bandwidth terms, counting the number of abuse posts is utterly meaningless. Do get back to me if you see a flaw in this reasoning.
Think what you like, if you are going to judge an ISP's spam policy by weighing the amount of spam sent without looking at, for example, the number of machines they host and their bandwidth, you are going to get some bizarre results.
Had a quick look at some of those links, not very impressed, some of them argue that Host Europe should be blacklisted because it is blacklisted... Like I say, I'll tell you what response I get.
I don't approve of DDos attacks, I wouldn't do anything to make one happen, if I was in a position to stop the one against SPEWS and company I probably would, but SPEWS are not on my Christmas card list and I don't see that changing any time soon.
Spam blacklists are fine, blocking IP ranges isn't, IMHO (and that of a lot of other people AFAICT)
Can't say I clicked on all the links on the page you link to, as I've said before, I would expect there to be complaints, the question is how those complaints are dealt with, and counting hits from a search engine isn't going to answer that question one way or another.
Your point about not shutting down spammers is valid, if indeed it is the case. As I've just said on frankie's thread, I've emailed Host Europe asking them about the letter frankie posted, and for their policy on dealing with known spammers. If this topic is still open when I get an answer, or if you send me an email address via my website, I'll tell you what they say.
OK, I'll email Host Europe now and ask them for their side of the story. This thread will probably be closed by the time I get an answer, but I guess there is some way of contacting you on your website?
First, the article referred to SPEWS too. I didn't think that all posts had to refer to every word in the linked article.
Second, I don't approve of DDos. The term for what I feel is schadenfreude, but I thought that was a bit long for a/. post (and I'm not sure how to spell it). In other words, the people behind SPEWS seem determined to interfere with my ability to carry out non-spam business, so I'm not going to weep too much if someone messes with theirs.
Third, repeating the same ridiculous sentence ad nauseum doesn't make it any less ridiculous. Your statement only makes sense if SPEWS is infallible. That seems unlikely to me. The only person on this thread who has bothered to check into the specifics is freddie, and he has gone a bit quiet since I asked him to explain how any server park could possibly check all the mail going through smtp servers they don't administrate, which appears to be what the anti-spam lobby wanted them to do. I am still open to hearing any specific evidence relating to Host Europe.
Fourth, no idea what C&W is, but what you say I make clear isn't at all clear to me. What I have repeatedly said is that it is both technically and legally impossible for any server park renting machines to other companies, and to which they do not have access, to ensure that those machines will never be used for spam. If you disagree, let's talk technical details instead of character assassination. The SPEWS approach might have worked in a world consisting of large centralised ISPs and end users, I can't see how blocking IP ranges makes any sense in the server park scenario. The best Host Europe could do is to terminate contracts rapidly when spamming occurs. Do you have any evidence as to how they handle such incidents?
If anyone comes up with specific evidence that Host Europe are encouraging the use of their server parks for spamming, I'll look into it. What I'm not going to do is harrass Host Europe on the basis of SPEWS IP-range blocking mafia tactics, especially as the longer this thread goes on the more clear it becomes that actual evidence is of no interest to the kind of people who support SPEWS.
Err no, several people have said that Host Europe has a bad reputation, and one person has produced a letter that doesn't appear to prove anything much as evidence.
But they can place a rider in the contract stating that sending SPAM is a violation and will cause said contract to be terminated for cause. This means that when SPEWS (or any other anti-SPAM org) contacts them and says IP X is Spamming, then the ISP (Host Europe in your case) terminates the offender(s)'s connection after investigating.
That is virtually word for word what the contract does say, as I've already pointed out. The trouble with the letter freddie posted is that we don't know what the question was. I suspect it was "why don't you monitor all the mail sent by all your customers using their own smtp servers?" to which the answer "because we can't, legally or technically", in which case it sounds pretty reasonable to me.
Err, why is this damning? It looks like a statement of the blindingly obvious to me.
Your previous email was incorrect in the same way as every pro-SPEWS discussion I have seen has been incorrect. carrelet.net is not my ISP, it's one of my company's servers that we lease from Host Europe, for which we have the root password, and if we caught Host Europe messing with it we would be very unhappy and might well have grounds to sue.
So given that Host Europe are in the business of leasing servers to companies like us, and that we don't use their centralised smtp servers, how would you like Host Europe to comply with the question to which that letter appears to be replying?
My basic beef with SPEWS is that it doesn't take into account the server park scenario, and treats all the users of a park as if they are being administered by the same organisation. This makes about as much sense as blocking phonecalls from entire towns if one person in that town is abusing his phone line. Or blacklisting IANA if they provide an IP address directly to a spammer. We have effectively bought our IP address from Host Europe, and we would like to be judged on our administration of that IP address, which doesn't seem too unreasonable to me.
Now if you can find correspondence showing that Host Europe won't terminate the contracts on servers that have been used for spam, or that they promptly give another server to proven spammers, that's a different matter. AFAIR, their contract says that they follow a strict anti-spam policy, and that any proven case will result in immediate termination of the contract plus a 100 UKP fine.
But, I repeat, no-one offering dedicated hosting can guarantee that none of their machines will ever be used to send spam. If you disagree, maybe you could recommend a company offering complete control of servers that doesn't have this sort of issue with SPEWS from time to time. MagicMoments is one of Host Europe's machine-leasing divisions, so I'm not surprised that their machines sometimes get used to send spam, but that doesn't equal a 'pink contract'. The question is what they do about proven cases of spamming from their server park.
Can't get to the spews site atm, if you post some more information I'll be happy to look at the details. AFAIR, Magic Moments is part of the Host Europe group.
I know it isn't blocking that range now, I never said it was. What I said was that it had done so in the past. The knee-jerk response of several spam vigilantes was that this was obviously because Host Europe is a 'spam enabling' ISP. You appear to be saying that this is untrue. Thanks for helping to clear up the point. I maintain that blocking my IP address to put pressure on an ISP to do more than their best is as pointless as it is immoral, and I hope that people reading this thread will reach a similar conclusion.
Maybe you're right. Or maybe you aren't. Since Host Europe has 2 of the largest server parks in Europe, and they probably don't have Tom Cruise doing Minority Report-type profiling on customers to see if they are going to spam before they rent the machines, this may not mean much. Surely what we want to know is
How the complaint rate compares with the industry baseline for server parks (as opposed to shared hosting or home user ISPs)
Or maybe SPEWS messed up, didn't get the mail, didn't send the mail... Not for the first time today, the ISP is Host Europe, there must be records of what SPEWS has been up to, what is the evidence that Host Europe is a serial spam offender? All the responses to date seem to take SPEWS' infallibility as an article of faith, and at least one person thinks servers should be blocked if their sys admins question SPEWS' policy, which just helps to convince the rest of us that they are in the office between the crop circle people and the UFO abduction people.
I am typing this slowly in the hope that the anti-spam lobby will realise that the clue is in the words. I don't have a spam-enabling ISP, I have an ISP that, AFAICT, had one spammer for a few days. If you have tens of thousands of servers, and you check with your customers before shutting them down, and there was a national holiday in the way or the sys admin was sick, this could happen to anyone. I've invited people on several occasions to provide evidence that Host Europe encourages spam, and I would issue the same invitation to you. Unless or until someone produces that evidence, I'm going to keep saying that you are promoting a policy of shooting the innocent and mildly inconveniencing the guilty.
Glad to hear of this resounding victory, ie stopping one spammer from sending one steam of spam to one server. By next week I suspect that spam will therefore be a problem of the past.
If your spammers are knocking up scripts in VB, I suspect they aren't real spammers. I would expect to find the professionals on Linux servers, because they are cheaper to rent, and any perl programmer with half a brain can pick up a couple of modules from CPAN that will let him handle tens of thousands of open connections at a time. Will your average office Exchange server on an ADSL connection go that high?
If I was writing the script (and I would repeat that this is not one of my interests, although truth issues don't seem to worry you too much), I would close connections after x seconds and put those domains down as first on the list for my next IP address.
In other words, all you are doing is training spammers to be more sophisticated, and then everyone suffers more than before. Well done guys.
This conversation is starting to depress me. Are you telling me that there are still mailing list programs out there that don't multithread? Are they written in GW BASIC? The last one I looked at had a default limit of 9999 connections.
The main public service issue I can see is providing therapeutic activity for those who want to crusade against spam and have no understanding of the issues.
Host Europe once hosted one spammer for about a week, as far as I can tell. If you want to block every ISP who has that bad a record, it's much easier than you are making it, just unplug that rectangular plug from the network card in your mail server.
Anti-social and suicidal. I think our dear colleague assumes that Host Europe has 3.5 computers run by students, where as in fact it is one of the largest ISPs in Europe. His phone is probably ringing already, from people wanting to know why he has broken their email. Always assuming he has any customers...
Slashdot Mirror
I would have said the same until the day before yesterday. Made a ps file on an old computer. Made pdf using ps2pdf. Printed on HP ps printer via lpr, pdf version via acroread identical to ps version. Sent pdf to another company to print using acrobat, one of the graphics moved by 10mm in its 'frame'. PDF is a better standard than most, but its not perfect. And, crucially, you can't edit it, which is very good in some settings and very bad in others.
But do Quest or Sprint offer the kind of hosting options used by spammers, ie leased machines in server parks or cheapish broadband connections? It's an honest question, I don't know the answer, what bothers me is that no-one seems to think that the answer matters...
This thread seems to have gone off in all sorts of slashdot-like tangents, but no-one seems to have picked up on what I assume was the original point, namely that bigger ISPs are always going to have worse spam records, simply because they have more customers. The spam vigilantes seem to count numbers of complaints rather than complaints as a percentage of customers, so of course the big guys come off worse!
If we all act on this logic, the only people allowed to send mail will be students with email servers in their dorm rooms, and, guess what, half of them will end up hosting spammers.
Before all those spam vigilantes flame me, could they provide some figures comparing ISPs that take into account the size of their customer base? If not, the figures are about as useful as the last byte of the ISP's nameserver's NIC MAC address in terms of dealing with spam.
I was wondering if anyone was going to mention this. It's exactly what the OP asks for, a Linux distribution that does it all for you, and you can run it on an old 486 or a mini-itx box with the software on CF. I'm using two of them plus a satellite uplink 400m away to browse atm...
I'm increasingly convinced that a lot of the secureness of Linux boils down to better and more cautious sys admins, and, if this is the case, things can only get worse from here on in. If you run all your linux code as root and your password is 'password' (and I've met at least one person who does this), I don't think you have a wonderfully secure system. OTOH, W2K Server with the Security Pack applied is not a trivial thing to hack.
They use Macs because they are the best tool for the job. If and when that is no longer the case, they'll get a PC running Windows, at least for that application. They probably already have one running their software RIP and another one for the accounts. Graphic designers may be sentimental about their macs, but they also like to eat.
I don't have a problem with any of this stuff, because it doesn't damage the business of people who aren't spamming. I would ask what the point is though. You are not going to beat spam this way. I don't think you are even going to slow it down much, because whatever the costs for the spammer, they would be much the same for the ISP on the other end of the eternally open connection. Who is paying for that 500Mb a day of bandwidth, it's either your mate, or his company, or, if he is on unlimited ADSL or something, all the other customers who only use 50Mb a month to collect email, but who get charged the same rate as your mate.
The only reliable solution is legislation. In the meantime, I still think that there would be mileage in ISPs charging their customers on a per-click basis for responding to spam. That way, people can send as much spam as they like, the ISPs are paid for the traffic by the people who use it, everyone is happy, and of course most people will stop clicking on the links in a matter of months, so the whole spam economy collapses. But it will never happen, because ISPs prefer systems that upset other people's customers, even though it is their customers who pay the spammers in the first place.
Um, I've told you that I have contacted my ISP, but please don't let this interrupt your shrink-wrapped ranting.
I have looked at your links, and what I see is data, not evidence. Let's look at this from a statistical point of view. Take an ISP with 10,000 machines, with an established pricing strategy and an established policy on dealing with spam (good or bad, it doesn't make any difference). Now take 10 of those machines and put them under a different company, which has an identical pricing strategy and identical spam policy. Run for a year, look for what you call evidence, and, hey presto, the company with 9,990 machines will have generated hundreds of times more complaints than the one with 10 machines, so any idiot can see that they have different policies. That, in essence, is what your 'evidence' boils down to. Oh, and the fact that they are in Spews so they ought to be in Spews, which looks a trifle circular to me. If you don't have a baseline that takes into account the number of machines and their suitability for spamming in bandwidth terms, counting the number of abuse posts is utterly meaningless. Do get back to me if you see a flaw in this reasoning.
Think what you like, if you are going to judge an ISP's spam policy by weighing the amount of spam sent without looking at, for example, the number of machines they host and their bandwidth, you are going to get some bizarre results.
Had a quick look at some of those links, not very impressed, some of them argue that Host Europe should be blacklisted because it is blacklisted... Like I say, I'll tell you what response I get.
For the last time:
OK, I'll email Host Europe now and ask them for their side of the story. This thread will probably be closed by the time I get an answer, but I guess there is some way of contacting you on your website?
First, the article referred to SPEWS too. I didn't think that all posts had to refer to every word in the linked article.
Second, I don't approve of DDos. The term for what I feel is schadenfreude, but I thought that was a bit long for a /. post (and I'm not sure how to spell it). In other words, the people behind SPEWS seem determined to interfere with my ability to carry out non-spam business, so I'm not going to weep too much if someone messes with theirs.
Third, repeating the same ridiculous sentence ad nauseum doesn't make it any less ridiculous. Your statement only makes sense if SPEWS is infallible. That seems unlikely to me. The only person on this thread who has bothered to check into the specifics is freddie, and he has gone a bit quiet since I asked him to explain how any server park could possibly check all the mail going through smtp servers they don't administrate, which appears to be what the anti-spam lobby wanted them to do. I am still open to hearing any specific evidence relating to Host Europe.
Fourth, no idea what C&W is, but what you say I make clear isn't at all clear to me. What I have repeatedly said is that it is both technically and legally impossible for any server park renting machines to other companies, and to which they do not have access, to ensure that those machines will never be used for spam. If you disagree, let's talk technical details instead of character assassination. The SPEWS approach might have worked in a world consisting of large centralised ISPs and end users, I can't see how blocking IP ranges makes any sense in the server park scenario. The best Host Europe could do is to terminate contracts rapidly when spamming occurs. Do you have any evidence as to how they handle such incidents?
If anyone comes up with specific evidence that Host Europe are encouraging the use of their server parks for spamming, I'll look into it. What I'm not going to do is harrass Host Europe on the basis of SPEWS IP-range blocking mafia tactics, especially as the longer this thread goes on the more clear it becomes that actual evidence is of no interest to the kind of people who support SPEWS.
Err no, several people have said that Host Europe has a bad reputation, and one person has produced a letter that doesn't appear to prove anything much as evidence.
But they can place a rider in the contract stating that sending SPAM is a violation and will cause said contract to be terminated for cause. This means that when SPEWS (or any other anti-SPAM org) contacts them and says IP X is Spamming, then the ISP (Host Europe in your case) terminates the offender(s)'s connection after investigating.
That is virtually word for word what the contract does say, as I've already pointed out. The trouble with the letter freddie posted is that we don't know what the question was. I suspect it was "why don't you monitor all the mail sent by all your customers using their own smtp servers?" to which the answer "because we can't, legally or technically", in which case it sounds pretty reasonable to me.
Err, why is this damning? It looks like a statement of the blindingly obvious to me.
Your previous email was incorrect in the same way as every pro-SPEWS discussion I have seen has been incorrect. carrelet.net is not my ISP, it's one of my company's servers that we lease from Host Europe, for which we have the root password, and if we caught Host Europe messing with it we would be very unhappy and might well have grounds to sue.
So given that Host Europe are in the business of leasing servers to companies like us, and that we don't use their centralised smtp servers, how would you like Host Europe to comply with the question to which that letter appears to be replying?
My basic beef with SPEWS is that it doesn't take into account the server park scenario, and treats all the users of a park as if they are being administered by the same organisation. This makes about as much sense as blocking phonecalls from entire towns if one person in that town is abusing his phone line. Or blacklisting IANA if they provide an IP address directly to a spammer. We have effectively bought our IP address from Host Europe, and we would like to be judged on our administration of that IP address, which doesn't seem too unreasonable to me.
Now if you can find correspondence showing that Host Europe won't terminate the contracts on servers that have been used for spam, or that they promptly give another server to proven spammers, that's a different matter. AFAIR, their contract says that they follow a strict anti-spam policy, and that any proven case will result in immediate termination of the contract plus a 100 UKP fine.
But, I repeat, no-one offering dedicated hosting can guarantee that none of their machines will ever be used to send spam. If you disagree, maybe you could recommend a company offering complete control of servers that doesn't have this sort of issue with SPEWS from time to time. MagicMoments is one of Host Europe's machine-leasing divisions, so I'm not surprised that their machines sometimes get used to send spam, but that doesn't equal a 'pink contract'. The question is what they do about proven cases of spamming from their server park.
Can't get to the spews site atm, if you post some more information I'll be happy to look at the details. AFAIR, Magic Moments is part of the Host Europe group.
I know it isn't blocking that range now, I never said it was. What I said was that it had done so in the past. The knee-jerk response of several spam vigilantes was that this was obviously because Host Europe is a 'spam enabling' ISP. You appear to be saying that this is untrue. Thanks for helping to clear up the point. I maintain that blocking my IP address to put pressure on an ISP to do more than their best is as pointless as it is immoral, and I hope that people reading this thread will reach a similar conclusion.
Maybe you're right. Or maybe you aren't. Since Host Europe has 2 of the largest server parks in Europe, and they probably don't have Tom Cruise doing Minority Report-type profiling on customers to see if they are going to spam before they rent the machines, this may not mean much. Surely what we want to know is
Or maybe SPEWS messed up, didn't get the mail, didn't send the mail... Not for the first time today, the ISP is Host Europe, there must be records of what SPEWS has been up to, what is the evidence that Host Europe is a serial spam offender? All the responses to date seem to take SPEWS' infallibility as an article of faith, and at least one person thinks servers should be blocked if their sys admins question SPEWS' policy, which just helps to convince the rest of us that they are in the office between the crop circle people and the UFO abduction people.
I am typing this slowly in the hope that the anti-spam lobby will realise that the clue is in the words. I don't have a spam-enabling ISP, I have an ISP that, AFAICT, had one spammer for a few days. If you have tens of thousands of servers, and you check with your customers before shutting them down, and there was a national holiday in the way or the sys admin was sick, this could happen to anyone. I've invited people on several occasions to provide evidence that Host Europe encourages spam, and I would issue the same invitation to you. Unless or until someone produces that evidence, I'm going to keep saying that you are promoting a policy of shooting the innocent and mildly inconveniencing the guilty.
Glad to hear of this resounding victory, ie stopping one spammer from sending one steam of spam to one server. By next week I suspect that spam will therefore be a problem of the past.
If your spammers are knocking up scripts in VB, I suspect they aren't real spammers. I would expect to find the professionals on Linux servers, because they are cheaper to rent, and any perl programmer with half a brain can pick up a couple of modules from CPAN that will let him handle tens of thousands of open connections at a time. Will your average office Exchange server on an ADSL connection go that high?
If I was writing the script (and I would repeat that this is not one of my interests, although truth issues don't seem to worry you too much), I would close connections after x seconds and put those domains down as first on the list for my next IP address.
In other words, all you are doing is training spammers to be more sophisticated, and then everyone suffers more than before. Well done guys.
This conversation is starting to depress me. Are you telling me that there are still mailing list programs out there that don't multithread? Are they written in GW BASIC? The last one I looked at had a default limit of 9999 connections.
The main public service issue I can see is providing therapeutic activity for those who want to crusade against spam and have no understanding of the issues.
Keep talking, you are making my case perfectly.
Host Europe once hosted one spammer for about a week, as far as I can tell. If you want to block every ISP who has that bad a record, it's much easier than you are making it, just unplug that rectangular plug from the network card in your mail server.
Anti-social and suicidal. I think our dear colleague assumes that Host Europe has 3.5 computers run by students, where as in fact it is one of the largest ISPs in Europe. His phone is probably ringing already, from people wanting to know why he has broken their email. Always assuming he has any customers...