Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SPEWS: S2955 IP range attributed to an entity no longer hosted

12 views
Skip to first unread message

nicknomo

unread,
Oct 24, 2006, 9:36:09 AM10/24/06
to
65.217.202.11 and .16 are servers that send mail.
65.217.202.0 /24 Is part of a larger pool being labelled as Atriks.com
(a known spammer).

This is no longer the case. Two months ago, I acquired this entire
class C for my domain (on 3 year term).

considering I fall at the top of the listed IP range, it would seem
reasonable to delist me. Oddly enough, I am from a Verizon business
service, and because of various listings in this range, verizon.net is
apparently using Spews to block my email. Hows that for Irony?

Anyways, this is really effecting business, since we've inherited an
entry in a blacklist. If we can be removed, I'd appreciate it.

--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.

Mike Andrews

unread,
Oct 24, 2006, 10:33:09 AM10/24/06
to
On Tue, 24 Oct 2006 13:36:09 GMT, nicknomo <nick...@gmail.com> wrote in <1161698859.9...@m7g2000cwm.googlegroups.com>:
> 65.217.202.11 and .16 are servers that send mail.
> 65.217.202.0 /24 Is part of a larger pool being labelled as Atriks.com
> (a known spammer).

> This is no longer the case. Two months ago, I acquired this entire
> class C for my domain (on 3 year term).

> considering I fall at the top of the listed IP range, it would seem
> reasonable to delist me. Oddly enough, I am from a Verizon business
> service, and because of various listings in this range, verizon.net is
> apparently using Spews to block my email. Hows that for Irony?

> Anyways, this is really effecting business, since we've inherited an
> entry in a blacklist. If we can be removed, I'd appreciate it.

The relevant lines from the SPEWS record you cite are these:

A 1, 65.217.174.0 - 65.217.184.255, UUNet (atriks.com / "News Bulletin Services")
B 1, 65.217.164.0 - 65.217.194.255, UUNet (atriks.com / "News Bulletin Services")
C 2, 65.217.154.0 - 65.217.204.255, UUNet (atriks.com / "News Bulletin Services")

Apparently Atriks has moved into a different part of UUNet space:

UUNET Technologies, Inc. UUNET65-2 (NET-65-240-0-0-1)
65.240.0.0 - 65.253.255.255
ATRIKS UU-65-246-138-112-D4 (NET-65-246-138-112-1)
65.246.138.112 - 65.246.138.127

It's still UUNet, though, and I judge that ATRIKS was being hindered
enough by its various listings that it asked for a new address space.
That's _NOT_ a reason to delist their old space, as long as it's still
UUNet: UUNet is playing a shell game, and you've been leased damaged
goods.

So now your mail is being blocked by Verizon because it comes from a
SPEWS-listed netblock. If Verizon is using SPEWS as part of its
defensive armament, then I'm surprised, but that happens a lot in this
business. That should give you some idea of how ATRIKS is viewed by
folks who deal with E-mail for a living.

You write "considering I fall at the top of the listed IP range". Why
would that make any difference to SPEWS?

I see that 65.217.202.0/24 now is SWIPPed to

Cancos Tile Corp.
1085 Portion Rd.
Farmingville, NY 11738
US

Domain Name: CANCOS.COM

Administrative Contact:
Valva, Mark mva...@cancos.com
Cancos Tile
1085 Portion Rd.
Farmingville, NY 11738
US
631-736-0770

Technical Contact:
User, Remove b...@void.com
Tokunaga, Tetsushi
1-51-1 Hatsudai Shibuya-ku
Tokyo, Tokyo 34471
JP
+81 3-5358-3601 fax: 999 999 9999

That's an interesting technical contact you have there, even though
it's a side issue. Care to comment?

The main issue is that ATRIKS has polluted that IP space, and since
UUNet still is hosting ATRIKS in UUNet IP space, the listing probably
will stand -- until UUNet chases ATRIKS away, I suspect, and that is
likely to happen only when the checks stop clearing.

The secondary issue here is that UUNet is listed at this point, though
only at level 2. I'm surprised that you're being affected by a level
2 listing: I hadn't expected enough people to use it that it would be
a hindrance.

In any event, since UUNet is listed and you're not, you need to get
UUNet to take action to get the listing lifted. That action most
probably needs to be UUNet getting rid of its spammers.

You can take actions, too, but your choices are more limited:

1. Convince UUNet to drop all the spammers they host. Once
there are no more spammers on this part of the internet, SPEWS
is very likely to delist the IP space you use. Good luck.
2. Change to a more reputable provider that is not listed in SPEWS
or other blacklists. Post a timetable for the move and SPEWS might
even cut a temporary hole for you.
3. Smart-host outgoing mail. Disadvantage: You'll still pay money to
a spam-supporting company.
4. Ask your recipients to whitelist you. Disadvantage as above.
5. Live with the SPEWS listing. Disadvantage as above.

--
Mike Andrews, W5EGO
mi...@mikea.ath.cx
Tired old sysadmin

wuffa

unread,
Oct 24, 2006, 10:46:16 AM10/24/06
to

On Oct 24, 6:36 am, "nicknomo" <nickn...@gmail.com> wrote:
> 65.217.202.11 and .16 are servers that send mail.
> 65.217.202.0 /24 Is part of a larger pool being labelled as Atriks.com
> (a known spammer).
>
> This is no longer the case. Two months ago, I acquired this entire
> class C for my domain (on 3 year term).
>
> considering I fall at the top of the listed IP range, it would seem
> reasonable to delist me. Oddly enough, I am from a Verizon business
> service, and because of various listings in this range, verizon.net is
> apparently using Spews to block my email. Hows that for Irony?
>
> Anyways, this is really effecting business, since we've inherited an
> entry in a blacklist. If we can be removed, I'd appreciate it.
>

well your at cancos.com ? right your e-mail mite also beening blocked
as to the fact you do not have a postmaster roll acct:
see the below read out from www.DNSreport.com thats reads in
part...".
FAIL Acceptance of postmaster address ERROR: One or more of your
mailservers does not accept mail to postm...@cancos.com. Mailservers
are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept
mail to postmaster.
MAILSERVER.cancos.com's postmaster response: >>> RCPT
TO:<postm...@cancos.com> <<< 550"

E-Mail Sent to this address will be added to the BlackLists

unread,
Oct 24, 2006, 12:15:33 PM10/24/06
to
nicknomo wrote:
> 65.217.202.11 and .16 are servers that send mail.
> 65.217.202.0 /24 Is part of a larger pool being labelled
> as Atriks.com (a known spammer).
>
> This is no longer the case. Two months ago, I acquired
> this entire class C for my domain (on 3 year term).

Really? Atriks is no longer using any IPs "of a larger pool"
that includes 65.217.202.0/24? (e.g. anywhere in 65.192.0.0/11 ?)

{That MCI / UUNET might provide services to someone who is
not a source of abuse, likely matters little to SPEWS,
if the source(s) of abuse are still there.}


> considering I fall at the top of the listed IP range,
> it would seem reasonable to delist me.

Is MCI / UUNET providing any services to Atriks anywhere?
{I doubt SPEWS is inclined to play wack-a-mole.}


> Oddly enough, I am from a Verizon business service,
> and because of various listings in this range, verizon.net
> is apparently using Spews to block my email. Hows that for Irony?

I doubt it very much, either you are reading the bounces wrong,
or it is likely for another reason.


> Anyways, this is really effecting business, since we've
> inherited an entry in a blacklist. If we can be removed,
> I'd appreciate it.

Question SPEWS might ask (if they ever posted in public)
Is Atriks using any IPs in 65.192.0.0/11 (65.192.0.0 - 65.223.255.255)?
Does Atriks have any services of any kind from UUnet / MCI?

Is there any other abuse currently related to 65.192.0.0/11?
(Any other spammers or abusers of services using that range?)


SPEWS: Only the listed ISP can do anything about the listing,
and only by stopping ALL spammer support first.

1) If you are NOT the listed ISP you are likely wasting
your time, unless you want an education and not a
listing change.

2) If you are the listed ISP you are likely wasting your
time, unless you have terminated / removed ALL spammer
support services and keep it that way.


--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.

Shmuel (Seymour J.) Metz

unread,
Oct 24, 2006, 2:01:53 PM10/24/06
to
In <1161698859.9...@m7g2000cwm.googlegroups.com>, on
10/24/2006

at 01:36 PM, "nicknomo" <nick...@gmail.com> said:

>Two months ago, I acquired this entire
>class C for my domain (on 3 year term).

It's still uunet; the SWIP doesn't change that. Also, the listing is
at level 2. Did uunet tell you that the IP block was tainted? If not,
you should talk to your legal staff.

>considering I fall at the top of the listed IP range, it would seem
>reasonable to delist me.

You aren't listed, and with a uunet IP block you would be at risk of
blocking even without a SPEWS listing.

>Oddly enough, I am from a Verizon business
>service, and because of various listings in this range, verizon.net
>is apparently using Spews to block my email. Hows that for Irony?

You mean the irony of verizon blocking verizon, or the irony of
verizon blocking someone else's spam?

>If we can be removed, I'd appreciate it.

Sure; just get uunet to remove its spammers. Read A42 in the FAQ.

If it were me, I'd find a reputable provider, then post a timetable
for moving with a request that SPEWS cut a temporary hole in the
listing.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

nicknomo

unread,
Oct 24, 2006, 3:40:55 PM10/24/06
to

I've read up on this a bit..

It just seems irresponsible to block such a large amount of people to
stop a few spammers... Blocking a tier 1 ISP doesn't seem logical.
I've looked into it, and it appears that Spews has blocked Verio/Cogent
co/NTT class B's in the past as well (I read about it on
somethingawful.com). That's nuts. Aren't there only like 7 "real"
Tier 1 ISP's?

That's blocking millions upon millions of users (a small fraction of
them spam).

It turns out that the mail to the verizon.net address was actually
being forwarded to new email addresses (at their own domain), and thats
why the emails to the people were bouncing back. I'm going to have to
see if I can get a hold of their mailserver admin and see if I can get
him to drop Spews from his RBL's.

Andrew Hood

unread,
Oct 24, 2006, 5:12:10 PM10/24/06
to
On Tue, 24 Oct 2006 19:40:55 +0000, nicknomo wrote:

>
> I've read up on this a bit..
>
> It just seems irresponsible to block such a large amount of people to stop
> a few spammers... Blocking a tier 1 ISP doesn't seem logical. I've looked
> into it, and it appears that Spews has blocked Verio/Cogent co/NTT class
> B's in the past as well (I read about it on somethingawful.com). That's
> nuts. Aren't there only like 7 "real" Tier 1 ISP's?
>
> That's blocking millions upon millions of users (a small fraction of them
> spam).

In the Spews level 2 list I have, that one UUNET allocation -
65.192.0.0/11 - contains listings for 69 seperate entities. Hard to
believe UUNET is not an attractive nuisance.

Angelo Tirico, see http://spews.org/ask.cgi?S911
Atriks, see http://spews.org/ask.cgi?S2955
BAC2/Zacson, see http://spews.org/ask.cgi?S2807
Bad Registrar, see http://spews.org/ask.cgi?S3123
Bulk International, see http://spews.org/ask.cgi?S513
Dragonfans, see http://spews.org/ask.cgi?S2341
DreamPharm, see http://spews.org/ask.cgi?S1022
Empire Towers, see http://spews.org/ask.cgi?S888
FML, see http://spews.org/ask.cgi?S351
GORDONLANTZ, see http://spews.org/ask.cgi?S396
GoldenRom, see http://spews.org/ask.cgi?S1404
HighHosting, see http://spews.org/ask.cgi?S1769
IMATCHER, see http://spews.org/ask.cgi?S355
JOHNCOTA, see http://spews.org/ask.cgi?S386
John Aragona, see http://spews.org/ask.cgi?S1678
KIC, see http://spews.org/ask.cgi?S2850
Keith Taub, see http://spews.org/ask.cgi?S536
MARIN, see http://spews.org/ask.cgi?S373
Merchant Commerce, see http://spews.org/ask.cgi?S2423
MyDreamMatch, see http://spews.org/ask.cgi?S918
NTC, see http://spews.org/ask.cgi?S524
OffersCentral/greatdealsdepot/seenetix, see http://spews.org/ask.cgi?S1528
OnlineVacationCenter, see http://spews.org/ask.cgi?S1331
PLM INTERNATIONAL, see http://spews.org/ask.cgi?S1095
PM Marketing, see http://spews.org/ask.cgi?S2351
Peelers/MNM Services, see http://spews.org/ask.cgi?S2495
Pickle Technologies/1stuniverse, see http://spews.org/ask.cgi?S2612
Publicom/Networldtron/Optin Plus, see http://spews.org/ask.cgi?S2425
Reinertsen, see http://spews.org/ask.cgi?S1519
Rusty Campbell, see http://spews.org/ask.cgi?S827
SamAl/BulkISP, see http://spews.org/ask.cgi?S394
Sun-Net/mirroredsite/dnslogics, see http://spews.org/ask.cgi?S2279
TEOS, see http://spews.org/ask.cgi?S2726
WebHostPlus/datapeer/3WCorp, see http://spews.org/ask.cgi?S2766
Whitcon/Spamwealth, see http://spews.org/ask.cgi?S619
Ylitalo, see http://spews.org/ask.cgi?S916
airface, see http://spews.org/ask.cgi?S2930
digitalmortgage, see http://spews.org/ask.cgi?S2210
dnswiz, see http://spews.org/ask.cgi?S502
elistmarketers, see http://spews.org/ask.cgi?S1710
emailbroadcaster/attainwealth, see http://spews.org/ask.cgi?S1537
euniverse/yourbigvote, see http://spews.org/ask.cgi?S1677
g-forcemarketing, see http://spews.org/ask.cgi?S2498
gopreipo, see http://spews.org/ask.cgi?S776
hostsuccess, see http://spews.org/ask.cgi?S693
idscellular/optinresources, see http://spews.org/ask.cgi?S1283
ifriends/Webpower, see http://spews.org/ask.cgi?S999
igd, see http://spews.org/ask.cgi?S3004
imakenews/collectoronline, see http://spews.org/ask.cgi?S742
inglesa/tilw/veritex, see http://spews.org/ask.cgi?S2015
integratix, see http://spews.org/ask.cgi?S2843
isupportisp, see http://spews.org/ask.cgi?S782
misc16, see http://spews.org/ask.cgi?S703
moneyfun, see http://spews.org/ask.cgi?S603
netsetgo/newemailoffer/everblur/kooloffers/netrica, see http://spews.org/ask.cgi?S1048
newslifeexpress, see http://spews.org/ask.cgi?S1245
polkfinancial, see http://spews.org/ask.cgi?S1627
poweremailsystems/beverlyhillshosting, see http://spews.org/ask.cgi?S1187
rdncorp, see http://spews.org/ask.cgi?S1105
securetags/buddytags, see http://spews.org/ask.cgi?S1368
softlandmark, see http://spews.org/ask.cgi?S2794
spamfiles, see http://spews.org/ask.cgi?S2954
stubberfield, see http://spews.org/ask.cgi?S359
theadstop, see http://spews.org/ask.cgi?S881
thinhardware/EarthVista, see http://spews.org/ask.cgi?S1039
ultrameds/docdrugs, see http://spews.org/ask.cgi?S1164
xpider, see http://spews.org/ask.cgi?S1479
youwinit, see http://spews.org/ask.cgi?S1336
zaconta, see http://spews.org/ask.cgi?S1467


--
2006/10/24:21:57:57UTC Slackware Linux 2.4.32
up 22 days, 13:10, 7 users, load average: 2.02, 2.07, 2.08

huey.c...@gmail.com

unread,
Oct 24, 2006, 5:54:50 PM10/24/06
to

And yet,

Aug 13 2002
http://www.spamhaus.org/sbl/listings.lasso?isp=uu.net
45 SBL listings for UUNet

Nov 28 2002
uunet 36

Dec 12 2002
34 SBL listings for IPs under the responsibility of uu.net

May 3 2003
119 known

Dec 30 2003
114 SBL listings

May 8 2004
SBL -- uu.net has 127

Jun 3 2004
An unbelievable, abysmal, headache-inducing 108

Jun 30 2004
UUNET is up to 184 SBL listings

Oct 19 2004
MCI 227

Jan 26 2005
Found 220 SBL listings

Apr 9 2005
228 SBL listings

Aug 3 2005
Found 242 SBL listings

Feb 11
Note well: 238

Today:
169 SBL listings for IPs under the responsibility of verizonbusiness.com

....so clearly, SPEWS is having a dramatic effect on UUnet.

--
Huey

Stephen Satchell

unread,
Oct 24, 2006, 6:00:25 PM10/24/06
to
nicknomo wrote:
> I've read up on this a bit..
>
> It just seems irresponsible to block such a large amount of people to
> stop a few spammers... Blocking a tier 1 ISP doesn't seem logical.

The problem is that the Tier 1 ISP is not conforming with RFC 1855, nor
are they encouraging their customers to do likewise. So who *should* be
blocked? When Tier 1 ISPs move spammer around (Google for
"whack-a-mole") they are aiding and abetting the spamming.

SPEWS holds the network operator(s) responsible for trash coming from
their netblocks. That's why I, amoung many other administrators, moved
off of UUNET and their IP addresses, and found other upstreams, and got
an allocation of IP addresses straight from the numbering authorities.

In the NSFNet days, allowing RFC 1855 violations was sufficient grounds
to disconnect an operator who didn't care.

> I've looked into it, and it appears that Spews has blocked Verio/Cogent
> co/NTT class B's in the past as well (I read about it on
> somethingawful.com). That's nuts. Aren't there only like 7 "real"
> Tier 1 ISP's?

Tier 1 ISPs are useful for transit traffic. It's not necessarily useful
for Tier 1 ISPs to provide leaf traffic. Leaf traffic should be
provided by ISPs who care about RFC 1855.

> That's blocking millions upon millions of users (a small fraction of
> them spam).
>
> It turns out that the mail to the verizon.net address was actually
> being forwarded to new email addresses (at their own domain), and thats
> why the emails to the people were bouncing back. I'm going to have to
> see if I can get a hold of their mailserver admin and see if I can get
> him to drop Spews from his RBL's.

That is one of the five options.

E-Mail Sent to this address will be added to the BlackLists

unread,
Oct 24, 2006, 6:22:31 PM10/24/06
to
nicknomo wrote:
> I've read up on this a bit..

That is always a good start.


> It just seems irresponsible to block such a large amount
> of people to stop a few spammers... Blocking a tier 1 ISP
> doesn't seem logical.

Listing is not the same as blocking;
If a recipient wants to block messages from IPs in SPEWS
level 2 list, nothing is stopping the recipient from doing so;
If a recipient doesn't want to use SPEWS level 2 for blocking
(or SPEWS level 1, or any DNSbl for that matter, nothing is
stopping the recipient from not using DNSbls;
If a recipient wants to use SPEWS level 2 and whitelist senders
they want / need / expect messages from, nothing is stopping
the recipient from doing so;
It is the recipients choice what they accept or reject
{they may be delegating that to their ISP(s)}.

See: http://spews.org/faq.html Q/A:22 & Q/A:44


Feel free to use resources available to you to solve your
problems, others will continue to do what meets their needs.


> I've looked into it, and it appears that Spews has blocked
> Verio/Cogent co/NTT class B's in the past as well (I
> read about it on somethingawful.com). That's nuts.
> Aren't there only like 7 "real" Tier 1 ISP's?

(shrug) I suspect it depends on how much abuse SPEWS sees
across how many IPs at any given point in time.


> That's blocking millions upon millions of users (a small
> fraction of them spam).

(shrug) Some block countries, regions, continents,
perhaps some even block all IPs allocated / assigned
by a Regional Internet Registry (RIR).


> It turns out that the mail to the verizon.net address was
> actually being forwarded to new email addresses (at their
> own domain), and thats why the emails to the people were
> bouncing back.

That makes much more sense.


> I'm going to have to see if I can get a hold of their
> mailserver admin and see if I can get him to drop Spews
> from his RBL's.

The admin may not listen to you (I would not),
however they are likely to listen to their own end users.

If the recipients mail server admin doesn't want to stop
using SPEWS, hopefully they will whitelist (at their end
user's request) sources of mail their end user wants
/ needs / expects.

The reason I say _if_,
is either the admin using SPEWS is very intentionally
using SPEWS (participating in the boycott)
{especially where a level 2 SPEWS listing is concerned}
or the admin is clueless about what SPEWS is & why they
list what they do (perhaps clueless abut DNSbls in general).


--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.

--

nicknomo

unread,
Oct 24, 2006, 6:53:01 PM10/24/06
to
I also found that similar entries are in SPEWS for SAAVIS networks.

Now, I think SPEWS level 1 would make for a great RBL to use on a
mailserver, but level 2 doesn't make sense for most (if any)
administrators IMO. Sure, if you take big chunks out of the biggest
service providers, and block them, you will get less spam. I have no
doubt that within the few million IP's that are blacklisted, hundreds,
even thousands of spammers are thwarted.

Yet, I question the practicality of blocking more valid domains than
invalid domains. It's similar to the practice of making everyone who
wants to mail to you sign up for a whitelist, and blocking everyone
else. Its impractical for most people. I question whether most people
using blacklists like Spews L2 truly understand the scope of the
blocking. Nothing personal against anyone here, but saying "switch
your ISP" is simply bad advice when there are cases of mass blocks with
at least 4 tier 1 ISP's. My last T1 was from cogent, and I could have
ended up in the same predicament if I got a new T1 from them with a
different IP pool. These ISP's are huge. Depending on the
organization of the IP pools you could be blocking entire
cities/regions. All of this because a few spammers use the network?

I'm honestly suprised everyone thinks that this is good practice. I
too am obsessed with stopping spam on my servers, but any normal
mailserver that implements the level 2 is far too draconian IMO.

I think this decreases the usefulness of the blacklist too... and gives
SPEWS and other RBL's a bad name. I don't know about the rest of you,
but I've gone through a lot of trouble to avoid false positives.
Condoning a system with millions of potential false positives seems to
be counter-intuitive.

What personally bother me though, is that according to what everyone
has said here, SPEWS doesn't care if my domain is not spam. It will
still block me anyways. This is not in line with the purpose of a
blacklist. That to me, also says that SPEWs is more political.. a tool
to influence the ISPs... but personally, I don't like the idea of my
domain being a casualty in someone elses war against an ISP. I respect
the sentiment, but I'd like to be left out of of these private battles.

E-Mail Sent to this address will be added to the BlackLists

unread,
Oct 24, 2006, 7:16:48 PM10/24/06
to

They are trying to allow a wide range of abuse over time?

I wonder what the ratio of listings vs total IPs allocated
to them has been at those points in time?


> ....so clearly, SPEWS is having a dramatic effect on UUnet.

They likely get plenty of negative feedback from many
of those experiencing abuse from their netspace,
and plenty of negative feedback from many of their own
customers experiencing problems related to other parties
solutions to those abuse problems at the receiving end.
(Some of those may be related to SPEWS listings,
I suspect even more related to Spamhaus listings,
but I would guess the most due to all the other many
things that treat their netspace the way it is treated.)


--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.

--

huey.c...@gmail.com

unread,
Oct 24, 2006, 8:02:35 PM10/24/06
to
E-Mail Sent to this address will be added to the BlackLists <Nu...@blacklist.anitech-systems.invalid> wrote:
> huey.c...@gmail.com wrote:
> > Aug 13 2002
> > http://www.spamhaus.org/sbl/listings.lasso?isp=uu.net
> > 45 SBL listings for UUNet
> > Aug 3 2005
> > Found 242 SBL listings
> > Today:
> > 169 SBL listings for IPs under the responsibility of verizonbusiness.com
> They are trying to allow a wide range of abuse over time?

This assumes 'trying', something other than patience.

> I wonder what the ratio of listings vs total IPs allocated
> to them has been at those points in time?

Fairly constant, in that they were the largest backbone provider when
SPEWS began and they're still the largest backbone provider today. IP
space has grown slightly over that time, first with the acquisition
of Digex, and then with the buyout by Versizon.

> > ....so clearly, SPEWS is having a dramatic effect on UUnet.
> They likely get plenty of negative feedback from many
> of those experiencing abuse from their netspace,

I don't think so. Most people neither know nor care where the abuse is
coming from, they just want the propellerheads running the mailserver
to do something about it.

> and plenty of negative feedback from many of their own
> customers experiencing problems related to other parties
> solutions to those abuse problems at the receiving end.

I don't think so. If people were significantly damaged by SPEWS
listings, shouldn't that be reflected in the number of spammers
currently hosted in UUnet space in some other way than a 375% increase?

--
Huey

Dave Platt

unread,
Oct 24, 2006, 8:07:11 PM10/24/06
to
In article <1161733512.0...@i3g2000cwc.googlegroups.com>,

nicknomo <nick...@gmail.com> wrote:
>I also found that similar entries are in SPEWS for SAAVIS networks.
>
>Now, I think SPEWS level 1 would make for a great RBL to use on a
>mailserver, but level 2 doesn't make sense for most (if any)
>administrators IMO.

And, in fact, I think that you'd find (if you could run a survey) that
only a relatively few, and probably fairly small, sites use the SPEWS
Level 2 data for the purposes of blocking.

That is, of course, a decision which is made by the owner/operator of
the mail server in question. Each site has the right (both moral and
legal) to decide which email it's willing to accept. There are some
site operators who are extremely spam-intolerant, and are willing to
accept a higher rate of rejection of non-spam email in order to block
incoming spam (or to express disapproval of the business practices of
ISPs which tolerate spammers on their networks).

As the saying goes around here, "Their server, their rules."

>Yet, I question the practicality of blocking more valid domains than
>invalid domains. It's similar to the practice of making everyone who
>wants to mail to you sign up for a whitelist, and blocking everyone
>else. Its impractical for most people.

With regard to your "whitelist" point: for many people, yes, it's
impractical or too costly. For most... probably so, but if the spam
problem gets much worse than it is today you'll probably find a larger
and larger percentage of email users adopting this sort of strategy,
or abandoning email altogether.

> I question whether most people
>using blacklists like Spews L2 truly understand the scope of the
>blocking.

I suggest that unless/until you actually survey those admins who are
using L2, you don't have enough information to say one way or the other.

> Nothing personal against anyone here, but saying "switch
>your ISP" is simply bad advice when there are cases of mass blocks with
>at least 4 tier 1 ISP's. My last T1 was from cogent, and I could have
>ended up in the same predicament if I got a new T1 from them with a
>different IP pool.

You have another option... get your own IP address allocation from
ARIN, or from a competent (spam-hostile) Tier 2 reseller of Cogent or
UUNET services who has their own ARIN allocation.

> These ISP's are huge. Depending on the
>organization of the IP pools you could be blocking entire
>cities/regions. All of this because a few spammers use the network?

Answer 1: it's not because of a *few* spammers. It's because of a
lot of spammers on those Tier 1 ISPs, allowed to continue operating
for a long period of time, with no visible attempt by the ISPs to stop
the spamming.

>From what I have observed of the practices of SPEWS, large escalations
of an ISP's net space (either level 1 or level 2) do not happen
quickly... not overnight, not even in a few months. Really large
listings seem to take *years* to develop.

Answer 2: there are a lot of people (me included) who *do* choose to
block all inbound mail from large regions (including whole countries)
except by prior arrangement / whitelisting, because of the very high
ratio of spam-to-ham from those areas.

>I'm honestly suprised everyone thinks that this is good practice.

And, you're mistaken in your belief. Of the posters in this
newsgroup, I've seen that:

- Quite a few feel that it's not good practice to block *any*
non-spamming customers of spam-tolerant ISPs.

Such people do not use the SPEWS data at all (nor other DNSBLs
which list whole ISPs or countries).

- A fair number say "No, it's not appropriate for me to block
on SPEWS 2, but I can see that some people might want to do so."

- A relatively small number say "I do block on SPEWS 2".

- Almost nobody says "Everybody should block on SPEWS 2".

What I think the great majority of the posters here agree upon,
however, is the "Their server, their rules" principle... which is one
which is deeply enshrined in Internet culture, and in both case and
legislative law here in the U.S. (it's specifically called out in the
otherwise-fairly-useless CAN SPAM law).

>I too am obsessed with stopping spam on my servers, but any normal
>mailserver that implements the level 2 is far too draconian IMO.

And, as a result of your opinion, you'll never use SPEWS 2 on your
server. That's a perfectly legitimate opinion, and your decision to
implement in practice is also perfectly legitimate. Your server, your
rules.

It's equally legitimate for the operator of another server to decide
that, for the purposes of his/her server and its customers, blocking
on SPEWS 2 is appropriate and proper. Their server, their rules.

>I think this decreases the usefulness of the blacklist too... and gives
>SPEWS and other RBL's a bad name. I don't know about the rest of you,
>but I've gone through a lot of trouble to avoid false positives.
>Condoning a system with millions of potential false positives seems to
>be counter-intuitive.

>From the point of view of an admin who is knowingly using SPEWS 2, the
rejections which occur are not "false positives". The rejection
matches the criteria that the SPEWS 2 list (and hence the admin using
it) agree are proper.

Don't think of SPEWS 2 as a DNSBL which lists spammers. Think of it
as a list which lists IP space operated by spam-tolerant ISPs.

Think of SPEWS 2 as a mechanism for implementing a social boycott. The
sites which use it are boycotting a "country" (ISP) whose practices
they disapprove of. This is little different in principle than the
boycotts which were directed against South Africa (to protest
apartheid) or against various cities or states in the American South
(to protest Jim Crow laws and other forms of racial or sexual
discrimination). All such boycotts can have a negative effect upon
otherwise-innocent "citizens" of the area being boycotted.

You "live" in UUNET (now Verizon) space. Boycotts which are
protesting UUNET's business practices can effect you.


>What personally bother me though, is that according to what everyone
>has said here, SPEWS doesn't care if my domain is not spam. It will
>still block me anyways.

SPEWS itself is not blocking you.

The sites which use the SPEWS data are blocking you from using their
sites' resources (email servers).

> This is not in line with the purpose of a
>blacklist.

That's true *if* and *only if* the "purpose of a blacklist" is to
specifically block spam email.

That is not, I personally believe, the only purpose of SPEWS. I
interpret the SPEWS agenda as having a second purpose: to stop
spamming.

There's a difference there. The latter purpose is a broader one. It
requires not just stopping the spam itself. It requires actually
changing the business environment - creating an environment in which
ISPs are not willing to tolerate the presence of spammers on their
network, because it costs them (the ISPs) too much business, money, or
bad press to do so.

> That to me, also says that SPEWs is more political.. a tool
>to influence the ISPs...

Bingo.

> but personally, I don't like the idea of my
>domain being a casualty in someone elses war against an ISP.

Unfortunate, but unavoidable.

I'm sure that there were many liberal, socially conscious,
nondiscriminating South African whites who really didn't like the idea
of their personal businesses being hurt by the trade embargos set up
against South Africa. Ditto for many citizens of Mississippi and
Georgia during the Civil Rights protests in the 1960s. Ditto for
farm-business suppliers whose businesses were hurt during the
table-grape boycott a few years ago.

> I respect
>the sentiment, but I'd like to be left out of of these private battles.

The Internet is now part of the world commerce and communcation
system. It's now subject to the same sorts of pressures, conflicts,
and other interpersonal and interbusiness flack as the rest of the
economic system. You can no more expect to be immune to the issues of
the Internet, I think, than you can reasonably expect to have your
business somehow be magically unaffected by (for example) UPS and
FedEx employee strikes, bad weather, or power outages caused by
corruption in the energy industry.

--
Dave Platt <dpl...@radagast.org> AE6EO
Hosting the Jade Warrior home page: http://www.radagast.org/jade-warrior
I do _not_ wish to receive unsolicited commercial email, and I will
boycott any company which has the gall to send me such ads!

Just Another UBE Reporter

unread,
Oct 24, 2006, 9:40:21 PM10/24/06
to
"nicknomo" <nick...@gmail.com> wrote in news:1161722199.719370.28120
@k70g2000cwa.googlegroups.com:

> That's blocking millions upon millions of users (a small fraction of
> them spam).

What is your opinion on people that either block (such as many sysadmins)
or filter (such as myself, an end-use) out e-mail from 200/6 or 218/6? I
filter both because I get nothing but spam from these ranges. And anyone I
have had previous contact with in these ranges is appropriately whitelisted
on my end.

When an ISP does little or nothing substantial to stop spam, people wil
invariably take drastic measures such as blocking large IP blocks on their
end.

Mike Andrews

unread,
Oct 24, 2006, 9:42:14 PM10/24/06
to
On Tue, 24 Oct 2006 19:40:55 GMT, nicknomo <nick...@gmail.com> wrote in <1161722199....@k70g2000cwa.googlegroups.com>:

> I've read up on this a bit..

> It just seems irresponsible to block such a large amount of people to
> stop a few spammers... Blocking a tier 1 ISP doesn't seem logical.
> I've looked into it, and it appears that Spews has blocked Verio/Cogent
> co/NTT class B's in the past as well (I read about it on
> somethingawful.com). That's nuts. Aren't there only like 7 "real"
> Tier 1 ISP's?

> That's blocking millions upon millions of users (a small fraction of
> them spam).

> It turns out that the mail to the verizon.net address was actually
> being forwarded to new email addresses (at their own domain), and thats
> why the emails to the people were bouncing back. I'm going to have to
> see if I can get a hold of their mailserver admin and see if I can get
> him to drop Spews from his RBL's.

Good luck.

When it comes to protecting the resources at work, where I run the
mailfilters, my bosses are quite content to cut nonessential mail
(i.e., non-business-related mail), even if it's non-spam from Uncle
Julia or Aunt William, if it's in a block that sends or has sent spam.

I'm getting that way about things, too.

As to "Tier 1 ISPs", well, there're AOL and M$ and Yahoo and Google
and Verio and Savvis and XO and UUNet and TW Cable and Cox Cable and
Earthlink and SBC (really another tentacle of Yahoo) and some other
fairly major players, and then there are the big hosting companies
like Above, EV1, Rackforce. I've got chunks of all of them blocked,
because complaints don't seem to get much done.

I'm not concerned about the folks out there who can't send mail to
their relatives at work. I'm concerned about the work-related mail,
which now is about 5% by count of what gets through, getting through.
That's after I stop about 98% of _everything_ that connects to my
filters. So the real mission-related mail would be about 1 per 1K
that hit my filters. On a busy day in construction season (we build
highways) it's up to maybe 5 per 1K.

If UUNet and the other spam-tolerant major players would rise up and
nuke their spammers, I could go back to being a mainframe systems
programmer and stop writing Perl and CGI scripts and web pages and
configuring filters and having to deal with users who got spam and
users who didn't get work-related mail and Aunt Jane who wants to
send movies of the new babies and whatnot.

That'll happen when pigs do formation aerobatics at air shows.

Between now and then, the best thing to do is _NOT_ contribute to the
welfare of spam-tolerant outfits. In your case, that means getting out
of UUNet IP space. I'm sorry you signed the contract and wound up with
damaged goods, but you really should have done a due-diligence search
on the offered IP space before you signed on the dotted line.

--
Mike Andrews, W5EGO
mi...@mikea.ath.cx
Tired old sysadmin

--

nicknomo

unread,
Oct 24, 2006, 9:43:03 PM10/24/06
to
I hate to sound condescending, but getting another provider is
ridiculous. This service is hosted through Verizon business / MCI.
Its one of the biggest T1 providers in NY, and also the most reliable
in my area.

The technical contact in the registrar was simply the default entry
left in there from Network Solutions. Its never been removed (until
just now).

I've fixed the postmaster issue.. but that isn't why the domain is
being blocked... its because the ip's being blocked are attributed to
atriks.com.

Now, if I was with a small ISP, I'd understand. I'm not. I'm with
Verizon, and as far as I can tell UUnet is now connected to Verizon. I
just happened to get stuck with an IP pool that overlapped a spammer.

Now it looks to me as if all of UUnet isn't being blocked. Its just
the sections attributed to atriks, which as of two months ago are
incorrect. What it comes down to, is if my ISP is the problem, why
isn't everyone from the ISP being blocked?

I think that this is clearly an error, and Spews just doesn't have up
to date information.


On Oct 24, 10:46 am, "wuffa" <magewu...@gmail.com> wrote:
> On Oct 24, 6:36 am, "nicknomo" <nickn...@gmail.com> wrote:> 65.217.202.11 and .16 are servers that send mail.
> > 65.217.202.0 /24 Is part of a larger pool being labelled as Atriks.com
> > (a known spammer).
>
> > This is no longer the case. Two months ago, I acquired this entire
> > class C for my domain (on 3 year term).
>
> > considering I fall at the top of the listed IP range, it would seem
> > reasonable to delist me. Oddly enough, I am from a Verizon business
> > service, and because of various listings in this range, verizon.net is
> > apparently using Spews to block my email. Hows that for Irony?
>
> > Anyways, this is really effecting business, since we've inherited an
> > entry in a blacklist. If we can be removed, I'd appreciate it. well your at cancos.com ? right your e-mail mite also beening blocked
> as to the fact you do not have a postmaster roll acct:
> see the below read out from www.DNSreport.com thats reads in
> part...".
> FAIL Acceptance of postmaster address ERROR: One or more of your

> mailservers does not accept mail to postmas...@cancos.com. Mailservers


> are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept
> mail to postmaster.
> MAILSERVER.cancos.com's postmaster response: >>> RCPT

> TO:<postmas...@cancos.com> <<< 550"

nicknomo

unread,
Oct 24, 2006, 10:19:34 PM10/24/06
to
I'm all for people doing what they want on their own servers...
However, I am not sure how many people fully understand the level of
blocking Spews level 2 employs. Then there are other zones that happen
to copy the Spews list, or offer aggregates of Spews (like Sorbs).

You seem confident that most people know exactly what they are doing
when they add Spews L2 to their list. I don't think most people
possibly understand the scope of it. Even I who had been to spews.org,
considered it at one point (I chose not to, just by chance - I tried to
keep it under 4 RBLs for performance reasons)... I never imagined even
after reading a good portion of the website that it would block this
extensively. I don't think most other people would either.

I've seen a lot of people use spamcop RBL (which also has a lot of
collateral damage), who have no idea that there are a large number of
false positives. I don't see this being any different for Spews.

Really, when you see an RBL level 2 listing, you expect there to be
some sort of reliable evidence that the ip range is being used for
spam. You don't expect it to be a "boycott" list of major ISP's.

If the agenda is political, Spews should more clearly state that the
purpose of its L2 isn't to filter out spam sources while allowing valid
emails to go through (IMO this is the normal use of an RBL). If it
stated that the use is for political and influential purposes, no one
would use it

I'd like to reference this description:

What is Level 2?
"This includes all of Level 1, plus anyone who is spam-friendly,
supporting spammers, or highly suspicious, but not blatant enough to be
included in the Level 1 list yet. If it becomes obvious that someone at
Level 2 has become a real problem, they will be escalated to Level 1
after some attempt at education. The Level 2 list will have some
inadvertent blocking (non-spammer IP addresses listed), but can still
be used by small ISPs or individuals who want a stricter level of
blocking/filtering. By having a two tiered list, you can make the
hardcore spamfighters happy; those who want to block first and ask
questions later. Also, a listing in the Level 2 list may exert a bit of
pressure on spam friendly sites and may keep them from turning totally
bad - but that is not really the point, stopping spam is. (note: a
Level value of "0" means that area is not listed) "

This description is an absolute farce from what I've seen. " ?SOME?
inadvertent blocking. I don't see anything in there about blocking
millions of users from the largest ISPs in the world. I don't see
anything in here about blocking massive blocks of people with the sole
purpose of getting the ISPs to be harder on spammers. I figured RBL's
are going to give false positives, but I expect it to be unintentional.
Nowehere in this description does it saying anything about intentional
blcoking of valid domains.

That's deceptive. In being deceptive, it becomes unethical. Sure, I
know Spews wants to further its agenda of getting ISP's to crack down
on spam. I actually agree with Spews on this. ISPs should crack down
on spammers. However not telling people that your list isn't just a
spammer blacklist, but a "boycott list" instead, is not the right way
to do things.


On Oct 24, 8:07 pm, dpl...@radagast.org (Dave Platt) wrote:
> In article <1161733512.012512.314...@i3g2000cwc.googlegroups.com>,


>
> nicknomo <nickn...@gmail.com> wrote:
> >I also found that similar entries are in SPEWS for SAAVIS networks.
>
> >Now, I think SPEWS level 1 would make for a great RBL to use on a
> >mailserver, but level 2 doesn't make sense for most (if any)
> >administrators IMO. And, in fact, I think that you'd find (if you could run a survey) that
> only a relatively few, and probably fairly small, sites use the SPEWS
> Level 2 data for the purposes of blocking.
>
> That is, of course, a decision which is made by the owner/operator of
> the mail server in question. Each site has the right (both moral and
> legal) to decide which email it's willing to accept. There are some
> site operators who are extremely spam-intolerant, and are willing to
> accept a higher rate of rejection of non-spam email in order to block
> incoming spam (or to express disapproval of the business practices of
> ISPs which tolerate spammers on their networks).
>
> As the saying goes around here, "Their server, their rules."
>
> >Yet, I question the practicality of blocking more valid domains than
> >invalid domains. It's similar to the practice of making everyone who
> >wants to mail to you sign up for a whitelist, and blocking everyone

> >else. Its impractical for most people.With regard to your "whitelist" point: for many people, yes, it's


> impractical or too costly. For most... probably so, but if the spam
> problem gets much worse than it is today you'll probably find a larger
> and larger percentage of email users adopting this sort of strategy,
> or abandoning email altogether.
>
> > I question whether most people
> >using blacklists like Spews L2 truly understand the scope of the

> >blocking.I suggest that unless/until you actually survey those admins who are


> using L2, you don't have enough information to say one way or the other.
>
> > Nothing personal against anyone here, but saying "switch
> >your ISP" is simply bad advice when there are cases of mass blocks with
> >at least 4 tier 1 ISP's. My last T1 was from cogent, and I could have
> >ended up in the same predicament if I got a new T1 from them with a
> >different IP pool. You have another option... get your own IP address allocation from
> ARIN, or from a competent (spam-hostile) Tier 2 reseller of Cogent or
> UUNET services who has their own ARIN allocation.
>
> > These ISP's are huge. Depending on the
> >organization of the IP pools you could be blocking entire

> >cities/regions. All of this because a few spammers use the network?Answer 1: it's not because of a *few* spammers. It's because of a


> lot of spammers on those Tier 1 ISPs, allowed to continue operating
> for a long period of time, with no visible attempt by the ISPs to stop
> the spamming.
>

> >From what I have observed of the practices of SPEWS, large escalationsof an ISP's net space (either level 1 or level 2) do not happen


> quickly... not overnight, not even in a few months. Really large
> listings seem to take *years* to develop.
>
> Answer 2: there are a lot of people (me included) who *do* choose to
> block all inbound mail from large regions (including whole countries)
> except by prior arrangement / whitelisting, because of the very high
> ratio of spam-to-ham from those areas.
>

> >I'm honestly suprised everyone thinks that this is good practice.And, you're mistaken in your belief. Of the posters in this


> newsgroup, I've seen that:
>
> - Quite a few feel that it's not good practice to block *any*
> non-spamming customers of spam-tolerant ISPs.
>
> Such people do not use the SPEWS data at all (nor other DNSBLs
> which list whole ISPs or countries).
>
> - A fair number say "No, it's not appropriate for me to block
> on SPEWS 2, but I can see that some people might want to do so."
>
> - A relatively small number say "I do block on SPEWS 2".
>
> - Almost nobody says "Everybody should block on SPEWS 2".
>
> What I think the great majority of the posters here agree upon,
> however, is the "Their server, their rules" principle... which is one
> which is deeply enshrined in Internet culture, and in both case and
> legislative law here in the U.S. (it's specifically called out in the
> otherwise-fairly-useless CAN SPAM law).
>
> >I too am obsessed with stopping spam on my servers, but any normal

> >mailserver that implements the level 2 is far too draconian IMO.And, as a result of your opinion, you'll never use SPEWS 2 on your


> server. That's a perfectly legitimate opinion, and your decision to
> implement in practice is also perfectly legitimate. Your server, your
> rules.
>
> It's equally legitimate for the operator of another server to decide
> that, for the purposes of his/her server and its customers, blocking
> on SPEWS 2 is appropriate and proper. Their server, their rules.
>
> >I think this decreases the usefulness of the blacklist too... and gives
> >SPEWS and other RBL's a bad name. I don't know about the rest of you,
> >but I've gone through a lot of trouble to avoid false positives.
> >Condoning a system with millions of potential false positives seems to
> >be counter-intuitive.

> >From the point of view of an admin who is knowingly using SPEWS 2, therejections which occur are not "false positives". The rejection


> matches the criteria that the SPEWS 2 list (and hence the admin using
> it) agree are proper.
>
> Don't think of SPEWS 2 as a DNSBL which lists spammers. Think of it
> as a list which lists IP space operated by spam-tolerant ISPs.
>
> Think of SPEWS 2 as a mechanism for implementing a social boycott. The
> sites which use it are boycotting a "country" (ISP) whose practices
> they disapprove of. This is little different in principle than the
> boycotts which were directed against South Africa (to protest
> apartheid) or against various cities or states in the American South
> (to protest Jim Crow laws and other forms of racial or sexual
> discrimination). All such boycotts can have a negative effect upon
> otherwise-innocent "citizens" of the area being boycotted.
>
> You "live" in UUNET (now Verizon) space. Boycotts which are
> protesting UUNET's business practices can effect you.
>
> >What personally bother me though, is that according to what everyone
> >has said here, SPEWS doesn't care if my domain is not spam. It will

> >still block me anyways.SPEWS itself is not blocking you.


>
> The sites which use the SPEWS data are blocking you from using their
> sites' resources (email servers).
>
> > This is not in line with the purpose of a

> >blacklist.That's true *if* and *only if* the "purpose of a blacklist" is to


> specifically block spam email.
>
> That is not, I personally believe, the only purpose of SPEWS. I
> interpret the SPEWS agenda as having a second purpose: to stop
> spamming.
>
> There's a difference there. The latter purpose is a broader one. It
> requires not just stopping the spam itself. It requires actually
> changing the business environment - creating an environment in which
> ISPs are not willing to tolerate the presence of spammers on their
> network, because it costs them (the ISPs) too much business, money, or
> bad press to do so.
>
> > That to me, also says that SPEWs is more political.. a tool
> >to influence the ISPs...Bingo.
>
> > but personally, I don't like the idea of my
> >domain being a casualty in someone elses war against an ISP. Unfortunate, but unavoidable.
>
> I'm sure that there were many liberal, socially conscious,
> nondiscriminating South African whites who really didn't like the idea
> of their personal businesses being hurt by the trade embargos set up
> against South Africa. Ditto for many citizens of Mississippi and
> Georgia during the Civil Rights protests in the 1960s. Ditto for
> farm-business suppliers whose businesses were hurt during the
> table-grape boycott a few years ago.
>
> > I respect

> >the sentiment, but I'd like to be left out of of these private battles.The Internet is now part of the world commerce and communcation

E-Mail Sent to this address will be added to the BlackLists

unread,
Oct 25, 2006, 6:30:10 AM10/25/06
to
huey.callison wrote:
> BlackList wrote:

>> huey.callison wrote:
>> and plenty of negative feedback from many of their own
>> customers experiencing problems related to other parties
>> solutions to those abuse problems at the receiving end.
>
> I don't think so. If people were significantly damaged by
> SPEWS listings, shouldn't that be reflected in the number
> of spammers currently hosted in UUnet space in some other
> way than a 375% increase?

I think you are right that SPEWS likely makes little difference
to them. (I guess I didn't say that well enough before).

Which is why I said: (which you cut off)


>> (Some of those may be related to SPEWS listings,
>> I suspect even more related to Spamhaus listings,
>> but I would guess the most due to all the other many
>> things that treat their netspace the way it is treated.)

If (as you think) they aren't getting much negative feedback
from those experiencing abuse from their netspace,
nor getting much negative feedback from their own users
then that explains their abuse problems even better than I
was thinking {that DNSbls have less effect on them than people
receiving the abuse or their own end users difficulties due
to how others deal with that abuse}.
(Then again, I'm repeating myself.)

--
E-Mail Sent to this address <Blac...@Griffin-Technologies.net>
will be added to the BlackLists.

Dunhill

unread,
Oct 25, 2006, 7:37:46 AM10/25/06
to
nicknomo wrote:
> I've read up on this a bit..
>
> It just seems irresponsible to block such a large amount of people to
> stop a few spammers...
its rather the other way around, blocking a lot of spam and some (<1%?)
real mail

Blocking a tier 1 ISP doesn't seem logical.
why not ? just because they are "BIG" and we are "small" ?

> I've looked into it, and it appears that Spews has blocked Verio/Cogent
> co/NTT class B's in the past as well (I read about it on
> somethingawful.com). That's nuts. Aren't there only like 7 "real"
> Tier 1 ISP's?
and most of them got "BIG" by accepting spammers money

>
> That's blocking millions upon millions of users (a small fraction of
> them spam).
no, a lot of spam

>
> It turns out that the mail to the verizon.net address was actually
> being forwarded to new email addresses (at their own domain), and thats
> why the emails to the people were bouncing back. I'm going to have to
> see if I can get a hold of their mailserver admin and see if I can get
> him to drop Spews from his RBL's.
maybe that's the only way they can block their own spammers

nicknomo

unread,
Oct 25, 2006, 7:42:37 AM10/25/06
to
Well, mail coming from Taiwan/China/Korea is one thing.. Mail coming
from American companies is another thing. You know the mail coming
from China is spam, simply because most small or mid sized companies do
not (and probably cannot) do business with overseas clients... so who
cares if you block them. Its completely different to possibly be
blocking potential vendors or distributors of your product.. That's
IMO, irresponsible. That's very bad practice IMO, especially
considering the role of the mail administrator is to ensure proper flow
of mail.

Really, I've noticed more and more that my spam is coming from dynamic
IP ranges usually part of zombie networks. The RBL's are not doing
very well against this. I am going to have to actually implement
strict RDNS to stop it... something I wasn't looking forward to doing,
but it is necessary.

On Oct 24, 9:40 pm, Just Another UBE Reporter <tsnl...@hotmail.com>
wrote:
> "nicknomo" <nickn...@gmail.com> wrote in news:1161722199.719370.28120


> @k70g2000cwa.googlegroups.com:
>
> > That's blocking millions upon millions of users (a small fraction of

> > them spam).What is your opinion on people that either block (such as many sysadmins)

huey.c...@gmail.com

unread,
Oct 25, 2006, 7:48:40 AM10/25/06
to
Mike Andrews <mi...@mikea.ath.cx> wrote:
> As to "Tier 1 ISPs", well, there're AOL and M$ and Yahoo and Google
> and Verio and Savvis and XO and UUNet and TW Cable and Cox Cable and
> Earthlink and SBC (really another tentacle of Yahoo) and some other
> fairly major players

No. The tier-1s are ATDN/AOL, AT&T/SBC/SWbell/Ameritech, Global
Crossing, Level3/Genuity/BBN/ICG/Adelphia/Broadwing, NTT/Verio,
Qwest/USWest, Savvis/C&W, Sprint/Nextel, and
Verizon/MCI/Worldcom/UUnet/Digex. VZ is still the largest of those.

Everybody else on the internet pays one of those nine (or pays
somebody who pays one of those nine, or pays somebody who pays
somebody who pays one of those nine, or... ...you get the drift)
for transit or peering. Those nine are the "middle" of the tardcloud,
and everybody else is further out towards the edges.

So, if you've decided that it's wrong to support UUnet in any way, not
only do you need to drop routes from AS701 (and the associated
roughly one-third of the internet) but also ensure that your own
upstream providers aren't paying them for peering or transit either.

--
Huey

E-Mail Sent to this address will be added to the BlackLists

unread,
Oct 25, 2006, 8:15:33 AM10/25/06
to
nicknomo wrote:
> I hate to sound condescending, but getting another provider
> is ridiculous.
> This service is hosted through Verizon business / MCI.
> Its one of the biggest T1 providers in NY, and also the
> most reliable in my area.

If your ISP meets your needs,
why do you care what others think of your ISP?
why are you here complaining?


> Now, if I was with a small ISP, I'd understand. I'm not.
> I'm with Verizon, and as far as I can tell UUnet is now
> connected to Verizon. I just happened to get stuck with
> an IP pool that overlapped a spammer.

The SPEWS and SpamHaus listings are just symptoms of the problem,
SpamHaus found 185? SBL listings for IPs under their responsibility
90? Listings in yellow are known spam gangs with ROKSO records,
(career criminal spammers) {mostly in verizon business space};
<http://www.spamhaus.org/sbl/listings.lasso?isp=verizonbusiness.com>
<http://www.spamhaus.org/sbl/listings.lasso?isp=verizon.net>
<http://www.spamhaus.org/sbl/listings.lasso?isp=mci.com>


> Now it looks to me as if all of UUnet isn't being blocked.
> Its just the sections attributed to atriks, which as of
> two months ago are incorrect.

That is your opinion, I think most would refer to it as an
escalation / expansion of the listing, due to the ISP's lack
of action against the abuse & continuing to provide any
services to any spammer.


> What it comes down to, is if my ISP is the problem,
> why isn't everyone from the ISP being blocked?

The SPEWS listing may get there some day.

It is likely some admins do block all of your ISP,
as some do block whole ISPs, countries, regions, continents, ...


--
E-Mail Sent to this address <Blac...@Griffin-Technologies.net>
will be added to the BlackLists.

--

E-Mail Sent to this address will be added to the BlackLists

unread,
Oct 25, 2006, 10:10:11 AM10/25/06
to
nicknomo wrote:
> I'm all for people doing what they want on their own
> servers... However, I am not sure how many people fully
> understand the level of blocking Spews level 2 employs.

If people use things they don't fully understand, that is
thier problem.


> Then there are other zones that happen to copy the Spews
> list, or offer aggregates of Spews (like Sorbs).

Some may offer aggreates that include SPEWS,
SORBS however does not,
they just offer mirrors of SPEWS zone files.


> You seem confident that most people know exactly what
> they are doing when they add Spews L2 to their list.

I certainly don't think so.


> I don't think most people possibly understand the scope
> of it.

I don't think you are wrong, and that goes for all DNSbls,
otherwise we would never hear from people complaining about
being listed in random.bl.gweep.ca , blocked.secnap.net , ...

Then agin I see plenty of people driving cars that don't
seem to know the rules of the road, or how their car
works, how it is intended to function, and its limitations.
{There was a route I took to work for may years that I
would see a vehicle crashed (or crashing),
driving on the wrong side of the road,
making right turns from the left lane (across several lanes),
making left turns from the right lane (across several lanes),
... at least every week on average, for years on end!}


> I've seen a lot of people use spamcop RBL (which also has
> a lot of collateral damage), who have no idea that there
> are a large number of false positives. I don't see this
> being any different for Spews.

There are only flase positives, if mail you want / need
/ expect is being blocked unexpedly due to your use of that
/ those DNSbl(s).
If mail server admins arn't getting very many complaints
very often from their end users about false positives,
they have no need to change what they are doing,
other than an ocassional whitelisting.

{I'm more in favor of letting the end users have full control
of their spam control, then they have no one to blame
except themselfs.}


> Really, when you see an RBL

MAPS? (RBL)

> level 2 listing, you expect there to be some sort of
> reliable evidence that the ip range is being used for
> spam. You don't expect it to be a "boycott" list of
> major ISP's.

Then those doing so didn't read what & why the list if for,
that is no ones problem except for those using tools they
don't understand.


> If the agenda is political, Spews should more clearly
> state that the purpose of its L2 isn't to filter out
> spam sources while allowing valid emails to go through
> (IMO this is the normal use of an RBL). If it stated
> that the use is for political and influential purposes,
> no one would use it

I use it & I don't have problems getting messages I want
/ need / expect; {Nneither do I expect using just a third
party list to solve all my problems, and do all my work
for me}.


> I'd like to reference this description:
>
> What is Level 2? "This includes all of Level 1, plus
> anyone who is spam-friendly, supporting spammers, or
> highly suspicious, but not blatant enough to be included
> in the Level 1 list yet.
> If it becomes obvious that someone at Level 2 has become
> a real problem, they will be escalated to Level 1 after
> some attempt at education.
> The Level 2 list will have some inadvertent blocking
> (non-spammer IP addresses listed), but can still be used
> by small ISPs or individuals who want a stricter level of
> blocking/filtering.

I think this next section covers it,


> By having a two tiered list, you can make the hardcore
> spamfighters happy; those who want to block first and
> ask questions later. Also, a listing in the Level 2 list
> may exert a bit of pressure on spam friendly sites and

> may keep them from turning totally bad ...

Yea, that about covers it.

See Also Q/A:44 http://spews.org/faq.html
Q44: I'd love to use SPEWS and other advisory systems to
reduce my spam, but I just can't take the chance that a
non-spam email for me or my company would be rejected.
What can I do?
A44: Instead of rejecting the message, most email systems
can also be set up to tag it as possible spam. These tags
are placed in the message header and can then be dealt
with using your email client software.
A common technique is to put them into a "junk folder."
Then, when you have time, you can scan through these
messages to see in any were of value.
Email processing systems like Procmail, SpamBouncer and
SpamAssassin can be used to implement this.
A common practice is to bounce based on the SPEWS Level
1 list, and tag based on the SPEWS Level 2 list.

Those last few sentences cover it fairly well too,
and are fairly close to what I do at $Dayjob
(except with more than just SPEWS).


> - but that is not really the point, stopping spam is.
> (note: a Level value of "0" means that area is not listed) "
> This description is an absolute farce from what I've seen.
> " ?SOME? inadvertent blocking. I don't see anything in
> there about blocking millions of users from the largest
> ISPs in the world. I don't see anything in here about
> blocking massive blocks of people with the sole purpose
> of getting the ISPs to be harder on spammers.

... and jsut how many messages have you had blocked to how
many recipients how many times due to nothing other than SPEWS?

SPEWS lists, the recipients do the blocking, tagging,
filtering, ...


> I figured RBL's are going to give false positives, but I
> expect it to be unintentional.
> Nowehere in this description does it saying anything about
> intentional blcoking of valid domains.

SPEWS does not list domains,
they list IPs belonging ISPs with abuse issues that SPEWS notices.


> That's deceptive. In being deceptive, it becomes unethical.

I don't see it that way (I did read the all of the SPEWS site,
including the FAQ).


> Sure, I know Spews wants to further its agenda of getting
> ISP's to crack down on spam.
> I actually agree with Spews on this.
> ISPs should crack down on spammers.

We all think so.
(Ok the spammer no doubt don't think so,
however anyone getting their spam does.)


> However not telling people that your list isn't just a
> spammer blacklist, but a "boycott list" instead, is not
> the right way to do things.

I think that is just a comprehension problem.


If you don't agree with what a DNSbl lists, why they list,
and what it takes to be delisted, don't use it;
just because you don't like it and don't want to use it,
does not mean other others feel the same as you (or it would
not exist or not be used and you would not be here).


--
E-Mail Sent to this address <Blac...@Griffin-Technologies.net>
will be added to the BlackLists.

--

Erik Warmelink

unread,
Oct 25, 2006, 10:16:51 AM10/25/06
to
In article <1161745608.7...@h48g2000cwc.googlegroups.com>,
"nicknomo" <nick...@gmail.com> writes:

> That's deceptive. In being deceptive, it becomes unethical.

Talking about deceptive, you do know why the organization which you
are defending, went bankrupt?

Just how many autoresponses do you want in which uunet stated it
"has zero tolerance for spam" only to keep knowingly and willingly
aiding and abetting spammers, just like their next incarnaction
knowingly and willingly continues to aid and abet spammers.

You say you are not a spammer and I believe you aren't, but one
question keeps nagging: If you aren't a spammer, why would you choose
an ISP which hosts more spammers than most countries (only the USA,
China, Russia and Japan host more spammers than verizon according to
Spamhaus)?

--
er...@selwerd.nl

Mark Ferguson

unread,
Oct 25, 2006, 10:13:04 AM10/25/06
to
On Wed, 25 Oct 2006 11:42:37 GMT, "nicknomo" <nick...@gmail.com>
wrote:

>Well, mail coming from Taiwan/China/Korea is one thing..

Actually you are in error with this entire paragraph.

> Mail coming
>from American companies is another thing. You know the mail coming
>from China is spam, simply because most small or mid sized companies do
>not (and probably cannot) do business with overseas clients...

The spouse worked for a mid-sized company that did pretty much
everything as far as manufacturing in China. Email to and from them
to their contacts was every bit as important as was the email between
them and their resellers here in the states.

The Docks are full of very large ships coming and going, bringing
cargo and carrying cargo away.

> so who
>cares if you block them. Its completely different to possibly be
>blocking potential vendors or distributors of your product.. That's
>IMO, irresponsible. That's very bad practice IMO, especially
>considering the role of the mail administrator is to ensure proper flow
>of mail.

It *appears* tome that most want their cake and to eat it too. It
doesn't work that way. Your company is using a company that is
considered to have bad business ethics and or practices. As a direct
result of these beliefs some have blocked them email servers.

It is incumbant upon you to find a solution to *your* problem which is
*your* email is blocked as a result.

You must ask yourself the following.

Is it the fault of those trying to protect themself from the ethics
and business practices of your provider or the fault of your provider
for not caring how their business practices and ethics negatively
impact others or simply is it your provider's fault for having such
ethics and business practices in the first place?

Personally I hold the individual or organization responsible for their
actions and not the person trying to protect themselves from that bad
behavior. You might see things differently however.

>Really, I've noticed more and more that my spam is coming from dynamic
>IP ranges usually part of zombie networks.

The xbl at spamhaus is for exploited machines I believe.

> The RBL's are not doing
>very well against this. I am going to have to actually implement
>strict RDNS to stop it...

Your server, your rules. What about that small business person
running a server at home from a DSL connected machine that does not
have rDNS set up thru his provider? You will be rejecting all the
email from those people and or businesses to protect yourself from the
spam of a few spammers....

Your server, your rules.

>something I wasn't looking forward to doing,
>but it is necessary.

Like SPEWS and every other blocklist. No blocklist operator looked
forward to creating and or maintaining the list, getting sued by
spammers, dealing with the threats of people listed, the expense of
DDoS attacks, etc....


>On Oct 24, 9:40 pm, Just Another UBE Reporter <tsnl...@hotmail.com>
>wrote:
>> "nicknomo" <nickn...@gmail.com> wrote in news:1161722199.719370.28120
>> @k70g2000cwa.googlegroups.com:
>>
>> > That's blocking millions upon millions of users (a small fraction of
>> > them spam).What is your opinion on people that either block (such as many sysadmins)
>> or filter (such as myself, an end-use) out e-mail from 200/6 or 218/6? I
>> filter both because I get nothing but spam from these ranges. And anyone I
>> have had previous contact with in these ranges is appropriately whitelisted
>> on my end.
>>
>> When an ISP does little or nothing substantial to stop spam, people wil
>> invariably take drastic measures such as blocking large IP blocks on their
>> end.
>>
>> --
>> Comments posted to news.admin.net-abuse.blocklisting
>> are solely the responsibility of their author. Please
>> read the news.admin.net-abuse.blocklisting FAQ at
>> http://www.blocklisting.com/faq.htmlbefore posting.


--
Mark Ferguson
whew.com Site Map
http://www.whew.com/site_map.php

Stephen Adams

unread,
Oct 25, 2006, 11:25:20 AM10/25/06
to
"nicknomo" <nick...@gmail.com> writes:

>I'm all for people doing what they want on their own servers...
>However, I am not sure how many people fully understand the level of
>blocking Spews level 2 employs. Then there are other zones that happen
>to copy the Spews list, or offer aggregates of Spews (like Sorbs).

Well, frankly, if someone can't be bothered to understand what they
are implementing on their server, I fail to see how that is an issue
for the provider of the list. In other words, if I create a list of
servers I don't want mail from (for whatever reason) and someone
decides to block based on that list, without knowing my criteria,
then it's not *my* problem.

<snip>

>I've seen a lot of people use spamcop RBL (which also has a lot of
>collateral damage), who have no idea that there are a large number of
>false positives. I don't see this being any different for Spews.

I use both as part of my tagging regimen - some amount of points is
assigned for being in SpamCop, and some for being in SPEWS (level 1).
In general, I find these useful to classify email from networks that
I am not expecting email from. For the most part, being listed ONLY
in SPEWS is not enough to get an email flagged as possible spam, but
having other spammy factors + SPEWS (or SpamCop) is very likely to
get it dumped into my (or my users) 'filtered' folders - where likely
spam is sent.

Personally, I would never block based on SPEWS. But that's me. Others
wish to, and that's up to them.

>This description is an absolute farce from what I've seen. " ?SOME?
>inadvertent blocking. I don't see anything in there about blocking
>millions of users from the largest ISPs in the world. I don't see
>anything in here about blocking massive blocks of people with the sole
>purpose of getting the ISPs to be harder on spammers. I figured RBL's
>are going to give false positives, but I expect it to be unintentional.
> Nowehere in this description does it saying anything about intentional
>blcoking of valid domains.

SPEWS is a measurement of the liklihood that spam will come from an
IP/Range/Netblock/ISP based on whether or not spam has been seen from
other addresses near it. That's the 'Early Warning' part of the name.
In my case, I use SPEWS (and SpamCop) in SpamAssassin to help flag
emails that otehrwise might get by the normal filters. It works. My
users appreciate it.

And since I don't block using it, the recipients can look in their
'filtered' folders and see what came in, and then enter the address
into a whitelist which will bypass ALL filters/blocks on the server.

>That's deceptive. In being deceptive, it becomes unethical. Sure, I
>know Spews wants to further its agenda of getting ISP's to crack down
>on spam. I actually agree with Spews on this. ISPs should crack down
>on spammers. However not telling people that your list isn't just a
>spammer blacklist, but a "boycott list" instead, is not the right way
>to do things.

I never had the impression that SPEWS was a spammer blacklist. It's
an opinion list that gives the relative chance of spam coming from a
particular IP based on other IPs around it. That's useful.

Did you read this:

Q5: Why are network addresses listed if no spam has originated from them?
A5: They are listed because they have been set up by known spammers and spam
support operations, most with a demonstrable repeated history of spamming or
spamming services. They are also listed if they host websites advertised in
spam, as this too falls under spamming services - these listings normally
occur if the owners of that network address range do not remove the offenders.

Q6: How did "I" get into SPEWS?!
A6: Normally it is not "you" who was listed but your ISP or host. They may
have been listed due to spam originating from their section of the Internet
or due to their hosting or providing services for known spammers. The SPEWS
bounce page covers this in more detail. Now if you are a spammer, or spammer
supporter, yourself, you were listed for that reason.

Seems very clear to me. I'm not SPEWS, have nothing to do with SPEWS,
but I do use their list for tagging/filtering (not blocking).

-Stephen
--
Space Age Cybernomad Stephen Adams
malchu...@AMgmail.com (remove SPAM to reply)

nicknomo

unread,
Oct 25, 2006, 11:51:06 AM10/25/06
to
> > That's deceptive. In being deceptive, it becomes unethical.

>Talking about deceptive, you do know why the organization which you
> are defending, went bankrupt?

i'm not defending my ISP, I'm defending my interests... and I'm also
stating my opinion on matters. I honestly think that Spews goes a bit
too far by

1) Making no attempt to remove non-spam domains from its list
2) Making no reference of the extreme scope of its blocklists anywhere
on its website
3) Choosing to block very very large portions of very very large ISP's.

You put all 3 together, and you do the community a disservice. This is
hurting the spam situation, not helping IMO.

> You say you are not a spammer and I believe you aren't, but one
> question keeps nagging: If you aren't a spammer, why would you choose
> an ISP which hosts more spammers than most countries (only the USA,
> China, Russia and Japan host more spammers than verizon according to
> Spamhaus)?

I picked the most reliable ISP in the area. I picked a tier 1 provider
to provide both the loop and the port. Why? I've had experience with
smaller ISP's, and its not fun having support tickets that go back and
forth from company to company, each ISP claiming its the other's
problem.

I have one support contact in case of failure. I have GREAT uptime.
The only people apparently giving me a problem about this is Spews.
Yes, I hate spam. I'm not willing to go to that extreme of an extent
to push the issue... I think I'm in the majority there. One other
poster in here said it very well.. if you wanted to boycott tier 1
ISP's, you'd have to disable a lot of routes going out of your router
and a lot of the internet may no longer be reachable.

I personally think the answer lies in better legislation... However,
that may be just as unlikely to happen as it is to actually influence
an ISP through the use of an RBL.

Claes T

unread,
Oct 25, 2006, 12:51:17 PM10/25/06
to
On Wed, 25 Oct 2006 15:51:06 GMT, "nicknomo" <nick...@gmail.com>
wrote:

>i'm not defending my ISP, I'm defending my interests...

Defending your interest to get mail sent from UUnet IP space accepted
by other sysadmins/nets *is* defending your isp, you try to save UUnet
from the consequences of knowingly harboring spammers. That is your
right to do, and it is your right to deny that it *is* what you do.

>and I'm also stating my opinion on matters. I honestly think that
>Spews goes a bit too far by

That's your right to state. Not only that, many persons here and
elsewhere think you are right! Generally, those persons don't use
SPEWS lists (I guess).

>1) Making no attempt to remove non-spam domains from its list

Their list, their rules.

>2) Making no reference of the extreme scope of its blocklists anywhere
>on its website

Extreme? There are more draconian lists. But, you've got a point.

>3) Choosing to block very very large portions of very very large ISP's.
>
>You put all 3 together, and you do the community a disservice. This is
>hurting the spam situation, not helping IMO.

The idea *is* to hurt the spam situation! ;-)

>I picked the most reliable ISP in the area. I picked a tier 1 provider
>to provide both the loop and the port. Why? I've had experience with
>smaller ISP's, and its not fun having support tickets that go back and
>forth from company to company, each ISP claiming its the other's
>problem.

Then you fully understand my feelings trying to get UUnet to kick out
some spammer hurting my mail traffic. I agree, not pleasant to see
UUnet ignore abuse tickets and blaming the situation on SPEWS or bad
laws or whatever excuse they use that day. Ignored support tickets
are no more fun when getting them from large businesses.

>I have one support contact in case of failure. I have GREAT uptime.

Fine! Then perhaps you can get your support contact to have the
spammers thrown out from them, because when they have that, the SPEWS
listing will be history 8I guess), and if SPEWS lists UUnet/MCI/
Verizone a long time after they have got rid of their spammers, even
fewer will use SPEWS for listings.

>The only people apparently giving me a problem about this is Spews.

Not exactly. Rather the people using the SPEWS lists without white
listing you. Or rather Waggoner, Haberstroh, Lindsay, Goldstein/
Greenstein, Scelson, Marin, Reinertsen, Kramer and Campbell. Among
others.

>I personally think the answer lies in better legislation... However,

Better legislation (against spam) would have done SPEWS a lot less
useful and less needed/wanted/used. So, let's agree in this wish.
Harboring known spammers should be illegal!

Best,
Claes T

huey.c...@gmail.com

unread,
Oct 25, 2006, 12:39:56 PM10/25/06
to
E-Mail Sent to this address will be added to the BlackLists <Nu...@blacklist.griffin-technologies.invalid> wrote:
> nicknomo wrote:
> > I'm all for people doing what they want on their own
> > servers... However, I am not sure how many people fully
> > understand the level of blocking Spews level 2 employs.
> If people use things they don't fully understand, that is
> thier problem.

Assuming they're the only person using their mailserver and no one
ever tries to send mail to them, that's true. However, if they have
people trying to send mail to them, or they have users, or they have
people trying to send mail to those users, the problem becomes
magnified, and generally expand in scope towards people who don't
understand why it's happening. ...which is probably why the "Help! I'm
blocked by SPEWS" entry in the FAQ has been, is, and will continue to be
the most frequently asked question in this group

> > level 2 listing, you expect there to be some sort of
> > reliable evidence that the ip range is being used for
> > spam. You don't expect it to be a "boycott" list of
> > major ISP's.
> Then those doing so didn't read what & why the list if for,
> that is no ones problem except for those using tools they
> don't understand.

....and the people trying to send mail to them, and their users, and the
people trying to send mail to ~them~, per above.

> > This description is an absolute farce from what I've seen.
> > " ?SOME? inadvertent blocking. I don't see anything in
> > there about blocking millions of users from the largest
> > ISPs in the world. I don't see anything in here about
> > blocking massive blocks of people with the sole purpose
> > of getting the ISPs to be harder on spammers.
> ... and jsut how many messages have you had blocked to how
> many recipients how many times due to nothing other than SPEWS?
> SPEWS lists, the recipients do the blocking, tagging,
> filtering, ...

This is a distinction without a difference, and "DNSBLs don't block
mail, sysadmins do" is petty silliness. The common application of a
DNSBL is to block mail or to assist in the scoring of mail to
determine whether or not it is blocked. SPEWS ~is~ blocking his mail,
otherwise he wouldn't be here.

--
Huey

nicknomo

unread,
Oct 25, 2006, 12:36:05 PM10/25/06
to
> >I'm all for people doing what they want on their own servers...
> >However, I am not sure how many people fully understand the level of
> >blocking Spews level 2 employs. Then there are other zones that happen
> >to copy the Spews list, or offer aggregates of Spews (like Sorbs).

> Well, frankly, if someone can't be bothered to understand what they
> are implementing on their server, I fail to see how that is an issue
> for the provider of the list. In other words, if I create a list of
> servers I don't want mail from (for whatever reason) and someone
> decides to block based on that list, without knowing my criteria,
> then it's not *my* problem.
>

The question is whether the list is really clear.

> >This description is an absolute farce from what I've seen. " ?SOME?
> >inadvertent blocking. I don't see anything in there about blocking
> >millions of users from the largest ISPs in the world. I don't see
> >anything in here about blocking massive blocks of people with the sole
> >purpose of getting the ISPs to be harder on spammers. I figured RBL's
> >are going to give false positives, but I expect it to be unintentional.
> > Nowehere in this description does it saying anything about intentional
> >blcoking of valid domains.

> SPEWS is a measurement of the liklihood that spam will come from an
> IP/Range/Netblock/ISP based on whether or not spam has been seen from
> other addresses near it. That's the 'Early Warning' part of the name.
> In my case, I use SPEWS (and SpamCop) in SpamAssassin to help flag
> emails that otehrwise might get by the normal filters. It works. My
> users appreciate it.
>
> And since I don't block using it, the recipients can look in their
> 'filtered' folders and see what came in, and then enter the address
> into a whitelist which will bypass ALL filters/blocks on the server.

A Class B isn't "near other ip addresses that send spam". It
encompasses far more than just the address close to it. It includes
everything in a '30 mile radius' (figuratively).

>
> >That's deceptive. In being deceptive, it becomes unethical. Sure, I
> >know Spews wants to further its agenda of getting ISP's to crack down
> >on spam. I actually agree with Spews on this. ISPs should crack down
> >on spammers. However not telling people that your list isn't just a
> >spammer blacklist, but a "boycott list" instead, is not the right way
> >to do things.

> I never had the impression that SPEWS was a spammer blacklist. It's
> an opinion list that gives the relative chance of spam coming from a
> particular IP based on other IPs around it. That's useful.
>

Spews isn't a spammer blacklist? ... Its just a list to use when help
preventing spam. Just like Condoleeza Rice wasn't given a plan, she
was given a series of "actionable items".

> Did you read this:
>
> Q5: Why are network addresses listed if no spam has originated from them?
> A5: They are listed because they have been set up by known spammers and spam
> support operations, most with a demonstrable repeated history of spamming or
> spamming services. They are also listed if they host websites advertised in
> spam, as this too falls under spamming services - these listings normally
> occur if the owners of that network address range do not remove the offenders.
>
> Q6: How did "I" get into SPEWS?!
> A6: Normally it is not "you" who was listed but your ISP or host. They may
> have been listed due to spam originating from their section of the Internet
> or due to their hosting or providing services for known spammers. The SPEWS
> bounce page covers this in more detail. Now if you are a spammer, or spammer
> supporter, yourself, you were listed for that reason.
>

Q5, once again makes it look like they are blocking addresses in which
spam originates. Its rational to assume that these address blocks
aren't entire class B's.

Q6, is probably the only point you may have that Spews actually informs
users it is blocking entire ISPs. Still, after reading about how it
lists IP ranges that have spam "near it", and how members of its lists
are usually spam offenders or recipients...

Nevertheless, if you go for more details (Spews bounce page), it
doesn't really elaborate on how extensive its IP ranges are. Why not?
Everyone here seems to know it, and understands just how big those IP
blocks are... Why is there no mention of this. All there is, is a
casual mention that an ISP may get blocked. Who in their right mind
would assume they are talking about several tier 1 ISP's?

> Seems very clear to me. I'm not SPEWS, have nothing to do with SPEWS,
> but I do use their list for tagging/filtering (not blocking).

I'm glad I'm getting so many responses to this, but I don't find these
arguments particularly convincing. I don't see how anyone could
logically come to the conclusion that Spews isn't being straightforward
about its blocking policies.. Of course, it makes perfect sense as to
why they would not.

E-Mail Sent to this address will be added to the BlackLists

unread,
Oct 25, 2006, 2:25:05 PM10/25/06
to
nicknomo wrote:
> Well, mail coming from Taiwan/China/Korea is one thing.. Mail coming
> from American companies is another thing. You know the mail coming
> from China is spam, simply because most small or mid sized companies do
> not (and probably cannot) do business with overseas clients... so who
> cares if you block them. Its completely different to possibly be
> blocking potential vendors or distributors of your product.. That's
> IMO, irresponsible. That's very bad practice IMO, especially
> considering the role of the mail administrator is to ensure proper flow
> of mail.

That depends where you are, I'm sure plenty of people only
get Spam from America (and no non-spam).

--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.

wuffa

unread,
Oct 25, 2006, 2:26:08 PM10/25/06
to

nicknomo wrote:
>
> I'm glad I'm getting so many responses to this, but I don't find these
> arguments particularly convincing. I don't see how anyone could
> logically come to the conclusion that Spews isn't being straightforward
> about its blocking policies.. Of course, it makes perfect sense as to
> why they would not.
>
> -
well you see some of us at $dayjob do notwant to send 80% of the day
moveing the black-out list of spamers IP as we blocked. there ISP's
moved then some time 3 to 7 times a week for a spamer
so I started to block ISP's and now i get more time and my user base is
not asking me to stop there are telling me to use anything like spews
...
i have more time to do real work etc..
I love spews blocking policies it keeps the flow down to the point i
can live with. but till UUNET stops hosting spamers i do not want any
e-mail comeing from the space , it all opt-out spam anyway right . :-)
look when the spam level comeing from a level top IP space is over 75%
spam no i do not want anything from that IP space . go host with a isp
that follows the rules then come back anf talk to me

Seth Breidbart

unread,
Oct 25, 2006, 6:39:55 PM10/25/06
to
In article <Pvmdnalup56sGqLY...@speakeasy.net>,
<huey.c...@gmail.com> wrote:

>This is a distinction without a difference, and "DNSBLs don't block
>mail, sysadmins do" is petty silliness. The common application of a
>DNSBL is to block mail or to assist in the scoring of mail to
>determine whether or not it is blocked.

The difference is the same as that between a reviewer saying "that
movie is lousy, don't see it" and a protest mob standing in front of
the theater and physically keeping people away.

> SPEWS ~is~ blocking his mail, otherwise he wouldn't be here.

SPEWS is advising a sysadmin to block his email, and the sysadmin is
taking the advice. Note that the sysadmin could either stop using
SPEWS or whitelist his address, and SPEWS would then have no effect on
his mail to that system.

Seth

Stephen Adams

unread,
Oct 25, 2006, 7:18:40 PM10/25/06
to
"nicknomo" <nick...@gmail.com> writes:

>> And since I don't block using it, the recipients can look in their
>> 'filtered' folders and see what came in, and then enter the address
>> into a whitelist which will bypass ALL filters/blocks on the server.
>
>A Class B isn't "near other ip addresses that send spam". It
>encompasses far more than just the address close to it. It includes
>everything in a '30 mile radius' (figuratively).

I guess you would not like these outright blocks in my config, then:

# APNIC/China/India/Taiwan/Japan, etc - various
60.0.0.0/8 550 Multiple spam sources 20060114
61.0.0.0/8 550 Multiple spam sources 20060114
210.0.0.0/7 550 Multiple spam sources 20060115
218.0.0.0/7 550 Multiple spam sources 20060115
220.0.0.0/7 550 Multiple spam sources 20060115
222.0.0.0/8 550 Multiple spam sources 20060115

Or outright blocks of entire ISP's. But my users like it. And
those are class A blocks there!

>> I never had the impression that SPEWS was a spammer blacklist. It's
>> an opinion list that gives the relative chance of spam coming from a
>> particular IP based on other IPs around it. That's useful.
>
>Spews isn't a spammer blacklist? ... Its just a list to use when help
>preventing spam. Just like Condoleeza Rice wasn't given a plan, she
>was given a series of "actionable items".

SPEWS does not list JUST spammers. It lists spammy netblocks, which
includes non-spammers. I know this. Anyone who reads their FAQ knows
this. The point is, if spam comes regularly from an IP address, just
blocking that IP won't do the trick - the ISP will just move the spammer
(google for 'whack-a-mole'). The only way to stop THAT is to block
entire netblocks (see above).

>> Did you read this:


>>
>> Q6: How did "I" get into SPEWS?!
>> A6: Normally it is not "you" who was listed but your ISP or host. They may
>> have been listed due to spam originating from their section of the Internet
>> or due to their hosting or providing services for known spammers. The SPEWS
>> bounce page covers this in more detail. Now if you are a spammer, or spammer
>> supporter, yourself, you were listed for that reason.
>

>Q6, is probably the only point you may have that Spews actually informs
>users it is blocking entire ISPs. Still, after reading about how it
>lists IP ranges that have spam "near it", and how members of its lists
>are usually spam offenders or recipients...

I say that Q6 is quite clear - they list *sections of the Internet* from
which spam arrives. That says to me 'netblocks' or 'ISPs' and I know
that not every customer of a listed range is a spammer. But some are,
and so I am skeptical of ANY mail coming from those ranges.

And that doesn't even include the iptables ranges which block packets
before they even hit the mail server! Like:

LOGDROP tcp -- 83.28.0.0/16 0.0.0.0/0 tcp dpt:25

Some people don't learn, and so they get blocked. For at least one
range, they can't even hit my servers, because not only spam but
hacking attempts come in:

LOGDROP tcp -- 65.18.157.0/24 0.0.0.0/0 tcp

And the chances of ever getting out of THOSE lists are pretty much
nil. You should be glad I use SPEWS and SpamCop - otherwise I'd
put way more stuff into iptables and forget about it.

>Nevertheless, if you go for more details (Spews bounce page), it
>doesn't really elaborate on how extensive its IP ranges are. Why not?

You can lookup on their site the listing for an IP address. And you
will see the escallations and size of the block. It varies, depending
on who owns the blocks, etc.

>Everyone here seems to know it, and understands just how big those IP
>blocks are... Why is there no mention of this. All there is, is a
>casual mention that an ISP may get blocked. Who in their right mind
>would assume they are talking about several tier 1 ISP's?

Well, when I look at my logs, I see zillions of rejects for Comcast
netblocks. The vast majority of @comcast.com email is spam. It
would not surprise me to find it in SPEWS list! Heck, most of their
cable-modem blocks are in my IP address list (as above).

>> Seems very clear to me. I'm not SPEWS, have nothing to do with SPEWS,
>> but I do use their list for tagging/filtering (not blocking).
>
>I'm glad I'm getting so many responses to this, but I don't find these
>arguments particularly convincing. I don't see how anyone could
>logically come to the conclusion that Spews isn't being straightforward
>about its blocking policies.. Of course, it makes perfect sense as to
>why they would not.

Well, *I* know what they have, and I use it to tag. I concluded this
by looking at the information.

By the way, SPEWS convinced me to move my server from Ameritech/SBC/AT&T
netspace into a co-lo environment. I couldn't take the risk of being
in SPEWS. My co-lo company HATES spam and has a zero-tolerance policy
for spam, and I've seen them whack customers for spam. Sure, they might
change their mind (and then I would have to move), but I know the guys who
run the place and there is no way they will allow ANY kind of listings
to be created. Because they deal with spam. I had to sign a contract
that said I would terminate my clients on a single verified spam report.
Fortunately, I haven't had to do that. But I will.

UUNet will not.

They are listed. Simple.

-Stephen
--
Space Age Cybernomad Stephen Adams
malchu...@AMgmail.com (remove SPAM to reply)

--

Bill Carton - (The Roadie)

unread,
Oct 25, 2006, 7:19:32 PM10/25/06
to
"nicknomo" <nick...@gmail.com> wrote:

> ...I have no


>doubt that within the few million IP's that are blacklisted, hundreds,
>even thousands of spammers are thwarted.

You might be interested in the statistics compiled regularly by David Bolt:

Using SPEWS list with last modified date:- Thu Aug 24 07:03:29 BST
2006
|IP count |percentage of |percentage of
| |total IP space|assigned space
level 1: | 21226028 | 0.494% | 0.895%
level 2: | 4972621 | 0.116% | 0.210%
level 1+2: | 26198649 | 0.610% | 1.105%
............................|...........|..............|
unassigned: |1923229816 | 44.779% |
............................|...........|..............|
assignable & not blocked: |2345538831 | 54.611% | 98.895%


>What personally bother me though, is that according to what everyone
>has said here, SPEWS doesn't care if my domain is not spam. It will
>still block me anyways. This is not in line with the purpose of a
>blacklist. That to me, also says that SPEWs is more political.. a tool
>to influence the ISPs... but personally, I don't like the idea of my
>domain being a casualty in someone elses war against an ISP. I respect
>the sentiment, but I'd like to be left out of of these private battles.

There are no non-combatants anymore. Haven't been for years. And the battle
isn't private. I recommend you get fully on the one side or the other, and
stop trying to dodge bullets. Influence your spam-friendly ISP, lobby them
incessantly, convince your recipients to all quit using SPEWS, or move your
outbound mail relay to a non-listed IP.
--
Bill "the Roadie" Carton

nicknomo

unread,
Oct 25, 2006, 7:20:20 PM10/25/06
to
> >i'm not defending my ISP, I'm defending my interests...

> Defending your interest to get mail sent from UUnet IP space accepted
> by other sysadmins/nets *is* defending your isp, you try to save UUnet
> from the consequences of knowingly harboring spammers. That is your
> right to do, and it is your right to deny that it *is* what you do.
>

I understand what you are saying, but I still think there is a notable
difference. I've mentioned before that I no longer expect anything to
be done from this. I'm arguing solely on principle now... The main
question is whether it is ethical to do put what they do in their list,
and represent it the way they do.. The way they do it is obviously
not in my interests. As I've said my old provider was cogent, which is
equally plagued with entries. Megapath and XO quoted my area, but they
seem to lease out from other networks in my area. I could have
probably went with any of the ISP's offering service in my area and had
a chance of getting a Spews listed ip pool.

To my knoweledge, this is what Tier 1 providers do. They control most
of the lines and end up just reselling their services through other
companies.

With this in consideration, it doesn't matter if I defend my interest
to accept mail from verizon networks, cogent networks, saavis networks,
etc. The predicament is on a much higher level than just wanting mail
delivered when using a certain provider. Its whether it makes sense,
whether its ethical, etc...

> >1) Making no attempt to remove non-spam domains from its list

> Their list, their rules.
>

> >2) Making no reference of the extreme scope of its blocklists anywhere

> >on its website.

> Extreme? There are more draconian lists. But, you've got a point.
>

I'm by no means a list expert, so I'm sure there are worse out
there. I guess there is some sort of shell shock in the statement
(from my experience)... but its just the general level that they carry
it out... Its past my perception of "normalcy" if there is such a
thing...

> >3) Choosing to block very very large portions of very very large ISP's.
>
> >You put all 3 together, and you do the community a disservice. This is
> >hurting the spam situation, not helping IMO.

> The idea *is* to hurt the spam situation! ;-)
>

Sorry, I should have been more clear... hurt the spam situation for
those who are negatively effected by spam. In other words, I think
this could potentially do more damage in the fight against spam. Not
by allowing more spam to get through, but by muddying the lines of
whats acceptable.

> >I picked the most reliable ISP in the area. I picked a tier 1 provider
> >to provide both the loop and the port. Why? I've had experience with
> >smaller ISP's, and its not fun having support tickets that go back and
> >forth from company to company, each ISP claiming its the other's
> >problem.

> Then you fully understand my feelings trying to get UUnet to kick out
> some spammer hurting my mail traffic. I agree, not pleasant to see
> UUnet ignore abuse tickets and blaming the situation on SPEWS or bad
> laws or whatever excuse they use that day. Ignored support tickets
> are no more fun when getting them from large businesses.
>

I haven't found an ISP that really did something unless they absolutely
have to (by contract, terms of service, or whatever else may be binding
them). If they can pass the buck onto you, another company, etc...
They will. Its not just ISPs though. This pretty much goes for most
companies. They won't do something unless they absolutely have to.

Like I said, I understand the sentiment of Spews. Its try to get them
to a point where they have to do something. Personally, I think the
only way to actually achieve this is through legislation... but that
opinion isn't important. What's more pertinent is the question of
whether or not the combination of practices is valid or not. It would
be hypocrisy if bad business practices were trying to be curbed by
Spews.. through the use of bad business practices. That's really the
question I'm raising.

Are they being dishonest? Are they purposely omitting information that
should be available to users? Would the way they present themselves vs
what they do be a bad business practice in itself? Now, this is
completely rhetorical, since everyone has voiced their opinions on the
subject already.. but thats really what Ive been trying to argue for.

> >I have one support contact in case of failure. I have GREAT uptime.

> Fine! Then perhaps you can get your support contact to have the
> spammers thrown out from them, because when they have that, the SPEWS
> listing will be history 8I guess), and if SPEWS lists UUnet/MCI/
> Verizone a long time after they have got rid of their spammers, even
> fewer will use SPEWS for listings.
>

Well, we know thats not going to happen... and a lot of the big
companies are like this. Its how big companies are, IMO. The bigger
they get, the less they will cave to such influence... but thats also
why I think the pressure Spews is trying to put on them won't work.
They are huge, and it will take more than Spews to have any influence.

So, that raises the question: "If Spews doesn't actually have any
influence, and is listing large IP pools (including those who are known
to be completely innocent such as mine), isn't the listing of these
"good" ip pools completely uneccessary?


> >The only people apparently giving me a problem about this is Spews.

> Not exactly. Rather the people using the SPEWS lists without white
> listing you. Or rather Waggoner, Haberstroh, Lindsay, Goldstein/
> Greenstein, Scelson, Marin, Reinertsen, Kramer and Campbell. Among
> others.
>

sorry, I don't mean to imply Spews is blocking me directly. I meant to
say that the only list which gives me a problem (flags my ip) is the
spews list.

> >I personally think the answer lies in better legislation...

> However,Better legislation (against spam) would have done SPEWS a lot less


> useful and less needed/wanted/used. So, let's agree in this wish.
> Harboring known spammers should be illegal!
>
> Best,
> Claes T


Yeah, they really need to do something about this soon... Surely the
senators must get spam too...

Yippee

unread,
Oct 25, 2006, 7:22:24 PM10/25/06
to
"nicknomo" <nick...@gmail.com> realised it was Wed, 25 Oct 2006

15:51:06 GMT and decided it was time to write:

>i'm not defending my ISP, I'm defending my interests... and I'm also
>stating my opinion on matters. I honestly think that Spews goes a bit
>too far by
>
>1) Making no attempt to remove non-spam domains from its list

Where does SPEWS list 'non-spam domains'? AFAIK, SPEWS only lists the
domains (and IP ranges) of spam operations and those that support them.

>2) Making no reference of the extreme scope of its blocklists anywhere
>on its website

Anybody who is able to read and comprehend the SPEWS FAQ should be able
to understand what SPEWS does.

>3) Choosing to block very very large portions of very very large ISP's.

Some very large ISP's, like yours, have very large spam problems.
UUnet/Verizon clearly has the largest spam problem among all large
ISP's, so it's only logical they have a large listing.

BTW: SPEWS doesn't block, it only lists bad net-neighbourhoods. That's
not just semantics, it's an important difference.

>You put all 3 together, and you do the community a disservice. This is
>hurting the spam situation, not helping IMO.

If you don't like SPEWS, don't use their data. I personally do not think
SPEWS hurts anybody other than spammers and the ISP's that support them.
I agree that your interests are hurt, but not by SPEWS. If your ISP were
a responsible and trustworthy entity, you wouldn't have this problem.
Your interests are being hurt by your ISP - SPEWS is just the messenger.

>> You say you are not a spammer and I believe you aren't, but one
>> question keeps nagging: If you aren't a spammer, why would you choose
>> an ISP which hosts more spammers than most countries (only the USA,
>> China, Russia and Japan host more spammers than verizon according to
>> Spamhaus)?
>
>I picked the most reliable ISP in the area. I picked a tier 1 provider
>to provide both the loop and the port. Why? I've had experience with
>smaller ISP's, and its not fun having support tickets that go back and
>forth from company to company, each ISP claiming its the other's
>problem.

I can understand you prefer a large company, but you haven't answered
Erik's question.

You choose to do business with an irresponsible, untrustworthy ISP, an
ISP that doesn't understand that one of its most valuable assets is the
trust of its peers. The question remains: why do you make that choice?

>I have one support contact in case of failure. I have GREAT uptime.
>The only people apparently giving me a problem about this is Spews.

Not true. Your ISP is giving you problems by housing you in the internet
equivalent of a slum. Your ISP doesn't seem to care. Your biggest
problem is your ISP. SPEWS is just the messenger.

>Yes, I hate spam. I'm not willing to go to that extreme of an extent
>to push the issue... I think I'm in the majority there. One other
>poster in here said it very well.. if you wanted to boycott tier 1
>ISP's, you'd have to disable a lot of routes going out of your router
>and a lot of the internet may no longer be reachable.

I use SPEWS as a means of boycotting untrustworthy entities. If ever
SPEWS listed IP space that would result in e-mail from friends or family
being rejected here, I would go out of my way to find them a better ISP
before I would even consider whitelisting them. That's because I believe
trust between peers is one of the most important foundations of the
internet. I do not want any packets from parties that willingly violate
that trust, just because they believe it's OK to make money by
supporting spammers.

>I personally think the answer lies in better legislation...

Take it from me: legislation would be the worst possible solution. This
is one field in which self regulation has worked remarkably well. Even
if the world wide spam problem could be solved by (American?)
legislation, you really don't want legislators to mess this up even
further. Trust me, I'm a lawyer. ;-)

--
Y.

nicknomo

unread,
Oct 25, 2006, 7:22:47 PM10/25/06
to

> >Its completely different to possibly be
> >blocking potential vendors or distributors of your product.. That's
> >IMO, irresponsible. That's very bad practice IMO, especially
> >considering the role of the mail administrator is to ensure proper flow
> >of mail.

> It *appears* tome that most want their cake and to eat it too. It
> doesn't work that way. Your company is using a company that is
> considered to have bad business ethics and or practices. As a direct
> result of these beliefs some have blocked them email servers.
>
> It is incumbant upon you to find a solution to *your* problem which is
> *your* email is blocked as a result.

Yes, it is my problem...

I no longer expect anyone to do anything about my entry... I'm still
here for the sake of discussing it.


> You must ask yourself the following.
>
> Is it the fault of those trying to protect themself from the ethics
> and business practices of your provider or the fault of your provider
> for not caring how their business practices and ethics negatively
> impact others or simply is it your provider's fault for having such
> ethics and business practices in the first place?

It's no ones "fault"... Its just bad practice.

>
> Personally I hold the individual or organization responsible for their
> actions and not the person trying to protect themselves from that bad
> behavior. You might see things differently however.

Well I think thats the problem. Spews operates in reverse. You aren't
just holding an organization responsible, but everyone related to that
organization.

>
> >Really, I've noticed more and more that my spam is coming from dynamic

> >IP ranges usually part of zombie networks.The xbl at spamhaus is for exploited machines I believe.


>
> > The RBL's are not doing
> >very well against this. I am going to have to actually implement

> >strict RDNS to stop it...Your server, your rules.

> What about that small business person
> running a server at home from a DSL connected machine that does not
> have rDNS set up thru his provider? You will be rejecting all the
> email from those people and or businesses to protect yourself from the
> spam of a few spammers....
>
> Your server, your rules.

Well I'm not sure if you know, but a dynamic IP doesn't exclude you
from RDNS. Most of the dynamic ip services that allow you to receive
mail through a dynamic IP will also be able to provide you with an RDNS
entry. No-ip offers this service, and it would make any mailserver
compliant with RFC standards... So its not like this is unattainable.
It can be easily fixed in a matter of hours. Its a simple
reconfiguration of the DNS entry.

lart...@yahoo.com

unread,
Oct 25, 2006, 7:26:42 PM10/25/06
to

nicknomo wrote:
><SNIP>

> Now, if I was with a small ISP, I'd understand. I'm not. I'm with
> Verizon, and as far as I can tell UUnet is now connected to Verizon. I
> just happened to get stuck with an IP pool that overlapped a spammer.
>
> Now it looks to me as if all of UUnet isn't being blocked. Its just
> the sections attributed to atriks, which as of two months ago are
> incorrect. What it comes down to, is if my ISP is the problem, why
> isn't everyone from the ISP being blocked?
>
> I think that this is clearly an error, and Spews just doesn't have up
> to date information.

I think you have missed one aspect of how SPEWS appears to work.
(Note that I am not endorsing SPEWS, just observing them).

Their strategy appears to be to START by just listing the spammer
(in this case, the notorious Atriks spam operation).
If the ISP continues to harbor the spammer, then they seem to gradually
"turn up the heat" by listing ever-widening blocks on the ISP.
So if you ask why SPEWS isn't listing all of UUnet (Verizon Business),
just wait and it might happen if they continue to support evil spammers
like Atriks.
It looks like you were close enough in IP space to Atriks to get caught
up in the listing,
while other customers of the ISP get off unscathed, at least for now.
Maybe that is unfair, but it is also unfair that the rest of the
Internet has to
put up with the abuse facilitated by your ISP.
It is thought that a part of the thinking of SPEWS is that customers
like you
might be able to influence Verizon Business with your complaints, since
they
routinely ignore complaints about their spammers from "outside".

What did your Verizon rep say when you asked why they have not
terminated the
notorious Atriks spam operation, whose presence is harming your ability
to get your
email delivered? If you haven't asked this, why not?

Also, other messages suggest that your IPs are only listed by SPEWS at
Level 2.
This level is seldom used for blocking. If you are getting your email
bounced,
are you sure that SPEWS is the reason (do the bounce messages reference
SPEWS)?
It may instead be people simply boycotting UUNet space on general
principles.
I would be curious to see documented evidence of any ISP actually
blocking on SPEWS Level 2.

nicknomo

unread,
Oct 25, 2006, 7:25:53 PM10/25/06
to
> > I don't think most people possibly understand the scope
> > of it.

>I don't think you are wrong, and that goes for all DNSbls,
> otherwise we would never hear from people complaining about
> being listed in random.bl.gweep.ca , blocked.secnap.net , ...
>

The question is really as to why the people get the wrong idea. Are
they incompitent, or is the description of Spews just inadequate?

> > I've seen a lot of people use spamcop RBL (which also has
> > a lot of collateral damage), who have no idea that there
> > are a large number of false positives. I don't see this
> > being any different for Spews.

>There are only flase positives, if mail you want / need
> / expect is being blocked unexpedly due to your use of that
> / those DNSbl(s).
> If mail server admins arn't getting very many complaints
> very often from their end users about false positives,
> they have no need to change what they are doing,
> other than an ocassional whitelisting.

I think that most returned undeliverable email gets reported very
infrequently. The particular rejection I was experiencing, apparently
was going on for a week. How did I find out? Casually strolling
through the logs... Despite a few dozen rejections, not one user
complained to me, let alone the other company. Why don't they? For
lots of reasons. Its not their job, they don't know what the problem
is, they don't know who to contact. Its irresponsible of a system
admin to leave this sorto f thing up to the end user. Any experienced
admin knows that end users shouldn't be counted on for doing anything.
Unless you work for a tech company, this is a serious problem.


> > If the agenda is political, Spews should more clearly
> > state that the purpose of its L2 isn't to filter out
> > spam sources while allowing valid emails to go through
> > (IMO this is the normal use of an RBL). If it stated
> > that the use is for political and influential purposes,

> > no one would use itI use it & I don't have problems getting messages I want


> / need / expect; {Nneither do I expect using just a third
> party list to solve all my problems, and do all my work
> for me}.
>
> > I'd like to reference this description:
>
> > What is Level 2? "This includes all of Level 1, plus
> > anyone who is spam-friendly, supporting spammers, or
> > highly suspicious, but not blatant enough to be included
> > in the Level 1 list yet.
> > If it becomes obvious that someone at Level 2 has become
> > a real problem, they will be escalated to Level 1 after
> > some attempt at education.
> > The Level 2 list will have some inadvertent blocking
> > (non-spammer IP addresses listed), but can still be used
> > by small ISPs or individuals who want a stricter level of

> > blocking/filtering.I think this next section covers it,


>
> > By having a two tiered list, you can make the hardcore
> > spamfighters happy; those who want to block first and
> > ask questions later. Also, a listing in the Level 2 list
> > may exert a bit of pressure on spam friendly sites and

> > may keep them from turning totally bad ...Yea, that about covers it.

> See Also Q/A:44 http://spews.org/faq.html
> Q44: I'd love to use SPEWS and other advisory systems to
> reduce my spam, but I just can't take the chance that a
> non-spam email for me or my company would be rejected.
> What can I do?
> A44: Instead of rejecting the message, most email systems
> can also be set up to tag it as possible spam. These tags
> are placed in the message header and can then be dealt
> with using your email client software.
> A common technique is to put them into a "junk folder."
> Then, when you have time, you can scan through these
> messages to see in any were of value.
> Email processing systems like Procmail, SpamBouncer and
> SpamAssassin can be used to implement this.
> A common practice is to bounce based on the SPEWS Level
> 1 list, and tag based on the SPEWS Level 2 list.
>
> Those last few sentences cover it fairly well too,
> and are fairly close to what I do at $Dayjob
> (except with more than just SPEWS).


Well obviously you have a clear understanding of the extent of Spews
blocking procedure. However, I fail to see how that listing addresses
the point I've made. Really, where in there does it say that HUGE
portions of valid IP ranges will be blocked? Where does it say that IP
ranges in certain ISP will be blocked simply because Spews doesn't like
the ISP's practices? Where does it say that Spews views large
collateral damage as necessary? Does it mention anywhere in there that
it has a political motive for influencing ISP supporting spammers?

What Spews wrote is what every other DNSrbl list publisher has written.
The problem is that Spews is not like most other RBL lists. As has
been stated to me a few times in this thread, Spews doesn't care
whether my domain is spam or not. They won't delist my entry, just to
make a point to the ISP. Funny, I don't see this written anywhere.
This is why Spews is deceptive.


> > - but that is not really the point, stopping spam is.
> > (note: a Level value of "0" means that area is not listed) "
> > This description is an absolute farce from what I've seen.
> > " ?SOME? inadvertent blocking. I don't see anything in
> > there about blocking millions of users from the largest
> > ISPs in the world. I don't see anything in here about
> > blocking massive blocks of people with the sole purpose
> > of getting the ISPs to be harder on spammers....

> and jsut how many messages have you had blocked to how
> many recipients how many times due to nothing other than SPEWS?
>

Currently Spews is the ONLY list I've found that is blocking me, and
the only reason stated in my return.


> SPEWS lists, the recipients do the blocking, tagging,
> filtering, ...

I realize this. That's the problem.

> > I figured RBL's are going to give false positives, but I
> > expect it to be unintentional.
> > Nowehere in this description does it saying anything about

> > intentional blcoking of valid domains.SPEWS does not list domains,

> they list IPs belonging ISPs with abuse issues that SPEWS notices.
>

Its more like they are listing ISP's belonging to IP's. I completely
understand Verizon/UUNET, Cogent/Verio and SAAVIS have lax anti-spam
policies. I really do get it. I still think it is a fundamentally
unsound and unethical policy to intentionally list IP ranges that are
foreknown not belong to spammers and NOT inform your list users that
you are doing so.

To me, all of the passages you referenced seem to minimalize Spews'
potential for false positives (in light of what they actually do).

> > However not telling people that your list isn't just a
> > spammer blacklist, but a "boycott list" instead, is not
> > the right way to do things.

> I think that is just a comprehension problem.
>
> If you don't agree with what a DNSbl lists, why they list,
> and what it takes to be delisted, don't use it;
> just because you don't like it and don't want to use it,
> does not mean other others feel the same as you (or it would
> not exist or not be used and you would not be here).


I don't think its a comprehension problem, I think its an omission
problem. Nowhere on Spews do you see anything that mirrors the
sentiment of my evidence file... which amounts to "we don't like UUNET,
so you get grouped in whether you are spam or not". I would gamble
that they are intentionally leaving out these details so their list
gets more use, and they can augment their influence.

I think my point is that there is no way any reasonable and rational
person would assume this after visiting Spews.org. Its not simply a
matter of not liking the policies, its about making users aware of
these policies. Deception by omission is still deception.

To seal my case, I called the I.T. staff of the company I was trying to
reach 2 hours ago. The rep I spoke to had no idea. When I informed
him of the scope of the listing policy, he actually didn't believe me..
He found it incomprehensible that Spews would block almost entire
class B's from major ISP's. I've referenced him to this thread to show
him just how extreme Spews is. I think I have convinced him to drop
Spews level 2 entirely...

Sure you can claim that he was just incompitent, but really what reason
would he (or anyone else) have to believe Spews operated at this level?

Jim Seymour

unread,
Oct 25, 2006, 7:28:22 PM10/25/06
to
In article <1161747203....@k70g2000cwa.googlegroups.com>,

"nicknomo" <nick...@gmail.com> writes:
> Well, mail coming from Taiwan/China/Korea is one thing.. Mail coming
> from American companies is another thing. You know the mail coming
> from China is spam, simply because most small or mid sized companies do
> not (and probably cannot) do business with overseas clients... so who
> cares if you block them.

The company with which I'm employed does lots of business in Asia. We
get lots of valid email from China and other Asian countries/regions.

AFAICT we get mostly spam from UUNET space, however.

> Its completely different to possibly be
> blocking potential vendors or distributors of your product.. That's
> IMO, irresponsible. That's very bad practice IMO, especially
> considering the role of the mail administrator is to ensure proper flow
> of mail.

Is it? Is it more responsible to ignore UUNET's long practice of
anti-social and irresponsible abuse of the rest of the Internet? Is
it more responsible to allow UUNET's customers to subject my fellow
employees' email boxes to an endless flood of spam?

I don't think so.

In fact: I've become so fed-up, so disgusted with UUNET's behaviour
I've done this: I tracked-down each and every netblock I could find
that belongs to UUNET. Then I split them up into netblocks no
greater than /24's. Then I put all those into a special table in my
spam database. Now, whenever a single spam arrives from w/in any
UUNET /24, the entire /24 is immediately listed for a minimum of 60
days. (Soon to be boosted to 90 days, likely.)

It's been only 15 days since I did that, and already 83 UUNET /24's
are listed. What an accomplishment. They must be so proud...

I think I'll start a separate thread, listing the UUNET netblocks I
found, just to make sure I didn't miss any.

--
Jim Seymour | "Some of the lies are so strange it
jsey...@LinxNet.com | makes you wonder about the spammer's
LinxNet Spam Files: | sanity."
http://www.LinxNet.com/misc/spam | - Ed Foster, "The Gripe Line" 6/24/02

Shmuel (Seymour J.) Metz

unread,
Oct 25, 2006, 7:28:49 PM10/25/06
to
In <1161722199....@k70g2000cwa.googlegroups.com>, on
10/24/2006

at 07:40 PM, "nicknomo" <nick...@gmail.com> said:

>It just seems irresponsible to block such a large amount of people to
>stop a few spammers...

You seem confused as to what a DNSBL is and who has a responsibility
to whom. The operators of a DNSBL are responsible to their principals
and to their users. They don't block anybody except from their own
systems.

In another article you refer to SPEWS as blocking your domain. SPEWS
is not a list of domain names, it is a list of IP blocks. An MTA using
SPEWS blocks based on the source IP address, not the domain name.

Finally, you seem to be conflating SPEWS Level 1 with SPEWS Level 2.
If a provider is blocking using Level 2 and gets too many[1] false
positives, then the obvious thing to do is to switch to Level 1. If
you want him to stop using SPEWS entirely, you need an argument based
on what is in Level 1, not what is in Level 2.

>Blocking a tier 1 ISP doesn't seem logical.

Then don't do it. Those who disagree with you will continue doing as
*their* judgement dictates.

>I've looked into it, and it appears that Spews has blocked
>Verio/Cogent co/NTT class B's in the past as well

No, they've listed them. While it seems likely that their principals
are also blocking them, SPEWS itself isn't.

>(I read about it on somethingawful.com).

Google is your friend.

>That's nuts.

Some sysadmins consider it nuts to *not* block the likes of uunet.
Some admins block entire countries, even entire continents. Their
servers, their rules. What matters isn't whether you, I or Joe down
the block agree, it's whether the people paying their salaries agree.

>That's blocking millions upon millions of users (a small fraction of
>them spam).

I've never gotten anything but spam from some of them; why shouldn't
my provider block them if it makes his users happier?

[1] In his sole discretion.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

Shmuel (Seymour J.) Metz

unread,
Oct 25, 2006, 8:09:55 PM10/25/06
to
In <1161709683....@h48g2000cwc.googlegroups.com>, on
10/25/2006

at 01:43 AM, "nicknomo" <nick...@gmail.com> said:

>I hate to sound condescending,

It may be your intent to sound condescending, but you sound mostly
uninformed.

>This service is hosted through Verizon business / MCI.
>Its one of the biggest T1 providers in NY, and also the most
>reliable in my area.

K3wl. How does that confer an obligation to accept their traffic?

>I've fixed the postmaster issue.. but that isn't why the domain is
>being blocked

The domain isn't being blocked.

>its because the ip's being blocked are attributed to atriks.com.

NFW. Read the record.

>Now, if I was with a small ISP, I'd understand. I'm not. I'm with
>Verizon,

As long as you are using a verizon IP address, you are using an IP
address whose reputation is tied to the reputation of verizon. And
that reputation is bad.

>I just happened to get stuck with an IP pool that overlapped a
>spammer.

No, you picked a provider without doing due diligence as to the
reputation of that provider.

>Now it looks to me as if all of UUnet isn't being blocked.

It is by some. As for SPEWS not listing all of uunet, their list,
their rules.

>Its just the sections attributed to atriks,

Oh, no, it's far more than that.

>which as of two months ago are incorrect.

No. The publicly available SPEWS records do not claim that spam is
still emerging from those addresses. SPEWS seems to have a policy of
withholding data, probably to protect its spam traps.

>What it comes down to, is if my ISP is the problem, why isn't
>everyone from the ISP being blocked?

Would that make you happier? It might eventually come to that.

>I think that this is clearly an error,

It is obviously not an error. You may not like the fact that SPEWS
includes historical data, but those data are valid.

>and Spews just doesn't have up to date information.

The smart money says that the reason uunet is still listed is because
SPEWS does have up to date information. Don't expect them to publish
everything they have. If you want up to date information, google for
uunet or verizon in NANAS.


In <1161745608.7...@h48g2000cwc.googlegroups.com>, on
10/25/2006


at 02:19 AM, "nicknomo" <nick...@gmail.com> said:

>You seem confident that most people know exactly what they are doing
>when they add Spews L2 to their list.

You, without any data, seem confident that they don't.

>Even I who had been to spews.org, considered it at one point

Which part of the following didn't you understand?

The Level 2 list will have some inadvertent blocking

>Really, when you see an RBL level 2 listing, you expect there to be


>some sort of reliable evidence that the ip range is being used for
>spam.

It's enough to have reason to believe that there is a higher risk of
spam from that IP block, e.g., a history of tolerating spammers.

>You don't expect it to be a "boycott" list of major ISP's.

It isn't.

>IMO this is the normal use of an RBL

The normal use of a DNSBL is to assist the sysadmin in the tasks that
he has been assigned.

>If it stated that the use is for political and influential purposes,
>no one would use it

That is demonstrably false; there are admins who use such lists.
SPEWS, however, is not such a list.

>This description is an absolute farce from what I've seen.

Ah, but what have you seen? Have you seen verizon's mail logs, or are
you just guessing?

>I don't see anything in here about blocking massive blocks of people
>with the sole purpose of getting the ISPs to be harder on spammers.

True; you also don't see anything there about Rochester being the
capital of the USA. There's no reason that the FAQ should include your
incorrect assumptions and guesses.

>That's deceptive.

No, it's begging the question. SPEWS doesn't say what you want it to
say because what you want it to say is false.

Karl-Henry Martinsson

unread,
Oct 25, 2006, 8:36:08 PM10/25/06
to
"nicknomo" <nick...@gmail.com> wrote in message
news:1161795095.7...@i3g2000cwc.googlegroups.com...

>
> I no longer expect anyone to do anything about my entry... I'm still
> here for the sake of discussing it.
>
>>
>> Personally I hold the individual or organization responsible for their
>> actions and not the person trying to protect themselves from that bad
>> behavior. You might see things differently however.
>
> Well I think thats the problem. Spews operates in reverse. You aren't
> just holding an organization responsible, but everyone related to that
> organization.

History lesson:
In the 70's and 80's, South Africa was boycotted by most countries due to
the apartheid system. No companies were allowed to do buisiness with South
African companies, artist were not allowed to perform, and the country was
not allowed at the olympic games until 1992. There were several artists that
performed in South Africa, and thus got banned in other countries. You could
probably call them "collateral damage".
Then you probably had companies run by south africans that treated their
blank employees well, and did nothing wrong. But they were punished too,
because they were located in the boycotted coutry, and they supported the
country by paying taxes. The same way you support a spam-friendly ISP by
paying them money.

In the end, the boycott helped, and it forced South Africa to change it's
policy. This opened up for general elections and democracy.

See SPEWS and other lists as boycott lists, lists of bad ISPs you should
avoid, and that should be "punished" until they start behaving ethically.
Next time you talk to Verizon, ask them about all the spammers they host.
And ask them if they ever heard about RFC 1855...

/KHM

DevilsPGD

unread,
Oct 25, 2006, 8:50:37 PM10/25/06
to
In message <1161747203....@k70g2000cwa.googlegroups.com>
"nicknomo" <nick...@gmail.com> wrote:

>Really, I've noticed more and more that my spam is coming from dynamic
>IP ranges usually part of zombie networks. The RBL's are not doing
>very well against this. I am going to have to actually implement
>strict RDNS to stop it... something I wasn't looking forward to doing,
>but it is necessary.

Add in a DUL and I suspect you'll find that DNSBls do not half bad.

--
Our enemies are innovative and resourceful...They never
stop thinking about new ways to harm our country and
our people, and neither do we.
-- George W. Bush 08/05/2004

DevilsPGD

unread,
Oct 25, 2006, 8:50:54 PM10/25/06
to
In message <I9ydnRbvbvHERqPY...@speakeasy.net>
huey.c...@gmail.com wrote:

>No. The tier-1s are ATDN/AOL, AT&T/SBC/SWbell/Ameritech, Global
>Crossing, Level3/Genuity/BBN/ICG/Adelphia/Broadwing, NTT/Verio,
>Qwest/USWest, Savvis/C&W, Sprint/Nextel, and
>Verizon/MCI/Worldcom/UUnet/Digex. VZ is still the largest of those.
>
>Everybody else on the internet pays one of those nine (or pays
>somebody who pays one of those nine, or pays somebody who pays
>somebody who pays one of those nine, or... ...you get the drift)
>for transit or peering. Those nine are the "middle" of the tardcloud,
>and everybody else is further out towards the edges.
>
>So, if you've decided that it's wrong to support UUnet in any way, not
>only do you need to drop routes from AS701 (and the associated
>roughly one-third of the internet) but also ensure that your own
>upstream providers aren't paying them for peering or transit either.

It's a nice theory, but no. Packets don't turn spammy because they pass
through UU, they turn spammy when they're sent by a spammer. Since UU
allows the spammers, and even actively helps them (by shuffling them to
new IP space when they get blocked), blocking UU is reasonable.

--
Our enemies are innovative and resourceful...They never
stop thinking about new ways to harm our country and
our people, and neither do we.
-- George W. Bush 08/05/2004

--

Herb Oxley

unread,
Oct 25, 2006, 9:01:03 PM10/25/06
to
Yippee <yippe...@intuh.net.invalid> wrote:


> I use SPEWS as a means of boycotting untrustworthy entities. If ever
> SPEWS listed IP space that would result in e-mail from friends or family
> being rejected here, I would go out of my way to find them a better ISP
> before I would even consider whitelisting them.

And I'm sure you can recognize that "friends and family" may have more
options for internet service providers than a business that probably
requires high availability and low latency.

ANd don't forget the O.P. is having problems with someone who is using
SPEWS2.


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Herb Oxley
From: address IS Valid.

Hal Murray

unread,
Oct 25, 2006, 9:53:24 PM10/25/06
to
>A Class B isn't "near other ip addresses that send spam". It
>encompasses far more than just the address close to it. It includes
>everything in a '30 mile radius' (figuratively).

Most of the /16s that get listed at SPEWS have several/many spammers
within that 30 mile radius. It would be interesting to see the
statistics.

--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's. I hate spam.

Martijn Lievaart

unread,
Oct 26, 2006, 8:19:51 AM10/26/06
to
On Wed, 25 Oct 2006 23:25:53 +0000, nicknomo wrote:

> I think that most returned undeliverable email gets reported very
> infrequently. The particular rejection I was experiencing, apparently
> was going on for a week. How did I find out? Casually strolling
> through the logs... Despite a few dozen rejections, not one user
> complained to me, let alone the other company. Why don't they? For
> lots of reasons. Its not their job, they don't know what the problem
> is, they don't know who to contact. Its irresponsible of a system
> admin to leave this sorto f thing up to the end user. Any experienced
> admin knows that end users shouldn't be counted on for doing anything.
> Unless you work for a tech company, this is a serious problem.

Then the mail must not have been very important. On all jobs I was
responsible for mail, I had complaints about email not getting through[1].
If these were not resolved in a reasonable timeframe, it was escalated.

I don't agree with "if users don't complain there is no problem" on all
accounts, but this is one of them.

M4

[1] Most failures were of a technical nature, only two involved anti-spam
techniques. But to the end user, the net result is the same.

Martijn Lievaart

unread,
Oct 26, 2006, 8:19:46 AM10/26/06
to
On Wed, 25 Oct 2006 11:48:40 +0000, huey.callison wrote:

> Mike Andrews <mi...@mikea.ath.cx> wrote:
>> As to "Tier 1 ISPs", well, there're AOL and M$ and Yahoo and Google
>> and Verio and Savvis and XO and UUNet and TW Cable and Cox Cable and
>> Earthlink and SBC (really another tentacle of Yahoo) and some other
>> fairly major players


>
> No. The tier-1s are ATDN/AOL, AT&T/SBC/SWbell/Ameritech, Global
> Crossing, Level3/Genuity/BBN/ICG/Adelphia/Broadwing, NTT/Verio,
> Qwest/USWest, Savvis/C&W, Sprint/Nextel, and
> Verizon/MCI/Worldcom/UUnet/Digex. VZ is still the largest of those.
>
> Everybody else on the internet pays one of those nine (or pays
> somebody who pays one of those nine, or pays somebody who pays
> somebody who pays one of those nine, or... ...you get the drift)
> for transit or peering. Those nine are the "middle" of the tardcloud,
> and everybody else is further out towards the edges.

This may be true for the US, it is not true for .nl and I think most of
Europe. ISPs actively peer here through Internet Exchanges.

For instance from here to Volkswagen.de, I go through my ISP, the
Amsterdam Internet Exchange, on to Arcor, to VW networks.

(Although Arcor may be one of those biggies in disguise).

>From here to avbulgaria.com, I also don't go through any of those AFAIK.

It is true that many of those biggies are involved in many other routes.
The two above are out of five I tried, so three others did go thrue one of
them (all gblx, which I think is Global Crossing).

However, the above statement is not true, it is at most, mostly true.

M4

Shmuel (Seymour J.) Metz

unread,
Oct 26, 2006, 11:23:43 AM10/26/06
to
In <Pvmdnalup56sGqLY...@speakeasy.net>, on 10/25/2006

at 04:39 PM, huey.c...@gmail.com said:

>Assuming they're the only person using their mailserver and no one
>ever tries to send mail to them, that's true. However, if they have
>people trying to send mail to them, or they have users, or they have
> people trying to send mail to those users, the problem becomes
>magnified, and generally expand in scope towards people who don't
>understand why it's happening. ...which is probably why the "Help!
>I'm blocked by SPEWS" entry in the FAQ has been, is, and will
>continue to be the most frequently asked question in this group

I don't see a lot of articles here from admins asking why their users
aren't able to receive e-mail. The articles from outsiders attempting
to e-mail in give now information as to whether the admin is aware of
the possibility of false positives.

>This is a distinction without a difference,

You know better than that. It's a distinction with practical
consequences. Plenty of admins who use SPEWS whitelist some addresses
and block some addresses that SPEWS doesn't include.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

Shmuel (Seymour J.) Metz

unread,
Oct 26, 2006, 11:35:45 AM10/26/06
to
In <ehork...@news1.newsguy.com>, on 10/25/2006

at 11:18 PM, Stephen Adams <ada...@no.spam> said:

>I guess you would not like these outright blocks in my config, then:

># APNIC/China/India/Taiwan/Japan, etc - various
>60.0.0.0/8 550 Multiple spam sources 20060114
>61.0.0.0/8 550 Multiple spam sources 20060114
>210.0.0.0/7 550 Multiple spam sources 20060115
>218.0.0.0/7 550 Multiple spam sources 20060115
>220.0.0.0/7 550 Multiple spam sources 20060115
>222.0.0.0/8 550 Multiple spam sources 20060115

Why not 24/8, 38/8 and 200/6? Are there actually addresses in there
you need mail from?

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

ru.ig...@usask.ca

unread,
Oct 26, 2006, 11:39:18 AM10/26/06
to
nicknomo <nick...@gmail.com> wrote:

> > >2) Making no reference of the extreme scope of its blocklists anywhere
> > >on its website.

> > Extreme? There are more draconian lists. But, you've got a point.

> I'm by no means a list expert, so I'm sure there are worse out
> there. I guess there is some sort of shell shock in the statement
> (from my experience)... but its just the general level that they carry
> it out... Its past my perception of "normalcy" if there is such a
> thing...

Oh, it's normal alright. It's just not usually public. There are
many mail services that block either by network Class (e.g. "I have
a /16 of theirs blocked here"), by domain, by country, or by
continent, in their private blocklists. Some of them start out
blocking just spammy IPs and then simply start expanding to ranges
when they realize most of the mail from those ranges is just spam.
At some point the admin realizes it's just easier to block a large
range and poke holes on (infrequent) request rather than continue
to watch (automatically or manually) for spammy IPs. That is,
what SPEWS does is basically the evolution of a normal administrative
practice. Some even consider it conservative (rather than extreme).

ru

--
I am not SPEWS. Any suggestions regarding SPEWS are merely from
observation of SPEWS records and its FAQs.

Shmuel (Seymour J.) Metz

unread,
Oct 26, 2006, 11:41:26 AM10/26/06
to
In <1161794048.9...@m73g2000cwd.googlegroups.com>, on
10/25/2006

at 03:51 PM, "nicknomo" <nick...@gmail.com> said:

>i'm not defending my ISP, I'm defending my interests

Actually, you're not, and you may be harming them.

>and I'm also stating my opinion on matters.

In a manner that will cause those who matter to disregard your
opinion. You would be far better off educating yourself on how the
Internet works before formulating, much less posting, opinions on
technical matters.

>I honestly think that Spews goes a bit too far by

Honest or not, your factual errors reduce your chances of being taken
seriously.

>1) Making no attempt to remove non-spam domains from its list

There are no domains on its list.

>2) Making no reference of the extreme scope of its blocklists
>anywhere on its website

Many using SPEWS have claimed very low false positive rates. It may be
*your* opinion that SPEWS is extreme, but given your factual errors
your opinion is not very relevant.

>3) Choosing to block very very large portions of very very large
>ISP's.

SPEWS doesn't block them. I would say that the large ISP's go a bit
too far by sending spam from all over their IP space. The listings in
SPEWS reflect the spam that SPEWS principals have received. If you
don't want verizon listed, get verizon to stop spamming.

>You put all 3 together, and you do the community a disservice.

Those who believe as you do don't use SPEWS. Others believe that SPEWS
is doing the community a great service.

>I picked the most reliable ISP in the area.

If that were true you wouldn't be here. You failed to consider all
aspects of reliability.

>The only people apparently giving me a problem about this is Spews.

SPEWS is not giving you a problem. SPEWS is simply providing data
about the behavior of your provider. If some admins are blocking your
e-mail, it is your responsibility to remove the underlying causes.
Complaining that it is unfair will only lose you whatever sympathy you
might have gotten for your poor choice of provider.

>I'm not willing to go to that extreme of an extent
>to push the issue...

And those blocking verizon are not willing to go to extremes to
accommodate its misconduct. Their servers, their rules.

>One other poster in here said it very well..

Actually, he oversimplified. Blocking e-mail from addresses owned by a
tier 1 provider has nothing to do with avoiding routing from that
provider.

>I personally think the answer lies in better legislation

Until such legislation is passed and enforced, there will continue to
be a need for SPEWS et al.

>However, that may be just as unlikely to happen as it is to actually
>influence an ISP through the use of an RBL.

Those using a DNSBL derive a benefit even if it doesn't cause rogue
providers to go straight.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

Shmuel (Seymour J.) Metz

unread,
Oct 26, 2006, 11:41:51 AM10/26/06
to
In <1161793345.6...@i42g2000cwa.googlegroups.com>, on
10/25/2006

at 11:25 PM, "nicknomo" <nick...@gmail.com> said:

>The question is really as to why the people get the wrong idea. Are
>they incompitent, or is the description of Spews just inadequate?

I doubt that they are incompitent; they may be illiterate, incompetent
or lazy.

>I think that most returned undeliverable email gets reported very
>infrequently.

That's not the responsibility of the server that rejected the e-mail.

>Despite a few dozen rejections, not one user complained to me, let
>alone the other company. Why don't they? For lots of reasons.
>Its not their job,

If it's their job to contact someone then it's their job to follow up
on the contact, assuming that you're not talking about spam.

>Really, where in there does it say that HUGE
>portions of valid IP ranges will be blocked?

Where does it say that 2+2=5?

>Where does it say that IP ranges in certain ISP will be blocked
>simply because Spews doesn't like the ISP's practices?

Yes, when the ISP's practice is to spam the principals of SPEWS, that
is a sufficient reason to list them. It's also a good reason to
suspect that they are spamming others.

>Where does it say that Spews views large collateral damage as
>necessary?

The same place that you found the data showing that they view it that
way.

>Does it mention anywhere in there that
>it has a political motive for influencing ISP supporting spammers?

No, it also doesn't mention that fire is freezing.

> The problem is that Spews is not like most other RBL lists.

No DNSBL is like any other DNSBL. Some or more aggressive than SPEWS,
some less aggressive, and some just different.

>As has been stated to me a few times in this thread, Spews doesn't
>care whether my domain is spam or not.

Because SPEWS is a list of IP blocks, not a list of domains.

>They won't delist my entry,

You have no entry. They won't delist verizon because verizon still
supports spammers.

>Funny, I don't see this written anywhere.

Because it isn't true.

>This is why Spews is deceptive.

No, you're simply misrepresenting what they do and say.

>Currently Spews is the ONLY list I've found that is blocking me, and
>the only reason stated in my return.

Why are you continuing to claim that SPEWS is blocking you when you've
admitted that they aren't?

>> SPEWS lists, the recipients do the blocking, tagging,
>> filtering, ...
>I realize this.

Then why are you continuing to claim otherwise?

>Its more like they are listing ISP's belonging to IP's.

How does that differ from what he wrote? They get spam, they look up
the owner of the relevant IP address, they enter the address and the
owner in their data base. Periodically they escalate, deescalate or
delist, as circumstances warrant, but the key data are always the IP
addresses triggering the listing, the IP block listed, the owner and
the user of the IP address and the level of the listing.

>I really do get it.

Obviously not. You don't get the fact that admins are tired of playing
games with spamhausen and want solutions that require fewer resources
and less manpower, and that shift the costs back to the perpetrators
and their enablers. Or the fact that they have a right to do so.

>I still think it is a fundamentally
>unsound and unethical policy to intentionally list IP ranges that
>are foreknown not belong to spammers and NOT inform your list users
>that you are doing so.

And I think that it is a fundamentally unsound and unethical policy to
intentionally levy such a charge in the absence of data supporting it,
much less in the presence of data contradicting it.

>To me, all of the passages you referenced seem to minimalize Spews'
>potential for false positives (in light of what they actually do).

ITYM in light of your assumptions as to what they actually do. Those
using SPEWS have run tests and looked at actual numbers.

>I don't think its a comprehension problem,

Either comprehension or honesty, because you keep repeating charges
for which there is no evidence, charges that in fact are in conflict
with the available evidence.

>I would gamble that they are intentionally leaving out these details
>so their list gets more use, and they can augment their influence.

I wish that it were possible for you to make and settle such a bet ;-)

>I think my point is that there is no way any reasonable and rational
>person would assume this after visiting Spews.org.

And yet you *do* assume it.

>To seal my case, I called the I.T. staff of the company I was trying
>to reach 2 hours ago. The rep I spoke to had no idea. When I
>informed him of the scope of the listing policy, he actually didn't
>believe me..

Quite rightfully, since you were wrong.

>I've referenced him to this thread to show
>him just how extreme Spews is.

That's a rather strange thing to do. The obvious place to refer him to
is the record for S2955. Did you explain to him that nobody here is
SPEWS?

>Sure you can claim that he was just incompitent,

I would never do that. I would claim that if he is doing any kind of
filtering without measuring the FN and FP rates then he's failing to
exercise due diligence. I'm also sceptical of your claim that he used
Level 2 without realizing that it includes a lot more than Level 1.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

Morely Dotes

unread,
Oct 26, 2006, 11:47:56 AM10/26/06
to
se...@panix.com (Seth Breidbart) wrote in news:ehosg1$mqd$1
@reader2.panix.com:

> In article <Pvmdnalup56sGqLY...@speakeasy.net>,
> <huey.c...@gmail.com> wrote:
>
>>This is a distinction without a difference, and "DNSBLs don't block
>>mail, sysadmins do" is petty silliness. The common application of a
>>DNSBL is to block mail or to assist in the scoring of mail to
>>determine whether or not it is blocked.
>
> The difference is the same as that between a reviewer saying "that
> movie is lousy, don't see it" and a protest mob standing in front of
> the theater and physically keeping people away.
>
>> SPEWS ~is~ blocking his mail, otherwise he wouldn't be here.
>
> SPEWS is advising a sysadmin to block his email, and the sysadmin is
> taking the advice. Note that the sysadmin could either stop using
> SPEWS or whitelist his address, and SPEWS would then have no effect on
> his mail to that system.

Furthermore, if SPEWS didn't exist, he (the OP) would find himself in IP
space that is nailed into local DENY tables, instead of being listed in a
DNSbl which *has* a proven track record of removing listings when the ISP
in question (e.g., the "IP owner") cleans up the spammer infestation.

I understand perfectly well that some people on the anti-spam side of the
fence hate SPEWS with a passion, but I don't believe that they truly
understand the effect it would have on email if all DNSbls were to shut
down tomorrow. At least, I hope they don't understand it. If they do, then
their aim can only be the total destruction of email, and I don't *want* to
believe that.

--
Tired of spam in your mailbox? Come to http://www.spamblocked.com
If it were easy to dispose of useless [things], the politicians KNOW
they'd be the first to go.... (NANAE, snertking)

Shmuel (Seymour J.) Metz

unread,
Oct 26, 2006, 11:44:02 AM10/26/06
to
In <1161796020.3...@m73g2000cwd.googlegroups.com>, on
10/25/2006

at 04:36 PM, "nicknomo" <nick...@gmail.com> said:

>I don't see how anyone could
>logically come to the conclusion that Spews isn't being
>straightforward about its blocking policies..

Was that a Freudian slip? IAC, I agree with what you wrote, even if it
wasn't what you meant ;-)

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

HeyBub

unread,
Oct 26, 2006, 5:36:44 PM10/26/06
to
Morely Dotes wrote:
>
> Furthermore, if SPEWS didn't exist, he (the OP) would find himself in
> IP space that is nailed into local DENY tables, instead of being
> listed in a DNSbl which *has* a proven track record of removing
> listings when the ISP in question (e.g., the "IP owner") cleans up
> the spammer infestation.

If SPEWS ceased to exist, SPEWS JR. would spring into existence tommorrow.
There are too many to whom the SPEWS "proof of concept" has gained traction.

E-Mail Sent to this address will be added to the BlackLists

unread,
Oct 26, 2006, 6:07:42 PM10/26/06
to
>> nicknomo wrote:
> Claes T wrote:

nicknomo wrote:
>>> The only people apparently giving me a problem about
>>> this is Spews.
>
>> Not exactly. Rather the people using the SPEWS lists
>> without white listing you.
>> Or rather Waggoner, Haberstroh, Lindsay, Goldstein/
>> Greenstein, Scelson, Marin, Reinertsen, Kramer
>> and Campbell. Among others.
>
> sorry, I don't mean to imply Spews is blocking me directly.
> I meant to say that the only list which gives me a problem
> (flags my ip) is the spews list.

http://moensted.dk/spam/?addr=65.217.202.11
http://moensted.dk/spam/?addr=65.217.202.16

BLARSBL Blars Block List - trying to be removed creates urges to kill:
block.blars.org -> 127.3.0.0
http://www.blars.org/errors/block.html

SPAMBAG Spambags: blacklist.spambag.org ->
uunet.blacklist.spambag.org. -> 127.0.0.2
Blocked - see http://www.spambag.org/cgi-bin/spambag?mailfrom=uunet

BUS-COUNTRIES ip-space assigned to a country:
countries.blackholes.us -> 127.8.4.0
us (United States) about: See http://blackholes.us/

NERD-ZZ ISO 3166 Number codes encoded in the last two octets:
zz.countries.nerd.dk -> 127.0.3.72
us (United States)


--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.

Cameron L. Spitzer

unread,
Oct 26, 2006, 8:16:11 PM10/26/06
to
In article <4540351f$5$fuzhry+tra$mr2...@news.patriot.net>, Shmuel (Seymour J.) Metz wrote:
> In <ehork...@news1.newsguy.com>, on 10/25/2006
> at 11:18 PM, Stephen Adams <ada...@no.spam> said:
>>60.0.0.0/8 550 Multiple spam sources 20060114
>>61.0.0.0/8 550 Multiple spam sources 20060114
>>210.0.0.0/7 550 Multiple spam sources 20060115
>>218.0.0.0/7 550 Multiple spam sources 20060115
>>220.0.0.0/7 550 Multiple spam sources 20060115
>>222.0.0.0/8 550 Multiple spam sources 20060115
>
> Why not 24/8, 38/8 and 200/6? Are there actually addresses in there
> you need mail from?

Time Warner Road Runner has lots of MTAs in 24/8.
I've got a hole in 24.56/16 for Telcove at 24.56.102.0/27.
Shaw Cable is in there. Niagarainternet.com.
Wavecable.com. Npgco.com. Rhythm.com. Charter.com.
Dccnet.com. Sprint Broadband Direct. Cgocable.ca.
Fibertel.com.ar. Cox. GCI.
I'd never get away with blocking 24/8 with no exceptions.
Too many consumer cable TV internet companies with
customer outbound relays in there.

I haven't got any blocks on 38/8. Either somebody else is
blocking them for me, or they're doing transit, not
edge things.

200/6 is tempting. I block it by /16s and /24s mostly.
I counted a hundred little holes in those blocks in 200/8.
If your customers do business with Latin America they
probably won't let you block all of 200/6.


Cameron

Hal Murray

unread,
Oct 26, 2006, 8:52:46 PM10/26/06
to

>200/6 is tempting. I block it by /16s and /24s mostly.
>I counted a hundred little holes in those blocks in 200/8.
>If your customers do business with Latin America they
>probably won't let you block all of 200/6.

But there is a boatload (or worse) of spam coming out of there.

Is there an easy way to setup per-customer whitelisting?

I'm thinking of something like a web form (with CAPTHA?)
to send a "please whitelist me" type message. That seems
like a good target for a FAQ or HOWTO type web page, but
I don't remember seeing one.

--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's. I hate spam.

--

Hal Murray

unread,
Oct 26, 2006, 9:21:43 PM10/26/06
to
In article <1161709683....@h48g2000cwc.googlegroups.com>,
"nicknomo" <nick...@gmail.com> writes:
>I hate to sound condescending, but getting another provider is
>ridiculous. This service is hosted through Verizon business / MCI.

>Its one of the biggest T1 providers in NY, and also the most reliable
>in my area.

I'm curious. How much checking (due diligence) did you do before
signing up with Verizon/MCI. It's not hard to find bad news about
UUNet (aka Spew Spew Net) which was gobble up by MCI which was gobble
up by Verizon.

For example, did you check spamhaus?

A cynic would say you bought the crap from the Verizon sales-droid
about bigger-is better.

Did you check out any local ISPs with good anti-spam records?
They might have deals with Verizon to get the access links.

wuffa

unread,
Oct 27, 2006, 3:41:24 AM10/27/06
to

nicknomo wrote:

>Currently Spews is the ONLY list I've found that is blocking me, and
the only reason stated in my return.


lets see your IP is listed with spambag.org ( but then they list all
of UUNET i think{ GOOD for them})

and there are others...

Shmuel (Seymour J.) Metz

unread,
Oct 28, 2006, 10:00:43 PM10/28/06
to
In <slrnek2fhn....@truffula.sj.ca.us>, on 10/27/2006

at 12:16 AM, "Cameron L. Spitzer" <spam...@merde.greens.org> said:

>Time Warner Road Runner has lots of MTAs in 24/8.

They're one of the providers that I would want to block in toto.

>Shaw Cable is in there.

Another one.

>Charter.com.

Another one.

>Sprint Broadband Direct.

Another one.

>Cox.

Another one.

>Too many consumer cable TV internet companies with
>customer outbound relays in there.

Those tend to be rogue, but if your customers need their traffic then
you're stuck.

>I haven't got any blocks on 38/8. Either somebody else is blocking
>them for me, or they're doing transit, not
>edge things.

You may already be blocking cogentco.

>200/6 is tempting. I block it by /16s and /24s mostly. I counted a
>hundred little holes in those blocks in 200/8. If your customers do
>business with Latin America they
>probably won't let you block all of 200/6.

There's an APNIC /8 in that range as well. Not a problem for me, but
if you've got Asian customers it might be for you.

--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>

I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org

--

0 new messages