In article <linford-383BB2.22554203082...@news.supernews.com>, Steve Linford <linf...@spamhaus.org> wrote:
>In article <f8vht6$92...@ulm.shuttle.de>, > use-reply-to-mail...@remove-this.com (Claus v. Wolfhausen) wrote: >> Even if you would be right, and nobody would use that lists you should be >> glad about every user calling his provider and complaining about spammers, >> shouldn't you?
>No. People calling ISPs and saying "I want to complain of some spammers, >I don't know where but they're somewhere in your /12 and no I have no >proof" simply makes ISPs think "what a bunch of nutjob timewasters".
Does that happen?
I haven't read most of the APEWS threads on NANAE, but typically when someone complains about a listing, plenty of evidence (from NANAS or even Spamhaus) is provided.
>> There is nothing which can do an equivalent pressure to providers than >> angry customers calling them and having clue about their provider is the >> source of their problems.
>What "clue" and what "problems", imaginary ones you pretend exist?
Assuming the APEWS listing is correct (that there is really spam coming from the listed space), the problem is that spam. The clue is that the provider is responsible.
>> They will call their providers and complain about the spammers.
>> Real spamfighters should appreciate that, because it is helpfull to eliminate >> the spam problem.
>This is not any form of spam-fighting I understand,
Getting customers to leave spam-friendly providers is a very effective form of spam-fighting (when it works). Seen much spam from AGIS lately?
Seth
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
In article <linford-383BB2.22554203082...@news.supernews.com>, linf...@spamhaus.org says...
>> Even if you would be right, and nobody would use that lists you should be >> glad about every user calling his provider and complaining about spammers, >> shouldn't you?
>No. People calling ISPs and saying "I want to complain of some spammers, >I don't know where but they're somewhere in your /12 and no I have no >proof" simply makes ISPs think "what a bunch of nutjob timewasters".
People which came to nanae and got shown some evidences as IP's listed by the CBL or UCEPROTECT or even got told about ROSKO spammers will not call the provider and just tell "you have a spammer somewhere in your /12".
I have to wonder again that you seem to think all others are just idiots.
I guess those users which got detailed informations what the problem is will be no longer clueless and they will also tell details when they call their providers.
>> There is nothing which can do an equivalent pressure to providers than >> angry customers calling them and having clue about their provider is the >> source of their problems.
>What "clue" and what "problems", imaginary ones you pretend exist?
That was nothing specific for APEWS, it will always do pressure to an provider if multiple customers (knowingly the provider is hosting spammers, and therefore their mail was rejected) are complaining about being impacted by *any* blocklist.
>> It does not matter users are really at risk to get blocked or just got that >> imagination. What matters is the result only:
>> They will call their providers and complain about the spammers.
>> Real spamfighters should appreciate that, because it is helpfull to eliminate >> the spam problem.
>This is not any form of spam-fighting I understand, this is simply >bullshitting to the public and bullshitting to ISPs and making a bad >name for spam-fighters.
What do you think how many people giving money to a spamsewer having a clue their provider is actively providing support to spammers?
Most people hate spam. They would not give their money to such an blackhat if they would know the facts in first place.
Lists as UCEPROTECT or APEWS are opening their eyes, and most of those users are indeed shocked about the truth, some can not even believe it.
What you call "bullshitting" is one of the most effective strategies getting providers change and booting their spammers.
I guess you are maintaining SPAMHAUS since 1998? You behave like you would be the only person able to maintain a blocklist. If your strategies were sucessfull spam should be history meanwhile.
The facts that it gets more worse every year shows that there is a need for a more drastic approach.
Bad for the spam-fighters are blocklist operators tying to discredit users of other bloclkist naming them "a handful of cluebies running mail servers in their attics for 5 family friends and 3 cats"
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
On Aug 3, 8:11 pm, Matthew Sullivan <usenet-n...@sorbs.net> wrote:
> Claus v. Wolfhausen wrote:
> > SORBS and UCEPROTECT would not mirror zones which "sucks". > > That does not mean i recommend using APEWS for blocking.
> I mirror the zone because I was asked and it seemed sane at the time.
> I'm continuing to mirror it because I started to mirror it and people > *might* be using it. I don't mirror it because it does or doesn't suck, > and to be honest if APEWS uses me as an endorsement on it's quality, > it'll get a rude shock when I drop it without warning or notice.
unless you accept the fiction that uceprotect & wolfhausen are not responsible for the thing (and i know you've seen very convincing evidence debunking that fiction) that's exactly what they *are* doing, Mat.
adam
--
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
In <OsMsi.47245$YL5.21...@newssvr29.news.prodigy.net>, on 08/03/2007 at 09:35 PM, "Karl-Henry Martinsson" <na...@martinsson.us> said:
>I would use blackholes.us for that, why duplicate lists that already >exists? You also have to remember that the Spamhaus lists are widely >used, and if it block too much legitimate mail, the users would drop >it, and it would be less effective.
Spamhas only blocks mail going through its servers. Should spamhaus list the "too big to block" sewers in such a fashion[1] that the users could decide whether to take advantage of the data, the change would not cause any users to drop it.
[1] E.g., different DNS server, different code in the A record.
I reserve the right to publicly post or ridicule any abusive E-mail. Reply to domain Patriot dot net user shmuel+news to contact me. Do not reply to spamt...@library.lspace.org
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
1urk3r wrote: > On Aug 3, 8:11 pm, Matthew Sullivan <usenet-n...@sorbs.net> wrote: >> Claus v. Wolfhausen wrote:
>>> SORBS and UCEPROTECT would not mirror zones which "sucks". >>> That does not mean i recommend using APEWS for blocking. >> I mirror the zone because I was asked and it seemed sane at the time.
>> I'm continuing to mirror it because I started to mirror it and people >> *might* be using it. I don't mirror it because it does or doesn't suck, >> and to be honest if APEWS uses me as an endorsement on it's quality, >> it'll get a rude shock when I drop it without warning or notice.
> unless you accept the fiction that > uceprotect & wolfhausen are not > responsible for the thing (and i know
Well that's the thing - I know who *was* responsible for APEWS, and at the time it was *not* Wolfhausen, if that has changed then my previous mail serves as a warning.
Regards,
Mat
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
I think the real issue is that most people *like* email, and that spam is a problem that prevents email from functioning as the user expects... There is an ever so slight difference than "most people hate spam"
Most people also hate over-zealous anti-spam solutions that stop as much legitimate mail as the spam, as it also prevents email from functioning as the user expects.
> They would not give their money to such an blackhat > if they would know the facts in first place.
Most users don't care, they want their Internet, telephone, television, and automobile to just work. The don't want to know how it works, or have endless discussions over the pros and cons of PAL -vs- SECAM -vs- NTSC, the just want it to work for them. Nor do they really care what kind of shenanigans the sales department of channel-15 might be up to.
SgtChains
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
* no providing hosting, DNS, to spammers' web sites (of course)
* absolutely no IPs within their IP address space listed by any of the DNSBLs (not even the most rabid ones)
* no hosting of email drop-boxes for spammers
* no providing connectivity to anyone who spams, or to anyone whose customers spam, or to anyone whose customers customers spam
In other words, I'm looking for ISPs that are entirely clean, not those who clean up after their occasional incidents, but those who never have those occasional spews to begin with. I eagerly await your response, so that I will know whom I should be paying my internet access fees.
I expect that this list will be empty - that you will not be able to enumerate even one Internet Service Provider whose hands are entirely clean of spam.
So why don't you have all of the others listed in APEWS? They all are, to some degree or another, "spam supporters".
Regards GRB
-- --------------------------------------------------------------------- Greg R. Broderick usenet200...@blackholio.dyndns.org
A. Top posters. Q. What is the most annoying thing on Usenet? ---------------------------------------------------------------------
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
In article <1186194650.630209.27...@e9g2000prf.googlegroups.com>, adambro...@gmail.com says...
>unless you accept the fiction that >uceprotect & wolfhausen are not >responsible for the thing (and i know >you've seen very convincing evidence >debunking that fiction) that's exactly >what they *are* doing, Mat.
You are joking, aren't you? I took over the UCEPROTECT blocklist 6 weeks ago. How can i be responsible for the APEWS blocklist which started January 2007?
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
In article <46b4ed23$0$3151$ae4e5...@news.nationwide.net>, SgtChains-usenet2...@FahQ2.com says...
>Claus v. Wolfhausen wrote: >(snip) >> Most people hate spam.
>I think the real issue is that most people *like* email, and that spam >is a problem that prevents email from functioning as the user expects... > There is an ever so slight difference than "most people hate spam"
If people wouldn't hate spam, they would not use anti-spam solutions.
>Most people also hate over-zealous anti-spam solutions that stop as much >legitimate mail as the spam, as it also prevents email from functioning >as the user expects.
That was the reason i cleaned up the UCEPROTECT blocklists.
>> They would not give their money to such an blackhat >> if they would know the facts in first place.
>Most users don't care, they want their Internet, telephone, television, >and automobile to just work. The don't want to know how it works, or >have endless discussions over the pros and cons of PAL -vs- SECAM -vs- >NTSC, the just want it to work for them. Nor do they really care what >kind of shenanigans the sales department of channel-15 might be up to.
Indeed, but if they learn from their friends that mail just works at one provider while it doesn't at another provider they might decide to change.
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
In article <f931k0$90...@nemesis.sorbs.net>, usenet-n...@sorbs.net says...
>Well that's the thing - I know who *was* responsible for APEWS, and at >the time it was *not* Wolfhausen, if that has changed then my previous >mail serves as a warning.
It isn't hard to figure out who is responsible for APEWS. You can safely assume that hasn't changed.
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
In article <Xns99838BC399304tnalzrqrfcrnxrnfl...@io.blackholio.dyndns.org>, usenet200...@blackholio.dyndns.org says...
>Okay, I'm convinced. Please provide me a list of ISPs that don't "provide >support to" spammers. This should include:
<snip>
It is safe to assume there will be *no* provider which had *never* such issues. The question is: Did they learn from those problems?
Providers port 25 blocking their dialups, rate limiting their smarthosts, scanning customers mailservers for open relays / proxys / vulnerable scripts are seldom to be found in blocklists.
That are the ones i'd recommend.
>So why don't you have all of the others listed in APEWS? They all are, to >some degree or another, "spam supporters".
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
Claus v. Wolfhausen wrote: > In article <46b4ed23$0$3151$ae4e5...@news.nationwide.net>, > SgtChains-usenet2...@FahQ2.com says... >> Claus v. Wolfhausen wrote: >> (snip) >>> Most people hate spam. >> I think the real issue is that most people *like* email, and that spam >> is a problem that prevents email from functioning as the user expects... >> There is an ever so slight difference than "most people hate spam"
> If people wouldn't hate spam, they would not use anti-spam solutions.
You have missed the point completely.
People *like* email a heck of a lot more than they hate spam. Because if they didn't, they would simply abandon email.
>> Most people also hate over-zealous anti-spam solutions that stop as much >> legitimate mail as the spam, as it also prevents email from functioning >> as the user expects.
> That was the reason i cleaned up the UCEPROTECT blocklists.
Yet you still think that APEWS is a valid anti-spam solution... This puzzles me.
>>> They would not give their money to such an blackhat >>> if they would know the facts in first place.
>> Most users don't care, they want their Internet, telephone, television, >> and automobile to just work. The don't want to know how it works, or >> have endless discussions over the pros and cons of PAL -vs- SECAM -vs- >> NTSC, the just want it to work for them. Nor do they really care what >> kind of shenanigans the sales department of channel-15 might be up to.
> Indeed, but if they learn from their friends that mail just works at one > provider while it doesn't at another provider they might decide to change.
Riiiight.
SgtChains
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
In article <46b750b1$0$3157$ae4e5...@news.nationwide.net>, SgtChains-usenet2...@FahQ2.com says...
>You have missed the point completely.
>People *like* email a heck of a lot more than they hate spam. Because >if they didn't, they would simply abandon email.
I guess that is not true. People like *clean* email and still hoping that at least *one* valid mail might be in their inbox.
Having a business one expects you to have an email address.
That might be the only reason email is still used.
>>> Most people also hate over-zealous anti-spam solutions that stop as much >>> legitimate mail as the spam, as it also prevents email from functioning >>> as the user expects.
>> That was the reason i cleaned up the UCEPROTECT blocklists.
>Yet you still think that APEWS is a valid anti-spam solution... This >puzzles me.
Wrong. I said it might be usable in a scoring system or as an advisory.
No blocklist is nor will ever be a valid anti-spam solution itself.
Even Steve Linford is known to screwup from time to time.
You could also have lost valid emails from nic.at if you had used SPAMHAUS for blocking not so long ago.
Just google for "spamhaus + nic.at" if you do not believe me.
Any valid anti-spam solution is therefore a combination of independant measures installed to make decisions based on.
You should at least have a whitelist with those you expect mail from using *any* blocklist.
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
On Thu, 02 Aug 2007 21:53:20 +0000, E-Mail Sent to this address will be added to the BlackLists wrote:
> Mark Roberts wrote: >> ... since almost no one asking for list removal is >> posting actual rejected emails, >> it seems likely that they're only find out that they're >> listed because someone is contacting than and telling them so.
> I think many are DNSstuff alert subscribers (or something like that).
Actually, DNSStuff stopped including APEWS in the RBLAlert service a couple months back. It still displays on their RBL lookup, though.
Wolfhausen) wrote: > In article <46b750b1$0$3157$ae4e5...@news.nationwide.net>, > SgtChains-usenet2...@FahQ2.com says...
> >You have missed the point completely.
> >People *like* email a heck of a lot more than they hate spam. Because > >if they didn't, they would simply abandon email.
> I guess that is not true. > People like *clean* email and still hoping that at least *one* valid mail > might be in their inbox.
> Having a business one expects you to have an email address.
> That might be the only reason email is still used.
> >>> Most people also hate over-zealous anti-spam solutions that stop as much > >>> legitimate mail as the spam, as it also prevents email from functioning > >>> as the user expects.
> >> That was the reason i cleaned up the UCEPROTECT blocklists.
but it took you a very long time, johan, and you're still sullying the whole enterprise with your "apews" hoax..
> >Yet you still think that APEWS is a valid anti-spam solution... This > >puzzles me.
> Wrong. I said it might be usable in a scoring system or as an advisory.
> No blocklist is nor will ever be a valid anti-spam solution itself.
> Even Steve Linford is known to screwup from time to time.
> You could also have lost valid emails from nic.at if you had used SPAMHAUS > for blocking not so long ago.
> Just google for "spamhaus + nic.at" if you do not believe me.
aha! at last i understand your hostility to spamhaus & steve linford. johan, you've been drinking the teutonic koolaid. maybe steve linford "screwed up" in your own opinion, but outside of german-speaking countries, there wasn't much outrage over that flap.
in fact, nic.at was rightly listed as a spam support service, in my own opinion (and of many others) in spite of the lock-step marching of the german press on the subject. further, nic.at's excuse ("we only follow the law") is utter baloney. they "follow the law" when it suits them, but not every german speaker is fooled:
"TIWAG für den Versuch, einen Kritiker mundtot zu machen"
so it seems that law nic.at is so devoted to can be set aside when the money is right.
chris at mcafee expressed a much more realistic viewpoint, to which you were perhaps not exposed in the german-speaking press. here's a handy hyperlink:
> Any valid anti-spam solution is therefore a combination of independant > measures installed to make decisions based on.
> You should at least have a whitelist with those you expect mail from > using *any* blocklist.
that's obvious, of course.
adam
--
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
Claus v. Wolfhausen wrote: > In article <46b750b1$0$3157$ae4e5...@news.nationwide.net>, > SgtChains-usenet2...@FahQ2.com says... (snip) >> Yet you still think that APEWS is a valid anti-spam solution... This >> puzzles me.
> Wrong. I said it might be usable in a scoring system or as an advisory.
Actually, what you said in <f8vht6$92...@ulm.shuttle.de> was; "In my opinion the APEWS lists are excellent as an advisory or to be used in scoring systems." I'm not parsing your original words as you are attempting to portray them now, but I really don't care enough to push the issue.
I have no idea now you would intend to use APEWS as an advisory, but as for scoring, you can not fix a broken DNSBL by simply scoring it.
An example;
In another thread (Worth of a DNSBL) I suggested that we can apply math to the issue and suggested a formula;
Note: Work in progress. The value of 10 here that is multiplied against percent_false_positives might change, but it is more likely to be more than less in the finished formula.
If we use nofalsenegative.stopspam.samspade.org (lists all of IPv4) to block the result is; ( 100 - ( 100 * 10 )) * ( 1 / 1 ) = -900
If we set our spam threshold to 5, and use nofalsenegative with a value of 1 the result is; ( 100 - ( 100 * 10 )) * ( 1 / 5 ) = -180 ( one fifth of -900 )
Not as bad right? Wrong, its still just as bad.
Let's say that we have some others lists that we are using;
They each have more or less the same [broken] policy, and list all of IPv4... This results in; ( 100 - ( 100 * 10 )) * ( 1 / 5 ) + ( 100 - ( 100 * 10 )) * ( 1 / 5 ) + ( 100 - ( 100 * 10 )) * ( 1 / 5 ) + ( 100 - ( 100 * 10 )) * ( 1 / 5 ) + ( 100 - ( 100 * 10 )) * ( 1 / 5 ) = -900
Scoring a broken DNSBL does not fix the problems with its policy, or the number of false positives it has. It only masks the problem making it less obvious as to just how broken the thing really is.
> No blocklist is nor will ever be a valid anti-spam solution itself.
Some come pretty darn close, and most don't make the situation worse than it already is.
> Even Steve Linford is known to screwup from time to time.
> You could also have lost valid emails from nic.at if you had used SPAMHAUS > for blocking not so long ago.
Steve Linford and Spamhaus are known to screwup a heck of a lot less than UCEProtect and its evil twin APEWS.
SgtChains
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
On 2007-08-03, Claus v. Wolfhausen <use-reply-to-mail...@remove-this.com> wrote:
> First let me say that i would have expected such an subject and that content > from M.Ciprut, but not from the SPAMHAUS operator.
It's hardly an opinion unique to Spamhaus.
> Really strange to see you are claiming your private opinions as facts here. > You have no prove how many systems are using the APEWS lists and for what > reasons. You do not run their mirrors.
The evidence of the non-use of APEWS is everywhere, from the fact that almost no one complaining of a listing can produce a bounce message, to the fact that the participants of large high-profile mailing lists don't complain about (or even notice) the fact that the listserver is listed on APEWS.
> Even if you would be right, and nobody would use that lists you should be > glad about every user calling his provider and complaining about spammers, > shouldn't you?
Only if:
a) the provider actually does have spammers b) the user calling the provider can actually supply usable information about who or where those spammers are c) the provider hadn't already taken all necessary steps themselves
Unless _all three_ of those conditions are met, it's not helpful for the users to complain, is it?
Let's take an example. The /20 block that contains my home (static) DSL is listed in APEWS, this block also contains the provider's smarthost. The listing says nothing more than the usual "One or more bots in ASN / CIDR, unprofessional / negligent owner" garbage.
There is exactly one recent hit in .sightings for that range (not from the smarthost). This is clearly from an infected machine.
There are no current CBL listings for that range.
There are no hits for it in any of the spamtraps I have access to.
Historical data suggests that there have been about four CBL listings over that /20 in the past three months. (For comparison, the not-quite-/19 netblock that contains unimatrix.admins.ws has more than five times that number of listings over the same period, and repeated hits in our spamtraps.)
None of this indicates any deficiency on the part of the provider. There is no reasonable complaint I can make to them (there's no sign of ongoing spam, or repeated incidents from the same customer). There's no point in me moving to another provider, because every other one I could use is either already listed in APEWS too, or is almost certain to become listed based on the observed behaviour. (The fact that, as I posted elsewhere, APEWS is currently listing 38% of all routable IP space makes it clear that trying to avoid being listed will always be a losing proposition; by comparison, SPEWS never listed more than about 2% of active IP space.)
So the listing is serving no purpose other than helping to guarantee that nobody will ever use APEWS.
> Most providers panic if lots of customers are complaining because of spammers > exists in the same netblock and they begin realizing to be just a bunch of > IP's away to get a complete /16 escalated up to UCEPROTECT-Level 3.
What's the point in escalating to a /16 when so often it'll end up crossing an allocation boundary and catching entirely unrelated ISPs?
> It does not matter users are really at risk to get blocked or just got that > imagination. What matters is the result only:
> They will call their providers and complain about the spammers.
In other words your purpose is simply to harass every ISP in the world, regardless of whether they are keeping a clean network or not?
> Real spamfighters should appreciate that, because it is helpfull to eliminate > the spam problem.
Real spamfighters know how to tell the difference between clean and dirty networks.
> The question is therfore: What is your problem with APEWS?
The problem is not that they exist, or even their listing policy. The _only_ problem is this dishonest attempt to get users to complain to ISPs _even_ when the ISP is doing their job well, plus the noise generated in these groups as a result.
> It seems to me you worry about who will pay you tomorrow, if APEWS > would be sucessfull and spam disappear.
This is the logical fallacy known as "ad hominem circumstantial".
_I_ don't get paid anything at all for fighting spam.
> It is a fact that APEWS is using other DNSBL's searching spam sources. > I got a mail from Al Iverson, he also noticed that there are sometimes ranges > listed by APEWS shortly after they were seen on the UCEPROTECT blocklists.
> Investigating i found that our lists are indeed also downloadet by APEWS.
If I were you I'd stop that. Your defense of the stupidity of APEWS will quite quickly undo all your attempts to reverse the damage done to your own reputation by your former spokesman Mr. Steigenburger.
It's also a fact that APEWS is _misusing_ other sources of data. The people at SANS have repeatedly complained about abuse of their data with no apparent effect (see http://isc.sans.org/diary.html?storyid=3189 for details).
> If you would be a real spamfighter, you would not knowingly ignore the worst > spamsewers, you would appreciate what APEWS does instead.
Fortunately you don't get to decide who is a "real" spamfighter or not.
> SORBS and UCEPROTECT would not mirror zones which "sucks".
Matthew has already answered that one for SORBS. As for why uceprotect would choose to mirror a zone whose creation they were obviously closely involved in starting, well, that doesn't take much imagination to figure out.
> That does not mean i recommend using APEWS for blocking.
> In my opinion the APEWS lists are excellent as an advisory or to be used in > scoring systems.
Well, for something to be useful in a scoring system, it needs to have some positive predictive power. That is, the probability that the mail is spam, given that you know it is from a listed IP, must be higher than the probability it was spam before you looked up the listing.
When the false-positive rate of a test is as high as its hit rate, then there is no predictive power. Obviously, it's hard to measure the FP rate with any accuracy, and it will differ significantly between users, but my analysis of my personal mail and our support mail suggests that the real FP rate of APEWS is _much higher_ than the figures from Al Iverson's analysis (which is biased towards bulk sources).
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
Andrew - Supernews <andrew+non...@supernews.net> writes:
> It's also a fact that APEWS is _misusing_ other sources of data. The people > at SANS have repeatedly complained about abuse of their data with no apparent > effect (see http://isc.sans.org/diary.html?storyid=3189 for details).
I've complained as well, also to no effect. At the very least, I'd like to have news.admin.net-abuse.sightings remain uncited in their reports.
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
In article <tskirvin.20070808164710$0...@cairo.ks.uiuc.edu>,
Tim Skirvin <tskir...@killfile.org> wrote: > I've complained as well, also to no effect. At the very least, >I'd like to have news.admin.net-abuse.sightings remain uncited in their >reports.
The reason that I post to nanas is to make the spam public. I want it cited to the responsible party as much as possible.
Seth
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
In article <1186544088.251235.172...@g12g2000prg.googlegroups.com>, Larry M. Smith <SgtCha...@gmail.com> wrote:
>I have no idea now you would intend to use APEWS as an advisory, but >as for scoring, you can not fix a broken DNSBL by simply scoring it.
It is quite possible that a DNSBL is worthless for blocking purposes (too many false positives), but quite useful for scoring: when including it in scoring, the number of true positives increases, and the number of false positives doesn't (or even drops). That's clearly possible if I define the DNSBL retroactively (base it on my corpus and its existing scores in order to prove my point), therefore it's possible for a DNSBL defined some other way.
Seth
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
se...@panix.com (Seth) writes: >> I've complained as well, also to no effect. At the very least, >> I'd like to have news.admin.net-abuse.sightings remain uncited in their >> reports. > The reason that I post to nanas is to make the spam public. I want it > cited to the responsible party as much as possible.
Well, fine, do that, but don't just say "you were cited in NANAS so you're a spammer" - or, if you *do* have to do that, at least point at the Message-IDs. And make sure you reiterate the disclaimer - the moderator(s) haven't vetted the submissions, so please don't contact them (me) if you have any problems.
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
Tim Skirvin wrote: > se...@panix.com (Seth) writes:
>> The reason that I post to nanas is to make the spam public. I want it >> cited to the responsible party as much as possible.
> Well, fine, do that, but don't just say "you were cited in NANAS > so you're a spammer" - or, if you *do* have to do that, at least point at > the Message-IDs. And make sure you reiterate the disclaimer - the
I'll have to second Seth on that. NANAS is a valuable resource in order to verify submissions to dnswl.org, although the postings have to be taken with at least two grains of salt.
Most hits are due to faked From: or Received: lines which have no value, but those that *do* point to the real source are helpful. However, it's sometimes difficult to differentiate between fake and real, since the reader can not know the poster's setup.
It would hence be nice if the posters put some sort of summary at the top of their NANAS postings, citing the IP address and hostname of the source and possibly spamvertized websites, nameservers etc.
I don't need it in a machine-parseable format, but others may, so a unified format may make sense.
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
> Tim Skirvin wrote: > > se...@panix.com (Seth) writes:
> >> The reason that I post to nanas is to make the spam public. I want it > >> cited to the responsible party as much as possible.
> > Well, fine, do that, but don't just say "you were cited in NANAS > > so you're a spammer" - or, if you *do* have to do that, at least point at > > the Message-IDs. And make sure you reiterate the disclaimer - the
> I'll have to second Seth on that. NANAS is a valuable resource in order > to verify submissions to dnswl.org, although the postings have to be > taken with at least two grains of salt.
> Most hits are due to faked From: or Received: lines which have no value, > but those that *do* point to the real source are helpful. However, it's > sometimes difficult to differentiate between fake and real, since the > reader can not know the poster's setup.
> It would hence be nice if the posters put some sort of summary at the > top of their NANAS postings, citing the IP address and hostname of the > source and possibly spamvertized websites, nameservers etc.
This is an interesting format...at least it seems to do what you want are asking for:
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
In article <tskirvin.20070809003924$3...@cairo.ks.uiuc.edu>,
Tim Skirvin <tskir...@killfile.org> wrote: >se...@panix.com (Seth) writes:
>>> I've complained as well, also to no effect. At the very least, >>> I'd like to have news.admin.net-abuse.sightings remain uncited in their >>> reports.
>> The reason that I post to nanas is to make the spam public. I want it >> cited to the responsible party as much as possible.
> Well, fine, do that, but don't just say "you were cited in NANAS >so you're a spammer" - or, if you *do* have to do that, at least point at >the Message-IDs.
I see the issue: sure, the citations should be _specific_. Merely saying "grepping NANAS for you wasn't empty therefore . . ." is rather meaningless. It also isn't citing my (or any specific) articles. Saying "These 10 articles in NANAS show spam emanating from your network this week" is useful.
Seth
-- Comments posted to news.admin.net-abuse.blocklisting are solely the responsibility of their author. Please read the news.admin.net-abuse.blocklisting FAQ at http://www.blocklisting.com/faq.html before posting.
|
