Re: Cannot find referenced case for XO Range 66.236.0.0/16
1urk3r
> Testresults
> Sorry 66.236.243.147 is currently listed in APEWS :-(
> Entry matching your Query: E-209981
> 66.236.0.0/16CASE: C-130
> One or more bots in ASN / CIDR, unprofessional / negligent
> ownerSpecial Reason:
> For info on why you are blocked, go to Google Groups and search for
> your criteria in news.admin.net-abuse.sightings
> History:Entry created 2007-06-06
>
> I have client with issues sending to only 4 domains that started
> yesterday. This was only blacklist I could find but then it doesn't
> seem to be in the Google Groups to get details. I would like to tag
> XO on any issues but need the information to do so. Unless absence of
> the case is supposed to mean it has been cleared up? Faqs didn't
> indicate a case would be removed.
>
have you actually seen any mail
rejected as a result of the "listing?"
i'll wager you haven't, and won't."apews"
is not used by anyone. it's a hoax. the
mention of this newsgroup in their
"faq" (largely copied from a now-
defunct blacklist's site) is not
authorized by the founders of this
group.
adam
--
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Shmuel (Seymour J.) Metz
08/03/2007
at 11:41 PM, ljo...@computerone.biz said:
>For info on why you are blocked, go to Google Groups and search for
>your criteria in news.admin.net-abuse.sightings
They really shouldn't say that since what is listed is a block of IP
addresses and there is no way to search google for all IP addresses in
the block. You might try searching for XO Communications.
>I would like to tag XO on any issues but need the information to do
>so.
They need to clear up all of their issues, not just the ones that
APEWS knows about.
>Faqs didn't indicate a case would be removed.
The FAQ does indicate that a case will be closed when the provider
resolves the problem.
BTW, has anybody actually rejected mail based on the listing?
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
Seth
Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> wrote:
>In <1186180008.4...@e16g2000pri.googlegroups.com>, on
>08/03/2007
> at 11:41 PM, ljo...@computerone.biz said:
>
>>For info on why you are blocked, go to Google Groups and search for
>>your criteria in news.admin.net-abuse.sightings
>
>They really shouldn't say that since what is listed is a block of IP
>addresses and there is no way to search google for all IP addresses in
>the block. You might try searching for XO Communications.
It's easy enough to search for a /16. (You might get a few false
positives, so look at the results by hand.)
>BTW, has anybody actually rejected mail based on the listing?
I believe there have been two cases of mail actually rejected due to
APEWS noted in NANAE.
Seth
Shmuel (Seymour J.) Metz
08/04/2007
at 05:51 PM, 1urk3r <adamb...@gmail.com> said:
>the mention of this newsgroup in their "faq" (largely copied from a
>now-defunct blacklist's site) is not authorized by the founders of
>this group.
Nor do the founders of this group have the authority to authorize or
prohibit such references. What APEWS suggests posting here is on topic
per the charter.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
--
DLU
> Testresults
> Sorry 66.236.243.147 is currently listed in APEWS :-(
> Entry matching your Query: E-209981
> 66.236.0.0/16CASE: C-130
> One or more bots in ASN / CIDR, unprofessional / negligent
> ownerSpecial Reason:
> For info on why you are blocked, go to Google Groups and search for
> your criteria in news.admin.net-abuse.sightings
> History:Entry created 2007-06-06
>
> I have client with issues sending to only 4 domains that started
> yesterday. This was only blacklist I could find but then it doesn't
> seem to be in the Google Groups to get details. I would like to tag
> XO on any issues but need the information to do so. Unless absence of
> the case is supposed to mean it has been cleared up? Faqs didn't
> indicate a case would be removed.
>
It seems as if XO is hosting a few spammers, in fact a whole nest of
them including several ROKSO listings.
And this one in there with your IP.
SBL37424
66.236.249.64/26 xo.com
30-Jan-2006 09:15 GMT Richard Simnett - S-Infotech / Direct Media Network
intellishaft.com
SBL38952
66.236.249.64/27 xo.com
13-Mar-2006 02:45 GMT Richard Simnett - S-Infotech / Direct Media Network
robrace.com / dvrsmail.com spammers
Found 44 SBL listings for IPs under the responsibility of xo.com
http://www.spamhaus.org/sbl/listings.lasso?isp=xo.com
Anyone who wants to protect his network should block large groups of IPs
from XO.
--
***************************************
* This is the Spammish Inquisition *
* Not Lumber Cartel Unit 75 [TINLC] *
* I am not SPEWS.ORG *
***************************************
Cameron L. Spitzer
> It seems as if XO is hosting a few spammers, in fact a whole nest of
> them including several ROKSO listings.
>
> http://www.spamhaus.org/sbl/listings.lasso?isp=xo.com
>
> Anyone who wants to protect his network should block large groups of IPs
> from XO.
I'm not blocking large groups of IPAs that belong to XO, and I'm
seeing little spam from there. It seems to me the biggest spammers
on ROKSO do not send from the address ranges named in
their ROKSO listings. They'd get poor delivery rates.
The ROKSO listings indicate *other* services they use, not SMTP sending.
If you were to reject, for example, messages containing URIs
with domains in them with DNS or HTTP servers in ROKSO listings,
you might stop quite a bit of spam. But that would be a much
more sophisticated test than just blocking SMTP client IPAs.
Most of the spam that's getting through my blocks these days
comes from legitimate email servers. The spammer has broken in,
or placed a PHP mailing form through an exploit, or bought
an account, or guessed a weak SMTP AUTH password by dictionary
attack. That's what the owners of the machines tell me, anyway.
In many ways we've returned to the whack-a-mole days of the
mid '90s. Except the spammers are buying shared web hosting
accounts with the stolen credit cards, not dial-up accounts.
http://spam-vs-freedom.blogspot.com/2006/11/new-whack-mole.html
Cameron
DLU
> In article <46B68552...@justthe.net>, DLU wrote:
>
>>It seems as if XO is hosting a few spammers, in fact a whole nest of
>>them including several ROKSO listings.
>>
>>Found 44 SBL listings for IPs under the responsibility of xo.com
>>http://www.spamhaus.org/sbl/listings.lasso?isp=xo.com
>>
>>Anyone who wants to protect his network should block large groups of IPs
>>from XO.
>
>
> I'm not blocking large groups of IPAs that belong to XO, and I'm
> seeing little spam from there. It seems to me the biggest spammers
> on ROKSO do not send from the address ranges named in
> their ROKSO listings. They'd get poor delivery rates.
No they do not send from their XO addresses, the control zombie networks
from the DNS that are hosted by XO.
Same for several large ISPs such as Verizon.net.
look at all the crap that can be traced aback to Yambo. None from their
own address what ever that is, it comes from DNS machines set up to
control botnets.
That is why XO should be blocked, they are giving the spammers the tools
to spam without the spam being traced back to them.
The other use is hosting the websites where they can sell to the suckers.
>
>
--
***************************************
* This is the Spammish Inquisition *
* Not Lumber Cartel Unit 75 [TINLC] *
* I am not SPEWS.ORG *
***************************************
--
Cameron L. Spitzer
> Cameron L. Spitzer wrote:
>
>> In article <46B68552...@justthe.net>, DLU wrote:
>>
>>>It seems as if XO is hosting a few spammers, in fact a whole nest of
>>>them including several ROKSO listings.
>>>
>>>Found 44 SBL listings for IPs under the responsibility of xo.com
>>>http://www.spamhaus.org/sbl/listings.lasso?isp=xo.com
>>>
>>>Anyone who wants to protect his network should block large groups of IPs
>>>from XO.
>>
>>
>> I'm not blocking large groups of IPAs that belong to XO, and I'm
>> seeing little spam from there. It seems to me the biggest spammers
>> on ROKSO do not send from the address ranges named in
>> their ROKSO listings. They'd get poor delivery rates.
>
> No they do not send from their XO addresses, the control zombie networks
> from the DNS that are hosted by XO.
> to spam without the spam being traced back to them.
>
> The other use is hosting the websites where they can sell to the suckers.
Well that leads me to the question of what are you trying to
accomplish, and how does the proposed action accomplish that.
Reasons to block spam from an IP address range:
1. Nothing but spam comes from there.
2. Protect your customers from being bot-controlled from there.
3. Educate the legitimate customers of the spammer friendly firm.
4. Punish the spammer friendly firm.
5. Compel a change in behavior by the spammer friendly firm.
6. Make a "statement" to nobody in particular.
As Vernon puts it, are you fighting spam or fighting spammers?
Number 1 is obvious. Blocking spam sources by IP address range
keeps spam out of your network.
Number 2, sort of. As I understand it, bots phone home via IRC
type protocols. The bot is the client, the bot-controller is
the server. So you'd have to block calls out to ports in
the boycott range other than, say, 53, 80, and 443.
Or maybe proxy it all, and only allow contact after the customer
passes a CAPTCHA, like a lot of wifi places do, but selectively
according to the blocklist. An interesting idea, I hope it
catches on. (To do it on a grand scale might require a new
generation of core routers. The current generation focused
on Quality of Service policy, and it took serious hardware
support. The next generation would need that kind of support
for boycott policy.) Blocking incoming port 25 wouldn't do
much good though.
Number 3 would backfire on me. My users aren't sophisticated
enough to understand the whole situation and explain it to
their correspondents who are customers of the spammer
friendly firm. They'd just tell all their friends *my* email
service "doesn't work."
Number 4 is silly. Large corporations may indeed be lifeforms,
but they are not sentient. They react to *irritation* (that's
one of the characteristics of a life form) but they don't
know right from wrong. The only punishment they can possibly
understand is very large fines or punitive damage awards.
But most likely those are only understood as costs of doing
business.
Number 5 might work if I had tens of millions of users.
Number 6 cannot be expected to have any effect.
I really like the idea of boycotting unethical corporations.
But it has to be strategic. A boycott nobody notices isn't
worth doing.
Cameron
DLU
Obviously blocking the DNS does not do anything as it is not sending to
you directly, so you can not actually stop the server from controlling bots.
>
> Number 3 would backfire on me. My users aren't sophisticated
> enough to understand the whole situation and explain it to
> their correspondents who are customers of the spammer
> friendly firm. They'd just tell all their friends *my* email
> service "doesn't work."
Unfortunately your users are part of the problem. They do not want spam
but they still want to be able to send to the criminal ISP.
> Number 4 is silly. Large corporations may indeed be lifeforms,
> but they are not sentient. They react to *irritation* (that's
> one of the characteristics of a life form) but they don't
> know right from wrong. The only punishment they can possibly
> understand is very large fines or punitive damage awards.
> But most likely those are only understood as costs of doing
> business.
Well keep in mind that some ISPs have gone under due to their spam
support. If enough ISPs do block another one, the techs get on the
phone and do try to resolve it. As usual it is the suits who need to be
educated, but the best education for them is loss of income.
>
> Number 5 might work if I had tens of millions of users.
Maybe you alone do not, but it is like the Lilliputians. Get enough of
them together and they can accomplish something. What did Arlo say in
Alice's Restaurant, two is a conspiracy, and three is a movement.
>
> Number 6 cannot be expected to have any effect.
>
> I really like the idea of boycotting unethical corporations.
> But it has to be strategic. A boycott nobody notices isn't
> worth doing.
>
>
> Cameron
I still think the best solution is bad publicity, shining the light on
what is actually going on. Are these people profiting at your expense
Mr. User? It takes publicity and a constant stream of it. One or two
articles do not get much notice, but every time there is some article in
the news, it needs to be replied to. A good example is Rizzler's recent
conviction. OP ED letters explaining other aspects of the spamming
culture need to be sent and eventually they will catch on. Most news
people are not experts in a field, they know how to find the
information, how to write it up, but they do not necessarily know the
inner workings, that is why they are constantly quoting some expert or
other.
--
***************************************
* This is the Spammish Inquisition *
* Not Lumber Cartel Unit 75 [TINLC] *
* I am not SPEWS.ORG *
***************************************
--
Shmuel (Seymour J.) Metz
at 06:31 PM, "Cameron L. Spitzer" <spam...@merde.greens.org> said:
>Reasons to block spam from an IP address range:
7. The cost of accepting traffic exceeds the cost of not accepting it.
>As Vernon puts it,
Vernon has been on a coup-counting polemic streak for a decade.
>are you fighting spam or fighting spammers?
Another way of spinning it is "Are you selfishly protecting only your
own network or are you trying to improve the Internet.?"
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
--