how-to block ads
|
|
Share Topic
 |
 |
|
|
noone1
join:2004-06-04
Nashua, NH | reply to rizwan602
Re: What a non issue. said by rizwan602:The CORRECT method would be to give a 30 day notice or something similar to remove the offending system from the network so that the ISP has a CHANCE to fix the problem. This happened to us recently with spamhaus who labelled the entire subnet as a spammer where only 1 ip address was at fault which was removed. It took over 3 weeks to get delisted and we lost several customers. Let me get this strait, mass amounts of spam flowing through your network and you dont see it? You want SPEW to warn you and give you 30 days to fix your problem?
I simply ask..
Why the heck didnt you not notice the spam traffic when it happened and stop it?
Why did you have to wait till an outside source told you?
Do you have so little insight into your network that you cant tell when spam is originating inside of it within hours?
If I was using an ISP and they did not have the capacity to monitor their traffic and to shutdown spam flying out of it, but instead want an outside source to inform them of their internal problem, I would find someplace else also.
How do you tell if spam is coming out of your system?
If you do not know how to do this, every time an email leaves your system, write a little event to a log with the source and time stamp, once every so often, once an minute, have a process check the logs, if any source sends more email over a certain time frame, raise an alert.
A simple bash script could handle all of this. | |
1 edit |
You have overlooked the possibility that:
1) spam was sent from a computer in the network
2) we have either shut it down or contacted the computer owner to stop this activity
3) spews has noticed what happened AND should work with us to minimize the impact of it w/o listing us.
In good faith we work hard to remove offending systems from our networks. But 'blanket listing' the entire network along with other customers on the network is LAZY and IRRESPONSIBLE ACTIVITY!
You are assuming that we only respond to SPEWS activity. Why would you assume that given the above example?
Next time... consider what is being said.
| | |
|
 sweintzPremium
join:2002-03-01
Chester, CT | said by rizwan602:You have overlooked the possibility that: 1) spam was sent from a computer in the network Of COURSE the spam was sent from a computer on the network (I assume you mean other than the ISP's mail servers) This is where MOST spam comes from - hijacked machines, throw away accounts, etc. running their own smtp services.
Oftentimes spews will list address blocks that do not send spam at all, but are hosting http servers that are advertised in spam. ISP's need to be more diligent about that as well - and need to make certain that they state in their TOS that any site advertised in UCE will be taken down.
2) we have either shut it down or contacted the computer owner to stop this activity
It needs to stop immediately. within 24hrs at the most is fair I think. Contact the customer immediately upon first report of spam. If they cannot be reached and/or cannot resolve the problem within 24hrs, shut off their account. Period. Put that policy in your TOS in writing.
3) spews has noticed what happened AND should work with us to minimize the impact of it w/o listing us.
In what way do they need to work with you beyond what they already do? Netblocks don't get spews level1 listing very easily - the problem has to be ongoing with a demonstrated history of not fixing the problem.
In good faith we work hard to remove offending systems from our networks. But 'blanket listing' the entire network along with other customers on the network is LAZY and IRRESPONSIBLE ACTIVITY!
Letting the problem for on long enough that spews gives you a level 1 listing is pretty much proof that any claims that you "work hard to remove offending systems" is BS.
Seriously. How long does it take to cancel an account? 30 seconds or so.
The problem is most ISP's are more concerned with keeping paying customers than they are about keeping their network clean. Rather than "terminate on site", they terminate the account as a last resort. IMO this is just WRONG.
The blanket listings (on the rare occasions that SPEWS does that) cause the necessary collateral damage needed to get the ISPS to wake up and take the problem seriously. It changes the economics so that they now have to worry about losing ticked off users (who's outgoing mail is being blocked) and makes it so that it is better business to shoot spammers on site (to avoid such listings)
ISPS of course want to have their cake and eat it to, so they wine about this.
You are assuming that we only respond to SPEWS activity. Why would you assume that given the above example?
Next time... consider what is being said.
This is a thread about spews. spews is what was being discussed. Seems like a fair assumption. | |
irod4
join:2004-10-12
Delta, BC | reply to rizwan602
Dear rizwan602 (if that really is your name);
You write:
"all of a sudden SPEWS marks our entire subnet causing innocent neighbors to that spammer to be listed w/o cause."
From your own descriptions, I am confident that you are the cause.
"The CORRECT method would be to give a 30 day notice or something similar to remove the offending system from the network so that the ISP has a CHANCE to fix the problem."
WRONG. In your case 30 days would be a minimum; a guideline. If you want readers to believe that it takes you that long to get on top of this problem, as you state it, then I suggest 3 months on RBL before hearing your reasons for being taken off. One of the reasons would needs include some credible documentation that you have basic internet savvy; say grade 10 or equivalent. Even a 2-day workshop would help. It would then be reasonable, based on your own testimony on how long things take in your world, to allow you a couple of months to absorb the information and have a CHANCE to apply it.
"You [noone 1] are assuming that we only respond to SPEWS activity.Why would you assume that given the above example?"
Who are you trying to kid?? You did none of the 3 exculpatory things you mention, and you know this just as well as the folks at Spamhaus know it. You only state these 3 things as hypotheticals,... "what if I had done these 3 things?". .....as if that is supposed to get you off the hook. You got RBL'd precicesly because you *didn't* do these things, even though by including them in your 'whine' you have made it clear you know you *should* have done them.
Your clients got gagged with the RBL because of your, "LAZY and IRRESPONSIBLE ACTIVITY!", not because Spamhausers didn't do their job.
Noone 1 is right in calling you on this. The only reason this occured "all of a sudden", is because you were asleep at your desk until teach came along and gave you a cuff upside. If you aren't excercising due diligence and control, you and yours are precisely the reason the internet needs RBLs. Your protestations contrariwise carry about as much weight as a DWI blaming the judge for his driving suspension. | |
|
