Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
news.admin.net-abuse.blocklisting
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion Help! APEWS blocked the World!
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Andrew - Supernews  
View profile  
 More options Aug 8 2007, 11:30 am
Newsgroups: news.admin.net-abuse.blocklisting
From: Andrew - Supernews <andrew+non...@supernews.net>
Date: Wed, 8 Aug 2007 15:30:08 GMT
Local: Wed, Aug 8 2007 11:30 am
Subject: Re: Help! APEWS blocked the World!
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
On 2007-08-03, Claus v. Wolfhausen <use-reply-to-mail...@remove-this.com>
wrote:

> First let me say that i would have expected such an subject and that content
> from M.Ciprut, but not from the SPAMHAUS operator.

It's hardly an opinion unique to Spamhaus.

> Really strange to see you are claiming your private opinions as facts here.
> You have no prove how many systems are using the APEWS lists and for what
> reasons. You do not run their mirrors.

The evidence of the non-use of APEWS is everywhere, from the fact that
almost no one complaining of a listing can produce a bounce message, to
the fact that the participants of large high-profile mailing lists don't
complain about (or even notice) the fact that the listserver is listed on
APEWS.

> Even if you would be right, and nobody would use that lists you should be
> glad about every user calling his provider and complaining about spammers,
> shouldn't you?

Only if:

 a) the provider actually does have spammers
 b) the user calling the provider can actually supply usable information
    about who or where those spammers are
 c) the provider hadn't already taken all necessary steps themselves

Unless _all three_ of those conditions are met, it's not helpful for the
users to complain, is it?

Let's take an example. The /20 block that contains my home (static) DSL is
listed in APEWS, this block also contains the provider's smarthost. The
listing says nothing more than the usual "One or more bots in ASN / CIDR,
unprofessional / negligent owner" garbage.

There is exactly one recent hit in .sightings for that range (not from the
smarthost). This is clearly from an infected machine.

There are no current CBL listings for that range.

There are no hits for it in any of the spamtraps I have access to.

Historical data suggests that there have been about four CBL listings over
that /20 in the past three months. (For comparison, the not-quite-/19
netblock that contains unimatrix.admins.ws has more than five times that
number of listings over the same period, and repeated hits in our spamtraps.)

None of this indicates any deficiency on the part of the provider. There is
no reasonable complaint I can make to them (there's no sign of ongoing spam,
or repeated incidents from the same customer). There's no point in me moving
to another provider, because every other one I could use is either already
listed in APEWS too, or is almost certain to become listed based on the
observed behaviour. (The fact that, as I posted elsewhere, APEWS is currently
listing 38% of all routable IP space makes it clear that trying to avoid
being listed will always be a losing proposition; by comparison, SPEWS never
listed more than about 2% of active IP space.)

So the listing is serving no purpose other than helping to guarantee that
nobody will ever use APEWS.

> Most providers panic if lots of customers are complaining because of spammers
> exists in the same netblock and they begin realizing to be just a bunch of
> IP's away to get a complete /16 escalated up to UCEPROTECT-Level 3.

What's the point in escalating to a /16 when so often it'll end up crossing
an allocation boundary and catching entirely unrelated ISPs?

> It does not matter users are really at risk to get blocked or just got that  
> imagination. What matters is the result only:

> They will call their providers and complain about the spammers.

In other words your purpose is simply to harass every ISP in the world,
regardless of whether they are keeping a clean network or not?

> Real spamfighters should appreciate that, because it is helpfull to eliminate
> the spam problem.

Real spamfighters know how to tell the difference between clean and dirty
networks.

> The question is therfore: What is your problem with APEWS?

The problem is not that they exist, or even their listing policy. The _only_
problem is this dishonest attempt to get users to complain to ISPs _even_
when the ISP is doing their job well, plus the noise generated in these
groups as a result.

> It seems to me you worry about who will pay you tomorrow, if APEWS
> would be sucessfull and spam disappear.

This is the logical fallacy known as "ad hominem circumstantial".

_I_ don't get paid anything at all for fighting spam.

> It is a fact that APEWS is using other DNSBL's searching spam sources.
> I got a mail from Al Iverson, he also noticed that there are sometimes ranges
> listed by APEWS shortly after they were seen on the UCEPROTECT blocklists.

> Investigating i found that our lists are indeed also downloadet by APEWS.

If I were you I'd stop that. Your defense of the stupidity of APEWS will
quite quickly undo all your attempts to reverse the damage done to your
own reputation by your former spokesman Mr. Steigenburger.

It's also a fact that APEWS is _misusing_ other sources of data. The people
at SANS have repeatedly complained about abuse of their data with no apparent
effect (see http://isc.sans.org/diary.html?storyid=3189 for details).

> If you would be a real spamfighter, you would not knowingly ignore the worst
> spamsewers, you would appreciate what APEWS does instead.

Fortunately you don't get to decide who is a "real" spamfighter or not.

> SORBS and UCEPROTECT would not mirror zones which "sucks".

Matthew has already answered that one for SORBS. As for why uceprotect would
choose to mirror a zone whose creation they were obviously closely involved
in starting, well, that doesn't take much imagination to figure out.

> That does not mean i recommend using APEWS for blocking.

> In my opinion the APEWS lists are excellent as an advisory or to be used in  
> scoring systems.

Well, for something to be useful in a scoring system, it needs to have some
positive predictive power. That is, the probability that the mail is spam,
given that you know it is from a listed IP, must be higher than the
probability it was spam before you looked up the listing.

When the false-positive rate of a test is as high as its hit rate, then there
is no predictive power. Obviously, it's hard to measure the FP rate with any
accuracy, and it will differ significantly between users, but my analysis of
my personal mail and our support mail suggests that the real FP rate of APEWS
is _much higher_ than the figures from Al Iverson's analysis (which is biased
towards bulk sources).

--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services

--
        Comments posted to news.admin.net-abuse.blocklisting
        are solely the responsibility of their author.  Please
        read the news.admin.net-abuse.blocklisting FAQ at
        http://www.blocklisting.com/faq.html before posting.


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google