Quick Comment as a NANOG lurker and SPEWS lurker
(news.admin.net-abuse.email). I'm not defending SPEWS, don't speak for
SPEWS but will describe what I understand happens:
SPEWS initially lists offending IP address blocks from non-repentant SPAM
sources. If the upstream ISP does nothing about it, that block tends to
expand to neighboring blocks to gain the attention of the ISP.
High level concept:
Block the SPAMMER
- ISP Does nothing
Block the SPAMMER's Neighboring Blocks (Collateral Damage)
- Motivates neighbors to find new Upstream/Isp
- Motivates neighbors to complain to upstream/ISP
- Gains the attention of the Upstream/ISP
Expand the Block
- Ditto
Block the ISP as a whole
The SPEWS concept prevents an ISP from allowing spammers on some blocks
while trying to service legitimate customers on others. For an ISP - it is
either all or none over time, you support spammers and are blocked as a
whole (to include innocent customers).
If you do end up mistakenly on SPEWS or take care of your spamming customers
- you can appeal to them at news.admin.net-abuse.email, get flamed pretty
bad, and eventually fall off the list.
I do personally like the idea of holding the ISP as a whole accountable over
time. An ISP can stay off spews, I've never had a block listed - though
when I'm in a decision making position, I've never tolerated a spammer.
Hansel
I could understand if an ISP was allowing spam from a portion of there network. But in this case the only thing that the ISP did is host a website, the SPAM was sent from from a third party's network. The ISP did terminate the customer but in the meantime the entire NSP's network has been blacklisted, for a rouge webhosting account does sound a bit harsh.
Hello Hansel,
Tuesday, December 10, 2002, 3:08:20 PM, you wrote:
The SPEWS concept prevents an ISP from allowing spammers on some blocks
while trying to service legitimate customers on others. For an ISP - it is
either all or none over time, you support spammers and are blocked as a
whole (to include innocent customers).
Not speaking for or against SPEWS, but couldn't this eventually work
against people using the list? If I were a spammer I would keep
signing up for accounts, and getting larger and larger blocks of IP
Addresses added to the SPEWS list. Eventually, so many blocks would
be added to the list, that it would make SPEWS worthless.
Once SPEWS is worthless, people will stop using it, and the spammers
win.
allan
A spam blocking service that worked that way would be useless. Anyone could
get any site they didn't like blacklisted simply by spamvertising it. Anyone
who uses a spam blocking list that works that way is DoSing themselves.
DS
That is exactly what was done to to Futureway a third party spammed for a site hosted by a downstream ISP and the result was there entire network begging blacklisted by SPEWS.
I like Segal's DoS idea, except instead of the packet generators, let's
be nice and just DDoS port 25 on the sunzofbiatches mail servers/load
balancers...
fight fire with fire... 