As the Spam Turns 408
Anonymous writes "The SBL has added Verio's corporate mail servers
to its blocklist which protects nearly 100 million mailboxes, because of the number of spam gangs on the Verio network.
Verio also provides connectivity to AS26212, a collection of 9 of the most notorious spammers netblocks. AS26212 - the new spambone? - is also connected to he.net and bbnplanet.net."
in case it gets slashdotted (AC,not karma whoring) (Score:5, Informative)
129.250.36.0/24 is listed on the Spamhaus Block List (SBL)
Nov 17 2002 - 15:3hrs GMT
Verio, Inc. Corporate Mail Relays
This SBL listing of Verio, Inc. corporate resources for Knowingly Providing Spam Support Services, is made with sadness on the part of the Spamhaus Project team because we know Verio has an extremely good Abuse Team and an excellent Acceptable Use Policy. We are certain Verio's spam problems are caused by greed-driven executives overriding the Abuse team and making a mockery of Verio's Acceptable Use Policy.
Things have gone seriously wrong at Verio. Verio is in management crisis and Verio's Sales management has made an unwise decision to generate additional cash by purposefully selling connectivity to well-known spam gangs enabling blatant spam operations to operate from the Verio network.
A number of hard-core notorious spam gangs run by spammers with criminal records for fraud or theft are now hosted knowingly by Verio, therefore the volumes of Verio-hosted spam have increased dramatically. Gangs including "US Health Labs" and "Cyrunner" (running two separate fake ISPs "UNIPXNET" and "IXXNET" off Verio with fraudulent registrations designed to misdirect spam complaints) are flooding the Internet non-stop in spam for "pre-teen-sex", "make-penis-fast", viagra, loans and mortgage scams.
Verio's broadband business unit's president is believed to have personally approved the sale of 100+ high-bandwidth lines to US Health Labs, knowingly for spam purposes. These are sales made knowing that US Health Labs, run by professional spammers Mike Cunningham and Andrew Amend, are a spam gang whose sole business and sole use of Verio's network is for the relentless and illegal spamming of millions of U.S. Citizens.
Another long-term professional spam operation, IMG Direct run by Steve Hardigree and Frank Bernal moved to Verio on 1 November after being thrown off Sprint. Another spam operation, Gordon Lantz, like the others thrown off almost all major U.S. networks, is about to go live on Verio having been approved and scheduled for installation.
With increasing alarm, the Spamhaus Project has watched spammers moving to Verio due to Verio Sales Managers knowingly doing business with notorious 'porn & pills' spam gangs. Spamhaus believes that Verio's CEO is ordering the Abuse department to disregard the AUP and that is a situation that, as well as illuminating a disastrous state of affairs for Verio customers and shareholders, is unacceptable to us.
This SBL listing of Verio's Corporate Mail Relays is intended to not impede the normal communications of Verio customers, but to concentrate boycott action on Verio executives. Executives who appear willing to supply Spam Support Services foregoing ethics and integrity in return for promises of larger line purchases from spam operations.
Email from Verio Corporate Mail Relays is currently being refused by 98 Million international SBL users. If you are currently experiencing mail difficluties due to this listing, please contact your Verio account manager/Verio Customer Support now. A Verio executive needs to contact Spamhaus.
SBL Listings of spam gangs hosted by Verio [spamhaus.org]
Verio spam complaints (current issues) [google.com]
The 'Cyrunner' spam gang (aka "UNIPXNET" and "IXXNET") [spamhaus.org]
The 'US Health Labs' spam gang [spamhaus.org]
Re:Great, more censorship (Score:5, Informative)
this is at least two weeks old (Score:1, Informative)
Needless to say, the chances of my actually recommending them as a hosting provider are roughly equivalent to the odds of a squadron of flying pink poodles attacking Finland on December 32nd.
Re:Great, more censorship (Score:2, Informative)
Really? You mean blocking 995 out of 1000 [paulgraham.com] isn't "nearly perfect"? 99.5% seems pretty damn close to perfect to me...
Re:Great, more censorship (Score:2, Informative)
Besides, if they decide to take the initiative and prevent this sort of thing from happening, they can be reinstated. Sounds good to me.
Only the corporate site was blocked (Score:5, Informative)
In the comment from Spamhaus it is clearly stated that only the Verio corporate mailserver is blocked in order to protect their ISP users.
Viro when did you lose your way? (Score:5, Informative)
Their anti-spam policies were so draconian that we had to move to exodus. When did they become pro-spam?
Screw more laws, just ban IPs via smart networks. (Score:2, Informative)
And, as ISPs, we simply have to monitor our resources more carefully. If we detect a lot of broadcast activity (i.e. outbound SMTP traffic) we're notified and we investigate. We collaborate.
Real technology can block spam. Laws and crap like Spamcop just make more red tape and are half ass solutions.
Re:DNS Question... (Score:2, Informative)
from a dig mx ixxnet.net:
ANSWER SECTION:
ixxnet.net. 1H IN MX 5 mail.ixxnet.net.
ixxnet.net. 1H IN MX 4 66.25.224.10.
And from a dig mx dialnil.com:
ANSWER SECTION:
dialnil.com. 59m51s IN MX 4 216.21.32.14.
dialnil.com. 59m51s IN MX 5 mail.dialnil.com.
RFC 1035 - "Each MX matches a domain name with two pieces of data, a preference value (an unsigned 16-bit integer), and the name of a host."
http://www.isc.org/ml-archives/bind-users/1999/
Re:Good (Score:5, Informative)
Actually, most "spam blockers" work for organizations which commercially use the Internet. They are mail administrators for ISPs or other companies, which have directed them to reduce the impact of spam on their businesses -- to cut costs or to improve service to customers.
Spam isn't commercial use. It's criminal use.
Re:Only the corporate site was blocked (Score:1, Informative)
Actually that isn't correct. Verio has two mail systems, one is their webhosting stuff and one is everything else. The "corporate" server where employees get their email is in the "everything else" which is what's blocked. But there's also a lot of customers served by that system, so while they ARE listing the corporate stuff they're listing a whole lot more too, whether they know it or not. (No I dno't know whether they know it or not, but I know for a fact they're blocking customers too, so their claim about blocking only corporate people is just plain inaccurate.)
Basically anybody whose mail isn't part of one of their web-hosting packages is on this blocked mail system. (Which includes me)
Re:Why content filtering is not enough (Score:5, Informative)
Sure, DNSBLs and other blacklists help. They should be used. The content filtering is just perfect for covering that last mile (if spam passes all the blacklisting mechanism). It _might_ deterr spammers from spamming, but I doubt it. Spammer notices that his last mailing bounced, and he uses another open relay.
If a spammer knows that Bayesian filters and Spamassassin/Razor type content filtering are widely deployed, it will act as a quite effective deterrant for sending spam. Maybe.
What really needs to be done is EDUCATE isps that an open relay can get you in a whole heap of trouble. Of course many have closed their relays, but a lot still have open ones. Especially administrators in the Middle East and Asia need to be LARTed badly, since that's where 90% of my spam is relayed from. Once all open relays are killed, the spammer has only 2 alternatives, either set up his own SMTP, or use the one his ISP allocated to him. Both are easy to track and put an end to. The spammer would have to register for a new account and the more often that happens, the sooner his/her name will be blacklisted. Heck, if anti-spam laws are legislated, the spammer could end up in jail. Jail is the ultimate deterrent. There's nothing like the prospect of being assraped by Bubba to deterr spammers.
With respect to the "filtering spam is censorship" comments, well... Content filtering is my way of plugging my ears with my fingers because I do not want to know what you are trying to sell me/scam me into. The DNSBLs are a LART to teach the admins not to run an open relay.
100 million mailboxes protected? (Score:4, Informative)
Here's hoping this group is more responsible than SPEWS. With that (likely bogus) figure being announced, I doubt that they are.
Re:Great, more censorship (Score:5, Informative)
I don't want to sound like a callous jerk, but it doesn't sound like the original poster knows what it's like having thousands of users screaming for some sort of server-side spam filtering. For their $18 or whatever a month, the majority of them want their ISP to do something about the viagra/pr0n/MMF spam in their mailbox. ISP's just need to make the right decision in letting the users decide if they want filtering or not. Users can always go elsewhere if the ISP wants to enforce filters the user doesn't like.
My $.02 USD.
Obligatory pitch (Score:5, Informative)
This solution doesn't do anything about bandwidth (since you will still get the same amount of spam traffic at your mail port), but it's a fuzzy-warm feeling to be in control of your own mailbox for once.
Re:Good (Score:5, Informative)
Actually, having just tried a demo of CD-R Diagnostic (an excellent program, btw), I'd like to point out that you send FOUR. Two in quick succession when the demo is downloaded, one three days later, and one five days after that.
The last e-mail says that you delete all evaluation e-mail addresses after 14 days, but the others give no indication of when it will end, there are no remove instructions, there is no explanation of how you got my address, etc. If I got this because someone typed in my e-mail address, I'd probably report you too. You should read up on the Ten Rules for Permission-Based Marketing [messagemedia.com].
Re:Spam comes from unlikely places... (Score:3, Informative)
One solution for spam in your inbox (Score:5, Informative)
This works best if you own your own domain name and can create multiple pop boxes. It's still doable using regular email accounts, however.
Step 1: Change your email address to a previously unused address at your domain. Test it for a day, verify no spam is coming in to that address.
Step 2: Email all your trusted friends, relatives and business contacts your new email address.
Step 3: Remove your old email address links from your website and replace them with a feedback form that emails an unrevealed throwaway secondary address using your favorite web -> email gateway scripts.
Step 4: Create a bounce message at your old address, with a link to the feedback form, for all the people you forgot to email about your new address, and for people who want to contact you through your old address as they have found it on google searches or other archived postings, or your old business cards, etc.
Step 5: Receive both the new email address and the feedback form submissions on to your local mail reader. Filter them in to seperate directories. Give out your real, private address to feedback form users once they've verified themselves as being legit. If not, have a throwaway identity you can talk to them through. (the email account that the feedback form mails to) If you start getting spam at that address, simply change it.
Step 6: When you make public postings, post the feedback form URL instead of your email address. When you have to give your address away to commercial websites to sign up or download things, give them the throwaway address, or create a third address for legitimate online companies and filter that into a third folder for "commercial website email" If that get compromised by an unscrupulous business, change it. Still doesn't affect your primary private address.
You can receive the two or three addresses all at once with any modern mail reader, and filter them into folders. I personally use Eudora.
This is a really easy thing to do if you can stand changing your email address. I've had the same address since 1995, so I get about 150 spams per day. I have a filter that gets rid of most of those, but that's local and I still take the bandwidth hit, and about 20% of them get to my inbox still. Rather than try to over-filter and get a false positive, I think the above solution is a worry free and clean way to make a break from spam.
---Mike
Re:Is that why spam in my Hotmail account has drop (Score:4, Informative)
One wonders about SPEWS (Score:2, Informative)
Re:This is depressing... (Score:1, Informative)
Blocking AOL, Yahoo, MSN, etc may be a cheap way to stop a lot of spam, but that is not where the spam is actually coming from.
Spamassassin and Blackholes.us (Score:2, Informative)
it's a bit lame filtering spam with spamassassin
after having downloaded it, but if you don't
have any other valid option, this would be
good as well.
Verio is listed on blackholes.us [slashdot.org], which make it us easier to set it up on
spamassassin [spamassassin.org]
For instructions click here:
http://www.blackholes.us/docs/usage.html
I already use it with china.blackholes.us, nigeria.blackholes.us and korea.blackholes.us, and
I must say I'm very happy of this setup, even if
idiots like "merrynhappy" still are out from
the filters. Notice that I don't filter all the
foreign encodings, since I want to allow my
Ciao.
Re:One solution for spam in your inbox (Score:2, Informative)
You sign up as, for example, fred, supply SpamGourmet with your real email address, then whenever you need to give out an email address to anyone you don't trust, give them something like: kazaa.10.fred@spamgourmet.com . SpamGourmet will relay 10 (and only 10) messages sent to that address though to your real address... any more will just get chomped. Maximum of 20 relays.
Very, very cool service. The fact that the basic model is free just rocks. I have no relation to them other than as a happy user.
Pete.
Re:Good (Score:3, Informative)
In fact, they already tried the same stunt on Ron Guilmette of monkeys.com (threatened legal action when Ron expanded their listings on his system). Within (probably) minutes of the word going out on the newsgroup, many SA's, myself included, started asking for lists of Verio's IP ranges, and inserted those lists in their private blocklists.
In short: If they threaten legal action against people who are doing nothing more than expressing an opinion (in the form of publishing lists of IP addresses they think are contributing to the spam problem), and taking steps to protect their private property (by checking incoming mail connections against that same list, and selectively blocking the unwanted stuff), they're only going to dig themselves deeper into their existing hole.
Verio is second only to UUNet (also known as 'SpewSpewNet') for harboring spammers. They need a wake-up call like nobody's business. If Steve's listing doesn't do the trick, I don't think anything else will.