DoS Assaults Underway Against Spam Blocklists 797
Hiawatha writes "The same sort of denial of service attacks that drove spam blocklist Osirusoft off the Internet are battering many other blocklist services as well." Apparently spammers aren't going to sit by and let people try to ignore their unwanted pitches.
Why does he think it's spammers? (Score:5, Insightful)
Has anyone stopped to think that maybe it's not spammers who are doing this? I hate spam with a passion, but words cannot describe my pleasure in seeing these blacklists, especially SPEWS, shut down. They are pure evil in their methods, and largely ineffective against spam while causing massive inconvenience for ISPs and legitimate users of the network.
All of these centralized blacklists have made so many enemies in their history that any finger pointing is simply laughable. They have made powerful enemies, including the large ISPs who happen to be the only ones that in a position to stem these attacks. This is not your normal DDOS: it is not only the originators of the DDOS, but the very network itself that wants them destroyed!
It's illegal (Score:5, Insightful)
Distributed blocklists (Score:5, Insightful)
If they succeed in negating the value of centralized blocklists, guess what - admins will go back to blacklisting blocks manually. Those IP blocks will become useless once enough people add them to their blocklists, and there won't be any easy way of redeeming them.
Anyone who wants to get internet access better get a clause in their contract guaranteeing that the IPs they get weren't abused by someone in the past, or else they might be getting a useless connection.
Desparation (Score:4, Insightful)
Hooray! (Score:2, Insightful)
Good riddance, I say. I sure won't miss them.
ever tried to get off SPEWS? (Score:5, Insightful)
Re:Blacklists' downfall (Score:1, Insightful)
If there is any red tape to get off the list.
Most spam-blockers seem to have an implicit policy of never unblocking the IPs.
Re:Why does he think it's spammers? (Score:3, Insightful)
indeed (Score:5, Insightful)
Comment removed (Score:5, Insightful)
Re:Why does he think it's spammers? (Score:5, Insightful)
Re:who says its spammers? (Score:2, Insightful)
It's called due dilligence. You didn't do it to check that the IP's were blocked, you didn't do it to check that your ISP was spam friendly, you didn't change ISPs when your mail started to get returned, so you didn't do your job.
And I'm supposed to feel sorry/agree with you exactly why?
Easy there... (Score:2, Insightful)
Where did you learn to draw conclusions, from the president?;)
Bill
Spammers as cyber-terrorists (Score:1, Insightful)
Outlaw spammers, put an end to spam. Sometimes it's as simple as that. (And it works: Haven't seen much fax spam for years...)
Just be "Mr. Concerned Citizen" for once and send articles like this [chron.com] to your congresscritter now. Let them know what spammers have already done "to your kids" (rather omit the "to your p...s" part even if you've ordered their pills and pumps) "and to your computers".
Re:Why does he think it's spammers? (Score:5, Insightful)
Anyone who needs to point out someone elses political leanings in order to denigrate them generally has a soft spot for Chairman Mao.
Re:Why does he think it's spammers? (Score:2, Insightful)
There has _got_ to be a Godwin's Corollary, except about McCarthy. Is anyone else sick of it?
Re:Why does he think it's spammers? (Score:5, Insightful)
How is it "evil" to publish a list of IP addresses that match a listing criteria? You don't want to block e-mail from Nigeria? Fine. Don't use nigeria.blackholes.us. You don't like SPEWS listing criteria? Don't use them. (I don't because I don't like their criteria).
What he is getting at is not himself using the list, it is midling sized ISP's using these lists preventing him from sending legitimate e-mail to people who can't get that e-mail, because his ISP is blackholed even though the ISP has corrected the issue that got them on the blackhole list in the first place. Or that his ISP's ISP happens to be blackholed through no falt of his own ISP's policies or practices.
The problem with blacklists is that they decide that it is more important to thow the baby out with the bath watter than it is to see if the baby is clean.
-Rusty
Re:Blacklists' downfall (Score:4, Insightful)
1. Close your open relays
2. Kick off known spammers
3. Stop list washing system admins who complain about spam
4. Stop making it nearly impossible to submit complaints
Re:ever tried to get off SPEWS? (Score:5, Insightful)
Spammers with unbalanced ethics:lawyers ratios have already attempted to make life hell in court for blocklist owners that they could track down. I know of no instances where the spammers won, but the costs and hassles associated with defending yourself from a lawsuit exist whether one wins or loses.
Who can blame SPEWS for planning ahead for this? Answer: spammers who are really pissed off.
, and there's no way to get a hold of them. They start with Class C's, then progress to banning class A's.
That's the whole goal of SPEWS. SPEWS is not a list of spammers, its a Spam Prevention Early Warning System. Listing individual spammers addresses has not been entirely effective, as spammers simply find providers who are willing to lie for them, thus SPEWS was created to punish ISPs who are unresponsive to legitimate abuse reports. SPEWS exists to counterbalance the profit those ISPs may make from spammers with loss of profits from those who want to use the internet for a legitimate purpose.
Some of the crazies who post on nana-e even have the whole country of Brazil banned on their private lists.
I add a very very large score via SpamAssassin to any mail that comes from Brazil, Mexico, China, Taiwan, Korea, and several other nations who appear to be becoming spam havens. What's your point? I have, in many years on the net, never received an e-mail I wanted from those countries.
SPEWS had information too on DNS blackholing (i.e. preventing your users from going to internet sites) and on HTTP blocking.
Uhhhh...yes...and? Is there something immoral about administering the ISP you are responsible for in the manner you see fit? It's my business, I can do as I damn please. If I want to filter out every website except my own, that is my right. My customers vote with their business, they do not get a direct say in how I run my outfit. Every business owner understands this concept when it is put into their terms, yet spammers seem to be very against this right when it comes to ISP owners. Gee, wonder why.
If it was anyone else (the government) who was advocating this, people would be outraged.
So? Very often it is acceptable for an individual to do something that a government cannot. For instance, if the government tried to convince me to go to XYZ Church, I would be outraged. For an individual to do so is nothing short of normal.
Black lists and delisting (Score:4, Insightful)
We have a large cable network, and there are 3 4 trouble making customers. We do allow people to run their own mail servers. But that also means that some customers misuse it to send spam. It takes us a day or 2 to shut down the spammer, and by then the C bloc will be listed in some black holes.
Now de listing it becomes a major pain if the black holes are not responsive. If the procedures are well documented life of ISPs become much easir.
and no we have not considered denying the freedom of our customers to run their own outgoing mail servers. one or two random spammers cannot force us to deny that freedom to majority of legitimate users in our network.
raj
Re:Blacklists' downfall (Score:2, Insightful)
And hopefully one of the many ways to get into the federal prison. The whole system of blacklists is completely voluntary and not inforced in any way. It's not like there is cartel of evil ISPs that decided to block some sysadmin from sending and receiving e-mail.
"Affective" it maybe but it is also expensive (Score:3, Insightful)
Lists work pretty well. They ocasionally piss people off, but the cost-benefit ratio is still largely on their side.
A Defensive tool, not censorware (Score:5, Insightful)
My server has seen as many as 500 spams a day directed at it -- for just two email accounts releated to my business. I had little choice but to elect to use drastic measures and escalate them until the spam became manageable -- and the best defense due to bandwidth issues (we run on just 128K because that's all that's available to us) is blocklists. The problem has been so bad that I maintain an internal block list that uses iptables to simply not route packets from IP blocks (/24) for any email that gets through the first layer of blocklists that sendmail checks.
Osirusoft in particular was very, very useful to me, because they maintained a number of DNS mirrors of other blocklists, so you could pick and choose how drastic you wished your blocking to be. I will miss their service greatly -- and can already notice it as my spam has doubled since it was removed from my sendmail config.
Without blocklists, email for my small business at least would be useless. I know that I've lost business using them, but I'd lose more business/time/money without -- there's no friggin' way I'm going to search through (and accept the bandwidth hit from) five hundred messages to find the few legitimate ones and still have time to get real work done.
Re:Client-side blocking (Score:3, Insightful)
If it was opt-in, it wouldn't be spam.
Re:justice (Score:3, Insightful)
Blocklists are vigilante defense, if not vigilante justice. Vigilante justice is justice meted out by self-appointed individuals or groups. Blocklists aren't, for the most part, trying to punish/mete out justice to spammers. They're just trying to block the flow of spam.
But they are self-appointed and work according to a set of informal rules that they adhere to voluntarily. That sounds like vigilante to me.
I'm not saying this as criticism, but simply as a description of what is going on. I maintain a procmail-based spam filter [spambouncer.org] with a fair number of users, and it supports various blocklists. I'm not anti-blocklist, to put it mildly.
At the same time, I think most anti-spammers would like to see a less chaotic means of fighting back against spam. Most of us are just trying to hang on until various governments wake up and realize what spam is doing to the Internet, and start taking it seriously as a conversion of resources that the spammers do not own. Theft, in other words. :/
Re:Client-side blocking (Score:2, Insightful)
WAR (Score:4, Insightful)
Anyone else observer a huge dropoff in spam? (Score:3, Insightful)
Not complaining, but very strange nonetheless!
Comment removed (Score:2, Insightful)
Re:It's illegal (Score:5, Insightful)
Re:ever tried to get off SPEWS? (Score:1, Insightful)
That's exactly the purpose of SPEWS. To use the common analogy, you live in a filthy crimeridden slum. Trying to send e-mail to my server is equivalent to calling and trying to have a pizza delivered to your house. Knowing that you live in a filthy crimeridden slum is enough for me to know that I don't want to deliver a pizza to your house, whether you think you have the right to buy one or not.
If everyone stopped supporting that crime ridden ghetto in any way, sooner or later it would either cease to exist or it would be cleaned up. Same with your provider.
Yes, some may say "find another ISP", but that's not always easy; contracts may make that impossible for many months and the ISP may otherwise be fine as is.
If you signed a contract that you can't get out of without doing your homework on the company you had decided to go with, that is not our problem. What turns out to be our problem is that you are giving money to support an organization which supports spammers. (Only organizations which support spammers are intended to be on the SPEWS list) We would like you to stop that. We may very well exercise all our rights in an effort to convince you to do so, one such right being a list like SPEWS.
At any rate, there are plenty of other technical solutions to your problem even if you are unfortunately stuck in a slum. "Smart hosting" is one that immediately springs to mind.
If they block anything, they should only block the IP's that cause the problem, not large netblocks.
Why do you say that? The goal of SPEWS is not to list individual spammers, it is to list those who support spammers.
at least you can be removed. (Score:3, Insightful)
Unfortunately, spammers are like bad apples - when they find a spam-friendly ISP, they tend to conglomerate. Second, you don't think that individual SysAdmins will do worse? At least with centralized blocklists, you can be removed. Try that with a ton of individual admins.
Re:Desparation (Score:5, Insightful)
Re:Why does he think it's spammers? (Score:5, Insightful)
> T1 that is completely worthless for emailing customers thanks to these
> blocklists.
What you are wrong about is its not thanks to the blocklists, its thanks to the ISPs that have willingly chosen to use the blocklists, and share the same opinion as the people that run the blocklist, who do not want you to email them.
Do you think its only you that knows SPEWS blocks UUnet ?
The ISPs that use SPEWS know this too. They still use SPEWS. They do not want email to enter their network that comes from you!
Yes, even through about 4 levels of indirection, the networks you are trying to send email to have chosen to not want your emails.
Why are you blaming the blacklists for this?
You bitch and moan that it isnt fair to you to have your IPs blocked by those that want them blocked. You sound just like a spammer with that logic.
You may be happy to see SPEWS packeted until they are shut down, but what about my right to choose that I want to block email from people who spam, and people just like you, who use ISPs indirectly that support spam?
Are you so much more importaint than I that my right to choose not to recieve your email is less importaint than your right to force your emails upon me aginst my will?
Re:Why does he think it's spammers? (Score:5, Insightful)
These lists are basically operating under the assumption that punishing a large group of people weakly associated with undesired behavior will result in the elimination of that behavior by the minority of that group. The innocents are unable to do anything about the people they are affiliated with. The ISP is like a zoning commission. Yes, with enough complaints from their customers/constituents, they might change their ways, but in the short term, the people punished have no real control over the situation.
You also show why this tactic is doomed to failure. The honest non-spammers will continue to not spam, but be incredibly inconvenienced, while the spammers will ignore the edict and run around spamming on other networks.
Doug
Re:ever tried to get off SPEWS? (Score:4, Insightful)
This results in their customers not receiving email. The decision that the sender of that email wasn't legitimate has been removed from the user and the sender and placed in the hands of some anonymous third party.
In general, the ISP answer to blocking complaints is they simply use the list and do not control the content of it. The blocking list provider - if contactable - claims they just make up the list and the use of it is outside of their control. This means nobody is accountable for blocking.
The problem with this sort of censorship - and it is indeed censorship - is the user never hears about it. When a business is blocked they quickly discover that blocking has made email unreliable for communications with customers. They can either abandon email for important stuff or they can try to convince the blockers that their commercial use of email is valid. This is extremely difficult. Why? Spammers use email - if you use email commercially, then you might be a spammer. If you get blocked and claim you were blocked in error, you might be lying. Spammers lie, so anything you say can be considered to be a lie. Why should anyone unblock a spammer?
Either email can be used for commercial purposes, or it cannot. Anti-spam folks want to ban all commercial use of email.
Re:ever tried to get off SPEWS? (Score:5, Insightful)
That's a great idea. On the other hand, I live in a small town with exactly one feasible ISP that's not a residential cable service with incoming port filters. My options are:
Hmmm. Let me think about that one for a while.
Re:Why does he think it's spammers? (Score:5, Insightful)
Re:Why does he think it's spammers? (Score:3, Insightful)
I'm not emailing you asshole.
I'm emailing my customers who are users of ISPs who tell them nothing about their use of SPEWS. They then call us and claim they never got their bills or statements, and we're supposed to explain to them how THEIR ISP is behaving (choosing to throw away their legitmate emails without notifying them). Then when we tell them their ISP is using SPEWS and they call their ISP, their ISP's tech support retards tell the customers they have no idea what SPEWS is, and we look stupid and lose customers.
We are not spammers. We don't support spamming. But for the greater good of the anti-spam jihad, we are blacklisted because the ISP of our ISP doesn't willingly cancel spam accounts.
Your bullshit about YOUR right to choose to deny email from me is all great in theory. But the honest truth the anti-spam community doesn't think about is a majority of users "protected" by SPEWS don't know what SPEWS is, don't know they can and do lose legitimate email to it, and they wouldn't CHOOSE to use it if they had any idea what sort of ideology was behind it and how many innocent people are being filtered. You people use the ignorance of the masses to enforce your ideas of what anti-spam should be on everyone else, and those of us who have nothing to do with spamming must suffer for it.
No admin should employ SPEWS without properly educating the management of his company on the policies of SPEWS, including the potential loss of valid email. No ISP should employ SPEWS without educating their users of the policies of SPEWS, including the potential loss of valid email. If those two conditions were met, all of our customers who call us saying they didn't get their emails would know what SPEWS is and why they didn't get the emails they WANTED to receive from us.
Re:ever tried to get off SPEWS? (Score:3, Insightful)
No, it's the equivalent of trying to go from the slum to the downtown area. With your analogy, the city has walled off the slum. Those who live in the slum and want to go into the city have to move out of the slum first. I wonder how well that policy would go down outside the digital realm. Besides, if I recall, the government seems to think that you do have the right to buy a pizza and have it delivered provided you're within a reasonable distance of the establishment that delivers even if you happen to live in a crime infested slum.
Re:Why does he think it's spammers? (Score:3, Insightful)
But that was bad. Really bad. Because it created an environment that favored ISPs who let a spammer on at least once and a while, then moved them around or temporarily suspended their service (only to re-instate them after the heat died down). ISPs can generate income from excess bandwidth pretty easily and at their convenience by allowing spamming customers, and they can make a nice premium if they do so. This extra income allowed the unethical ISPs to make their prices more competitive, and possibly even afford to buy better equipment or more support staff. This gave (gives) an advantage to the spam-facilitating ISPs and a disadvantage to the honest, spam-hating ISPs.
People who choose their ISP based on cost and quality of service alone, disgregarding what annoying and in some cases illegal activities the ISP might be supporting, are the reasons that a SPEWS-less environment favors spam-friendly ISPs. This means you.
Consider one who does business with criminals. Maybe all available business in the area seems to be criminal, or all the legit folks are too costly or inconvenient to do business with. Or maybe he didn't bother to check on them and really didn't know. If his nefarious business associate slips him a counterfeit $100-bill which he then deposits at his bank, the Secret Service won't reimburse him when they take the bill away. He's out $100 because of the actions of those who he chose to do business with. His reasons for doing business with them in the first place, no matter how compelling, are irrelevant.
It's one of those unfortunate situations that sometimes arise in a system that's mostly unregulated and primarily left to market forces. It kinda sucks, but it's nothing new. Caveat emptor
Re:ever tried to get off SPEWS? (Score:3, Insightful)
Ok.
Tell me how an ISP can be 100% sure that the new user application they just received will not be used for spamming?
That's fundamentally what SPEWS is requiring of the ISPs.
Do it to the Anti-Virus sites (Score:2, Insightful)
Re:ever tried to get off SPEWS? (Score:3, Insightful)
And that is perfectly OK! Really. Part of the reason that spam exists is it's largely unregulated environment. It's market-driven, and so SPEWS is a reasonable way of dealing with such a scourge when laws and regulations can't or won't help. Of course, by extension, it's perfectly OK for SPEWS to go away or fade into obscurity due to market backlash against it. It's worth noting that this did not happen. SPEWS was continuing to gain popularity.
But DDoS is not an OK way to make SPEWS go away. You know that. We all know that. Yet some people here are saying that the DDoS is OK because SPEWS is that bad. I take strong issue with that viewpoint.
Re:Why does he think it's spammers? (Score:3, Insightful)
The problem is it may be fine for you to want to press hard against ISPs and potentially drive them out of business if they're light on spammers. Fine, that's your choice, make your voice heard with your dollar. The rest of us have to make do with the resulting mess.
I don't care how easy it is to get un-blocked, the problem is there's still lag between being blocked, and finding that out, and then figuring out how, and sucessfully un-blocking your ip.
Doug
Distributed Spam List (Score:3, Insightful)
Re:ever tried to get off SPEWS? (Score:2, Insightful)
Hmmmmm... This SPEWS guy seems like a real prick. No wonder he's getting DoSed.
Blacklists aren't the problem. (Score:2, Insightful)
The real problem is large ISPs/backbones like UUNet/MCI [uu.net], Cogent [cogentco.net], Comcast [comcast.net], Level3 [level3.com], China Netcom [cnc.net.cn], AT&T [att.net], Brasil Telecom [telesp.net.br], and Above.net [above.net] (among others) who flat-out refuse to do anything about the spammers to whom they provide connectivity.
Complaints sent to any of them are promptly auto-acked and then /dev/nulled (if they don't bounce [rfc-ignorant.org]) and so the spammers keep on spamming, most likely due to ephemeral pink contracts and the crooked marketing/sales departments that agree to them, who then put pressure on abuse personel and network admins to ignore complaints about the contracted spammers.
Because of this, those large ISPs and backbones end up on blacklists, DNS blocklists, and a wide variety of other filters. For them, the money they make off the spammers seems to be of greater concern than the money they make off legitimate customers, i.e. those who end up with their netblocks on every blacklist because of who their providers are.
If it weren't for rogue ISPs and backbones, there would be little use for blacklists or blocklists. However, those reprehensible companies do exist. And because of their policies on spam, they continue to be blocked. Money gained from spammers guarantees the blacklists' continued existence.
It's all just cause and effect. As much as it sounds like a conspiracy theory, I truly believe that it isn't, after fighting spam, one email at a time, since 1997.