Slashdot Log In
Osirusoft Blacklists The World
from the wildcard-matches-for-evil dept.
NSXDavid writes "Earlier today our site mysteriously ended up on Joe Jared's Osirusoft SPAM blacklist which is used by lots of antispam software (like SpamAssassin and sendmail). Since he is currently under a serious DDoS attack, there was no way to appeal this decision. We contacted Mr. Jared by phone who informed us that 'everyone needs to stop using Osirusoft and that he's going to be shutting the service down.' Then he says he's going to blacklist 'the world' (aka, ban *.*.*.*) to get his point across. Later on this evening, he apparently went ahead and did just that. Succumbing to lawsuits and DDoS, a once great blacklist is dead. SpamAssassin is removing it from their config in the next release (rc3) and email admins around the globe are reconfiguring their mail servers."
Blacklists and reality (Score:5, Insightful)
Re:Blacklists and reality (Score:5, Insightful)
Parent
Re:Blacklists and reality (Score:5, Interesting)
They already get through whitelists... a few months ago a person I provided free webspace for got a nasty porn spam with my address in the *from*. She was rather concerned. When she contacted me, I found that I had in fact recieved the same spam "from her." What's more, her address was a special purpose address that was only listed on the website I provided for her. A few lines lower on the site was a "Thanks to Scott Walde for providing this webspace for free" with a link to my email address. The only reason I can see for using email addresses found near each other this way is to get through whitelists. (software or human... I often scan the "from" to decide which emails to read.)
--srw
Parent
Re:Blacklists and reality (Score:5, Funny)
Parent
Re:Blacklists and reality (Score:5, Insightful)
Parent
Re:Blacklists and reality (Score:5, Interesting)
Alternatives are confiriming the email (respond with this specially crafted string as subject) or running some computationally expensive operation For example, postmasters of well adminstered machines may run a number factoring service: to prove that a non-whitelisted message isn't spam, they are willing to spend their computational resources to factor a largish number for you.
The idea for both of these is that the main difference between spam and legit mail is that a legit sender will have just a few recipients but many messages, and thus can afford a one-time-per-recipient hassle to get on a whitelist, while a spammer cannot.
Neither address distributed compromised senders, which is effectively a way for spammers to make others pay to get on whitelists. If whitelists become wide-spread, a worm-based mass-compromise is the only option left to spammers.
Parent
Re:Blacklists and reality (Score:5, Interesting)
This is exactly why I think that SoBig is the perfect spamming mechanism. AFAICT, it essentially gets around nearly every non-content-based spam filter (ie Bayesian and SpamAssassin et al).
By sending spam from an amazing depth and breadth of compromised networks, it forces blacklist operators to go into "block everything" mode, which is so draconian that users of the blacklists will disable them.
As I posted in another story, if ISPs start blocking outbound port 25, the next iteration of the worm simply uses the Outlook SMTP settings to relay through the official MXs of the ISP. Given the flood of abuse reports, many ISPs (especially larger ones) are simply going to /dev/null abuse reports; they can be reasonably sure that their servers aren't going to end up in blacklists used by a lot of people (because heads will start to roll among the admins who use the blacklists).
By pretending to come from an address that has at most two degrees of separation from the recipient, they will get around a fair amount of whitelisting (this is exploiting the greatest flaw in TMDA and the like: trust of the From: address).
Parent
Re:Blacklists and reality (Score:5, Insightful)
Yes, let's kick blind people off the net! If they can't parse your machine-unreadable image, screw them. Right?
Me, I do pretty well with Bayesian spam filters.
Parent
Re:Blacklists and reality (Score:5, Insightful)
Let's pretend I'm a business. I WANT you to send me an email.
I WANT emails from every single person in the world that isn't a customer yet.
I NEED to accept every email on the chance that one of them might be a sale. (Yep. This means I need to look at the ones that include *details* in the subject.)
Whitelist doesn't work here.
I do NOT want a phone call from you as first contact. A one minute email response is now a 40 minute phone call explaining that "Yes you must turn on your computer first if you want to actually use it"
White-list is unworkable for business, because everything must be "whited" by default.
Challenge-Response is unworkable because I/we (as a small to mid business) simply could not keep up with that. Sure. One of the real programmers we have (i'm not one of them) could come up with an auto-bot to respond to challenge-response, but then we end up back where we started, don't we?
I don't have the answers. But I do know what the answers aren't. And Whitelist/Challenge-Repsonse aren't it
Just my 3 cents worth of rant for today.
Parent
Re:Blacklists and reality (Score:5, Insightful)
The vast majority of spam is sent with some form of false address. Developing a way to be able to trust the origin of email is the way to end the spam crisis.
This type of action does not surprise me. SPEWS and the other blacklists are poor solutions to spam because they are in effect private censorship with no accountability. They are also single points of failure for the Internet as today's episode proves.
The backwash caused by this event was huge. It wasn't just spews and spews users who were affected, the load on the backbones was causing severaql nets to brown-out repeatedly.
It is just as well that we did not have as many idiotic 'hack-back' schemes in operation as some have been calling for.
Parent
Re:Blacklists and reality (Score:5, Interesting)
That only works if I require them to sign mail they send to me, with my public key.
Possibly having a key system of public keys and private keys. You put your own private key out there, saying you'll accept mail with anything that signs their mail with the public key. You add any mailing lists you want public key, they sign all outgoing messages with their private key. Thus you'll accep their mail.
You can white list on anybody else you're willing, using a Web of Trust from PGP if they are considered "trusted" enough. However, that will lead to problems.
However, public and private keys will suddenly become tokens of value to spammers. Suddenly people will start creating worms, and scripted attacks to pull peoples keys. They will start trying to break into machines. It'll create a black market for trusted keys the world over. They'll just be new attacks, and new problems. Creating a large scale web of trust, won't work. A worm can easily go steal the tokens of trust, and then start using them to spam with. It'll just be another arms race.
Now letting forcing people to sign with your key is probably the most doable, but it also means that running mailing list software is a real, real CPU intensive application. I'm not particularly thrilled with that.
The only way to stop spam is to make it stop being cost effective, that involves causing e-mail to be an expensive operation if it involves untrusted e-mail servers.
Kirby
Parent
Re:Blacklists and reality (Score:5, Interesting)
It's going to be functionally impossible to fix the problem of spammers opening an account and pumping email through it until it gets closed, but the transmission of email could be hardened by changing the SMTP protocol from 'call-up' to 'call-back'.
The SMTP protocol is set up to allow a host to contact another host and dump mail to it; there's no validation that the originating host is who it claims to be in the SMTP transaction. If you change the setup for the mail transfer connection to use the following mechanism:
This would establish a traceable chain of resolved hosts from the point at which the email entered the SMTP routing to its destination. Putting an email message into a mail transfer agent would still be vulnerable to the use of hacked or temporary accounts, but the upload would still require a trackable username and password for an account on the MTA. From that point, getting an MTA to accept an SMTP connection from a bogus host would require hacking the DNS server chain so that, when the receiving MTA host received the request, the IP address the passed hostname resolved to pointed back at the spammer's machine -- otherwise, you'd get a mail transaction sequence that looked like this:
Not a panacea, but it would make the mail hop path trustable until you start seeing hacked mail daemons that would mangle the mail hop path of any mail going through it -- but that would still leave the host with the hacked daemon having to identify itself, from which it could be blocked.
Parent
Libertarian Newspeak Doesn't Negate Censorship (Score:5, Insightful)
That is a fucking myth, and I am sick and tired of hearing people parrot that nonsense. Saying a business can't censor because it isn't a government is akin to a black man saying he can't be racist because he is black. These are both examples of the same logical fallacy: just because a behavior is traditionally associated with one entity or group doesn't mean it is impossible for another entity or group to begin behaving in exactly the same behavior.
Obviously, anyone of any ethnicity is capable of becoming a racist, just as anyone with any power or influence over others is capable of engaging in censorship.
Responsible parents routinely censor what their kids see and hear. We as a society, by and large, find this to be an acceptable form of censorship.
Many religions routinely censor what their congregations are and are not allowed to see and hear (the Catholic church has had a censorship office for centuries, but they are hardly alone. The Mormons censor what they deam inappropriate for their membership, just as the Jehovah's Witnesses do, and I really don't need to cite example after example for Islam, do I?).
And finally, yes, many, many companies engage in censorship, both the obvious 'media' companies that bury stories they don't like or can't be bothered with, as well as other more subtle businesses (like Monsanto pressuring Fox News into not running a news story on how their hormone saturated milk was actively harmful to the health of children, an action that resulted in Fox News firing two reporters who refused to disavow their story, and said reporters winning a lawsuit against Fox News under Florida's whistleblower laws).
Anyone with any form of power over another, be it parental, religious, corporate, or governmental, has the power in some capacity to censor information available to those less powerful. It is a telling, and appalling, commentary on our culture to observe just how common this sort of censorship is, and how eager we have become to silence those with opposing viewpoints, rather than to argue the counterpoint (as I am doing here, for example).
Your Libertarian Newspeak definition of censorship is plain wrong. You may have the right to censor what comes across your network, and you may chose to excersize that right, but don't think for a moment you aren't engaging in censorship, or think you can convince the rest of the world (a few gullible moderators aside) you are not simply by trying to spin your verbiage.
And lest there be any doubt as to what censorship is:
censorship
n.
1. The act, process, or practice of censoring.
2. The office or authority of a Roman censor.
3. Psychology. Prevention of disturbing or painful thoughts or feelings from reaching consciousness except in a disguised form.
censor
1. A person authorized to examine books, films, or other material and to remove or suppress what is considered morally, politically, or otherwise objectionable.
2. An official, as in the armed forces, who examines personal mail and official dispatches to remove information considered secret or a risk to security.
3. One that condemns or censures.
4. One of two officials in ancient Rome responsible for taking the public census and supervising public behavior and morals.
5. Psychology. The agent in the unconscious that is responsible for censorship.
tr.v. censored, censoring, censors
To examine and expurgate.
(source: dictionary.com)
You will notice, that with the exception of historical references to Rome, none of these definitions presuppose governmental authority over just plain authority, indeed, quite the contrary.
Parent
Re:Libertarian Newspeak Doesn't Negate Censorship (Score:5, Insightful)
Now, that being said, the Government is in no way OBLIDGED to reward "free speech" either. If the government gives an art museum $1,000,000 in grants a year to showcase art through the National Arts Endowment and then the bigwigs there see a statue of the virgin mary covered in blood and feces displayed as art, they are well within their rights as a governing body to NOT renew the grants. This is not censorship. The government is NOT required to reward behavior that it doesn't find acceptable, regardless of whether that behavior is legal or not.
The same way the Lesbian, Gay, BiSexual, Transgender Association on here on campus had a "SexFaire" and "CuntFest" a few years back that "promoted safe sex and raised awareness of students inherant sexuality". About 200 of the university's 45,000 students went to it, but it became a big deal cause they handed out condoms, gave kissing lessons, and other stuff that escapes me at the moment. The state government heard about it and decided to cut the universities funding because the groups that put on these events used campus funds. Were the censored? No. They were no longer rewarded for their behaviors. The money was given to them for free before and they lost that priviledge.
"Don't bite the hand that feeds you" comes to mind.
-Ab
Parent
Sweet, Sweet Justice. (Score:5, Insightful)
Re:Sweet, Sweet Justice. (Score:5, Insightful)
If an ISP has 5000 customers and 3/4 of them are unable to email family at AOL or Yahoo because they're being blocked due to ISP having a spammer or two, the spammers tend to get dropped.
There are exceptions to this, but by and large, collateral damage works.
And like I said, I think it's piss poor policy.
Parent
Re:Sweet, Sweet Justice. (Score:5, Insightful)
Yes, this is indeed a poor policy. SPEWS exists so that the people who are violently against spam can pass the burden of fighting it onto the innocents who aren't as bothered by it.
Parent
Re:Sweet, Sweet Justice. (Score:5, Insightful)
The fact that "innocents" are caught up in the block is unfortunate, but unavoidable from a practical standpoint. SPEWS doesn't list netblocks because they have a spammer or two present.
Idiotic rambling like this is exactly why spews was accepted at all in the first place.
When you post on NANAE and say "Help, i've been blacklisted but my company has nothing to do with spam!", Everyone replies with "Sorry, SPEWS is run by mighty space robots from the future who have travelled back in time to stop it SPAM from destroying the world. Unfortunately, we have no way of contacting them. Your only hope is to talk your isp into kicking off their spammer clients, or change isp's. Maybe the robots will unblacklist you then."
SPEWS doesn't consider the innocents being caught up as unfortunate, they consider them the target. The collateral damage is where they're trying to affect the internet.
If it was about blocking spam and ISP's they'd strategically blacklist ISP-critical machines and the spammers. There's no reason to blacklist the innocents. ISP's won't listen to them about not hosting spammers, and have you tried to find good decent hosting that doesn't rip you off? Especially if you're a larger site.
The "Collateral Damage" is the main damage spews hopes to cause, to try to get innocent people to fight their battles for them.
Parent
The usual glib criticisms of SPEWS (Score:5, Insightful)
Please tell me more about these ISP-critical machines that don't affect innocent users. But then why are they critical?
As for narrowly listing spammers, it's been tried. Sleazy ISPs move the spammers around to evade such blocks.
Parent
Re:Sweet, Sweet Justice. (Score:5, Insightful)
You try running a mail server, even at a small ISP, and see how much crap you have to deal with.
I've done it. My point is that while blacklisting can have it's uses, there's two big problems with spews:
a) They blacklist people specifically to cause harm.
b) USING ANY BLACKLIST AS A CATCHALL IS STUPID. Nobody should be doing this, and anybody who is should be fired for incompetence. It takes more than 'Some group of people who have nothing to do with us have decided that there's a small chance that this could be spam' to efficiently block spam.
SpamAssassin seems to have this down; give everything a score, and if it has a high enough score, then you can block it. But trusting a single source whose purpose is to hurt spam rather than to efficiently block it and only it, and using that as a sole source, like so so so so so many people do, is just plain fucking idiotic.
Parent
Re:If major blacklists can be sued... (Score:5, Informative)
But if YOU are my ISP, and I'm a paying customer with an inbox, I expect that I will receive mail that is sent to me. If this is not the case, you need to specify that to me so I can decide whether I want to use your service.
By blocking mail to my inbox, which I've paid for, you could possibly even be considered in breach of contract.
Of course, if you're just running your own server, you're free to do what you want with it.
Parent
Re:Sweet, Sweet Justice. (Score:5, Insightful)
Parent
Re:Sweet, Sweet Justice. (Score:5, Insightful)
No, it is different. This one is shutting down, and this is how the operator is making sure that everyone knows it is no longer functional.
It is a public service, of sorts. He is guaranteeing that no one is using the blacklist. That way it can't be misused by someone hijacking it, or just left in place by someone who doesn't care. It is shut down. And everyone will know it.
Parent
Re:Sweet, Sweet Justice. (Score:5, Funny)
Then they blacklisted the open relays...
Then they blacklisted the ISP dialup subnets....
Then they blacklisted everyone...
Parent
Re:Sweet, Sweet Justice. (Score:5, Insightful)
Email used to be one of the most reliable means of communicating on the net. You were always guaranteed that your message would either arrive, or you would hear about it (bounce). But with all of the email worms Microsoft has written (you have to admit these email worms/viruses practically write themselves), and the idiotic attempts at stopping the SPAM problem, email is becoming practically useless. mail admins are using blacklists and just dropping mail, which is effectively breaking the mail system. SPAMers may be the cause, but what is the point in destroying email all together. I would rather receive 100 SPAMs a day that loose one legitimate email that was intended for me. Sort of the same reason I am against the death penalty.
As blacklists go, SPEWS is the worst of them. They block entire netblocks so that innocent bystanders will fight their fight for them. If my IP gets blocked even though I haven't sent any SPAM, I am expected to bitch to my ISP and/or move to another ISP, and then maybe in a couple of months my IP might get removed from the list.
Reminds me of the way things work in the middle east. Pick either side, and they are using the same tactics. The Palestinians are blowing up civilians in the hope that the civilians left alive will do something about their problems. And the Israelli government is firing missiles into crowded cities to kill some suspected criminals and anyone else who happens to be within 100 meters of these guys...
Guerilla tactics like SPEWS employ won't work in the long run, and I am happy that SPEWS is getting hit hard.
SPEWS is claiming that the SPAMers are hitting them with this DDos, but I wouldn't be surpirsed if it was some disgruntled and innocent bystanders who were hit by the SPEWS "Collateral Damage" misile.
Parent
Good riddance to bad rubbish (Score:5, Interesting)
I believe in fighting spam, and I think that blacklists are a good idea to a certain degree, but I've always felt that SPEWS was too draconian, and had no option for recourse for those of us who were (as they put it) "collateral damage".
I posted to the referred newsgroup a few times, and got nothing but venom from the locals.
I'm not sad to see them go.
Monopoly (Score:5, Insightful)
They want you to get flamed to death as further punishment.
"Switch ISPs." So if a major residential cable modem ISP's mail server gets blacklisted, then how is anybody in any of the towns serviced by that cable company supposed to send e-mail to users of ISPs that use SPEWS?
Parent
sad news, but there are alternatives (Score:5, Informative)
bl.spamcop.net
one of the best blacklists, it catches a huge % of incoming spam, and virtually no collateral damage.
blackholes.easynet.nl
almost as good as spamcop, and seems to nail a lot of the spam hauses
dynablock.easynet.nl
nukes a lot of the dsl and dialup spammers
argentina.blackholes.us
south american country, what more needs be said ? : )
brazil.blackholes.us
ditto
cn-kr.blackholes.us
china and korea, what more need be said ? : )
turkey.blackholes.us
whole lotta spammers here
sbl.spamhaus.org
a bit too conservative for my tastes, but gets a lot of spam gangs, and has very low collateral damage
bl.reynolds.net.au
if you want to use the spews list, this provides a feed for it
malaysia.blackholes.us
another spammy asian country
wanadoo-fr.blackholes.us
one of the worst european isps
hongkong.blackholes.us
another spammy asian country
do not use bl.spamcop.net for blocking (Score:5, Informative)
http://spamcop.net/bl.shtml [spamcop.net]
You should
Spamcop list on a statistical basis, based on headers of spam reports they receive. This means they also blacklist the upstreams of regular spamcop users (because if all of spamcop user X's mail comes to him via ISP Foo, then ISP Foo's mail server will be in all of user X's spamcop reports).
Do not use spamcop DNSBl for blacklisting - use it tagging or scoring.
Parent
Re:sad news, but there are alternatives (Score:5, Interesting)
Dont like it?
Then be part of the solution and start fighting network abuse in your country. Or you can whine like the rest of the plonked spammers and watch a boatload of mail admins nuke south america. There was an informal poll held in NANAE (network.admin.net-abuse.email) on how mail server admins block all of 200.0.0.0/8. And dozens if not hundreds of people replied they do block all of it. How long before it becomes thousands of networks block your country for spam abuse?
Parent
Re:sad news, but there are alternatives (Score:5, Insightful)
BTW, what have you done to fight abuse in the US?
To me personally, spam blacklisting is a much bigger problem than spam itself because many organizations abroad (like some departments of my former Uni) with whom I sometimes have to communicate (I live in the US right now) blacklist all major US ISPs (MSN, AOL, Yahoo, AT&T) and justify this behavior with the arrogance of US sys-admins that tend to block all foreign mail. This tit-for-tat behavior does not benefit anyone and if anything pisses me off it's the arrogant attitude of sys-admins who for some reason forget their place and think they have absolute power to decide with whom the people in their organization may communicate with and with whom they cannot.
Parent
Garbage (Score:5, Insightful)
Oh, I forgot, the standard propaganda line from these SPEWS.ORG type anti-spam fundamentalists is "we didn't block your email, the ISP using our service did, blame them."
So what DO we do? (Score:5, Interesting)
One idea I've had (or maybe I've heard it somewhere else, I can't remember) is authorization. Change the protocol, or maybe just implement at server, so that before anyone can send you an email they have to request permission. In that request they would identify themselves, and before they start emailing you stuff you would have to send them back permission. Anyone that is in your contact list would automatically be given permission. If it turns out to be spam you could revoke permission. Also analyze the email header and do reverse lookup to see if the domain names resolve properly. If a domain is spoofed, deny it automatically.
Perhaps this has been done before, and I'm sure there are flaws, but I am tierd of hearing about how big a problem this is, without hearing any good ideas about fixing it. Any other thoughts?
Bayesian Filtering (Score:5, Interesting)
perhaps this is a lesson that needed learned (Score:5, Interesting)
The IP address of my server happened to fall a few dozen numbers away from that of a spammer. As a result, it cost me thousands of dollars in lost time and expenses to track down the issue, contact my isp and have them contact whoever it is on Mt. Self-Righteousness that takes you back off the list. Getting on the lists takes day(s), while getting off the lists takes weeks.
Blocking entire IP blocks is nothing short of techie-terrorism. In other words, you can't convince the real wrong doers to stop, so you harm the innocent bystanders to try to get them to revolt.
SPEWS and those that support them point the finger at the ISP while purposely hurting innocent small businesses like mine. It's time they take responsibility for the tools they provide, and in this way, they are no different than Microsoft.
Re:perhaps this is a lesson that needed learned (Score:5, Insightful)
Here's the deal I am willing to make: if you are going to block an entire C block that I am part of, send me an email and let me know and then I will happily complain to my ISP until I am red in the face. I am willing to make that promise.
But... if you want to just slam me on a list without any regaurd for the costs it will incur for me, then don't expect me to be a happy little soldier. It's just not going to happen.
Parent
My Postfix Logs (Score:5, Interesting)
Additionally Postfix is a smart enough MTA so that during the RBL downtime it didn't reject any mail - the default behavior is to deliver if the RBL can't be contacted.
How *do* we fight spam? (Score:5, Interesting)
The problem is that many people, for a variety of reasons (geography being one) can't change ISPs, and many ISPs (mine included) did nothing in response to my complaints (because they knew I wasn't going to move). So what does this do? It certainly doesn't help anyone!
I hate spam as much as the next gal, and I think that the SpamAssassin approach (which is to label mail as spam depending upon certain criteria) is a much, much better approach than blacklisting.
Oh, that's great (Score:5, Funny)
This shutdown seems to be in response to a several-week-long DDoS attack on Osirusoft,
They guy is dealing with a huge DDoS attack and we link his page from the front page of /. ??
I guess we can't make things any worse, but come on. Give the guy a break.
temporary SpamAssassin fix (Score:5, Informative)
Spammers: BRING IT ON (Score:5, Interesting)
I have got to say. I sure do like the Unix's. Linux, BSD, OS X -- doesn't matter. A little thinking, some *shell* scripts, and even a few hack job "vi" scripts. Version
I've tried spamassassin, this filter, that filter. For me, my way seems to be working _very_ nicely. I use it at home (Linux), at work (Linux & BSD) and for a few architect friends/clients (OS X). Years ago now (right after the lawyer's emailed me
Those are my harvesting address'. Nobody should EVER email them, realistically. Oh the spammers like to try dictionary type attempts/attacks. Thanks -- I added those to the alias database as well for future attempts.
A couple of hacked up scripts (I'm working on it in C for even FASTER speed and some learning
Can it scale? Sure -- I'm figuring between 3-500 messages a _second_ isn't a problem. More will simply get queued and then I may notice a "lag" on my server. Bring it on. 1 IP and I whack the entire
It's the
Sure -- sometimes somebody will in inadvertently get blocked. The bounced message directs them to a web page explaining what to do next. BEST solution is to call me. You know me right? Heck, you probably have my 800 number... Oh, you DON'T? Piss off then.
Heck, I even spell out a completely external email address (@Mac.com) that you can forward the blocked message to
Ever wonder what those MAILER-DAEMON messages are all about? The Windows user's machine _starts_ the transmit of the message and disconnect. Your mail server sits there waiting for data from them to a local user -- which becomes un-deliverable and drops a note to whatever you use for the postmaster (can't publish THAT anymore, can we?).
Re-routed now. Thanks, got ANOTHER IP subnet to black ball.
I've racked up a large chunk of the Internet already -- and the stat's only seem to be increasing. Of course I've "white-listed" specific IP's of ISP's mail servers as needed. 3 so far I think. Most ISP's will put their mail server on a different subnet than their assigned IP's. Thanks. 1 white-listing was for a dedicated single IP user who's neighbor turned out to be a spammer. He had words with his ISP -- the spammer was kicked after that turned into conference call.
Sure -- some loser ISP will see more money from the spammer and side with them. We all know those ISP's -- and I've seen the same IP ranges in their listings as mine. I doubt the legit customer will remain there for long as I know I'm not the only one blocking them. Ultimately $$$ talks and the spammers are going to run dry eventually. They're now resorting to theft of services since they can't find legit connections anymore...
REJECT(S) TODAY: 482
Subnets Blocked: 434210 (110289340 total hosts in the
Percentage: 2.834% (3906250000 Internet addresses' [~3.9 BILLION] Served
Subnets TODAY? 142 (36068 total IP's)
Harvested: 49 messages
URL Lookups: 0
That's 49 messages today to some dummy account. No hits for the right web page (from a blocked message) in the logs... 142 IP's (now complete subnets
OH boo hoooooo (Score:5, Insightful)
I'm an anti-spam nazi, and SPEWS gave us all a bad name. I'm glad SPEWS is dead, and it needs to stay dead. It did nothing good for the anti-spam movement, only exacerbated the situation. With no appeal process and the total lack of caring for innocents leaves me with nothing but happiness to see this travesty of justice get blown into oblivion.
Sometimes, the enemy of my enemy is my friend...
Goodbye Spews... we won't miss you, you hulking piece of ill-thought out crap. Let me wave goodbye with my middle finger.
Now, maybe System Admins without a clue will be forced to take real steps to protect their users from spam, instead of playing the lazy asshole and taking the Hail Mary approach that is SPEWS and hoping for the best.
I feel greasy, now... to have agreed with spammers. I think I'll go take a shower.
It matters not... "Son of SPEWS" will rise... (Score:5, Insightful)
One important point to remember is that Joe Jared himself was NOT SPEWS. No one ever knew who they were (at least no one that will admit to it). He merely acted as a reflector for their listings.
Another thing to remember is that a DDoS attack -- ANY DDoS attack -- is a criminal act. If the release of the recent incarnations of the SoBig worm and the DDoS attacks against SPEWS are indeed related, then it only proves that spammers are indeed criminals.
For my part, I've already seen an increase in spam as the result of losing access to the SPEWS DNSBL. I've had to update our local blocklist six times today, and that's really unusual for my setup. I suspect I'll be fairly busy over the next couple of weeks, doing a little of the same each day.
Spammers may have won a battle today. They're a LONG way from winning the war.
At Last! (Score:5, Funny)
RBL Consequences (Score:5, Interesting)
About a month ago Earthlink decided we were sending out spam and cut us off. So, despite the fact that we have no relationship at all to spam, we were unable to communicate with any of our customers who use Earthlink. After appealing, they realized the mistake and removed the block. How did it happen? Seems that if an Earthlink customer just accuses you fo spam you can end up on the list. Thankfully cooler heads prevailed at Earthlink and the matter was resolved quickly.
We were blocked by AOL once too. How ironic since we use to be their #1 3rd party content provider back-in-da-day (remember hourly?). They should have know about us. (grin) Fortunately that was resolved too.
Then, of course, today we got hit by SPEWS and that lead to our phone call to Mr. Jared. The poor guy was frazzled, and rightly so. But we had a legit beef...
Our business is entirely web based. We have to deal with a heavy volume of customer feedback, all of which want fast responses. Any hickup and we can get really far behind. But when we get blocked, we're almost helpless. We get an email "Hey, my character got killed by a ravenous bugblaster beast from trall!" And we write back, "Oh my, let me restore your character!" only to have it be filtered out by some shotgun blacklist. They get no response and start flaming us for "not responding". A day or more of this and things get really messy.
You start to feel like you are at the mercy of some so-called "authority" that could not care less about your guilt or innocence. If he or she wants to, they can just take you out. We've participated in opensource, contributed back, done the good netizen thing... yet this real-time blacklist thing hangs over us. We never know when something else like this is going to bite us. And maybe next time there won't be any appeal.
I'll dance on their grave (Score:5, Informative)
The online checker repeatedly told me that my server would be scheduled for more tests, and would then be removed from the blacklist.
But this never happened. No further checks were made. My server was never removed from the blacklist. And what's more, Osirusoft refused to reply to any of my e-mails. They refused to even explain why they were blacklisting, despite the fact on several occasions I politely requested either removal from the blacklist, or an explanation as to why I was on it. Ultimately I had to get a different IP address for the machine in question, which was exteremely inconvenient.
I'm strongly opposed to spam. However, any company that offers services to block spam have to accept that they will sometimes accidentally cause problems for legitemate users, and they have to have mechanisms in place for such users to sort the situation out. Ignoring people who have legitemate complaints against you is not the way to do it.
greylisting (Score:5, Informative)
Time again [slashdot.org] to discuss greylisting [puremagic.com]?
Looks to me to be an elegant, viable alternative to traditional black/white -listing, both of which require lists be maintained -- and well maintained. Sometimes very large, very centralized lists, which have ugly consequences when they fail.
From the Greylisting Web site [puremagic.com] (with bolding from me):
The Greylisting method is very simple. It only looks at three pieces of information (which we will refer to as a "triplet" from now on) about any particular mail delivery attempt:
From this, we now have a unique triplet for identifying a mail "relationship". With this data, we simply follow a basic rule, which is:
If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure.
Anybody know where we are as far as a working implementation of this idea goes?
Re:trusted signing of mail servers (Score:5, Funny)
Oh that's just fscking great. And to register a trusted mail server will no doubt cost $1000/year for a Verisign "trusted" certificate. Screw that. If you can do the same thing but make it open source then I'd say go for it, but if I have to be ass-raped by Verisign for another minute I'll give up on the entire god damn Internet.
Parent
Re:Well, fine, but... (Score:5, Informative)
$ host -t TXT IP.relays.osirusoft.com
IP.relays.osirusoft.com text "Please stop using relays.osirusoft.com"
Parent
Er, clueless (Score:5, Informative)
Second, were you aware that by consuming fossil fuels, you are funneling money the middle east, which produces almost all terrorist threats to the United States? That's supporting terrorism. I don't see you volunteering to stop buying fossil fuels until the OPEC countries clean up their terrorist problem.
Third, the idea behind spam prevention is to make email MORE USEFUL for legitimate users. SPEWs does not meet that criteria, because it causes more problems for legitimate users than gain. Moreover, it hides the true cost because few people are fully aware of what spews is doing and why. Even most email admins using spews are NOT AWARE of how it operates. They should publish their philosophy everywhere related to it. If every SPEWS doc had said, "We block enormous blocks of legitimate users, trying to use collateral damage to force ISPs to take action against their tiny fraction of spamming users", SPEWs would be irrelevant today.
Finally, spews is horribly non-responsive and error prone. I still have a colocated server blocked because some ISP on a block that's not even in the same
Parent