dkoert
join:2001-11-20
Wichita, KS
clubs:
| reply to Karl Bode
Re: Why not to use SPEWS
said by Karl Bode  :
The NANAE kids are prompting me to investigate "Alex", a NAC employee...
FWIW, it was suggested that Alex is a NAC co-owner in this post:
quote:
You already know about Blake, and he co-owns NAC with alex, who is on the whois entry for NAC.
I tend to believe the information in this post, considering the frustrated tone. |
|
Star Wolf
| reply to nil
Admins often do know what's best for their users by definition, but the point of contention here is blocking legitimate email because of who the ISP is.
Its not the ISP, its the netblock owner. A non-trivial distinction since some small ISPs do not have their own allocation. Fundamentally the block owner has the responsibility to the rest of the net to keep order.
Its the netblock owner who is being boycotted, not necessarily all the people leasing space from them.
For those who think such boycotts are illegal or immoral should check out some of the background information on the Selma Busy Boycott, the parallels are quite striking. The collateral damage was much more than many knew.
|
|
DeCartes
@attbi.com
| reply to nil
I'd suggest asking the NAC Chairman what plan they have to protect their customers from the offenses of their other customers, and what the "Big Six" Tier Ones are doing cooperatively on this issue.
Despite Rhobite's comments, I want the problem dealt with just as badly as he does. IMHO the current approach at the organizational level is =not= working. SPEWS et al have been remarkably =ineffective= for all the vitrol they throw around and incite.
There's also the problem that such solutions are just as morally questionable as some of the acts of the organizations they claim to deplore. A DoS attack is a Bad Thing, and it doesn't matter who or how it's executed, it is still wrong. Two wrongs don't make a right. Acting like criminals does not make you a good guy, just another criminal.
Like it or not, this is a multi-dimensional problem that is going to require multi-dimensional solutions. Things like electronic fraud and kiddy porn are fairly easy to categorize as criminal. So is someone stealing accounts and server time. After that it gets harder. Much harder when you take into account that the "decency" standards for radio, TV, print media, and the Net are not the same.
Rhobite, let me be very clear. I don't want my kids exposed to material inappropriate to their age in =any= medium. Unfortunately, it's rather hard to set the bar where I'd like to on the net when the bar is so much lower for just about every other medium of communication.
Technical suggestions I've heard or thought of that have promise include:
1= Using PKE message digests of "opt-in" lists so that the veracity of these lists can be guaranteed and protected while providing a "paper trail" of who genned and bought the lists every time they are exchanged. SPEWS et al could provide a valuable service here by offering to host PK rings of participating organizations. With such public scrutiny, organizations will very quickly be sorted into buckets according to how above board they are.
2= Using Bayesian filters like CRM114 in a hierarchical manner. If everyone on your local cable or DSL loop thinks something should be blocked, the block can be "promoted" up to a higher level of the net. Real trash ends up blocked at the backbone router level...
3= Like it or not, we as a community have to get involved in efforts to see that fair standards exist that make sense across all forms of communication. And that they are enforcible and enforced. Unconstitutional laws like CA's anti-spam law are going to have to be rewritten, etc, etc.
4= Like it or not, THE COMMERCIALIZATION OF THE NET IS HERE TO STAY. There is no going back to the noncommercial net of the pre 1990's, and if there were things like 100Mbs MAN's would probably never occur. People are investing in network infrastructure and technologies that increase net performance because there's money to be made.
Attention to detail and clarity of thought will bound this problem, not emotionalism. |
|
Star Wolf
 from:
Steve
| reply to dkoert
Alex's frustration was clearly getting the better of him in NANAE over this. Some of his comments were well over the top and more than a little unproffesional. Yes he get got poked at hard, but he should have backed off and maintained his composure. It surely hurt NAC's cause there with many of the lurkers. That said, he has been doing better very recently. Last person I coached through a SPEWS delisting posted on in NANABL and only announced kills, and responded to status queries. They never engaged in debate. They were off of the lists within a week (had a list on sight spammer who was cloaked). They now read their abuse box more carefully.
NANAE is an interesting place with a wide assortment of trolls, zealots, and good people all in the mix. If you don't lurk there for a while, its hard to sort them out. Not all of them post everyday. After a couple of weeks, its easy to find out who the flamers and troll are. I would never post there as an ISP.
One thing the anti crowd is good at is finding historical posts and such. One thing is clear is that NAC knew about SPEWS a while back and decided to ignore it, clearly to its detriment. Then there was the call by another presumed employee "priest" to DDOS and harass a couple of the better NANAE antis. Note that Priest's site, but not the page with the call is still up in NAC space.
Eventually Alex, Blake, et al. will move from the bluff and bluster stage to the grudging compliance stage. Whether they make the transition to a "white hat" provider is anyones guess at this point.
Its believe it will be hard for them to ever get delisted if they keep pwebtech and Voxel as clients. |
|
Karl Bode
News Guy
join:2000-03-02
Host:
Road Runner
PC gaming GAMES
PC gaming Tech
| quote:
I would never post there as an ISP.
Absolutely NOT. Unless you're dealing with a delisting and even then I'd say NOTHING other than the very basics. There is no "winning". It's like entering a room full of those old muppets who sat in the booth. Without humor. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by Karl Bode :
Absolutely NOT. Unless you're dealing with a delisting and even then I'd say NOTHING other than the very basics.
It strikes me that those who are part of SPEWS collateral damage would do well to follow this same advice.
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
Star Wolf
| reply to Karl Bode
Even then, NANABL is the place to post, not NANAE.
The guys at EV1 and others have the gig down right. They post kills, accept input, respond politely to status queries and that is about it. SPEWS listings have apparently been updated by posts there as well.
NANAE and NANAS are places abuse desks should lurk and "grep" with some regularity. |
|
dkoert
join:2001-11-20
Wichita, KS
clubs: | said by Star Wolf:
Even then, NANABL is the place to post, not NANAE.
:nod: Moderate and moderated. |
|
IronDragon
Premium
join:2003-06-25
Des Moines, IA
| reply to Star Wolf
Taken from the SPEWS FAQ
Q36: Where can I go and see discussions about SPEWS, spam and other email abuse issues.
A36: The Usenet has newsgroup forums for this, there is a SPAM-L mailing list, SpamCop.net has a mailing list and User Forum. Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the discontinuation of spam and/or spam support will.
Q41: How does one contact SPEWS?
A41: One does not. SPEWS does not receive email - it's just an automated system and website, general blocklist related issues can be discussed in the public forums mentioned above. The newsgroups news.admin.net-abuse.blocklisting (NANABL) and news.admin.net-abuse.email (NANAE) are good choices, and Google makes it quite easy to post messages there via the Web in either the moderated NANABL or the unmoderated NANAE groups. The M@ilGate system allows one to easily post via email. First time newsgroup posters should read the NANAE FAQ. Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the discontinuation of spam and/or spam support will. Be aware that posting ones email address to any publicly viewable forum or website makes it instantly available to spammers. If you're concerned about getting spammed, change or "mung" the email address you use to post with.
Q42: My IP address/range is being listed by SPEWS but I'm not a spammer and I just signed up for this/these address(s). What can I do to be removed from the list?
A42: SPEWS is just an automated system, if spam or spam involvement (hosting spammers, selling spamware) from your IP address/range ceases, it will drop out of the list in time. Normally the listing involves spam related problems with your host and the first step you need to take is to complain to them about the listing, in almost all cases, they are the only people who can get an address/range out of the SPEWS list. If there is a spam related problem with your host, their IP address/range will not be removed until it is resolved. If your host or network is certain a listing mistake has been made, ask them to read this FAQ then post a message in a public forum mentioned above with the SPEWS record number (eg. S123) and/or the IP address/range information in it. Placing the text "SPEWS:" in the subject can help a SPEWS editor or developer see the message and they may double check the listing - note that, although others may, no SPEWS editor or developer will ever reply to the posting. Will this get your IP address/range removed from a SPEWS listing? Again, not if there are currently spam related problems with your host. Be aware that posting ones email address to any publicly viewable forum or website makes it instantly available to spammers. If you're concerned about getting spammed, change or "mung" the email address you use to post with.
--
Once a Geek always a Geek |
|
spews user
@63.76.x.x
| reply to Wills
you are right, it is not bbr's responsibility to clean up NAC.net. however it is MY RESPONSIBILITY to keep my network clean, if spam flows from NAC's network and me as a mail admin wish to block traffic from NAC netspace, and if that block expands to colateral damage then yes it is bbr's own fault THEY SUPPORT SPAM !!! bottom line. my server my rules |
|
IronDragon
Premium
join:2003-06-25
Des Moines, IA
| said by spews user:
you are right, it is not bbr's responsibility to clean up NAC.net. however it is MY RESPONSIBILITY to keep my network clean, if spam flows from NAC's network and me as a mail admin wish to block traffic from NAC netspace, and if that block expands to colateral damage then yes it is bbr's own fault THEY SUPPORT SPAM !!! bottom line. my server my rules
If you really want to stop spam why stop at just blocking what is listed in the blocklists. there are several spam sites and isp's that haven't yet been listed. The only true way to guarantee no spam is received at all is to block every ip address on the internet, to hell with collateral damage
--
Once a Geek always a Geek |
|
DeCartes
@attbi.com | reply to dkoert
Agreed that NANABL is a Good Thing.  |
|
dda
Premium
join:2003-12-29
Bolton, MA
| reply to Steve
And this differs from "forum moderators" how?
Good point! Perhaps we should maintain a "SPEWS-friendly" blocklist and NIL can voluntarily decide to block posts from those posters who's bits she doesn't want.
Not illegal. And the blocklist, of course, maintains no responsbility for how the moderator uses it; it's just a list, after all. |
|
dda
Premium
join:2003-12-29
Bolton, MA
| reply to Rhobite
DeCartes - spoken like a true spammer. "vigilante," "zealot," "fanatic," "cavalier."
Is someone rotting in SPEWS? Good. Go send some more porn to children.
When you become intolerant of reasonable dissent, you are declaring yourself a fanatic, zealot and many other words a thesaurus can find. Not to mention the ad hominiem attack. |
|
Star Wolf
| reply to dda
That has been suggested in the past, but nothing has ever come of it. Check Google for prior proposals and discussion, both web and Usenet, and let us know what you find. You could also start your own.
Retaliatory blocking is not unknown. A major .de provider got peeved about being listed a while back and did some of that, though it did not last long. There was some discussion on NANAE about that one too.
You might also want to checkout the recent threads in NANAE and NANABL entitled YOUR ABUSE. A municipal Italian IT minion is annoyed that his IPs are in BLARS and in Blocklist.us. Hysterically funny.
|
|
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| reply to dda
said by dda :
When you become intolerant of reasonable dissent, you are declaring yourself a fanatic, zealot and many other words a thesaurus can find. Not to mention the ad hominiem attack.
If it looks like a spammer, and walks like a spammer, and talks like a spammer...
Decartes is a classic "i hate spam as much as the next guy" poster. |
|
DeCartes
@attbi.com
| If it looks like a spammer, and walks like a spammer, and talks like a spammer...
I sound like a spammer when I'm presenting ideas that IMHO will actually =work= at dealing with the problem and do it in a fair way with less negative side effects than the current approach? What is it about the current volunteer WL/BL approach that makes you think it is so superior to any other potential approach? Or that makes you think the current negative side effects are acceptable compared to suggested methods that will have less of said?
In short, =why= are you so certain that =you= have better answers to these problems rather than anyone else and that anyone disagreeing with you is a spammer?
Decartes is a classic "i hate spam as much as the next guy" poster.
I have no idea what this actually means, but it somehow sounds ominous, and I suspect you intend it to sound that way. And I don't see what such statements do to further the discussion or help in solving the problem.
If you disagree with my suggestions for solving the problem, fine. Respond with why you think they won't work, and/or why you think the current methods are superior to other suggestions. I rather suspect I've been doing enterprise scale sys admin far longer than you suspect, and have operated at a far higher level of management as well. Experience has taught me to respect discussion, even vigorous, that helps move consideration forward.
But if all you have to contribute is 'tude with no logic to back it up, you're acting rather immature; and I suspect no one here has time for it. I =know= I don't. There's work to be done. Ante up, or get out of the way so it can be done. |
|
DeCartes
@attbi.com
| Update:
This discussion has got me thinkig more about the algorithms for the hierarchical Bayesian filter idea I've mentioned previously.
...I think I have a way to tweak the original idea so that content blocking of "true trash" (stuff almost no one in the online community finds acceptable) can occur at the first ISP cloud cloud closest to the spam originator, rather than having it get even as far as the backbone.
I still have to make sure that there are ways to avoid both the "tyranny of the minority" and the "tyranny of the majority" that we solve in other domains with things like Robert's Rules. More as I go /thoughtful |
|
AmeritecTech
Change we can believe in, 1922
Premium
join:2002-09-06
Houston, TX | It would have to halt all traffic on 25 while it scans the outgoing message, right? |
|
dda
Premium
join:2003-12-29
Bolton, MA
| reply to Rhobite
If it looks like a spammer, and walks like a spammer, and talks like a spammer...
Unless he sends spam, either directly or by hiring someone to do so, he isn't a spammer and I seriously doubt you have any evidence that he sends spam. So it is just another ad hominiem attack; guilt by innuendo.
Could you actually address his arguments? |
|
