Again: SPEWS: S2940 - RIPE Data old
Dirk
we are still listed for no reason. We were asked to wait for a couple
of weeks - we did - nothing changed. We are a new hoster - compare the
whois data for the ip - and we do not spam.
whois 217.175.230.168
inetnum: 217.175.230.160 - 217.175.230.175
netname: DIMA-CONSULTING-NET
descr: Dima Consulting GmbH
descr: Maintaler Str. 20, 63452 Hanau, Germany
descr: Housing/Colocation Frankfurt
country: DE
admin-c: DS3002-RIPE
tech-c: DS3002-RIPE
tech-c: FHA9-RIPE
status: ASSIGNED PA
mnt-by: SSERV-NET
source: RIPE # Filtered
Please remove us !
Regards
Dirk
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
ru.ig...@usask.ca
> we are still listed for no reason. We were asked to wait for a couple
> of weeks - we did - nothing changed. We are a new hoster - compare the
> whois data for the ip - and we do not spam.
> whois 217.175.230.168
According to SPEWS, that IP (and your IP range) is within a level 2
listing.
2, 217.175.229.0 - 217.175.237.255, Christian Ferencz / maintrade.com/europeserver.de
See that leading "2,"? That's often used only for probationary (watchlist)
purposes, and so you should not be experiencing that much difficulty with
mail transport.
Now, the next thing I write is pure speculation. I'm not sure how
this would work, but I noticed that your backbone is "owned" by
Tiscali. The next line down suggests this might be the case:
0, 81.3.3.0 - 81.3.3.15, Server-Service GmbH via Tiscali (CHRISTIAN-FERENCZ-NET) (may have to add)
0, 81.3.0.0/19, Server-Service GmbH via Tiscali (CHRISTIAN-FERENCZ-NET) (may have to add)
I'm not sure of this, but I was under the impression that
Tiscali has a bad reputation for spam-cluelessness/support at
the user end of their operations. Given that the listed spam
supporter's registration hasn't changed yet the SPEWS listing
has expanded beyond that, I have to wonder if SPEWS either
goofed and overexpanded OR if they are taking the expansion
up to tiscali. If it's the latter, they normally would have
listed tiscali, so I question that. Oh, it's also possible
they got spam from within the expanded range and goofed by
failing to acknowledge/recognize the different spam supporter.
I'm not sure what you are expected to do. If SPEWS changes that level 2
listing to indicate tiscali is involved, then I would complain to
your backbone provider (tiscali) and ask them what they can do about
getting rid of a reputed spam support operation (217.175.233.128-255)
in your network neighborhood. You might also consider looking for
a different backbone provider? I'm just tossing idle thoughts around.
ru
--
I am not SPEWS.
Steve Baker
<nospam_to...@dima-consulting.de> wrote:
>Hi Group,
>
>we are still listed for no reason. We were asked to wait for a couple
>of weeks - we did - nothing changed. We are a new hoster - compare the
>whois data for the ip - and we do not spam.
>
>whois 217.175.230.168
>
>inetnum: 217.175.230.160 - 217.175.230.175
>netname: DIMA-CONSULTING-NET
The problem is that the SPEWS lising isn't about you, it's about your
IP address neighbors. Here's the relevant SPEWS info:
2, 217.175.233.194, Christian Ferencz / maintrade.com/europeserver.de
(ns2.nsroot.biz) (dead)
1, 217.175.233.174, Christian Ferencz / maintrade.com/europeserver.de
(mail.4casinoplayers.com)
1, 217.175.233.128 - 217.175.233.255, Christian Ferencz /
maintrade.com/europeserver.de
2, 217.175.229.0 - 217.175.237.255, Christian Ferencz /
maintrade.com/europeserver.de
Your address range is in an "escalated" listing that is consistent with
the SPEWS policy of listing spam friendly ISPs, not just spammers. If you
can show that the problem addresses in the 217.175.233.x range have
nothing to do with your addresses in the 217.175.230.x range, SPEWS would
reconsider. But I don't like your chances, because it seems that you're
in a Tiscali /19 that includes the problem addresses along with your's.
Your problem seems to ultimately be that Tiscali tolerates spammers,
which has caused your IP addresses to become tainted.
I agree, it ain't fair... to you... but ISPs that allow spambags to
operate on their networks should be shunned. Folks who think otherwise
are free to not use SPEWS.
Steve Baker
E-Mail Sent to this address will be added to the BlackLists
> Now, the next thing I write is pure speculation. I'm not sure how
> this would work, but I noticed that your backbone is "owned" by
> Tiscali. The next line down suggests this might be the case:
>
> 0, 81.3.3.0 - 81.3.3.15, Server-Service GmbH via Tiscali (CHRISTIAN-FERENCZ-NET) (may have to add)
> 0, 81.3.0.0/19, Server-Service GmbH via Tiscali (CHRISTIAN-FERENCZ-NET) (may have to add)
>
> I'm not sure of this, but I was under the impression that
> Tiscali has a bad reputation for spam-cluelessness/support at
I still can't tell all the supposedly unrelated,
and related parts of Tiscali apart.
> the user end of their operations. Given that the listed spam
> supporter's registration hasn't changed yet the SPEWS listing
> has expanded beyond that, I have to wonder if SPEWS either
> goofed and overexpanded OR if they are taking the expansion
> up to tiscali. If it's the latter, they normally would have
> listed tiscali, so I question that. Oh, it's also possible
> they got spam from within the expanded range and goofed by
> failing to acknowledge/recognize the different spam supporter.
>
> I'm not sure what you are expected to do. If SPEWS changes that level 2
> listing to indicate tiscali is involved, then I would complain to
> your backbone provider (tiscali) and ask them what they can do about
> getting rid of a reputed spam support operation (217.175.233.128-255)
> in your network neighborhood. You might also consider looking for
> a different backbone provider? I'm just tossing idle thoughts around.
If you look farther down http://spews.org/html/S2940.html
you will see,
route: 217.175.224.0/19
descr: Server-Service via Tiscali
origin: AS12312
mnt-by: TISCALI-ROUTE
changed: dennis.ku...@de.tiscali.com 20011210
source: RIPE
So, that may be the case (that SPEWS was/is escelating to the AS).
route: 217.175.224.0/19 Covering Aggregate
descr: Server-Service via Tiscali
Current-Status: Announced
First-Seen: 0800h 02 Oct 2001 UTC
Last-Seen: Current, 1900h 10 Jan 2006 UTC
Origin_AS: 12312 TISCALI-DE Tiscali Business GmbH
First_Hop_AS: 3257 TISCALI-BACKBONE Tiscali Intl Network
mnt-by: TISCALI-ROUTE
changed: dennis.ku...@de.tiscali.com 20011210
source: RIPE
--
E-Mail Sent to this address <Blac...@Griffin-Technologies.net>
will be added to the BlackLists.
Dirk
unfortunately tiscali is one of the major european isp´s.
They have over 7 million customers. We do only have one Rack in that
location.
We moved there three years ago and got a new ip-range. This is a normal
action in internet business.
Now we are blocked for thing that happend before we had that IP Adress.
Beeing blocked for no reason with no escape is quite frustrating.
Regards
Dirk
E-Mail Sent to this address will be added to the BlackLists
> unfortunately tiscali is one of the major european ispæ„€.
> They have over 7 million customers.
... and larger ISPs that have more abuse problems,
and not doing enough about it, are even more widely
blacklisted (e.g. Comcast, AT&T/SBC/...babybells/Yahoo).
> We do only have one Rack in that location.
Location does not matter as much as who you get
your IP addresses from and who your upstream is.
(If at your location, there is only once source
for IP reassignments, and only one source of
routing, then I guess you might have a problem.)
{It appears you have a direct allocation from ripe,
and only have routing from the ISP with a history
of abuse, have you considered getting your own AS?}
> We moved there three years ago and got a new ip-range.
> This is a normal action in internet business.
Blocking e-mail or all packets from ISPs that are
sources of abuse is a normal action in internet
business too.
> Now we are blocked for thing that happened before
> we had that IP Address.
That may be correct, that ISP has a history of abuse,
even if that had zero abuse related to their network
at this time, I'm sure it would take years before they
managed to get all of their IPs out of all of the BlackLists.
> Beeing blocked for no reason with no escape is quite frustrating.
It is with reason, that ISP has a history of abuse related
to their network, letting the abuse exist long enough,
that outsiders do things like reject e-mail, or null route
packets from that network.
Current abuse related to that ISP:
http://groups.google.com/groups?as_q=tiscali&scoring=d&as_ugroup=*sightings*
http://www.spamhaus.org/sbl/listings.lasso?isp=tiscali.de
The fact, that I (and I suspect many others) can't
tell all the flavors of Tiscali apart (merges, splits,
buyouts, ...) is also a liability for them.
If SPEWS has NOT intentionally escalated / expanded the
listing to the AS, those IPs may get delisted, when
SPEWS happen to notice.
If SPEWS HAS intentionally escalated / expanded the
listing to the AS, those IPs are not likely to get out
of the listing, until you change the immediate upstream
who announces your routes (perhaps get your own AS).
--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.
--
Morely Dotes
news:1139497003.3...@z14g2000cwz.googlegroups.com:
> Thanks for the feedback.
>
> unfortunately tiscali is one of the major european ispæ„€.
I agree, that is unfortunate.
> They have over 7 million customers.
Apprently, about 6 million of those are spamemrs, either deliberate, or
zombies. Tiscali has stubbornly refused to do anything to correct that.
> We do only have one Rack in that location.
> We moved there three years ago and got a new ip-range. This is a normal
> action in internet business.
This is true.
> Now we are blocked for thing that happend before we had that IP Adress.
This is NOT true. *Tiscali* is being blocked for both previous *and*
ongoing problems, primarily the lack of action taken on abuse reports.
> Beeing blocked for no reason with no escape is quite frustrating.
I'm sure it's frustrating, but it's not for no reason; it's a direct result
of choosing Tiscali as your provider.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
Soldering irons are known to be unpleasantly hot at the tip.
ph...@ipal.net
| unfortunately tiscali is one of the major european isp?s.
| They have over 7 million customers. We do only have one Rack in that
| location.
That is likely to explain why their executive management thinks they
are exempted from the standards of the internet. But many hundreds,
perhaps thousands, of networks (probably all with fewer than 7 million
customers) do not consider Tiscali to even be part of the internet
community at all.
| We moved there three years ago and got a new ip-range. This is a normal
| action in internet business.
I would not say normal. That it is a common action seems obvious.
But it's certainly not a wise action.
Would you jump off a cliff if everyone else was jumping off?
Just because the masses are not making a wise decision about which
internet provider to use, that does not mean you should skip the step
of figuring out which is better. Had you done the necessary research,
you would have concluded that Tiscali is a large network NOT because
of operating a network properly, but rather, is a large network because
of marketing it to people that don't make wise decisions.
| Now we are blocked for thing that happend before we had that IP Adress.
|
| Beeing blocked for no reason with no escape is quite frustrating.
We have no escape from all the spam Tiscali bombards us with.
At least you have an escape ... you can escape Tiscali to another ISP.
It is THAT simple.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
Dirk
You really think I am going to move a hole Rack with about 15Servers
(not all in the same IP range) to a new location. The location ist
connected to the largest Backbone in Germany the DECIX in Frankfurt.
The infrastructure is perfect and the location is about 15 Minutes from
our office - open 24/7. Since we moved there we had 1 Hour downtime due
to problems with the emergency power system. It would cost us
approximately 50.000 - 60.000 thousand Euro to move the Infrastructure
to a different location. And I am not yet talking about the risks.
Basically it is not possible for us to change the location.
So we will stay listed for the rest of our life. The result of this
behaviour is that we have to contact the providers using SPEWS to
whitelist us.
If they dont they will get problems with their custormers for blocking
legitimate emails from their business partners.
As we are not listed anywhere else the arguments are on our side. If
you plan to block all large IPs and Datacenters - get lucky doing so.
This is not what I planned to do but there seems to be no other way
from my point of view.
I am sad about this because we are fighting on the same side.
Kind regards
Dirk Schultze
Mike Andrews
> I understand.
> You really think I am going to move a hole Rack with about 15Servers
> (not all in the same IP range) to a new location. The location ist
> connected to the largest Backbone in Germany the DECIX in Frankfurt.
> The infrastructure is perfect and the location is about 15 Minutes from
> our office - open 24/7. Since we moved there we had 1 Hour downtime due
> to problems with the emergency power system. It would cost us
> approximately 50.000 - 60.000 thousand Euro to move the Infrastructure
> to a different location. And I am not yet talking about the risks.
> Basically it is not possible for us to change the location.
> So we will stay listed for the rest of our life. The result of this
> behaviour is that we have to contact the providers using SPEWS to
> whitelist us.
Probably a good idea, but they're not obliged to comply with your
request. I don't see any probability that a reasonable provider
will whitelist anyone at all in Tiscali IP space until Tiscali makes
some fairly sizable changes in behavior.
> If they dont they will get problems with their custormers for blocking
> legitimate emails from their business partners.
I doubt that they will have any problems with their customers as a
result of keeping mail from a spam-friendly ISP's IP space out of
the customers' mailboxes.
> As we are not listed anywhere else the arguments are on our side. If
> you plan to block all large IPs and Datacenters - get lucky doing so.
Certainly I at home, and my employer at work, are entitled by _our_
law to filter as we see fit in order to keep unwanted packets out of
our networks, servers, and user mailboxes. Of course that's USA law,
and folks in other countries will have to work within different bodies
of law.
But consider this: Tiscali certainly is in lots of _private_ lists.
At least some of those lists are "fire-and-forget", and Tiscali will
be there forever.
--
Mike Andrews, W5EGO
mi...@mikea.ath.cx
Tired old sysadmin
BJ in Texas
||
|| This is not what I planned to do but there seems to be no
|| other way from my point of view.
|| I am sad about this because we are fighting on the same side.
||
Same side? You made a bad business decision with
50 to 60 thousand Euro and now you are asking the
rest of the world to live with it. Don't think so.
BJ
--
"Perfection [in design] is achieved not when there is nothing
left to add, but rather when there is nothing left to take
away." -- Antoine de Saint-Exupery
Dirk
I just wanted to add that it is about the whole IP Range:
>2, 217.175.229.0 - 217.175.237.255, Christian Ferencz / maintrade.com/europeserver.de
You are blocking over 2000 IP Adresses for an Incident that happend
many years ago.
Kind regards
Dirk
phil-new...@ipal.net
| I understand.
|
| You really think I am going to move a hole Rack with about 15Servers
| (not all in the same IP range) to a new location. The location ist
| connected to the largest Backbone in Germany the DECIX in Frankfurt.
| The infrastructure is perfect and the location is about 15 Minutes from
| our office - open 24/7. Since we moved there we had 1 Hour downtime due
| to problems with the emergency power system. It would cost us
| approximately 50.000 - 60.000 thousand Euro to move the Infrastructure
| to a different location. And I am not yet talking about the risks.
| Basically it is not possible for us to change the location.
Would you have put them where they are now had you known the problems
beforehand?
How much of this infrastructure is needed to actually send email? That
part is all you really need to "move" ... or add on ... at another place.
Another possible option is to bring an external phone line in to the
colocation facility and connect that to another ISP. It needs just
enough bandwidth to handle your outbound email traffic.
| So we will stay listed for the rest of our life. The result of this
| behaviour is that we have to contact the providers using SPEWS to
| whitelist us.
So basically you have sold your soul to the devil?
What leverage do you have if your ISP screws you?
Oh wait, they have already.
You really got yourself in a bad position if you are stuck with one ISP
for the rest of your life.
| If they dont they will get problems with their custormers for blocking
| legitimate emails from their business partners.
You might convince some. You might not convince others. Your biggest
problem is the scale of how many networks are using SPEWS. But you can
narrow this down to the ones your mail server logs as refusing for now.
| As we are not listed anywhere else the arguments are on our side. If
| you plan to block all large IPs and Datacenters - get lucky doing so.
Some will accept that argument and others will not. We do NOT whitelist
any networks unless OUR customers ask for it. You might find many networks
operate that way.
| This is not what I planned to do but there seems to be no other way
| from my point of view.
| I am sad about this because we are fighting on the same side.
Not exactly. Our fight includes motivating ISPs to stop hosting spammers.
What have _you_ done that creates motivation for your ISP to stop hosting
spammers?
Fortunately not all customers of bad ISPs have got themselves painted into
a corner. Quite many do move on. Many ISPs have done a "180" on policy as
a result of that (or more accurately, as a result of the shrinking bottom
line that results from it). Not every ISP has done so, but the fight has
just begun with respect to the larger ones.
We don't want a world where the larger ISPs have some special privilege
to remain peered with other mail servers while they are abusing them.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
--
Martijn Lievaart
> Hi again,
>
> I just wanted to add that it is about the whole IP Range:
>
>>2, 217.175.229.0 - 217.175.237.255, Christian Ferencz / maintrade.com/europeserver.de
>
> You are blocking over 2000 IP Adresses for an Incident that happend
> many years ago.
Note the 2 in front. It means either de-escalation or escalation in the
future. Any sane admin does not block on a level 2 spews listing. If
someone does, than they really made a concious desicion not to accept
your email. Take it up with them, I'ld say.
M4
Morely Dotes
news:1139578297.5...@g47g2000cwa.googlegroups.com:
> Hi again,
>
> I just wanted to add that it is about the whole IP Range:
>
>>2, 217.175.229.0 - 217.175.237.255, Christian Ferencz /
>>maintrade.com/europeserver.de
That's a Level 2 listing, you know.
> You are blocking over 2000 IP Adresses for an Incident that happend
> many years ago.
Dirk, I can't speak for SPEWS nor anyone else, but *I* am blocking Tiscali
for ongoing spam incidents. According to Google, there have been 889
reported spam incidents in news.admin.net-abuse.sightings that involved
Tiscali during the past 3 months. Since fewer than 1 in 100,000 spam
victims bother to report those sightings, it is reasonable to believe that
there have been at least 88,900,000 email accounts victimized by Tiscali
spammers in that time period. Tiscali *DOE* *NOT* take action when abuse
reports are sent to them; ergo, there is no good reason to accept email
from Tiscali.
And *THAT* is why Tiscali is blocked. Not just 2000 IP addresses; every
part of Tiscali that ever sends spam to my customers is blocked upon
detection.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
Soldering irons are known to be unpleasantly hot at the tip.
--
Just Another UBE Reporter
> many years ago.
>
> Kind regards
> Dirk
>
Two thoughts come to mind here, Dirk.
First, Tiscali has a reputation for sending alot of spam with very
little, if any, noticeable action. From my own personal standpoint, only
UK Tiscali appears to have done anything to lessen the spam flow. All
other Tiscali units send me nothing but spam.
Second, my personal email filter list currently blocks 200/7, and 219/6
from my domain inbox because all I receive from those ranges is nothing
but spam e-mails. Now, if by some chance I start to get false positives
fromthose ranges, I will start to whitelist on an as-needed basis. But
until then, I see no need to adjust my current policies.
I'd also like to add that I do not use SPEWS or any other commerical
blocklists (unless my ISP uses them to tag e-mail as bulk), but I do
understand why people would use them as a way to combat the contant
inflow of spam.
Stephen Satchell
> I understand.
>
> You really think I am going to move a hole Rack with about 15Servers
> (not all in the same IP range) to a new location. The location ist
> connected to the largest Backbone in Germany the DECIX in Frankfurt.
> The infrastructure is perfect and the location is about 15 Minutes from
> our office - open 24/7. Since we moved there we had 1 Hour downtime due
> to problems with the emergency power system. It would cost us
> approximately 50.000 - 60.000 thousand Euro to move the Infrastructure
> to a different location. And I am not yet talking about the risks.
> Basically it is not possible for us to change the location.
>
> So we will stay listed for the rest of our life. The result of this
> behaviour is that we have to contact the providers using SPEWS to
> whitelist us.
> If they dont they will get problems with their custormers for blocking
> legitimate emails from their business partners.
> As we are not listed anywhere else the arguments are on our side. If
> you plan to block all large IPs and Datacenters - get lucky doing so.
>
> This is not what I planned to do but there seems to be no other way
> from my point of view.
> I am sad about this because we are fighting on the same side.
Why such a bleak outlook? You *do* have other options than moving your
corpus of servers to another facility. (Although it would be nice if
you didn't support spam with your money...)
Hire a dedicated server, or colo a server, in a facility with clean IP
numbers, like at my $DAYJOB or any one of a dozen other places that
maintain their IP space properly. (If you want to find out more about
my facility, as well as the name of another facility I know about that
run a clean operation, send e-mail to the address on this message. Or
GOOGLE on "co-located servers".)
Set your 155 servers to forward all outgoing mail to that remote server
that has a clean IP number, and have that server "smart-host" all your
outgoing mail. Accept mail from your little gaggle of boxes
unconditionally, and from the rest of the world with proper strict
filtering (so NDRs and abuse complaints are properly handled).
It's not that hard.
I personally run such a server using PostFix; as an added piece of
assurance I protect myself by running limited subject-based spam
filtering and virus filtering on the outgoing mail, and also do some
traffic management for troublesome ISPs like Hotmail and Yahoo. Cloning
that server would not be a problem to serve your needs.
I'm based in Reno, NV. Another service I can recommend is based in the
San Francisco, CA, Bay area.
By the way, SPEWS (Spam Prevention Early Warning System) is not about
spam per se. It's about spam supporting network operations. It lists
IP space that are "managed" in a manner contrary to the letter and
spirit RFC 1855, "Netiquette". The "early warning" part of the title is
that SPEWS, based on history and current listings, tries to predict
where spam and similar abuse will appear *before* it happens. I've
stopped using it as a primary source of blocking, but offer it to my
customers for scoring purposes in SpamAssassin.
Seth Breidbart
Dirk <nospam_to...@dima-consulting.de> wrote:
>You really think I am going to move a hole Rack with about 15Servers
>(not all in the same IP range) to a new location.
No, that is merely one of your options.
> It would cost us
>approximately 50.000 - 60.000 thousand Euro to move the Infrastructure
>to a different location.
Bill Tiscali for it, since they're the ones who aren't providing you
with the access you require (and they presumably offered).
>So we will stay listed for the rest of our life. The result of this
>behaviour is that we have to contact the providers using SPEWS to
>whitelist us.
>If they dont they will get problems with their custormers for blocking
>legitimate emails from their business partners.
Or their customers will find other companies to do business with.
>As we are not listed anywhere else the arguments are on our side.
Feel free to believe that.
> If
>you plan to block all large IPs and Datacenters - get lucky doing so.
Not all large datacenters are spam-friendly.
>I am sad about this because we are fighting on the same side.
You "fight spam" by paying a spam-friendly network? That isn't the
side I'm on.
Seth
Hal Murray
>I just wanted to add that it is about the whole IP Range:
>
>>2, 217.175.229.0 - 217.175.237.255, Christian Ferencz / maintrade.com/europeserver.de
>
>You are blocking over 2000 IP Adresses for an Incident that happend
>many years ago.
And is likely to happen again given the track record of your ISP.
--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's. I hate spam.
Morely Dotes
news:1139573521.0...@g14g2000cwa.googlegroups.com:
> So we will stay listed for the rest of our life. The result of this
> behaviour is that we have to contact the providers using SPEWS to
> whitelist us.
That's entirely up to you.
Which will cost you more: Moving to an anti-spam provider, or having your
repuration besmirched by staying with a pro-spam provider? Remember, this
is not a one-time thing; every day that goes by, your company's name
becomes known to more people who understand that you are doing business
with a pro-spam provider.
Of course, it's possible your provider may change and stop being pro-spam.
I wouldn't be betting *my* future income on that change, but I don't have
to.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
Soldering irons are known to be unpleasantly hot at the tip.
--
Claes T
<nospam_to...@dima-consulting.de> wrote:
>I just wanted to add that it is about the whole IP Range:
>>2, 217.175.229.0 - 217.175.237.255, Christian Ferencz / maintrade.com/europeserver.de
>You are blocking over 2000 IP Adresses for an Incident that happend
>many years ago.
Not speaking for the "You" you talk to (who?), but for me:
No. It's for the incidents
10-Dec-2005 213.214.210.23 Potential child porn
09-Apr-2005 62.79.138.181 spam source
31-Jan-2006 82.169.148.17 419 Nigerian scam source
27-Nov-2005 82.169.149.80 dito
09-Apr-2005 82.169.148.32 dito
03-Dec-2004 212.123.176.56 spam source
29-Aug-2005 217.175.253.18 pass2.aax.de
30-Apr-2005 62.27.38.101 still spamming
30-Apr-2005 62.27.57.104
30-Apr-2005 62.27.57.103
23-Apr-2005 213.54.158.102
11-Feb-2005 83.129.83.83
26-Jul-2004 62.26.129.249 Virus Source
Tiscali? One incident? Many years ago? No. No. No.
"Dirk" in Message-ID:
<1139573521.0...@g14g2000cwa.googlegroups.com>
>I am sad about this because we are fighting on the same side.
Sometimes corporate rules won't allow us to do the right thing, so I
take your word for it that *you* wouldn't have supported an
spam-tolerant isp as Tiscali. I was a Tiscali customer a few years
ago, I had to leave them to get my mail through. They could not secure
their main outgoing mailservers, so it got listed several times,
severel days a week, and I couldn't blame those blocking "my"
(Tiscalis) mailserver, they *had* to defend themselves from Tiscali
incompetence/ignorance. It took some months to migrate (contract
terms), it did cost, but it was necessary on my side of the fight
against spam ;-) You may want to hire a mail relay outside
Tiscalispace if you aren't allowed to cut the relation with Tiscali.
Good luck to you,
Claes T
ru.ig...@usask.ca
> I just wanted to add that it is about the whole IP Range:
> >2, 217.175.229.0 - 217.175.237.255, Christian Ferencz / maintrade.com/europeserver.de
> You are blocking over 2000 IP Adresses for an Incident that happend
> many years ago.
You have three misconceptions in the above message:
While it is not clear in the SPEWS FAQ, the "evidence" in the SPEWS
records should not be considered definitive AT ALL. It is highly
likely that SPEWS withholds a lot of evidence beyond what may have
TRIGGERED their listing. It is highly likely that with the bulk
quantities of spam that some ISPs are responsible for, it is more
practical to just update the actual block listing. Thus, only the
block listing entries, like the line above, should be considered
definitive. Therefore, you cannot conclude that SPEWS is CURRENTLY
listing those IPs for an incident that happened years ago. You CAN
surmise that these IPs are listed for recent incidents that have
NOT been mentioned in the record, and be fairly confident of that.
That is a Level 2 listing. That is usually considered a probationary
listing, one which most SPEWS-using mail servers probably do NOT
block on (Level 1 is the one that most will block on). As such,
you should not be experiencing much blockage based on that record.
Finally, I'm not sure who you refer to when you say "You are blocking",
but realize that SPEWS does not block mail globally; the people who
administer SPEWS may block based on that list at their own servers
but they do not control mail blocking at any other server, including
the ones that uses the SPEWS database. Blocking mail using SPEWS
must be configured individually and manually by mail admins at each
site that decides to use SPEWS. This means if you sent mail that
was blocked because of SPEWS, it was blocked because the mail admin
at your destination decided to use SPEWS, and it often means that
the admin AGREES with what SPEWS does. If you think what SPEWS
does is extreme, I point out that many mail admins have manually
configured their servers to block mail from entire countries and
even continents simply because they get so little legitimate email
from those regions compared to the onslaught of spam from those
regions.
ru
--
I am not SPEWS.
--
Hal Murray
>You really think I am going to move a hole Rack with about 15Servers
>(not all in the same IP range) to a new location. The location ist
>connected to the largest Backbone in Germany the DECIX in Frankfurt.
>The infrastructure is perfect and the location is about 15 Minutes from
Your problem is Tiscalli, right?
The web page at http://www.decix.de/ says there are 169 ISPs
connected there. Have you considered switching to one of the
others? Hopefully one of them is seriously anti-spam.
--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's. I hate spam.
--
E-Mail Sent to this address will be added to the BlackLists
>> You really think I am going to move a hole Rack
>> with about 15Servers (not all in the same IP
>> range) to a new location. The location ist
>> connected to the largest Backbone in Germany
>> the DECIX in Frankfurt. The infrastructure
>> is perfect and the location is about 15
>> Minutes from our office - open 24/7. ...
>
> Your problem is Tiscalli, right?
>
> The web page at http://www.decix.de/ says there
> are 169 ISPs connected there. Have you
> considered switching to one of the others?
> Hopefully one of them is seriously anti-spam.
The IPs are directly allocated to the OP,
the route announcements for the IPs are from
Tiscali's AS12312.
If decix is really routing at the same location
http://www.decix.de/info/DE-CIX-topology.png
then it does seem there is some selection,
http://www.decix.de/info/connected.html
however the OP will still need to get their own AS,
http://www.decix.de/info/prerequisites.html
which might get them out of SPEWS anyway
(if it is a AS escalation / expansion that SPEWS is doing).
--
E-Mail Sent to this address <Blac...@Griffin-Technologies.net>
will be added to the BlackLists.
--
Morely Dotes
> Finally, I'm not sure who you refer to when you say "You are blocking",
> but realize that SPEWS does not block mail globally; the people who
> administer SPEWS may block based on that list at their own servers
Well, that's as may be - but SPEWS does not operate a mail server, so
SPEWS is not blocking mail *to* SPEWS.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
Shmuel (Seymour J.) Metz
at 12:54 AM, ru.ig...@usask.ca said:
>Finally, I'm not sure who you refer to when you say "You are
>blocking", but realize that SPEWS does not block mail globally; the
>people who administer SPEWS may block based on that list at their own
>servers but they do not control mail blocking at any other server,
>including the ones that uses the SPEWS database. Blocking mail using
>SPEWS must be configured individually and manually by mail admins at
>each site that decides to use SPEWS. This means if you sent mail
>that was blocked because of SPEWS, it was blocked because the mail
>admin at your destination decided to use SPEWS, and it often means
>that the admin AGREES with what SPEWS does.
It might also mean that while the admin agrees with the listing, they
don't agree that it is strict enough. In principle you could cache
SPEWS entries and continue blocking even after SPEWS delisted, either
permanently or with a long timeout. Your server, your rules.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
Unsolicited bulk E-mail will be subject to legal action. I reserve
the right to publicly post or ridicule any abusive E-mail. Reply to
domain Patriot dot net user shmuel+news to contact me. Do not
reply to spam...@library.lspace.org
Dirk
what a feedback !
I will give more feedback to some postings but please explain to me one
thing before moving forward:
How do you think a datacenter for colocations should be able to stop
spam from their customers?
Regards Dirk
axlq
Dirk <nospam_to...@dima-consulting.de> wrote:
>How do you think a datacenter for colocations should be able to stop
>spam from their customers?
Stopping spam may be hard, but preventing isn't as hard.
One thing you could do is have firm contractual language with your
customers that forces them to police their own systems. They
spam, you shut them down immediately, and you impose cleanup fees
expensive enough to make them think twice about violating your
no-spam policy, or being lax about allowing spam to flow through
their box.
Publish an abuse address, register it with whois.abuse.net,
investigate complaints as if they came from SPEWS administrators,
and act promtply to cut off connectivity for offenders. Suspend
first, then contact the person responsible for the box to explain
what happened.
A colocation datacenter can stay out of DNSBLs like SPEWS with
some well-placed proactive preventive measures. But once you let
the cockroaches into your house, getting rid of them can be more
difficult.
-A
Dave Platt
>I will give more feedback to some postings but please explain to me one
>thing before moving forward:
>How do you think a datacenter for colocations should be able to stop
>spam from their customers?
My personal opinion is that policy, attitude, and enforcement do a lot
more than any technical measures that the data center might apply.
The data center should have a firm policy of "No spamming allowed. You
may not spam from our network. You may not spam from other networks,
and use our network to sell products which are being advertised via
spam. You may not sell or support products which are clearly
intended, or marketed for use as spam tools of any sort. You may not
provide any technical services, such as DNS or web hosting or mail
forwarding, to customers who do any of the above. You are responsible
for the actions of your customers and 'affiliates'. Violation of this
policy can and will result in your service being turned off, and your
being assessed a cleanup fee proportional to the number of complaints
received."
Colocation customers should be required to read and agree to this
policy (real signature on paper - a faxed copy is sufficient) before
their accounts are turned on. They should agree that their signature
on this policy constituted valid notice/warning of this policy... this
permits the data center to shut them down legally upon receipt of
valid complaints.
It wouldn't be a bad idea to have the policy/contract require that the
customer disclose whether they (individually or as a company) have
ever had service terminated by another ISP due to AUP violations.
Failure to disclose honestly would be stated to constitute a valid
reason for having their service terminated.
Then, the data center *should* shut down customers who violate these
policies. The data center's abuse/policy officer should have the
authority to do this - Sales should not be allowed to override.
This won't stop all spamming.
It will, however, scare away most spammers, who will go look for more
tolerant (or lazier, or less competent) hosting.
Once the first few spammers try to push up against the bounds of the
policy, and have their service turned off and their hosting
permanently shut down, the colo center will develop a grapevine
reputation as a really bad place to try to set up a spamhaus.
There are some technical and organizational measures that the
datacenter can use to keep an eye on things - e.g. number of outbound
SMTP sessions, rate limiting on outbound SMTP, checking domain names
for relationships to known spamhausen, and so forth.
Yes, this all takes effort and time, and thus costs money. It's
really part of the cost of doing business these days.
--
Dave Platt <dpl...@radagast.org> AE6EO
Hosting the Jade Warrior home page: http://www.radagast.org/jade-warrior
I do _not_ wish to receive unsolicited commercial email, and I will
boycott any company which has the gall to send me such ads!
lart...@yahoo.com
Dirk wrote:
> Wow,
>
> what a feedback !
> I will give more feedback to some postings but please explain to me one
> thing before moving forward:
> How do you think a datacenter for colocations should be able to stop
> spam from their customers?
It is impossible for such a provider to completely "stop spam"
(although some things could be done to make it less likely, such as
having a contract with significant monetary penalties for spam).
The most important thing is what the provider does *after* some spam
happens.
Do they read email to their "abuse" account?
Do they investigate spam complaints and terminate spamming customers
promptly? Including websites advertised by spam sent from elsewhere,
and DNS used by spammers?
Or, do they ignore complaints and allow the spammers to continue as
customers for a long time?
Most providers who have large listings in SPEWS are in this last
category.
Hal Murray
>spam from their customers?
How about disconnecting the cable to the customer's box? That should
be simple if the contract has a clean no-spamming clause.
Not signing up spammers to start with is a good idea.
The basic idea is that the data center has to get rid of (or avoid)
their problem customers. If they want to take the time to educate
naive or incompetent customs that's fine with me as long as they
stop the problem quickly and/or it doesn't happen too often.
--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's. I hate spam.
--
Morely Dotes
news:1139855929.7...@z14g2000cwz.googlegroups.com:
> How do you think a datacenter for colocations should be able to stop
> spam from their customers?
It's difficult to *prevent* spamming. However, a competent ISP will respond
effectively when a report of abuse is sent to them at the universal abuse
reporting address (e.g., ab...@dima-consulting.de); that response should
consist of terminating the account of the spammer and removing all forms of
support for him.
Failure to do that is what gets an IP into SPEWS (and to my local ACLs).
Repeated failure to do that is what gets an entire ISP blocked (for
example, Comcast).
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
Soldering irons are known to be unpleasantly hot at the tip.
--
Dirk
this sounds quite resonable.
However. When does spam start? How can you prove that people who signed
in for a winning game did not accept email adæ„€ etc. Please dont get
me wrong - I hate spam and I eaven hate (maybe) legitimate mass
mailings. Still I think a lot of people complaining about spam gave the
permission to use their email address somewhere sometime before.
How can you, as a datacenter provider, prove that your customer is
spamming at all? The authorities are definatly the only acceptable
institution to measure and judge about what is spam and what is not. I
definatly agree that an abuse account should not be ignored, as it is
done billion times daily.
Still - no datacenter customer would accept terms of agreement that
would punish spamming with a service cutoff. The risk ist too high. You
can never be that safe in internet that you would claim no one is able
to take over one of your servers. Therefore you can not state that
there will never be spam from any of your hosts. If the punishment for
beeing hijacked is the cutoff off all your domains......
This, and the fact that spam is not always really spam make the fight
agains spam so difficult. You need proves, which you may not collect.
You need external sources who decide to go to court.to track spammers.
In my oppinion, the only way to go is to block the hosts that spam.
DNSBL ist one of the useable systems here. The way the founders of
SPEWS have decided to go is a little bit too utopic and too ambitious
if it is enforced the way it seems to be.
I will most likely go the way someone mentioned before in this thread.
I will route mail, rejected from SPEWS to a different queue which is
then forwarded via a small dirty relay with a clean IP. This can be
bought anywhere on the net for few bucks with no problem to close is
down whenever SPEWS starts listing the provider You will never be able
to stop the people who really want to spam if you are not even able to
convince people like me who are willing to do what is possible within
the realistic measures to prevent spam.
Overblocking will always lead to the opposite of the intended.
Anyhow, can you tell me a provider in Frankfurt, Germany with fair
pricing who is in your oppinion a "clean" provider. We have a 42 HE
Rack with an average of 250 Gb Traffic. We need real bandwidth and 24/7
physical access.
Regards Dirk
Hal Murray
>There are some technical and organizational measures that the
>datacenter can use to keep an eye on things - e.g. number of outbound
>SMTP sessions, rate limiting on outbound SMTP, checking domain names
>for relationships to known spamhausen, and so forth.
How about outbound sessions for other evil things:
probes for ssh, socks, web proxies...
netbios
--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's. I hate spam.
--
nosp...@mytrashmail.com
> mailings. Still I think a lot of people complaining about spam gave the
> permission to use their email address somewhere sometime before.
Perhaps they indeed gave permission to be on some sort of announcements
list - however permission, aside from a contractual requirenent is not
really "heritable" - that is just because I give Party A permission to
send me Promos, that doesn't give his competitor that permission.
Also in most cases of Spam, I believe the addresses were either extracted
from web sites and newsgroups, or simply guessed by computer programs
using lists of the 1000 most common first and last names.
> How can you, as a datacenter provider, prove that your customer is
> spamming at all? The authorities are definatly the only acceptable
> institution to measure and judge about what is spam and what is not.
I'm not a data center provider, however to catch spammers, a datacenter
provider:
can do traffic analysis;
they can have an "abuse" mailbox and web form;
they can have a policy that allows persons in charge of other
networks telephone access to "Operations" staff to deal with ongoing abuse
incidents;
They also can perform "due diligence" against new customers
and domains such as checking against Spamhaus.Org "ROKSO" and SPEWS .
If the situation in .de and .eu is such where spamming has to escalate
to the authorities before a datacenter can disconnect a spammer - be
prepared for email from there to be accepted only by previous
arrangements.
> Still - no datacenter customer would accept terms of agreement that
> would punish spamming with a service cutoff. The risk ist too high. You
> can never be that safe in internet that you would claim no one is able
> to take over one of your servers.
A responsible datacenter will have terms of service that do allow
suspension of service to a machine that has been "taken over".
True they won't disconnect an entire rack for 1 problem address; they
will be " surgical" about the problem.
A responsible datacenter would also insist that a customer of the
magnitude of a full rack and 250 Gbytes a month traffic to have a contact
their staff can reach round the clock.
Datacenters who wind up in SPEWS and in local block lists get their for a
pattern of either outright malice (doing business with known spammers)
or chronic neglect ( ignoring compromised machines, not keeping track of
vulnerable apps such as formmail, phpnuke and phpBB, abuse@ chronically
bouncing back with "55x Mailbox full" or " Invalid Address " errors ).
> In my oppinion, the only way to go is to block the hosts that spam.
> DNSBL ist one of the useable systems here. The way the founders of
> SPEWS have decided to go is a little bit too utopic and too ambitious
> if it is enforced the way it seems to be.
Indeed I consider SPEWS an extremely blunt instrument which is showing
signs of neglect here and there.
SPEWS in my opinion is a bit of social engineering; I bet you're likely to
come away from this discussion and contact your datacenter and have some
sharp questions for them!
> pricing who is in your oppinion a "clean" provider. We have a 42 HE
> Rack with an average of 250 Gb Traffic. We need real bandwidth and 24/7
> physical access.
Indeed, are there any colocation centers with serious anti-spam business
practices which seldom get any of them IP space (or ASN) in the SBL
or SPEWS which can accomodate a customer with the above level of need?
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Herb Oxley
From: address IS Valid.
BJ in Texas
|| Okay,
||
|| this sounds quite resonable.
||
|| However. When does spam start? How can you prove that people
|| who signed in for a winning game did not accept email adæ„€
|| etc. Please dont get me wrong - I hate spam and I eaven hate
|| (maybe) legitimate mass mailings. Still I think a lot of
|| people complaining about spam gave the permission to use
|| their email address somewhere sometime before.
|| How can you, as a datacenter provider, prove that your
|| customer is spamming at all? The authorities are definatly
|| the only acceptable institution to measure and judge about
|| what is spam and what is not. I definatly agree that an abuse
|| account should not be ignored, as it is done billion times
|| daily.
A legitimate bulk mailer well use confirmed opt-in for mailing
addresses. If your customer is accused of spamming by
someone that legitimately signed up, they should be able to
produce a confirmation email that uniquely identifies the
customer. If they can't, they have likely either scrapped or
bought addresses neither of which is a legitimate method
of obtaining addresses.
|| Still - no datacenter customer would accept terms of
|| agreement that would punish spamming with a service cutoff.
Your right spammers would not accept those terms.
|| The risk ist too high. You can never be that safe in internet
|| that you would claim no one is able to take over one of your
|| servers.
You have customers with that poor of security? It would be
best to learn how to run a mail server before putting one on
the net. If is does happen, someone has to be in a position
to disconnect it as soon as you find out.
|| Therefore you can not state that there will never be
|| spam from any of your hosts. If the punishment for beeing
|| hijacked is the cutoff off all your domains......
If you are hijacked, you should likely be cutoff until you get
things secured.
|| This, and the fact that spam is not always really spam make
|| the fight agains spam so difficult. You need proves, which
|| you may not collect. You need external sources who decide to
|| go to court.to track spammers.
It is better to cutoff the spammer while investigating. if it
turns
out not to be spam turn it back on. If it is spam you have done
your job.
|| In my oppinion, the only way to go is to block the hosts that
|| spam.
That is what SPEWS does. My system, my choice to use what
I want to protect it.
|| DNSBL ist one of the useable systems here. The way the
|| founders of SPEWS have decided to go is a little bit too
|| utopic and too ambitious if it is enforced the way it seems
|| to be.
It works, admins use it because it works for them. If it
don't work for you, don't use it.
|| I will most likely go the way someone mentioned before in
|| this thread. I will route mail, rejected from SPEWS to a
|| different queue which is then forwarded via a small dirty
|| relay with a clean IP. This can be bought anywhere on the net
|| for few bucks with no problem to close is down whenever SPEWS
|| starts listing the provider You will never be able to stop
|| the people who really want to spam if you are not even able
|| to convince people like me who are willing to do what is
|| possible within the realistic measures to prevent spam.
And you will never convince those like me that it is not
acceptable.
|| Overblocking will always lead to the opposite of the
intended.
It is only overblocking in you eyes, to many of us it is about
right.
|| Anyhow, can you tell me a provider in Frankfurt, Germany with
|| fair pricing who is in your oppinion a "clean" provider. We
|| have a 42 HE Rack with an average of 250 Gb Traffic. We need
|| real bandwidth and 24/7 physical access.
Break out our phone directory, you have the poswer. :-)
|| Regards Dirk
||
||
--
"We can't be so fixated on our desire to preserve the rights of
ordinary Americans ..." -- President Bill Clinton, 'USA Today'
March 11, 1993: Page 2A
Morely Dotes
news:1139873147.4...@g47g2000cwa.googlegroups.com:
> However. When does spam start? How can you prove that people who signed
> in for a winning game did not accept email adïs etc.
You are apporaching that from the wrong direction.
How can the accused spammrr prove that the addresses to whihc he is sending
bulk email *did* opt-in?
If he can't prove it, then it's a safe bet (and probably a safe court case)
that he is spamming.
And "email ads" are still spam if he can't prove the addressees *asked* for
the ads.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
Soldering irons are known to be unpleasantly hot at the tip.
--
SPAMJAMR
>
>Okay,
>
>this sounds quite resonable.
>
>However. When does spam start?
When the recipient gets it.
>How can you prove that people who signed in for a winning game did not accept
>>email adæ„€ etc.
It is called confirmed opt-in. Anyone should be able to provide proof that a
recipient signed up and *verified* their wish to be emailed. Just having a
signup form on a web page is not good enough because you cannot prove who
entered the email address in the form.
>Still I think a lot of people complaining about spam gave the
>permission to use their email address somewhere sometime before.
It happens, but when confirmed opt-in is being used one can easily show that the
recipient asked for the mail.
Think of it this way. Your customer buys a new television at your store and pays
200 Euros cash but you dont give him a receipt. The next day he wants to return
it for a refund because it is broken, but the customer claims he paid 250 Euros
and calls you a liar when you tell him he only paid 200 Euros. Without the
receipt the customer cannot prove his claim, and the only proof you have is some
cash, so you cannot prove your claim.
Confirmed opt-in is like getting a receipt.
>How can you, as a datacenter provider, prove that your customer is
>spamming at all?
Easy enough. For one thing the number of complaints will the provider the
customer is spamming, the method of getting email addresses will also be an
indication. There are numerous methods providers use and they do it every day.
Just because you dont know how it is done does not mean it cannot be done.
>The authorities are definatly the only acceptable
>institution to measure and judge about what is spam and what is not.
Wrong.
>Still - no datacenter customer would accept terms of agreement that
>would punish spamming with a service cutoff.
You need to look around. Lots of them do it.
>The risk ist too high. You
>can never be that safe in internet that you would claim no one is able
>to take over one of your servers. Therefore you can not state that
>there will never be spam from any of your hosts.
You do not understand. Such a policy is not intended for the customer who has an
occasional technical problem. It is for the customer who does not care about who
they spam or using responsible email and list management practices. It is a
deterrent to keep the spammers off of the network. Legitimate business people
have no fear of such a policy.
>If the punishment for beeing hijacked is the cutoff off all your domains
Who said the policy was for getting hijacked? Read the above paragraph.
>This, and the fact that spam is not always really spam
What? It is either spam or not, there is no between.
>You need proves, which you may not collect.
Many providers do not have a problem proving it, they do it every day.
>You need external sources who decide to go to court.to track spammers.
Wrong again.
>In my oppinion, the only way to go is to block the hosts that spam.
And to block the providers who do nothing to stop the spammers on their
networks. I cannot think of a reason for me to go through the time and expense
of making life simpler for a spam supporting provider so they can keep making
money from the spammers who are hammering my network every day.
>DNSBL ist one of the useable systems here. The way the founders of
>SPEWS have decided to go is a little bit too utopic and too ambitious
>if it is enforced the way it seems to be.
Some believe so, some dont. Obviously those blocking your mail based on the
SPEWS data do not agree with you.
>I will most likely go the way someone mentioned before in this thread.
>I will route mail, rejected from SPEWS to a different queue which is
>then forwarded via a small dirty relay with a clean IP.
Make sure that "dirty relay" is configured properly (per RFC's) or you will find
just as many rejects, if not more, than you are getting now.
>This can be
>bought anywhere on the net for few bucks with no problem to close is
>down whenever SPEWS starts listing the provider You will never be able
>to stop the people who really want to spam if you are not even able to
>convince people like me who are willing to do what is possible within
>the realistic measures to prevent spam.
Are you saying the problem is people like you?
--
--
Keep the Internet clean, practice spammus interruptus
Buck Anwing - DO NOT MAIL
<nospam_to...@dima-consulting.de> wrote:
>How can you, as a datacenter provider, prove that your customer is
>spamming at all?
By the percentage of their mail which is rejected by the recipients'
sites.
-Buck
Morely Dotes
> we are still listed for no reason. We were asked to wait for a couple
> of weeks
By whom? SPEWS doesn't accept or send email (at least not as SPEWS).
> - we did - nothing changed. We are a new hoster - compare the
> whois data for the ip - and we do not spam.
>
> whois 217.175.230.168
>
> inetnum: 217.175.230.160 - 217.175.230.175
> netname: DIMA-CONSULTING-NET
> descr: Dima Consulting GmbH
> descr: Maintaler Str. 20, 63452 Hanau, Germany
> descr: Housing/Colocation Frankfurt
> country: DE
> admin-c: DS3002-RIPE
> tech-c: DS3002-RIPE
> tech-c: FHA9-RIPE
> status: ASSIGNED PA
> mnt-by: SSERV-NET
> source: RIPE # Filtered
>
> Please remove us !
Compare the DNS information for the spammer to your IP space:
02/05/06 11:59:00 dns europeserver.de
Mail for europeserver.de is handled by mail.europeserver.de
Canonical name: europeserver.de
Addresses:
217.175.252.8
02/05/06 12:00:55 whois maintr...@whois.completewhois.com
[DOMAIN whois information for MAINTRADE.COM ]
Domain Name: MAINTRADE.COM
Namespace: ICANN Unsponsored Generic TLD - http://www.icann.org
TLD Info: See IANA Whois - http://www.iana.org/root-whois/com.htm
Registry: VeriSign, Inc. - http://www.verisign-grs.com
Registrar: TUCOWS INC. - http://domainhelp.tucows.com
Whois Server: whois.opensrs.net
Name Server[from whois+dns, dns ip]: NS1.EUROPESERVER.DE 217.175.239.46
Name Server[from whois+dns, dns ip]: NS2.EUROPESERVER.DE 217.175.233.8
Updated Date: 17-Jan-2006
Creation Date: 11-Jan-1998
Expiration Date: 10-Jan-2007
Status: ACTIVE
[whois.opensrs.net]
Registrant:
MSI Group
Riedstr. 76
Floersheim, 65439
DE
Domain name: MAINTRADE.COM
Administrative Contact:
Gizaw, Lishane hostm...@globalregister.net
Riedstr. 76
Floersheim, 65439
DE
+496145596729 Fax: +496145596730
Technical Contact:
Gizaw, Lishane hostm...@globalregister.net
Riedstr. 76
Floersheim, 65439
DE
+496145596729 Fax: +496145596730
Registration Service Provider:
MSI Group, sup...@globalregister.net
http://www.globalregister.net
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.
Registrar of Record: TUCOWS, INC.
Record last updated on 17-Jan-2006.
Record expires on 10-Jan-2007.
Record created on 11-Jan-1998.
Domain servers in listed order:
NS1.EUROPESERVER.DE
NS2.EUROPESERVER.DE
Domain status: ACTIVE
So, it appears that EUROPESERVER.DE is providing DNS service to the
spammer; that's spam-support service, and it is a perfectly correct action
to list EUROPESERVER.DE for supporting the spammer.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
Seth Breidbart
Gary L. Burnore <gbur...@databasix.com> wrote:
>>It happens, but when confirmed opt-in is being used one can easily show that the
>>recipient asked for the mail.
>
>Again, how? It'd be easy for me to make something up that proved you
>signed up for some list somewhere.
And you'd probably do a better job of forging it than most of the
spammers do, too. But you probably don't have enough information to
make it convincing when I argue against you (e.g. what IP addresses
does my browsing come from? Are you really claiming that I confirmed
from a dialup at a time that I can prove I was on an airplane?)
Seth
phil-new...@ipal.net
| However. When does spam start? How can you prove that people who signed
| in for a winning game did not accept email ad?s etc. Please dont get
| me wrong - I hate spam and I eaven hate (maybe) legitimate mass
| mailings.
I don't hate legitimate mass mailings. I'm on a few such lists and I
specifically signed up to be on them. Most are forum mailing lists,
but a few are commercial advertising lists.
| Still I think a lot of people complaining about spam gave the
| permission to use their email address somewhere sometime before.
A lot probably do. But if you keep records, you'll be able to point
at the SMTP server that you delivered a crypto strength key to which
the user would verify, and you'll also be able to point at either the
SMTP client or HTTP client where you got the key back from to show
that whoever is at the receiving end of that address did provide the
key back to confirm.
| How can you, as a datacenter provider, prove that your customer is
| spamming at all? The authorities are definatly the only acceptable
| institution to measure and judge about what is spam and what is not. I
What authorities are you talking about? Law enforcement? No, they are
limited to what the jurisdiction law defines, and in any case are probably
quite incompetent about computer/internet/technical issues of any kind.
I've gotten spam relayed through polic department computers that have
been hacked and taken over by spammers ot the hackers the spammers hire.
| definatly agree that an abuse account should not be ignored, as it is
| done billion times daily.
Certainly. An ISP that ignores it should get blacklisted fast and
extensively.
| Still - no datacenter customer would accept terms of agreement that
| would punish spamming with a service cutoff. The risk ist too high. You
| can never be that safe in internet that you would claim no one is able
| to take over one of your servers. Therefore you can not state that
| there will never be spam from any of your hosts. If the punishment for
| beeing hijacked is the cutoff off all your domains......
There is a very wide range of competency in running servers. Those on
the high end tend to have no server takeover issues at all, even with
Microsoft Windows. Those on the low end have such problems all the
time even with BSD/Linux/Unix.
I disagree. Cutoff is necessary if the customer is not taking the
necessary steps.
| This, and the fact that spam is not always really spam make the fight
| agains spam so difficult. You need proves, which you may not collect.
| You need external sources who decide to go to court.to track spammers.
If it is not spam, I don't worry about it. If it is spam, it counts
against whoever let it go through.
| In my oppinion, the only way to go is to block the hosts that spam.
| DNSBL ist one of the useable systems here. The way the founders of
| SPEWS have decided to go is a little bit too utopic and too ambitious
| if it is enforced the way it seems to be.
Blocking the host that emits the spam is not solving the problem. ISPs
that allow spammers (and incompetent customers) to stay online are as
much a contributor to the problems as those who originate the messages
involved.
| I will most likely go the way someone mentioned before in this thread.
| I will route mail, rejected from SPEWS to a different queue which is
| then forwarded via a small dirty relay with a clean IP. This can be
| bought anywhere on the net for few bucks with no problem to close is
| down whenever SPEWS starts listing the provider You will never be able
| to stop the people who really want to spam if you are not even able to
| convince people like me who are willing to do what is possible within
| the realistic measures to prevent spam.
| Overblocking will always lead to the opposite of the intended.
Underblocking creates no incentive to correct the problem on the part of
those who can only be influenced by money. They set the standard of what
will influence them, and we have to use that kind of influence.
It seems that you might think "the problem" is "spam in the mailbox". If
that is your thinking, then you have it wrong. As big a problem is the
waste of network and server resources, and also administrative time and
effort cleaning up the mess. Many other ISPs profit at our expense and this
needs to be stopped. Blocking just the host the spammer sends email from
creates no incentive to correct this problem at all.
| Anyhow, can you tell me a provider in Frankfurt, Germany with fair
| pricing who is in your oppinion a "clean" provider. We have a 42 HE
| Rack with an average of 250 Gb Traffic. We need real bandwidth and 24/7
| physical access.
Maybe your definition of "fair pricing" is pricing from an ISP that has some
other big source of income that allows them to give you a steep discount
price. We already know that ISPs that do hosting of spammers very often
have lower pricing for their non-spamming customers. It is not fair, and
not right, that you should have a discount price at our expense.
But if your definition of "fair pricing" is something that a provider can
do without hosting spammers or other abusers, then there will be such a
provider ... IFF the market demands such a provider. If you are seeking
hosting and contact all the various providers, you may well ask what their
pricing is. But do you also ask if they host spammers? And if you do, can
you verify if they tell the truth?
If no such provider yet exists, consider that a new business opportunity
to set up such a provider yourself, marketing it as "lowest prices and
cleanest address space ... spammers not hosted". Of course as soon as you
start taking away their good customers, your competition will finally see
the light.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
phil-new...@ipal.net
| On Sat, 25 Feb 2006 11:47:05 GMT, SPAMJAMR <Letz...@aol.com> wrote:
|
|>In article <1139873147.4...@g47g2000cwa.googlegroups.com>, Dirk says...
|>>
|>>Okay,
|>>
|>>this sounds quite resonable.
|>>
|>>However. When does spam start?
|>
|>When the recipient gets it.
|
|>
|>>How can you prove that people who signed in for a winning game did not accept
|>
|>It is called confirmed opt-in. Anyone should be able to provide proof that a
|>recipient signed up and *verified* their wish to be emailed. Just having a
|>signup form on a web page is not good enough because you cannot prove who
|>entered the email address in the form.
|
| I didn't. Knowing spammers, I'd tend to believe me when I yelled and
| screamed, not when they said I signed up.
There would be specific evidence of when the confirmation was sent back
to complete the signup process. If it is emailed back, there is a log
of the server your mail came from. If it is entered via a web form,
then there is a specific HTTP client or proxy server involved. But even
that doesn't matter as much as the fact that the confirmation code was
emailed _to_ your specific email server.
Of course, it is a real problem when people do sign up and either forget
they have, or simply use spam complaining as a "least work" way to get
back out of a list. This is one of the nasty side effects of having a
big spam problem.
|>It happens, but when confirmed opt-in is being used one can easily show that the
|>recipient asked for the mail.
|
|
| Again, how? It'd be easy for me to make something up that proved you
| signed up for some list somewhere.
It would not match the peer server logs.
Of course a big issue with this is that logs on either end can be forged.
But that hasn't been a pervasive problem that I know of, yet. If it does
come about, there may have to be a trusted confirmation clearinghouse
method.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
--
Seth Breidbart
>wrote:
>>And you'd probably do a better job of forging it than most of the
>>spammers do, too. But you probably don't have enough information to
>>make it convincing when I argue against you (e.g. what IP addresses
>>does my browsing come from?
>
>One could provide the address of a well known proxy. Your argument
>would be that you don't use said proxy. Followed by "A request was
>made via "proxyaddress" a message was sent to "your email address".
>The affirmation was sent via "same proxy address". Therefore, you
>must have used said proxy.
If you're trying to claim that I intentionally obfuscated my signup,
sure, that's impossible to disprove (after all, I could have forwarded
the cryptographically-secure URL to a friend and asked him to use a
fresh AOL CD and dialup to confirm while I was being interviewed live
on national television). Otherwise, there's an issue of
reasonableness.
If I was online around that time, I can probably get weblogs showing
how I browsed, since a number of the sites have webmasters who I know.
>>Are you really claiming that I confirmed
>>from a dialup at a time that I can prove I was on an airplane?)
>
>See above. Of course, I can be anywhere and still access the net via
>high speed wireless.
I fly Northworst; no Internet access on board.
>Still, it'd be a LOT of work and likely not worth the trouble.
And the typical spammer can't get close. (They do things like produce
"logs" showing signups from non-existent IP space.)