Osirusoft Blacklists The World 947
NSXDavid writes "Earlier today our site mysteriously ended up on Joe Jared's Osirusoft SPAM blacklist which is used by lots of antispam software (like SpamAssassin and sendmail). Since he is currently under a serious DDoS attack, there was no way to appeal this decision. We contacted Mr. Jared by phone who informed us that 'everyone needs to stop using Osirusoft and that he's going to be shutting the service down.' Then he says he's going to blacklist 'the world' (aka, ban *.*.*.*) to get his point across. Later on this evening, he apparently went ahead and did just that. Succumbing to lawsuits and DDoS, a once great blacklist is dead. SpamAssassin is removing it from their config in the next release (rc3) and email admins around the globe are reconfiguring their mail servers."
sad news, but there are alternatives (Score:5, Informative)
bl.spamcop.net
one of the best blacklists, it catches a huge % of incoming spam, and virtually no collateral damage.
blackholes.easynet.nl
almost as good as spamcop, and seems to nail a lot of the spam hauses
dynablock.easynet.nl
nukes a lot of the dsl and dialup spammers
argentina.blackholes.us
south american country, what more needs be said ? : )
brazil.blackholes.us
ditto
cn-kr.blackholes.us
china and korea, what more need be said ? : )
turkey.blackholes.us
whole lotta spammers here
sbl.spamhaus.org
a bit too conservative for my tastes, but gets a lot of spam gangs, and has very low collateral damage
bl.reynolds.net.au
if you want to use the spews list, this provides a feed for it
malaysia.blackholes.us
another spammy asian country
wanadoo-fr.blackholes.us
one of the worst european isps
hongkong.blackholes.us
another spammy asian country
Online intimidation... (Score:3, Informative)
This could turn into the same sort of gang-induced protection rackets as in meatspace. What would a company or individual do if a cracker group sent them an email saying, in effect, "Do $this or you're off the net."
It's hard to see a good technical solution for this. It's a tort--and possibly assault---like any other physical intimidation tactic, and will probably only stop if legal means are brought to bear.
Unfortunately, tort suits are hard to press across continents.
Quick Workaround (SpamAssassin) (Score:2, Informative)
score X_OSIRU_OPEN_RELAY 0
score RCVD_IN_OSIRUSOFT_COM 0
score X_OSIRU_DUL 0
score X_OSIRU_SPAM_SRC 0
score X_OSIRU_SPAMWARE_SITE 0
score X_OSIRU_DUL_FH 0
Everything's gonna be all right.
temporary SpamAssassin fix (Score:5, Informative)
SPEWS was worthless (Score:2, Informative)
do not use bl.spamcop.net for blocking (Score:5, Informative)
http://spamcop.net/bl.shtml [spamcop.net]
You should
Spamcop list on a statistical basis, based on headers of spam reports they receive. This means they also blacklist the upstreams of regular spamcop users (because if all of spamcop user X's mail comes to him via ISP Foo, then ISP Foo's mail server will be in all of user X's spamcop reports).
Do not use spamcop DNSBl for blacklisting - use it tagging or scoring.
Re:Important Addition (Score:3, Informative)
score RCVD_IN_OSIRUSOFT_COM 0 0 0 0
because all those X_OSIRU_* rules add on to the score of this base rule.
Re:Sweet, Sweet Justice. (Score:2, Informative)
No, SPEWS exists so that the people who are violently against spam can pass the burden of fighting it onto the people who are responsible for causing it, i.e. spam-friendly ISPs.
The fact that "innocents" are caught up in the block is unfortunate, but unavoidable from a practical standpoint. SPEWS doesn't list netblocks because they have a spammer or two present. SPEWS lists netblocks because the ISP knowingly and willfully hosts spammers even after they have been notified about them. Once the spammers go, the listing goes. Usually quite rapidly.
Re:sad news, but there are alternatives (Score:4, Informative)
Re:perhaps this is a lesson that needed learned (Score:3, Informative)
In some cases blocking whole IP blocks was justified. I prefer spamhaus as a whole due becaue it makes my life easier making a valued judgement whether or not to block a whole block.
Spews does not seem to acknoloage the fact that they practice a form of censorship by encouraging others to censor out specific sites. What I find worse are their users who don't seem to understand that they are censoring sites. I use spamhaus my self and I freely admit i'm the final censor who is engaging in the censorship of unsolisited marketing materials.
Re:Blacklists and reality (Score:2, Informative)
Global RE: people who are glad osirusoft is down (Score:4, Informative)
Many mail admins (including myself) consider spam to be network abuse and liken it to a criminal offensive. Simply blocking the IP of the spammer itself has been shown to not work very well or for long as the spammer jumps to a different ip addy, often in a different
In response to isp's shuffling the spammer around, more agressive blacklisting was done by the above mentioned blacklists. This instantly got a lot of the isps to pay attention and clean out their spammers. It also pissed off a lot of "innocent" users as well.
I say "innocent" because technically they are not pure white innocent, but more of a gray color innocent, because directly or indirectly, they ARE supporting spam. How so? Imagine the following.
Your next door neighbor is an islamic terrorist (spammer). Definitely a criminal. And his landlord (isp) (who is also your landlord) knows he is a terrorist and continues to willingly provide housing from him. In response, the FBI (the blacklists) blocks off your entire street (/24) (which the landlord owns all the housing on) and conducts house to house searches looking for terrorists. You complain when your house is searched. "But I am not a terrorist (spammer)". After finding out your landlord is housing terrorists, you continue to live there and pay rent to him, even though he is harboring terrorists and refuses to remove them off his property. As a result of you continuing to support your landlord finacially, your house keeps getting searched every so often (you stay on the blacklists with the spammer).
Now what do you do? Do you keep paying the landlord and supporting terrorism indirectly? Or do you move out and get a better landlord ?
Thats why you guys are on blacklists. Its not that you've done anything directly wrong, but your supporting spammy isps. The quickest way to find out if your isp is a spam haus, go here.
http://www.spamhaus.org/sbl/isp.lasso
Re:Blacklists and reality (Score:3, Informative)
public key encryption is a good model
Somethingawful.com shut down spews (Score:1, Informative)
http://www.somethingawful.com/articles.php?a=160 5
Re:perhaps this is a lesson that needed learned (Score:4, Informative)
Once again, the wrong target is attacked. Your ISP was negligent, that is why they were listed in SPEWS. Had they booted the spammer when it was first reported, there would have been no problem. Contrary to the lies of anti-SPEWS whiners, SPEWS does not list an entire ISP's IP range the nanosecond after a single spam run.
Re:Blacklists and reality (Score:3, Informative)
Unfortunately, spammers already cracked this one, too. Any information used to get past filters will ultimately be presented in the header (otherwise is illegal). Get a sample, run some numbers and bam: you have an algorithm.
I need not go further into the explanation for most to know how they did it. Probably don't need much more proof either, for many recieve spam with keys in their subject or headers.
Someone before mentioned: "...We need to get rid of SMTP..."
He was right as day.
Re:perhaps this is a lesson that needed learned (Score:3, Informative)
Re:How *do* we fight spam? (Score:2, Informative)
Did it ever occur to you that most career spammers that WOULD cause the ISP to get blocklisted to hell and back are all known and the reason why ISP's still sign them up is because they either do NO background checking or get greedy by the extra money the spamming scum is handing to them?
Re:Important Addition (Score:2, Informative)
Just one zero is needed, as it will disable the test for all modes.
By default, the OSIRU tests are enabled only when running network mode only, so if you havent customized your configuration and changed that, then you are in the clear - but it's a good idea to disable these tests nonetheless.
Re:If major blacklists can be sued... (Score:5, Informative)
But if YOU are my ISP, and I'm a paying customer with an inbox, I expect that I will receive mail that is sent to me. If this is not the case, you need to specify that to me so I can decide whether I want to use your service.
By blocking mail to my inbox, which I've paid for, you could possibly even be considered in breach of contract.
Of course, if you're just running your own server, you're free to do what you want with it.
Re:Well, fine, but... (Score:5, Informative)
$ host -t TXT IP.relays.osirusoft.com
IP.relays.osirusoft.com text "Please stop using relays.osirusoft.com"
Er, clueless (Score:5, Informative)
Second, were you aware that by consuming fossil fuels, you are funneling money the middle east, which produces almost all terrorist threats to the United States? That's supporting terrorism. I don't see you volunteering to stop buying fossil fuels until the OPEC countries clean up their terrorist problem.
Third, the idea behind spam prevention is to make email MORE USEFUL for legitimate users. SPEWs does not meet that criteria, because it causes more problems for legitimate users than gain. Moreover, it hides the true cost because few people are fully aware of what spews is doing and why. Even most email admins using spews are NOT AWARE of how it operates. They should publish their philosophy everywhere related to it. If every SPEWS doc had said, "We block enormous blocks of legitimate users, trying to use collateral damage to force ISPs to take action against their tiny fraction of spamming users", SPEWs would be irrelevant today.
Finally, spews is horribly non-responsive and error prone. I still have a colocated server blocked because some ISP on a block that's not even in the same
how to disable it. (Score:3, Informative)
score RCVD_IN_OSIRUSOFT_COM 0
I'll dance on their grave (Score:5, Informative)
The online checker repeatedly told me that my server would be scheduled for more tests, and would then be removed from the blacklist.
But this never happened. No further checks were made. My server was never removed from the blacklist. And what's more, Osirusoft refused to reply to any of my e-mails. They refused to even explain why they were blacklisting, despite the fact on several occasions I politely requested either removal from the blacklist, or an explanation as to why I was on it. Ultimately I had to get a different IP address for the machine in question, which was exteremely inconvenient.
I'm strongly opposed to spam. However, any company that offers services to block spam have to accept that they will sometimes accidentally cause problems for legitemate users, and they have to have mechanisms in place for such users to sort the situation out. Ignoring people who have legitemate complaints against you is not the way to do it.
No, THEIR KEY (Score:4, Informative)
You got it wrong: by signing with your public key you, and only you can verify that it was intended for you. That is not what you want, what you want is email signed with their private key, so you can use their public key to verify who sent it. If I sign all my email with my private key, everyone in the world knows that it is me who sent it, and I cannot deny it. If I sign outgoing email with your public key (because I can't know your private key) then only you can verify it, and then all you know is I inteded for you to read it. To a Spammer that may cost enough CPU that it isn't worth it, but it does nothing to help you track down who sent it. (Since much spam is for illegal things tracking down who sent it would be very useful)
greylisting (Score:5, Informative)
Time again [slashdot.org] to discuss greylisting [puremagic.com]?
Looks to me to be an elegant, viable alternative to traditional black/white -listing, both of which require lists be maintained -- and well maintained. Sometimes very large, very centralized lists, which have ugly consequences when they fail.
From the Greylisting Web site [puremagic.com] (with bolding from me):
The Greylisting method is very simple. It only looks at three pieces of information (which we will refer to as a "triplet" from now on) about any particular mail delivery attempt:
From this, we now have a unique triplet for identifying a mail "relationship". With this data, we simply follow a basic rule, which is:
If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure.
Anybody know where we are as far as a working implementation of this idea goes?
new domain, new spam (Score:3, Informative)
Re:Blacklists and reality (Score:2, Informative)
Also, a certain popular provider of faux-"internet connection sharing" proxy software not only leaves it fully open in its default configuration, but it doesn't log either. You can guess the result.
Re:Blacklists and reality (Score:4, Informative)
In another recent thread [slashdot.org], a suggested enhancement is for DNS to publish "allowed sender IP" addresses. The structure for this information [pobox.com] is already there.
What is needed is for more people to opt in, in protecting their domains in this way, and for people to unilaterally start using that information. If any one of yahoo, aol or netscape opted into this approach I could well imagine it would cascade to comprehensive success overnight, forcing spammers to more obscure domains (such as my own - currently victim to a 12 month "Joe Job" [everything2.com]).
Because this is distributed information, it is not easily modifiable by spammers. Ultimately this sort of approach is the only one that can work.
Ultimately, I would be able to set spamassassin to add +5 for any e-mail coming from a domain that didn't publish this information, or -5 for any one that did.
And I would not be receiving 1000's of bounce messages for messages from spammers using my domain name.
Yes please. I want it.
Re:greylisting (Score:2, Informative)
No Blacklists (Score:3, Informative)
Re:Blacklists and reality (Score:3, Informative)
As far as I know, NO ONE has implemented any of the reasonable schemes that I've seen float around the crypto community. You can, however, find the paper and slides from talks on google:
http://www.google.com/search?q=On+Memory-Bound+
If you actually do have a way of breaking any of these family of schemes, I'd be very interested to know how. But "get a sample, run some numbers and bam: you have an algorithm" isn't very descriptive. The point that those numbers have special relationships which are believed to be difficult to compute without knowing a special piece of information (called the trapdoor information) may be slipping by you. If you send a response to a query which wasn't given out recently by the server, it's not going to be accepted. If you give out a wrong response, it's not going to be accepted. The probability that one of a reasonable (polynomial) number of queries was given recently is quite small (negligable).
In any case, I'm very interested if you can break any of these schemes, since most of them reduce to useful complexity assumptions, which I'd prefer to avoid if they were false.
Lea
Re:Sweet, Sweet Justice. (Score:3, Informative)
SPEWS sucks.
---rhad
Re:Blacklists and reality (Score:1, Informative)
Re:greylisting (Score:1, Informative)
http://projects.puremagic.com/greylisting/ [puremagic.com]
The example is a Milter for Sendmail. There's also ways of getting it working in Exim and Qpsmtpd. Wietse Venema is putting it into Postfix (at which point I start using it...aw yeah). I'm sure there's lots of other examples; sign up for their mailing list like I did.
That would explain SpamAssassin this morning. (Score:3, Informative)
Re:Well, fine, but... (Score:2, Informative)
rant-o-rama (Score:2, Informative)
Let me paint you a picture:
Some bottom feeding marketing contractor rents a crappy, darkly-lit, 1-room office in some crappy part of town, orders a cable line, 3 or 4 dsl connections and maybe a fractional t1 to boot. He buys a list of a few million email addresses and begins spamming like mad over one of the lines. After x amount of warnings, gets shut down, moves operation to another line, reorders service on the one that got shutdown under a different name, and keeps going. This is a very typical scenario of a spam gang. I've seen/dealt with it many times. So taking cause/effect into account: what protection against spammers does a blacklist offer in this capacity? Nothing. At all. Spamming is a completely mobile enterprise. Only the isp gets hurt. Spammers aren't the least bit concerend about spews.org, or any other blacklist for that matter.
They don't sweat getting shutdown by the isps because they have other connection mediums waiting in the wing, and actually budget the service costs into their overhead without thinking twice, because the money they make is incredible.
I don't work for, nor have any association with brightmail, but they have a great product (if only my ISP would cough up the scratch and buy it...), but I think the mentality of spews could be summed up in their product review of brightmail (paraphrasing here, as the site is down and I can get an actual quote):
"only stops spam in real time, does nothing
punitive against the spammer".
HELLO???!?!! Missing the point a little?? If you're not getting the spam, who gives a crap about the spammer?
It's pretty clear that these people and their associated usenet scene whores are just looking to skewer people, anybody really, over alleged spam. In this method of blacklisting, you're only hurting the ISPs. Nearly all (not all unfortunatley) isps in the US will shutdown a spammer if enough people complain. killing email for (in some cases) up to 65536 other non-related ips doesn't help. If it did, spews (or any blacklist for that matter) would have been more successful. In the last year, we've had more active blacklists to utilize than at any other point in the history of the internet and spam has only gotten worse, not better. Spews & Osirusoft are a shameful failure.
Solutions: Whitelisting is an excellent option on an individual email account level. On a grander scale, make your representatives pass laws, put you're money where your mouth is, and sue the spammers. They're in it for profit, when it becomes a greater liability, they might find a more worthy means of revenue.
Re:If major blacklists can be sued... (Score:3, Informative)
The difference is that if SPEWS lists my IP, they're effectively declaring that I am spamming. This is libellous; I never spam.
Incorrect assumption. In fact, SPEWS is very careful to declare no such thing.
That you infer this meaning on it means nothing and does not make it libel.