Spam Blackhole Lists Redux

tsu doh nimh writes "Are spam blackhole lists good, bad or indifferent? That appears to be the question they're tackling in this Washington Post story. It has some interesting back and forth between supporters of the lists and those who claim they condone censorship." J adds: Brad Templeton recently offered some comments on the most extreme pro-blacklist position.

Uhh, no.

[Motherfucking Shit]

Blockquoth the article,

It is unknown who runs SPEWS, and the Web site -- spews.org -- offers few answers. The site's registration information at various Internet WHOIS databases is deliberately false, with the e-mail contact listed as not@available.org.

Someone hasn't figured out the -h flag to whois, apparently. Depending upon the flavor of whois being used, any queries for .org domains will now list "not@available.org" as the contact email addresses unless the sponsoring registrar's server is queried.

SPEWS' WHOIS record isn't really hiding anything when you ask the right server:

# whois -h whois.joker.com spews.org
domain: spews.org
status: production
origin-c: chip@sendmail.ru#3
organization: Visit Lake Biakal!
owner: chip level domains
email: chip@sendmail.ru#3
address: po box 61, Baikalsk-2
city: Irkutsk region, -- 665914
postal-code: 665914
country: RU
admin-c: chip@sendmail.ru#3
tech-c: chip@sendmail.ru#3
billing-c: chip@sendmail.ru#3
registrar: JORE-1
created: 2001-07-07 15:50:12 UTC caserv
expires: 2003-07-07 15:50:12 UTC
source: joker.com

Whether or not that address really exists, I don't know - but I doubt SPEWS is about to put obviously bogus information (e.g. not@available.org) in their WHOIS record. The spammers would just file a complaint with ICANN.

Spam blackholes are flawed

[Mohammed Al-Sahaf]

There will always be some sites improperly secured that allow the spammers to relay their material. I find almost all the emails I get now are bounced through DSL boxes. Blackholing them doesnt help because you're actually blacklisting legitimate users and the spammers themselves are hidden. Having said that, I think such blackholes are important as an incentive to force ISPs to enforce their Terms of Usage. A lot of the SPAM i get is bounced through the same ISPs, or ISPs in eastern countries like Taiwan who dont seem to care about complaints.

Mr. Carmack (the spammer) was arrested today.

[Blaede]

I'm quite surprised nobody has mentioned this yet [msnbc.com], or submitted it as a story. He's being indicted for forgery and identity theft.

Re:What is is with the Spam???

[yintercept]

The people with the main Spam problems are the ISPs. There are thousands of dead email addresses, and mistyped email addresses on spam lists. You will get hit with a hundred spams just for owning an email list.

Of course, the biggest problems are with web sites that display email addresses. I've had my private email address ruined because I did some volunteer service and the web site owner posted my email address to thank me...arrrggghhhhh!!!!

BTW, you can sometimes find if your email address is on a web page by entering your email address in Google.

Free Speech

[Detritus]

If you live in the USA, the Bill of Rights enumerates your right of free speech. That does not make it an absolute right. Try exercising your right to free speech on my property and I will have you arrested for trespassing.

Re:Counter to the spirit of the Internet

[KrispyKringle]

See, you raise an interesting point which is really farther-reaching than just the spam question. The idea that there is a "spirit of the Internet," like the slogan "Information Wants To Be Free," has been around pretty much since universities first signed on to the Internet, and is at once responsible for many attitudes regarding appropriate behavior and regulation of the 'Net while being little more than a myth.

This idea is discussed in Larry Lessig's [stanford.edu] Code and Other Laws of Cyberspace (which was actually reviewed here on slashdot, according to the cover). Subscribors to this myth often say that the architecture of the Internet doesn't permit control, that the ability to anonymously browse the Web, to trade files and information without oversight or responsibility to the authorities, guarantees that the Internet will always be free.

"This is the fallacy of 'is-ism'" writes Lessig, "to confuse how something is with how it must be." Lessig claims that encroaching commerce, as much as legislation, can and does change the architechture of the 'Net to permit control (and in some of his other works points to this as the means of strong intellectual property controls, privacy invasion, and the like).

Lessig seems to see this as largely a bad thing (certainly the Passport vulnerability teaches us the risk of such designs), but clearly the flip side is that if digital certificates became the norm and senders had to take more responsibility for their emails, we would combat spam more effectively. This is not the only benefit; digital certificates would help deal with fraud on auctions like EBay and permit greater security across the 'Net.

I personally agree that the 'Net should be less regulated and should be a free exchange of ideas; if a nation with especially strict rules attempts to limit its part of the Internet, all of us are affected. But clearly the 'Net can be regulated, and there may even be situations where it should be so.

On another note, from the standpoint of Constitutional law, it is fairly innacurate to compare commercial speech like spam to political, individual, or artistic speech, which all earn strong First Amendmant protection and for which strict scrutiny must be met to limit those freedoms. Limitations to commercial speech, in contrast, must only meet intermediate scrutiny (a reasonable governmental interest rather than a compelling one), as evidenced by FTC regulations on advertisements and the like, regulations which would not stand against political activism and the like.

Forget RBLs - active whitelisting is the future.

[almaw]

It's simple - when a mail comes in you send an e-mail back to the sender with a cookie in the subject line. That e-mail requests they send you a confirmation e-mail to get onto your whitelist, which also causes the original e-mail they sent you to be de-queued and delivered.

If you feed your inbox/archives into your whitelist, 99% of people who e-mail you won't even notice the system is running.

I used to get about 200 spams a day. I tried RBLs, I tried spamassassin. None of it worked reliably - RBLs were only catching about 20% of my spam and spammers now get around spamassassin by looking at the rules when they craft e-mails. False positives were also a problem - sure, it's quicker filtering suspected spam into a spam folder for batch-checking, but it's still a serious hassle with >80 dubious borderline spams a day, and tens slipping straight through the spamassassin/RBL net into your inbox.

Happily for those of you running your own mail servers (or sitting on a *nix box which delivers mail locally via procmail), you can get a program which will do this for you for free. It's called Active Spam Killer, it's written in Python, and you can get it here [paganini.net].

Blackhole/blacklist is wrong approach

[bigberk]

I don't like the idea of blacklisting IP netblocks, and here's why: when you see spam coming from any given host, it's rarely the netblock that's the problem, rather it's always the spam content that's the problem!

If you understand that point then you can see why all the collateral damage occurs unnecessarily. You're shooting down the wrong target. We're doing it now because it's easier (blackhole IP, bandwidth saved) but the consequence is too great to ignore: we're fracturing Internet-wide communication more and more every day!

We should focus instead on content-based spam filtering, and share that knowledge to improve efficiency. Accuracy skyrockets and collateral damage virtually disappears! You can use intelligent software like spamprobe [sourceforge.net] to classify mail as spam, for instance. There's also the Distributed Checksum Clearinghouse [rhyolite.com], which lets mail servers around the world determine what's spam based on collective mail data.

A million mail servers sharing with each other what they know about the appearance of this week's spam would be killer. I'd love to see that.

Re:You'd get better results...

[Imperator]

They suck in massive amounts of matter and spew out lots of high-energy crap.

Re:Yes but what about re-assigned IPs to new perso

[meringuoid]

As far as I know, SPEWS don't bother with reeducation. That would jeopardise their anonymity.

To the best of anyone's knowledge, SPEWS' approach is this:

1) Set up spamtrap addresses, seed them on Web and USENET
2) Receive spam: complain to ISP.
a) If spam stops, stop.
a) If spam continues, blacklist.
3) If spam still continues, expand blacklist by stages until the entire ISP is blocked.
4) Keep blacklist in place until
a) the ISP notices its problem and stops the spam
b) the ISP goes out of business
c) the Universe undergoes a heat death

Note that this is a LOT better than the alternative, where every mail admin runs his own blacklist. Such lists are virtually impossible to get out of, because nobody has the time to check for removals. I believe that a great deal of what was once AGIS IP space is still blocked at many sites, and that block is a 4c 'heat death' type.

Re:Uhh, no.

[Jack Auf]

Uhh, no.

I worked for a vertical market ISP that was reselling UUNet/WorldCom. And I can tell you for a fact that SPEWS is not in fact "reasonable". They blocked the entire subnet that we had 8 ip's on because *one* user on another segment of the subnet sent out spam. Their response was 'too bad, handle it with UUNet, not our problem'.

We had nothing to do with sending spam or any spammers, we we're just deemed 'collateral damage'. We eventually had to change subnets which cost us time and money. Was this fair?

Reasonable? SPEWS? No.