Before the flame begins..
I'm not sure when this started..
Background:
We have a downstream ISP, who hosts a website of questionable material.
This customer (of our customer) used a third party to spam on their behalf..
Which is a violation of our AUP. (In fact we null0 the /32 in question).
Problem:
For some reason, spews has decided to now block one of our /19.. Ie no mail
server in the /19 can send mail.
Questions:
1) How do we smack some sense into spews?
2) Does anyone else see a HUGE problem with listing a /19 because there is
one /32 of a spam advertised website? When did this start happening?
Regards,
Mark
Before the flame begins..
I'm not sure when this started..
Background:
We have a downstream ISP, who hosts a website of questionable material.
This customer (of our customer) used a third party to spam on their behalf..
Which is a violation of our AUP. (In fact we null0 the /32 in question).
Problem:
For some reason, spews has decided to now block one of our /19.. Ie no mail
server in the /19 can send mail.
Questions:
1) How do we smack some sense into spews?
Very difficult.... we had a similar problem. One bad customer and SPEWS
blackholes not only our corporate LAN but also my HOME address range,
and that of my home ISP, who was not even peripherally involved.
We just had to sit it out, as SPEWS is not accountable, or contactable.
Eventually the listing decayed, but it was a real problem for us while
it lasted.
2) Does anyone else see a HUGE problem with listing a /19 because there is
one /32 of a spam advertised website? When did this start happening?
Since SPEWS, with its complete lack of accountability, started being
used by respectable spam blocking software. Yes, its a massive problem.
Nigel
We had this problem a while back too. One particular problem is that the
relays.osirusoft.com block-list - which seems to be used by an awful of
people - aggregates data from several dozen sources, including spews.
Check out www.antispews.org
-kyle
There are two SPEWS lists.
SPEWS[1] lists direct spam sources as accurately as /32
SPEWS[2] includes SPEWS[1] plus collatteral damage.
to clarify, nothing more.
-bryan bradsby
> Check out www.antispews.org
> -kyle
There are two SPEWS lists.
SPEWS[1] lists direct spam sources as accurately as /32
Which is the list that our corporate servers and my home lan ended up
on, despite never having sent direct spam
SPEWS[2] includes SPEWS[1] plus collatteral damage.
Which was the rest of our address range and that of my home ISP
to clarify, nothing more.
The intent of the double spews listing is good, but it isn't adhered to
in practice.
I tend to agree. We had the same issue a customer who we did not know was
a spammer did something similar and they listed our blocks. I terminated
the customer. I believe spews has a newsgroup that is listed on their
site you can post to but more than that I'm not certain. Also its funny
how they don't block all the blocks originated by cnw <where the spam in
my case originated> but listed mine. Either way I think you did the
correct thing the deal now is to post to the newsgroup and let them know
you cleared the issue.
That's all I have heard can be done.
Are you billing and presumably suing (if they don't pay) the owners of
the website et al for the damages they've caused your business by all
this?
If not you're just subsidizing their attempt to profit off of mayhem
at your expense.
The question of course is rhetorical.