rpeace
join:2001-04-05
Haverhill, MA | reply to DeCartes
Re: Why not to use SPEWS
So, does anyone have any thoughts on this? |
|
DeCartes
@attbi.com
| reply to DeCartes
Just got off the phone with Bill Yerazunis, the author of CRM114. Turns out that he and another guy from South Carolina started thinking about a similar scheme they call inoculation since the 2004 Anti SPAM conference at MIT.
The first time I told anyone about my spin on this was this past summer to some MFN folks (Travis Haymore, his boss and another manager), and I had a followup meeting in VA with them this past Oct. At that time we were discussing bringing it to the attention of Gloria Youngblood over at YAHOO, but other events at that time slowed things down.
I think the time has come to develop some serious momentum with regards to these ideas. Please give me feedback folks.
pointers to intelligent anti-spam resources like spamfilt are also appreciated. I want this looked over as carefully as the TCP/IP RFC's were if possible. |
|
DeCartes
@attbi.com
| reply to AmeritecTech
It would have to halt all traffic on 25 while it scans the outgoing message, right?
Maybe not. Having dedicated inbound and outbound ports may be a way to get around having that downside.
The interesting idea from my POV is taking advantage of the information from filter promotion. If a filter entry is common to a large area of the net, it should be possible to see to it that messages matching that filter never get to that portion of the net, while allowing such messages to continue on their way to those sections of the net that have decided that such messages are acceptable to them.
This requires an automatic, dynamically updatable, routing table scheme working in conjunction with filter promotion, but that's a relatively small technical problem.
IMHO, the beauty of this scheme is that both the sender's right to free speach and the recipient's right to choose what they want to hear is upheld, and in a way that does not break existing features of the mail system (ie SPF and forwarding) nor does it create fundamental architecture/feature problems (as Domain Keys or msg tracing or charging schemes do).
Combined with the message digest scheme alluded to earlier, both quality control and a fair method of upholding community more's are implemented. Thoughts? |
|
dda
Premium
join:2003-12-29
Bolton, MA
| reply to Rhobite
If it looks like a spammer, and walks like a spammer, and talks like a spammer...
Unless he sends spam, either directly or by hiring someone to do so, he isn't a spammer and I seriously doubt you have any evidence that he sends spam. So it is just another ad hominiem attack; guilt by innuendo.
Could you actually address his arguments? |
|
AmeritecTech
Change we can believe in, 1922
Premium
join:2002-09-06
Houston, TX | reply to DeCartes
It would have to halt all traffic on 25 while it scans the outgoing message, right? |
|
DeCartes
@attbi.com
| reply to DeCartes
Update:
This discussion has got me thinkig more about the algorithms for the hierarchical Bayesian filter idea I've mentioned previously.
...I think I have a way to tweak the original idea so that content blocking of "true trash" (stuff almost no one in the online community finds acceptable) can occur at the first ISP cloud cloud closest to the spam originator, rather than having it get even as far as the backbone. 
I still have to make sure that there are ways to avoid both the "tyranny of the minority" and the "tyranny of the majority" that we solve in other domains with things like Robert's Rules. More as I go /thoughtful |
|
DeCartes
@attbi.com
| reply to Rhobite
If it looks like a spammer, and walks like a spammer, and talks like a spammer...
I sound like a spammer when I'm presenting ideas that IMHO will actually =work= at dealing with the problem and do it in a fair way with less negative side effects than the current approach? What is it about the current volunteer WL/BL approach that makes you think it is so superior to any other potential approach? Or that makes you think the current negative side effects are acceptable compared to suggested methods that will have less of said?
In short, =why= are you so certain that =you= have better answers to these problems rather than anyone else and that anyone disagreeing with you is a spammer?
Decartes is a classic "i hate spam as much as the next guy" poster.
I have no idea what this actually means, but it somehow sounds ominous, and I suspect you intend it to sound that way. And I don't see what such statements do to further the discussion or help in solving the problem.
If you disagree with my suggestions for solving the problem, fine. Respond with why you think they won't work, and/or why you think the current methods are superior to other suggestions. I rather suspect I've been doing enterprise scale sys admin far longer than you suspect, and have operated at a far higher level of management as well. Experience has taught me to respect discussion, even vigorous, that helps move consideration forward.
But if all you have to contribute is 'tude with no logic to back it up, you're acting rather immature; and I suspect no one here has time for it. I =know= I don't. There's work to be done. Ante up, or get out of the way so it can be done. |
|
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| reply to dda
said by dda  :
When you become intolerant of reasonable dissent, you are declaring yourself a fanatic, zealot and many other words a thesaurus can find. Not to mention the ad hominiem attack.
If it looks like a spammer, and walks like a spammer, and talks like a spammer...
Decartes is a classic "i hate spam as much as the next guy" poster. |
|
Star Wolf
| reply to dda
That has been suggested in the past, but nothing has ever come of it. Check Google for prior proposals and discussion, both web and Usenet, and let us know what you find. You could also start your own.
Retaliatory blocking is not unknown. A major .de provider got peeved about being listed a while back and did some of that, though it did not last long. There was some discussion on NANAE about that one too.
You might also want to checkout the recent threads in NANAE and NANABL entitled YOUR ABUSE. A municipal Italian IT minion is annoyed that his IPs are in BLARS and in Blocklist.us. Hysterically funny.
|
|
dda
Premium
join:2003-12-29
Bolton, MA
| reply to Rhobite
DeCartes - spoken like a true spammer. "vigilante," "zealot," "fanatic," "cavalier."
Is someone rotting in SPEWS? Good. Go send some more porn to children.
When you become intolerant of reasonable dissent, you are declaring yourself a fanatic, zealot and many other words a thesaurus can find. Not to mention the ad hominiem attack. |
|
dda
Premium
join:2003-12-29
Bolton, MA
| reply to Steve
And this differs from "forum moderators" how?
Good point! Perhaps we should maintain a "SPEWS-friendly" blocklist and NIL can voluntarily decide to block posts from those posters who's bits she doesn't want.
Not illegal. And the blocklist, of course, maintains no responsbility for how the moderator uses it; it's just a list, after all. |
|
DeCartes
@attbi.com | reply to dkoert
Agreed that NANABL is a Good Thing. |
|
IronDragon
Premium
join:2003-06-25
Des Moines, IA
| reply to spews user
said by spews user:
you are right, it is not bbr's responsibility to clean up NAC.net. however it is MY RESPONSIBILITY to keep my network clean, if spam flows from NAC's network and me as a mail admin wish to block traffic from NAC netspace, and if that block expands to colateral damage then yes it is bbr's own fault THEY SUPPORT SPAM !!! bottom line. my server my rules
If you really want to stop spam why stop at just blocking what is listed in the blocklists. there are several spam sites and isp's that haven't yet been listed. The only true way to guarantee no spam is received at all is to block every ip address on the internet, to hell with collateral damage
--
Once a Geek always a Geek |
|
spews user
@63.76.x.x
| reply to Wills
you are right, it is not bbr's responsibility to clean up NAC.net. however it is MY RESPONSIBILITY to keep my network clean, if spam flows from NAC's network and me as a mail admin wish to block traffic from NAC netspace, and if that block expands to colateral damage then yes it is bbr's own fault THEY SUPPORT SPAM !!! bottom line. my server my rules |
|
IronDragon
Premium
join:2003-06-25
Des Moines, IA
| reply to Star Wolf
Taken from the SPEWS FAQ
Q36: Where can I go and see discussions about SPEWS, spam and other email abuse issues.
A36: The Usenet has newsgroup forums for this, there is a SPAM-L mailing list, SpamCop.net has a mailing list and User Forum. Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the discontinuation of spam and/or spam support will.
Q41: How does one contact SPEWS?
A41: One does not. SPEWS does not receive email - it's just an automated system and website, general blocklist related issues can be discussed in the public forums mentioned above. The newsgroups news.admin.net-abuse.blocklisting (NANABL) and news.admin.net-abuse.email (NANAE) are good choices, and Google makes it quite easy to post messages there via the Web in either the moderated NANABL or the unmoderated NANAE groups. The M@ilGate system allows one to easily post via email. First time newsgroup posters should read the NANAE FAQ. Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the discontinuation of spam and/or spam support will. Be aware that posting ones email address to any publicly viewable forum or website makes it instantly available to spammers. If you're concerned about getting spammed, change or "mung" the email address you use to post with.
Q42: My IP address/range is being listed by SPEWS but I'm not a spammer and I just signed up for this/these address(s). What can I do to be removed from the list?
A42: SPEWS is just an automated system, if spam or spam involvement (hosting spammers, selling spamware) from your IP address/range ceases, it will drop out of the list in time. Normally the listing involves spam related problems with your host and the first step you need to take is to complain to them about the listing, in almost all cases, they are the only people who can get an address/range out of the SPEWS list. If there is a spam related problem with your host, their IP address/range will not be removed until it is resolved. If your host or network is certain a listing mistake has been made, ask them to read this FAQ then post a message in a public forum mentioned above with the SPEWS record number (eg. S123) and/or the IP address/range information in it. Placing the text "SPEWS:" in the subject can help a SPEWS editor or developer see the message and they may double check the listing - note that, although others may, no SPEWS editor or developer will ever reply to the posting. Will this get your IP address/range removed from a SPEWS listing? Again, not if there are currently spam related problems with your host. Be aware that posting ones email address to any publicly viewable forum or website makes it instantly available to spammers. If you're concerned about getting spammed, change or "mung" the email address you use to post with.
--
Once a Geek always a Geek |
|
dkoert
join:2001-11-20
Wichita, KS
clubs: | reply to Star Wolf
said by Star Wolf:
Even then, NANABL is the place to post, not NANAE.
:nod: Moderate and moderated. |
|
Star Wolf
| reply to Karl Bode
Even then, NANABL is the place to post, not NANAE.
The guys at EV1 and others have the gig down right. They post kills, accept input, respond politely to status queries and that is about it. SPEWS listings have apparently been updated by posts there as well.
NANAE and NANAS are places abuse desks should lurk and "grep" with some regularity. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to Karl Bode
said by Karl Bode :
Absolutely NOT. Unless you're dealing with a delisting and even then I'd say NOTHING other than the very basics.
It strikes me that those who are part of SPEWS collateral damage would do well to follow this same advice.
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
Karl Bode
News Guy
join:2000-03-02
Host:
Road Runner
PC gaming GAMES
PC gaming Tech
| reply to Star Wolf
quote:
I would never post there as an ISP.
Absolutely NOT. Unless you're dealing with a delisting and even then I'd say NOTHING other than the very basics. There is no "winning". It's like entering a room full of those old muppets who sat in the booth. Without humor. |
|
Star Wolf
 from:
Steve
| reply to dkoert
Alex's frustration was clearly getting the better of him in NANAE over this. Some of his comments were well over the top and more than a little unproffesional. Yes he get got poked at hard, but he should have backed off and maintained his composure. It surely hurt NAC's cause there with many of the lurkers. That said, he has been doing better very recently. Last person I coached through a SPEWS delisting posted on in NANABL and only announced kills, and responded to status queries. They never engaged in debate. They were off of the lists within a week (had a list on sight spammer who was cloaked). They now read their abuse box more carefully.
NANAE is an interesting place with a wide assortment of trolls, zealots, and good people all in the mix. If you don't lurk there for a while, its hard to sort them out. Not all of them post everyday. After a couple of weeks, its easy to find out who the flamers and troll are. I would never post there as an ISP.
One thing the anti crowd is good at is finding historical posts and such. One thing is clear is that NAC knew about SPEWS a while back and decided to ignore it, clearly to its detriment. Then there was the call by another presumed employee "priest" to DDOS and harass a couple of the better NANAE antis. Note that Priest's site, but not the page with the call is still up in NAC space.
Eventually Alex, Blake, et al. will move from the bluff and bluster stage to the grudging compliance stage. Whether they make the transition to a "white hat" provider is anyones guess at this point.
Its believe it will be hard for them to ever get delisted if they keep pwebtech and Voxel as clients. |
|
