Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ASPEWS listing persists although no spam

8 views
Skip to first unread message

Grant

unread,
Nov 14, 2008, 7:08:22 AM11/14/08
to
Well, I have followed many of the helpful suggestions here, as well as
ensured that old ARIN SWIP data as well as rDNS has been purged.

I have checked for listings regularly on most DNSBLs using the tools at
dnsstuff.com and dnsbl.com and our ranges have remained very clean.

Our abuse desk is staffed and monitored 24 hours and swiftly responds to
complaints.

Obviously, all valid mail hosts have PTRs to match.

And yet we are still listed here: http://www.aspews.org/?s=virtbiz

So my question is this: is ASPEWS just a dead list and it is not
maintained actively? Or does whoever maintains the list just not keep
up with listings? From my research, I'm not the only one to wonder this!

Or if there is really somebody that is still running the list, then what
in the world can be done to display to whoever that is that the network
is clean, and request delisting?

Grant T.
og...@yahoo.com
972-805-0579

--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.

D. Stussy

unread,
Nov 14, 2008, 2:42:42 PM11/14/08
to
"Grant" <og...@yahoo.com> wrote in message
news:6o5e0qF...@mid.individual.net...

> Well, I have followed many of the helpful suggestions here, as well as
> ensured that old ARIN SWIP data as well as rDNS has been purged.
>
> I have checked for listings regularly on most DNSBLs using the tools at
> dnsstuff.com and dnsbl.com and our ranges have remained very clean.
>
> Our abuse desk is staffed and monitored 24 hours and swiftly responds to
> complaints.
>
> Obviously, all valid mail hosts have PTRs to match.
>
> And yet we are still listed here: http://www.aspews.org/?s=virtbiz
>
> So my question is this: is ASPEWS just a dead list and it is not
> maintained actively? Or does whoever maintains the list just not keep
> up with listings? From my research, I'm not the only one to wonder this!
>
> Or if there is really somebody that is still running the list, then what
> in the world can be done to display to whoever that is that the network
> is clean, and request delisting?

I don't even see how you got pulled into this. Your only association
appears to be sharing the same 17 leading bits of the IPv4 address, but it's
also clear that your network is a /21 and the spammer's is a non-overlapping
/25 - so had they listed the spammer's entire network, it shouldn't have
included you. It appears that you have no control over the spammer's
operation.

Anything in the concept of the original SPEWS is a knee-jerk reaction that
has no credibility. I'd ignore the problem.

Matthias Leisi

unread,
Nov 14, 2008, 3:16:56 PM11/14/08
to
Grant schrieb:

> So my question is this: is ASPEWS just a dead list and it is not
> maintained actively? Or does whoever maintains the list just not keep
> up with listings? From my research, I'm not the only one to wonder this!

Do you have any rejected or filtered emails due to the ASPEWS listing?

-- Matthias

Grant

unread,
Nov 16, 2008, 5:57:17 AM11/16/08
to
Matthias Leisi wrote:
> Grant schrieb:
>
>> So my question is this: is ASPEWS just a dead list and it is not
>> maintained actively? Or does whoever maintains the list just not keep
>> up with listings? From my research, I'm not the only one to wonder this!
>
> Do you have any rejected or filtered emails due to the ASPEWS listing?

Yes, every once in a while, I do get a NDR like this:
<<< 554 5.7.1 Service unavailable; Client host [208.77.216.243] blocked
using aspews.ext.sorbs.net; Access Denied See:
http://www.aspews.org/?ip=208.77.216.243
554 5.0.0 Service unavailable

But we also get customers that complain sometimes that their email is
rejected because of the ASPEWS listing. It is not "all the time" but we
would like to eliminate it completely if possible!

Grant T.
og...@yahoo.com
972-805-0579

David W. Hodgins

unread,
Nov 16, 2008, 1:40:22 PM11/16/08
to
On Sun, 16 Nov 2008 05:57:17 -0500, Grant <og...@yahoo.com> wrote:

> Yes, every once in a while, I do get a NDR like this:
> <<< 554 5.7.1 Service unavailable; Client host [208.77.216.243] blocked
> using aspews.ext.sorbs.net; Access Denied See:

I have no idea if this is having an impact on the aspews listing, but if
you go to http://www.uceprotect.net/en/rblcheck.php?asn=40395 and click
on the start testing button, you'll find a half dozen ip addresses in
208.80.11.0/24 that have been hitting spam traps within the last seven
days. Near the bottom of the results screen, there's a link to show
you when the spam traps were hit. In this case, all 6 hit the spam
traps on Nov. 12.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Shmuel (Seymour J.) Metz

unread,
Nov 16, 2008, 7:26:18 PM11/16/08
to
In <gfkp95$vka$1...@snarked.org>, on 11/14/2008

at 07:42 PM, "D. Stussy" <sp...@bde-arc.ampr.org> said:

>I don't even see how you got pulled into this.

Try reading the record.

>It appears that you have no control over the spammer's
>operation.

That's a knee-jerk reaction.

Spamvertising: http://specials50.com/

specials50.com has address 208.77.220.220

208.77.216.0/21 is virtbiz.

>Anything in the concept of the original SPEWS is a knee-jerk reaction
>that has no credibility.

Actually, the concept of SPEWS was very good. There were some typos, but
not many.

Now, there may be some question as to whether they recheck DNS as often as
you would like, but it's clear why the original listing was added.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

Shmuel (Seymour J.) Metz

unread,
Nov 16, 2008, 8:14:17 PM11/16/08
to
In <6o5e0qF...@mid.individual.net>, on 11/14/2008

at 12:08 PM, Grant <og...@yahoo.com> said:

>And yet we are still listed here: http://www.aspews.org/?s=virtbiz

It looks as though you are listed because you hosted specials50.com.

>So my question is this: is ASPEWS just a dead list and it is not
>maintained actively? Or does whoever maintains the list just not keep
>up with listings?

No.

>Or if there is really somebody that is still running the list, then what
> in the world can be done to display to whoever that is that the network
> is clean, and request delisting?

Were I you, I'd start posting customer terminations in
news.admin.net-abuse.bulletins.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

Grant

unread,
Nov 16, 2008, 9:46:18 PM11/16/08
to
Shmuel (Seymour J.) Metz wrote:
>> It appears that you have no control over the spammer's
>> operation.
>
> That's a knee-jerk reaction.
>
> Spamvertising: http://specials50.com/
>
> specials50.com has address 208.77.220.220

Which is dead. Very dead! specials50.com (the domain) isn't even
registered anymore (looks like it was a hit & run).

At any rate, that customer was terminated LONG ago.


> Now, there may be some question as to whether they recheck DNS as often as
> you would like, but it's clear why the original listing was added.

Does it get rechecked at all? Even after prompting?

Grant T.
og...@yahoo.com
972-805-0579

Grant

unread,
Nov 17, 2008, 6:28:21 AM11/17/08
to
Shmuel (Seymour J.) Metz wrote:
> In <6o5e0qF...@mid.individual.net>, on 11/14/2008
> at 12:08 PM, Grant <og...@yahoo.com> said:
>
>> And yet we are still listed here: http://www.aspews.org/?s=virtbiz
>
> It looks as though you are listed because you hosted specials50.com.

At one time it looks like a former customers of ours did, yes. We
canceled that customer in July 2008.


>> So my question is this: is ASPEWS just a dead list and it is not
>> maintained actively? Or does whoever maintains the list just not keep
>> up with listings?
>
> No.

So there isn't anybody that keeps up with the listings. Figures.


>> Or if there is really somebody that is still running the list, then what
>> in the world can be done to display to whoever that is that the network
>> is clean, and request delisting?
>
> Were I you, I'd start posting customer terminations in
> news.admin.net-abuse.bulletins.

Well I can try that. Never seen that group. Never saw a mention of it
on the ASPEWS website either. It just mentions this one and NANAE. But
I guess it's worth a shot.

Grant T.
og...@yahoo.com
972-805-0579

MrD

unread,
Nov 17, 2008, 12:19:09 PM11/17/08
to
Grant wrote:
> Shmuel (Seymour J.) Metz wrote:
>> In <6o5e0qF...@mid.individual.net>, on 11/14/2008
>> at 12:08 PM, Grant <og...@yahoo.com> said:
>>
>>> And yet we are still listed here: http://www.aspews.org/?s=virtbiz
>>
>> It looks as though you are listed because you hosted specials50.com.
>
> At one time it looks like a former customers of ours did, yes. We
> canceled that customer in July 2008.

As long ago as 2008?

--
MrD.

Hal Murray

unread,
Nov 17, 2008, 12:18:39 PM11/17/08
to
>Does it get rechecked at all? Even after prompting?

Is ASPEWS getting updated at all? Perhaps the operators
have burned out or are taking a break.

--
These are my opinions, not necessarily my employer's. I hate spam.

Grant

unread,
Nov 17, 2008, 12:17:47 PM11/17/08
to
D. Stussy wrote:
> I don't even see how you got pulled into this. Your only association
> appears to be sharing the same 17 leading bits of the IPv4 address, but it's
> also clear that your network is a /21 and the spammer's is a non-overlapping
> /25 - so had they listed the spammer's entire network, it shouldn't have
> included you. It appears that you have no control over the spammer's
> operation.

Well, through acquisition, we have now 4 /21's. And it looks to me like
with ASPEWS we are paying for the "sins of our fathers" even though I
think we can demonstrate we run a very clean operation.

> Anything in the concept of the original SPEWS is a knee-jerk reaction that
> has no credibility. I'd ignore the problem.

Yeah, that is kind of what I am learning elsewhere I look also. But
when we get the occasional complaint from a webhosting customer that
their email was returned, or from a colo customer that their IP block is
"dirty", well, we have to respond to that!

Which is why the best thing for us would be complete removal. But if
ASPEWS is a rogue list, I'm not sure how that's going to happen. It's
frustrating.

Grant T.
og...@yahoo.com
972-805-0579

E-Mail Sent to this address will be added to the BlackLists

unread,
Nov 17, 2008, 3:35:22 PM11/17/08
to
Hal Murray wrote:
> Is ASPEWS getting updated at all?
> Perhaps the operators have burned out or are taking a break.

Shrug? (Anyone who pulls the zone file down frequently,
could likely see the diffs for themselves.)

# File generated at 20:22:4 on Wednesday, 12 November 2008, by fadmin
:127.0.0.2:Access Denied See: http://www.aspews.org/?ip=$

--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.

Shmuel (Seymour J.) Metz

unread,
Nov 18, 2008, 9:31:00 AM11/18/08
to
In <4920F6EF...@yahoo.com>, on 11/17/2008

at 11:28 AM, Grant <og...@yahoo.com> said:

>So there isn't anybody that keeps up with the listings.

Non sequitor. Maybe they have a long aging period. Maybe they have
additional data. My point was that the listing was legitimate.

>Well I can try that. Never seen that group.

It's been around a long time.

>Never saw a mention of it
>on the ASPEWS website either.

Neither have I, but monitoring it would be a reasonable thing for them to
do.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

Grant

unread,
Nov 19, 2008, 8:32:19 AM11/19/08
to
Shmuel (Seymour J.) Metz wrote:
> Were I you, I'd start posting customer terminations in
> news.admin.net-abuse.bulletins.

Well, if you've looked there lately, there really does not appear to be
*anything* going on at all. Looks like maybe all automated FAQ reposts
for the past few months. In fact, no other activity there since
sometime in December of 2007 when SORBS was posting blocklist stats.

Grant T.
og...@yahoo.com
972-805-0579

Grant

unread,
Nov 20, 2008, 6:44:57 AM11/20/08
to
Hal Murray wrote:
>> Does it get rechecked at all? Even after prompting?
>
> Is ASPEWS getting updated at all? Perhaps the operators
> have burned out or are taking a break.
>

Heh... now this is snarky. ;) Take a look here and you'll see a new
addition:
http://www.aspews.org/?ip=208.77.216.1
(The operators haven’t burned out and this site is getting updated.)

OK, so somebody's reading, but not taking action. I'd love to know why
not. The information has all been made public, the mea-culpa's issued
and anything I've posted could be easily enough verified via independent
research if that's your thing. <shrug>

We've done what is asked, and more. For instance, we have reported the
party responsible for the content listed at ROKSO, we are maintaining
active spamtraps for internal use as well as 3rd party, and we are also
donating hosting for some other anti-spam organizations. We have a
fairly direct AUP which is actively enforced. We've rejected 3 sizable
customers in the last month before move-in because they did not pass our
vetting.

By any measure, there is not a spam problem emanating from the listed
ranges.

Grant T.
og...@yahoo.com
972-805-0579

Hal Murray

unread,
Nov 20, 2008, 2:00:22 PM11/20/08
to
>> Is ASPEWS getting updated at all? Perhaps the operators
>> have burned out or are taking a break.

>Heh... now this is snarky. ;) Take a look here and you'll see a new
>addition:
>http://www.aspews.org/?ip=208.77.216.1

>(The operators havenĀt burned out and this site is getting updated.)

>OK, so somebody's reading, but not taking action. I'd love to know why
>not.

....

>By any measure, there is not a spam problem emanating from the listed
>ranges.

I don't have any inside knowledge. I see two possibilities.

ASPEWS is a bunch of assholes/kooks out to get you for some
unknown reason.

You are still doing something that annoys them, or at least
attracts their attention.

I'd bet on the latter. Maybe they don't want to tell you
the details because that will expose one (or more) of their
spamtraps.

Do any of your customers have large mailing lists? Are they truly
opt-in? Are any of your customers running web or DNS services that
spammers might be using?

Spamtraps and such can easily miss mainsleaze spammers who
are flying under the radar.

--
These are my opinions, not necessarily my employer's. I hate spam.

--

Shmuel (Seymour J.) Metz

unread,
Nov 20, 2008, 2:21:18 PM11/20/08
to
In <6oj8anF...@mid.individual.net>, on 11/20/2008

at 11:44 AM, Grant <og...@yahoo.com> said:

>OK, so somebody's reading, but not taking action. I'd love to know why
>not.

If ASPEWS is seeing the same data as David, that would explain why you're
still listed.

>The information has all been made public,

Which information?

>the mea-culpa's issued

Confession is only meaningful when the sin stops.

>We've done what is asked, and more.

Then how do you explain the UCEPROTECT data that David cited?

>By any measure, there is not a spam problem emanating from the listed
>ranges.

I wouldn't expect them to delist any ranges until you clean up your entire
network.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

E-Mail Sent to this address will be added to the BlackLists

unread,
Nov 20, 2008, 5:41:22 PM11/20/08
to
Grant wrote:
> OK, so somebody's reading, but not taking action.
> I'd love to know why not.

I see them mentioned kochracing.com,
kochracing.com , mail.kochracing.com -> 208.77.216.2

auto responder? (to spams with forged froms?)

--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.

--

Grant

unread,
Nov 22, 2008, 8:02:34 AM11/22/08
to
Shmuel (Seymour J.) Metz wrote:
> In <6oj8anF...@mid.individual.net>, on 11/20/2008
> at 11:44 AM, Grant <og...@yahoo.com> said:
>
>> OK, so somebody's reading, but not taking action. I'd love to know why
>> not.
>
> If ASPEWS is seeing the same data as David, that would explain why you're
> still listed.

Looks to me like David saw 2 IPs reported to UCEPROTECT. Which, BTW,
resulted in a termination. We have a UCEPROTECT Monitoring service
subscription that notifies upon a listing and also provides daily
reports. I show no listings, do you?

>> The information has all been made public,
>
> Which information?

See prev message re information on any spam violator being sent to
ROKSO. Also organizations that have been listed on the ASPEWS website
as having to do with us have been addressed here (this group).

>> the mea-culpa's issued
>
> Confession is only meaningful when the sin stops.

I think Ive spoken to that. If there is some issue that I didn't
address then ask me here, ask me privately or send it to the abuse desk.
My boss monitors that as well. If I don't do my job, I get held
accountable.

>> We've done what is asked, and more.
>
> Then how do you explain the UCEPROTECT data that David cited?

Asked and answered above. Not that UCEPROTECT has anything to do with
ASPEWS.

>> By any measure, there is not a spam problem emanating from the listed
>> ranges.
>
> I wouldn't expect them to delist any ranges until you clean up your entire
> network.

Neither would I. But I don't have the ability to read minds. I'm
smart but not that smart. <g> All I can do is respond to issues that
I'm made aware of.

Grant T.
og...@yahoo.com
972-805-0579

Grant

unread,
Nov 22, 2008, 3:54:12 PM11/22/08
to
E-Mail Sent to this address will be added to the BlackLists wrote:
> Grant wrote:
>> OK, so somebody's reading, but not taking action.
>> I'd love to know why not.
>
> I see them mentioned kochracing.com,
> kochracing.com , mail.kochracing.com -> 208.77.216.2
>
> auto responder? (to spams with forged froms?)

Nothing like that configured on the webservers but there are some other
possibilities, including the customer set up some sort of auto-reply
using Outlook or similar, or the person sent a legit response to a
forged/wrong address, or their PC was infected by something that used
their mail client to spew, or...

It always helps to have a header to look at. Without details I can only
guess.

Grant T.
og...@yahoo.com
972-805-0579

Grant

unread,
Nov 22, 2008, 3:53:44 PM11/22/08
to
Hal Murray wrote:
> I don't have any inside knowledge. I see two possibilities.
>
> ASPEWS is a bunch of assholes/kooks out to get you for some
> unknown reason.

I don't think they're out to get *me* or the company I work for. But
this assessment appears to be building momentum with the general public
and respected anti-spam authorities, from what I read.

> You are still doing something that annoys them, or at least
> attracts their attention.

I would agree with that statement!

> I'd bet on the latter. Maybe they don't want to tell you
> the details because that will expose one (or more) of their
> spamtraps.

Mmmm hmmm. If the goal/intent is really to curb spam, then I would
think it's worthwhile to have dialog with a provider that expresses a
legitimate intent to help reach that goal.

I get the fact that anybody who ever winds up on a list is going to
whine and demand they get removed. Some of that will wind up as chatter
and get discarded. Other requests will be legit.

Maybe there is merit to requiring some sort of "collateral" in exchange
for delisting. In the case of an ISP request, one idea would could be
to require the handing over of the spammer's details (name/contact info)
so that they can be identified when they just move on to the next
provider. Something like ROKSO.

> Do any of your customers have large mailing lists? Are they truly
> opt-in? Are any of your customers running web or DNS services that
> spammers might be using?

No, our AUP specifically prohibits any unconfirmed list activity.
Violations = termination. The webservers are swept nightly for known
vulnerable form scripts.

> Spamtraps and such can easily miss mainsleaze spammers who
> are flying under the radar.

Sure. That's where a human touch comes in. Which is really the only
thing I'm looking for on the case of http://www.aspews.org/?s=208.77.216

For example:
Received: from mx220.specials50.com
(mx220.specials50.com [208.77.220.220])
From: iMailSpecials <EasyGoog...@specials50.com>
Subject: Earn easy typing income with Google
Date: Sat, 11 Aug 2007 18:25:xx -0800 (PST)

Spamvertising: http://specials50.com/

This customer was removed from the network in July. We pulled the ARIN
SWIP and the RDNS at that time. That's easy to verify. Takes maybe a
minute. Two if you're slow.

Then they were reported to ROKSO.

If we don't run their nameservers we can't help what they publish for
their DNS, but in this particular case, I don't see that domain as an
active registration.

So here's the thing - what we have here is a legit provider wanting to
do the right thing. The network is clean. We have anti-spam policy
which is enforced. We're not showing up on other blacklists. The
issues that are reported on the ASPEWS website have been addressed.

If we were a spammer, then we'd move on to some other IP ranges and call
it a day. If we made a business of hosting spammers then we wouldn't
care about what ASPEWS (or anybody else) says because we'd only need
each customer for a month or 2 anyhow. What would we care if they get
blacklisted? If there was an ongoing problem with spam coming from the
network, then there would be ample evidence to provide.

Grant T.
og...@yahoo.com
972-805-0579

Shmuel (Seymour J.) Metz

unread,
Nov 22, 2008, 8:06:17 PM11/22/08
to
In <6oql1cF...@mid.individual.net>, on 11/22/2008

at 01:02 PM, Grant <og...@yahoo.com> said:

>See prev message re information on any spam violator being sent to
>ROKSO. Also organizations that have been listed on the ASPEWS website
>as having to do with us have been addressed here (this group).

Maybe they're concerned about information not reelected on their web site.
You need to clean up everything, not just the parts that the DNSBL
operators know about.

>I think Ive spoken to that.

You wrote about only one of the ranges that the record mentioned. Only
when called on it did you mention the other. I have to wonder whether
there's more that hasn't yet been disclosed. Further, I wouldn't consider
it reasonable for an entry to age off after only a few days.

>Asked and answered above. Not that UCEPROTECT has anything to do with
>ASPEWS.

If you're hitting spam traps on one then it's reasonable to suspect that
you're hitting spam traps on the other.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

Grant

unread,
Nov 22, 2008, 8:42:21 PM11/22/08
to
Shmuel (Seymour J.) Metz wrote:
> You wrote about only one of the ranges that the record mentioned. Only
> when called on it did you mention the other. I have to wonder whether
> there's more that hasn't yet been disclosed. Further, I wouldn't consider
> it reasonable for an entry to age off after only a few days.

I wasn't provided anything else. I thought I went on long enough to
annoy everybody as it were!

But you do seem to speak with some authority on how the particular list
works. Maybe I've got the right guy here to help!

Grant T.
og...@yahoo.com
972-805-0579

Shmuel (Seymour J.) Metz

unread,
Nov 24, 2008, 2:51:43 AM11/24/08
to
In <6oqka8F...@mid.individual.net>, on 11/22/2008

at 08:53 PM, Grant <og...@yahoo.com> said:

>Mmmm hmmm. If the goal/intent is really to curb spam, then I would
>think it's worthwhile to have dialog with a provider that expresses a
>legitimate intent to help reach that goal.

There are four radically different types of mainstream DNSBL's.

1. Pinpoint spam sources. The DNSBL lists IP addresses that have
recently emitted spam.

2. Early warning systems. The DNSBL lists IP blocks[1] that are more
likely to emit spam, based on the data held by the operator. For
such lists it is appropriate to impose a delisting delay to ensure
that the problem won't recur.

3. Cost reshifting[2]. The DNSBL operators list IP blocks owned by
abusive or negligent networks. Widespread use of the DNSBL
provides an economic incentive to clean up.

4. Informational. The DNS server doesn't report on the spaminess of
a resource but rather on data that others might use to enforce
policies, e.g., geography.

Only for type 3 is a dialog likely to be helpful, and even there it might
be counterproductive. Google for "whack-a-mole" and "gaming the system".
Also note that some of the lists are anonymous as a response to the
vexatious litigation that spammers have filed in the past.

>I get the fact that anybody who ever winds up on a list is going to
>whine and demand they get removed.

Worse, some whine and demand to be removed from lists that they aren't
even on ;-)


In <6os183F...@mid.individual.net>, on 11/23/2008


at 01:42 AM, Grant <og...@yahoo.com> said:

>I wasn't provided anything else.

It was in the record on their web site.

>But you do seem to speak with some authority on how the particular list
>works.

Not really, it's just that I've been around long enough to know what some
of the issues were that led to such lists, and that other posters provided
relevant data.

>Maybe I've got the right guy here to help!

I can give general advice[3] on how to not be listed, but nothing specific
to ASPEWS. Note that the reference to SPEWS in my sig does not represent
an actual affiliation but rather a wild claim[4] by a troll and that
ASPEWS is not SPEWS.

In general, assume that the evidence published by a DNSBL is intended to
be a representative sample and that it will withhold data in order to
protect its sources or to avoid gaming the system ("whack-a-mole").
Provide your own spam traps. Monitor your network proactively. Have strong
AUP and TOS, including significant penalties for noncompliance. Do not
filter abuse, postmaster or security mail boxes; expect legitimate
complaints to include spam, viruses and worms both inline and as
attachments. Require new customers to disclose any accounts that have been
terminated, and publish notices for accounts that you terminate. Require
random audits of mailing lists for confirmed opt-in, and specify in the
TOS that the inability to document confirmation is presumptive evidence
that the address was unauthorized.

[1] Listing an ASN is equivalent in this context.

[2] At least one major DNSBL advertised as listing spam sources has
sometimes listed corporate servers in order to apply pressure.

[3] Some of which others have already given you.

[4] Intended as an insult but taken as a badge of honor.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

Grant

unread,
Nov 25, 2008, 6:21:17 AM11/25/08
to
I have taken the time to look at each posting on the ASPEWS website
here: http://www.aspews.org/?s=virtbiz

Since specific IP information was not provided, I went through the
process of checking WHOIS and determining where the domains were located.

What follows is a complete accounting of each listing that was provided
by ASPEWS. I have broken up the listings by customer/incident.

In this case, I could find that there were 3 apparent customers that had
incidents leading to a listing, and 3 listings that had no verifiable
connection to any of our IP ranges. For the listings that could be
attributed to our ranges, I have provided the explanation of action taken.

My hope here is that the ASPEWS operator will be able to review this
information, and understanding that the operator will not post or
correspond directly, perhaps a modification of the entry on the ASPEWS
website can be made that will somehow acknowledge the information I am
providing.

Note that when we terminate a user/customer for a willful spam offense,
that customer's contact information (company name, contact name,
physical address, email address, phone number and tax ID if available)
are forwarded to ROKSO. I've been instructed against providing all of
that information here, but I am able to provide the company / contact
information below in the case of termination.

====================================================================


Received: from mx220.specials50.com
(mx220.specials50.com [208.77.220.220])
From: iMailSpecials <EasyGoog...@specials50.com>
Subject: Earn easy typing income with Google
Date: Sat, 11 Aug 2007 18:25:xx -0800 (PST)

No match for domain "SPECIALS50.COM".
>>> Last update of whois database: Mon, 24 Nov 2008 17:44:53 EST <<<

however, based on information already posted, domain was formerly at
208.77.220.220
member of 208.77.220.128/25

customer terminated 7/31/2008

Restoration Media, Inc.
Nicholas Pardon
Tustin CA

====================================================================

#165577 Subject: Thanks for your email
Date: Fri, 11 Jul 2008 10:22:05 -0500
From: Trish Koch <trish...@kochracing.com>

Current web-hosting customer on shared hosting system. Customer
apparently had an auto-reply configured on PC.

Customer instructed not to run auto-reply

====================================================================

#165575 Subject: Say YES to a New You
Date: Fri, 11 Jul 2008 06:03:23 CST
From: Health News <healt...@westspecials.com>

#165576 Subject: Get your recession solution now
Date: Fri, 11 Jul 2008 07:03:09 CST
From: Debtco Debt Solutions <debtcodeb...@monthtravelmail.com>

#165579 Subject: Platinum Credit Line approval enclosed.
Date: Fri, 11 Jul 2008 12:52:13 CST
From: Platinum Plus <platin...@westspecials.com>

#165580 Subject: High definition sunglasses that fit over your
prescription glasses
Date: Fri, 11 Jul 2008 12:52:13 CST
From: HD Vision WrapArounds <hdvisionw...@westspecials.com>

#165581 Subject: A whiter smile is just a click away!
Date: Fri, 11 Jul 2008 12:52:13 CST
From: Tooth Whitening Kits <toothwhit...@monthtravelmail.com>

#165620 Subject: Usted decir ”Caramba” con cada ShamWow!
Date: Mon, 14 Jul 2008 09:00:xx CST
From: “Magic Sr. Shammy” <magics...@nowitcame.com>

#165621 Subject: High definition sunglasses that fit over your
prescription glasses
Date: Mon, 14 Jul 2008 12:53:xx CST
From: HD Vision WrapArounds <hdvisionw...@nowitcame.com>

#165622 Subject: Our Proven Income Plan has helped thousands quit their
jobs…
Date: Mon, 14 Jul 2008 12:53:xx CST
From: therichboyonline <therichb...@nowitcame.com>

Name Server: NS1.FASTHELLO.COM
Name Server: NS2.FASTHELLO.COM

NS1.FASTHELLO.COM has address 208.80.9.3
member of 208.80.9.0/25

customer terminated 9/23/2008

EmoryDay, LLC.
Joseph Japp
Odenton MD

===================================================================

#165578 Subject: =?x-unknown?B?p9azdKfvwMmmV6R1qOM=?= CKRename 1.08
=?x-unknown?B?pKSk5aqpLXVz?=
Date: Sat, 12 Jul 2008 13:21:51 -0400
From: kayshou <pan...@ms82.hinet.net>

can find no connection to VIRTBIZ IP ranges using supplied information
could be erroneous listing?

====================================================================

#165623 Subject: Response awaited: APL India Customer Satisfaction
Survey - Invitation from President, South Asia
Date: Tue, 15 Jul 2008 01:15:xx -0500
From: aplindi...@apl.com

can find no connection to VIRTBIZ IP ranges using supplied information
could be erroneous listing?

====================================================================

#165624 Subject: Forward:Re-order memo-re minder for 40 mg (generic) -
90 Tabs
Date: Tue, 15 Jul 2008 04:31:xx -0400
From: ch.adwick...@netord-ygi-ersys.net

can find no connection to VIRTBIZ IP ranges using supplied information
could be erroneous listing?

====================================================================

Comments / feedback welcome...

Grant T.
og...@yahoo.com
972-805-0579


======================================= MODERATOR'S COMMENT:

I'm going to approve this, despite the fact it looks suspiciously like
a delisting request, because it's part of an on-going thread and because
it's both informative and instructional. But the poster is pushing his
luck with this one.

Grant

unread,
Nov 26, 2008, 11:58:18 AM11/26/08
to
Shmuel (Seymour J.) Metz wrote:
<lotsa stuff!>

Thanks for the info. Lots of good stuff there so I appreciate the time
you took to formulate your advice/answers.

I have spent some time reviewing and have given some responses /
follow-ups I hope you'll have a minute for.

> In <6oqka8F...@mid.individual.net>, on 11/22/2008
> at 08:53 PM, Grant <og...@yahoo.com> said:
>
>> Mmmm hmmm. If the goal/intent is really to curb spam, then I would
>> think it's worthwhile to have dialog with a provider that expresses a
>> legitimate intent to help reach that goal.
>
> There are four radically different types of mainstream DNSBL's.
>
> 1. Pinpoint spam sources. The DNSBL lists IP addresses that have
> recently emitted spam.
>
> 2. Early warning systems. The DNSBL lists IP blocks[1] that are more
> likely to emit spam, based on the data held by the operator. For
> such lists it is appropriate to impose a delisting delay to ensure
> that the problem won't recur.
>
> 3. Cost reshifting[2]. The DNSBL operators list IP blocks owned by
> abusive or negligent networks. Widespread use of the DNSBL
> provides an economic incentive to clean up.
>
> 4. Informational. The DNS server doesn't report on the spaminess of
> a resource but rather on data that others might use to enforce
> policies, e.g., geography.
>
> Only for type 3 is a dialog likely to be helpful, and even there it might
> be counterproductive. Google for "whack-a-mole" and "gaming the system".
> Also note that some of the lists are anonymous as a response to the
> vexatious litigation that spammers have filed in the past.

In your viewpoint, which category would ASPEWS fit into? I'm leaning
#1. In which case, I would suspect there is a timing threshold after
which a listing would "fall off" or otherwise be considered for removal
by an automated or human process?

Or would you say #3 because the idea is to list and then put the onus on
the listed provider to get de-listed? That seems to fit, also, but w/
ASPEWS, it does not seem possible to de-list.


>> I get the fact that anybody who ever winds up on a list is going to
>> whine and demand they get removed.
>
> Worse, some whine and demand to be removed from lists that they aren't
> even on ;-)

Heh...


> In <6os183F...@mid.individual.net>, on 11/23/2008
> at 01:42 AM, Grant <og...@yahoo.com> said:
>
>> I wasn't provided anything else.
>
> It was in the record on their web site.

Yes and no. Maybe I'm overlooking it, but I wasn't able to find headers
or any other evidence pointing to a source outside those that I've
spoken to. Have I missed something?


>> Maybe I've got the right guy here to help!
>
> I can give general advice[3] on how to not be listed, but nothing specific
> to ASPEWS. Note that the reference to SPEWS in my sig does not represent
> an actual affiliation but rather a wild claim[4] by a troll and that
> ASPEWS is not SPEWS.

Understood and understood. And... just for the record my intent wasn't
to insult. I'm actually appreciative of help.


> In general, assume that the evidence published by a DNSBL is intended to
> be a representative sample and that it will withhold data in order to
> protect its sources or to avoid gaming the system ("whack-a-mole").
> Provide your own spam traps. Monitor your network proactively. Have strong
> AUP and TOS, including significant penalties for noncompliance. Do not
> filter abuse, postmaster or security mail boxes; expect legitimate
> complaints to include spam, viruses and worms both inline and as
> attachments. Require new customers to disclose any accounts that have been
> terminated, and publish notices for accounts that you terminate. Require
> random audits of mailing lists for confirmed opt-in, and specify in the
> TOS that the inability to document confirmation is presumptive evidence
> that the address was unauthorized.

I'm not arguing what you say. It's all valid. And we are actually
already on top of 98% of what you say (we've never published
terminations on our own site, but we do fw to ROKSO, and we've never
required a "letter of recommendation" from a previous provider).
BUT... a couple real-world issues to throw out:

1) It's much harder to "prove a negative". ie: "I will prove I am not a
spammer, here is my evidence" is going to be a tough one. As far as my
specific case goes, I can give all sorts of information about the
company, what we do, who our typical customer is, blah blah blah. I
could provide evidence to suggest we're a legit company not interested
in spamming. I can point you to our AUP and TOS that are published on
our website. I could provide you with examples of customers that we've
shut down for violation of those policies, and in one case confiscated a
good deal of equipment.

But whereas ASPEWS can provide evidence as to where we have had
incidents of problems, there's little that we can do to provide evidence
that now there are none.

2) Bad guys lie. Your suggestions above are valid, but I can name 2
specific cases that I know we have encountered where a customer signed
up using a new company name and different contact info. We do research
our dedicated & colo customers before activating them. In some cases we
tell them thanks but no thanks. But these 2, even though we made our
best effort to check them out, they tricked us. One of those was the
colo customer I spoke about where we confiscated their gear.

So all the time, the game changes. Sometimes we're going to get tricked
because the bad guy will find a way around the system. And whenever
that happens, we learn a lesson and get a little smarter.

Grant T.
og...@yahoo.com
972-805-0579

E-Mail Sent to this address will be added to the BlackLists

unread,
Nov 26, 2008, 1:16:23 PM11/26/08
to
Grant wrote:
> Shmuel (Seymour J.) Metz wrote:
>> There are four radically different types of mainstream DNSBL's.
>>
>> 1. Pinpoint spam sources. The DNSBL lists IP addresses that have
>> recently emitted spam.
>>
>> 2. Early warning systems. The DNSBL lists IP blocks[1] that are more
>> likely to emit spam, based on the data held by the operator. For
>> such lists it is appropriate to impose a delisting delay to ensure
>> that the problem won't recur.
>>
>> 3. Cost reshifting[2]. The DNSBL operators list IP blocks owned by
>> abusive or negligent networks. Widespread use of the DNSBL
>> provides an economic incentive to clean up.
>>
>> 4. Informational. The DNS server doesn't report on the spaminess of
>> a resource but rather on data that others might use to enforce
>> policies, e.g., geography.
>>
>> Only for type 3 is a dialog likely to be helpful, and even there it might
>> be counterproductive. Google for "whack-a-mole" and "gaming the system".
>> Also note that some of the lists are anonymous as a response to the
>> vexatious litigation that spammers have filed in the past.
>
> In your viewpoint, which category would ASPEWS fit into?

What does ASPEWS stand for again? (That should give a few clues.)

In the case of ASPEWS I'd guess the intent was likely cat 2 and cat 3;
{Although I'm not certain we've (tinw) seen any evidence of ASPEWS
being effective as cat 3.}

e.g. SpamCop is more of a cat 1 and cat 2.

Cat 4s are things like,
ASN DNSbls e.g. 220.220.77.208.AS40395.ascc.dnsbl.bit.nl
CountryCode DNSbl e.g. 220.220.77.208.us.countries.nerd.dk

Spamhaus PBL is sort of a cat 4,
(being IPs that aren't supposed to be sending SMTP messages)
{Although there is a bit more detail to their definition}.


Abusable services didn't seem to fit well into the above categories,
although most would fall into cat 3 I guess.

--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.

Shmuel (Seymour J.) Metz

unread,
Dec 2, 2008, 2:06:38 PM12/2/08
to
In <6ovsucF...@mid.individual.net>, on 11/26/2008

at 04:58 PM, Grant <og...@yahoo.com> said:

>In your viewpoint, which category would ASPEWS fit into?

>From their web site, early warning. That would imply reducing the FN
rating at the possible expense of the FP rating.

>In which case, I would suspect there is a timing threshold after which
>a listing would "fall off" or otherwise be considered for removal by an
>automated or human process?

There probably is, but for an EWS such a timeoput would be longer than for
a pinpoint system.

>Or would you say #3

Are they listing corporate servers, spamvertised web sites or other
resources not directly involved in sending the actual spam? If not, not.
If so, then possibly. Note that I'm *not* talking about simply escalating
a listing to an entire IP block or ASN, but to singling out those
resources.

>but w/ ASPEWS, it does not seem possible to de-list.

Again suggesting that it is an EWS rather than cost reshifting. he lack of
feedback is almost certainly blowback from the fraudulent litigation
against SPEWS and those accused[1] of being behind it.

>Yes and no. Maybe I'm overlooking it, but I wasn't able to find headers
> or any other evidence pointing to a source outside those that I've
>spoken to.

Unless I'm confusing you with another poster, the record mentioned two IP
blocks and you originally posted as though it mentioned only one.

>1) It's much harder to "prove a negative". ie: "I will prove I am not a
> spammer, here is my evidence" is going to be a tough one.

The solution is to write your TOS in such a way as to put the burden of
proof on them. The question is not "Are you a spammer" but rather "Can you
prove consent?" and "Have you ever been terminated." As for proving to a
DNSBL that you are not a spammer, there is no "one size fits all"; each
has its own criteria, and at best I can give you an outsider's view of
what some of them are.

>I can point you to our AUP and TOS that are published on
>our website.

I would expect the DNSBL operators to be more impressed by what you do
than by what you say. Google for "pink contract" as an example of the
problem. Which is not to say that you are dishonest, only that dishonest
people have poisoned the well and even the innocent must face increased
suspicion.

>I could provide you with examples of customers that we've
>shut down for violation of those policies, and in one case confiscated a
> good deal of equipment.

I don't know whether it would affect the ASPEWS listing, but I'm confident
that it would help with at least some lists.

[1] Without a shred of evidence, or even plausibility.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

0 new messages