Why not to use SPEWS in Spam, Scam and Phishbusters

Re: Why not to use SPEWS

Wed, 28 Jan 2004 19:11:33 EDT

rpeace : So, does anyone have any thoughts on this?

Re: Why not to use SPEWS

Wed, 28 Jan 2004 15:21:07 EDT

anon : Just got off the phone with Bill Yerazunis, the author of CRM114. Turns out that he and another guy from South Carolina started thinking about a similar scheme they call inoculation since the 2004 Anti SPAM conference at MIT.

The first time I told anyone about my spin on this was this past summer to some MFN folks (Travis Haymore, his boss and another manager), and I had a followup meeting in VA with them this past Oct. At that time we were discussing bringing it to the attention of Gloria Youngblood over at YAHOO, but other events at that time slowed things down.

I think the time has come to develop some serious momentum with regards to these ideas. Please give me feedback folks.
pointers to intelligent anti-spam resources like spamfilt are also appreciated. I want this looked over as carefully as the TCP/IP RFC's were if possible.

Re: Why not to use SPEWS

Wed, 28 Jan 2004 13:25:16 EDT

anon : It would have to halt all traffic on 25 while it scans the outgoing message, right?
Maybe not. Having dedicated inbound and outbound ports may be a way to get around having that downside.

The interesting idea from my POV is taking advantage of the information from filter promotion. If a filter entry is common to a large area of the net, it should be possible to see to it that messages matching that filter never get to that portion of the net, while allowing such messages to continue on their way to those sections of the net that have decided that such messages are acceptable to them.

This requires an automatic, dynamically updatable, routing table scheme working in conjunction with filter promotion, but that's a relatively small technical problem.

IMHO, the beauty of this scheme is that both the sender's right to free speach and the recipient's right to choose what they want to hear is upheld, and in a way that does not break existing features of the mail system (ie SPF and forwarding) nor does it create fundamental architecture/feature problems (as Domain Keys or msg tracing or charging schemes do).

Combined with the message digest scheme alluded to earlier, both quality control and a fair method of upholding community more's are implemented. Thoughts?

Re: Why not to use SPEWS

Wed, 28 Jan 2004 10:11:58 EDT

dda : If it looks like a spammer, and walks like a spammer, and talks like a spammer...

Unless he sends spam, either directly or by hiring someone to do so, he isn't a spammer and I seriously doubt you have any evidence that he sends spam. So it is just another ad hominiem attack; guilt by innuendo.

Could you actually address his arguments?

Re: Why not to use SPEWS

Tue, 27 Jan 2004 23:18:36 EDT

AmeritecTech : It would have to halt all traffic on 25 while it scans the outgoing message, right?

Re: Why not to use SPEWS

Tue, 27 Jan 2004 23:16:38 EDT

anon : Update:

This discussion has got me thinkig more about the algorithms for the hierarchical Bayesian filter idea I've mentioned previously.

...I think I have a way to tweak the original idea so that content blocking of "true trash" (stuff almost no one in the online community finds acceptable) can occur at the first ISP cloud cloud closest to the spam originator, rather than having it get even as far as the backbone. :)

I still have to make sure that there are ways to avoid both the "tyranny of the minority" and the "tyranny of the majority" that we solve in other domains with things like Robert's Rules. More as I go /thoughtful

Re: Why not to use SPEWS

Tue, 27 Jan 2004 22:55:29 EDT

anon : If it looks like a spammer, and walks like a spammer, and talks like a spammer...
I sound like a spammer when I'm presenting ideas that IMHO will actually =work= at dealing with the problem and do it in a fair way with less negative side effects than the current approach? What is it about the current volunteer WL/BL approach that makes you think it is so superior to any other potential approach? Or that makes you think the current negative side effects are acceptable compared to suggested methods that will have less of said?
In short, =why= are you so certain that =you= have better answers to these problems rather than anyone else and that anyone disagreeing with you is a spammer?

Decartes is a classic "i hate spam as much as the next guy" poster.
I have no idea what this actually means, but it somehow sounds ominous, and I suspect you intend it to sound that way. And I don't see what such statements do to further the discussion or help in solving the problem.

If you disagree with my suggestions for solving the problem, fine. Respond with why you think they won't work, and/or why you think the current methods are superior to other suggestions. I rather suspect I've been doing enterprise scale sys admin far longer than you suspect, and have operated at a far higher level of management as well. Experience has taught me to respect discussion, even vigorous, that helps move consideration forward.

But if all you have to contribute is 'tude with no logic to back it up, you're acting rather immature; and I suspect no one here has time for it. I =know= I don't. There's work to be done. Ante up, or get out of the way so it can be done.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 20:18:11 EDT

Rhobite :

said by dda :
When you become intolerant of reasonable dissent, you are declaring yourself a fanatic, zealot and many other words a thesaurus can find. Not to mention the ad hominiem attack.

If it looks like a spammer, and walks like a spammer, and talks like a spammer...

Decartes is a classic "i hate spam as much as the next guy" poster.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 18:35:42 EDT

anon : That has been suggested in the past, but nothing has ever come of it. Check Google for prior proposals and discussion, both web and Usenet, and let us know what you find. You could also start your own.

Retaliatory blocking is not unknown. A major .de provider got peeved about being listed a while back and did some of that, though it did not last long. There was some discussion on NANAE about that one too.

You might also want to checkout the recent threads in NANAE and NANABL entitled YOUR ABUSE. A municipal Italian IT minion is annoyed that his IPs are in BLARS and in Blocklist.us. Hysterically funny.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 16:53:07 EDT

dda : DeCartes - spoken like a true spammer. "vigilante," "zealot," "fanatic," "cavalier."

Is someone rotting in SPEWS? Good. Go send some more porn to children.

When you become intolerant of reasonable dissent, you are declaring yourself a fanatic, zealot and many other words a thesaurus can find. Not to mention the ad hominiem attack.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 16:50:39 EDT

dda : And this differs from "forum moderators" how?

Good point! Perhaps we should maintain a "SPEWS-friendly" blocklist and NIL can voluntarily decide to block posts from those posters who's bits she doesn't want.

Not illegal. And the blocklist, of course, maintains no responsbility for how the moderator uses it; it's just a list, after all.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 14:11:28 EDT

anon : Agreed that NANABL is a Good Thing. :)

Re: Why not to use SPEWS

Tue, 27 Jan 2004 14:03:15 EDT

IronDragon :

said by spews user:
you are right, it is not bbr's responsibility to clean up NAC.net. however it is MY RESPONSIBILITY to keep my network clean, if spam flows from NAC's network and me as a mail admin wish to block traffic from NAC netspace, and if that block expands to colateral damage then yes it is bbr's own fault THEY SUPPORT SPAM !!! bottom line. my server my rules

If you really want to stop spam why stop at just blocking what is listed in the blocklists. there are several spam sites and isp's that haven't yet been listed. The only true way to guarantee no spam is received at all is to block every ip address on the internet, to hell with collateral damage
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Tue, 27 Jan 2004 13:56:38 EDT

anon : you are right, it is not bbr's responsibility to clean up NAC.net. however it is MY RESPONSIBILITY to keep my network clean, if spam flows from NAC's network and me as a mail admin wish to block traffic from NAC netspace, and if that block expands to colateral damage then yes it is bbr's own fault THEY SUPPORT SPAM !!! bottom line. my server my rules

Re: Why not to use SPEWS

Tue, 27 Jan 2004 13:31:36 EDT

IronDragon : Taken from the SPEWS FAQ

Q36: Where can I go and see discussions about SPEWS, spam and other email abuse issues.
A36: The Usenet has newsgroup forums for this, there is a SPAM-L mailing list, SpamCop.net has a mailing list and User Forum. Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the discontinuation of spam and/or spam support will.

Q41: How does one contact SPEWS?
A41: One does not. SPEWS does not receive email - it's just an automated system and website, general blocklist related issues can be discussed in the public forums mentioned above. The newsgroups news.admin.net-abuse.blocklisting (NANABL) and news.admin.net-abuse.email (NANAE) are good choices, and Google makes it quite easy to post messages there via the Web in either the moderated NANABL or the unmoderated NANAE groups. The M@ilGate system allows one to easily post via email. First time newsgroup posters should read the NANAE FAQ. Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the discontinuation of spam and/or spam support will. Be aware that posting ones email address to any publicly viewable forum or website makes it instantly available to spammers. If you're concerned about getting spammed, change or "mung" the email address you use to post with.

Q42: My IP address/range is being listed by SPEWS but I'm not a spammer and I just signed up for this/these address(s). What can I do to be removed from the list?
A42: SPEWS is just an automated system, if spam or spam involvement (hosting spammers, selling spamware) from your IP address/range ceases, it will drop out of the list in time. Normally the listing involves spam related problems with your host and the first step you need to take is to complain to them about the listing, in almost all cases, they are the only people who can get an address/range out of the SPEWS list. If there is a spam related problem with your host, their IP address/range will not be removed until it is resolved. If your host or network is certain a listing mistake has been made, ask them to read this FAQ then post a message in a public forum mentioned above with the SPEWS record number (eg. S123) and/or the IP address/range information in it. Placing the text "SPEWS:" in the subject can help a SPEWS editor or developer see the message and they may double check the listing - note that, although others may, no SPEWS editor or developer will ever reply to the posting. Will this get your IP address/range removed from a SPEWS listing? Again, not if there are currently spam related problems with your host. Be aware that posting ones email address to any publicly viewable forum or website makes it instantly available to spammers. If you're concerned about getting spammed, change or "mung" the email address you use to post with.
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Tue, 27 Jan 2004 13:23:48 EDT

dkoert :

said by Star Wolf:
Even then, NANABL is the place to post, not NANAE.

:nod: Moderate and moderated.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 13:16:38 EDT

anon : Even then, NANABL is the place to post, not NANAE.

The guys at EV1 and others have the gig down right. They post kills, accept input, respond politely to status queries and that is about it. SPEWS listings have apparently been updated by posts there as well.

NANAE and NANAS are places abuse desks should lurk and "grep" with some regularity.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 12:53:04 EDT

Steve :

said by Karl Bode :
Absolutely NOT. Unless you're dealing with a delisting and even then I'd say NOTHING other than the very basics.

It strikes me that those who are part of SPEWS collateral damage would do well to follow this same advice.
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Tue, 27 Jan 2004 12:42:37 EDT

Karl Bode :

quote:
I would never post there as an ISP.

Absolutely NOT. Unless you're dealing with a delisting and even then I'd say NOTHING other than the very basics. There is no "winning". It's like entering a room full of those old muppets who sat in the booth. Without humor.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 12:20:42 EDT

anon : Alex's frustration was clearly getting the better of him in NANAE over this. Some of his comments were well over the top and more than a little unproffesional. Yes he get got poked at hard, but he should have backed off and maintained his composure. It surely hurt NAC's cause there with many of the lurkers. That said, he has been doing better very recently. Last person I coached through a SPEWS delisting posted on in NANABL and only announced kills, and responded to status queries. They never engaged in debate. They were off of the lists within a week (had a list on sight spammer who was cloaked). They now read their abuse box more carefully.

NANAE is an interesting place with a wide assortment of trolls, zealots, and good people all in the mix. If you don't lurk there for a while, its hard to sort them out. Not all of them post everyday. After a couple of weeks, its easy to find out who the flamers and troll are. I would never post there as an ISP.

One thing the anti crowd is good at is finding historical posts and such. One thing is clear is that NAC knew about SPEWS a while back and decided to ignore it, clearly to its detriment. Then there was the call by another presumed employee "priest" to DDOS and harass a couple of the better NANAE antis. Note that Priest's site, but not the page with the call is still up in NAC space.

Eventually Alex, Blake, et al. will move from the bluff and bluster stage to the grudging compliance stage. Whether they make the transition to a "white hat" provider is anyones guess at this point.

Its believe it will be hard for them to ever get delisted if they keep pwebtech and Voxel as clients.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 12:09:40 EDT

anon : I'd suggest asking the NAC Chairman what plan they have to protect their customers from the offenses of their other customers, and what the "Big Six" Tier Ones are doing cooperatively on this issue.

Despite Rhobite's comments, I want the problem dealt with just as badly as he does. IMHO the current approach at the organizational level is =not= working. SPEWS et al have been remarkably =ineffective= for all the vitrol they throw around and incite.

There's also the problem that such solutions are just as morally questionable as some of the acts of the organizations they claim to deplore. A DoS attack is a Bad Thing, and it doesn't matter who or how it's executed, it is still wrong. Two wrongs don't make a right. Acting like criminals does not make you a good guy, just another criminal.

Like it or not, this is a multi-dimensional problem that is going to require multi-dimensional solutions. Things like electronic fraud and kiddy porn are fairly easy to categorize as criminal. So is someone stealing accounts and server time. After that it gets harder. Much harder when you take into account that the "decency" standards for radio, TV, print media, and the Net are not the same.

Rhobite, let me be very clear. I don't want my kids exposed to material inappropriate to their age in =any= medium. Unfortunately, it's rather hard to set the bar where I'd like to on the net when the bar is so much lower for just about every other medium of communication.

Technical suggestions I've heard or thought of that have promise include:
1= Using PKE message digests of "opt-in" lists so that the veracity of these lists can be guaranteed and protected while providing a "paper trail" of who genned and bought the lists every time they are exchanged. SPEWS et al could provide a valuable service here by offering to host PK rings of participating organizations. With such public scrutiny, organizations will very quickly be sorted into buckets according to how above board they are.

2= Using Bayesian filters like CRM114 in a hierarchical manner. If everyone on your local cable or DSL loop thinks something should be blocked, the block can be "promoted" up to a higher level of the net. Real trash ends up blocked at the backbone router level...

3= Like it or not, we as a community have to get involved in efforts to see that fair standards exist that make sense across all forms of communication. And that they are enforcible and enforced. Unconstitutional laws like CA's anti-spam law are going to have to be rewritten, etc, etc.

4= Like it or not, THE COMMERCIALIZATION OF THE NET IS HERE TO STAY. There is no going back to the noncommercial net of the pre 1990's, and if there were things like 100Mbs MAN's would probably never occur. People are investing in network infrastructure and technologies that increase net performance because there's money to be made.

Attention to detail and clarity of thought will bound this problem, not emotionalism.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 11:59:01 EDT

anon :

Admins often do know what's best for their users by definition, but the point of contention here is blocking legitimate email because of who the ISP is.

Its not the ISP, its the netblock owner. A non-trivial distinction since some small ISPs do not have their own allocation. Fundamentally the block owner has the responsibility to the rest of the net to keep order.

Its the netblock owner who is being boycotted, not necessarily all the people leasing space from them.

For those who think such boycotts are illegal or immoral should check out some of the background information on the Selma Busy Boycott, the parallels are quite striking. The collateral damage was much more than many knew.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 11:48:13 EDT

dkoert :

said by Karl Bode :
The NANAE kids are prompting me to investigate "Alex", a NAC employee...

FWIW, it was suggested that Alex is a NAC co-owner in this post:

quote:
You already know about Blake, and he co-owns NAC with alex, who is on the whois entry for NAC.

I tend to believe the information in this post, considering the frustrated tone.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 10:57:10 EDT

Rhobite :

said by Karl Bode :
Anyone have any additional questions for NAC's CEO before I contact him this afternoon?

Karl, I'd ask if pacific-marketing.net has a pink contract. They're a ROKSO company and NAC continues to host them.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 10:55:05 EDT

Rhobite : "Crusade," that's another one.

I'm just trying to provide the other side of the argument here. You know, a healthy dialogue. But if you and nil and Karl just want to agree with each other all day, I suppose I don't have much purpose here.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 10:53:45 EDT

Karl Bode : And thus we continue our circle.

People, questions are futile. SPEWS is LIGHT. They are outside the realm of causality and function - I've told you already. SPEWS simply IS. Be not drawn into ire of SPEWS lest you walk a mile in an anonymous geek's sandals! SPEWS is not accountable, nor responsible, any more than the tree is for the wind, or the sky is for puffs of clouds! Support SPEWS or support SPAM. Absolutism and zealotry for ever and ever, a-men.

That said -

Anyone have any additional questions for NAC's CEO before I contact him this afternoon?

The NANAE kids are prompting me to investigate "Alex", a NAC employee, and some comments he's made over the years that have been less than professional....but it appears to be as much of a personal as professional inquiry, and I've played "tool" enough for one week.

I'm more concerned about asking the right questions about what's being done now to keep the network spam free, and if there's particular operations that have been left untouched.

Anyone?

Re: Why not to use SPEWS

Tue, 27 Jan 2004 10:50:23 EDT

IronDragon : Rhobite,
I may be mistaken but, it appears you are on a crusade to stop spam at any cost. If this is not the case please correct me.
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Tue, 27 Jan 2004 10:47:57 EDT

nil : Moderators don't blindly delete posts from a select user, they weigh the content.
--
Life is too short to be boring

Re: My comment

Tue, 27 Jan 2004 10:47:42 EDT

dkoert :

said by Dimensio :
If "legitimate" customers don't like that their IP space is being boycotted, then they should take action to get their ISP to drop the spammers in order to bring about an end to the boycott.

"legitimate"??? Man, you are insufferably arrogant. (I mean that in the nicest possible way.)

The redefinition of legitimate is the linchpin of your flawed philosophy.

I have watched as your arguments have continued to circle the drain, and it suddenly occurred to me... you completely understand the coercive nature of the collateral damage tactics that you so zealously advocate. You've had to convince yourself that the users you unnecessarily damage in your war against spam are not legitimate. Your rhetoric has been obviously polished by your long term engagement in debate. Even though your dogma is teflon coated, your resolute avoidance of the problem (i.e., collateral damage is only acceptable if you embrace the "the ends justify the means" paradigm) reveals your awareness. I'm sure there is a line that you will not cross in your battle against spam. The use of blocklists knowingly extended to impair the connectivity of *legitimate* subscribers crosses the line... you know it, so you've redefined legitimate. Rationalization, pure and simple.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 10:45:48 EDT

Steve :

said by nil :
When the administrator of a large server makes that decision he effectively makes it for all his users.

And this differs from "forum moderators" how?
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Tue, 27 Jan 2004 10:44:15 EDT

Rhobite : DeCartes - spoken like a true spammer. "vigilante," "zealot," "fanatic," "cavalier."

Is someone rotting in SPEWS? Good. Go send some more porn to children.

Re: Why not to use SPEWS

Tue, 27 Jan 2004 10:41:13 EDT

nil : When the administrator of a large server makes that decision he effectively makes it for all his users.

Admins often do know what's best for their users by definition, but the point of contention here is blocking legitimate email because of who the ISP is.
--
Life is too short to be boring

Re: Why not to use SPEWS

Tue, 27 Jan 2004 10:35:59 EDT

Steve : I find it perfectly reasonable that I am the judge and jury... of what my own mailserver accepts.

It would be a bad thing if I made that decision for you - why do you want to make it for me?

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Tue, 27 Jan 2004 07:55:10 EDT

anon : Vigilante operations like SPEWS and spamhaus have no outside mandate and no governance. Yet they put themselves in the position of judge, jury, and executioner on a very complex ethical, legal, social and technical problem. When such organizations take a fanatic or zealot stance, there are no checks and balances easily available to adjust their behavior back towards a more mainstream stance. It should also be noted that organizations or people like Brightmail and Julian Haight have a large economic incentive to b e zealots rather than reasonable. The net effect (no pun intended) is that often the anti-spam vigilantes end up acting and looking like a different variety of the very criminals they are claiming to protect society from. (30M emails that not one enduser wants in 1hr is a DOS attack. So is releasing route maps blocking /19's that don't belong to you.)

All of this is bad.

In the long run, zealots often hurt the cause they claim to support more than they help it.

No "silver bullet" is going to solve the "spam problem" because the problem isn't one problem, it's a nest of problems. As long as uneven standards say it's "ok" for my kids to see ads for 1-800-WeAre18 on TV, the Yellow Pages, and major newpapers, but supposedly not on the Net, we have a fundamentally insoluble set of problems.

Some of them are amenable to technical intervention. However, the most effective technical intervention has been in the form of Bayesian filters like CRM114, message digests to differentiate valid lists from spider generated ones, and hierarchical content filtering based on =community= standards, not some self appointed elite's, and =NOT= autocratic permission systems.

Another point to consider is that the vigilantes have been at this for awhile and it's not getting better. In fact, the ever growing volume of spam combined with increasing sys admin problems like the cavalier blocking of large chunks of address space are a good indication that for all their claimed good intentions, their approach is not working.

Re: My comment

Mon, 26 Jan 2004 23:41:20 EDT

dda : To be completely fair, that entry was added after our article last week.

Certainly not long after as I recall seeing it before the replies had grown long and (I believe) before the slashdot article.

Re: My comment

Mon, 26 Jan 2004 23:39:35 EDT

dda : If "legitimate" customers don't like that their IP space is being boycotted, then they should take action to get their ISP to drop the spammers in order to bring about an end to the boycott.

You are stating the general case of which BBR and NAC are the specific case. So yes, you are agreeing that SPEWS targets legit customers in order to enlist their aid in fighting their ISP; this is obviously done without the consent of the legit customers (no need for quotes here, BBR is entirely legit).

Rather than dance around and quote and requote carefully constructed phrases, please have the honesty to admit what is going on the intentions behind it. Doing otherwise certainly does nothing to enhance and image SPEWS may have.

Re: My comment

Mon, 26 Jan 2004 18:04:45 EDT

AmeritecTech :

said by Dimensio :

quote:
Despite when it was added, I think it indicates intent.

So you're saying that you believe that the SPEWS admin deliberately added BBR/DSLR, singling them out as a NAC customer, rather than having their IP address listed as a normal expansion of an existing entry?

I doubt it. I doubt they even knew that DSLR was hosted by NAC. Rather, I think they deliberately listed the entire block to get all the sites hosted by NAC (DSLR included) to put pressure on NAC to fix the listing.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: My comment

Mon, 26 Jan 2004 18:04:34 EDT

Dimensio :

quote:
Yes, other than the MESSAGE TO US in the blacklisting. The goal is clearly to get other parties' attention and to draw them to act against the host!

The intention is to organize a boycott of spammer-friendly ISPs, starting with the spammer and expanding to encompass the entire ISP. If "legitimate" customers don't like that their IP space is being boycotted, then they should take action to get their ISP to drop the spammers in order to bring about an end to the boycott.

quote:
The IP addresses are simply expanded to punish NAC? What does NAC care?

They are NAC.net's IP space. If a lot of people are rejecting mail from NAC's IP space, that reduces the value of the IP space. NAC.net might take an interest in the fact that their own actions have lead to their netspace being less valuable.

Re: My comment

Mon, 26 Jan 2004 18:01:39 EDT

Dimensio :

quote:
Despite when it was added, I think it indicates intent.

So you're saying that you believe that the SPEWS admin deliberately added BBR/DSLR, singling them out as a NAC customer, rather than having their IP address listed as a normal expansion of an existing entry?

Re: My comment

Mon, 26 Jan 2004 17:58:41 EDT

AmeritecTech : Despite when it was added, I think it indicates intent.

Re: My comment

Mon, 26 Jan 2004 17:47:07 EDT

nil : To be completely fair, that entry was added after our article last week.

Re: My comment

Mon, 26 Jan 2004 17:46:33 EDT

Karl Bode :

quote:
There is no indication that someone at SPEWS said, "Hmm, this nac.net has a lot of spammers. I be that if we list this popular site, broadbandreports.com, it will get someone's attention".

Yes, other than the MESSAGE TO US in the blacklisting. The goal is clearly to get other parties' attention and to draw them to act against the host!

The IP addresses are simply expanded to punish NAC? What does NAC care? NAC CARES if those customers call and complain. THAT is the goal. To deny that very basic idea teeters into Alice and Cheshire Cat territory, frankly.

I think maybe you've spent so many years arguing this exact debate in NANAE....that after countless years carefully crafting - sculpting - and forming the perfect defensible position, you've not noticed the logic foundation has completely eroded leaving silt.....

Re: My comment

Mon, 26 Jan 2004 17:44:35 EDT

AmeritecTech :

said by Dimensio :
The claim has been that SPEWS targetted DSLR/BBR. This claim is false -- at least, there's no indication that SPEWS works this way. There is no indication that someone at SPEWS said, "Hmm, this nac.net has a lot of spammers. I be that if we list this popular site, broadbandreports.com, it will get someone's attention".

Oh really? Is this why the SPEWS entry says "Hey DSLR/BBR - maybe you guys can help clean up NAC? No one else has been able to." ?
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: My comment

Mon, 26 Jan 2004 17:42:43 EDT

AmeritecTech :

said by Dimensio :

quote:
"SPEWS is doing nothing. They are like light. They exist in a realm outside causality and function."

I never said this. You are lying to imply that this is my position.

SPEWS does do things. They publish a list and keep it updated. That's the extent of what they do. They do not directly intervene to prevent email from reaching an intended destination, as many detractors here have stated.

Which ones? Certainly not Karl. Stop fighting straw men and respond to KARL, not "many detractors".
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: My comment

Mon, 26 Jan 2004 17:34:02 EDT

Dimensio :

quote:
"SPEWS is doing nothing. They are like light. They exist in a realm outside causality and function."

I never said this. You are lying to imply that this is my position.

SPEWS does do things. They publish a list and keep it updated. That's the extent of what they do. They do not directly intervene to prevent email from reaching an intended destination, as many detractors here have stated.

quote:
How can you fundamentally continue to deny third parties are intentionally targeted?

The claim has been that SPEWS targetted DSLR/BBR. This claim is false -- at least, there's no indication that SPEWS works this way. There is no indication that someone at SPEWS said, "Hmm, this nac.net has a lot of spammers. I be that if we list this popular site, broadbandreports.com, it will get someone's attention". SPEWS merely started with the spammer and, after NAC.net refused to terminate the known spammer, expanded the listing to cover additional IP addresses within the range.

Re: My comment

Mon, 26 Jan 2004 17:07:17 EDT

B :

said by Karl Bode :
"SPEWS is doing nothing. They are like light. They exist in a realm outside causality and function."

I have nothing substantial to say -- that's just a great slogan! "SPEWS: In A Realm Outside Causality and Function"

Thanks, Karl.

-- B

Re: My comment

Mon, 26 Jan 2004 17:03:52 EDT

Steve :

said by Karl Bode :
How can you fundamentally continue to deny third parties are intentionally targeted?

His tinfoil the wrong side out, perhaps?
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: My comment

Mon, 26 Jan 2004 17:02:14 EDT

Karl Bode :

quote:
The IP addresses were listed in SPEWS because they were part of a spam-support organization, NAC.net, not because they belonged to DSLR/BBR.

Ok....if I may.....I can't agree with many of the points made by SPEWS supporters, but I can at least gasp where they are coming from and respect them.

But throughout your 92 posts in four days (all saying fundamentally the same thing), you've repeated the mantra above in some form or another. "SPEWS is doing nothing. They are like light. They exist in a realm outside causality and function."

Which to me, indicates we're not even on the same material plane....much less capable of entering into a discussion.

How can you fundamentally continue to deny third parties are intentionally targeted?

Re: My comment

Mon, 26 Jan 2004 16:47:04 EDT

Dimensio :

quote:
Since when is DSLR/BBR a spam source. It has never been proven that any spam originated from the Ip address assigned to DSLR/BBR yet they were listed in SPEWS with many other innocents.

Asking questions that show that you've deliberately ignored points that I've made in the past only make you look dishonest.

DSLR/BBR is not a spam source. However, nac.net IS a spam source. The IP addresses were listed in SPEWS because they were part of a spam-support organization, NAC.net, not because they belonged to DSLR/BBR.

Re: Why not to use SPEWS

Mon, 26 Jan 2004 16:44:18 EDT

Dimensio :

quote:
Why would spamcop not have mastermailings listed if they send spam as you have stated.

This does not change the fact that they spew garbage at my inbox (which splatters onto my my filter each time (the LOWEST setting of my ISP's spam filter recognizes it as a "known spam domain"). That does not change the fact that there are a number of USENET postings documenting their known spamming history. That does not change the fact that they are listed in SBL (»www.spamhaus.org/sbl/sbl.lasso?q···SBL12158 ).

You're not finding their IP address in spamcop because they've apparently moved recently. They were formerly hosted in the 66.246.6.0/24 range, and you can confirm this by using Google to search nanae with the terms "mastermailings.com" and "66.246.6" Someone moved their IP address, perhaps to help them evade the countless spam filters in which they've landed. If it was NAC.net that did this, you can expect that a number of the blocklist entries from which they were removed will very quickly be restored.

Re: Why not to use SPEWS

Mon, 26 Jan 2004 12:13:06 EDT

anon :

I agree, the whois and other info is an ever-shifting quantity since this all started. Based on the original information, though, it *would* appear that they are one and the same. I admit that it is not unusual for closely related companies to share business space, but the same phone number? That's not something I've *ever* seen. In addition, the same suite number.....a big, resounding, NO.

BTW - It would be a simple issue for someone to swing by and verify where these folks actually are. If they are now listing false registry info wouldn't that be sufficient to file a complaint?

Ok, fine, you don't believe me:

NAC and pwebtech are currently residing in what is called 'The Octagon' building, which is on Route 10 East, in Parsippany. It's address is 1719B, Route 10. It's right next to Intel, which owns office space the next building East on Rt. 10. Further down Rt 10 is the Marriott hotel, across from them is the Sheridan hotel. Across the side road from them is a Weichert Realtors and a Stop & Shop. Look up those businesses and see what the adddresses are.

It is a large office building, housing many different companies, aside from NAC and pwebtech. The Social Security offices were in that building up until about 2 years ago, on the second floor, and so was an office for Wise corporation (you know, the potato chip folks) who may still be there, I heven't been on the 3rd floor in a long time.

pwebtech is listed on whois in Franklin Lakes, because that's the town the owner lives/lived in. I will not list his name publicly, since it's not listed anywhere on the public whois records, and I don't want to hear from his lawyers for any reason. You already know about Blake, and he co-owns NAC with Alex, who is on the whois entry for NAC.

The NAC NOC number, is 590-5050, the TAC number is 590-5100. The business office is 590-5000. The business office is in 111, the colo is not. There is more than one colo in the building, one in the basement, one on the 3rd floor. The NOC is right across the hall from the basement colo, which is where pwebtech used to be, but moved up to the 2nd floor. If you walk in the building from the main parking lot (opposite the doors opening up to RT. 10), NAC's offices are on the left.

It's possible that the numbers may all resolve to NAC, because pwebtech could be renting their phone functions from NAC as well. NAC runs their own local phone switch, and voicemail/audix system, which is computer-based, and it has the ability to support other business entities. But, there is no reason why they should have the actual dial-in number as the same, which I don't believe they do.

If the numbers resolve to NAC, that's fine, since they got a block of numbers from the telco, and they lease them out since they do run their own switch. But, this does not signify that they are one and the same as a business entity. They are not.

If you don't want to believe me, fine, then drive your ass to the building, walk in and find out for yourself. Call up both NAC and pwebtech and ask around for yourself. The numbers for NAC are above, and the number for pwebtech is on their whois info.

-Gary

Re: Why not to use SPEWS

Mon, 26 Jan 2004 11:14:13 EDT

B :

said by Karl Bode :
How about some specific follow-up questions people would now like to see asked of NAC's CEO Blake Ellman?

1. Does your company, or any of its principals or employees, have a personal or business relationship with Pegasus Web Technology or any of its principals or employees? (Other than as client and customer.)

2. At any time in the past, has your company, or any of its principals or employees, had a personal or business relationship with Pegasus Web Technology or any of its principals or employees? (Other than as client and customer.)

3. Have you ever had the same phone number as pwebtech.com or its affiliates?

4. Have the two entities ever shared common ownership in any form?

Just want to put this particular red flag to rest if possible...

-- B

Re: Why not to use SPEWS

Mon, 26 Jan 2004 10:24:45 EDT

IronDragon : Dimensio,

Why would spamcop not have mastermailings listed if they send spam as you have stated.

Query bl.spamcop.net - 66.246.162.80
66.246.162.80 is inane.mastermailings.com

(Help) (Trace IP) (Senderbase lookup)

66.246.162.80 not listed in bl.spamcop.net

SpamCop has no record of this system
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Mon, 26 Jan 2004 10:23:58 EDT

nil : Haha, it's been changed.

Re: Why not to use SPEWS

Mon, 26 Jan 2004 10:18:41 EDT

Steve :

said by Karl Bode :
how they deal with fraudulent contact data....

You mean, dealing with people who list obviously incorrect information in their "whois" listings? :-)
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Mon, 26 Jan 2004 10:17:12 EDT

Karl Bode : Already on the list, as is questions surrounding the leeway being given to mastermailings, how many people they have handling complaints, possible changes to TOS and AUP's, adherence to Can Spam Act, how they deal with fraudulent contact data....several others....

Re: Why not to use SPEWS

Mon, 26 Jan 2004 10:13:43 EDT

nil : I have one..

Have there been any changes made in the way abuse complaints are handled to assure this situation does not happen again.
--
Life is too short to be boring

Re: Why not to use SPEWS

Mon, 26 Jan 2004 10:04:33 EDT

Karl Bode : How about some specific follow-up questions people would now like to see asked of NAC's CEO Blake Ellman?

Offered the opportunity after the first interview, but opponents and supporters alike decided they'd rather rant. Here we have an opportunity to perhaps apply pressure and get answers - and I doth hear crickets chirping between sermons.

I have my own list compiled I'll be firing at him this week. Anyone care to contribute some pointed questions to Ellman concerning the progress NAC has made/should be making cleaning up their act?

Re: My comment

Mon, 26 Jan 2004 08:43:24 EDT

IronDragon :

said by Dimensio :

they're just rejecting mail from known spam sources. That's not equivalent to taking a pair of pliers to a man's testicles.

Dimensio,

Since when is DSLR/BBR a spam source. It has never been proven that any spam originated from the Ip address assigned to DSLR/BBR yet they were listed in SPEWS with many other innocents.
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Sun, 25 Jan 2004 23:39:41 EDT

dda : I see a bunch of people here, and elsewhere, making all sorts of claims about SPEWS' lack of effectiveness, too.

Most of the discussion I've read is about SPEWS's tactics and assumptions and operations; these are quite a bit different from their effectiveness. I believe that filtering against SPEWS (level 1) will be effective in reducing spam; however, I also believe that their methodology is unethical and that is what I've been saying all along.

/me points to the left

Yup and I did say "almost all" ;)

Btw: There were some folks obviously from DSLR/BBR showed up in NANAE, bitching about SPEWS' NAC listings. They didn't go out of their way to identify themselves. *cough*PKB*cough*

I don't read that group and I would think it would be just as bad to do over there, assuming those against which they argue aren't anonymous.

I dislike hypocrisy as well as spam.

Re: Why not to use SPEWS

Sun, 25 Jan 2004 23:38:04 EDT

Steve :

said by dda :
Look several posts above yours for a response from "jseymour" on why they don't use SPEWS any longer. Both apparently instant escalation without any evidence and much pleading being required to get the listings removed.

Yes, I saw his posting.

But what people say - and even what they really believe - does not always comport with reality. I have seen many people claim that their mailservers were not open to relay when I had plain and obvious evidence to the contrary in front of me. One guy swore up and down that his network was secure, only to change his tune when I put an icon on his desktop while I was on the phone with him.

said by the guy:
Oh. Hmmm.

It may be that SPEWS is arbitrary and capricious, and after the behavior on NANAE it's not hard to believe, but I still don't have the evidence to know it. I'd love to have some.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Sun, 25 Jan 2004 23:29:24 EDT

dda : I'm pro-SPEWS and have been here for a while.

True, which is why I said "almost all..." :)

And those who claim that they cannot get delisted after following the instructions have the burden of proof (to me, at least), that it's true.

Look several posts above yours for a response from "jseymour" on why they don't use SPEWS any longer. Both apparently instant escalation without any evidence and much pleading being required to get the listings removed. And then later, another incident. And then a couple incidents where providers didn't get delisted (and see other posts and responses, I think from "dogma" who's business was affected because SPEWS wouldn't delist him despite posts saying all spammers were nuked).

Seems to be that that burden has been met. Now one can claim these are rare incidents and that the majority of the time, SPEWS does the right thing. But as others have said, having clear, well-written FAQs and instructions (rather than the "I'm posting what someone else said was how to get off SPEWS") would certainly be a help.

Crappy way to run an operation.

Agreed.

Re: Why not to use SPEWS

Sun, 25 Jan 2004 20:42:53 EDT

schnuggles :

said by B :

I tend to believe you, but when I went and Googled for a few minutes to scarf up some old WHOIS references, all I see is that pwebtech was in Suite 220 and NAC was in Suite 111. This is in keeping with their current "story".

I was about to suggest that someone might check on the corporate officers/owners of the two companies, and then noticed that a post at »groups.google.com/groups?q=pwebt···m&rnum=3 covered the same ground.

I agree, the whois and other info is an ever-shifting quantity since this all started. Based on the original information, though, it *would* appear that they are one and the same. I admit that it is not unusual for closely related companies to share business space, but the same phone number? That's not something I've *ever* seen. In addition, the same suite number.....a big, resounding, NO.

BTW - It would be a simple issue for someone to swing by and verify where these folks actually are. If they are now listing false registry info wouldn't that be sufficient to file a complaint?
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: My comment

Sun, 25 Jan 2004 17:15:31 EDT

nil : Alright, I should have said "obviously talking about a small server" not "your personal server" as the underlying meaning is the same for the sake of argument (ie: log scanning is only practical with a small server).

My mom's Internet connectivity is not your problem but we're talking in the general sense of administering mail server. If my mom's mail server admin decides to filter against SPEWS, her possibility of not getting email is very much his problem.

Nobody is questioning *your* decision to filter or not filter against SPEWS, I don't think anyone here really cares much about that as it doesn't affect them one way or another (unless they try to send you email), my only argument here is that any admin of a larger server who claims they know their false positive rate is either full of it or discovered some way of validating this that I dont' know about.
--
Life is too short to be boring

Re: My comment

Sun, 25 Jan 2004 17:03:51 EDT

jseymour8 :

said by nil :
The server you described is what I would consider a 'small
mail server' based on your mail traffic numbers.. so my assumption was correct.

Indeed, it is a small mail server, comparatively speaking. However, it is
most definitely not my "personal server." If you're going to change your
arguments on-the-fly, we can hardly hold an honest discussion, now can we?

said by nil :
The clueless Internet users (ie: my mom) also pay so the
ISPs can stay in business.. they need to be catered to just as much as the
tech savvy geeks.

That has absolutely nothing whatsoever to do with any arguments vis-a-vis
a recipient mail server's policies. (Unless that mail server is your
mothers.) Let me explain something to you in very clear terms, so there
can be absolutely no misunderstanding on this point: Your mothers
Internet connectivity, or lack thereof, is not my problem. I will not
make it my problem. Your mother pays her ISP to make it their
problem.

said by nil :
If you wish to redefine "false positive" you should have
done so in the beginning of the discussion.

It will likewise hinder the progress of a civilized and productive debate if
you start trying to put words into my mouth. I clearly wrote that I
had addressed your arguments in the context in which I assumed you were
presenting them. I only noted the technical point about the term "false
positive" as a side-note.

Re: Why not to use SPEWS

Sun, 25 Jan 2004 16:48:44 EDT

jseymour8 :

said by dda :
Sure, but if you didn't frequent this site but only came
over for an occasional discussion would you honestly bother?

Absolutely, since these people are making many claims about their usage
(or not) of SPEWS and its effectiveness. They claim to know all about SPEWS,
yet aren't SPEWS so who are they?

I see a bunch of people here, and elsewhere, making all sorts of claims
about SPEWS' lack of effectiveness, too. You know what? I don't care
whom they are. Particularly the ones that have never admin'd a mail
server.

said by dda :
From what I can see, almost all of the "anti-SPEWS" folks
have had accounts here for a while, so it seems fair to ask the "pro-SPEWS"
folks to at least identify themselves instead of hiding behind anonymity
(which, of course, is just what SPEWS is doing).

/me points to the left ;)

Btw: There were some folks obviously from DSLR/BBR showed up in
NANAE, bitching about SPEWS' NAC listings. They didn't go out of their
way to identify themselves. *cough*PKB*cough*

Re: My comment

Sun, 25 Jan 2004 16:45:44 EDT

nil : As an example, our mail server here at dslreports gets on average 16-20K messages a day and I consider this a small server.
--
Life is too short to be boring

Re: My comment

Sun, 25 Jan 2004 16:42:32 EDT

nil : The server you described is what I would consider a 'small mail server' based on your mail traffic numbers.. so my assumption was correct.

The clueless Internet users (ie: my mom) also pay so the ISPs can stay in business.. they need to be catered to just as much as the tech savvy geeks.

If you wish to redefine "false positive" you should have done so in the beginning of the discussion.
--
Life is too short to be boring

Re: My comment

Sun, 25 Jan 2004 16:35:54 EDT

jseymour8 :

said by nil :
Okay, we're obviously talking about your personal server..
My question was more directed at anyone running large mail server.

You know what they say about assumptions, right? I'm also the Senior Systems,
Network & TelCom Admin where I work.

said by nil :
Log scanning is (a) too time consuming to be realistic and
(b) an admin will not know what is and what is not a valid sender for email
that isn't directed to him.

(a) In your opinion. I find it necessary. (b) When the alleged sender or
the sending client's rDNS is something along the lines of
"randomstring@freenakidchicks4u.biz," I think it's pretty unlikely it's
legitimate. What do you think?

You asked me how I knew I had no false positives when I was using SPEWS,
I told you, and now you're arguing with me about it? If you feel you know
my job so much better than I (hell, I've only been doing it for about 15
years), maybe you should apply for it?

said by nil :
The only thing left is the sender complaining mail isn't
delivered.. there's a couple possibilities on this one as well, with the worst
case scenario 3-5 days worth of trying to deliver the email before the server
gives up and bounces back to recipient.

First of all: My SPEWS rejects were 5xx (permanent failure) responses. These
should have resulted in an immediate bounce notification to the sender.
If the sender's MTA didn't handle those properly, that's their problem.

said by nil :
Someone like you and I will know immediately something is
wrong, my mom would probably assume the email address has changed or something
is wrong on the other end and never even bother calling her ISP.

That is most decidedly your moms problem. Btw: There's nothing preventing
good ol' moms ISP from keeping an eye on reject/bounce rates, you know?

said by nil :
I think it may be a safe guess that many of false positives
never get reported to the original sending server admin and from the ones that
do only a percentage gets reported to the receiving server with a query.. of
those only a percentage gets even answered (trust me, I've experience being
ignored by admins this way).

Some of your safe guesses probably are safe. So what you're saying is that
one should not use an anti-spam tool they feel might be effective for them,
or that they know is effective for them, because users whose email
gets bounced might not know their way around the Internet and because their
ISPs are either clueless or have lousy customer service, is that about it?

/me thinks about it a moment...

No. Afraid I'm not gonna buy into that argument.

said by nil :
My only logical conclusion is that nobody running a server
with more than a few users can positively claim they know how many false
positives there are.

Conclude what you will. Stats for last week at work: Main mail server:
4,360/day, 3,741 rejected. (Yes, that really is an 85% reject
rate.) Secondary MX: 1,599/day, 1,532 rejected. (Yes, that really
is a 96% reject rate.) I'd almost be willing to bet the rent there
wasn't a single so-called "false positive" amongst them. Not that
I never get false positives--just that I tend to find out about it. Usually
before the intended recipient knows or the rebuffed sender complains.

As for when I was using SPEWS: Again, conclude what you will, but I never
had a single false positive. On this I would bet money. And give you
odds. Only problem is, it'd be me that'd have to go back through the mail
server log summaries to double-check it (yes, I still have them), and I doubt
you'd bet enough to make it worth my while. (Would have to exceed "number of
hours" * "my consulting rate." Would be a lot of money.)

Btw: About that term "false positive." If the mail server admin knowingly
implements a mechanism that will reject traffic from a block of addresses
a third party has determined to be "abuse friendly," then, technically
speaking, nothing so-rejected is a "false positive." For the purposes of
the debate, I'm using "false positive" in the sense I'm sure you mean: Email
rejected that wasn't spam.

Re: Why not to use SPEWS

Sun, 25 Jan 2004 16:19:55 EDT

Steve : I'm pro-SPEWS and have been here for a while.

I completely accept the premise of "proxy nut-squeezing" (aka "collateral damage"), even though those who are against it are taking a completely principled position. I am just OK with it.

I am very turned off by "we are not SPEWS"/GFY over in NANAE, lots of testosterone and chest-puffing (they even called our dear sweet Kasia a very, very bad name). And if SPEWS turns out to actually engage in retaliatory or vindictive listings, then that's bad news, but I have not seen evidence of it yet.

And those who claim that they cannot get delisted after following the instructions have the burden of proof (to me, at least), that it's true. I am much more inclined to believe that they have simply not done it right but don't know. It would be great if "we are not SPEWS" would say "you're close, but you need to do _____", but I guess that's not forthcoming. Crappy way to run an operation.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Sun, 25 Jan 2004 16:12:22 EDT

dda : Sure, but if you didn't frequent this site but only came over for an occasional discussion would you honestly bother?

Absolutely, since these people are making many claims about their usage (or not) of SPEWS and its effectiveness. They claim to know all about SPEWS, yet aren't SPEWS so who are they? From what I can see, almost all of the "anti-SPEWS" folks have had accounts here for a while, so it seems fair to ask the "pro-SPEWS" folks to at least identify themselves instead of hiding behind anonymity (which, of course, is just what SPEWS is doing).

Re: My comment

Sun, 25 Jan 2004 15:56:04 EDT

nil : I have some very serious doubts that anyone does this and if they do the argument that spamassassin is too CPU intensive suddenly goes out the window.. Now we're not just talking processing time, we're talking dealing with customers and answering questions. Expensive.

Find me one ISP that does this and I'll eat my words.

The closes I have seen is generating a web page a user may check and release held-email otherwise it's automatically deleted. That's not the same thing and generates no rejection notice so the sender would have no clue whether email was delivered or not.
--
Life is too short to be boring

Re: My comment

Sun, 25 Jan 2004 15:53:30 EDT

Steve :

said by nil :
Okay, we're obviously talking about your personal server.. My question was more directed at anyone running large mail server. Log scanning is (a) too time consuming to be realistic and (b) an admin will not know what is and what is not a valid sender for email that isn't directed to him.

Actually, it's not hopeless. A single admin scanning the logs for many people is out of the question, but sorting the blocks by recipient and making them available to him/her (emailed or on an intranet page) can go a long way to distributing the load of checking on false positives.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: My comment

Sun, 25 Jan 2004 15:44:07 EDT

nil : Okay, we're obviously talking about your personal server.. My question was more directed at anyone running large mail server. Log scanning is (a) too time consuming to be realistic and (b) an admin will not know what is and what is not a valid sender for email that isn't directed to him.

The only thing left is the sender complaining mail isn't delivered.. there's a couple possibilities on this one as well, with the worst case scenario 3-5 days worth of trying to deliver the email before the server gives up and bounces back to recipient.

Someone like you and I will know immediately something is wrong, my mom would probably assume the email address has changed or something is wrong on the other end and never even bother calling her ISP.

I think it may be a safe guess that many of false positives never get reported to the original sending server admin and from the ones that do only a percentage gets reported to the receiving server with a query.. of those only a percentage gets even answered (trust me, I've experience being ignored by admins this way).

My only logical conclusion is that nobody running a server with more than a few users can positively claim they know how many false positives there are.
--
Life is too short to be boring

Re: My comment

Sun, 25 Jan 2004 14:52:58 EDT

jseymour8 :

said by nil :
Would you mind explaining how could you tell you've had no false positives?

I have a little script I wrote that analyzes my mail server logs.
Amongst other things, it gives me a summary, by type of reject, of
what's rejected and from whom it was ostensibly sent. Given SPEWS'
policies, you might imagine I kept a particularly close eye on
SPEWS-provoked rejects. And you'd be right ;). I mean, when all the
rejects were from client addresses with no rDNS, rDNS that clearly
resolved to spammy names, and sender addresses, likewise, well... As
well: I never received a single complaint, from either a
sender or intended recipient, about legitimate email rejected due to
a SPEWS hit.

Re: My comment

Sun, 25 Jan 2004 14:45:41 EDT

jseymour8 :

said by Steve :

said by jseymour8 :
I should know: I used to useSPEWS. Never a "false-positive," either.
"Used to"? - why not any more?

There was an incident, some number of months ago, where SPEWS had
listed a rather large-ish block because a well-known spammer was in
it. Problem was: There was not a shred of evidence that
any spam had ever come out of that block of addresses. Nor
was the spammer running web sites in it or using the space for
drop-boxes. The ISP didn't even have a problem with the spammer's
space being listed right-off. The problem was that SPEWS had
apparently "escalated" the listing to include a whole bunch of space
around the spammer right out of the gates. I did not feel that was
right. It took some two weeks of pleading with SPEWS in NANAE for
SPEWS to relent and shrink the listing to just the spammer. There
was another similar incident more recently. (Dunno how that one
turned out, as the ISP never posted on the incident again.) The
other problem I have is that SPEWS seems wont to sometimes leave a
listing in place even after the ISP has vowed that the spamming had
been stopped and that, if the customer ever spammed again, they'd be
immediately terminated. In a case where the spammer is a
first-time offender, as opposed to a known career offender, I think
SPEWS' habit of sometimes keeping big chunks of space listed after
the ISP has resolved the problem a poor one.

If SPEWS would address these defects, clean up its FAQ and post
clear policy statements, I'd go back to using it in a New York
heart-beat.

Make no mistake: Despite my criticisms, I generally agree with SPEWS'
policies and its holding ISPs' responsible for enabling network
abuse. In the instant case of DSLR/BBR/NAC: I agree completely with
SPEWS' treatment of NAC space.

Re: My comment

Sun, 25 Jan 2004 14:30:56 EDT

Steve :

said by nil :
Would you mind explaining how could you tell you've had no false positives?

Probably the same way that I deteremine false positives on any blocklist I use: scan the logs for the list of rejected messages and research anything that looks suspicious. Unlike SpamAssassin, proper blocklist rejects inform the sender why.

This is as opposed to improper blocklists rejects, which just disconnect at the IP level - this is how we figured out that BBR was included in the SPEWS level 2 listing. Shame on an ISP that does this.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: My comment

Sun, 25 Jan 2004 14:26:49 EDT

nil : Would you mind explaining how could you tell you've had no false positives?
--
Life is too short to be boring

Re: My comment

Sun, 25 Jan 2004 14:14:23 EDT

Steve :

said by jseymour8 :
I should know: I used to useSPEWS. Never a "false-positive," either.

"Used to"? - why not any more?
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: My comment

Sun, 25 Jan 2004 14:13:23 EDT

jseymour8 :

said by russotto :
SPEWS is committing a sort of fraud. While implying that using their list will stop spammers from getting through, those IPs actually listed are not only not known to be used by spammers, but are known _NOT_ to be used by spammers.

Not at all. SPEWS is simply saying that network abuse has emanated
from the netblocks they have listed. Denying SMTP traffic from
those blocks will stop spam. I should know: I used to use
SPEWS. Never a "false-positive," either.

Re: Why not to use SPEWS

Sun, 25 Jan 2004 14:08:30 EDT

Spectral : [QUOTE= dda There are several posts by folks such as AuntieSpam and Star Wolf; they've had plenty of time to make free accounts.[/QUOTE]

Sure, but if you didn't frequent this site but only came over for an occasional discussion would you honestly bother? What does signing up prove? You are still just using a made up name on the internet. I would ascribe it to laziness or simple disinterest before some kind of fear of ppl getting angry at their made up name?
(sorry to veer off topic there)
--
"Flying There is an art, or rather a knack to flying. The knack lies in learning how to throw yourself at the ground and miss."~Douglas Adams

Re: Why not to use SPEWS

Sun, 25 Jan 2004 13:53:46 EDT

jseymour8 :

said by AmeritecTech :

said by Dimensio :
The only alternatives are a media campaign (as Something Awful did)

Yeah, that worked. In addition to still being listed in SPEWS, SA's antics got them stuck into quite a few private blocklists from which they will NEVER be removed, even if NHI/Cogentco cleans up its act.

It didn't help SA, but I doubt it increased SPEWS-using admins either. I suspect fewer admins use it since that bad publicity.

I suspect you're deluding yourself--that is, if the SPEWS-related
traffic I've seen in NANAE and NANABl is any guide. If anything, I'm
guessing SPEWS use has gone up, not down, since that incident.

I really doubt that has anything to do with SA at all. What I
do believe is that SA has way, way too high an opinion of
itself. Not an uncommon occurrence in self-isolated on-line
"communities."

Re: Why not to use SPEWS

Sun, 25 Jan 2004 13:17:47 EDT

dda : Or it might have to do with several ppl reading about this in the big threads it generated on slashdot and nanae who are coming over here for the first time in response.

I don't think that is the case as these people were posting here before the slashdot thread, I believe. Since I don't read nanae, I don't know when that thread started.

There are several posts by folks such as AuntieSpam and Star Wolf; they've had plenty of time to make free accounts.

Re: My comment

Sat, 24 Jan 2004 19:34:17 EDT

dkoert :

said by Dimensio :
I've seen some bad analogies about how SPEWS operates, but this has to be the worst. I'll point out that SPEWS isn't "hanging" anyone...

Can't say as I thought much of your strawman dictatorship analogy either.

For the metaphorically challenged: the crux of analogy was mob anonymity and abuse. Go ahead and keep hiding in the no resposibilty defense though, and thanks for staightening me out, I might have gone on thinking SPEWS-using apologists *were* hanging people.

Re: Why not to use SPEWS

Sat, 24 Jan 2004 19:25:51 EDT

Spectral :

said by dda :
. Although it is a little sad that so many of those defending SPEWS are anonymous (or, like you, always doing their First Post!); one might think they were afraid to identify themselves. I'm sure that isn't the case though; I'm sure you are all willing to stand up and be counted as proud defenders of what you so obviously believe in.
Right?

Or it might have to do with several ppl reading about this in the big threads it generated on slashdot and nanae who are coming over here for the first time in response. Much the same as I'm sure there are probably more than a few from here that visited at least nanae if not slashdot for the first time because of it.
--
"Flying There is an art, or rather a knack to flying. The knack lies in learning how to throw yourself at the ground and miss."~Douglas Adams

Re: My comment

Sat, 24 Jan 2004 19:00:27 EDT

nil : It's a bug, it doesn't go away unless you login to post which you did today.. It'll be gone tomorrow. Sorry.
--
Life is too short to be boring

Re: My comment

Sat, 24 Jan 2004 18:59:29 EDT

Dimensio :

said by dkoert :

said by Dimensio :

...and the members of the vigilante mob are not responsible for the hangings, the mob leaders have effortlessly removed the town's worst criminals and remained hidden within the crowd.

I've seen some bad analogies about how SPEWS operates, but this has to be the worst. I'll point out that SPEWS isn't "hanging" anyone, and neither is anyone else, and leave it at that, because it's just too distant from reality to compare any further.

The only good analogy to what SPEWS does is to a boycott list. People who boycott a product are not "hanging" the producers or sellers of a prouct, they're just not purchasing the product. Likewise, people who use the SPEWS list for filtering aren't hanging the "innocent" users of the crime-ridden ISP, they're just refusing to accept mail from them. This is perfectly legal. I can refuse to accept mail from anyone named "Fred" if I so desire, and you have no legal right to force me to change that.

How do I make that annoying "First Post!" go away?!

Re: My comment

Sat, 24 Jan 2004 18:55:30 EDT

Dimensio :

quote:
SPEWS is committing a sort of fraud. While implying that using their list will stop spammers from getting through, those IPs actually listed are not only not known to be used by spammers, but are known _NOT_ to be used by spammers. They cover this up with weasel-words like "spam supporters", but that's what they're up to.

Uh, no, saying that their listings cover "spam support services" means that their statement is not a lie. They list the IP ranges of spam support services. Pretending that the term isn't very important doesn't make them dishonest, though it does say a bit about your intellectual honesty.

quote:
Most admins would reject SPEWS blocklisting if they understood what SPEWS was actually up to, and the remaining fanatics are already well on their way to blacklisting /0 and talking to themselves anyway.

Any admin who uses a blocklist without first understanding how it works and how it lists and delists entries is incompetent and should be fired. Incompetent administration is not the fault of SPEWS.

The fact that there are identified mail admins who clearly know what SPEWS is doing and choose to use it anyway proves that you are wrong.

Re: Why not to use SPEWS

Sat, 24 Jan 2004 18:45:39 EDT

dda : Dimensio wrote:

You may have a point. The downside of SPEWS being an anonymous entity is that they can't have a spokesperson countering false claims made about them.

I don't know, you and others have jumped to defend SPEWS. Although it is a little sad that so many of those defending SPEWS are anonymous (or, like you, always doing their First Post!); one might think they were afraid to identify themselves. I'm sure that isn't the case though; I'm sure you are all willing to stand up and be counted as proud defenders of what you so obviously believe in.

Right?

Re: My comment

Sat, 24 Jan 2004 18:34:11 EDT

dkoert :

said by Dimensio :
...the power that they weild is entirely arbitrary, and effortlessly removed from them. They don't have force of their own, if everyone stops using their lists, they no longer have any power of any kind. This isn't like a dictatorship, where they've conscripted an army to shoot detractors on sight, this is a voluntary boycott list, nothing more.

Yeah, yeah, yeah no dictatorship...

...and the members of the vigilante mob are not responsible for the hangings, the mob leaders have effortlessly removed the town's worst criminals and remained hidden within the crowd. No big deal that a few innocent dupes get hung along with the criminals now and then (they were guilty enough by being in the wrong place at the wrong time). Don't worry, no one will be able to stand up in the face of the obviously righteous mob, after all, the ends justify the means.

Re: My comment

Sat, 24 Jan 2004 18:33:08 EDT

Steve :

said by russotto :
SPEWS is committing a sort of fraud.

I believe they are fully disclosing what they do, so a reasonable person can make up his own mind.

quote:
Most admins would reject SPEWS blocklisting if they understood what SPEWS was actually up to

This very well may be the case - I've heard of some SPEWS users who are so turned off by this whole "collateral damage" thing that they are not using it anymore. But anybody who actually reads up on the blocklists they subscribe to can get the picture of what's going on.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: My comment

Sat, 24 Jan 2004 18:23:39 EDT

russotto : SPEWS is committing a sort of fraud. While implying that using their list will stop spammers from getting through, those IPs actually listed are not only not known to be used by spammers, but are known _NOT_ to be used by spammers. They cover this up with weasel-words like "spam supporters", but that's what they're up to. Most admins would reject SPEWS blocklisting if they understood what SPEWS was actually up to, and the remaining fanatics are already well on their way to blacklisting /0 and talking to themselves anyway.

Re: My comment

Sat, 24 Jan 2004 17:43:33 EDT

Karl Bode : Well you just reworded the same "SPEWS is not responsible for anything" idea yet again; so enjoy that trip you're on and we'll just agree to disagree. You will have to show me that responsibility-shield trick sometime though. I think it could come in handy, being able to totally shatter logic.

quote:
As is their right. Are you going to try and argue that an ISP shouldn't be allowed to protect their mailservers?

Do I say this someplace?

quote:
If SPEWS didn't exist, the ISP could effectivly block the same mail, they would just require a little more effort.

You sound like there aren't other blacklists that are as effective? Again I'm not seeing any evidence or data that SPEWS stops spam any more effectively than other solutions/blacklists.

I do see plenty of evidence that the end result is considerably more messy, however.

Re: My comment

Sat, 24 Jan 2004 17:07:40 EDT

Dimensio :

quote:
The power they wield exists, whether it's applied via an ISP's usage of the list or not.

Except that because it's applied via an ISP's usage of the list, the power that they weild is entirely arbitrary, and effortlessly removed from them. They don't have force of their own, if everyone stops using their lists, they no longer have any power of any kind. This isn't like a dictatorship, where they've conscripted an army to shoot detractors on sight, this is a voluntary boycott list, nothing more.

quote:
The ISP's who utilize SPEWS (level 1 or 2) blacklists likewise support the tactic.

As is their right. Are you going to try and argue that an ISP shouldn't be allowed to protect their mailservers? Are you going to suggest that email should be subject to the exact same regulations as postal mail (one moron on slashdot actually argued this)? Do you believe that ISPs don't have the right to secure their own property as they see fit?

quote:
At least say "Yes, this is a hard-nosed tactic but I approve of it" instead of all this dancing about how SPEWS is simply an uninvolved spectator via closed-circuit television who flings data into the ether.

It is a hard-nosed tactic. For the ISP. SPEWS is just a tool in aiding the ISP in implementing this hard-nosed tactic. If SPEWS didn't exist, the ISP could effectivly block the same mail, they would just require a little more effort. Or less, by simply tossing entire ISP's IP ranges into ther netblocks.

quote:
It is a conscious decision, done by only a few blacklists I know of (you'll correct me if I'm wrong), to involve other host customers in order to induce activism. I do not agree with this tactic. That is all I am saying.

If you don't agree with that tactic, then don't use those blocklists.

quote:
And by your own admission in NANAE, the majority of execs are blowing smoke up your asses when they show up. Your very own guidelines suggest you already think they're lying before they open their mouths, and that most of them likely won't do anything. How is this conclusive evidence SPEWS is really more effective than other solutions?

As I said, action. It's not the ISP admins coming in to nanae with questions that convinces me, it's the spammers disappearing from the ISP's network that convinces me. This has happened, it has been observed and documented. Every level 0 listing in SPEWS is a testament to this.

Re: My comment

Sat, 24 Jan 2004 16:42:41 EDT

anon : We are never going to agree about SPEWS being coercion.

To me its a boycott list that admins choose to use. SPEWS is doing nothing intrinsically harmful. This moaning about their abusive power sort of reminds me about the flap about food disparagement and Oprah.

As I have stated elsewhere in this topic, there is no effective way to determine the number of email boxes protected by SPEWS. The number of people complaining about it in NANBL and NANAE is indeed increasing, as is chatter on the various hosting discussion boards. Some choose to infer increased coverage from that. I don't really care, since they are not my networks.

Usage of SPEWS and other BLs are the choice of the admins. No one is forcing it on anyone. It works for me today, it may not be the right thing tomorrow. However, it has saved us from major hassles in the past, and is cost effective compared to other solutions we have looked at.

Find me something better, and I will jump to it. For now, I haven't found it.

Re: My comment

Sat, 24 Jan 2004 16:37:48 EDT

Karl Bode :

quote:
Invalid comparison. You are describing a direct attack. SPEWS does not do anything directly. SPEWS is entirely passive.

I've heard some variety of this nonsense for the past week, and no matter how it's presented it fails to impress. The power they wield exists, whether it's applied via an ISP's usage of the list or not. They know it exists, and they use it accordingly. The ISP's who utilize SPEWS (level 1 or 2) blacklists likewise support the tactic.

At least say "Yes, this is a hard-nosed tactic but I approve of it" instead of all this dancing about how SPEWS is simply an uninvolved spectator via closed-circuit television who flings data into the ether. We could then at least agree to disagree.

It is a conscious decision, done by only a few blacklists I know of (you'll correct me if I'm wrong), to involve other host customers in order to induce activism. I do not agree with this tactic. That is all I am saying.

And by your own admission in NANAE, the majority of execs are blowing smoke up your asses when they show up. Your very own guidelines suggest you already think they're lying before they open their mouths, and that most of them likely won't do anything. How is this conclusive evidence SPEWS is really more effective than other solutions?

Does any actual data exist that SPEWS is any more effective than other solutions in stopping spam? You'll excuse me if I fail to find 500 identical NANAE conversations where an admin gets insulted to be compelling evidence.......

Re: My comment

Sat, 24 Jan 2004 16:13:59 EDT

Dimensio :

quote:
Yeah, blackmailing/coercion/imposing collateral damage (whatever term you like) works pretty damn well.

Who is blackmailing or coercing? Collateral damage is simply a result of an ISP's "legitimate" customers being left out in the cold when the ISP allows their netspace to become a cesspit with whom no one wants to trade packets. Don't blame MY ISP because YOUR ISP has made themselves openly hostile to the point where everyone shuns their mail.

quote:
So does taking pliers to a man's testicles. "Go on, find me a better way of making a man talk than taking pliers to his testicles."

Invalid comparison. You are describing a direct attack. SPEWS does not do anything directly. SPEWS is entirely passive. The only ones really taking "action" are the ISPs who use SPEWS, but even then it's a passive method -- they're just rejecting mail from known spam sources. That's not equivalent to taking a pair of pliers to a man's testicles. Anyway, I asked "Can you think of a BETTER method for pressuring spam-friendly ISPs without causing collateral damage". In other words, I asked if you have a solution to get ISPs to clean up their act that does NOT involve doing something that you don't like.

quote:
Out of curiosity, is there any actual hard data supporting the fact that SPEWS is any more effective at stopping spam than any combination of other blacklists and technology?

I'd say that ISP admins coming to news.admin.net-abuse.email, asking how they can get out of SPEWS, and subsequently terminating spammers on their network is good evidence.

Re: My comment

Sat, 24 Jan 2004 15:54:12 EDT

Karl Bode : Targeted Assassination is better. But I wouldn't employ it because it crosses the line over what I deem ethical behavior, as does SPEWS. Yeah, blackmailing/coercion/imposing collateral damage (whatever term you like) works pretty damn well. So does taking pliers to a man's testicles. "Go on, find me a better way of making a man talk than taking pliers to his testicles."

Obviously ethics is subjective, or we'd all be hugging right about now about how wonderful SPEWS is.

Out of curiosity, is there any actual hard data supporting the fact that SPEWS is any more effective at stopping spam than any combination of other blacklists and technology?

Because if we're quantifying "better", we'd have to be able to actually measure the impact and compare it to other solutions, would we not?

Re: My comment

Sat, 24 Jan 2004 15:44:20 EDT

Dimensio :

quote:
Targeted assassination? As long as we're ignoring the impact of our actions and assuming the ends justify the means, why not?

I have (and still do) seriously suggested this for notorious email spammers like Alan Ralsky. Of course, in this case I think it an appropriate means.

You didn't seriously answer my question though. Find a BETTER method than SPEWS to pressure spam-friendly ISPs into dropping spammers that ALSO doesn't cause any "collateral damage".

Re: My comment

Sat, 24 Jan 2004 15:37:13 EDT

Karl Bode :

quote:
Fine. Find a BETTER method than SPEWS to pressure spam-friendly ISPs into dropping spammers that ALSO doesn't cause any "collateral damage".

Targeted assassination? As long as we're ignoring the impact of our actions and assuming the ends justify the means, why not? I mean if we're going to be zealots who are completely immobile in our beliefs, why not really apply ourselves.....

Re: Why not to use SPEWS

Sat, 24 Jan 2004 15:02:12 EDT

B :

said by W7PSK :
And I still say they are one in the same. You dont have two IDENTICAL ISP in the Same Building using the SAME office address. Especially since they were BOTH listed at one time as

SUITE 110.

Now do two different companies normally use the same Suite Number also.

Its very easy for that CEO to FEIN innocence and suddenly he sees he has a problem. WTF kind of CEO doesnt know their company is being WALLED off the internet.

I still say they are 1 in the Same 100% and the CEO is trying to cover it up fast.

I tend to believe you, but when I went and Googled for a few minutes to scarf up some old WHOIS references, all I see is that pwebtech was in Suite 220 and NAC was in Suite 111. This is in keeping with their current "story".

I was about to suggest that someone might check on the corporate officers/owners of the two companies, and then noticed that a post at »groups.google.com/groups?q=pwebt···m&rnum=3 covered the same ground.

-- B

Re: My comment

Sat, 24 Jan 2004 14:30:23 EDT

Dimensio :

quote:
Because that is the question.

Fine. Find a BETTER method than SPEWS to pressure spam-friendly ISPs into dropping spammers that ALSO doesn't cause any "collateral damage".

I eagerly await your answer.

Re: My comment

Sat, 24 Jan 2004 14:18:22 EDT

anon : Unfortunately, there does not seem to be one. Listing only the IPs of spammers failed. Their money was just too good, especially during the shakeout in the hosting biz. Listing large portions of the providers netspace was the logical evolution. Its ugly, but it works.

Not sure if I would block using SPEWS if I was still in the ISP biz. But it and other lists have been a real help here in IT land.

Remember also its the admins who choose which lists and block the traffic, and not the list operators.

Re: My comment

Sat, 24 Jan 2004 13:59:53 EDT

Karl Bode : Let's rephrase that:

quote:
A better way to pressure spam-friendly ISPs to drop their criminal customers without causing collateral damage?

Because that is the question.

Re: My comment

Sat, 24 Jan 2004 13:55:56 EDT

Dimensio : I forgot one comment...

quote:
There's got to be a better way.

A better way to pressure spam-friendly ISPs to drop their criminal customers? Let's hear it.

Re: My comment

Sat, 24 Jan 2004 13:55:17 EDT

Dimensio :

quote:
I think that SPEWS (and other blacklists) that probably do more harm than good. They seem to be using the shotgun approach to kill a gnat.

Here's my reasoning:
[... see above for reasoning ...]

Well, then it's probably best if the ISPs actually kick off their spammer clients so that they can better serve their legitimate customers.

Re: Why not to use SPEWS

Sat, 24 Jan 2004 13:32:51 EDT

W7PSK : Anon User
anonymous
dyn.optonline.net

Before you go shooting off, I suggest you read what I posted. What you so CONVENIENTLY left off was the UPDATE Date of the 23rd of January 2004. This information was posted before that and then SUDDENLY it changed.

And why did they post a PO BOX from Franklin Lakes when ALL their Phone Look ups on Superpages and Whitepages all point back to Parsippany. WHY would a business do that for a domain registrar unles they are trying to HIDE somthing

And I still say they are one in the same. You dont have two IDENTICAL ISP in the Same Building using the SAME office address. Especially since they were BOTH listed at one time as

SUITE 110.

Now do two different companies normally use the same Suite Number also.

Its very easy for that CEO to FEIN innocence and suddenly he sees he has a problem. WTF kind of CEO doesnt know their company is being WALLED off the internet.

I still say they are 1 in the Same 100% and the CEO is trying to cover it up fast.
--
Rick Scott Everett, Washington

My comment

Sat, 24 Jan 2004 11:03:25 EDT

richk_1957 : I don't know all the issue [and everything about them]
and
I don't have the answers
BUT
I think that SPEWS (and other blacklists) that probably do more harm than good. They seem to be using the shotgun approach to kill a gnat.

Here's my reasoning:
Spammers are small shops, they don't need much, just a good internet connection & a PC. If they loose their connection, not much inconvenience for them. But for regular home users, it CAN be a big deal. And what if you use the internet to get financial data [bills, etc. you've signed up for 'paperless' programs]. And what about users that don't have the option of changing ISP [there is only one available to them]? Then, there is the business users. They may have thousands of dollars invested in equipment and cannot change.

There's got to be a better way.

my 1 cent

Re: Why not to use SPEWS

Sat, 24 Jan 2004 02:13:46 EDT

Dimensio :

quote:
Because they are a customer!

As I thought. Someone told me that NAC.net didn't have any control over pwebtech.com. They were obviously mistaken.

Re: Why not to use SPEWS

Sat, 24 Jan 2004 02:09:19 EDT

Dimensio : Sorry. Someone one one of these discussions has state that NAC has no control whatsoever over pwebtech, and he pointed me to this discussion for the "proof". Apparently he read something into the information here that just doesn't exist.

Re: Why not to use SPEWS

Sat, 24 Jan 2004 02:02:05 EDT

anon : Political control over a company is wholy irrelevant to how IP addresses are assigned. Another words:

> If NAC.net really has no control over pwebtech.com, then
> why does NAC.net own the IP addresses?

Because they are a customer!

Just like the IP space that BBR is in is 'owned' (sic) by NAC, we don't own BBR.

Re: Why not to use SPEWS

Sat, 24 Jan 2004 01:52:30 EDT

Spectral :

said by Dimensio :

If NAC.net really has no control over pwebtech.com, then why does NAC.net own the IP addresses?

I'm sorry, I don't get where you are seeing anyone saying Nac doesn't have control over pweb?
The only question I saw raised was basically are they the same company since they have the same physical street address and is that why they let Pweb get away with so much.

Edit: Ps. Welcome to BBR Dimensio:)
--
"Flying
There is an art, or rather a knack to flying. The knack lies in learning how to throw yourself at the ground and miss."~Douglas Adams

Re: Why not to use SPEWS

Sat, 24 Jan 2004 01:50:15 EDT

Steve :

said by Dimensio :
If NAC.net really has no control over pwebtech.com, then why does NAC.net own the IP addresses?

They have never said they had no control, they simply said that they had delegated abuse enforcement of pwebtech's customers to pwebtech.

But the flurry of activity tonight on NANAE from both pwebtech and nac.net, suggests very good things. Really, really good things.

Edit Steve B and Alex: you rock!

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Sat, 24 Jan 2004 01:35:47 EDT

Dimensio :

quote:
To be fair the original statement made was that both Nac's and Pweb's phone numbers resolved to the same address, not that they had the same phone numbers(if you scroll back a page and look at the original commments). In which case being in the same building is a reasonable explanation.

I wonder if there is a "reasonable explanation" as to why the IP address for pwebtech.com and the listed DNS servers for pwebtech.com are listed as being owned by nac.net in ARIN. Is ARIN lying?

If NAC.net really has no control over pwebtech.com, then why does NAC.net own the IP addresses?

Re: Why not to use SPEWS

Sat, 24 Jan 2004 00:48:45 EDT

schnuggles :

said by Steve :
But this whole SPEWS business has provided quite an eye opener. Once all this crap calms down with nac.net I think some of us in the Pac*Bell forum might visit the various blacklists and turn some attention to the SBC listings. If they're that bad, we ought to be talking about it.

Steve

Now *that's* an answer worthy of the debate I've see from you.
:)
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Sat, 24 Jan 2004 00:45:58 EDT

Spectral : Steve, I'm pretty sure he meant that in reply to B.

To be fair the original statement made was that both Nac's and Pweb's phone numbers resolved to the same address, not that they had the same phone numbers(if you scroll back a page and look at the original commments). In which case being in the same building is a reasonable explanation.
--
"Flying There is an art, or rather a knack to flying. The knack lies in learning how to throw yourself at the ground and miss."~Douglas Adams

Re: Why not to use SPEWS

Sat, 24 Jan 2004 00:38:27 EDT

Steve :

said by Anon User:
Before shooting your mouth off know the facts..

Well I don't know the facts, but I also said

quote:
dunno if it applies here

Was that not a big enough of a disclaimer?
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Sat, 24 Jan 2004 00:23:37 EDT

Steve :

said by schnuggles :
That's the *best* arguement you could come forth with!?!?

No, but I think it's a fine one. I haven't researched just how bad the various ISPs are, so I have to take the word of others who think about this more than I do. I believe that the folks at SPEWS think about spam a lot more than I do, and that NAC.NET gets their attention and SBC does not counts for something in my book. But if you know otherwise, then I suppose you could be right.

But this whole SPEWS business has provided quite an eye opener. Once all this crap calms down with nac.net I think some of us in the Pac*Bell forum might visit the various blacklists and turn some attention to the SBC listings. If they're that bad, we ought to be talking about it.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Sat, 24 Jan 2004 00:18:12 EDT

anon : Pegasus 973-267-4707 main line
NAC 973-590-5050 (noc)

Pegasus Suite 220
NAC Suite 111

How is that the same.

Pegasus Whois
Registrant:
Pegasus Web Technologies (PWEBTECH-DOM)
P.O. Box 577
Franklin Lakes, NJ 07417
US

Domain Name: PWEBTECH.COM

Administrative Contact:
Pegasus Web Technologies (PA5282-ORG) admin@PWEBTECH.COM
P.O. Box 577
Franklin Lakes, NJ 07417
US
973-267-4707 fax: 973-267-9450

NAC Whois
Registrant:
Net Access Corporation (NAC3-DOM)
P.O. Box 160
Newton, NJ 07860
US

Domain Name: NAC.NET

Administrative Contact:
Rubenstein, Alex (AR97) alex@NAC.NET
9 MOUNT PLEASANT TPKE
DENVILLE, NJ 07834-3612
US
973-442-3401 fax: 973-989-5535

Before shooting your mouth off know the facts..

Re: Why not to use SPEWS

Sat, 24 Jan 2004 00:15:03 EDT

schnuggles :

said by Steve :
Um, I think you need to read some more. NAC/BBR is SPEWS listed. SBC/me are not.

Apparently it's not that bad yet. famous last words?

That's the *best* arguement you could come forth with!?!?
--
Salus Populi Suprema Est Lex

-Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Fri, 23 Jan 2004 23:38:44 EDT

schnuggles :

said by TamaraB :

Crack dealers, child pornographers, and purveyors of bogus penis enlargment scams "make money". Making money is not all there is to life (unless you are a spammer), and there are legitimate ways of making money without harming others!

Captain Bob

AMEN!
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Fri, 23 Jan 2004 23:03:27 EDT

B :
When those companies are small law offices or consulting or design firms or secretarial agencies, sure.

When those companies are themselves colocators with racks and racks of their OWN equipment and power and cooling and space, I find it VERY hard to believe that they'd just happen to be sharing a phone number with others in the building. But like you, I don't know what the story is here.

-- B

Re: Why not to use SPEWS

Fri, 23 Jan 2004 22:50:35 EDT

Steve :

said by B :
But they have the same phone number!

Plenty of companies use executive suite services that share a common phone number without inherently definining a business relationship with each other.

Dunno if it applies here though.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 22:46:03 EDT

B :

said by prmmover:
RE: the Pwebtech/Nac connection...

Pwebtech and Nac are NOT the same company.

They share the same building.

4 years ago, Pwebtech was a small company selling hosting. They leased office space outside of Nac's building (which, at the time, was not where either of them are in now).

Then pwebtech grew, and kept growing. They were/are selling cheap hosting, and they started taking rack after rack of colo space. (I remember when they installed their first servers in the colo, and they have grown to enormous proportions since I left.)

Then, they decided to move into the same building, literally across the hall from the NOC, since their old lease was up anyways (IIRC), and they would be closer to the servers for trouble issues.

They are still in the same building. They colo host probably now well over 1,000 machines.

There's your connection. They are 2 separate business entities, and owned by separate people.

-Gary

But they have the same phone number! That, obviously, is where your cover story falls apart. Completely.

Why isn't anyone else commenting on this obvious bombshell subthread?

-- B

Re: Why not to use SPEWS

Fri, 23 Jan 2004 21:44:09 EDT

anon :

Interesting that it has taken BBR and this sites exposure to make some things happen all of a sudden. A quick search of the site here doesn't reveal much in the way of bad things related to pwebtech, Pegasus Web Technologies, or NAC.net as they relate to spam since october. I'm sure a little blurb in this forum here would have got some wheels turning if it was such a problem. Maybe the little "hey dlsr/bbr guys...." note should have been posted here. No? doesn't follow the SPEWS way of doing things?

Did you think that through...people with complaints about pwebtech and other NAC customers should post them here? You sent complaints to abuse@ that is what they are there for. If you are a diehard anti, you post in NANAS as well. DSLR is an interesting place, but its not the nexus for NAC complaints.

It doesn't take much digging in the NANAE to figure out who's behind the mask at SPEWS.

Determining who SPEWS is based on posts in NANAE is laughable. If it was that easy, it would have been done by now. Whomever they are, they have fairly good OPSEC, especially after that suit by the idiot Florida lawyer.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 21:23:46 EDT

anon : Actually we bounce mail from servers on Comcast cable modems. Way too many rooted boxes there. We do accept it from their main mail servers though.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 21:02:39 EDT

Steve :

said by Karl Bode :
Damnit Steve, those communities have a right to provide Broadband, and your funds are helping that company pass wish-list legislation in multiple states!

Hey, Mr. Editor, without me/sbc you'd have nothing to whine about. Count your blessings :)
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 20:58:57 EDT

Karl Bode : Enough about Spam. I've decided to broaden that logic out of the realm of spam. I say we start holding users and websites responsible for everything their provider does.

I have decided to hold Star Wolf personally responsible for Comcast's decision to implement invisible bandwidth caps, and their subsequent practice of disconnecting users without clarifying said caps. His funds support Comcast, he must in turn support invisible caps. Damnit Wolf! Those users aren't being properly informed of what the download limitations are! :p

Much like Steve supports legislative efforts by SBC to eliminate municipal broadband competition since he is a subscriber. Damnit Steve, those communities have a right to provide Broadband, and your funds are helping that company pass wish-list legislation in multiple states! :p

Re: Why not to use SPEWS

Fri, 23 Jan 2004 20:56:04 EDT

firephoto :

said by Star Wolf:

The bubbas taking the hits this time around are Pwebtech and NAC, whose spam issues until now were not well known.

Interesting that it has taken BBR and this sites exposure to make some things happen all of a sudden. A quick search of the site here doesn't reveal much in the way of bad things related to pwebtech, Pegasus Web Technologies, or NAC.net as they relate to spam since october. I'm sure a little blurb in this forum here would have got some wheels turning if it was such a problem. Maybe the little "hey dlsr/bbr guys...." note should have been posted here. No? doesn't follow the SPEWS way of doing things? It doesn't take much digging in the NANAE to figure out who's behind the mask at SPEWS. Google is your friend. The SPEWS.org register info is interesting too.

It's nice to see the commments from the NAC CEO too. They run a good business that can be proven by the fact that very few haven't been able to get to BBR when they clicked the link. It always works for me except for the rare database error I've seen. Good work to all invovled!

Re: Why not to use SPEWS

Fri, 23 Jan 2004 20:46:15 EDT

IronDragon : I still find it hard to believe that people using spam friendly isp's such as Comcast and Pac Bell are defending spews when they would be considered as "guilty" as dslr because they "support spam friendly isp's"
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 18:49:30 EDT

anon :

It didn't help SA, but I doubt it increased SPEWS-using admins either. I suspect fewer admins use it since that bad publicity.

In the greater scheme of things, the SA/SPEWS fracas was a non-event for both sides. Neither gained or lost much, though SA got some additional exposure it had not had before. I believe this will be true for DSLR as well.

The bubbas taking the hits this time around are Pwebtech and NAC, whose spam issues until now were not well known.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 17:24:47 EDT

Steve :

said by Dimensio :
no official SPEWS people were around to point out the obvious falsehoods.

I think that an organization that exists to implement a policy can speak through that policy. Updating an FAQ and having anybody point to it should be good enough.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 17:23:14 EDT

Dimensio :

quote:
It didn't help SA, but I doubt it increased SPEWS-using admins either. I suspect fewer admins use it since that bad publicity.

You may have a point. The downside of SPEWS being an anonymous entity is that they can't have a spokesperson countering false claims made about them. As such, when somethingawful and others started lying about how SPEWS works (one jackass even claimed that SPEWS demands money to remove list entries), no official SPEWS people were around to point out the obvious falsehoods.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 17:15:14 EDT

AmeritecTech :

said by Dimensio :
The only alternatives are a media campaign (as Something Awful did)

Yeah, that worked. In addition to still being listed in SPEWS, SA's antics got them stuck into quite a few private blocklists from which they will NEVER be removed, even if NHI/Cogentco cleans up its act.

It didn't help SA, but I doubt it increased SPEWS-using admins either. I suspect fewer admins use it since that bad publicity.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Fri, 23 Jan 2004 17:11:50 EDT

Dimensio : The only alternatives are a media campaign (as Something Awful did)

Yeah, that worked. In addition to still being listed in SPEWS, SA's antics got them stuck into quite a few private blocklists from which they will NEVER be removed, even if NHI/Cogentco cleans up its act.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 16:25:12 EDT

IronDragon : I would be happy to debate this with you providing you can remain professional and respectful.

If you insist on bringing personal bias into this discussion then I will have to ignore any subsequent posts made by you.
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 16:05:46 EDT

catbert66 :

said by IronDragon :
if telstra isn't authoritative for spews then spews is in violation of an icann regulation regarding accurate entries for it's domain registration which could cost it the domain name.

so that would still make them untrustworthy if they can't follow the regulations for domain name registration data as outlined in icann regulations

What next, are you going to claim that SPEWS is a front for the Illuminati, or that they're not really in Irkutsk?

If you're that concerned, look up their registrar and report it. Given that they have two valid nameservers anyway, the most the registrar will probably do is say "update your info" and drop it. No one seems to have any problems resolving their records, so it's pretty much a lowest-priority issue.

If SPEWS were as untrustworthy as you make them out to be, it wouldn't be used. As it is, a non-trivial number of mail administrators use SPEWS records to block mail from sewage-spewing ISPs like nac.net, which is starting to smell more and more like a pwebtech sock puppet every day.

On a happy note, pwebtech has inspired me to add all the IP addresses in AS8001 (nac.net) to my spammy-ISP blackhole zone:

64.21.0.0/17
64.21.128.0/18
64.247.0.0/18
65.207.5.0/24
66.246.0.0/17
66.246.128.0/18
198.175.9.0/24
198.182.247.0/24
199.201.231.0/24
199.201.232.0/22
204.68.168.0/24
207.99.0.0/17
208.51.159.0/24
209.123.0.0/16
216.118.64.0/18

That'll pretty much take care of nac.net's spam problem from my POV. If and when they clean up their act, they'll get out -- if I happen to think about it. Or maybe they'll wind up like the old AGIS netblocks: blackholed in a thousand private lists until the heat death of the Universe. It's no skin off my nose, either way.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 15:53:05 EDT

Karl Bode : I've posted the primary discussion with NAC.net's CEO Blake Ellman to the front-page for those interested:

»Broadband Reports Interview

He's agreed to field the most pointed and relevant questions plucked from the comments section, which I'll then publish in a second half-interview next week.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 15:31:02 EDT

anon : RE: the Pwebtech/Nac connection...

Pwebtech and Nac are NOT the same company.

They share the same building.

4 years ago, Pwebtech was a small company selling hosting. They leased office space outside of Nac's building (which, at the time, was not where either of them are in now).

Then pwebtech grew, and kept growing. They were/are selling cheap hosting, and they started taking rack after rack of colo space. (I remember when they installed their first servers in the colo, and they have grown to enormous proportions since I left.)

Then, they decided to move into the same building, literally across the hall from the NOC, since their old lease was up anyways (IIRC), and they would be closer to the servers for trouble issues.

They are still in the same building. They colo host probably now well over 1,000 machines.

There's your connection. They are 2 separate business entities, and owned by separate people.

-Gary

Re: Why not to use SPEWS

Fri, 23 Jan 2004 14:42:49 EDT

IronDragon : if telstra isn't authoritative for spews then spews is in violation of an icann regulation regarding accurate entries for it's domain registration which could cost it the domain name.

so that would still make them untrustworthy if they can't follow the regulations for domain name registration data as outlined in icann regulations
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 14:37:18 EDT

catbert66 :

said by IronDragon :
anyone notice that spews uses a "prospam" isp's dns server in telstra.net and ultradns.net a simple google search can tell you that. »www.toastedspam.com/stupid/dispt···com_0001

Overview of spam from Telstra.net
9 Aug 2003
No spam today

Overview of last 15 reports
date posts total BI
07 Jul 2000 35 60 42.25 full headers
09 Jun 2000 59 106 70.57 full headers
07 Apr 2000 46 203 85.97 full headers
25 Feb 2000 138 754 295.35 full headers

[snip]

Site history
8 May 2002: Threatened with legal action by Brumbies rugby team for selling them IP address space that had been ruined by spammers. See Australian IT article
1 Dec 1999: Saylor is back.
23 Sept 1999: Telstra has reportedly been added to the RBL.. See reference spam »maps.vix.com/rbl/ev/24.192.1.19-32.txt. That address seems to have already been removed.

Wow, Usenet spam reports from 2002, 2000, and 1999. They must really be flying under the radar. Those sneaky Telstra bastards.

And once again:

% dig @ns1.telstra.net  spews.org soa
 
; <<>> DiG 9.2.1 <<>> @ns1.telstra.net spews.org soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17600
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;spews.org.                     IN      SOA
 
;; Query time: 286 msec
;; SERVER: 203.50.0.24#53(ns1.telstra.net)
;; WHEN: Fri Jan 23 14:18:46 2004
;; MSG SIZE  rcvd: 27

See? So Telstra isn't authoritative for SPEWS, no matter what the NS record says.

Googling for "ultradns spam support" yields 109 entries, and I know for a fact that they've booted spam domains using their services. Googling for "nac.net spam support" yields 2,650 entries, and we all know NAC hears the clink of spammer cash and throws away the rule book.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 14:36:41 EDT

Karl Bode : It means Steve supports the total deregulation of the internet! His money goes toward funding massive legislative pushes aimed at banning municipal broadband operations! He also supports charging customers eight dollars for caller-id when it costs a penny to provide! I hold Steve entirely responsible.

This logic train SPEWS operates runs on unsturdy tracks, however one feels about their fundamental principles. It's the same one used by Uncle Sam, who try to convince me the joint my son Bobby just smoked means Bobby supports Bin Laden.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 14:22:22 EDT

IronDragon : I never said sbc/you were spews listed. Only that the people posting in nanae who state they are antispam equate doing business with a spam friendly isp to be the same as spamming yourself.

that is how you/sbc = bbr/nac

It's the same principle. You chose to do business with Pac Bell/SBC who is known to be friendly to spammers and do nothing. How can you defend a listing of another place that has exactly the same relationship.
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 14:14:41 EDT

Steve :

said by IronDragon :
From what I've read in nanae that would make you no better than DSLR/BBR in spews eyes.

Um, I think you need to read some more. NAC/BBR is SPEWS listed. SBC/me are not.

Apparently it's not that bad yet. famous last words?
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 14:13:03 EDT

TamaraB :

said by catseyenu :
The worlds biggest spamming HOSTER PWEBTECH, whom NAC says is a downstream and they will look into is appears to be the SAME COMPANY. .....
Somthing is fishy.

Kettle of ROTTEN smelly fish actually... NAC/PWEBTECH (same-same)... Now lets look at some other slimes they currently harbor. Under another "front" called VOXEL.NET.

I would ask the CEO of NAC (if he realy gives a shit) to explain these as well! And why spam complaints to NAC about them go directly to these spammers.

===============

voxel.net has address 209.123.232.166
Voxel dot Net, Inc (NETBLK-NET-D17BE800-24)
256 Broadway #3

Troy, NY 12180

OrgID : NAC-26220
Netname : NET-D17BE800-24
Netblock: 209.123.232.0/24
NetUse : voxel 07/22/02

Coordinator:
Operations, Support billing@voxel.net
Phone: 973-267-4707

=========

mproc4.com has address 66.246.162.80
NAC-Rwhoisd32 Server Ready - [hydrogen/43] Rwhoisd32 v1.0.55

Voxel dot Net, Inc (NETBLK-NET-42F6A200-24)
256 Broadway #3

Troy, NY 12180

OrgID : NAC-26220
Netname : NET-42F6A200-24
Netblock: 66.246.162.0/24
NetUse : Voxel Nyc

Coordinator:
Operations, Support billing@voxel.net
Phone: 973-267-4707

====================

mastermailings.com has address 66.246.162.80
NAC-Rwhoisd32 Server Ready - [hydrogen/43] Rwhoisd32 v1.0.55

Voxel dot Net, Inc (NETBLK-NET-42F6A200-24)
256 Broadway #3

Troy, NY 12180

OrgID : NAC-26220
Netname : NET-42F6A200-24
Netblock: 66.246.162.0/24
NetUse : Voxel Nyc

Coordinator:
Operations, Support billing@voxel.net
Phone: 973-267-4707

There are more.... many more! NAC.NET are Spam-slime! and do their best to hide it (not very well I might add), but you you can't realy hide such things, a little digging, and .......

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Fri, 23 Jan 2004 14:09:08 EDT

IronDragon : You state you are against spam but continue to support a spam friendly ISP. From what I've read in nanae that would make you no better than DSLR/BBR in spews eyes. Interesting how you can continue to defend an organization that shows a lack of respect for your limited choice for an isp.
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 14:00:44 EDT

Steve :

said by IronDragon :
I guess you don't believe that you shouldn't do business with spam harboring isp's.

Yes, SBC has a pretty poor record, and if I/they ever get listed in SPEWS, I will raise holy Hell about it. To SBC.

If they stay listed, I'll move, or smarthost my email elsewhere. I would only be angry at SPEWS if I felt that SBC's behavior didn't warrant this kind of drastic action.

I think it might do me some good to visit nana* a bit and see just how bad the problem is.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 13:51:42 EDT

IronDragon : I find it hard to understand your support of spews if you don't believe that you shouldn't do business with spam harboring isp's.
i hope you like the link below that outlines sbc's ignoring spam reports
»sbc-sucks.org/
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 13:40:48 EDT

Steve : What you're seeing on nanae is that if you are listed, it's because your ISP is atrociously involved in spam, not "just a little involved in spam".

If you aren't able to make distinctions based on "degree of culpability", then justin and BBR are guilty of spam support. Some time ago the site allowed screen scraping of public member email addresses (but never private ones!), and a spammer went to town. It was caught in short order, and site software was changed immediately to fix it, but it still happened.

I can see the difference between "NAC.NET harbors known spammers for a long time" and "Got burned once and attended to it right away". If you can't see that difference, you can make anybody look like they are doing business with a spammer.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 13:34:13 EDT

IronDragon : So what you and several other people are saying is that SPEWS is above what it requires for everyone else.
The reason behind that statement is if you go to nanae and ask how to get delisted from SPEWS the answer is simply don't do business with hosts that have spammers on their service.

Again a double standard
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 13:25:59 EDT

Steve :

said by IronDragon :
Interesting you are taking that point, since every post I have seen in nanae ( which is where people are pointed to attempt to be removed from SPEWS ) seems to say the only way to stay off SPEWS list is to not do business with ISP's that have spammers.

If you're an ISP or webhoster, you can't generally help it if a dirtball spammer signs up for your service, so you're going to have complaints filed against you. The real test is whether you "terminate on first offense" or "ignore it". Both of these cases involve "ISPs that have had spammers", but you gain no useful information by putting these in the same category.

And getting an ISP-wide listing as NAC has obtained takes some real doing: there comes a point where an operation is so bad that "shunning" and "boycotting" are the only way to get something done.

Telstra is apparently not in that category. NAC.NET apparently is.

Life is full of these kinds of matters-of-degree.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 13:18:48 EDT

IronDragon : Interesting you are taking that point, since every post I have seen in nanae ( which is where people are pointed to attempt to be removed from SPEWS ) seems to say the only way to stay off SPEWS list is to not do business with ISP's that have spammers. This would indicate a double standard. One for SPEWS and one for everyone else. Just a little hypocritical one would think
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 13:18:19 EDT

catseyenu :

said by W7PSK :
WELLL NOW isnt that interesting.

The worlds biggest spamming HOSTER PWEBTECH, whom NAC says is a downstream and they will look into is appears to be the SAME COMPANY.

Now, Talk among yourselves. But I would ask the person who is gonna interview the CEO to umm, take a look at all this info and inquire a bit deeper.

Dont forget, WHOIS for PWEBTECH was changed Yesterday after this info was released. But the phone numbers MATCH the same address.

Somthing is fishy.

Enter exhibit C...
Hope we're not down too long.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 13:11:13 EDT

Steve :

said by IronDragon :
Have you bothered to run checks for companies that SPEWS is associated with in their domain registration. according to the whois results for SPEWS their dns services are provided by telstra and ultradns, both of which if you do a google search for telstra spam or ultradns spam come back with spam reports originating with those domains.

It's hard to avoid doing business with people who have no spam in their history. Even those operators that have a good track record of attending to things will "have a history" - if you avoid IP traffic with anybody who's ever been in the same room with a spammer, you'll find yourself using the fax and the phone a lot.

If these mentioned outfits had a history of abuse as bad as nac.net does, then perhaps one could make this point, but I don't think it's the case.
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 13:04:52 EDT

IronDragon : Have you bothered to run checks for companies that SPEWS is associated with in their domain registration. according to the whois results for SPEWS their dns services are provided by telstra and ultradns, both of which if you do a google search for telstra spam or ultradns spam come back with spam reports originating with those domains.

That should cast doubt on the commitment of SPEWS in the antispam arena
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 12:03:42 EDT

W7PSK : Just as to double check my figures

I just did a reverse phone lookup on a couple of web sights and they both came up with the NAC address for PWEBTECH.

This one from anywho.com

You searched for: 973 2674707
Results 1 - 1 of 1 Search Public Records! PREVIOUS | NEXT

Reverse Telephone Listings
Pegasus Web Technologies

1719 State Route 10
PARSIPPANY, NJ 07054
973-267-4707

Maps & Directions | Did you go to school with Pegasus Web Technologies?
Pegasus Web Technologies is in Our Database! Click Here

Here is ANYWHO for the NAC number.

You searched for: 973 5905000
Results 1 - 1 of 1 Search Public Records! PREVIOUS | NEXT

Reverse Telephone Listings
Net Access

1719 State Route 10
PARSIPPANY, NJ 07054
973-590-5000

Maps & Directions | Did you go to school with Net Access?
Net Access is in Our Database! Click Here

Umm See a BIG Similarity there :D

This one from www.whitepages.com

Search Information:
Searched terms: "(973) 267-4707" New search | Modify search |
Printer-Friendly
1 Result Search took 0.05 seconds

Pegasus Web Technologies
1719 State Highway 10
Parsippany, NJ 07054
(973) 267-4707

Whitepages for NAC number

Searched terms: "(973) 590-5000" New search | Modify search |
Printer-Friendly
1 Result Search took 0.13 seconds

Net Access
1719 State Route 10
Parsippany, NJ 07054
(973) 590-5000

WOW ISNT THAT AMAZING.

The Plot now thickens a LOT.

Please when you interview the CEO, I would LOVE to hear the answer to that question.

Im not going to go into whether or not to use SPEWS. That is up to Admins that Choose to or not. Its their equipment.

BUT, I did want to see what was going on with NAC and why they were so against dropping PWEB. I saw a quote somewhere and did more digging.

Looks like I found a RAT.
--
Rick Scott Everett, Washington

Re: Why not to use SPEWS

Fri, 23 Jan 2004 11:49:25 EDT

Steve :

said by IronDragon :
anyone notice that spews uses a "prospam" isp's dns server in tel stra.net and ultradns.net a simple google search can tell you that.

... and anybod y with a Linux box can take the one extra step and find out that Telstra isn't actually ho sting anything:


$ dig @ns1.telstra.net spews.org soa
 
; <<>> DiG 9.2.3 <<>> @ns1.telstra.net spews.org soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20470
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;spews.org.                     IN      SOA
 
;; Query time: 202 msec
;; SERVER: 139.130.4.5#53(ns1.telstra.net)
;; WHEN: Fri Jan 23 08:47:10 2004
;; MSG SIZE  rcvd: 27

That nameserver is not authoritative for that zone (the "SERVFAIL")

Steve

--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 11:22:31 EDT

IronDragon : Domain ID:D74783489-LROR
Domain Name:SPEWS.ORG
Created On:07-Jul-2001 19:50:12 UTC
Last Updated On:06-Nov-2003 14:49:01 UTC
Expiration Date:07-Jul-2008 19:50:12 UTC
Sponsoring Registrar:R25-LROR
Status:OK
Registrant ID:CORG-1195
Registrant Name:chip level domains
Registrant Organization:Visit Lake Biakal!
Registrant Street1:po box 61, Baikalsk-2
Registrant City:Irkutsk region, -- 665914
Registrant Postal Code:665914
Registrant Country:RU
Registrant Phone:+7.3952348335
Registrant FAX:+7.3952348335
Registrant Email:chip@sendmail.ru
Admin ID:CORG-58588
Admin Name:Sergei ''Chip'' Didorenko
Admin Organization:Visit Lake Baikal! ~ »baikal.irkutsk.org
Admin Street1:po box 61, Baikalsk-2
Admin City:Irkutsk region
Admin Postal Code:665914
Admin Country:RU
Admin Phone:+7.3952348335
Admin Email:chip@sendmail.ru
Tech ID:CORG-58588
Tech Name:Sergei ''Chip'' Didorenko
Tech Organization:Visit Lake Baikal! ~ »baikal.irkutsk.org
Tech Street1:po box 61, Baikalsk-2
Tech City:Irkutsk region
Tech Postal Code:665914
Tech Country:RU
Tech Phone:+7.3952348335
Tech Email:chip@sendmail.ru
Name Server:NS1.TELSTRA.NET
Name Server:UDNS1.ULTRADNS.NET
Name Server:UDNS2.ULTRADNS.NET

anyone notice that spews uses a "prospam" isp's dns server in telstra.net and ultradns.net a simple google search can tell you that. »www.toastedspam.com/stupid/dispt···com_0001

Overview of spam from Telstra.net
9 Aug 2003
No spam today

Overview of last 15 reports
date posts total BI
07 Jul 2000 35 60 42.25 full headers
09 Jun 2000 59 106 70.57 full headers
07 Apr 2000 46 203 85.97 full headers
25 Feb 2000 138 754 295.35 full headers
14 Jan 2000 247 2659 808.73 full headers
12 Jan 2000 132 1629 463.08
07 Jan 2000 178 2111 610.72
04 Jan 2000 39 386 122.62
03 Jan 2000 12 99 34.29
06 Dec 1999 108 734 273.26
03 Dec 1999 64 573 186.56
01 Dec 1999 169 2142 599.99
23 Nov 1999 41 391 125.65
09 Nov 1999 11 116 35.41
03 Nov 1999 336 3348 1059.85

Overview of history
posts total BI
Total spam since 18 Oct 1999 2938 27744 8860.43
Peak spam on 1 Nov 1999 1099 10247 3350.47
Peak daily spam on 1 Nov 1999 366 3415 1116.82 (3-day average)
Average daily spam 11.2 105.5 33.69

full history also available

General information about Telstra.net
Added 8 July 1997. Telstra, aka Bigpond.com, is a major Australian network service provider. Telstra has a pro-spam policy for their downstream customers. For more information, see The Situation in Australia.
Site history
Netnews Feeds
Ownership & Contact Info
Whois identifies Telstra as
Telstra Corporation Limited (TELSTRA-DOM)
C&G, Traeger Ct
Fern Hill Technology Park
Bruce
ACT, 2617
AU

Domain Name: TELSTRA.NET

Administrative Contact, Technical Contact, Zone Contact:
Huston, Geoff (GH105) gih@TELSTRA.NET
+61 2 6208 1908 (FAX) +61 6 248 6165 (FAX) +61 2 6248 6165
Billing Contact:
Huston, Geoff (GH105) gih@TELSTRA.NET
+61 2 6208 1908 (FAX) +61 6 248 6165 (FAX) +61 2 6248 6165

Record last updated on 01-Oct-1997.
Record created on 01-Jun-1995.
Database last updated on 28-Oct-1999 08:30:51 EDT.

--------------------------------------------------------------------------------

Site history
8 May 2002: Threatened with legal action by Brumbies rugby team for selling them IP address space that had been ruined by spammers. See Australian IT article
1 Dec 1999: Saylor is back.
23 Sept 1999: Telstra has reportedly been added to the RBL.. See reference spam »maps.vix.com/rbl/ev/24.192.1.19-32.txt. That address seems to have already been removed.
23 Aug 1999: Saylor has joined Telstra big-time.
21 Dec 1998: Telstra has started responding to abuse complaints.
18 Dec 1998: Discussion has begun in implementing a passive UDP against Telstra. See netnews article "Who will co-sign this? (Request to de-peer Telstra.net.)" for more info.
June 1998 Lately, Telstra has been flooding alt.sexual.abuse.recovery with porn ads, often featuring rape and incest in the subject line. Telstra admins remain unresponsive.
8 July 1997: Added to tracking list.

--------------------------------------------------------------------------------

NetNews Feeds
Telstra receives netnews feeds from the following sites that I know of:
Digex
newsfeed.berkeley.edu
newsfeed.cwix.com
worldfeed.news.gte.net
bofh.vszbr.cz
newsfeed.dacom.co.kr
newspeer.monmouth.com

--------------------------------------------------------------------------------

To report spam, contact one or more of

News@bigpond.net.au
newsmaster@telstra.net
abuse@telstra.net
A complete history is also available.

Parameters of the search are:
Path: and/or NNTP-Posting-Host: indicates source was Telstra.net
427 sample groups with "binaries", "sex", "picture", "women" or "sports" in the title, plus selected alt, rec and soc groups.
Crossposted to 6 or more newsgroups, or with selected criteria.
Posted since my last report.
General notes:
Only a small subset of usenet (261 groups) is sampled. Only articles that haven't been cancelled yet are counted. Actual spam may be much greater.
Heuristics that detect single-posted articles are, by their very nature, somewhat shaky. Innocent articles may be tagged as spam because they share certain characteristics or keywords with actual spam. In particular, a posted spam complaint that includes the spam in its entirety will very often be identified as spam.
Some posts may be forgeries intended to look like they came from Telstra.net.
The first entry in the history file is not used to compute peak or average spam counts, as this entry covers an unknown number of days. This may cause an apparent disreprency between spam totals and spam averages.
Return to top | Return to spam summaries | complete history
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 10:24:09 EDT

IronDragon : Here are several posts from the nanae newsgroup showing how much help you will get when you try to get removed or post respectful or polite query's.

If the links listed below do not work you can use this one »groups.google.com/groups?dq=&num···&start=0 and browse the group for your own pleasure.

»groups.google.com/groups?dq=&hl=···.net-abu se.email

»groups.google.com/groups?dq=&hl=···.net-abu se.email

»groups.google.com/groups?dq=&hl=···.net-abu se.email

»groups.google.com/groups?dq=&hl=···.net-abu se.email

»groups.google.com/groups?dq=&hl=···use.emai l%26c2coff%3D1%26safe%3Doff%26start%3D25

»groups.google.com/groups?dq=&hl=···use.emai l%26c2coff%3D1%26safe%3Doff%26start%3D25

They seem proud of this one. "Subject: Another /. SPEWS shitstorm. NAC.Net expansion hits DSLR/BBR"
»groups.google.com/groups?dq=&hl=···use.emai l%26c2coff%3D1%26safe%3Doff%26start%3D25
--
Once a Geek always a Geek

Re: Why not to use SPEWS

Fri, 23 Jan 2004 09:42:04 EDT

B :
Wow! How did the antispammers miss this? Nice work, N7HJ.

The thought plickens.

-- B

Re: Why not to use SPEWS

Fri, 23 Jan 2004 09:30:52 EDT

W7PSK : Just as a curiosity, has anyone taken a gander at the whois registered address of NAC.net and the address of pwebtech.com.

Tell me there isnt somthing really wrong there.

I think NAC is hiding something.

OOOPS, I just checked it, seems that PWEBTECH WHOIS was updated yesterday. They did have the same Mailing address as NAC.NET. Now its changed as of yesterday, after it was posted. Looks like NAC was watching and switched it.

But I believe PWEB and NAC are one in the same. Why because if you do a Look up of thier contact phone. 973-267-4707

You Get

Pegasus Web Technologies
1719 State Route 10
PARSIPPANY, NJ 07054

Now Look up NAC.NET

Net Access Corporation
1719 Route 10 East
Suite 111
Parsippany, NJ 07054
US

WELLL NOW isnt that interesting.

The worlds biggest spamming HOSTER PWEBTECH, whom NAC says is a downstream and they will look into is appears to be the SAME COMPANY.

Now, Talk among yourselves. But I would ask the person who is gonna interview the CEO to umm, take a look at all this info and inquire a bit deeper.

Dont forget, WHOIS for PWEBTECH was changed Yesterday after this info was released. But the phone numbers MATCH the same address.

Somthing is fishy.
--
Rick Scott Everett, Washington

Re: Why not to use SPEWS

Fri, 23 Jan 2004 09:25:41 EDT

LrdVader :

said by Star Wolf:
I am not sure what he could say that is meaningful short of a mea culpa followed by seppuku.

"Get the hell off my network!" to the spammer(s) would be a good start :)

Re: Why not to use SPEWS

Fri, 23 Jan 2004 08:07:45 EDT

anon : Considering the amount of listing of his netspace, you may be waiting a long time. I am not sure what he could say that is meaningful short of a mea culpa followed by seppuku. NAC has taken a long term financial hit for this. The owners can not be happy about that (Disclaimer: I have no idea of their ownership status nor do I care to look it up)

I do hope whomever was in dialog with him over the state of things did his homework and looked at public lists other than SPEWS. Checking SPAM-L and NANAS would be good too.

Its also not just the public lists they have to worry about. Pegasus was in our private list well before SPEWS started listing NAC. I can't recall the last time something was removed from our private list.

They are indeed the root cause of all of this.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 05:29:18 EDT

catseyenu : I'm still waiting to hear the CEO of NAC.NET's reasoning behind allowing this to go on...

Re: Why not to use SPEWS

Fri, 23 Jan 2004 02:02:40 EDT

LrdVader :

said by Steve :
Actually, there is a completely legitimate use for these "cautionary" zones: tagging. If a site is listed in a "cautionary" zone, and SpamAssassin gives it an extra (say) +2 score, then it gets routed to a spambox that the user can consult at his/her leisure.

Ok, you got me there. My own account is processed by Spamassassin, so there's just no excuse for me not thinking of that. *sheepish look*

Re: Why not to use SPEWS

Fri, 23 Jan 2004 01:37:45 EDT

Steve :

said by LrdVader :
If SPEWS *really* doesn't want people blocking on level 2 listings, perhaps they shouldn't make them so conveniently available as a DNS zone, just begging to be used.

As far as I know, they don't. You have to download the text file and go to some lengths to use this data (both level 1 and level 2). If there is a DNS zone, I'd love to know about it.

quote:
Spamcop says the same thing "experimental, likely to block legitimate mail, shouldn't be used, yada yada". It reminds me of the sites that post cracks for software and then say some BS about "we don't actually condone downloading or using this stuff (but CLICK HERE TO DOWNLOAD IT!") Actions speak louder than words.

Actually, there is a completely legitimate use for these "cautionary" zones: tagging. If a site is listed in a "cautionary" zone, and SpamAssassin gives it an extra (say) +2 score, then it gets routed to a spambox that the user can consult at his/her leisure.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 01:34:07 EDT

LrdVader :

said by Steve :
The only BBR email being blocked is by amazingly aggressive ISPs that block on level 2. Even the SPEWS people say this is too aggressive for their own tastes.

If SPEWS *really* doesn't want people blocking on level 2 listings, perhaps they shouldn't make them so conveniently available as a DNS zone, just begging to be used.

Spamcop says the same thing "experimental, likely to block legitimate mail, shouldn't be used, yada yada". It reminds me of the sites that post cracks for software and then say some BS about "we don't actually condone downloading or using this stuff (but CLICK HERE TO DOWNLOAD IT!") Actions speak louder than words.

*climbs back into hole and waits for the flames to blow over*

Re: Why not to use SPEWS

Fri, 23 Jan 2004 01:30:49 EDT

NtwkGUY1 : See if your ISP has an outbound email relay server you can use. I had to do this at my corporate office. Our subnet was listed along with several class c's belonging to Level3. I just relay my outbound email using a smart host. I did ask them what if SPEWS listed their outbound email relay servers and the guy said well we can play cat and mouse for quite some time based on how many IP's we control. ;)

Re: Why not to use SPEWS

Fri, 23 Jan 2004 01:20:22 EDT

Steve :

said by Rfsjr2 :
So any idea how long things will be down until a new ISP is procured?

Nobody gets a new ISP after two days of a SPEWS level 2 listing - it's foolhardy. Even NAC.NET hasn't had enough time to absorb this new data (ok ok, so they should have paid attention before, but this was a big big stick).

The only BBR email being blocked is by amazingly aggressive ISPs that block on level 2. Even the SPEWS people say this is too aggressive for their own tastes.

It's just a list. Stay tuned.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Fri, 23 Jan 2004 01:15:23 EDT

Rfsjr2 : So any idea how long things will be down until a new ISP is procured? :hmm:

Sometimes, trust and greed collide. This is exhibit B.

Re: Why not to use SPEWS

Fri, 23 Jan 2004 00:43:28 EDT

Wheezer5 :

said by firephoto :

If the ISP can change the "spammer" to another IP is it that hard for this to be detected and this "list" updated promptly?

Not in the sense that it would be difficult for the new spammy IP address to be listed as well. The spam-loving ISP would then wall itself off, address by address.

I suspect, however, that your suggestion is that the previously polluted address would be delisted at the same time. This activity simply turns a mail admin into some sort of weird assistant for the ISP, allowing them to keep receiving the spammer's money while avoiding complaints from whatever legitimate customers they might have.

Let me take it one step further if you will: Do you not think that any reasonable admin would at some point adopt a "three strikes" policy? For example, if on Monday one had to block 209.123.249.139 and on Wednesday the spammer was moved to 209.123.249.150 and on Friday they were moved back, etc., wouldn't the average person just drop both IPs and be done with it? If you would concede this for two addresses, think about it with three, four, 254, and so on.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 23:59:12 EDT

Rhobite : Catbert- first post, and you rule.

I will quote Jay Stuler from NANAE:

»groups.google.com/groups?selm=bu···tate.edu

"Hooking up with NAC and complaining that you are blocked is like plugging your hairdryer into a watermelon and complaining that it doesn't work. NAC is not a legitimate company."

Re: Why not to use SPEWS

Thu, 22 Jan 2004 23:52:05 EDT

catbert66 :

said by Karl Bode :

As a singular user or an admin that impacts a couple hundred or a thousand people, no. If you are aware that legions of people use your recommendations and you're aware of how your decision impacts the community, I'd say yes.

SPEWS said -- specifically in the case of BBR -- that there was spam emanating from elsewhere in the nac.net's space and the IP address should be watched for further suspicious activity. If you read the evidence file on pwebtech (spattered throughout nac.net space), it should be clear that nac.net is turning a blind eye to their activities. Someone configured their MTA to block on the "watch" listing. IMO, that's not too bright, but that falls under a different category of problems.

I still don't understand why you're not more torqued at nac.net, which is the source of the problem in the first place. If they didn't show a systematic pattern of ignoring abuse complaints and harboring spammers and spam supporters, none of their addresses would have gotten onto SPEWS in the first place. (No one just "appears" on SPEWS with that much space listed.) Saying BBR is just a nac.net customer doesn't cut it; your monthly fees subsidize their ability to host spammers, which will eventually degrade your service further if NAC continues to ignore abuse complaints. That doesn't sound like an acceptable situation to me.

The tactics SPEWS uses either are or aren't effective, depending on who you ask. A lot of people say it's not widely used, it's too extreme, it's too coercive, no "big sites" use it. On the other hand, there are a number of ISPs posting in NANAE and NANAB now, cross-referencing SPEWS listings and noting that they've removed the spammers in question. That's something that rarely happened before.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 23:02:03 EDT

schnuggles : Otto - read the WHOLE post - that entire arguement was in reference to the 1st amendment arguement put forth by SPAMMERS, not SPEWS.

Let me say this one more time for the slower folk amongst us: IN GENERAL I SUPPORT RBL'S....geez...
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Thu, 22 Jan 2004 22:43:34 EDT

catbert66 :

said by firephoto :

I spent many hours the other day reading various posts on NANAE and I came to the conclusion that if you post there asking why you were, or to be removed from any block list that the first or second response would be a "get a new isp" or "you need to suffer for months and learn your lesson". Pretty poor attitude over there and rampant flaming if you don't agree with with block lists.

The discussion has been done to death, many times before. It's beyond beating a dead horse; it's like beating the greasy spot on the pavement where the dead horse was a year ago. Most of the discussion re: SPEWS comes from people who couldn't be troubled to read the SPEWS FAQ, which is prominently posted on their web site. Why are you listed? How do you get out? What can I do? All covered. Many of the NANAE-ites are a little testy when someone comes barging in, says "I never send spam! Why am I listed in SPEWS?" and immediately wants out of a SPEWS listing that's in place because their provider has been dirty for months.

quote:
If the US postal service did the equivalent to what SPEWS is doing the heads would roll.

You're paying the Postal Service for end-to-end delivery of your messages through facilities they control. How much are you paying AOL/Earthlink/whoever to deliver your message on their end? The answer, I'll bet, is zero if you're not a direct customer of that ISP. (I'd also wager that your ISP/NSP isn't paying them, either.)

Packets flow on the Internet at the discretion of the administrators of all the networks between the source and the destination, and the admins of those networks may choose at any time to revoke your privilege to access any or all of their services. Without some sort of SLA to the contrary, all you have is an IP address and access to your ISP's resources. The often-stated maxim is, "my network/server, my rules."

If you're blocked by any DNSBL, you have a number of choices (listed in approximate order of difficulty, high to low):

•Fix the root cause of the problem;
•change providers to one that isn't listed;
•get the recipient servers to stop using the DNSBL;
•request removal from the DNSBL, if possible (may also require fixing the root cause of the original listing);
•get the recipient servers to whitelist you;
•do outbound smarthosting through an NSP that isn't listed;
•learn to cope with reduced connectivity;
•Rant into the void.

It doesn't surprise me that very few people ever get beyond the bottom step.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 20:36:06 EDT

Steve :

said by firephoto :
I spent many hours the other day reading various posts on NANAE and I came to the conclusion that if you post there asking why you were, or to be removed from any block list that the first or second response would be a "get a new isp" or "you need to suffer for months and learn your lesson".

You forgot "GFY" :)

The rules for SPEWS are clear: only ISPs are listed, so only ISPs can request removal. They may be assholes, but the rules are very clear in the FAQ on this.

And it takes only about 15 seconds of reading those groups to realize that it doesn't work this way, so those who post anyway are really asking for "RTFFAQ".

quote:
Pretty poor attitude over there and rampant flaming if you don't agree with with block lists.

There is no doubt that that list is a cesspool of penis-challenged boys, and it's an embarrassment to "professional spam fighting".

quote:
It's my email address, shouldn't I be the one who decides what email I get and what email I don't want?

I think you have it backwards.

Your email address, your server, your rules: nobody is forcing you to subscribe to SPEWS, so your inbound mail is not being touched (unless your ISP uses SPEWS, in which case you need to take it up with them). Likewise, nobody is blocking inbound mail to BBR because of SPEWS.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Thu, 22 Jan 2004 20:05:40 EDT

firephoto :

said by Rhobite :

Their IP address? 209.123.249.139. SINCE NOVEMBER 13th. Two months selling "opt-in services" to would-be spammers. Two months hosted on the same class B as BBR.

I'm a 99.9% read only guy here, but this was one thing I was wondering about. If this "spammer" was on this one IP address "SINCE NOVEMBER 13th" then what was wrong with just blocking this one IP address along with the other IP's that are "known" spammers on NAC.net? Doesn't adding these spammer IP's to the "100% block these IPs because they do spam" list solve the problem without holding the neighborhood hostage? If the ISP can change the "spammer" to another IP is it that hard for this to be detected and this "list" updated promptly?

I spent many hours the other day reading various posts on NANAE and I came to the conclusion that if you post there asking why you were, or to be removed from any block list that the first or second response would be a "get a new isp" or "you need to suffer for months and learn your lesson". Pretty poor attitude over there and rampant flaming if you don't agree with with block lists.

It's my email address, shouldn't I be the one who decides what email I get and what email I don't want? If the US postal service did the equivalent to what SPEWS is doing the heads would roll.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 19:12:52 EDT

Rhobite : I think everyone here needs to step back and look at an example of NAC's incompetence.

NAC.net hosts spamhaus pacific-marketing: »spamsites.org/isp/NAC_NET.html

Check out pacific-marketing's faq page: »www.pacific-marketing.net/faq.aspx from the page: "Our extensive opt-in email list quantity changes from day to day. To find out the exact amount, please contact our sales department."

Pacific-marketing.net has been hosted on NAC.NET since November 13th, according to the SBL listing: »www.spamhaus.org/sbl/sbl.lasso?q···SBL12078

Their IP address? 209.123.249.139. SINCE NOVEMBER 13th. Two months selling "opt-in services" to would-be spammers. Two months hosted on the same class B as BBR.

From the SPEWS listing: »spews.org/html/S2814.html "Hey DSLR/BBR - maybe you guys can help clean up NAC? No one else has been able to."

Perhaps people here should realize that SPEWS doesn't hate you, they are hoping that you'll pressure NAC to deal with their spam.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 19:06:15 EDT

catbert66 :

said by Jason Levine :
My site (PCQandA.com) was listed as well. We seem to be off the list now though. How we got removed, I can't tell you. Just lucky I guess.

Lucky, nothing. You were listed (and delisted) because of Rackspace. Apparently Rackspace got rid of the spammer that was causing your IP to be listed. When Rackspace got responsive and the spammer got dropped, the listing was removed. This is covered in the SPEWS FAQ, and discussed to death in NANAE.

This is much like BBR's situation with nac.net. All the chest-beating in the world won't change the fact that nac.net continues to take spammer cash to the detriment of its legitimate customers. pwebtech -- a notorious spamhaus -- has gotten the equivalent of over 70 Class C netblocks from nac.net into SPEWS Level 1, and they're still connected. That should be Clue #1 about nac.net's policies. If nac.net continues to ignore the abuse that emanates from its network, the listing will likely expand. If they dispose of their spammers, the listing will disappear. I expect a visit from the Porcine Aviation Squadron before that happens.

As it is, BBR is in a Level 2 (watch) listing, which no reasonable admin should be using for blocking anyway. Why not gripe about the bonehead who's using a DNSBL that's way too aggressive -- and not recommended for blocking -- instead? Some people use bl.spamcop.net for blocking, and often the result is the same: angry whining and finger-pointing, because it's too aggressive for almost all purposes except for tagging and scoring. But pointing out one mail admin's blunder/idiocy doesn't give you a forum to grind your axe, of course...

I think I'll ask blackholes.us to create a "nac.blackholes.us" zone, just so BBR will always be on an IP-based DNSBL that could be used for blocking if someone felt like it. That way, the persecution complex can go on forever. :D

Re: Why not to use SPEWS

Thu, 22 Jan 2004 18:18:42 EDT

Karl Bode :

quote:
But is it "coercion" if I, as an owner of a mailserver, refuse to accept mail from nac.net until they get their act together? Is it "coercion" if I use the "Ignore" or "Block User" features of my instant messenger accounts?

As a singular user or an admin that impacts a couple hundred or a thousand people, no. If you are aware that legions of people use your recommendations and you're aware of how your decision impacts the community, I'd say yes. The theorectical admin you speak of isn't trying to force individuals into becoming activists, is he?

Re: Why not to use SPEWS

Thu, 22 Jan 2004 18:00:55 EDT

Steve :

said by philovirus :
Spews coerces and/or intimidates legitimate (isp's/webhosts) into cleaning up a problem.

It's pretty clear that SPEWS is a "big club" to get people to clean their acts up, and I think their juvenile, GFY tactics turn off a lot of people who might otherwise share their goals.

But is it "coercion" if I, as an owner of a mailserver, refuse to accept mail from nac.net until they get their act together? Is it "coercion" if I use the "Ignore" or "Block User" features of my instant messenger accounts?

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Thu, 22 Jan 2004 17:57:25 EDT

philovirus : Ok so you just said the entire internet is dissatisfied with NAC.net? Oh no I'm part of the "INTERNET COMMUNITY" and yet I disagree with Spews.

As to not being extortion:
ex·tort: Pronunciation Key (k-stôrt)
tr.v. ex·tort·ed, ex·tort·ing, ex·torts
To obtain from another by coercion or intimidation.

Spews coerces and/or intimidates legitimate (isp's/webhosts) into cleaning up a problem. Failure for these legitimate businesses to do what Spews says results in loss of legitimate email.

I am all for getting rid of spam however going with a solution that results in collateral damage in an environment that relies on "trust" does not build trust.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 17:43:31 EDT

TamaraB :

said by AmeritecTech :
SPEWS is dissatisfied with NAC.net

Not totally accurate (a pertial truth)! The INTERNET COMMUNITY (Spews included) is dissatisfied with NAC.net. If that were not the case, SPEWS' opinion would be totally irrelevent.

That was the point I was attempting to make.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Thu, 22 Jan 2004 17:30:12 EDT

AmeritecTech : When he refers to legitimate companies, I surmise that he is talking about the ones that get blacklisted. In this case, that would be DSL Reports. SPEWS is dissatisfied with NAC.net, so they use their popularity to make DSL Reports implore NAC.net to clean up. They say as much on the BL entry right now.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Thu, 22 Jan 2004 17:25:33 EDT

TamaraB :

said by AmeritecTech :

said by TamaraB :

said by philovirus :
Spews is nothing more than a hitlist to extort legitimate companies into doing the work they (spews) want done.

If it were ONLY SPEWS "wanting it done", the "hitlist" as you call it would be worthless.

This appears to be a misrepresentation of what he said. I don't see why you think he said SPEWS is going it alone.

I was refering to the statement "spews is nothing more than a hitlist to extort legitimate companies into doing the work they (spews) want done."

Sorry, I did not mean to misrepresent anyone, perhaps you misunderstood, or I was unclear.

All I said, was it's not only spews that want it done... it's a good portion of the internet that want it done; otherwise SPEWS is irrelevent. The "it" refers to "extort legitimate companies into doing the work they (spews) want done."

I would take issue with the term "extort" however, and replace it with the word "urge" or "exhort".

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Thu, 22 Jan 2004 16:59:04 EDT

AmeritecTech :

said by TamaraB :

said by philovirus :
Spews is nothing more than a hitlist to extort legitimate companies into doing the work they (spews) want done.

If it were ONLY SPEWS "wanting it done", the "hitlist" as you call it would be worthless.

This appears to be a misrepresentation of what he said. I don't see why you think he said SPEWS is going it alone.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Thu, 22 Jan 2004 16:55:42 EDT

TamaraB :

said by philovirus :
Spews is nothing more than a hitlist to extort legitimate companies into doing the work they (spews) want done.

If it were ONLY SPEWS "wanting it done", the "hitlist" as you call it would be worthless.

Aparantly, a significant number of ISP's think the same as SPEWS does, and agree with their philosophy. Otherwise, SPEWS could just be ignored. It's NOT just SPEWS, it a large part of the internet community, which has been so abused by spammers, that they are willing to take on the SPEWS philosopyy, which WORKS, where NOTHING else has.

This is more an indictment of the apathethetic internet community, than it is of SPEWS. It's a damn shame that this is the only current effective way to fight against the spammer.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Thu, 22 Jan 2004 16:27:27 EDT

philovirus : Thanks for bringing up Godwin's law, obviously you haven't read the definition in awhile. I'm not talking about Hitler I'm just talking about a final solution.
Seig Heil is defined as "Hail to Victory" (check your German). It does not mean the same as "Heil Hitler" although you seem to imply it does.
The context I used it in does bring forth a comparison to genocide but then again SPEWS seems to be quite happy "providing information about evil spammers, even at the cost of hurting legitimate anti-spammers". Technically the project Nuremburg people do the same thing by telling people that are anti-abortion who the various doctors are. You're right in stating neither party actively encourages users/readers to do anything about it, yet they both obviously intend for the actions to take place.

Spews is nothing more than a hitlist to extort legitimate companies into doing the work they (spews) want done.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 15:45:22 EDT

AmeritecTech : Yes, Godwin was invoked on Page 3 as well.

»Why not to use SPEWS

Re: Why not to use SPEWS

Thu, 22 Jan 2004 15:29:57 EDT

anon :

Seig heil.

Ladies and gentlemen, we have a Godwin.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 15:20:40 EDT

anon : There was a superb post earlier taken from a Usenet post about how the unlying assumption of the net is TRUST. I suggest you re read it. Some admins choose to trust some lists to identify which IPs can not be trusted.

SPEWS usage was very slow to grow due to the secrecy made necessary by the amoral land sharks. This secrecy made many unsure to trust them. However, over time they are winning the trust (there is that T word again) of more and more admins to ahere to their internal rules (they are perceived as having integrity). That does not mean universal usage though. I trust SPEWS to be consistent, and for now they are a good choice for my network. If they change, my judgement may change.

I couch my support of blacklisting in terms of laws, contracts, and relationships since a trust or morality based approach, while valid, gets way too emotional. I do belive in the concept of the online commons, which spam and its supporters like NAC pollute. However, a private property/contracts based defense is just as valid and much easier to make. However, it all comes down to trust.

SPEWS and other blacklist are used because they are trusted and determined by the admins to be the right one for thier networks. Until something better comes along, they are the most effective tools. Wishing otherwise in unproductive, but makes for good flame

Re: Why not to use SPEWS

Thu, 22 Jan 2004 14:56:39 EDT

anon :

------------
Who has exercised lack of due diligence? Someone else (NAC.net). Who has the problem? "Me" (DSL Reports).
------------

To me there is a clear lack of due diligence here on the part of DSLR.
- As active spam fighters, surely they knew about SPEWS
- As active spam fighters, surely they knew about the issues at NAC

The increased listing of NAC netblocks was easy to see coming. DSLR had ample opportunity to mitigate any potential harm to themselves.

Yes I understand what a hassle changing hosts can be, but as I have said in others posts, we did just that to head off trouble when our previous provider was clearly going to meltdown.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 14:01:47 EDT

philovirus : Actually they didn't use a ddos attack, unless somehow you consider posting on a usegroup to be an attack. The newsgroups were posted on and then SA was hit by multiple attacks attempting various hacks on the server. (net stats at the time of the attack increased from a ping of 65ms to approximately 1500ms for most of the day).

As for "innocent newsgroups" obviously if that is the only way to contact the "brotherhood of good" or whatever juanty nickname you want to give the honorable and noble spews admins (I'd personally go for woefully musguided) then that is where the contacts will take place.

Anytime you create a siutuation where spam victims and anti-spammers get hurt more than spammers (you are aware that spews for all it's intentions isn't really doing all that much against spam yes)? With well over a billion ip addresses spammers are used to moving to new hosting whereas your average webhost isn't at all used to it?
I'm a webhost as well as a network admin supporting over 2500 clients and much like I don't support certain software I can't in good conscience support Spews.

As for the "admin" who blocked SA due to behavior of it's members, I'd heartily suggest you find the IP addresses and block them since you're holding a website accountable for the behavior of it's members. The thread in the forums that notified us all of SPEWS unwillingness to remove the SA ip also said to post removal requests in the newsgroup.
If you arbitrarily decided to block access to a website due to you not liking it I hope to god you don't vote. If you don't like something avoid it but don't make that decision for others.

Now that I think of it, since it's just one company that leases ip addresses for the most part, SPEWS should block all of their traffic in an attempt to force them to stop doing business with these spam friendly hosting companies. Granted it would temporarily end any sort of usage of the internet until it was fixed by them and spam was removed but obviously using all of the pro-spews arguements it's the only true solution! Seig heil.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 13:13:43 EDT

AmeritecTech :

said by Star Wolf:
Someone else's lack of due diligence should not be a problem for me.

It is quite remarkable that you use this statement to argue a completely opposite point. Who has exercised lack of due diligence? Someone else (NAC.net). Who has the problem? "Me" (DSL Reports).
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Thu, 22 Jan 2004 13:08:46 EDT

Jason Levine :

said by Steve :
SPEWS is not trying to "call BBR a spammer". They are trying to get BBR (and other NAC customers) pissed off enough to do something about what is seen as NAC being overly friendly with spammers after other approaches have apparently failed.

I don't think SPEWS is calling BBR a spammer. But I don't really see their actions pushing businesses to devote resources to fight spam. Let's forget about BBR for a moment (since it's already involved in the anti-spam battle) and suppose that there's a small business on the same address block (and thus also blacklisted by SPEWS).

Now this hypothetical business doesn't resort to spam, but they also aren't very involved in the anti-spam movement. Like many places, they feel resigned to hitting the delete key many times a day.

All of a sudden they realize that valid e-mails they have been sending to business contacts are being dropped. They investigate and find out that an anti-spam blacklist named SPEWS is blacklisting them. (They might even think SPEWS is "listing them as a spammer" as they might not immediately understand SPEWS' philosophy of collateral damage.)

Of course, they want to be removed from the list. What can they do? Moving ISPs is too costly and would be too disruptive to their business. It might even wind up bankrupting them. They can complain to their ISP, but their ISP is just likely to tell them to contact the ISPs using the SPEWS list or perhaps to SPEWS itself (which is next to impossible).

Meanwhile, their business will still be hindered. They will blame SPEWS and, by extension, the entire anti-spam movement. The end result would be that this company, which was unlikely to join the anti-spam fight before due to lack of resources, is even more turned off by the anti-spam movement.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/

Re: Why not to use SPEWS

Thu, 22 Jan 2004 13:03:28 EDT

jseymour8 :

said by Karl Bode :

My qualm isn't with how admins choose to manage their networks. My problem is with the fundamental concept of manipulating third parties into being activists.

Fair enough. I guess we're arguing different arguments, then.

Personally, I don't care what objectives are ascribed to SPEWS, or
any other blocklist. All I care about is stopping the network
abuse. If that's accomplished by an ISP becoming a responsible
Internet neighbor, so much the better. But in the end, the only
thing that matters is that the abuse be stopped at least before it
enters my network. If that means that none of an anti-social ISP's
traffic enters my networks, regardless of whom their particular
customer may be, so be it. I regard that as their problem,
not mine.

(Btw: I don't currently use SPEWS. But that may soon change.)

Re: Why not to use SPEWS

Thu, 22 Jan 2004 12:38:55 EDT

Karl Bode : Listen. I support the idea that ISP's should be held responsible. I don't support spammers. I don't oppose blacklists. I'm talking to the president of NAC.net so I can post an interview to the front page and get these questions answered. If they do host spammers, I certainly don't support that. I'd like to hear what they've done to combat it, personally.

My qualm isn't with how admins choose to manage their networks. My problem is with the fundamental concept of manipulating third parties into being activists.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 12:31:05 EDT

jseymour8 :

said by Karl Bode :

I need to be someone to have an opinion on how their tactics impact third parties? Who are you to suggest I can't?

*Ahem* I didn't say you hadn't a right to express an opinion. What
I'm challenging is the assertion you make, in expressing those
opinions, that somehow network admins don't have the right to choose
how to operate their own networks.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 12:11:22 EDT

Karl Bode :

quote:
Karl: Who the hell
are you to tell them how they must operate their
networks?

I need to be someone to have an opinion on how their tactics impact third parties? Who are you to suggest I can't? This is a DISCUSSION forum. We aren't conducting surgery. I'm not wielding a scalpel or giving kids poison apples. I don't need a CS degree or twenty years of spam-fighting experience to recognize I dislike their tactics.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 12:07:07 EDT

TamaraB :

said by Karl Bode :

quote:
Don't confuse the message, and the reality with a particular messenger...
Statements like that reek of zealotry. We are not speaking about the word of GOD........

I support the underlying motivation, but not the methodology.

You are right, not god's word. We are talking about an existing reality, that nac.net ip space is in the process of being boycotted by a significant portion of the internet's mail-transport system.

In my opinion, and in my experience, this would be happening with or withoud SPEWS involvment. It would be happening because of nac.net's unacceptable behavior.

I understand and respect your objection to the methodology used by SPEWS, I personally have no problem with it.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Thu, 22 Jan 2004 12:05:49 EDT

jseymour8 : Karl wrote (in part):
We are talking about the OPINIONS of a group of semi-anonymous unelected individuals who hold power over certain internet communication functions.

Yes, these "unelected individuals who hold power" are
otherwise known as systems, network and mail admins.
They are the ones that choose to consult SPEWS
data as part of their network policies. Presumably
they either own the network equipment or have been
appointed by its owners to make such decisions.

Now, I ask this in all seriousness, Karl: Who the hell
are you to tell them how they must operate their
networks?

Re: Why not to use SPEWS

Thu, 22 Jan 2004 11:29:56 EDT

Karl Bode :

quote:
Don't confuse the message, and the reality with a particular messenger...

Statements like that reek of zealotry. We are not speaking about the word of GOD.

We are talking about the OPINIONS (some of which I agree with) of a group of semi-anonymous unelected individuals who hold power over certain internet communication functions (whether that's direct power is irrelevant - it exists). Those individuals use that power to employ a form of extortion to prod others into supporting their cause (just or otherwise).

There's this pervasive sentiment throughout this entire discussion (and the news.admin.net-abuse.email group) that as long as spammers are stopped there is no legit reason to question (or even discuss) the methodology of SPEWS, or the collateral damage issue.

I find that not only slightly delusional, but creepy.

I support the underlying motivation, but not the methodology.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 11:10:07 EDT

TamaraB :

said by Karl Bode :
How can a group who operates in secrecy and induces activism via a form of extortion....whose supporters spew condescending vitriol from the comfort of a newsgroup, preach about morality or offer legitimate leadership?

You may not like the messenger, but the "message" is clear. Nac.net harbor spammers, they ignore complaints, they forward complaints directly to the spammers, they are bad net-citizens, they deserve to be boycotted. Thousands of systems currently boycott them with or without SPEWS asking them to do so.

Don't confuse the message, and the reality with a particular messenger...

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Thu, 22 Jan 2004 10:51:09 EDT

jseymour8 : philovirus wrote (in part):
I sat and watched the entire somethingawful.com situation unfold and also watched as spews supporters started a ddos attack against the somethingawful servers.

Oh really? And you know this exactly how? Because the
SomethingAwful crowd said so? There was proof of this?
Evidence of some kind? I never saw any.

But what I did see evidence of was SA people actively
promoting abuse of two Usenet newsgroups. Newsgroups
that are not part of SPEWS. Newsgroups that, while they
do have a lot of SPEWS supporters in them, are also used
by many that either don't care about SPEWS or down-right
dislike it.

You may not agree with how SPEWS operates. I don't agree
with certain aspects of its operation. (Otherwise I'd be
using it.) But encouraging network abuse is certainly
not the right way to go about expressing ones disagreement.

(For that little stunt, btw, somethingawful.com got its
domain blacklisted on all the networks I admin. For all
traffic--not just email. It'll stay there forever. I'm
not the only network admin. that took that action.)

Re: Why not to use SPEWS

Thu, 22 Jan 2004 10:21:51 EDT

Karl Bode :

quote:
You are free to choose either road, both are "legal", in my opinion, only one is "correct". In the end it's a moral choice, it's a choice between taking responsibility for the health of your community, or not.

How can a group who operates in secrecy and induces activism via a form of extortion....whose supporters spew condescending vitriol from the comfort of a newsgroup, preach about morality or offer legitimate leadership? Sorry, some of your points are valid, but this constant insistence that SPEWS are crusaders of light causes a gagging sensation.....

They apply the same flawed logic that terrorists employ; that their collateral damage will induce activism and change through fear. This is the goal, despite claims of "well shucks, pah, folks ain't gotta use that there list". What you really wind up with is hulks of bombed out buildings and some rather unhappy bystanders.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 10:11:53 EDT

jseymour8 : poiwv wrote (in part):
One of the surest signs I have ever seen that someone is actually rather closely involved in SPEWS is this stupid little line...

"I am not SPEWS"...

Balderdash.

This is what comes of having a little bit of knowledge
about something. The reason that disclaimer is often
attached to posts to NANAE and NANABl is because many of
the new posters to those newsgroups quite honestly do not
understand that those newsgroups are not Official
Communications Channels for SPEWS (or any other blocklist,
actually), and that respondants are not part of SPEWS.

Please, if you don't know what you're talking about, don't
spread misinformation. There's enough of that about as
it is.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 10:10:24 EDT

GlobalMind :

said by TamaraB :
In the end it's a moral choice, it's a choice between taking responsibility for the health of your community, or not. . . . frankly there is this moral argument here which can not be escaped, nor swept aside.

Uprooting your business from one ISP to move to another, switching food stores are two very different things. I don't appreciate or believe that your comparison here has any merit.

My point was and is that effectively the only solution many SPEWS supporters can offer is "switch ISPs," and they also continue by trying to state that if you don't you are just as bad as they are.

From the moral perspective it isn't any different than any other issue. If I don't believe precisely what you believe is correct, then I am immoral and wrong.

You may as do many of us long for the early days of community online, a solid 14 years ago, when we could send mail and have no thought of spammers. This is why I suspect that you make this comparison. They have ruined YOUR internet and abuse YOUR bandwidth.

To that, I agree with the bandwidth issue, since we do pay for that, I see nothing wrong with going after spammers on that premise. However, I think that those who wish to take action also must accept the burden of responsibility. This is something SPEWS and others simply shrug off.

I will also forward this thought to you. We see many many times here BBR members who lambaste the RIAA/MPAA for their vigilante tactics in going after "pirates" online. Here, members support the ISPs. Why? After all, aren't they harboring "pirates" on their networks? Simple. This is an issue where many members support file swapping...so the ISP who refuses to turn over sub info is their hero.

Now, since spam is the enemy, any ISP who doesn't act the way SPEWS and many others here want them to...the ISP is the enemy as well. So, the moral argument about "do the right thing" is applied selectively -- and I don't support that.

K.
--
TheGlobalMind.com �
"On a clear disk you can seek forever"

Re: Why not to use SPEWS

Thu, 22 Jan 2004 09:56:23 EDT

TamaraB :

said by lord_nightrose:
Oh no! God forbid a company should make money!

I usually don't feed the spammer trolls... but I will throw you this crumb:

Crack dealers, child pornographers, and purveyors of bogus penis enlargment scams "make money". Making money is not all there is to life (unless you are a spammer), and there are legitimate ways of making money without harming others!

Captain Bob
--
Motor Vessel - Tamara B. -
43' Long-Range Trawler
Cape Elizebeth ME.
»www.tamara-b.org

Re: Why not to use SPEWS

Thu, 22 Jan 2004 09:43:01 EDT

anon :

said by "TamaraB":

BBR does NOT support hackers, porners, and spammers by providing them space to operate on this Board! By contrast, NAC provides ip-space to the same, and they make money off of them. Does BBR make money from illegal and immoral users? No!

Oh no! God forbid a company should make money!

Re: Why not to use SPEWS

Thu, 22 Jan 2004 09:29:08 EDT

TamaraB :

said by GlobalMind :
Sorry if this is a tad rough...but frankly there is this moral argument too many folks are spouting off here which in my view absolutely does not hold water. Just because your ISP happens to have spammers on it's network does not mean you personally or your org support the activity.

This boils down to personal choice, and to the extent one wants or can stand on their principles. Let's look at it from a different perspective; one devoid of Internet and technology:

Let's say that a certain food chain, doing poorly financially, decides to suplement their revenue stream by supporting Child Pornography; thereby offering food at a substantially lower price. Let's say you have been shopping there for years, and it's the most convienient food establishment for you.

Let's further assume that the neighborhood calls for a boycott of the store.

What would you do? What would you counsel your neighbors to do?

From what you have said, your attitude is "I don't buy the porn, I do not support the stuff, I just want the food, it's cheap, good, and fresh.If I continue to buy food there, it's no reflection on me whatsoever.... I don't believe in guilt by association. I don't care what else these people do, I just want food."

Others (like myself) would say "I will not patronize an establishment which is doing harm and destroying my community; until they stop selling Porn, I will buy my food elsewhere, even if it is more expensive, not as fresh, and the store is further away."

You are free to choose either road, both are "legal", in my opinion, only one is "correct". In the end it's a moral choice, it's a choice between taking responsibility for the health of your community, or not.

Sorry if this is a tad rough...but frankly there is this moral argument here which can not be escaped, nor swept aside.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Thu, 22 Jan 2004 08:47:11 EDT

anon :

-----------------
You get a host based on prices/speeds and other issues, rarely do you even CARE about whether spammers inhabit it's halls)
-----------------

Someone else's lack of due diligence should not be a problem for me. If you buy on price alone (everything, not just hosting), you are asking for trouble. Even the Feds have figured out that best value is the right approach. A provider without blacklist issues and resident spammers is clearly a better value.

We do regular checks on our provider and have switched once when they would not correct issues. Our contract has a clause that allows us to bail without penalty if blacklisting start to impact our connectivity. A resturant depends on the qaulity of thier suppliers and checks on it frequently. It should not be different for business with a net presence.

All that said, I freely whitelist when it is needed.

-----------------
It's inevitable that all ISP's are going to have at least ONE bad guy in the lot.
----------------

Its not the occasional bad guys, its how the provider deals with them. NAC got listed because it continues to allow well known high profile spammers to operate. If they squashed spammers on sight, there would be no listings.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 08:35:31 EDT

GlobalMind :

said by TamaraB :
As far as being "anti-spam" is concerned, you are correct, BBR is anti-spam. The question is will it remain anti-spam when and if push comes to shove (if NAC refuses to deal with their spammers, and the listing goes to level [1])?

Will BBR continue to financially support a spam operation, or will they move on and financially support an ISP which does not support and harbor spammers? Will BBR vote anti-spam with their checkbook or not?

You honestly think BBR will suddenly start supporting spam? Or wait, you mean if they don't switch providers....oh yea, the guilty by association thing.

Let me ask you, were those who bought power from ENRON corrupt as well? After all, they did support them financially.

Sorry if this is a tad rough...but frankly there is this moral argument too many folks are spouting off here which in my view absolutely does not hold water. Just because your ISP happens to have spammers on it's network does not mean you personally or your org support the activity.

Yes BBR could step away and go with another ISP. However, them not doing so in no way constitutes some sort of support for spammers. It is also a heck of a lot easier said then done in most cases.

K.
--
TheGlobalMind.com �
"On a clear disk you can seek forever"

Re: Why not to use SPEWS

Thu, 22 Jan 2004 08:27:17 EDT

Otto7 :

said by WolfJaguar :
You get a host based on prices/speeds and other issues, rarely do you even CARE about whether spammers inhabit it's halls.

Then maybe you should, ya think?

Re: Why not to use SPEWS

Thu, 22 Jan 2004 08:23:40 EDT

anon : I suggest you reconsider things from an admins perspective...

------------
Spews is a terrible source for a blacklist.
------------

Actually it is a pretty good one. They follow their FAQ tightly. When errors are pointed out they get fixed quickly. Not so with many other ones, especially private ones, even those of major ISPs (been there, done that)

------------
Lack of content (as stated earlier)
------------

I disagree, the content is adequate for purpose. Also SPEWS has to be careful not to post too much or it will compromise their identity (god bless the lawyers). They post enough to show the source of the problem so it can get rectified. It also shows the history of the block (expansions and such).

------------
lack of accountability (as stated earlier)
------------

Accountable to whom? Their users (mail admins) choose to use SPEWS and others. If they think a list is not the right one for them, they drop it. Like any supplier, they are accountable only to their users, as I am to mine.

Some have argued that the rising volume of complaints indicates that SPEWS use is growing. My view is that the amount of SPEWS use is indeterminate since it is not possible to know who is using SPEWS and how many email addresses that represents. However, clearly the use of blacklists as a whole is growing. For every business with a significant net presence it seems to be not if they will use public blacklists, but which ones.

------------
I sat and watched the entire somethingawful.com situation unfold and also watched as spews supporters started a ddos attack against the somethingawful servers.
------------

That was a bad thing. However the attitude in amongst the professional admins is that abuse is NEVER right. Also like to point out that spammers have a history of joe jobbing others, including anti spammers. I can't recall any major spammer being DDOSed of the net though a number of anti spammers have been.

------------
Meanwhile the Spews admins stood by and did nothing.
------------

What should they have done?
- They blacklist for spamming, not DDOS.
- Who was doing it was and is unknown
- Many of the high profile antis actively called for it to stop.
There was no action that any blacklist operator could have taken.

------------
filtering spam: good.
punishing small businesses who can't afford to change servers at the drop of a hat: bad.
-----------

Effectively the argument you are making is for blocking the IPs of only the spammers. However, that has failed miserably. As I posted in other parts of this topic, blocking the ranges of ISPs who do not stop spammers from their blocks was a natural outgrowth of that failure. And yes, the just like with taxes, its not the little guy (end users) or the big guy (ISPs/Colos) who get slammed, its the middle class guys trying to run small servers. Those of us who have been at this for a while understand that, and while I wish there was an alternative, right now I don’t see one.

------------
Spews needs to quit with the extortion and actually work at making a clean list.
------------

- Its not extortion by any legal definition, its a boycott.
- Using SPEWS is voluntary, its use is not forced in any way
- The SPEWS list is clean, according to the rules they operate it by.

As I said earlier, SPEWS is clearly not a list for everybody. However, within its context, it is well run, accurate, with a quick turn around for errors.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 08:09:52 EDT

WolfJaguar : Oh my, what a hairy mess this all is. Been lurking in this thread since inception. Thought I'd voice my opinion on all of this.

SPEWS methods amounts to nothing less than blackmail in my opinion.

And that's it. What I think anyways. BBR is just about the most elite and anti-spam site I've ever seen, guilt by association is a sick and morally twisted symptom of our current society.

Get over it, some people/groups are just plain innocent of certain actions and shouldn't be associated with spam or the like simply because the ISP/Host can't/won't deal with the problem. You get a host based on prices/speeds and other issues, rarely do you even CARE about whether spammers inhabit it's halls. It's inevitable that all ISP's are going to have at least ONE bad guy in the lot.

Rant over. Flame/Arguements may continue now :)

Re: Why not to use SPEWS

Thu, 22 Jan 2004 06:55:54 EDT

Otto7 :

said by philovirus :
I sat and watched the entire somethingawful.com situation unfold and also watched as spews supporters started a ddos attack against the somethingawful servers. Meanwhile the Spews admins stood by and did nothing. The behavior of "the good guys" is fairly hard to ascertain when they're in hiding.

You got it backwards. Read your own link. Somethingawful users did a DDOS attack against NANAE. Says so right there on somethingawful.com.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 04:33:01 EDT

philovirus : For anyone interested in reading the article on Something Awful about Spews check here:
»www.somethingawful.com/articles.php?a=1605

It's quite an interesting read.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 04:21:24 EDT

philovirus : at sea, you raise many interesting arguments however earlier you yourself raised a simple point: Many people are idiots about spam filtering and so don't have proper methods in place to deal with it. I'm assuming you meant some network administrators as well yes?

Spews is a terrible source for a blacklist. Lack of content (as stated earlier), lack of accountability (as stated earlier). I sat and watched the entire somethingawful.com situation unfold and also watched as spews supporters started a ddos attack against the somethingawful servers. Meanwhile the Spews admins stood by and did nothing. The behavior of "the good guys" is fairly hard to ascertain when they're in hiding.

filtering spam: good.
punishing small businesses who can't afford to change servers at the drop of a hat: bad.

Spews needs to quit with the extortion and actually work at making a clean list.

Two wrongs don't (and never have/will) make a right.

Re: Why not to use SPEWS

Thu, 22 Jan 2004 02:23:21 EDT

TamaraB :

said by AmeritecTech :
Yes, that's all clearly true. DSL Reports users, then, have chosen to publicize the addition of DSLR IP's to the SPEWS BL in an effort to discourage admins from using SPEWS and to discourage SPEWS from widening their net so much. The latter is unlikely to have any effect, but the former may have some effect.

Let me suggest an alternative:

DSLR Users monitor the SPEWS site as well as »groups.google.com/groups?as_q=na···&num=100 and send complaints to abuse@nac.net asking them to clean up their IP Space, to become better net-citizens, and to avoid the loss of valued customers.

After all this *IS* a forum called "stopping spam", perhaps our actions here should reflect that notion? A concerted email campaign, and publicity exposing nac.net's anti-social behavior may turn a bad situation into an anti-spam victory!

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Thu, 22 Jan 2004 01:50:24 EDT

quientus : I wonder how much money it would cost Justin to move all of this. I'd say BBR would be down for at least a month.
--
"Genius may have its limitations, but stupidity is not thus handicapped." --Elbert Hubbard

Re: Why not to use SPEWS

Thu, 22 Jan 2004 00:39:22 EDT

Steve :

said by Jason Levine :
So indirectly being connected with a spammer now makes a site guilty by association? Why stop there? Why not block e-mails from all BBR users.

There is a legitimate case to be made that "sending money to a spam-friendly ISP" is a bit more than "indirectly connected", but in any case, this is not about guilt by association!

It's a perfectly honorable and principled position to say "purposely attempting for collateral damage is wrong", and many people here share it, but at least understand that's what's going on.

SPEWS is not trying to "call BBR a spammer". They are trying to get BBR (and other NAC customers) pissed off enough to do something about what is seen as NAC being overly friendly with spammers after other approaches have apparently failed.

These are not the same thing.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Thu, 22 Jan 2004 00:33:36 EDT

Jason Levine :

said by Otto7 :

The answer to your question is that if I met Alan Ralsky (well known spammer) in a bar, he'd go out with the assistance of an ambulance. I don't claim to share your high and mighty moral viewpoint. If someone injures me (and spam injures me) then I fight back using whatever means is necessary to get the job done. It's a tough ol' world out there.

And you would then be charged with assault and tossed in jail. The answer to an annoyance (even something as annoying as spam) is to physically assault someone? What next? Slashing the tires of people who play the radio too loud? Shooting people who make annoying sounds in the office? You need to have a sense of proportion in your response.

said by Otto7 :

There are no more effective methods than RBL's. Filtering doesn't stop the problem, as the bandwidth is still consumed. Blocking does stop the problem, as it prevents spam from ever entering my servers.

I've found Bayesian filters to be quite effective. But even if you were to limit yourself to blacklisting, there are more effective blacklists out there than SPEWS.

said by Otto7 :

Your valid emails to them should be blocked because you are finanically supporting an organization that is known to support spammers. I choose to block your emails because of this fact. You can either do something about it, or you can continue to be blocked for indirectly supporting spam. Consider the block on BBR to be a wake up call as to the consequences of your actions.

So indirectly being connected with a spammer now makes a site guilty by association? Why stop there? Why not block e-mails from all BBR users. After all, by visiting this site they support BBR which is "guilty of indirectly supporting spammers." And of course you'd block anyone that supports business run by BBR users for indirectly supporting people who support a site that indirectly supports spammers. Eventually, you'll wind up with a 100% effective blacklist. Of course, you might be the only one not on it.

said by Otto7 :

Collateral damage is the whole point. You have been injured because you are financially supporting an organization that will not act nicely on the network. If you stop supporting them by changing ISPs then you won't have that problem. Or you can convince them to change their ways, then the organization will be removed from the blocklist.

So the whole point of the list is to introduce businesses to the anti-spam movement by saying "Hi there, I'm going to make sure your business is negatively impacted unless you take up my fight against your ISP's support of spam or unless you change ISPs at great time and expense to you. Oh and don't bother complaining to me because I really don't care how much trouble I've caused you." That's a tactic that's sure to win over tons of businesses to the anti-spam cause.

said by Otto7 :

Either way. All bitching about it really does is cause more and more admins to manually add NAC.net to their own blocklists, making it even harder to get removed and to get your data out there.

No. Bitching about it increases the awareness that SPEWS is an ineffective blacklist that purposefully blocks valid e-mail. Responsible admins should be striving to block as much spam as possible while letting as much valid e-mail as possible through. Not block as much spam as possible and who cares about the valid e-mail.

said by Otto7 :

I am under no obligation to receive or forward your emails. I will forward them out of courtesy, until it's determined that you are part of the problem. At the moment, BBR is part of the problem by supporting NAC.net.

So if you're an ISP, you can make a decision about who should get e-mails from what senders? Regardless of whether the sender is sending a valid e-mail? What if the e-mail you block causes financial loss to your client? Would your explanation to them that the sender was "indirectly supporting spam by being on an ISP that had a spammer on it" soothe them? Somehow, I doubt it.

said by Otto7 :

Welcome to the real world. Nobody is obligated to support your business by any means whatsoever. That they do so is a privledge, not a right.

No, but if a user requested an e-mail from me, and I send it, there's an expectation that it will arrive. There's no good reason to block an e-mail that was requested by a user.

said by Otto7 :

If an ISP is using SPEWS, then they most likely know that SPEWS is all about collateral damage.

If that were true, then calling the ISP wouldn't get you whitelisted. When my site was listed on SPEWS, every ISP I contacted whitelisted me. If they agreed with the collateral damage line, why would they let me through even though I was "indirectly supporting spammers"?

said by Otto7 :

ISPs who use the SPEWS RBL know all about this. They agree with the concept, for the most part.

Again, why would those ISPs whitelist my site if it was still "indirectly supporting spammers"?
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/

Re: Why not to use SPEWS

Thu, 22 Jan 2004 00:25:47 EDT

Steve :

said by Karl Bode :
If this were a tactic being employed by the RIAA somehow, the majority of these individuals would be disgusted.....

Yes, I think that's probably true. People who commit wholesale theft from the RIAA and its members really hate being called to task.
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Thu, 22 Jan 2004 00:00:52 EDT

anon : Thanks for the compliment. I may do just that.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:54:01 EDT

Otto7 :

said by schnuggles :
Unions boycott, they do not (generally) prevent others from entering - when they do, they are arrested. In this case your "boycott" is *preventing* others who may wish to (I *want* e-mail when it comes from DSLR) recieve contact. The spammers would have you believe this is a free-speech argument, which I think is crap: you have a right to speak your mind...but you have NO right to come into my house and speak your mind.

SPEWS has not entered your house. They simply adjusted their lists. If you can't receive DSLR email, then *your* ISP is going out and checking that list on every email received. You're quite free to talk to your ISP to have them stop using SPEWS or to change ISPs to one that doesn't use SPEWS. SPEWS won't try to force you to ignore DSLRs or NACs emails. SPEWS doesn't much care what you do. They publish their list and anyone, or any ISP, is free to use it or not to use it to help block spam from entering their network.

Get this: SPEWS has no ability whatsoever to enforce anything they publish. They don't own or control any ISPs (to my knowledge). They don't block a single solitary email. They publish a list by a method which other people, like your ISP, can voluntarily use to block emails. To use the boycott metaphor, they are publishing a newsletter that says "we don't like NAC.net and here's their IP ranges..." That is the only thing SPEWS does, because that is the only thing in SPEWS power to do.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:52:17 EDT

AmeritecTech : Yes, that's all clearly true. DSL Reports users, then, have chosen to publicize the addition of DSLR IP's to the SPEWS BL in an effort to discourage admins from using SPEWS and to discourage SPEWS from widening their net so much. The latter is unlikely to have any effect, but the former may have some effect.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:47:28 EDT

anon : Again, there is important pertinent detail here that you are not recognizing...

SPEWS says they boycott these IPs. If your ISP agrees then you don't get your DSLR email. Your course of action is with your ISP, not SPEWS. SPEWS did nothing but make their list available. Your ISP is the one who did the blocking, SPEWS is in the clear.

Now lets look at your ISP who blocked the DSLR email, and in particular at the AUP/TOS your signed up to. Everyone I have looked at is chock full of good caveats about guaranteeing you nothing but net tone, and not always that. It should also have a clause that the ISP can and will block traffic to or from certain IPs at their total discretion. Your claim against your ISP just died too, since you signed up to allow blocking.

Now lets look at DSLR or similar person caught in this mess.
- They can't sue their ISP, who only sold them bandwidth and rented them the IP addresses.
- Their contract is necesseraily silent about whether or not other servers will accept traffic from the IPs they rent.
- They have no standing to sue the ISP that is blocking them since there is no contract requiring them to accept the email.
- They have no standing to sue SPEWS since they can't find them to establish jurisdiction and the posting of a boycott call is legal and protected speech even if they do.

While a lawyer could drag things out, raising all sorts of time and money consuming issues, its pretty simple... blocking is legal. There is both case law and with CAN SPAM, even Federal statutes making it so.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:18:21 EDT

Steve : We could use you around: would you consider registering and joining us regularly?

Steve

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:16:50 EDT

Otto7 :

said by Jason Levine :
Results may count, but the method that you take to get those results matters to. Would you recommend tracking down spammers and seriously injuring them? (Seriously, I mean. Beyond simple message board venting.) It would probably help stop spam if spammers knew that spamming would lead to them being injured by armies of vigilantes. But the ends doesn't justify the means and injuring people (even if they've done something we see as wrong) isn't right.

The answer to your question is that if I met Alan Ralsky (well known spammer) in a bar, he'd go out with the assistance of an ambulance. I don't claim to share your high and mighty moral viewpoint. If someone injures me (and spam injures me) then I fight back using whatever means is necessary to get the job done. It's a tough ol' world out there.

quote:
So too I don't think that blacklisting large amounts of innocent websites in the hopes that one of them will take up the fight against spam is a valid means. Especially when there are more effective methods.

There are no more effective methods than RBL's. Filtering doesn't stop the problem, as the bandwidth is still consumed. Blocking does stop the problem, as it prevents spam from ever entering my servers.

quote:
Not everyone is free. I can choose a site that's not using SPEWS, but my users might have an ISP that does. And they don't know whether their ISPs use SPEWS or not until it becomes a problem. Sometimes a user may have a limited choice due to the area they live in. Should my valid e-mails to them be blocked because the only ISPs in their area use SPEWS?

Your valid emails to them should be blocked because you are finanically supporting an organization that is known to support spammers. I choose to block your emails because of this fact. You can either do something about it, or you can continue to be blocked for indirectly supporting spam. Consider the block on BBR to be a wake up call as to the consequences of your actions.

quote:
One of my main beefs with SPEWS is removal. If you're not a spammer and you end up on their list, they act like it's not their business to remove you. Instead you need to find all of the ISPs using SPEWS and get yourself whitelisted. I'm sorry, but if you're going to maintain a blacklist, you have a responsibility to keep the list as clean as possible of any collateral damage.

Collateral damage is the whole point. You have been injured because you are financially supporting an organization that will not act nicely on the network. If you stop supporting them by changing ISPs then you won't have that problem. Or you can convince them to change their ways, then the organization will be removed from the blocklist. Either way. All bitching about it really does is cause more and more admins to manually add NAC.net to their own blocklists, making it even harder to get removed and to get your data out there.

I am under no obligation to receive or forward your emails. I will forward them out of courtesy, until it's determined that you are part of the problem. At the moment, BBR is part of the problem by supporting NAC.net.

quote:
Silly me. And here I thought that e-mail had a certain expectation of service.

Yep, that was pretty silly of you.

quote:
Many businesses rely on e-mail to survive. E-mail service should strive to be 100%, not "well if it gets delivered that's fine but I'm not making any guarantees."

Welcome to the real world. Nobody is obligated to support your business by any means whatsoever. That they do so is a privledge, not a right.

quote:
Some ISPs are attempting to deal with the spam problem by using a blacklist. They are expecting that the blacklist will be as clean as possible of collateral damage. Instead, SPEWS is purposefully adding in collateral damage to try to get more attention. Instead of convincing people to take up the anti-spam cause, they're going to make people think that anti-spam folks are just as nuts as spammers.

If an ISP is using SPEWS, then they most likely know that SPEWS is all about collateral damage. You are not the first to be impacted by the collateral damage caused by the SPEWS philosophy, nor will you be the last. You act as if people simply do not know the concept involved here. SPEWS is a voluntary list. It well states the fact that it will block entire netblocks if that is what is necessary. ISPs that use SPEWS know all about collateral damage, as it happens about once or twice a year that some ISP like NAC gets totally blocked off and suddenly gets 20-30% of their emails bounced back to them. All kinds of hell gets raised, but in the end, the ISP in question is left with the fact that they need to stop a few of their users spamming the shit out of everybody.

ISPs who use the SPEWS RBL know all about this. They agree with the concept, for the most part. Why? Because the internet is a network for networks and it only works if every network toes the line. It's the things like SPEWS that keep networks on their toes and not let situations get out of hand. An example is going to be made of NAC.net unless they fix their situation damn quick, and that's all there is to it.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:16:23 EDT

anon :

------------Absolutely correct: neither side is, or can be, certain of victory, so both have a vested interest in settling. Still, the fact that MAPS agreed not to re-list without a court order is telling, as is the fact that MSN & AOL also backed down when faced with a lawsuit by a known spammer.
------------

I am not willing to concede that AOL and MSN backed down unilaterally. Rumor was that there was an exchange of some sort made, not just a capitulation. The details are under confidentiality agreements, so we will never know.

It was also this act of legal "pragmatism" that effectively nurtured MAPS (we stopped using and supporting them shorty afterwards) and begat SPEWS.

Much of the whining about SPEWS is about their stealth nature. They have to be covert to avoid the time honored American legal tactic of suing people to break them, regardless of merit. So far no one has been successful in piercing the veil of obscuration they have created. The one post to the contrary is idiocy on its face.

The other thing that many here seem not to understand is that the Spammer IP only blocking is/was a failure. It is only the wholesale listing of an ISPs netblocks that seems to create an impetus for change (not to mention a lot of net flamage). Pissing and moaning aside, it does work, which gives it in my mind considerable intrinsic value.

As I see it, SPEWS's covert approach and broad listings were a natural evolution trigged by abuse of the legal system and ISPs who abused the net. That they are effective is clear for all to see.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:06:24 EDT

Steve :

said by schnuggles :
Unions boycott, they do not (generally) prevent others from entering - when they do, they are arrested.

Yes, this is correct.

Anybody not subscribing to SPEWS is not affected by the "advisory notice".

Oddly enough, I don't subscribe to SPEWS so - surprise! - didn't miss out on any mail from nil .

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:05:23 EDT

schnuggles :

said by LrdVader :

I strongly object to any such soft-on-spammers law!

Bwahahaha!!! That was great. :D
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:02:48 EDT

schnuggles :

said by Star Wolf:

Anybody tell that to the UFW, unions who strike, the people who refused to ride the bus in Selma, or any other organized boycott? Organized boycotts are a legal and protected activity in the US.

SPEWS is in its essence a list of IPs the people who maintain choose to boycott. They post it for others to use as they see fit. Ask your prof. Love to hear his answer considering the massive amount of case law on the topic.

Unions boycott, they do not (generally) prevent others from entering - when they do, they are arrested. In this case your "boycott" is *preventing* others who may wish to (I *want* e-mail when it comes from DSLR) recieve contact. The spammers would have you believe this is a free-speech argument, which I think is crap: you have a right to speak your mind...but you have NO right to come into my house and speak your mind.

You bring up a great point tho, and I will bring this up in the next class...should provide some entertaining debate.
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:02:19 EDT

TamaraB :

said by Karl Bode :
I just got off the phone after a decent conversation with NAC's CEO. He's been very responsive. IF you've got legitimate questions you'd like to see answered (without trolling or being insulting), please post them here and keep them very short and to the point.

Why do they forward complaints to the spammers themselves instead of dealing with their customers' violation of their TOS?

This practice puts the one complaining at risk, and "passes the buck". It's Nac.net's responsibility to enforce their TOS not the spammers they harbor.

This is clearly a tactic to eliminate complaints, and intimidate those who would bring a problem to their attention, and says reams about their poor net-citizenship.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Wed, 21 Jan 2004 23:01:09 EDT

Otto7 :

said by schnuggles :
Be cautious with your reasoning...

Osama Bin Laden, when asked why it was acceptable to kill Americans who had nothing to do with his greivances replied to the effect that since George W. Bush was guilty (ISP), and he got his power from the people of America via election (customer of ISP), the people of America were legitimate targets that deserved to die. Does you logic still make sense?

Yes, the logic makes perfect sense, because you reversed the metaphor. Spammers are the terrorists. NAC.net is the country supporting the terrorists. BBR is funding the country supporting the terrorists. SPEWS is a loosely organized coalition of countries doing their best to fight the war on terrorism.

Metaphors work both ways. In this case, after repeated attempts at "weapons inspections", SPEWS has declared war and invoked a military blockade of NAC.net. BBR got caught in the crossfire. As much as I like what this BBR does, they are indirectly supporting known terrorist organizations, to use the metaphor.

Sorry, but that's the way it is. Stop supporting terrorism. :p

Re: Why not to use SPEWS

Wed, 21 Jan 2004 22:57:54 EDT

LrdVader :

said by schnuggles :
Again, count me in to pass a law submitting spammers to a Phillipine-style caning; I offer only a "devil's advocate" view.

I strongly object to any such soft-on-spammers law!

Re: Why not to use SPEWS

Wed, 21 Jan 2004 22:55:38 EDT

schnuggles :

said by Star Wolf:
Your example misses a major point...the settlement was a mutal agreement, and not a judical finding on the merits of either party's argument.

Absolutely correct: neither side is, or can be, certain of victory, so both have a vested interest in settling. Still, the fact that MAPS agreed not to re-list without a court order is telling, as is the fact that MSN & AOL also backed down when faced with a lawsuit by a known spammer.

Again, count me in to pass a law submitting spammers to a Phillipine-style caning; I offer only a "devil's advocate" view.
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 22:25:06 EDT

Rfsjr2 : So, Any new information on who DSLr/BBR's new ISP is going to be? I've seen a dead horse before, but I've never seen one beaten to such dramatic excess...

Looking forward to Karl Bode 's Interview/report. :)
--
*Frank* Earthlink SRS G4R 970_.42. W2K Pro SP4. DAK421_P11. Wired LAN, 2 clients.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 22:17:48 EDT

anon :

------------
Comically, my elective this semester is a Bill of Rights class. I welcome you to try that argument: you will fail. You may associate as you wish; if you associate and purposely or recklessly damage my business, you will be held liable. If you associate and stray over the line of a given law you will be held liable for the individual crime and for conspiracy.
-----------

Anybody tell that to the UFW, unions who strike, the people who refused to ride the bus in Selma, or any other organized boycott? Organized boycotts are a legal and protected activity in the US.

SPEWS is in its essence a list of IPs the people who maintain choose to boycott. They post it for others to use as they see fit. Ask your prof. Love to hear his answer considering the massive amount of case law on the topic.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 22:05:33 EDT

anon : Your example misses a major point...the settlement was a mutal agreement, and not a judical finding on the merits of either party's argument.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 22:02:46 EDT

anon : and thats not my IP also, that would be a mail server for the front office I suspect.

Another point where some jagoff running an rbl whiffed another one because even with all their resources they can't even produce the level of detail necessary to do their jobs correctly. They are making things worse, not better.

All of their efforts should be directed into creating a substitute for SMTP not screwing around with the flow of information that destroys the whole idea that the Internet is supposed to be an open neetwork to facilitate communication by creating redundancy. Not erecting walls to keep everyone out.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:58:54 EDT

anon : yeah. It's an apartment and after the guy who came to move my netwqork drop wired one side of the wall to the other, I don't think I'll be asking him to try and figure out how RBL's work. It would probably make the little chinese dude who "admins" have an aneurysm.

In this case admin is defined as a meat puppet who takes up space.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:58:12 EDT

darkcom : One of the biggest problems with SPEWS is their removal process - it's a joke (you have to post on a newsgroup and wait for an admin to read it)!

Not to mention once you post something everyone tries to get a piece of the action by making some smart _ss remark.
They are not neutral and remove IP's if the Admin feels like it.
DO NOT USE SPEWS !!!!
--
"Are you the police?... No ma'am, we're sysadmins"

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:50:44 EDT

anon :

------------
Of course it is that simple. Lying about someone in public is not legal. Saying an entire netblock are spammers when you know they aren't, is not legal.
------------

The point you fail to understand is that they are not saying that all of the "tennants" of the netblock are spammers, but the"owners", NAC in this case allow spamming or spam support from their netblocks. This is a non-trivial detail from a legal perspective.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:44:27 EDT

TamaraB :

said by schnuggles :
MAPS was sued by Experian, after Experian was blacklisted for admitted spamming. The results:

The result is that Experian netblocks found themselves on thousand of private block-lists, with no hope of being removed easilly.

So what did they accomplish? In the end they hurt themselves. The network will resist abuse, and will shun bad citizens all on it's own, just like it has since it's inception.

In the case of Experian, they are on our permanent blocklist, and probably will remain there forever (out of sight out of mind). At least if they had been blocked by MAPS or SPEWS they stood a chance of being quietly and automatically removed...

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:30:18 EDT

schnuggles : Keep in mind that one of my greatest heroes is Ameritec - I have no love for spammers and would love to see some serious laws passed in this regard. I only threw that out there as a reminder that folks, even with the best intentions, can overstep a line and find themselves liable.

In this case I think SPEWS is trying to do the right thing, and I support their efforts - until they injure other people who are trying to do the right thing.

I *SWEAR* I will now get off my soapbox and return you to your regularly scheduled programming... ;)
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:23:30 EDT

schnuggles : Has anyone claimed *your* actions were not legal? I questioned only SPEWS, not those who use the blacklist. However, having said that, Harris Interactive forced MSN, AOL, and MAPS to back down.
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:22:10 EDT

Steve :

said by schnuggles :
MAPS was sued by Experian, after Experian was blacklisted for admitted spamming.

You're right. I was wrong. Thank you.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:22:03 EDT

schnuggles : Here is your next one:

Harris Interactive said Tuesday it has "voluntarily discontinued" its legal action against MAPS and the remaining ISPs, the company said in a statement.

"We sued to open communication with our respondents, and that goal was accomplished," Harris Interactive CEO Gordon Black said in the statement. "Continuation of the suit is not in our shareholders' best interests."

Harris Interactive dropped AOL from the lawsuit in August when the ISP restored the market research company's ability to send e-mails to AOL subscribers. When Harris Interactive first filed its lawsuit, an AOL spokesman told IDG News Service that the company did not use the RBL.

Earlier this month, Harris Interactive also removed Microsoft's Hotmail from the lawsuit, with both sides saying the companies had reached a verbal agreement allowing Hotmail subscribers who wanted to receive Harris Interactive e-mails to do so. Around the same time, Harris Interactive said that, after discussions with the ISPs, many of them had unblocked access to their subscribers. The market research company is currently able to communicate with more than 98 percent of its more than 6.6 million member panel, Rochester, N.Y.-based Harris Interactive said.

Harris Interactive ALSO settled...and got access back.
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:20:05 EDT

TamaraB :

said by starrider78:
Of course it is that simple. Lying about someone in public is not legal. Saying an entire netblock are spammers when you know they aren't, is not legal.

No one has said the entire netblock are spammers! What *IS* being said is "I CHOOSE not to allow nac.net access to my systems" PERIOD! My system My rules; very simple, and very LEGAL. I don't even have to justify it, in fact, I don't even need the slightest pretense of a reason!

It is perfectly legal for me to deny access to whomever I choose for whatever arbitrary reason I choose.

However, I will give you a hint, stop supporting spammers and I will consider allowing your systems to communicate with mine.... Legal? YUP!

That's the reality, and the crux of the entire issue.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:20:04 EDT

schnuggles : MAPS was sued by Experian, after Experian was blacklisted for admitted spamming. The results:

"Last November, MAPS placed Exactis.com on the RBL for failing to abide by agreed-upon protocols to prevent sending mass, unsolicited commercial e-mail (see story). A day later, Denver-based Exactis filed a lawsuit against MAPS and obtained a temporary restraining order against the listing.

Experian said in a statement that it has some protection under the settlement, "MAPS is prohibited from listing Experian eMarketing again without first obtaining a court order. In addition, neither Experian eMarketing nor its clients will be required to employ the practice of double opt-in [a process by which a consumer must reaffirm his permission before he is added to an e-mail list] demanded by MAPS in November 2000."

It has worked. Note that MAPS was prohibited from re-listing Experian without a COURT ORDER...
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:08:34 EDT

schnuggles :

said by AmeritecTech :

You can't sue someone for telling the truth. If I have evidence to indicate that Halliburton is dumping toxic waste into the Pacific and I release it, I could harm their business and scare away customers. If its true and I can show that it is through legally acquired documentation, they have no legal claim against me.

Exactly what I stated earlier. But, in this case, there is no truth to tell about DSLR. DSLR is being impacted by the actions of two organizations over which it has no direct control. Again, I don't believe that the ISP/backbone folks would have a cause of action against SPEWS...but DSLR? *IF* they are verifiably losing business for an act they did not commit, and I have no way of knowing if they are, then they would likely have standing for action. Would they succeed? I don't know...keep in mind that I support RBL's in general, but one *must* be careful not to cause loss to those not involved in the "truth" being extolled.
--
Salus Populi Suprema Est Lex

-Cicero (106 BC - 43 BC)

P.S. Good to see ya Ameritec: I've been a fan since your adventures with "Lawkitty" and her freinds.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:06:21 EDT

Steve :

said by schnuggles :
What in God's name are you talking about? This is used CONSTANTLY.

Oh, I understand the legal concept and fully believe that it's used successfully all the time. I am guilty of inarticulate speech.

It's never been successfully used on a blacklist.
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:05:00 EDT

Steve :

said by starrider78:
They are still saying that DSLR is a spammer via implication.

This is not what's happening, and it's not that hard to understand. SPEWS is saying:

•NAC.NET is spam friendly•DSL Reports uses/supports/is hosted by NAC.NET•DSL Reports is not a spammer•They are more than happy to put the squeeze on us to get us to beat up on NAC.NETThis is much closer to "extortion" than to "slander"

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:04:16 EDT

AmeritecTech :

said by starrider78:

They are still saying that DSLR is a spammer via implication. It's still illegal.

DSLR's IP is listed as a level 2 listing. This specifically means that they are NOT listed as a spammer.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:01:53 EDT

schnuggles :

said by Steve :
OK, Mr. Clever Law Student: why has this argument never worked before?

Steve

What in God's name are you talking about? This is used CONSTANTLY. Go to Novell's site and read through the correspondence with SCO; the constant references to "irreparable harm" to SCO from Novell's actions is part of a chess match that will likely lead to a lawsuit where this EXACT issue will be raised.

EDIT: removed inappropriate comment
--
Salus Populi Suprema Est Lex

-Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 21:00:20 EDT

anon : But DSLR isn't NAC. Again, this is like saying everyone in DC is a rapist, because the cops in DC don't catch all rapists in the city.

They are still saying that DSLR is a spammer via implication. It's still illegal. IANAL

Re: Why not to use SPEWS

Wed, 21 Jan 2004 20:58:33 EDT

AmeritecTech :

said by schnuggles :

said by Steve :
It's not that simple: there is the Constitutional matter of "freedom of association" to contend with.

Steve

Comically, my elective this semester is a Bill of Rights class. I welcome you to try that argument: you will fail. You may associate as you wish; if you associate and purposely or recklessly damage my business, you will be held liable. If you associate and stray over the line of a given law you will be held liable for the individual crime and for conspiracy.

You can't sue someone for telling the truth. If I have evidence to indicate that Halliburton is dumping toxic waste into the Pacific and I release it, I could harm their business and scare away customers. If its true and I can show that it is through legally acquired documentation, they have no legal claim against me.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Wed, 21 Jan 2004 20:58:33 EDT

Steve :

said by schnuggles :
You may associate as you wish; if you associate and purposely or recklessly damage my business, you will be held liable. If you associate and stray over the line of a given law you will be held liable for the individual crime and for conspiracy.

OK, Mr. Clever Law Student: why has this argument never worked before?

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 20:56:22 EDT

AmeritecTech :

said by starrider78:
Of course it is that simple. Lying about someone in public is not legal. Saying an entire netblock are spammers when you know they aren't, is not legal.

Sure, but that's not what they're saying. They're saying that NAC.net supports spammers by refusing to terminate them. That's why its a Level 2 listing.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Wed, 21 Jan 2004 20:51:53 EDT

schnuggles :

said by Steve :
It's not that simple: there is the Constitutional matter of "freedom of association" to contend with.

Steve

Comically, my elective this semester is a Bill of Rights class. I welcome you to try that argument: you will fail. You may associate as you wish; if you associate and purposely or recklessly damage my business, you will be held liable. If you associate and stray over the line of a given law you will be held liable for the individual crime and for conspiracy.
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 20:50:04 EDT

anon : Of course it is that simple. Lying about someone in public is not legal. Saying an entire netblock are spammers when you know they aren't, is not legal.

DUH.

I might as well say everyone in a netblock are running kiddie pr0n. Is that legal when I know for a fact they aren't? Of course not.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 20:18:08 EDT

Steve :

said by schnuggles :
this is not advanced, this is first-year tort law stuff.

It's not that simple: there is the Constitutional matter of "freedom of association" to contend with.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 20:13:57 EDT

AmeritecTech :

said by Sam Sneak:
from Steve

Might it not be a better idea to have a little chat with the current one first?

Sorry it is our policy not to negotiate with terrorists.

Your waldenweb.com IP is included in some BL's.

»openrbl.org/#209.163.146.252
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Wed, 21 Jan 2004 20:09:42 EDT

anon : from Steve

Might it not be a better idea to have a little chat with the current one first?

Sorry it is our policy not to negotiate with terrorists.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 20:00:02 EDT

alien88 : Alex, aka Latency, of NAC.net was owned in Volume 0x0b, Issue 0x3f, Phile #0x03 of 0x0f of Phrack and it shows him running a spam operation.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 19:57:55 EDT

schnuggles :

said by Steve :

said by schnuggles :
If you publicly post information, that damages my business, and cannot *prove* your claim, you will be found liable.
Their claim is "BBR is hosted with a spam-friendly ISP", and I think they won't have much trouble making that case.

It's a completely different claim from "BBR spams", which they are not making.

Steve

You ignore what I said: if your comments, even if only reckless with regard to effect rather than made with malice, cause my business verifiable harm, you can be found tortiously liable for you actions...this is not advanced, this is first-year tort law stuff.
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 19:48:50 EDT

schnuggles :

said by Otto7 :

Because BBR, as a customer of NAC, is paying them money to provide them certain services. NAC's irresponsibility has led to other ISP's blocking traffic from NAC, and thus NAC can no longer provide those services.

Be cautious with your reasoning...

Osama Bin Laden, when asked why it was acceptable to kill Americans who had nothing to do with his greivances replied to the effect that since George W. Bush was guilty (ISP), and he got his power from the people of America via election (customer of ISP), the people of America were legitimate targets that deserved to die. Does you logic still make sense?
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 19:35:51 EDT

schnuggles :

said by Karl Bode :

It is blackmail and forced activism no matter what color tie it's wearing. Because we're talking about spammers we're awash in moral relativism.

True, but in the battle with spammers, just above baby rapists on my list, it *IS* hard to keep an open mind.
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Defamation / libel lawsuit

Wed, 21 Jan 2004 19:30:30 EDT

anon : IANAL, but:

Accusing someone of being a spammer in a public forum could be considered as libel, or at least defamation of character.

If I state that someone is a "rapist" in a public forum, and someone takes that list of "rapists" and uses that to take action action against someone accused of that, I am responsible if that information is false.

They are saying that EVERYONE on that ip block is a spammer. the TRUST issue? SPEW is stating publicly "these guys are spammers are bad." Saying they just provide a list is not only a copout, it's irresponsible.

Posting FALSE information that they KNOW people will take action on is not only irresponsible, but could be grounds for a lawsuit.

The people at DSL reports should contact an attorney and if possible, SUE SPEWS! Deliberately and knowingly spreading false information is against the law, no matter what the end results may be. It isn't just collateral damage, it's false information used by a vigilante group. AFAIK, libel is still a crime.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 19:30:11 EDT

Steve :

said by schnuggles :
If you publicly post information, that damages my business, and cannot *prove* your claim, you will be found liable.

Their claim is "BBR is hosted with a spam-friendly ISP", and I think they won't have much trouble making that case.

It's a completely different claim from "BBR spams", which they are not making.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 19:26:32 EDT

TamaraB :

said by Wills :
Please explain to me why it is socially acceptable (in your mind) that it's BBR's responsibility to clean up NAC.net?

It's in BBR's best interest to maintain an open IP address. Fighting SPAM is one of BBR's avowed goals (read this forum).

said by Wills :
Once you do that, then please explain to my why it is socially acceptable (again, in your mind) that SPEWS can hold our IP hostage and tell us "to get unlisted, talk to your ISP to clean up their act".

SPEWS isn't holding BBR Hostage, thousands of independent sysadmins have decided they do not want email from nac.net ip space because of nac.net's behavior. Nac.net has broken the "trust" inherent in internet communications, and communications from them is no longer wanted, simple as that, Spews has little to do with it!

Let me tell you something, if spews were to dissapear tomorrow, nac.net ip space would likely remain blocked by those who currently subscribe to spews anyway! It is NOT blocked because of spews, rather it is blocked because of NAC.NET's behavior. Spews simply makes it easier to do and centralises the removal of the blocks.

At least with Spews, there is a chance of it getting unblocked. Without spews it is unlikely that it would ever be unblocked.

We block systems which SPEWS does not block because we do not want or do not need to communicate with certain portions of the net.which are abusing our users (portions of China and Lacnic ip space) That's OUR right, it's OUR network and we choose who can and who can not communicate with it.

said by Wills :
It's none of our business what NAC.net does in reality. If they are hosting spammers, oh well, that is between NAC.net and SPEWS, not the other IP address they are holding ransom.

Correct, as it is none of your business that thousand of systems choose not to communicate with nac.net.

Who are you to tell me that I and the networks which I control MUST communicate with nac.net??

Where do you get the notion that YOU have an inherent right to send ME email?? The REALITY is that you don't. The REALITY is, that I can choose who can and who can not use our network services. Systems which adhere to some semblence of good citizenship can , those which abuse that "TRUST" can't. NAC.NET has abused that trust, and so they can't, SPEWS has NOTHING to do with it, NAC.NET has everything to do with it.

said by Wills :
It's not SPEWS place to BL our IP and it's not their place to tell us to clean up our ISP. Why don't they get up off their fat lazy asses and clean up NAC.net if they are so worried about it.

There is an oportunity here to fix the mistrust of NAC.NET, created by nac.net itself, and so make it more palatable for many systems to maintain open channels with nac.net ip space.

Spews is suggesting one way to do this. BBR can choose not to do anything; that's Their right. But then who is the owner of the "fat lazy ass" ?? Spews is NOT "so worried about it", nor are the thousands who choose to block NAC, It's BBR who is "worried about it", and NAC who SHOULD be.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Wed, 21 Jan 2004 19:22:53 EDT

schnuggles :

said by mccallcl:
"SPEWS only provides a list, it is up to ISPs as to what to do with it"...

:rolleyes:

Are you saying that SPEWS has NO IDEA what those CRAZY ISPs are going to do with that funny list of numbers?

Well, I'm not certain that even providing "information only" is a sufficient protection. If you publicly post information, that damages my business, and cannot *prove* your claim, you will be found liable. In this case, if the blocking of email from BBR is producing material harm, and you can prove this, SPEWS could be in trouble. I, for example, cannot run about saying "BBR Killed my cat," for if I do, and they lose business over it, I can be found liable even if I state that I provide only a LIST of cats killed by internet sites with no knowledge of what is to be done with it. Simply: you cannot take actions that cost legitimate companies business unless you can PROVE your allegations. As BBR is *unusually* active in the anti-spam battle (this mean you Americtec!!! ;), the SPEWS allegations have no basis in fact and tort law does not allow me to punish the non-infringing parties. I.E. I could not run about impacting the business of one of IBM's suppliers because of my grievance with IBM.

Having said all of this, let me state that I think RBL's are a good thing...BUT...the process of listing and de-listing should be made absolutely transparent for the internet community, complete with a way to efficiently verify compliance and remove unneeded blocks. Failing this, (perhaps even with this), SPEWS could be facing some legal woes.
--
Salus Populi Suprema Est Lex -Cicero (106 BC - 43 BC)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 19:10:43 EDT

anon : Workarounds are not a solution.
SPEWS needs to be stopped.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 18:42:25 EDT

Steve :

said by tigers :
How long must BBR and NAC have to "think about what they did" before the anonymous users at SPEWS decide to take NAC off their list?

Well, I don't know how long that time is, but I am quite sure that the clock doesn't start until the spammers are nuked. I don't believe we are there yet.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 18:35:23 EDT

tigers :

said by Steve :
. The whole notion "Even if you fix things, we may let it sit a while to let you think about how you got here" goes a long way to making a just-recently-got-a-clue ISP lose heart.

This is exactly what I have a problem with as well. How long must BBR and NAC have to "think about what they did" before the anonymous users at SPEWS decide to take NAC off their list?

So once you've terminated the spammer's accounts, how much penance is enough? One week? Perhaps Two? Or maybe 6 months? Who knows? But damnit, all you ISP's and customers of ISP's will think about this and what terrible injustice you've contributed to internet society before we decide you're worthy of being off our blacklist. :uhh:
--
John Edwards 2004

Re: Why not to use SPEWS

Wed, 21 Jan 2004 18:20:07 EDT

Steve :

said by Jason Levine :
I'm sorry, but if you're going to maintain a blacklist, you have a responsibility to keep the list as clean as possible of any collateral damage.

Actually, one of the goals of SPEWS is to create that collateral damage. It's not incidental, it's intentional.

The thing that bugs me about SPEWS is not the collateral damage, but the arrogance and lack of transparency. The whole notion "Even if you fix things, we may let it sit a while to let you think about how you got here" goes a long way to making a just-recently-got-a-clue ISP lose heart. If you don't see results of "getting your act together", it's easy to just give up.

Anybody who follows the rules: post to the group with the right numbers, clear statement "we have terminated ____", "We think this is everybody that is spamming", etc. This should lead to swift removal upon verification.

Apparently, it doesn't always, which seems terribly counterproductive to what they are trying to accomplish.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 18:12:10 EDT

Jason Levine :

said by Karl Bode :

Trust me. If it were my website I'd tell SPEWS to go to hell, particularly with their history of being unmovable.

It was my website and I did tell them to go to hell. (Ok, not in person since they love being anonymous, but in opinion and in every opportunity to discuss the downside of SPEWS.)
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/

Re: Why not to use SPEWS

Wed, 21 Jan 2004 18:10:33 EDT

Jason Levine :

said by Otto7 :
Results matter. The ends don't necessarily justify the means, I admit, but still, results are what count.

Results may count, but the method that you take to get those results matters to. Would you recommend tracking down spammers and seriously injuring them? (Seriously, I mean. Beyond simple message board venting.) It would probably help stop spam if spammers knew that spamming would lead to them being injured by armies of vigilantes. But the ends doesn't justify the means and injuring people (even if they've done something we see as wrong) isn't right.

So too I don't think that blacklisting large amounts of innocent websites in the hopes that one of them will take up the fight against spam is a valid means. Especially when there are more effective methods.

said by Otto7 :
You're free to choose an ISP that doesn't use the SPEWS list, just as I am free to choose one that does.

Not everyone is free. I can choose a site that's not using SPEWS, but my users might have an ISP that does. And they don't know whether their ISPs use SPEWS or not until it becomes a problem. Sometimes a user may have a limited choice due to the area they live in. Should my valid e-mails to them be blocked because the only ISPs in their area use SPEWS?

said by Otto7 :
The setup is voluntary. Nobody's forcing anybody to do anything. Nobody's holding a gun to anybody's head.

One of my main beefs with SPEWS is removal. If you're not a spammer and you end up on their list, they act like it's not their business to remove you. Instead you need to find all of the ISPs using SPEWS and get yourself whitelisted. I'm sorry, but if you're going to maintain a blacklist, you have a responsibility to keep the list as clean as possible of any collateral damage.

said by Otto7 :
Somehow, the rabid foaming-at-the-mouth anti-SPEWS people here seem to get the idea that they have a god-given right to have their e-mail delivered. Well, guess what, that ain't the case.

Silly me. And here I thought that e-mail had a certain expectation of service. Many businesses rely on e-mail to survive. E-mail service should strive to be 100%, not "well if it gets delivered that's fine but I'm not making any guarantees."

said by Otto7 :
E-mail, like all internet traffic, depends on two entities: the sender and the receiver. The receivers have declared that they are putting SPEWS recommendations into effect and will not accept email from NAC.net. The senders can bitch all they like, it doesn't change the facts.

However, the receiver is really the end user. The ISP is really just providing the path. Similar to a phone company. Would you like it if the phone company disconnected calls to your family because someone in your apartment building made a harassing call?

Some ISPs are attempting to deal with the spam problem by using a blacklist. They are expecting that the blacklist will be as clean as possible of collateral damage. Instead, SPEWS is purposefully adding in collateral damage to try to get more attention. Instead of convincing people to take up the anti-spam cause, they're going to make people think that anti-spam folks are just as nuts as spammers.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/

Re: Why not to use SPEWS

Wed, 21 Jan 2004 17:54:06 EDT

claudeo :

said by Otto7 :
The fact that BBR is pissed and dealing with NAC.net is a vindication of the methodology.

No it's not. It is only a violation of the principle that you don't make a customer suffer for the faults of its supplier. By your logic, it is OK to impound every car of a particular make because one car of that make was used in the commission of a crime. Or to bomb any civilian target in the US because US policies have resulted in the deaths of civilians in Irak. This is sick terrorist logic.

quote:

SPEWS simply works. And it will continue to work.

No it doesn't. As long as it causes a single false positive with no way to correct it as soon as it is detected, it doesn't. Grow up.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 17:49:18 EDT

Steve :

said by Otto7 :
BTW, "extortion" doesn't fit the circumstances. It means "to obtain from a person by force, intimidation, undue, or illegal power".

This does skirt on the edge of anti-trust law (in the United States, at least): "refusal to deal". I believe that the blacklists are so far squarely on the "it's legal" side, but if there is ever a downfall, that's going to be it.

Outside the US, though, it won't matter.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 17:45:33 EDT

Otto7 :

said by AmeritecTech :
I agree, so submitting a story to Slashdot and ranting about it in a forum can only increase its visibility and hone the system's effectiveness.

Very true. Good thinking there. If you succeed in wiping out SPEWS, I'll applaud you on a job well done. Won't happen, but feel free to do your utmost. :) SPEWS has blocked entire ISPs before. Bigger ISPs than NAC.net too. Their list still seems to be effective.

But if you want to solve the problem of BBR not being able to email 20% of the population, then such an approach might not be the best way to get the job done. Again, results matter. ;)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 17:42:43 EDT

Otto7 :

said by Karl Bode :
Trust me. If it were my website I'd tell SPEWS to go to hell, particularly with their history of being unmovable. I don't respond well to extortion, no matter what kind of dress it's wearing. I think these SPEWS supporters would have an epileptic seizure if Microsoft or the RIAA tried similar tactics, yet because we're dealing with spammers their ideology of internet etiquette flies out the window in a wash of moral relativism.

Hey, you're free to do that too. Free will and free choice are the backbone of the whole debate. Somehow, the rabid foaming-at-the-mouth anti-SPEWS people here seem to get the idea that they have a god-given right to have their e-mail delivered. Well, guess what, that ain't the case. E-mail, like all internet traffic, depends on two entities: the sender and the receiver. The receivers have declared that they are putting SPEWS recommendations into effect and will not accept email from NAC.net. The senders can bitch all they like, it doesn't change the facts.

BTW, "extortion" doesn't fit the circumstances. It means "to obtain from a person by force, intimidation, undue, or illegal power". SPEWS has done no intimidation, certainly. They have no power whatsoever except for the power of recommendation. And they have exerted no force, as they have no force to exert. All they do is publish a list, essentially. They cannot force anybody to do anything with that list or because of that list. All their power is based on the voluntary actions of thousands of ISPs who take action based on that list. That's where the power lies, in those thousands of ISPs. Anyone can publish a list. Hell, I can publish a list. Doesn't mean anything at all. Even the fact that SPEWS knows what will be done with that list doesn't transfer the power to them. They cannot act arbitrarily, or nobody would listen to their little list. Any "power" they have is that of recommendation only. And it's protected by free speech as well. I'm free to says that microsoft is an evil evil company. It's just my opinion. SPEWS opinion is at least backed up by publically available documentation.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 17:36:34 EDT

AmeritecTech :

said by Otto7 :
It's a self healing system.

I agree, so submitting a story to Slashdot and ranting about it in a forum can only increase its visibility and hone the system's effectiveness.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Wed, 21 Jan 2004 17:32:53 EDT

Otto7 :

said by AmeritecTech :
Effectiveness vindicates methodology? By what logical path? Is every measure which is effective (regardless of collateral damage) a "Good Idea" (TM)?

Results matter. The ends don't necessarily justify the means, I admit, but still, results are what count. If blacklists like this are necessary to stop the huge drain that is SPAM, then I have no problem with it myself. But it's a free country. You're free to choose an ISP that doesn't use the SPEWS list, just as I am free to choose one that does. And every ISP is free to follow it's recommendation, block based on it, or just use it as a flagging mechanism instead of an outright block. The setup is voluntary. Nobody's forcing anybody to do anything. Nobody's holding a gun to anybody's head.

said by AmeritecTech :
There is plenty that can be done about it. Publicity of the methods used by SPEWS may encourage some admins to stop using it.

Uh huh. And it may cause other admins who agree with the tactic and have customers complaining about spam left and right to start using it.

Look, setting up the SPEWS RBL isn't automatic on any system. If an admin or ISP is using it, then they conciously set it up to use it.

It's a self healing system. If nobody uses it, then SPEWS can set up block lists until they are blue in the face, it won't do anything. The fact that it is indeed doing something is a pretty good indication that a lot of admins and ISPs like it and use it, don't you think?

Re: Why not to use SPEWS

Wed, 21 Jan 2004 17:23:45 EDT

Karl Bode :

quote:
The fact that BBR is pissed and dealing with NAC.net is a vindication of the methodology.

Trust me. If it were my website I'd tell SPEWS to go to hell, particularly with their history of being unmovable. I don't respond well to extortion, no matter what kind of dress it's wearing. I think these SPEWS supporters would have an epileptic seizure if Microsoft or the RIAA tried similar tactics, yet because we're dealing with spammers their ideology of internet etiquette flies out the window in a wash of moral relativism.

I'm engaging NAC out of curiosity at this point and the desire to see these questions answered in a follow-up front-page story. That's it. I simply handle the news, others will tackle and comment on our business relationship with NAC if and when they see fit. My opinions are, obviously, my own and not those of BBR. As a reminder, please keep the questions coming if you'd like to see them answered by the NAC.net CEO in an upcoming interview.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 17:22:29 EDT

AmeritecTech :

said by Otto7 :
The fact that BBR is pissed and dealing with NAC.net is a vindication of the methodology. SPEWS simply works. And it will continue to work. And there's nothing you can do about it.

Effectiveness vindicates methodology? By what logical path? Is every measure which is effective (regardless of collateral damage) a "Good Idea" (TM)?

There is plenty that can be done about it. Publicity of the methods used by SPEWS may encourage some admins to stop using it.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Wed, 21 Jan 2004 17:15:21 EDT

Otto7 :

said by prmmover:
If you're going to make a service to the public that is so quick to list 'bad' people, you damn well better make sure to remove from that list the exhonerated users as quick as you were to block them in the first place. And, there needs to be more specifity in what they're blocking, otherwise you should be not putting yourself in that position in the first place.

a) How is well over a year "quick to list 'bad' people"?
b) Specific blocking didn't work. It was done. Nothing changed. So it got escalated. And escalated again. And again. The history is plainly available on NANAE, detailing the whole thing. Read it. This isn't all of a sudden, this isn't "quick", and this isn't arbitrarily large blocking. It always starts with just the few IP addresses know to be sending SPAM. When nothing is done, then collateral damage kicks in. The blocked address space widens until someone, anyone, gets pissed off enough to do something about it. That's the way SPEWS works. The fact that BBR got blocked and is getting pissed and is talking to NAC about it proves that the system works, eventually. In this case, it happened to take a very wide net and quite a long time to force a response, but it still worked.

The fact that BBR is pissed and dealing with NAC.net is a vindication of the methodology. SPEWS simply works. And it will continue to work.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 17:06:51 EDT

Otto7 :

said by Wills :

Please explain to me why it is socially acceptable (in your mind) that it's BBR's responsibility to clean up NAC.net?

Because BBR, as a customer of NAC, is paying them money to provide them certain services. NAC's irresponsibility has led to other ISP's blocking traffic from NAC, and thus NAC can no longer provide those services.

Forget SPEWS for a moment. What if, individually, a bunch of ISPs decided to block NAC as a whole because they were sick of the way NAC acted. If each and every ISP admin decided that they'd had enough of NAC's anti-social behavior and simply blocked them and their customers directly, would that be wrong? Would you be ticked off at all those thousands of ISP's? Or would you be ticked off at NAC for being so anti-social and annoying that they got the rest of the network mad enough to block NAC and you as a paying customer of NAC?

said by Wills :

Once you do that, then please explain to my why it is socially acceptable (again, in your mind) that SPEWS can hold our IP hostage and tell us "to get unlisted, talk to your ISP to clean up their act".

Because SPEWS and the people who use the SPEWS list cannot get your ISP to clean up their act. They don't pay money to your ISP. They have no leverage. As a paying customer of NAC, you do. As a paying customer, you have the leverage to tell your ISP to clean up their act, or those thousands of ticked off ISPs will continue to ignore you until you move elsewhere.

said by Wills :

It's none of our business what NAC.net does in reality. If they are hosting spammers, oh well, that is between NAC.net and SPEWS, not the other IP address they are holding ransom.

Exactly. Now that you find yourself impacted by the policies of NAC.net, it most certainly is your business, isn't it? That's the goal. To give you, as a paying customer of a spam-haven, a reason to act.

said by Wills :

It's not SPEWS place to BL our IP and it's not their place to tell us to clean up our ISP. Why don't they get up off their fat lazy asses and clean up NAC.net if they are so worried about it.

Again, they are *incapable* of doing so. They have no leverage with NAC.net. You do. SPEWS, and the people who use the SPEWS lists, have acted by simply ignoring NAC.net and those who support NAC.net monetarily.

I mean, let's get a grip here. You have not been directly attacked. This isn't a DDOS attack or something... All that's really happening is that ISP's that you do not pay any money to have decided that they are going to not accept your mail (based on the recommendation of SPEWS). That's 100% within the realm of any ISP to do. And they can do that for any reason they choose to do so. You don't pay money to all the ISPs to accept and deliver your mail, they do so for free, from your point of view. They owe you nothing. Now they are unhappy with your ISP and have decided to ignore any and all mail from it, and that happens to include you.

Well? What are you going to DO about it? You've got a reason to be upset. You've got leverage with your provider. Your provider is the *only* entity capable of fixing the problem. Why are you bitching about SPEWS and the people who listen to SPEWS? Why are you not bitching about your provider? They've provided BAD service. They've been a BAD citizen of the network. Tell them to FIX the damn problem already. There ain't no other alternative.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 16:41:57 EDT

Spectral :

said by AmeritecTech :

IF you've got legitimate questions you'd like to see answered (without trolling or being insulting), please post them here and keep them very short and to the point.

Why didn't they take care of the problem before the SPEWS listing expanded beyond just a few servers?

Oh, so every website's owner should keep read SPEWS listings every day to see if some other website on his host has been listed?

People have things to do. Not everyone has enough free time to worship at the SPEWS altar every day.

I beleive he was commenting in response to things that should be asked of Nac.net (hence the quote). IE Nac.net should be asked why they (NAC) ignored so many abuse complaints for so long and let it get to that situation before it expanded.
--
"Flying There is an art, or rather a knack to flying. The knack lies in learning how to throw yourself at the ground and miss."~Douglas Adams

Re: Why not to use SPEWS

Wed, 21 Jan 2004 16:38:44 EDT

anon : Quite frankly, I have to agree with Wills.

I used to work for NAC, and I own colo space to resell.

I have IP address space in the 209.123.xxx range, as well as other ranges they own. I speak to the folks there, and they are responsive if I have a complaint. Maybe that's because I know half of them, but maybe not.

I know that for the most part, they don't usually tolerate spam from their immediate customers, but that doesn't take into account the countless number of resellers that colo with them, like myself. I know that every time a spam complain came across when I was working, we acted on it, and the offending party was either terminated, or if it was a reseller, the reseller was given a warning.

How effective is the spam reporting when you get false-positives from customers saying they were spammed when they inherited a re-used username? I can say that a good part of the small complaints can get ignored, but when it's a big enough issue, it does get dealt with.

And what happens when a spammer bounces from reseller to reseller on the same block, especially when that block is an _entire_ class B? One reseller cancels the account, and another picks it up not knowing the history, but in the same local areas, you're going to get the same IP block space. The spammer strikes again, and gets cancelled again, but then moves on to another reseller, who happens to be on the same netblock, since it's large enough.

No, I'm not condoning spamming, nor am I condoning lack of action on the ISP's part.

But, I'm also against SPEWS, with their scoolyard bully tactics listing an entire B classes' worth of IP space, just becuase spammers have used it, and may still be using certain parts. If the spammer is gone, or moved, the stigma of the bad actions should not stay with the affected addresses, since the next unsuspecting customer now has to spend his time and money trying to get rid of the bad karma he got, without having anything to do with it.

It's a large game of whack-a-mole.

And, what about the possiblity of action being taken, but another 15 cases popping up at the same time. How do you handle that much workload, especially when those in most cases aren't your direct customers, but customers 3 tiers down the line?

Look, it's a sticky situation at best. Nac needs to take action against it's bad customers. But, on the other hand, the actions of SPEWS are also childish in how they resolve their issues.

If you're going to make a service to the public that is so quick to list 'bad' people, you damn well better make sure to remove from that list the exhonerated users as quick as you were to block them in the first place. And, there needs to be more specifity in what they're blocking, otherwise you should be not putting yourself in that position in the first place.

-Gary

Re: Why not to use SPEWS

Wed, 21 Jan 2004 16:35:31 EDT

funchords :

said by Wills :
Please explain to me why it is socially acceptable (in your mind) that it's BBR's responsibility to clean up NAC.net?

Once you do that, then please explain to my why it is socially acceptable (again, in your mind) that SPEWS can hold our IP hostage and tell us "to get unlisted, talk to your ISP to clean up their act".

It's NAC.net's responsibility to clean up NAC.net. And they've had over a year to do it. So -- what's the right penalty for not cleaning up your act.

Forget SPEWS for a second. What about the sysadmins that just would otherwise kill NAC.net messages. You don't know when they do it, who is doing it, or what it would take to fix it.

My mail and web service come from a 3rd party. I care about their reputation because my little address space on the internet depends on it.
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA

Re: Why not to use SPEWS

Wed, 21 Jan 2004 16:19:14 EDT

Wills :

said by TamaraB :

Sounds to me like they see BBR in a position to put pressure on the real problem NAC.NET to clean up their act. Perhaps BBR has more public-relations power than NAC.NET is willing to ignore.

Please explain to me why it is socially acceptable (in your mind) that it's BBR's responsibility to clean up NAC.net?

Once you do that, then please explain to my why it is socially acceptable (again, in your mind) that SPEWS can hold our IP hostage and tell us "to get unlisted, talk to your ISP to clean up their act".

It's none of our business what NAC.net does in reality. If they are hosting spammers, oh well, that is between NAC.net and SPEWS, not the other IP address they are holding ransom.

It's not SPEWS place to BL our IP and it's not their place to tell us to clean up our ISP. Why don't they get up off their fat lazy asses and clean up NAC.net if they are so worried about it.
--
Abit VP-6 twin 800EB's @ 1002 Mhz.

Proud member of the XDC.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 16:06:33 EDT

nixen :

said by TamaraB :
MOST of our users are not technical and are completely CLUS-LESS and CARE-LESS. Unfortunately that is the state of affairs among the masses out there. This board represents an elite-class of computer users, and mods are at the top of that class usually.

Hmm... I wonder how many of your clueless/careless users may be reading this line, now that this issue has been SlashDoted. I am sure that each and every one of them would just love to know that their ISP has such a high regard for them.

Should be fun explaining your public proclamation of your low opinion to said clueless customers. Then again, if they are that clueless, they've probably never heard of either this site or SlashDot.

-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron"

Re: Why not to use SPEWS

Wed, 21 Jan 2004 16:06:25 EDT

AmeritecTech :

said by funchords :

said by Karl Bode :
IF you've got legitimate questions you'd like to see answered (without trolling or being insulting), please post them here and keep them very short and to the point.

Why didn't they take care of the problem before the SPEWS listing expanded beyond just a few servers?

Oh, so every website's owner should keep read SPEWS listings every day to see if some other website on his host has been listed?

People have things to do. Not everyone has enough free time to worship at the SPEWS altar every day.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Wed, 21 Jan 2004 16:04:00 EDT

W7PSK : Sure ask the CEO why when I see 1,970 listings in News.admin.net-abuse.sightings alone for NAC that they have done nothing, after 1000s of complaints (Not all people use Sightings).

Why are the 11 or so ROSKO listed spammers, 3 of which the US Government is taking to court for Illegal activities, are still able to use NAC.NET as a home?

That should do for a start.
--
Rick Scott Everett, Washington

Re: stop bitching, read the TRUST post, and do smth.

Wed, 21 Jan 2004 16:02:20 EDT

AmeritecTech :

said by ablah:
seriously, if you had collectively put the efforts into bitching in this forum into actually doing something, you'd be that many man-hours closer. spews can say what the fuck it wants to say

SPEWS can say what the fuck it wants to say, but you shut up and put your efforts into "doing something". Is that it?
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Wed, 21 Jan 2004 15:58:08 EDT

funchords :

said by Karl Bode :
IF you've got legitimate questions you'd like to see answered (without trolling or being insulting), please post them here and keep them very short and to the point.

Why didn't they take care of the problem before the SPEWS listing expanded beyond just a few servers?
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA

Re: Why not to use SPEWS

Wed, 21 Jan 2004 15:51:35 EDT

Karl Bode : I just got off the phone after a decent conversation with NAC's CEO.

He's been very responsive. IF you've got legitimate questions you'd like to see answered (without trolling or being insulting), please post them here and keep them very short and to the point. I will ask them via e-mail and phone conversations, and then include the answers in a follow-up story to the front-page. Already intend to question the relationship with Pwebtech.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 15:08:45 EDT

Rfsjr2 :

said by Steve :

said by Rfsjr2 :
So how long will DSLr/BBR be down during the migration to a new ISP?
Might it not be a better idea to have a little chat with the current one first?

Of course, Just doesn't sound like Nac.net has been very responsive in the past. What makes things different today?
--
*Frank* Earthlink SRS G4R 970_.42. W2K Pro SP4. DAK421_P11. Wired LAN, 2 clients.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 14:37:13 EDT

anon : Maybe, rather than trying to get your site removed from SPEWS you should go the opposite route and try and get as many legitimate sites listed as possible. If they really are non-responsive about removing blocks then their list should get polluted badly enough that people begin dropping them from their configs.

Use the same strategy against them they use against you. Make their users contact them about how their system appears to be broken. Make the "victims" of SPEWS contact their SPEWS using ISPs and complain they are eating too many legit mails.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 14:33:06 EDT

TamaraB :

said by Jason Levine :
But they don't do either of those. Instead, they target 209.123.xx.yy. This leads to over 65,000 innocent collateral damage sites to block one spammer.

It started SMALL more than a year ago. NAC refused to do anything, the blocks were expanded; they still refused; now the blocks are yet again expanded and are about to affect BBR.... this is after more than a year of massive abuse from NAC, massive complaints to them which they ignored.

This did NOT happen last night dude, there is such a thing as "history"; it's been an endemic NAC.NET problem for a very LONG time! It's the expansion of the blocks, and the added collateral damage which has led to this point, and to the attention which it has currently. Funny, how it took so much to get your attention! It did didn't it? FINALLY! Seems that Colateral Damage works to wake some folks up.

Unfortunately, once awake, who do you lash out against? The spam-haven NAC.NET? Or the ones who woke you up Spews? You lash out at Spews. Interesting!

said by Jason Levine :
BTW Kasia, it seems like the anonymous folks running SPEWS have put a message for BBR in the SPEWS entry:

said by the SPEWS entry:

=> Hey DSLR/BBR - maybe you guys can help clean up NAC?
No one else has been able to.

Looks like they're outright admitting to blacklisting you falsely now.

Sounds to me like they see BBR in a position to put pressure on the real problem NAC.NET to clean up their act. Perhaps BBR has more public-relations power than NAC.NET is willing to ignore.

They do not appear to be "admitting" to anything, (certainly not "falsly") they are just asking for help to stop a destructive spamhause clean up their act. To phrase it as you do is unfair, are you trying to insite a flame war? Or a riot? Are you trying to deflect attention from NAC to Spews? If so why so? Which side are you on anyway??

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Wed, 21 Jan 2004 14:23:23 EDT

Karl Bode : Point stands all the same. If this were a tactic being employed by the RIAA somehow, the majority of these individuals would be disgusted.....

Re: Why not to use SPEWS

Wed, 21 Jan 2004 14:21:50 EDT

Steve :

said by Karl Bode :
It is blackmail

Actually, it's "extortion", not "blackmail" :)
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 14:20:47 EDT

Karl Bode :

quote:
if you got enough people to join you, then they would put pressure on their provider to get their act together.

It is blackmail and forced activism no matter what color tie it's wearing. Because we're talking about spammers we're awash in moral relativism.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 14:13:11 EDT

Steve :

said by Rfsjr2 :
So how long will DSLr/BBR be down during the migration to a new ISP?

Might it not be a better idea to have a little chat with the current one first?
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 14:10:29 EDT

Rfsjr2 : So how long will DSLr/BBR be down during the migration to a new ISP? :huh:

Re: Why not to use SPEWS

Wed, 21 Jan 2004 14:09:59 EDT

Steve :

said by Karl Bode :
Therefore I'm going to go around kicking Verizon customers in the balls in the hopes they complain to Verizon about their stupidity.

Actually, to make this a proper analogy, you'd simply not accept phone calls from those in Verizon space, and you would encourage others to do so as well. This information is available (the same source of info that the DSLR CO Finder uses), and if you got enough people to join you, then they would put pressure on their provider to get their act together.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 14:03:51 EDT

Steve :

said by Noodles67:
If you take the viewpoint that SPEWS is a well intentioned, but imperfect provider of information, and the responsibility to acting on that information is the ISP's, then you can define 'bad ISPs' as ones that use SPEWS without fully appreciating its pros and cons (many).

This is a fair statement.

A "bad ISP" as defined as user of SPEWS hurts its own customers, who presumably have a feedback channel to make their displeasure known to the offender.

A "bad ISP" as defined as ISP listed by SPEWS is hurting everybody on the internet, most of whom have no feedback channel to make their displeasure known.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 14:00:42 EDT

anon : You guys that can't be bothered to implement spamassassin at the SMTP level, filter mail, or believe that the atrociously high false positive rate something like SPEWS generates is acceptable should simply disconnect your computers from the Internet. It's a guaranteed way of avoiding spam! And according to your logic, it's only catching all the negatives that matter!

This thread really demonstrates how the effectively the spammers have taken people who are supposedly against spam, and turned them against the victims of spam. Way to go guys, victimize the victim.

SPEWS is not an accountable organization, and is overzealous in terms of who ends up in their blacklist. Perhaps if it were truly simple to switch ISPs their idea that "collateral damage" would effectively cut off the supply of spam might actually work; it doesn't. For large websites, changing ISPs is difficult, time consuming, tedious, and in some countries impossible.

There are better anti-spam tools out there that don't sacrifice legitimate mail, or erode the quality of the services offered on the Internet.

Fight the spammers, not the victims.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:59:34 EDT

Karl Bode :

quote:
"Playing nice" doesn't work with spammers or those friendly to them.

Non-spamming ISP customers aren't "playing nice" with spammers. They're simply caught in a crossfire and being used as tools of change. While that's a noble and often successful tactic, I still fundamentally disagree with the premise.

I've had an epiphany.

I'm disgusted by the fact Verizon covered up phantom equipment in a financial scandal in the eighties, and were given massive incentives for fiber-optic deployments they never finished in the nineties.

Therefore I'm going to go around kicking Verizon customers in the balls in the hopes they complain to Verizon about their stupidity. I'll also follow them around with a jammer, disrupting their cell-phone communications - all the while preaching to them via a jeep, outfitted with a fire-hose and a bullhorn.

When they don't switch carriers, I'll suggest they support scamming taxpayers out of money, and screwing consumers via lobbyist funds. Then I'll kick them in the balls again.

When I'm facing assault and blackmail charges in court I'll be sure to bring some of the folks in this thread along as counsel. :)

What astounds me is that if the RIAA were using this exact same tactic there would be legions of screaming individuals. But because we're talking about spammers, suddenly the morality of collateral damage becomes this vague wash of "ends justify the means" logic.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:57:00 EDT

anon :

SPEWS is not the problem
Bad ISPs are the problem

Actually there is one interpretation of this statement that I do agree with.

If you take the viewpoint that SPEWS is a well intentioned, but imperfect provider of information, and the responsibility to acting on that information is the ISP's, then you can define 'bad ISPs' as ones that use SPEWS without fully appreciating its pros and cons (many).

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:53:14 EDT

Steve :

said by Noodles67:
Spammers are the problem.

Yes, of course spammers are the problem, but when an ISP doesn't act to Take Care Of Business, word travels fast in the spammer community (via email?) that such and such an ISP is friendly to spam, and the whole neighborhood goes to pot.

The listing of this huge block did not happen overnight. The offending downstreams were narrowly listed, and nothing happened. It got wider, and nothing happened. Now it seems that the block DSL Reports uses is a "level 2" listing, which is considered a warning sign. Most don't use this to block mail, but apparently some do.

If nac.net does nothing, this will probably go to a level one listing, and then suddenly many of nac.net's customers will find their email turned away. It might be that this will turn up the heat on nac.net to do whatever is required.

"Playing nice" doesn't work with spammers or those friendly to them.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:52:15 EDT

poiwv : SPEWS= God?

I think not...

And everyone who disagrees with them are not damned to hell.

BTW....

One of the surest signs I have ever seen that someone is actually rather closely involved in SPEWS is this stupid little line...

"I am not SPEWS"...

No, kidding, SPEWS is a bunch of people, but in all likelyhood you ARE one of them (no SPEWS is not "just a list"...there is an organisation behind it, that makes it what it is, and those people ARE SPEWS, semantics aside...yes, we can see through your silly little word games, we after all are the pre-schoolers you think we are)
--
Advertising may be described as the science of arresting the human intelligence long enough to get money from it.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:48:13 EDT

Wills :

said by TamaraB :

said by AmeritecTech :
So aside from terminating the spammers, what can NAC do to get back in the good graces of SPEWS? Nothing.

NAC.NET has to terminate all their spammers to get de-listed from spews. That's the way spews works.

Captain Bob

What bothers me is that you find this acceptable. Which you proved with your "collateral damage" reply earlier.

A well known and respected site is crippled because of the way SPEWS works. The site could lose money and subscribers. And why? Because of the way SPEWS works.

Why should BBR go to their ISP and complain about OTHER people that use them. It's not BBR's concern, business, or responcibility.

Essentially SPEWS is holding our IP block ransom and trying to force US into getting rid of the spammers on our ISP. Is SPEWS to lazy? Are they incapable? Are the afraid to get their hands dirty? Why should BBR have to do this. It's assnine.

Yet you openly support this type behavior. You are essentially supporting their "ransom note" way of "business".

I like your style. You're a thinker...
--
Abit VP-6 twin 800EB's @ 1002 Mhz. Proud member of the XDC.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:47:00 EDT

anon :

SPEWS is not the problem
Bad ISPs are the problem

SPEWS or ISPs are not 'the problem'. Spammers are the problem.

Both ISPs and SPEWS can act to mitigate the problems created by the spammers. However, both ISPs and SPEWS can act to create new problems as result of poor implementation.

As the failing of bad ISP's tends to be inaction, they rarely create new problems, just fail to do their part is solving the problem of spammers.

SPEWS works by taking action (a listing), which are occasionally unwarranted, and when applied to large netblocks, can have enormous negative impact. When that occurs SPEWs becomes a new problem in its own right, that did not exist before.

Depending on your individual utility for spam versus false positives, SPEWS positives may or may not be worth its negatives.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:43:21 EDT

Steve :

said by Jason Levine :
Looks like they're outright admitting to blacklisting you falsely now.

You haven't read the SPEWS FAQ. They are not "blacklisting DSLR", but "boycotting NAC.NET", and they are very clear that they are not "accusing DSL Reports of anything".

They hope that by casting a wide net (so to speak), they will generate enough interested/pissed off parties that have leverage with nac.net to get something done. I have zero leverage. You have zero leverage. Justin may have some, as may other nac.net customers.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:37:32 EDT

Jason Levine :

said by TamaraB :
We all know what "collateral damage" means don't we? It is unavoidable in a war (just ask Dubya), and anti-spam operations amount to a war.

Maybe so, but the military still takes steps to minimize collateral damage. For example, when the US was going after Uday and Qusai, they didn't bomb the entire town to the ground to get to them. Instead, they targeted an individual building.

Taking the analogy back to the anti-spam fight, BBR resides on 209.123.109.175. A spammer is located on 209.123.111.20. Does SPEWS target 209.123.111.20? If they did then there would be zero collateral damage.

Or perhaps (if they wanted a wide target) they could block 209.123.111.xx? This would result in, at most, 254 collateral damage sites.

But they don't do either of those. Instead, they target 209.123.xx.yy. This leads to over 65,000 innocent collateral damage sites to block one spammer.

BTW Kasia, it seems like the anonymous folks running SPEWS have put a message for BBR in the SPEWS entry:

said by the SPEWS entry:

=> Hey DSLR/BBR - maybe you guys can help clean up NAC?
No one else has been able to.

Looks like they're outright admitting to blacklisting you falsely now.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:24:33 EDT

nil : Okay, I need to take offense here..

Why is it that so many people claim not agreeing with what SPEWS is doing is whining? Do we suddenly lose our right to have an opinion because it's not in-line with SPEWS?

Did any of you, that choose to come in here and comment with self-righteous indignations, even read the article we wrote?

We're not whining, we can take care of our own problems, we're angry that we're being treated inline with spammers. Big difference, get it right.
--
Life is too short to be boring

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:19:07 EDT

anon : Quit your whining! You can do two things:

1. Don't use products that rely on SPEWS
2. Contact NAC and TELL them don't ask them, TELL them to deal with the spammers or you'll take your business elswhere.

stop bitching, read the TRUST post, and do smth.

Wed, 21 Jan 2004 13:00:58 EDT

anon : seriously, if you had collectively put the efforts into bitching in this forum into actually doing something, you'd be that many man-hours closer. spews can say what the fuck it wants to say -- and ultimately helps a lot more people than you help by getting the ip range delisted without getting the spammer removed.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 13:00:35 EDT

Steve :

said by Ponderous:
Also, I think the blacklists should be held accountable as much as the ISPs,

They are much more accountable than ISPs. Those who don't care for mail blocked by a blacklist will stop using it. If SPEWS - or whatever blacklist - ends up having no users, it becomes irrelevant.
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 12:58:15 EDT

anon : Also, I think the blacklists should be held accountable as much as the ISPs, just so there wouldn't be abuse of those blacklists.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 12:54:18 EDT

Steve :

said by Ponderous:
Bottom line, I think the notion of extensive "collateral damage" is unaccetable in a mail delivery system that's to be taken seriously.

The more I look around, the more I like "collateral damage". There are some ISPs that simply will not Get The Picture™, and it takes breaking the legs of their customers to get them to do anything.

SPEWS is not the problem
Bad ISPs are the problem
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 12:52:03 EDT

anon : There is an additional point of view to the issue at hand that I think hasn't been considered yet.

Blacklists, on the whole, probably are a good thing.

Large amount of "collateral damage" in a mail delivery system, on the other hand, is highly undesirable. Why? -think business communication. Would you really prefer to go back to pen-and-paper business correspondance, or do you rather like the convenience and speed of email?

If email becomes unreliable because vigilantes like SPEWS and co. decide that it's good to cause inordinate amount of legitimate email to get lost just so that they can get one or two spammers, this does render the electronic mail system as an unreliable delivery mechanism for correspondance or any type. Between limited set of individuals this may be tolerable, but not for business or government correspondance.

Much as people would LIKE to think otherwise, email is more important than that nowadays. Of course, if SPEWS has it's way this won't be the case though.

SPEWS and their cohorts can blame the ISPs and the mail admins who implement their blacklists. While I agree that the mail admins are unwise to implement SPEWS blacklist (because they're undermining the viability of electronic mail as a viable communications platform), and ISPs should be accountable for spam originating from their networks, SPEWS isn't the way to do it.

The anti-spam solution, in my opinion, should be two-fold: both technical and legal. But that kinda goes beyond the scope of this post, so I'll skip it.

Bottom line, I think the notion of extensive "collateral damage" is unaccetable in a mail delivery system that's to be taken seriously.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 12:46:03 EDT

Steve :

said by Noodles67:
Spammers will try to sign up, and even if you terminate them quickly, you are likely to have a period of a few hours, multiple times per week, when a spammer gets through your new customer filters, gets a server, and starts spamming at 100,000s of spams a hour.

I think that most people can tell the difference between an ISP with an aggressive and responsive abuse department, and one that ignores responses and drags its feet. The latter get listed, the former do not.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Wed, 21 Jan 2004 12:38:11 EDT

anon : We have a legitimate mailing list of about 100,000 names, built up over 9 years. Around 20% (20,000) of the emails on that list expire each year due to the customer closing their ISP account. Though some of the old users remember to update their address to the new one, many don't. Of that 20,000, many get reallocated to new users - some who think we might be spamming them when they get the next newsletter for the old customer.

Despite this, as we scrupulously process all remove requests, we have minimal complaints - but we do have them.

Point: it is easy to have spam complaints for a 100% ethically run mailing list.

Issue: how severe should our hosting company be with spam complaints? Fortunately they realise that few spam complaints now and again are going to occur from any newsletter, and so as the number of complaints is very very small versus our customer base, we've never had a problem.

Problem: we are experimenting with a new host. The host is so good it has well over 20,000 servers/customers. Problem is that a 'few spam complaints now and again' x 20,000 customers means A LOT of spam complaints per day.

Issue: What is a block list to do when it receives tens or hundreds of SPAM complaints from a netblock per day. This is a trivial amount per customer (1-2 per year perhaps). Answer is, now and again the ethical customer at the ethical host gets blocked.

Problem2: if you are a great host, and end up with 20,000 customers, you cannot know all your customers as well as you would like. Spammers will try to sign up, and even if you terminate them quickly, you are likely to have a period of a few hours, multiple times per week, when a spammer gets through your new customer filters, gets a server, and starts spamming at 100,000s of spams a hour. Our host monitors SMTP traffic by server for unusual spikes, but this takes a hour or two to trap and act upon.

Issue: This means that our hosts netblock is forever associated with hundreds of thousands of spams per week, even though they are very proactive about searching and terminating spammers.

This is why SPEWS constantly blocks huge ranges of legitimate customers run by ethical hosts, and why ethical hosts and customers affected by this hate it. This is compounded by its lack of accountability and transparency.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 12:05:19 EDT

graysonf :

said by TamaraB :
Nil:

1) your mail server is NOT BlackListed! If you look at the listing it is at level 2 the [2] means level 2. Read the SPEWS FAQ. No one blocks on level 2 listings.

Level 2 listings are netblocks which are watched carefully for evidence of abuse, usually because the adjoining netblocks are in use by spammers, and because the provider (NAC in this case) is ignoring complaints about the abuse, or is doing nothing to remove the abusers.

Yes, the IP is listed at level 2, but the statement that no one blocks at level 2 is not correct. A few do block at that level, and this is what is being noticed.

The level 1 data is included in the spews.bl.reynolds.net.au zone

The level 2 data is also available in a dnsbl.sorbs.net zone.

Therefore, anyone using that sorbs zone will be blocking all of NAC's level 2 listed IP space, which currently includes the DSLReports mail server.

One thing that anyone listed at level 2 needs to keep in mind is this. If sites listed at level 1 do not stop spamming, it's only a matter of time before SPEWS escalates further. Eventually, everything listed at level 2 will wind up in level 1 and the amount of reject mail will be quite a bit larger.

My ISP had a few spammers listed at level 1 and their entire IP space listed at level 2. After repeatedly ignoring complaints, and even being warned that they would be escalated to level 1, they still ignored the problem. Only after winding up in level 1 and having their entire customer base impacted, did they act.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 11:53:31 EDT

b0nzie : Simple solution already mentioned, but seems to have gone silent.. Find another admin with a SMTP box elsewhere who is willing to let you relay until you can the the DNSBL issues sorted out.. Setup your outbound MX (with sendmail it's called smarthost) so depending on what your using.. Forward all your outbound mail to this 3rd party relay box and it will fire it out to the recipents for you (avoiding the DNSBL)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 11:43:49 EDT

anon : NOTE: this is in response to the post by nil

Majority of spam does not originate in US anyway.

This statement clearly shows you have no idea what the difference between SPAM and spam is.

»www.spamhaus.org/

Re: Why not to use SPEWS

Wed, 21 Jan 2004 11:35:31 EDT
JesterAR : You quoted the wrong person. Try fixing your cited source before fixing the world.

said by mccallcl:
"SPEWS only provides a list, it is up to ISPs as to what to do with it"...

:rolleyes:

Are you saying that SPEWS has NO IDEA what those CRAZY ISPs are going to do with that funny list of numbers? SPEWS wants those ISPs to block those IPs. It's why they publish the list at all. So, please stop using that tired argument. We are not in a court of law, we all know what the list means. SPEWS may as well do the blocking themselves, since they publish the list.

If you are going to publish a list that others use to block ISPs from their networks, you had better be responsible enough to allow for maintanance of that list in a timely fashion. Otherwise, don't publish it at all.

Auto makers put cars on the market. They have no control over what the person who drives that car does behind the wheel. I am willing to cheer you on from a distance is you bring a class action suit against auto makers for failure to prevent drunk driving but I know deep down that it has got a snowball's chance in hell.

Your logic eliminates individual choice of admins to use the list and to what varying degree.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 11:29:09 EDT
TamaraB :
said by Tilmut:
If you do the math, your one percent of 200 spams per user, times a thousand users, in the case of At Sea, gives 2000 spams getting through your bayesian filters per day. That's a lot more than 10. Your method is about 200 times less efficient than his, and it must be implemented by each individual user. And it does nothing to help your provider, whose disks still have to hold the spam until your filters identify it.

Not to mention the bandwidth usage in just accepting it all in the first place. Also, take the user who checks their mail once a week, or who has been on vacation for a month!

They return, fire up their PC, get infected by a month old virus.... life behind the router, is NOT the same as the life of an end-user.

The costs build up, and in the end the user has to pay; that's the evil of SPAM, the end-user pays, pays for the transport, for the storage, and for the cleanup while the spammer laughs all the way to the bank!

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Wed, 21 Jan 2004 11:18:42 EDT
anon : If you do the math, your one percent of 200 spams per user, times a thousand users, in the case of At Sea, gives 2000 spams getting through your bayesian filters per day. That's a lot more than 10. Your method is about 200 times less efficient than his, and it must be implemented by each individual user. And it does nothing to help your provider, whose disks still have to hold the spam until your filters identify it.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 11:02:19 EDT
anon : I, too use Spam Assassin (without any RBL's)- and I use it for my clueless and careless users. It's fairly simple to create custom rules that filter all executable attachments and the majority of Spam either to a junk mailbox or directly delete them. In my config, only about 90% gets blocked, but I get maybe 1 false positive per month across a user base of about 30. I may not be an ISP, but I also don't have full access to all the features - our ISP has it installed and allows limited custom configs. If I had full access to it, and took the time to learn it, I imagine I could up the success rate considerably. And the best part is I control the blacklists, white-lists, and the scoring of the rules. Just set the threshold really high, and score Viagra, pen1s, enhancement and executable attachments even higher. I have the white-list scoring set so that while people on the white-list can have forged yahoo account and mention prescriptions without getting filtered, even people in the white-list can't get an executable attachment through. Seems to me that's the most important thing - filtering viruses is a requirement, filtering junk is a luxury.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 11:01:05 EDT
operagost :
said by Steviant:

You know, Hitler didn't personally gas any Jews or Gypsies. He was nowhere near the concentration camps, so he couldn't have.

Does that make him innocent?

I hereby invoke Godwin's law.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 10:41:05 EDT
anon : "SPEWS only provides a list, it is up to ISPs as to what to do with it"...

:rolleyes:

Are you saying that SPEWS has NO IDEA what those CRAZY ISPs are going to do with that funny list of numbers? SPEWS wants those ISPs to block those IPs. It's why they publish the list at all. So, please stop using that tired argument. We are not in a court of law, we all know what the list means. SPEWS may as well do the blocking themselves, since they publish the list.

If you are going to publish a list that others use to block ISPs from their networks, you had better be responsible enough to allow for maintanance of that list in a timely fashion. Otherwise, don't publish it at all.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 10:36:51 EDT
TamaraB : There is an active discussion on /dot initiated by members of this forum.

One of the messages there has been posted to NANAE a couple of times, and is probably the best and most accurate explaination of why SPEWS and block-lists in general are a good thing.What they realy mean in terms of network citizenship and trust. It is written by a system administrator who was listed by spews, and who got de-listed.

I am going to re-post it here for the benefit of those who are truely interested in fighting the blight of spam, and in the interest of education.

===============

It's not about spam, it's about TRUST (Score:5, Interesting)
by satch89450 (186046) on Wednesday January 21, @08:39AM (#8042321)
(»www.satchell.net/)

OK, for those of you who read NANAE, this is old news, but for the rest of you...

I'm a sysadmin who worked very hard to get a /24 listed in SPEWS delisted. The netblock was in
the list because a customer of ours decided to provide DNS service to a known and notorious spammer. We earned the listing, period. I killed the bastard, reported the fact, and got the listing lowered to a zero, historical. In the process of doing that job, I learned a lot about the whole blocklist thing and realized that even the operators didn't see what they are really doing. They think it's about spam. Wrong.

It's not about spam. It's about TRUST

A listing in a recognized blocking list is a vote of "no confidence" in the IP owner's ability to run its network, to make its users -- ALL its users -- conform to the Internet society's accepted code of conduct.

Follow along with me a moment, and you'll see why I think this way. First, the Internet is, by
definition, a "network of networks", a large anarchy run by a very large number of system administrators (greater than 10,000) who make private decisions about who and how they allow to access their bandwidth, systems, and services. The Internet Society and its sub-units provide a forum to publish community notes, the Requests for Comments, which are nothing more and nothing less than agreements for how to play nice in this employee-owned swimming pool.

The Internet community has decided on standards of behavior, and each system operator trusts every other system operator in the pool to conform to the rules of society, and to ensure that the users conform to the community rules -- not unlike CC&Rs in a neighborhood development that form part of the purchase contract of many homes and condominiums. Some operators have become lax in their expected enforcement of the rules on particularly not-nice people, the ones who break the rules in order to win money, or some other benefit. There are enough of these Internet con men out there that the community coined a word to describe them: "spammers."

Back in the NSF days, a lapse in administration resulted in disconnection, quick and swift, so
the system adminstrators, up and down the line, toed the line to avoid being banished. In the Commercial Internet that replaced the NSF Internet, personal greed gets in the way of this remedy, and so the disdain of social customs is left largely unpunished by the society.

Just about every system operator who runs a mail service with more than three users has been yammered at by those users: "WE WANT LESS SPAM -- DO SOMETHING." Complaints to ISPs who take spammer money go largely ignored, and appeals "upstream" -- to the connection providers and to the
Tier One networks -- have also gone largely ignored. So the small administrators started to implement mail filters and blocks on "spammy" IP addresses in the hopes that they can block the crap and thus appease their users.

Spammers countered by having their providers move them around in IP space, and by using techniques to "get around" the content filters. It's become a war, frankly. First there were keyword filters, and so spammers started to "do things" to their messages, like replace the letter 'o' with the digit '0' -- you've all seen the tricks. Hash identification of bulk messages were thwarted by inserting random nonsense text. Learning filters are poisoned by spammers injecting random words. And so on and so on. In addition to these content-based counters, spammers also steal resources of innocent people: open mail relays, open proxies, and hijacked Web scripts like formmail.pl, so that the wrong person gets blames for their flood of commercial feces.

What the block-list people decided is that having each of the 10,000 to 100,000 system administrators deal with this individually was eating up too much time, and there was this nifty thing already in place that could be used to reduce the system overhead of identifying spam: use new
zones of the Domain Name System (DNS) to provide a rapid way of identifying "problem" IP addresses and deflect mail based on that information. The growth of the DNS-based blocking list, or DNSBL, has been interesting to watch.

Several organizations collect information about problem IP addresses, and provide databases that feed DNSBLs. One of these is the Spam Prevention Early Warning System project, better known as SPEWS. What make SPEWS such a topic of discussion is the attitude on the part of the operators of the database that when complaints are ignored and spam continues, there is a good chance that spam will "pop up" on neighboring IP addresses, so when action isn't taken on a spammer on a network, it makes sense to pre-emptively report neighboring space on the assumption that if there isn't spam now, there will be. Others have written on the "bad neighbood" analogy, so I won't repeat it here.

And that gets me to my thesis. This escalation process -- assuming that if an operator won't take action against one spammer that operator's network will attract spammers wishing to operate
without molestation like flies are attraced to feces -- means that the SPEWS database isn't really "just" about spam at all - it's about administration. A listing in SPEWS says "we don't trust you to do The Right Thing(tm) any more, because you haven't been."

A trust violation.

A trust violation at multiple levels, for control over the routing of an IP address goes through quite a number of hands, as a rule.

Many communities now have Megan's Law, where a previously convicted sex offender has to register their presence with local law enforcement every time they move, even after they have served their time and discharged their debt to society. Why? Sex offenders, goes the thinking, rarely go completely straight. People who subscribe to block lists in particular and SPEWS in particular have the same attitude to spam offenders, because like sex offenders the result of recivitism is just as bad, the rape of innocent people's mailboxes, and the temptations of a reformed spammer to spam again are very, very high: almost at the same level as an alcoholic's craving for drink or a smoker's craving for tobacco.

What's interesting is that the collection of all the databases and blocking lists gives us a unique opportunity to come up with a grade for system operators. I have put together a proposal for this, which has been posted to news.admin.net-abuse.email, and which I have placed on my Web site. [satch-test.com] This proposal would take the existing information and summarize it as a "grade" for each provider, at each level. The publication of these grades would allow people to see who is a good provider and who is a bad provider, and could form the basis of some sort of certification that can be used in advertising.

The fact that Broadband Reports has become collateral damage to a SPEWS escalation is unfortunate. As a publication, though, Broadband Reports is in the best position to publicize the ineptitude of their upstream provider in being a good Net citizen, and perhaps can shame them into doing something about the disease that infests their network.

I know a netblock can be de-listed, because I did it. It took work, it took removing a tumor from my netblock, it took a public announcement of the surgery.

Or, like a family finding a crack house next door, they can move.
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Wed, 21 Jan 2004 10:29:49 EDT
JesterAR :
said by Karl Bode :

quote:
You can grip and moan about SPEWS or you can eliminate the original problem, the cause for the existence of SPEWS.

Why can't one do both?

And they say you don't tug on Superman's cape
You don't spit into the wind
You don't pull the mask off an 'ole Lone Ranger
And you don't mess around with SPEWS

Re: Why not to use SPEWS

Wed, 21 Jan 2004 10:15:15 EDT
Karl Bode :
quote:
You can grip and moan about SPEWS or you can eliminate the original problem, the cause for the existence of SPEWS.

Why can't one do both?

Re: Why not to use SPEWS

Wed, 21 Jan 2004 10:11:45 EDT
JesterAR : Most people avoid neighborhoods where there are open drug deals, prostitution and random shootings. As an individual inhabiting one of these ghettos (ISPs) you have three choices: actively endeavor to clean your neighborhood (ISP) of the riff-raff, hunker down and do nothing more than bad mouthing the situation, or more to a better neighborhood (ISP).

The internet is a community that has survived on self-policing. The principle behind SPEWS is the motivation of individuals to become aware and involved in bettering the internet as a community.

You can grip and moan about SPEWS or you can eliminate the original problem, the cause for the existence of SPEWS. Your choice.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 10:06:49 EDT
anon : I understand exactly how RBL lists work. My point is that when you broadcast something in a public forum you are responsible for the results regardless of a disclaimer.

If you don't believe that, make a little sign that says "Ignore me, I am not responsible for the actions of others based on information I provide."
Then go down to a movie theater and when everyoneis settled in yell Fire, Fire! When some child gets trampled by a mob that excuse will not work very well.

Granted we are dealing with the internet, but SPEWS is irresponsibly reporting information in a public forum when they know it to be incomplete/incorrect without having any sort of mechanism for correction.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 10:02:10 EDT
anon : I think you are missing the point. SPEWS starts out by blocking the offending party. If the spamming does not stop, it moves up. Each time the spamming does not stop, it moves up. Eventually, innocent parties become ensnared. The reason? Those innocent parties may be upset at SPEWS, but they can create even more heat for the owners of the IP blocks and eventually, the IP block owners will tire of the heat and kill the spammers. This is not throwing the baby out with the bathwater as the baby is still present. If SPEWS only listed pure spamming IP blocks, it would have no effectiveness.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 09:50:58 EDT
Karl Bode :
quote:
You people amaze me. You provider is supporting spam by hosting a very well known spammer, which you profess to be against, and yet you have the gall to bitch and moan when a blacklist operator lists your spamming provider (and effectively YOU). What's wrong with this picture? You shouldn't be complaining to SPEWS about the listing.

Yadda Yadda Yadda.

This high-and-mighty schtick is a little boring in here, folks. You make it sound as if SPEWS is organized, efficient Deity, operating while perched upon an untouchable cloud of righteousness sipping a holy latte.

This idea of urging hosted individuals, businesses and sites to contact their ISP and complain may very well be effective. It will obviously work in this case. Yes ISP's should be held responsible. Yes, we will pressure them. So Yes, this tactic does function.

The problem is SPEWS doesn't release IP blocks or resolve complaints in a timely manner once spammers are booted from the network or move on - there's also no functional public complaint mechanism in place to deal with unfairly blacklisted hosts or delays in getting lifted from the blacklist.

This from their de-listing instructions:

quote:
"You will probably have to wait a while, both while SPEWS makes sure you really did shut down those customers, and to give you a bit of time to think about how you got in SPEWS and how to stay out in the future."

Are you F*ck*ng kidding me? "time to think about"? Is this thing run by grudge-holding pre-schoolers? Comments like that make me want to open a god-damn spamming shop. :)

An effective idea? Perhaps. Functional implementation? Not so much.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 09:43:15 EDT
Ozmiroid : I've had dealings with spammers on NAC's network before - complaints to NAC simply get forwarded to the spammer by NAC (automatically, in fact). NAC doesn't seem to do anything other than that. For example, one time I complained 7 times about ongoing spam from one NAC customer - I didn't stop getting the spam until that part of NAC was listed by Spamhaus SBL (which my ISP uses).

Based on what I see in SPEWS S2814, and my guesses as to how SPEWS operates, this is probably the sequence of events ... SPEWS admins saw that NAC was doing nothing about spam from 66.246.48.0/24, so they listed that block. The spam continued, complaints continued to be ignored, so SPEWS escalated the listing to 66.246.64.0/18. (That doesn't include 209.123.109.175, that's listed in level 2 - "keep your eye on this, but don't block email".) Yes, using SPEWS at this point *will* cause legit, non-spam email to be rejected.

I suspect SPEWS operates this way because ISPs like NAC simply won't do *anything* about abuse from their network until the rest of the internet community becomes outraged and traffic from the offending network is widely blocked. If NAC would get off their lazy butts and take reasonable action on complaints of abuse from their network, they wouldn't find themselves escalated in SPEWS.

The owners of DSL Reports would do well to find a more responsible service provider than NAC.

If you agree with SPEWS tactics, then use SPEWS on your mailserver. Evidently many companies and mailserver admins do agree with SPEWS tactics.

Starting a media campaign won't do any good, unless it prods NAC into cleaning up their network. Someone mentioned the "Something Awful" media campaign when they were in SPEWS... I remember that... Sure, flooding news.admin.net-abuse.email with a DoS is a good way to get admins all over the world on your side - NOT! I know a lot of mailserver/network admins who promptly added Something Awful to their private blacklists/router blocks in response to that attack on the newsgroup.

But back to the point - the problem is not SPEWS, SPEWS is a sometimes drastic attempt to solve the problem where other solutions fail. The problem is ISPs that knowingly and willingly host spammers. NAC seems to be such an ISP. The only solution I see for DSL Reports - Find a more responsible ISP.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 09:41:37 EDT
russotto : The problem, Captain Bob, is while the US Military attempts to _avoid_ collateral damage, SPEWS deliberately causes it, by using "area effect" blacklisting when they have at their disposal "precision guided" blacklisting. The idea is that the people they blacklist that way will put pressure on their real targets.

Re: Most spammers not in US

Wed, 21 Jan 2004 09:34:00 EDT
nil : Aye, it's been pointed out to me.. all this fighting of trolls has kept my mind cloudy. A thousand pardons for my ignorance.
--
Life is too short to be boring

Re: Most spammers not in US

Wed, 21 Jan 2004 09:31:57 EDT
LrdVader :
said by nil :
I must be clueless or before my second cup of coffee.. because I don't have the teeniest bit of an idea as to who you may be talking about.

I suspect Alan Ralsky:
»www.spamhaus.org/rokso/listing.l···20Ralsky

Re: Why not to use SPEWS

Wed, 21 Jan 2004 09:16:33 EDT
shorej : I'm a SPEWS subscriber. Always have been. Always will be. In all my years of professionally filtering spam, I have yet to find another DNSBL that was as effective as SPEWS. The problem isn't SPEWS. The problem is DSLReports.com bought the services of a Your Spam-Supporting Provider. They should expect nothing less than their provider to be blacklisted if DSLReports.com is as anit-spam as the profess to be.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 09:12:27 EDT
shorej : You people amaze me. You provider is supporting spam by hosting a very well known spammer, which you profess to be against, and yet you have the gall to bitch and moan when a blacklist operator lists your spamming provider (and effectively YOU). What's wrong with this picture? You shouldn't be complaining to SPEWS about the listing. You should be complaining to the cause of the listing: Your Spam-Supporting Provider. They are the only folks that can right the wrong because it's their wrong. It's as simple as that. If you don't like being blacklisted then you shouldn't use the services of a Your Spam-Supporting Provider. This isn't rocket science folks. Hell this isn't even as hard as changing the VCI/VPI on a Cisco 675.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 09:04:19 EDT
anon : Godwin's law has been invoked... and the discussion was just getting interesting :(

Have you thought about the reason you're listed?

Wed, 21 Jan 2004 08:58:11 EDT
anon : Been reading this and I find it funny that while everyone wants to bash SPEWS for listing the IP range, no one wants to address the fact that NAC is spam-friendly...

if the number of posts in this thread were equaled by the number of emails to the NAC support staff to complain about the spammers they host, there might actually be something done about them...

Re: Why not to use SPEWS

Wed, 21 Jan 2004 08:37:42 EDT
anon : No, because Hitler ordered it done. I don't see SPEWS ordering me to use their list as a part of my spam filtering solution on my e-mail server.

Had Hilter wrote a list of ethnic groups he didn't like, then a bunch of his followers went out and killed them all on their own, technically speaking I believe Hitler would be innocent of any wrong doing. But that wasn't the case, he wrote a book about it and then ordered it done.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 08:27:27 EDT
anon : It's amazing how many times I've seen people blame a BL for the blocking of e-mail. They provide a list. Pure and simple. Just a list. They do not stop the flow of e-mail, they can't.

What an amazing attitude!

You know, Hitler didn't personally gas any Jews or Gypsies. He was nowhere near the concentration camps, so he couldn't have.

Does that make him innocent?

Re: Most spammers not in US

Wed, 21 Jan 2004 08:15:38 EDT
nil : I must be clueless or before my second cup of coffee.. because I don't have the teeniest bit of an idea as to who you may be talking about.
--
Life is too short to be boring

Re: Most spammers not in US

Wed, 21 Jan 2004 07:57:39 EDT
anon : detroit, MI USA anyone?

you know who i'm talking about.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 07:55:39 EDT
anon : I have to say that I am NOT defending NAC or any other ISP/Hosting provider that is being blamed as a spam friendly provider. HOWEVER, I can say that a lot of the time there are false reports created that end up causing ISPs, Hosting providers, etc, to be listed. I currently do out-sourced support for some 300 servers and 80 thousand end users and we have to deal with spamblocks on a daily basis because of some a$$clown. But after we do our research, check our logs...more often then not we find that they didn't do it.

If people want to use spam lists as a guideline, great. But take it with a grain of salt. Blindly blacklisting because some 3rd party service says to is lame and I feel unprofessional. I remember the good old days when Sysadmins actually did their own work/research to blacklist appropriate people/providers. Its a shame that those days are all but gone.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 07:30:54 EDT
anon :

Let's see how you'd like this attitude if, for example, the FBI decided to detain all ISP administrators from Clueless, Idaho or wherever you are from, based on the actions of one anonymous culprit who happened to be tracked to your particular geographic region. What makes you think that a business which provides the livelihood for employees, services for its clients, and in turn the client's livelihood has less of an impact than some people get an X10 camera ad in their email.

Not a good comparison. Not at all. A better comparison would be, based on the actions of one anonymous culprit from your area, the FBI issued a warning 'Be wary of people from Clueless, Idaho. One of them has done bad things.' And businesses turned away people from Clueless, Idaho becuase of this warning. It's the businesses that have the power of the acceptance or denaial here.

It's amazing how many times I've seen people blame a BL for the blocking of e-mail. They provide a list. Pure and simple. Just a list. They do not stop the flow of e-mail, they can't.

I think someone else mentioned this, but if you don't like SPEWS, just make a public campaign showing mail server admins why they shouldn't block against SPEWS.

That being said, as a mail server Admin, I do NOT use Spews. Our company policy is that we'd rather err towards extra spam than blocking a legitimate e-mail. And if you actually want my honest opinion, I think word parsing filters seem to be the best defense so far. About 25% of our incoming mail is stopped by our content filter, and think our false positive rate is about 0.1%. The BL filters catch something like 5% of our incoming traffic, but the way they're tweaked, I'm kind of light-handed with that enforcement effort, but the plus side to the light-handedness is that I think I've had one false positive in the past 4 months.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 06:30:18 EDT
anon : Said by Captain Bob

We all know what "collateral damage" means don't we? It is unavoidable in a war (just ask Dubya), and anti-spam operations amount to a war.

That said, it is the "primary" victims which we should be more (primarily) concerned with. The thousands upon thousands of innocent victims who are inundated with porn, viruses, trojans, and lost bandwidth, not to mention the BILLIONS of dollars lost each year due to the spam/uce plague.

The number of secondary victims pales greatly in number compared to the primary victims!

Let's see how you'd like this attitude if, for example, the FBI decided to detain all ISP administrators from Clueless, Idaho or wherever you are from, based on the actions of one anonymous culprit who happened to be tracked to your particular geographic region. What makes you think that a business which provides the livelihood for employees, services for its clients, and in turn the client's livelihood has less of an impact than some people get an X10 camera ad in their email.

(employee/business failure vs some percentage of email that can be filtered in a wide variety of ways)

You are in effect using a shotgun to open a window, with no care for the damage you do. A disclaimer that you are ignorant and illogical does not excuse the behavior.

While I am not a lawyer I suspect that a person who;
1. makes wildly inaccurate assertions,
2. in a publicly accessible forum,
3. as a means of coercing others
is commiting fraud, libel, and extortion (in that order).

I pray you have a better argument prepared on the day that you try this with someone with abundant and aggressive legal representation. When they finish having you shutdown as an accessory they could probably pursue a counter suit for any documented losses. I wouldn't expect them to actually try to get money from you; the 15 minutes it takes them to file one more paper would simply require you to spend your time and money to stay afloat.

You give anti-SPAM efforts a bad name.

To the person who said that spamassassin is better

Wed, 21 Jan 2004 05:35:50 EDT
anon : Many companys who get upwards of gigabytes of pure spam daily. To them, post-reciept filtering is not an option. The spammers have wasted their bandwidth to delever their spew. All that spamassassin does is stop the recepient from reading it. The only option to save bandwidth is to DENY suspected ip addresses from DELEVERING IN THE FIRST PLACE. Spamassassin can be used as a second-level line of defence for everything else that gets past trusted lists (spamcop, spamhaus etc). If you paid per megabyte you would be doing this too.

Oh, and anyone blocking on L2 is dumb. Get in contact with the clueless admins of any server that bounces your mail. Chances are BBA should remain largely unaffected.

Re: Why not to use SPEWS

Wed, 21 Jan 2004 04:58:23 EDT
Daniel :
said by some anonymous guy:
slashdot says hi. just want to get in before the flood of anonymous lamers!
...said the guy who posted anonymously.
--
"Luck is the residue of design." - Branch Rickey

The SPEWS debacle...

Wed, 21 Jan 2004 04:57:15 EDT
Daniel : Ah...the power of the Internet. I see change on the horizon, and it's headed this way...
--
"Luck is the residue of design." - Branch Rickey

Re: Why not to use SPEWS

Wed, 21 Jan 2004 04:52:55 EDT
anon : slashdot says hi. just want to get in before the flood of anonymous lamers!

good luck with this.

It Hit Slashdot

Wed, 21 Jan 2004 04:45:01 EDT
B :
Hey hey, it's on Slashdot now!

»yro.slashdot.org/yro/04/01/21/01···6&tid=95

-- B

f1r5T pS0t

Wed, 21 Jan 2004 04:37:10 EDT
anon : wwwwoooooooooooot!

(sincerely hope you solve your spamadelic problems)

Re: Why not to use SPEWS

Wed, 21 Jan 2004 04:09:40 EDT
jspreha :
said by nil :
Actually, slashdot hardly makes a dent in our traffic when they link to us, so wouldn't be excessive at all :)

I believe that is about to change very shortly.

New slashdot story is soon to appear to the masses.

Re: Why not to use SPEWS

Tue, 20 Jan 2004 20:00:20 EDT
nil : I have no influence :)

I do think that more attention to the issue might be good for everyone involved though.. except maybe the spammers.
--
Life is too short to be boring

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:59:18 EDT
TamaraB :
said by AmeritecTech :
So aside from terminating the spammers, what can NAC do to get back in the good graces of SPEWS? Nothing.

NAC.NET has to terminate all their spammers to get de-listed from spews. That's the way spews works. They (NAC) are rife with spammers. See: »www.lxhp.in-berlin.de/spamsites/···NET.html for a partial current list. NAC also needs to be responsive to complaints, they need to explain what steps they have taken to insure that new spammers will not replace the old ones...

I am not spews, but this is what I have observed, mainly on News://news.admin.net-abuse.email If you go to NANAE and read a bit, you will understand what the process is. Many providers are de-listed all the time. It's not impossible, it's quite common actually.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:57:41 EDT
Mordy : Well, someone with more influence needs to post to Slashdot...I submitted last night, but no luck yet.
--
Facts do not cease to exist because the are ignored - Aldous Huxley

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:57:11 EDT
AmeritecTech : They made a 90 page dent for that spammer hunt!

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:54:31 EDT
nil : Actually, slashdot hardly makes a dent in our traffic when they link to us, so wouldn't be excessive at all :)
--
Life is too short to be boring

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:52:15 EDT
Doctor Four : I'd like to see the SPEWS lunacy involved here get
Slashdotted. In spite of the excessive traffic that would
be generated here at BBR, that kind of publicity would
do well to point out the damage that SPEWS causes to
innocent thrid parties that happen to be in the same
netblock as spammers. And at /., it would reach a good
target audience.
--
"Kayura or Badamon, whichever you are, you should know that I will never give up this battle. By the will of the Ancient, I shall succeed!" - Shuten (Anubis) from the Ronin Warriors.

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:45:18 EDT
Steve :
said by AmeritecTech :
Yet you continue to chastise nil's rant.
She's fun to chastise ;-)

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:42:53 EDT
AmeritecTech : Sounds good.

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:42:30 EDT
nil : A rather whiny and tired nil by now :)

Anyway, it seems this discussion is just going in circles.. we each have our opinions and doesn't look like anyone will change theirs. Can we agree to disagree and move on?
--
Life is too short to be boring

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:39:08 EDT
AmeritecTech :
said by TamaraB :
For some applications a "draconian" blacklist is quite appropriate, for others it's not. Ranting against a "list" is not entirely appropriate, rant instead against it's particular use perhaps, but not the list itself. After all, it's only information, no one is forced to use a particular list.

Likewise, no one is forced to listen to a particular rant. Yet you continue to chastise nil's rant.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:37:45 EDT
TamaraB :
said by nil :
Give me some credit, I've ranted about draconian tactics of some blacklist for a long time now and I never agreed with this as a right way to fight spam.

Every "blacklist" is very well defined in terms of who they list and how. Every one of them, has a website, and their operations are clearly defined. Have you seen csma.biz for instance? A list of ANY spammer ip-range who have EVER sent them even one spam. Each sysadmin has the responsibility to use or not to use any list as they see fit.

For some applications a "draconian" blacklist is quite appropriate, for others it's not. Ranting against a "list" is not entirely appropriate, rant instead against it's particular use perhaps, but not the list itself. After all, it's only information, no one is forced to use a particular list.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:32:56 EDT
AmeritecTech : There are two sites listed on the RBL entry.

Gordontower.com says "project closed" on the front page and is apparently dead.

sm1l1ngcustomerscomeback.com is not hosted on NAC any longer. It resolves to 209.113.236.162 which is owned by Network Innovations.

So aside from terminating the spammers, what can NAC do to get back in the good graces of SPEWS? Nothing.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:29:07 EDT
nil : Forget it, I've had enough playing ping-pong for the day.

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:27:44 EDT
TamaraB :
said by nil :
Funny, that's what I've been saying about Nac.

You mean you see no difference between the two??

BBR does NOT support hackers, porners, and spammers by providing them space to operate on this Board! By contrast, NAC provides ip-space to the same, and they make money off of them. Does BBR make money from illegal and immoral users? No!

The difference is stark, I am surprised you can't see the difference.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:22:14 EDT
nil : Give me some credit, I've ranted about draconian tactics of some blacklist for a long time now and I never agreed with this as a right way to fight spam.

On the other hand, I have actively acted against spam for years.. so you're saying my opinion on this doesn't count because it's against spews? It's not just an inconvenience for me and dslreports.. it affects Internet as a whole and helps anti-spam activists to be discounted as extremists in midst of a witch hunt.
--
Life is too short to be boring

Re: Why not to use SPEWS

Tue, 20 Jan 2004 19:12:34 EDT
TamaraB :
said by Rhobite :
It's interesting that the discussion here has focused on the evils of SPEWS, with little discussion of NAC's failure to deal with its spam problem. Not to mention, zero suggestions about how else to punish people who sell fake drugs and send porn to kids.

It's called being safe comfortable, and lazy. People don't want to be bothered with having to do any work, they don't want to suffer any discomfort, risk, or inconvience, they just want the problem to go away all by itself, without any cost, without any discomfort, and without any risk.

I wonder... would this thread even have started if BBR did not appear on a level [2] listing? Now spews is an inconvience to Nil, so therefor spews is now evil. Spews was not evil last week. Why? Because there was no inconvience caused by a very effective BL last week. Why isn't NAC deemed evil? You see?

That's childish, and one of the reasons we are in the state we are currently in i'm afraid!

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Tue, 20 Jan 2004 18:55:03 EDT
nil : Funny, that's what I've been saying about Nac.

Re: Why not to use SPEWS

Tue, 20 Jan 2004 18:53:12 EDT
TamaraB :
said by AmeritecTech :
What money do you think BBR uses to pay its hosting costs?

I am responsible for who I support. I support BBR, which is NOT spam friendly.

BBR is responsible for who they support! That is entirely their business! And BBR will have to deal with whatever consequences arise or don't arise as a result of their decissions.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Tue, 20 Jan 2004 18:30:33 EDT
TamaraB :
said by nil :
Filtering through spamassassin gets 99% of my spam (I get about 200+ a day) with only one false positive in the last six months.

This is w/o using the draconian methods of spews.

Nil:

You are an educated, informed, competent end-user. You are capable of filtering your mail as a client, you are capable of keeping your PC virus-free, you understand security, and you have resources to deal with the problem.

MOST of our users are not technical and are completely CLUS-LESS and CARE-LESS. Unfortunately that is the state of affairs among the masses out there. This board represents an elite-class of computer users, and mods are at the top of that class usually.

As an ISP, I have to be concerned about our network's security, it's bandwidth usage, it's effect on our neighbors and on other systems worldwide. In order to keep our costs down, and to be able to compete in this cut-throat market, we need to keep the 200,000+ garbage and virus-attached emails (many very large)OFF our network. Otherwise, the entire network suffers, latency suffers, web-access times suffer, and we become more vulnerable to attacks from behind our own firewalls from compromised/trojaned machines attempting to spam the world.

Believe me, it is a very BIG problem, bigger than you can see from a client perspective.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Tue, 20 Jan 2004 18:17:39 EDT
AmeritecTech : SPEWS has the right to do what it does, and others have the right to voice their discontent. Others can then decide whether they think the claims of overbearing policies are justified.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Tue, 20 Jan 2004 18:13:18 EDT
Rhobite : Tamara, I agree 100%. It's interesting that the discussion here has focused on the evils of SPEWS, with little discussion of NAC's failure to deal with its spam problem. Not to mention, zero suggestions about how else to punish people who sell fake drugs and send porn to kids.

Re: Why not to use SPEWS

Tue, 20 Jan 2004 18:10:57 EDT
AmeritecTech :
said by TamaraB :
Absolutely NOT! I support one of the Internet's best sources of information on a very wide range of subjects. BBR is one of the finest discussion systems on the NET, it is NOT however an ISP! It is also NOT spam-friendly, where did you get that Idea?

You wouldn't be trying to mis-represent what I said in my post would you?

What money do you think BBR uses to pay its hosting costs?
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Tue, 20 Jan 2004 18:01:48 EDT
TamaraB :
said by AmeritecTech :
frequently creating secondary victims, like BBR and Something Awful.

We all know what "collateral damage" means don't we? It is unavoidable in a war (just ask Dubya), and anti-spam operations amount to a war.

That said, it is the "primary" victims which we should be more (primarily) concerned with. The thousands upon thousands of innocent victims who are inundated with porn, viruses, trojans, and lost bandwidth, not to mention the BILLIONS of dollars lost each year due to the spam/uce plague.

The number of secondary victims pales greatly in number compared to the primary victims!

said by AmeritecTech :
I note that you are Premium. Does this mean that you are also supporting a spam-friendly ISP?
Absolutely NOT! I support one of the Internet's best sources of information on a very wide range of subjects. BBR is one of the finest discussion systems on the NET, it is NOT however an ISP! It is also NOT spam-friendly, where did you get that Idea?

You wouldn't be trying to mis-represent what I said in my post would you?

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Tue, 20 Jan 2004 17:26:06 EDT
nil : Filtering through spamassassin gets 99% of my spam (I get about 200+ a day) with only one false positive in the last six months.

This is w/o using the draconian methods of spews.
--
Life is too short to be boring

Re: Why not to use SPEWS

Tue, 20 Jan 2004 17:24:44 EDT
TamaraB :
said by AmeritecTech :
Yes, but who knows how many false positives are getting tagged?

No matter what method one uses to reduce spam there WILL be false positives, it's unavoidable. The ONLY way to not have false positives is to not block and to not filter at all! And then, if you have an old email address, you will still loose email, it will get burried in the blizard of garbage.

My current public email address has been on the internet since 1993, and is on every spammer's optin CD! Before I moved my mailbox to our filtered mail server (we have a filtered and a non-filtered system) I was getting in excess of 300 spams per day.

The sheer volume of spam caused me to loose more legit mail than our current filtered system does! When I had to sit there and sift through hundreds of spams to read the few legit e-mails, I inivetibaly kill off legit mail in the process and in the frustration, not to mention the wasted time (lost billable time).

I would rather loose a couple of emails due to filtering, than an equal or greater number due to blizard-burrying :-))

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Tue, 20 Jan 2004 17:11:30 EDT
AmeritecTech : Almost everyone here is well-aware of how SPEWS works and that it doesn't actually block anyone. SPEWS uses its influence cavalierly, frequently creating secondary victims, like BBR and Something Awful.

I note that you are Premium. Does this mean that you are also supporting a spam-friendly ISP?
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Tue, 20 Jan 2004 17:08:21 EDT
TamaraB :
said by Mordy :
If I have ever seen an anti-spam site, it is BBR. This is the height of stupidity to block this site.

Spews does NOT block anyone. Especially not this site. In fact the netblock which this site sits on is not blocked by anyone using spews either. The listing which NIL quoted is a level [2] listing, no one blocks on spews level 2 listings, they block only on level [1] listings.

As far as being "anti-spam" is concerned, you are correct, BBR is anti-spam. The question is will it remain anti-spam when and if push comes to shove (if NAC refuses to deal with their spammers, and the listing goes to level [1])?

Will BBR continue to financially support a spam operation, or will they move on and financially support an ISP which does not support and harbor spammers? Will BBR vote anti-spam with their checkbook or not?

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Tue, 20 Jan 2004 16:52:05 EDT
nil : Actually, we are blacklisted.. it could be a case of the list being used incorrectly, but frankly, I don't care.

Had one ISP so far whitelist us, as they were dropping our email.. This is a huge waste of my time and does nothing to help fight spam.

Majority of spam does not originate in US anyway.
--
Life is too short to be boring

Re: Why not to use SPEWS

Tue, 20 Jan 2004 16:47:57 EDT
AmeritecTech :
said by TamaraB :
Yes I run an ISP, and YES we use SPEWS as one of many BL's we use to eliminate UCE/SPAM from our customer's mailboxes. Spews comes in seccond only to spamhaus.org in it's effectiveness. We receive less than 10 spams/day across a user population of over one thousand. Spews alone is responsible for about 30% of the blocking.

Yes, but who knows how many false positives are getting tagged?
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari

Re: Why not to use SPEWS

Tue, 20 Jan 2004 16:45:58 EDT
TamaraB :
said by nil :
»openrbl.org/#209.123.109.175

Blacklisted an entire IP block belonging to nac which includes our mail server.. if you read the handy 'remove instructions' you'll find there's absolutely nothing we can do about it other than rant.

Suggestions? Short of ranting I'm out of ideas...

Full spews listing:
»www.spews.org/html/S2814.html

Nil:

1) your mail server is NOT BlackListed! If you look at the listing it is at level 2 the [2] means level 2. Read the SPEWS FAQ. No one blocks on level 2 listings.

Level 2 listings are netblocks which are watched carefully for evidence of abuse, usually because the adjoining netblocks are in use by spammers, and because the provider (NAC in this case) is ignoring complaints about the abuse, or is doing nothing to remove the abusers.

2) There is something you CAN do other than rant, which will not do you any good at all; and that is to complain to NAC about their spam-friendly policies. It's NAC's hosting network abusers which is the problem. If the listing is upgraded to level [1] then there will be a problem getting your e-mail out; if this is intollerable, the ONLY solution would be to change providers.

3) If NAC persists (usually for a prolonged period of time) in it's disregard for the rest of the Internet, by allowing our mailboxes to be filled up by their customer's garbage, then many system administrators including myself, will choose to refuse mail from larger and larger portions of NAC's IP-Space, IMHO this is a perfectly reasonable choice. It puts presure on the service provider not to host spammers, something, which in the long run will help stop spam.

Understand, that SPEWS does not block anyone, all they do is make available a list of spam-friendly, and spam-supporting providers. Many systems will choose not to communicate with providers who support spam operations in a direct effort to hurt spammers by denying them access to providers.

Yes I run an ISP, and YES we use SPEWS as one of many BL's we use to eliminate UCE/SPAM from our customer's mailboxes. Spews comes in seccond only to spamhaus.org in it's effectiveness. We receive less than 10 spams/day across a user population of over one thousand. Spews alone is responsible for about 30% of the blocking.

Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org

Re: Why not to use SPEWS

Tue, 20 Jan 2004 14:07:03 EDT
nil : I just wish there was some accountability involved in this.. but there isn't..

I like an operation like ordb, where everything is out in the open, removal is simple, automated and not affected by vengeance-full self-important admins.
--
Life is too short to be boring

Re: Why not to use SPEWS

Tue, 20 Jan 2004 14:03:11 EDT
Jason Levine : My site (PCQandA.com) was listed as well. We seem to be off the list now though. How we got removed, I can't tell you. Just lucky I guess. It did nothing to change my opinion of SPEWS though. It's an awful operation and I wish it would just go away. (There are much better operations out there that would take up the slack.)
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/

Re: Why not to use SPEWS

Tue, 20 Jan 2004 01:46:40 EDT
Steve :
said by Mordy :
Short term, I would see if NAC can give you a non-corrupt IP address.
Actually, it would be easier to just relay the mail through a non-listed server. Postfix makes it easy to do this, and Kasia knows exactly where to find such a mail server.

But it's no surprise - in the big picture of all the wierd people in the world - that any random person runs a list that has bogus listing requirements. Hell, I could run a bogus list. Why not?

The surprise is that people subscribe to the list, and the way to counter SPEWS is to

1) publicize how dumb SPEWS is
2) expose those who use it

Then the free market of public opinion can take it from there.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Tue, 20 Jan 2004 01:38:25 EDT
Mordy : Wonderful. More stupidity at the hands of the train wreck called SPEWS.

Short term, I would see if NAC can give you a non-corrupt IP address. What SPEWS wants you to do is beg NAC to throw who they believe to be spammers off their network, which I would not do. That is playing their game.

I agree with Steve and others; get Karl to publish this on page 1 news, and get the word out.

If I have ever seen an anti-spam site, it is BBR. This is the height of stupidity to block this site.
--
Facts do not cease to exist because the are ignored - Aldous Huxley

Re: Why not to use SPEWS

Tue, 20 Jan 2004 01:37:49 EDT
AmeritecTech : Publicize the abuses....by way of a media campaign?

Re: Why not to use SPEWS

Tue, 20 Jan 2004 01:15:37 EDT
Steve :
said by AmeritecTech :
YThe only alternatives are a media campaign (as Something Awful did) or changing hosts (clearly NOT an option) or petitioning NAC to terminate the spammers.
No, there is another solution. Publicize the abuses, and convince people that using SPEWS is a bad idea.

SPEWS has no power not given to them by subscribers

I don't subscribe.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

Re: Why not to use SPEWS

Tue, 20 Jan 2004 01:04:42 EDT
AmeritecTech : Yes, SPEWS is vicious. SPEWS does not accept requests for blocks to be added or removed. They shift as they please.

The only alternatives are a media campaign (as Something Awful did) or changing hosts (clearly NOT an option) or petitioning NAC to terminate the spammers.

Why not to use SPEWS

Mon, 19 Jan 2004 22:34:47 EDT
nil : »openrbl.org/#209.123.109.175

Blacklisted an entire IP block belonging to nac which includes our mail server.. if you read the handy 'remove instructions' you'll find there's absolutely nothing we can do about it other than rant.

Suggestions? Short of ranting I'm out of ideas...

Full spews listing:
»www.spews.org/html/S2814.html
--
Life is too short to be boring