I've had a little run-in with SPEWS, and the crowd on
news:news.admin.net-abuse.email.
I'm curious; do folks take these guys serious?
I'll admit, we had an issue with a customer who spammed, and it took us a
little while to zap him. Nevertheless, he was zapped. He had a /27, and
SPEWs listed the entire /24 surrounding it. When I asked about this, they
said, in not-so-many-words, that by doing this, punishing innocent
bystanders, that as long as the ISP noticed and fixed the issue, this was
essentially OK to do.
Of course, I disagreed, and was called all sorts of names that I'd not
used since I was 14.
So, to the point; what is the consensus on SPEWs? I've never really
noticed them until this point.
-- Alex Rubenstein, AR97, K2AHR, alex@nac.net, latency, Al Reuben --
-- Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Overzealous to say the least (i.e. without using language used by people
at spews which by itself should already say something about how professional
they are). Its used primarily by very small sstem operators and I don't
know any isp of any serious size (i.e. over 1000 users or domains) that is
using them, but things maybe changing as other blacklists used before by
isps have been shutdown.
They do also the most number of dns servers for one domain (that I know
of) which is the reason I regularly run whois on them to check completewhois.com engine performance.
So, to the point; what is the consensus on SPEWs? I've never really
noticed them until this point.
It's sort of an interesting concept but at least in my opinion it is
unusable as a blacklist. Did you find the listing was causing a lot of
mail to bounce?
I've had a little run-in with SPEWS, and the crowd on
news:news.admin.net-abuse.email.
I'm curious; do folks take these guys serious?
You don't have much choice. I don't know how commonly SPEWS itself is
used to refuse email, but for some times it's been incorporated into
relays.osirusoft.com, which, AFAIK, is one of the more commonly used
dnsbl's. If you're listed in SPEWS, lots of sites will refuse your email.
NANAE is a tough crowd. According to some there, I'm a spammer.
I'll admit, we had an issue with a customer who spammed, and it took us a
little while to zap him. Nevertheless, he was zapped. He had a /27, and
SPEWs listed the entire /24 surrounding it. When I asked about this, they
said, in not-so-many-words, that by doing this, punishing innocent
bystanders, that as long as the ISP noticed and fixed the issue, this was
essentially OK to do.
I'm curious how you got into SPEWS, and why they chose to hit just the /24
and not a much larger block. They claim to track and pre-emptively block
known spammers. Was this a new customer that recently switched to your
service and likely spammed before and got their previous ISP into
SPEWS?...or was this an isolated spam incident followed by a surprise
listing in SPEWS?
I hate these people. I've been in a block listed by SPEWS for quite some
time, over 2 spams from customers in like 2 years. They didn't send mail
to abuse@, they just started blacklisting every IP they could find and
justifying it by claiming that the ISPs involved need to be filtered until
the customers are gone.
What ticks me off is there is noone to talk to about it, you are expected
to grovel on some usenet group and hope that they are reading and will
remove you after sufficient heckling. The problem is that all the
thousands of people installing Spam Assassin have it set to check relays.osirusoft.com with enough weight to kill an email by default,
osirusoft references many lists with political agendas, and then mail
starts bouncing.
I for one refuse to play that pathetic little game, I keep myself listed
as an example of why people should not use them. So far I've had a fairly
large number of people who decided they would rather get email from me,
but it's still mildly annoying.
Not to sound too much like our friend Mitch, but people who run blackholes
with agendas are really sitting on a lot of power to abuse. The end users
who install software like Spam Assassin usually have no idea that a couple
chains down the link there are insane people injecting bunk data.
What ticks me off is there is noone to talk to about it, you are expected
to grovel on some usenet group and hope that they are reading and will
remove you after sufficient heckling. The problem is that all the
I haven't actually tried using any of this info...but
Domain, Contact chip@sendmail.ru
Sergei ''chip'' Didorenko
Visit Lake Biakal! :: http://baikal.irkutsk.org
po box 61, Baikalsk-2
Irkutsk region, -- 665914
RU
(7-3952) 348-335
(7-3952) 348-335
I wonder what it costs to call Russia? I also wonder...can you register
domains you really don't want to be contacted about with 900 numbers? Now
that would be cool. 'You want to call and whine...ok, but it's going to
cost you.'
Not to sound too much like our friend Mitch, but people who run blackholes
with agendas are really sitting on a lot of power to abuse. The end users
who install software like Spam Assassin usually have no idea that a couple
chains down the link there are insane people injecting bunk data.
That's their fault though for using a blacklist or software without
looking into how it works or what its policies are. A blacklist is only
as powerful as the people using it make it. If it pisses off its users
too many times, they'll quit using it. If you're listed on a blacklist
nobody uses, does your mail get blocked?
1) If you don't like SPEWS/Osirusoft, set the score to 0 on your server
Quite honestly, I don't think you'll convince the SA developers to set
the score to 0.
2) You seem to be missing the entire point of SpamAssassin, it allows you to
combine several RBLs and only reject/flag the Email if several factors
combined hint that the message is spam
3) Osirusoft returns 8 different codes depending on the match for an IP http://relays.osirusoft.com/faq.html
If you don't like SPEWS, just don't pay attention to 127.0.0.6
Stick this in local.cf:
header X_OSIRU_SPAMWARE_SITE eval:check_rbl_results_for('osirusoft', '127.0.0.6')
describe X_OSIRU_SPAMWARE_SITE Don't trust spews
score X_OSIRU_SPAMWARE_SITE -2.0
I'll admit, we had an issue with a customer who spammed, and it took us a
little while to zap him.
Quantify "a little while". (I'm not trying to be argumentative here...)
Nevertheless, he was zapped. He had a /27, and
SPEWs listed the entire /24 surrounding it. When I asked about this, they
said, in not-so-many-words, that by doing this, punishing innocent
bystanders, that as long as the ISP noticed and fixed the issue, this was
essentially OK to do.
I agree with that, *if* initial notifications to the ISP are ignored.
Escalations are then in order, definitely.
Overzealous to say the least (i.e. without using language used by people
at spews
Uh...
Most of the people that were yelling at Alex probably had absolutely
nothing to do with SPEWS. NANAE != SPEWS.
which by itself should already say something about how professional
they are). Its used primarily by very small sstem operators and I don't
know any isp of any serious size (i.e. over 1000 users or domains) that is
using them,
Any non-contactable blacklist should not be taken serious. Posting to a
public forum (ie usenet) to contact the maintainer of such is list is not
acceptable and I for one can not understand why any responsible site
administrator would use such a list.
Any non-contactable blacklist should not be taken serious. Posting to a
public forum (ie usenet) to contact the maintainer of such is list is
not
acceptable and I for one can not understand why any responsible site
administrator would use such a list.
I've always had the impression that SPEWS did this to make legal
action difficult. Many of the other RBL, ORB, are targets of legal
action. If it is difficult to contact "them" how does one pursue
the matter?
SPEWS has no due process procedure for handling issues and the flip
side of that is that there is no clear-cut process for dealing with
them legally either. I would guess that by "raising the bar" for
their responsibility they are also, ultimately, setting themselves
up for a larger action, perhaps even under RICO. I see them as some
kind of amorphous SPAM militia.
Responsible, overloaded administrators might. IMHO blacklists should
always be local to the organization. Anything else is to abdicate
responsibility for the result because what constitutes SPAM is a
subjective judgment. (analagous to what constitutes pornography.)
You can sue someone without even knowing their name, much
less having any contact with them. And once you have, it becomes
trivially easy to both identify and locate them, with the full
blessing of the legal system.
We also ran into a problem with the guys from news.admin.net-abuse.email.
I think that they are a bunch of cklueless people trying to do anti-spam
by personal vendettas. one of the guys actually told me that MAPS was a
dead issue ever since they 'allowed' a company to spam because they
received a sum of money for it. I doubt Paul would enjoy hearing about
this, but I also think he isn't suprised. SPEWS is not a good service,
yet you get all these system admins with a chip on their shoulder to
back it up and support it.
