DoS Assaults Underway Against Spam Blocklists

Hiawatha writes "The same sort of denial of service attacks that drove spam blocklist Osirusoft off the Internet are battering many other blocklist services as well." Apparently spammers aren't going to sit by and let people try to ignore their unwanted pitches.

Why does he think it's spammers?

[seanadams.com]

Apparently spammers aren't going to sit by...

Has anyone stopped to think that maybe it's not spammers who are doing this? I hate spam with a passion, but words cannot describe my pleasure in seeing these blacklists, especially SPEWS, shut down. They are pure evil in their methods, and largely ineffective against spam while causing massive inconvenience for ISPs and legitimate users of the network.

All of these centralized blacklists have made so many enemies in their history that any finger pointing is simply laughable. They have made powerful enemies, including the large ISPs who happen to be the only ones that in a position to stem these attacks. This is not your normal DDOS: it is not only the originators of the DDOS, but the very network itself that wants them destroyed!

It's illegal

[mabu]

Would someone please remind the federal government that DOS attacks are illegal? Anyone want to encourage them to take action against these people? Can they stop playing golf long enough to do their job?

Distributed blocklists

[silentbozo]

Bad for them. The main reason for creating centralized blocklists was so people who reformed, or who kicked spammers off their blocks, could have their IPs relisted without having to worry that random admins had hardcoded filters into their routers. One central source for listing, one central source for delisting.

If they succeed in negating the value of centralized blocklists, guess what - admins will go back to blacklisting blocks manually. Those IP blocks will become useless once enough people add them to their blocklists, and there won't be any easy way of redeeming them.

Anyone who wants to get internet access better get a clause in their contract guaranteeing that the IPs they get weren't abused by someone in the past, or else they might be getting a useless connection.

Desparation

[RevJim]

This is an act of desparation on the part of spammers that proves the anti-spammers are winning the battle. Fortunately, the next phase of the "war" is moving away from blacklists and focusing on technologies that are user-based and user-specific, such as Bayesian filtering. There is no level of DDoS attack that can stop that battle.

Hooray!

[Gay Nigger]

What makes you think spammers are to blame? Spam blocklists are censorware - their (unaccountable, usually anonymous) maintainers are beholden to none except themselves, often block sites for no other reason than to further their own political agendas, and burden innocent bystanders (unwitting customers of an ISP that (might) host spammers) with the cost of doing their job for them.

Good riddance, I say. I sure won't miss them.

ever tried to get off SPEWS?

[Barbarian]

Go to nana-e, and they'll tell you that robots from space run SPEWS, and there's no way to get a hold of them. They start with Class C's, then progress to banning class A's. Some of the crazies who post on nana-e even have the whole country of Brazil banned on their private lists. SPEWS had information too on DNS blackholing (i.e. preventing your users from going to internet sites) and on HTTP blocking. If it was anyone else (the government) who was advocating this, people would be outraged.

Re:Blacklists' downfall

[Eric Ass Raymond]

got frustrated by all the red tape getting off the lists.

If there is any red tape to get off the list.

Most spam-blockers seem to have an implicit policy of never unblocking the IPs.

Re:Why does he think it's spammers?

[ahodgson]

Actually SPEWS is very effective. It makes people DO something about spammers they are harbouring or sharing space with. Naturally, that's why you hate them.

indeed

[Trepidity]

Even if you happen to like the blocklists and agree with their methods, it's clearly irresponsible to assume they're being attacked by spammers -- there are a lot of non-spammers who would love to take them out.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Why does he think it's spammers?

[nearlygod]

The problem is that they are not checked and updated (at least in my experience). My companyies IP (actually my ISP's entire C-block is blacklisted by one list and dispite trying for 6 months, I have had no luck getting removed. I have gotten zero responce from the blacklist dispite many attempts and following their removal instruction to the letter. No other blacklist has us listed and we have never had an open rlay or sent spam. So to me, this particular blacklist is evil and since they are the only one that I have had to deal with, I wouldn't be suprised if others have had the same experience.

Re:who says its spammers?

[buss_error]

me, for one.

It's called due dilligence. You didn't do it to check that the IP's were blocked, you didn't do it to check that your ISP was spam friendly, you didn't change ISPs when your mail started to get returned, so you didn't do your job.

And I'm supposed to feel sorry/agree with you exactly why?

Easy there...

[AndyMouse GoHard]

There's no connection proven yet between the ddos and spammers. That's like the fact that no WMDs being found proves they're there and hidden.

Where did you learn to draw conclusions, from the president?;)

Bill

Spammers as cyber-terrorists

[Anonymous Coward]

Finally this is our chance to make Congress liken spammers to cyber-terrorists, and for a reason politicians fear and know well enough to do something about it: "Now some of the spammers are even building a network of worm-ridden computers [slashdot.org], possibly at the fingertips of a madman who is willing to do anything for money, and may only be waiting to turn them into Weapons of Mass Disruption, wreaking havoc to the Nation, the Internet, and e-mail as we know it..." (spooky, huh? ;-))
Outlaw spammers, put an end to spam. Sometimes it's as simple as that. (And it works: Haven't seen much fax spam for years...)
Just be "Mr. Concerned Citizen" for once and send articles like this [chron.com] to your congresscritter now. Let them know what spammers have already done "to your kids" (rather omit the "to your p...s" part even if you've ordered their pills and pumps) "and to your computers".

Re:Why does he think it's spammers?

[TillmanJ]

Oh...I just noticed, the poster is a proud Republican...that explains it. Anyone who feels the need to brag about their conservatism generally has a soft spot for Joe McCarthy.

Anyone who needs to point out someone elses political leanings in order to denigrate them generally has a soft spot for Chairman Mao.

Re:Why does he think it's spammers?

[jazman_777]

Sounds kinda like McCarthy witchhunts, where those who refused to name names and testify against their friends were branded "Commie Sympathizers"

There has _got_ to be a Godwin's Corollary, except about McCarthy. Is anyone else sick of it?

Re:Why does he think it's spammers?

[rusty0101]

"They are pure evil in their methods,"

How is it "evil" to publish a list of IP addresses that match a listing criteria? You don't want to block e-mail from Nigeria? Fine. Don't use nigeria.blackholes.us. You don't like SPEWS listing criteria? Don't use them. (I don't because I don't like their criteria).

What he is getting at is not himself using the list, it is midling sized ISP's using these lists preventing him from sending legitimate e-mail to people who can't get that e-mail, because his ISP is blackholed even though the ISP has corrected the issue that got them on the blackhole list in the first place. Or that his ISP's ISP happens to be blackholed through no falt of his own ISP's policies or practices.

The problem with blacklists is that they decide that it is more important to thow the baby out with the bath watter than it is to see if the baby is clean.

-Rusty

Re:Blacklists' downfall

[rossz]

Yeah, the red tape is a bitch. Here's a list of the red tape:

1. Close your open relays
2. Kick off known spammers
3. Stop list washing system admins who complain about spam
4. Stop making it nearly impossible to submit complaints

Re:ever tried to get off SPEWS?

[mrex]

Go to nana-e, and they'll tell you that robots from space run SPEWS

Spammers with unbalanced ethics:lawyers ratios have already attempted to make life hell in court for blocklist owners that they could track down. I know of no instances where the spammers won, but the costs and hassles associated with defending yourself from a lawsuit exist whether one wins or loses.

Who can blame SPEWS for planning ahead for this? Answer: spammers who are really pissed off.

, and there's no way to get a hold of them. They start with Class C's, then progress to banning class A's.

That's the whole goal of SPEWS. SPEWS is not a list of spammers, its a Spam Prevention Early Warning System. Listing individual spammers addresses has not been entirely effective, as spammers simply find providers who are willing to lie for them, thus SPEWS was created to punish ISPs who are unresponsive to legitimate abuse reports. SPEWS exists to counterbalance the profit those ISPs may make from spammers with loss of profits from those who want to use the internet for a legitimate purpose.

Some of the crazies who post on nana-e even have the whole country of Brazil banned on their private lists.

I add a very very large score via SpamAssassin to any mail that comes from Brazil, Mexico, China, Taiwan, Korea, and several other nations who appear to be becoming spam havens. What's your point? I have, in many years on the net, never received an e-mail I wanted from those countries.

SPEWS had information too on DNS blackholing (i.e. preventing your users from going to internet sites) and on HTTP blocking.

Uhhhh...yes...and? Is there something immoral about administering the ISP you are responsible for in the manner you see fit? It's my business, I can do as I damn please. If I want to filter out every website except my own, that is my right. My customers vote with their business, they do not get a direct say in how I run my outfit. Every business owner understands this concept when it is put into their terms, yet spammers seem to be very against this right when it comes to ISP owners. Gee, wonder why.

If it was anyone else (the government) who was advocating this, people would be outraged.

So? Very often it is acceptable for an individual to do something that a government cannot. For instance, if the government tried to convince me to go to XYZ Church, I would be outraged. For an individual to do so is nothing short of normal.

Black lists and delisting

[raj2569]

As the anti spam officer in a Major ISP in India, I have no problems with blocklists as such. But the people who maintain the blacklists also has a responsibility to correct their mistakes immediatly. They must listen to people who maintain networks and if a machine is wrongly listed they must remove it. The procedure for taking out a machine from blacklists must be documented and verifiable.

We have a large cable network, and there are 3 4 trouble making customers. We do allow people to run their own mail servers. But that also means that some customers misuse it to send spam. It takes us a day or 2 to shut down the spammer, and by then the C bloc will be listed in some black holes.

Now de listing it becomes a major pain if the black holes are not responsive. If the procedures are well documented life of ISPs become much easir.

and no we have not considered denying the freedom of our customers to run their own outgoing mail servers. one or two random spammers cannot force us to deny that freedom to majority of legitimate users in our network.

raj

Re:Blacklists' downfall

[danila]

This may be his last hope to get off their list.

And hopefully one of the many ways to get into the federal prison. The whole system of blacklists is completely voluntary and not inforced in any way. It's not like there is cartel of evil ISPs that decided to block some sysadmin from sending and receiving e-mail.

"Affective" it maybe but it is also expensive

[Pac]

The farther you let junk travel into the system, the worst your problem is. Bayesian is hard to apply at the network level, you must leave it to the individual users, causing a twofold problem: you keep letting the scum of Earth parasite your network (if you are an ISP) and you expand the processing needs of the end user (ever saw Mozilla Mail "think" for a couple of minutes after you mark one or two email as junk?). This is undesirable.

Lists work pretty well. They ocasionally piss people off, but the cost-benefit ratio is still largely on their side.

A Defensive tool, not censorware

[mercuryresearch]

I'm getting a bit tired of people applauding DOS attacks on blocklists. Many of us run small mail servers for ourselves and/or small companies where EVERYONE who recieves email is in agreement that blocking spam is the right thing to do. When everyone chooses to do this, it's not censorship. Seriously -- the volume of spam is overwhelming, and in a small business there is no one delegate managing email to, and it's consuming precious bandwidth. Spam is the problem, not block lists. No spam, no blocklists, simple as that.

My server has seen as many as 500 spams a day directed at it -- for just two email accounts releated to my business. I had little choice but to elect to use drastic measures and escalate them until the spam became manageable -- and the best defense due to bandwidth issues (we run on just 128K because that's all that's available to us) is blocklists. The problem has been so bad that I maintain an internal block list that uses iptables to simply not route packets from IP blocks (/24) for any email that gets through the first layer of blocklists that sendmail checks.

Osirusoft in particular was very, very useful to me, because they maintained a number of DNS mirrors of other blocklists, so you could pick and choose how drastic you wished your blocking to be. I will miss their service greatly -- and can already notice it as my spam has doubled since it was removed from my sendmail config.

Without blocklists, email for my small business at least would be useless. I know that I've lost business using them, but I'd lose more business/time/money without -- there's no friggin' way I'm going to search through (and accept the bandwidth hit from) five hundred messages to find the few legitimate ones and still have time to get real work done.

Re:Client-side blocking

[eaolson]

That being said, I'd much prefer if these SPAM services were forced to be opt-in.

If it was opt-in, it wouldn't be spam.

Re:justice

[sakeneko]

Maybe it's time for some vigilante justice.

Blocklists are vigilante defense, if not vigilante justice. Vigilante justice is justice meted out by self-appointed individuals or groups. Blocklists aren't, for the most part, trying to punish/mete out justice to spammers. They're just trying to block the flow of spam.

But they are self-appointed and work according to a set of informal rules that they adhere to voluntarily. That sounds like vigilante to me.

I'm not saying this as criticism, but simply as a description of what is going on. I maintain a procmail-based spam filter [spambouncer.org] with a fair number of users, and it supports various blocklists. I'm not anti-blocklist, to put it mildly.

At the same time, I think most anti-spammers would like to see a less chaotic means of fighting back against spam. Most of us are just trying to hang on until various governments wake up and realize what spam is doing to the Internet, and start taking it seriously as a conversion of resources that the spammers do not own. Theft, in other words. :/

Re:Client-side blocking

[PhoenixRising]

No one is forcing you to use a blocklist.

WAR

[hawkbug]

This is WAR. Spammers will stoop to any level to get their crap into people's mailboxes, and now the blacklists are giving into their guerilla tactics - I say keep fighting, eventually they will figure out where the attack is coming from, and shut the damn thing down. We must never give up fighting spam, at any cost.

Anyone else observer a huge dropoff in spam?

[rayvd]

This morning around 6:30AM MST, the spam levels on our work server dropped from ~800 spam/hr to ~35/hr. They'd been hovering at the 800 level for more than a week (most are not actualy spam, but "bounces" from SoBig.F faking our domain as the From address). It's staying right around 35 still about 7 hours later..

Not complaining, but very strange nonetheless!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:It's illegal

[antis0c]

I love "A friend of mine.." stories, they're like Unicorns. You always hear about them but never see any proof. :)

Re:ever tried to get off SPEWS?

[mrex]

Trouble is when you're not a spammer and you're hosting at an ISP and the class C you're on gets listed.

That's exactly the purpose of SPEWS. To use the common analogy, you live in a filthy crimeridden slum. Trying to send e-mail to my server is equivalent to calling and trying to have a pizza delivered to your house. Knowing that you live in a filthy crimeridden slum is enough for me to know that I don't want to deliver a pizza to your house, whether you think you have the right to buy one or not.

If everyone stopped supporting that crime ridden ghetto in any way, sooner or later it would either cease to exist or it would be cleaned up. Same with your provider.

Yes, some may say "find another ISP", but that's not always easy; contracts may make that impossible for many months and the ISP may otherwise be fine as is.

If you signed a contract that you can't get out of without doing your homework on the company you had decided to go with, that is not our problem. What turns out to be our problem is that you are giving money to support an organization which supports spammers. (Only organizations which support spammers are intended to be on the SPEWS list) We would like you to stop that. We may very well exercise all our rights in an effort to convince you to do so, one such right being a list like SPEWS.

At any rate, there are plenty of other technical solutions to your problem even if you are unfortunately stuck in a slum. "Smart hosting" is one that immediately springs to mind.

If they block anything, they should only block the IP's that cause the problem, not large netblocks.

Why do you say that? The goal of SPEWS is not to list individual spammers, it is to list those who support spammers.

at least you can be removed.

[siskbc]

Umm where have you been, a large part of the problem with SPEWs was that they were placing large IP blocks on the blacklist for no apparrent reason. I personally was involved in a case where they blocked an entire server farm because one server was behaving badly.

Unfortunately, spammers are like bad apples - when they find a spam-friendly ISP, they tend to conglomerate. Second, you don't think that individual SysAdmins will do worse? At least with centralized blocklists, you can be removed. Try that with a ton of individual admins.

Re:Desparation

[McDutchie]

Fortunately, the next phase of the "war" is moving away from blacklists and focusing on technologies that are user-based and user-specific, such as Bayesian filtering.

On the contrary, spammers love Bayesian and any other kind of filtering because it doesn't stop them from sending their spam. They love it when people "just hit delete" either manually or in an automated fashion through filtering, instead of actively blocking their junk and getting their accounts shut down. They don't mind that you don't get their junk; they will just increase the amount of spam they send tenfold every year so they keep making money on those suckers that are born every minute, until e-mail has been completely destroyed. Blocking - aggressive, massive blocking and boycotting of spam supporting networks - is the only way to save e-mail.

Re:Why does he think it's spammers?

[dissy]

> I'm sure there are a million other guys out there with a thousand dollar a month
> T1 that is completely worthless for emailing customers thanks to these
> blocklists.

What you are wrong about is its not thanks to the blocklists, its thanks to the ISPs that have willingly chosen to use the blocklists, and share the same opinion as the people that run the blocklist, who do not want you to email them.

Do you think its only you that knows SPEWS blocks UUnet ?
The ISPs that use SPEWS know this too. They still use SPEWS. They do not want email to enter their network that comes from you!
Yes, even through about 4 levels of indirection, the networks you are trying to send email to have chosen to not want your emails.

Why are you blaming the blacklists for this?

You bitch and moan that it isnt fair to you to have your IPs blocked by those that want them blocked. You sound just like a spammer with that logic.

You may be happy to see SPEWS packeted until they are shut down, but what about my right to choose that I want to block email from people who spam, and people just like you, who use ISPs indirectly that support spam?

Are you so much more importaint than I that my right to choose not to recieve your email is less importaint than your right to force your emails upon me aginst my will?

Re:Why does he think it's spammers?

[drudd]

You claim it's a false analogy, but everything you bring up makes the analogy more apt in my mind.

These lists are basically operating under the assumption that punishing a large group of people weakly associated with undesired behavior will result in the elimination of that behavior by the minority of that group. The innocents are unable to do anything about the people they are affiliated with. The ISP is like a zoning commission. Yes, with enough complaints from their customers/constituents, they might change their ways, but in the short term, the people punished have no real control over the situation.

You also show why this tactic is doomed to failure. The honest non-spammers will continue to not spam, but be incredibly inconvenienced, while the spammers will ignore the edict and run around spamming on other networks.

Doug

Re:ever tried to get off SPEWS?

[cdrguru]

The problem isn't the ISP blocking "their" traffic - it is the ISP blocking other people's traffic. Usually without informing their customers that said blocking is occurring.

This results in their customers not receiving email. The decision that the sender of that email wasn't legitimate has been removed from the user and the sender and placed in the hands of some anonymous third party.

In general, the ISP answer to blocking complaints is they simply use the list and do not control the content of it. The blocking list provider - if contactable - claims they just make up the list and the use of it is outside of their control. This means nobody is accountable for blocking.

The problem with this sort of censorship - and it is indeed censorship - is the user never hears about it. When a business is blocked they quickly discover that blocking has made email unreliable for communications with customers. They can either abandon email for important stuff or they can try to convince the blockers that their commercial use of email is valid. This is extremely difficult. Why? Spammers use email - if you use email commercially, then you might be a spammer. If you get blocked and claim you were blocked in error, you might be lying. Spammers lie, so anything you say can be considered to be a lie. Why should anyone unblock a spammer?

Either email can be used for commercial purposes, or it cannot. Anti-spam folks want to ban all commercial use of email.

Re:ever tried to get off SPEWS?

[Just Some Guy]

So, write down in your day planner, right there on the date that your current contract is due to expire, this simple action item: negotiate next contract duration to be dependent on the provider not being blacklisted.

That's a great idea. On the other hand, I live in a small town with exactly one feasible ISP that's not a residential cable service with incoming port filters. My options are:

1. Stick with said ISP, who has excellent service, great staff, and reliable connectivity, even though their upstream ISP hosted a couple of spammers a few years ago and SPEWS hasn't unlisted the whole /12 of us, or:
2. Explain to my wife that we have to move to a new city so that I can send email to some Slashdot jackass who doesn't understand that some people don't have a viable option to change their service.

Hmmm. Let me think about that one for a while.

Re:Why does he think it's spammers?

[hawkfish]

Anyone who needs to point out someone elses political leanings in order to denigrate them generally has a soft spot for Chairman Mao.

Amusingly enough, this can be applied to Rush Limbaugh and most of the other right wing fruitcakes in the US. As it is written, "Choose your enemies wisely, for you will end up resembling them."

Re:Why does he think it's spammers?

[BasharTeg]

Are you so much more importaint than I that my right to choose not to recieve your email is less importaint than your right to force your emails upon me aginst my will?

I'm not emailing you asshole.

I'm emailing my customers who are users of ISPs who tell them nothing about their use of SPEWS. They then call us and claim they never got their bills or statements, and we're supposed to explain to them how THEIR ISP is behaving (choosing to throw away their legitmate emails without notifying them). Then when we tell them their ISP is using SPEWS and they call their ISP, their ISP's tech support retards tell the customers they have no idea what SPEWS is, and we look stupid and lose customers.

We are not spammers. We don't support spamming. But for the greater good of the anti-spam jihad, we are blacklisted because the ISP of our ISP doesn't willingly cancel spam accounts.

Your bullshit about YOUR right to choose to deny email from me is all great in theory. But the honest truth the anti-spam community doesn't think about is a majority of users "protected" by SPEWS don't know what SPEWS is, don't know they can and do lose legitimate email to it, and they wouldn't CHOOSE to use it if they had any idea what sort of ideology was behind it and how many innocent people are being filtered. You people use the ignorance of the masses to enforce your ideas of what anti-spam should be on everyone else, and those of us who have nothing to do with spamming must suffer for it.

No admin should employ SPEWS without properly educating the management of his company on the policies of SPEWS, including the potential loss of valid email. No ISP should employ SPEWS without educating their users of the policies of SPEWS, including the potential loss of valid email. If those two conditions were met, all of our customers who call us saying they didn't get their emails would know what SPEWS is and why they didn't get the emails they WANTED to receive from us.

Re:ever tried to get off SPEWS?

[CrowScape]

To use the common analogy, you live in a filthy crimeridden slum. Trying to send e-mail to my server is equivalent to calling and trying to have a pizza delivered to your house.

No, it's the equivalent of trying to go from the slum to the downtown area. With your analogy, the city has walled off the slum. Those who live in the slum and want to go into the city have to move out of the slum first. I wonder how well that policy would go down outside the digital realm. Besides, if I recall, the government seems to think that you do have the right to buy a pizza and have it delivered provided you're within a reasonable distance of the establishment that delivers even if you happen to live in a crime infested slum.

Re:Why does he think it's spammers?

[randyest]

Aha, there it is. Someone finally said it. See, too many people choose their ISP based on cost and quality of service alone. That seems like a reasonable thing to do, of course, and it is a pretty reasonable thing to do when considering most service types. Without SPEWS, it was (and is, now again, I guess) a workable way to choose an ISP.

But that was bad. Really bad. Because it created an environment that favored ISPs who let a spammer on at least once and a while, then moved them around or temporarily suspended their service (only to re-instate them after the heat died down). ISPs can generate income from excess bandwidth pretty easily and at their convenience by allowing spamming customers, and they can make a nice premium if they do so. This extra income allowed the unethical ISPs to make their prices more competitive, and possibly even afford to buy better equipment or more support staff. This gave (gives) an advantage to the spam-facilitating ISPs and a disadvantage to the honest, spam-hating ISPs.

People who choose their ISP based on cost and quality of service alone, disgregarding what annoying and in some cases illegal activities the ISP might be supporting, are the reasons that a SPEWS-less environment favors spam-friendly ISPs. This means you.

Consider one who does business with criminals. Maybe all available business in the area seems to be criminal, or all the legit folks are too costly or inconvenient to do business with. Or maybe he didn't bother to check on them and really didn't know. If his nefarious business associate slips him a counterfeit $100-bill which he then deposits at his bank, the Secret Service won't reimburse him when they take the bill away. He's out $100 because of the actions of those who he chose to do business with. His reasons for doing business with them in the first place, no matter how compelling, are irrelevant.

It's one of those unfortunate situations that sometimes arise in a system that's mostly unregulated and primarily left to market forces. It kinda sucks, but it's nothing new. Caveat emptor

Re:ever tried to get off SPEWS?

[Eric Ass Raymond]

No. The purpose is to get the end-users pissed-off at their ISP for providing service to spammers.

Ok.

Tell me how an ISP can be 100% sure that the new user application they just received will not be used for spamming?

That's fundamentally what SPEWS is requiring of the ISPs.

Do it to the Anti-Virus sites

[Supp0rtLinux]

Since the latest virii do DDoS attacks against the MS update sites and anti-spam sites, the really good virus writers would DDoS the anti-virus companies sites so that people couldn't get new definition files. Just imagine... if all the anti-spam sites were DDoS'd off the net and the next virus did the same to the update sites for MS and Symantic, McAfee, AVG, Skywalker, etc... the only choice would be to just turn off all the infected machines. Who knows how long it would take to get updates.

Re:ever tried to get off SPEWS?

[randyest]

So, the boycotters become the boycotted.

And that is perfectly OK! Really. Part of the reason that spam exists is it's largely unregulated environment. It's market-driven, and so SPEWS is a reasonable way of dealing with such a scourge when laws and regulations can't or won't help. Of course, by extension, it's perfectly OK for SPEWS to go away or fade into obscurity due to market backlash against it. It's worth noting that this did not happen. SPEWS was continuing to gain popularity.

But DDoS is not an OK way to make SPEWS go away. You know that. We all know that. Yet some people here are saying that the DDoS is OK because SPEWS is that bad. I take strong issue with that viewpoint.

Re:Why does he think it's spammers?

[drudd]

Changing ISP's is a very costly event, and one that no company worth anything takes on lightly.

The problem is it may be fine for you to want to press hard against ISPs and potentially drive them out of business if they're light on spammers. Fine, that's your choice, make your voice heard with your dollar. The rest of us have to make do with the resulting mess.

I don't care how easy it is to get un-blocked, the problem is there's still lag between being blocked, and finding that out, and then figuring out how, and sucessfully un-blocking your ip.

Doug

Distributed Spam List

[rahlquist]

Ok we have all this wonderful file sharing technology avalible, why not put it to good use. Why not build a distributed black list. One that is shared over an automated file sharing network similar to Napster or Kazaa. DDOS only works with a target, with 100 or more geographically diverse machines sharing it I wish them luck. Make being able to access the list depend on your willingness to share it out too. Of course someone would have to figure out the infrastructure but this would rock.

Re:ever tried to get off SPEWS?

[pebs]

Look, angry one: it works. Better than anything else. And, the few things a few loud voices are crying about are the very things that make (made) SPEWS work. It's really kind of funny to watch the round-and-round: "I don't spam but SPEWS blocked me!", "OK, change ISP's", "I can't", "Why not?", "I signed a contract", "Oh, too bad. Try smarthosting", "But it's not fair", "Yes, it is. Effective too.", "I hate SPEWS", "SPEWS loves you, though. It wants to be your friend. Pick a good ISP so that it can be your friend", "I want to keep my ISP", "OK, that's fine too. We just don't want your emails then", "But that's not fair! You should only block the actual spammers", "No, this way works. We like it this way; it stops spam.", "Well, I don't spam but SPEWS blocked me anyway", . . . lather rinse repeat.

Hmmmmm... This SPEWS guy seems like a real prick. No wonder he's getting DoSed.

Blacklists aren't the problem.

[MLC2012]

The real problem is large ISPs/backbones like UUNet/MCI [uu.net], Cogent [cogentco.net], Comcast [comcast.net], Level3 [level3.com], China Netcom [cnc.net.cn], AT&T [att.net], Brasil Telecom [telesp.net.br], and Above.net [above.net] (among others) who flat-out refuse to do anything about the spammers to whom they provide connectivity.

Complaints sent to any of them are promptly auto-acked and then /dev/nulled (if they don't bounce [rfc-ignorant.org]) and so the spammers keep on spamming, most likely due to ephemeral pink contracts and the crooked marketing/sales departments that agree to them, who then put pressure on abuse personel and network admins to ignore complaints about the contracted spammers.

Because of this, those large ISPs and backbones end up on blacklists, DNS blocklists, and a wide variety of other filters. For them, the money they make off the spammers seems to be of greater concern than the money they make off legitimate customers, i.e. those who end up with their netblocks on every blacklist because of who their providers are.

If it weren't for rogue ISPs and backbones, there would be little use for blacklists or blocklists. However, those reprehensible companies do exist. And because of their policies on spam, they continue to be blocked. Money gained from spammers guarantees the blacklists' continued existence.

It's all just cause and effect. As much as it sounds like a conspiracy theory, I truly believe that it isn't, after fighting spam, one email at a time, since 1997.