how-to block ads
|
Karl Bode
News Guy
join:2000-03-02
Host:
Road Runner
PC gaming GAMES
PC gaming Tech
3 edits | reply to shorej
Re: Why not to use SPEWS
quote:
You people amaze me. You provider is supporting spam by hosting a very well known spammer, which you profess to be against, and yet you have the gall to bitch and moan when a blacklist operator lists your spamming provider (and effectively YOU). What's wrong with this picture? You shouldn't be complaining to SPEWS about the listing.
Yadda Yadda Yadda.
This high-and-mighty schtick is a little boring in here, folks. You make it sound as if SPEWS is organized, efficient Deity, operating while perched upon an untouchable cloud of righteousness sipping a holy latte.
This idea of urging hosted individuals, businesses and sites to contact their ISP and complain may very well be effective. It will obviously work in this case. Yes ISP's should be held responsible. Yes, we will pressure them. So Yes, this tactic does function.
The problem is SPEWS doesn't release IP blocks or resolve complaints in a timely manner once spammers are booted from the network or move on - there's also no functional public complaint mechanism in place to deal with unfairly blacklisted hosts or delays in getting lifted from the blacklist.
This from their de-listing instructions:
quote:
"You will probably have to wait a while, both while SPEWS makes sure you really did shut down those customers, and to give you a bit of time to think about how you got in SPEWS and how to stay out in the future."
Are you F*ck*ng kidding me? "time to think about"? Is this thing run by grudge-holding pre-schoolers? Comments like that make me want to open a god-damn spamming shop. 
An effective idea? Perhaps. Functional implementation? Not so much. | |
Flutter Vertigo
@escient.com
| reply to nil
I think you are missing the point. SPEWS starts out by blocking the offending party. If the spamming does not stop, it moves up. Each time the spamming does not stop, it moves up. Eventually, innocent parties become ensnared. The reason? Those innocent parties may be upset at SPEWS, but they can create even more heat for the owners of the IP blocks and eventually, the IP block owners will tire of the heat and kill the spammers. This is not throwing the baby out with the bathwater as the baby is still present. If SPEWS only listed pure spamming IP blocks, it would have no effectiveness. | |
Sam Sneak
@waldenweb.com
| reply to MidwestWebHoster
I understand exactly how RBL lists work. My point is that when you broadcast something in a public forum you are responsible for the results regardless of a disclaimer.
If you don't believe that, make a little sign that says "Ignore me, I am not responsible for the actions of others based on information I provide."
Then go down to a movie theater and when everyoneis settled in yell Fire, Fire! When some child gets trampled by a mob that excuse will not work very well.
Granted we are dealing with the internet, but SPEWS is irresponsibly reporting information in a public forum when they know it to be incomplete/incorrect without having any sort of mechanism for correction. | |
JesterAR
join:2002-09-06
Fairfax, VA
| reply to russotto
Most people avoid neighborhoods where there are open drug deals, prostitution and random shootings. As an individual inhabiting one of these ghettos (ISPs) you have three choices: actively endeavor to clean your neighborhood (ISP) of the riff-raff, hunker down and do nothing more than bad mouthing the situation, or more to a better neighborhood (ISP).
The internet is a community that has survived on self-policing. The principle behind SPEWS is the motivation of individuals to become aware and involved in bettering the internet as a community.
You can grip and moan about SPEWS or you can eliminate the original problem, the cause for the existence of SPEWS. Your choice. | |
Karl Bode
News Guy
join:2000-03-02 | quote:
You can grip and moan about SPEWS or you can eliminate the original problem, the cause for the existence of SPEWS.
Why can't one do both? | |
JesterAR
join:2002-09-06
Fairfax, VA
| said by Karl Bode  :
quote:
You can grip and moan about SPEWS or you can eliminate the original problem, the cause for the existence of SPEWS.
Why can't one do both?
And they say you don't tug on Superman's cape
You don't spit into the wind
You don't pull the mask off an 'ole Lone Ranger
And you don't mess around with SPEWS | |
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
 ·Verizon Online DSL
| reply to russotto
There is an active discussion on /dot initiated by members of this forum.
One of the messages there has been posted to NANAE a couple of times, and is probably the best and most accurate explaination of why SPEWS and block-lists in general are a good thing.What they realy mean in terms of network citizenship and trust. It is written by a system administrator who was listed by spews, and who got de-listed.
I am going to re-post it here for the benefit of those who are truely interested in fighting the blight of spam, and in the interest of education.
===============
It's not about spam, it's about TRUST (Score:5, Interesting)
by satch89450 (186046) on Wednesday January 21, @08:39AM (#8042321)
(»www.satchell.net/)
OK, for those of you who read NANAE, this is old news, but for the rest of you...
I'm a sysadmin who worked very hard to get a /24 listed in SPEWS delisted. The netblock was in
the list because a customer of ours decided to provide DNS service to a known and notorious spammer. We earned the listing, period. I killed the bastard, reported the fact, and got the listing lowered to a zero, historical. In the process of doing that job, I learned a lot about the whole blocklist thing and realized that even the operators didn't see what they are really doing. They think it's about spam. Wrong.
It's not about spam. It's about TRUST
A listing in a recognized blocking list is a vote of "no confidence" in the IP owner's ability to run its network, to make its users -- ALL its users -- conform to the Internet society's accepted code of conduct.
Follow along with me a moment, and you'll see why I think this way. First, the Internet is, by
definition, a "network of networks", a large anarchy run by a very large number of system administrators (greater than 10,000) who make private decisions about who and how they allow to access their bandwidth, systems, and services. The Internet Society and its sub-units provide a forum to publish community notes, the Requests for Comments, which are nothing more and nothing less than agreements for how to play nice in this employee-owned swimming pool.
The Internet community has decided on standards of behavior, and each system operator trusts every other system operator in the pool to conform to the rules of society, and to ensure that the users conform to the community rules -- not unlike CC&Rs in a neighborhood development that form part of the purchase contract of many homes and condominiums. Some operators have become lax in their expected enforcement of the rules on particularly not-nice people, the ones who break the rules in order to win money, or some other benefit. There are enough of these Internet con men out there that the community coined a word to describe them: "spammers."
Back in the NSF days, a lapse in administration resulted in disconnection, quick and swift, so
the system adminstrators, up and down the line, toed the line to avoid being banished. In the Commercial Internet that replaced the NSF Internet, personal greed gets in the way of this remedy, and so the disdain of social customs is left largely unpunished by the society.
Just about every system operator who runs a mail service with more than three users has been yammered at by those users: "WE WANT LESS SPAM -- DO SOMETHING." Complaints to ISPs who take spammer money go largely ignored, and appeals "upstream" -- to the connection providers and to the
Tier One networks -- have also gone largely ignored. So the small administrators started to implement mail filters and blocks on "spammy" IP addresses in the hopes that they can block the crap and thus appease their users.
Spammers countered by having their providers move them around in IP space, and by using techniques to "get around" the content filters. It's become a war, frankly. First there were keyword filters, and so spammers started to "do things" to their messages, like replace the letter 'o' with the digit '0' -- you've all seen the tricks. Hash identification of bulk messages were thwarted by inserting random nonsense text. Learning filters are poisoned by spammers injecting random words. And so on and so on. In addition to these content-based counters, spammers also steal resources of innocent people: open mail relays, open proxies, and hijacked Web scripts like formmail.pl, so that the wrong person gets blames for their flood of commercial feces.
What the block-list people decided is that having each of the 10,000 to 100,000 system administrators deal with this individually was eating up too much time, and there was this nifty thing already in place that could be used to reduce the system overhead of identifying spam: use new
zones of the Domain Name System (DNS) to provide a rapid way of identifying "problem" IP addresses and deflect mail based on that information. The growth of the DNS-based blocking list, or DNSBL, has been interesting to watch.
Several organizations collect information about problem IP addresses, and provide databases that feed DNSBLs. One of these is the Spam Prevention Early Warning System project, better known as SPEWS. What make SPEWS such a topic of discussion is the attitude on the part of the operators of the database that when complaints are ignored and spam continues, there is a good chance that spam will "pop up" on neighboring IP addresses, so when action isn't taken on a spammer on a network, it makes sense to pre-emptively report neighboring space on the assumption that if there isn't spam now, there will be. Others have written on the "bad neighbood" analogy, so I won't repeat it here.
And that gets me to my thesis. This escalation process -- assuming that if an operator won't take action against one spammer that operator's network will attract spammers wishing to operate
without molestation like flies are attraced to feces -- means that the SPEWS database isn't really "just" about spam at all - it's about administration. A listing in SPEWS says "we don't trust you to do The Right Thing(tm) any more, because you haven't been."
A trust violation.
A trust violation at multiple levels, for control over the routing of an IP address goes through quite a number of hands, as a rule.
Many communities now have Megan's Law, where a previously convicted sex offender has to register their presence with local law enforcement every time they move, even after they have served their time and discharged their debt to society. Why? Sex offenders, goes the thinking, rarely go completely straight. People who subscribe to block lists in particular and SPEWS in particular have the same attitude to spam offenders, because like sex offenders the result of recivitism is just as bad, the rape of innocent people's mailboxes, and the temptations of a reformed spammer to spam again are very, very high: almost at the same level as an alcoholic's craving for drink or a smoker's craving for tobacco.
What's interesting is that the collection of all the databases and blocking lists gives us a unique opportunity to come up with a grade for system operators. I have put together a proposal for this, which has been posted to news.admin.net-abuse.email, and which I have placed on my Web site. [satch-test.com] This proposal would take the existing information and summarize it as a "grade" for each provider, at each level. The publication of these grades would allow people to see who is a good provider and who is a bad provider, and could form the basis of some sort of certification that can be used in advertising.
The fact that Broadband Reports has become collateral damage to a SPEWS escalation is unfortunate. As a publication, though, Broadband Reports is in the best position to publicize the ineptitude of their upstream provider in being a good Net citizen, and perhaps can shame them into doing something about the disease that infests their network.
I know a netblock can be de-listed, because I did it. It took work, it took removing a tumor from my netblock, it took a public announcement of the surgery.
Or, like a family finding a crack house next door, they can move.
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME.»www.tamara-b.org
| |
mccallcl
@dmsp.com
| reply to JesterAR
"SPEWS only provides a list, it is up to ISPs as to what to do with it"...
:rolleyes:
Are you saying that SPEWS has NO IDEA what those CRAZY ISPs are going to do with that funny list of numbers? SPEWS wants those ISPs to block those IPs. It's why they publish the list at all. So, please stop using that tired argument. We are not in a court of law, we all know what the list means. SPEWS may as well do the blocking themselves, since they publish the list.
If you are going to publish a list that others use to block ISPs from their networks, you had better be responsible enough to allow for maintanance of that list in a timely fashion. Otherwise, don't publish it at all. | |
operagost
join:1999-08-02
Spring City, PA
| reply to Steviant
said by Steviant:
You know, Hitler didn't personally gas any Jews or Gypsies. He was nowhere near the concentration camps, so he couldn't have.
Does that make him innocent?
I hereby invoke Godwin's law. | |
tbase9
@uslec.net
| reply to TamaraB
I, too use Spam Assassin (without any RBL's)- and I use it for my clueless and careless users. It's fairly simple to create custom rules that filter all executable attachments and the majority of Spam either to a junk mailbox or directly delete them. In my config, only about 90% gets blocked, but I get maybe 1 false positive per month across a user base of about 30. I may not be an ISP, but I also don't have full access to all the features - our ISP has it installed and allows limited custom configs. If I had full access to it, and took the time to learn it, I imagine I could up the success rate considerably. And the best part is I control the blacklists, white-lists, and the scoring of the rules. Just set the threshold really high, and score Viagra, pen1s, enhancement and executable attachments even higher. I have the white-list scoring set so that while people on the white-list can have forged yahoo account and mention prescriptions without getting filtered, even people in the white-list can't get an executable attachment through. Seems to me that's the most important thing - filtering viruses is a requirement, filtering junk is a luxury. | |
Tilmut
@ufl.edu
| reply to nil
If you do the math, your one percent of 200 spams per user, times a thousand users, in the case of At Sea, gives 2000 spams getting through your bayesian filters per day. That's a lot more than 10. Your method is about 200 times less efficient than his, and it must be implemented by each individual user. And it does nothing to help your provider, whose disks still have to hold the spam until your filters identify it. | |
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| said by Tilmut:
If you do the math, your one percent of 200 spams per user, times a thousand users, in the case of At Sea, gives 2000 spams getting through your bayesian filters per day. That's a lot more than 10. Your method is about 200 times less efficient than his, and it must be implemented by each individual user. And it does nothing to help your provider, whose disks still have to hold the spam until your filters identify it.
Not to mention the bandwidth usage in just accepting it all in the first place. Also, take the user who checks their mail once a week, or who has been on vacation for a month!
They return, fire up their PC, get infected by a month old virus.... life behind the router, is NOT the same as the life of an end-user.
The costs build up, and in the end the user has to pay; that's the evil of SPAM, the end-user pays, pays for the transport, for the storage, and for the cleanup while the spammer laughs all the way to the bank!
Captain Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME.»www.tamara-b.org
| |
JesterAR
join:2002-09-06
Fairfax, VA
| reply to mccallcl
You quoted the wrong person. Try fixing your cited source before fixing the world.
said by mccallcl:
"SPEWS only provides a list, it is up to ISPs as to what to do with it"...
:rolleyes:
Are you saying that SPEWS has NO IDEA what those CRAZY ISPs are going to do with that funny list of numbers? SPEWS wants those ISPs to block those IPs. It's why they publish the list at all. So, please stop using that tired argument. We are not in a court of law, we all know what the list means. SPEWS may as well do the blocking themselves, since they publish the list.
If you are going to publish a list that others use to block ISPs from their networks, you had better be responsible enough to allow for maintanance of that list in a timely fashion. Otherwise, don't publish it at all.
Auto makers put cars on the market. They have no control over what the person who drives that car does behind the wheel. I am willing to cheer you on from a distance is you bring a class action suit against auto makers for failure to prevent drunk driving but I know deep down that it has got a snowball's chance in hell.
Your logic eliminates individual choice of admins to use the list and to what varying degree. | |
SPEWS socks pupet
@bol.bg
|  reply to nil
NOTE: this is in response to the post by nil
Majority of spam does not originate in US anyway.
This statement clearly shows you have no idea what the difference between SPAM and spam is.
»www.spamhaus.org/ | |
b0nzie
join:2004-01-20
Great Valley, NY
| reply to TamaraB
Simple solution already mentioned, but seems to have gone silent.. Find another admin with a SMTP box elsewhere who is willing to let you relay until you can the the DNSBL issues sorted out.. Setup your outbound MX (with sendmail it's called smarthost) so depending on what your using.. Forward all your outbound mail to this 3rd party relay box and it will fire it out to the recipents for you (avoiding the DNSBL) | |
graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
| reply to TamaraB
said by TamaraB :
Nil:
1) your mail server is NOT BlackListed! If you look at the listing it is at level 2 the [2] means level 2. Read the SPEWS FAQ. No one blocks on level 2 listings.
Level 2 listings are netblocks which are watched carefully for evidence of abuse, usually because the adjoining netblocks are in use by spammers, and because the provider (NAC in this case) is ignoring complaints about the abuse, or is doing nothing to remove the abusers.
Yes, the IP is listed at level 2, but the statement that no one blocks at level 2 is not correct. A few do block at that level, and this is what is being noticed.
The level 1 data is included in the spews.bl.reynolds.net.au zone
The level 2 data is also available in a dnsbl.sorbs.net zone.
Therefore, anyone using that sorbs zone will be blocking all of NAC's level 2 listed IP space, which currently includes the DSLReports mail server.
One thing that anyone listed at level 2 needs to keep in mind is this. If sites listed at level 1 do not stop spamming, it's only a matter of time before SPEWS escalates further. Eventually, everything listed at level 2 will wind up in level 1 and the amount of reject mail will be quite a bit larger.
My ISP had a few spammers listed at level 1 and their entire IP space listed at level 2. After repeatedly ignoring complaints, and even being warned that they would be escalated to level 1, they still ignored the problem. Only after winding up in level 1 and having their entire customer base impacted, did they act. | |
Noodles67
@bctel.ca
| reply to nil
We have a legitimate mailing list of about 100,000 names, built up over 9 years. Around 20% (20,000) of the emails on that list expire each year due to the customer closing their ISP account. Though some of the old users remember to update their address to the new one, many don't. Of that 20,000, many get reallocated to new users - some who think we might be spamming them when they get the next newsletter for the old customer.
Despite this, as we scrupulously process all remove requests, we have minimal complaints - but we do have them.
Point: it is easy to have spam complaints for a 100% ethically run mailing list.
Issue: how severe should our hosting company be with spam complaints? Fortunately they realise that few spam complaints now and again are going to occur from any newsletter, and so as the number of complaints is very very small versus our customer base, we've never had a problem.
Problem: we are experimenting with a new host. The host is so good it has well over 20,000 servers/customers. Problem is that a 'few spam complaints now and again' x 20,000 customers means A LOT of spam complaints per day.
Issue: What is a block list to do when it receives tens or hundreds of SPAM complaints from a netblock per day. This is a trivial amount per customer (1-2 per year perhaps). Answer is, now and again the ethical customer at the ethical host gets blocked.
Problem2: if you are a great host, and end up with 20,000 customers, you cannot know all your customers as well as you would like. Spammers will try to sign up, and even if you terminate them quickly, you are likely to have a period of a few hours, multiple times per week, when a spammer gets through your new customer filters, gets a server, and starts spamming at 100,000s of spams a hour. Our host monitors SMTP traffic by server for unusual spikes, but this takes a hour or two to trap and act upon.
Issue: This means that our hosts netblock is forever associated with hundreds of thousands of spams per week, even though they are very proactive about searching and terminating spammers.
This is why SPEWS constantly blocks huge ranges of legitimate customers run by ethical hosts, and why ethical hosts and customers affected by this hate it. This is compounded by its lack of accountability and transparency. | |
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by Noodles67:
Spammers will try to sign up, and even if you terminate them quickly, you are likely to have a period of a few hours, multiple times per week, when a spammer gets through your new customer filters, gets a server, and starts spamming at 100,000s of spams a hour.
I think that most people can tell the difference between an ISP with an aggressive and responsive abuse department, and one that ignores responses and drags its feet. The latter get listed, the former do not.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
Ponderous
@speakeasy.n
| reply to nil
There is an additional point of view to the issue at hand that I think hasn't been considered yet.
Blacklists, on the whole, probably are a good thing.
Large amount of "collateral damage" in a mail delivery system, on the other hand, is highly undesirable. Why? -think business communication. Would you really prefer to go back to pen-and-paper business correspondance, or do you rather like the convenience and speed of email?
If email becomes unreliable because vigilantes like SPEWS and co. decide that it's good to cause inordinate amount of legitimate email to get lost just so that they can get one or two spammers, this does render the electronic mail system as an unreliable delivery mechanism for correspondance or any type. Between limited set of individuals this may be tolerable, but not for business or government correspondance.
Much as people would LIKE to think otherwise, email is more important than that nowadays. Of course, if SPEWS has it's way this won't be the case though.
SPEWS and their cohorts can blame the ISPs and the mail admins who implement their blacklists. While I agree that the mail admins are unwise to implement SPEWS blacklist (because they're undermining the viability of electronic mail as a viable communications platform), and ISPs should be accountable for spam originating from their networks, SPEWS isn't the way to do it.
The anti-spam solution, in my opinion, should be two-fold: both technical and legal. But that kinda goes beyond the scope of this post, so I'll skip it.
Bottom line, I think the notion of extensive "collateral damage" is unaccetable in a mail delivery system that's to be taken seriously. | |
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by Ponderous:
Bottom line, I think the notion of extensive "collateral damage" is unaccetable in a mail delivery system that's to be taken seriously.
The more I look around, the more I like "collateral damage". There are some ISPs that simply will not Get The Picture™, and it takes breaking the legs of their customers to get them to do anything.
SPEWS is not the problem
Bad ISPs are the problem
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
|
