That we're being trolled?

I've got to go along with those of you that believe this is someone
more at odds with SPEWS than Chatmag, who is here just to stir up more
trouble. Who it is, I don't know, or care. As I had stated before,
Craig Stephens is not in any way connected to Chatmag, and it is not
I. I would NEVER pull such a b/s stunt like that to get hits. I don't
need to, Chatmag is tops in our field, and getting stronger every day.
Strong enough that I am advertising over on Monster.com for ad sales
people, and getting ready for an ad campaign promoting Chatmag (no
email campaign, its all print/tv/radio).

It surprises me that it took 15 months for our article to reach here,
but no matter.

Now that its done, lets get down to cases.

First, let me state that I firmly believe that Terry Gilsenan is the
founder/administrator/owner of SPEWS. No doubt about it.

That being said, and rather than getting into a prolonged response to
all of your emails and postings, I have a proposal for Terry.

We all know that the idea of blocklisting IP's makes sense, but not
blocking IP's that are not in themselves spamming, but are in the same
netblocks as spammers.

The general trend lately is for spammers to use compromised boxes,
rather than what they were doing when SPEWS came into existence, that
is, using their own boxes to send spams. Two years ago, I could read
the full headers of a spam email, and see it coming from a relatively
few places, mostly Florida or Alabama. Now, the originating IP's are
all over the spectrum, leading me to believe that they are coming from
compromised boxes that someone has installed a SMTP server on, without
the box owners knowledge or consent. If you've been following the news
lately, you've read that some ISP's are discussing cutting these boxes
off from Internet access. And, some ISP's have blocked Port 25 in an
effort to stop spammers.

It's those compromised IP's that need to be blocked, not an entire
range of IP's.  What happens is that there is an initial spam run from
a compromised box, and, with spam traps, they show up on the radar as
a spam IP. They make one large run from that IP, and stop, going on to
another compromised box. When they have exausted their supply of
compromised boxes, they start over, with another spam run from that
original IP a week or two later. Also, spammers have been selling IP's
of compromised boxes to other spammers, in either case, there is a one
day run, then a lag time. It's during this lag that the box IP should
be put onto a blocklist, preventing runs #2, etc.

What role does SPEWS play in this? Presently, SPEWS is not used by
very many ISP's and other email servers, primarily for two reasons; no
real contact, and the mass blocking of IP's.  Change that.  Set up a
contact point, other than NANAE.  Set up a webform to be filled out,
or a discussion board within spews.org or an email contact.

Sign your work. Terry, you had a great idea, why not take the credit.
Simply posting on your FAQ as the owner/admin/operator will suffice.
You'll find that more admins would be willing to use SPEWS if a real
point of contact is available.

Stop the mass blocking of IP's. SPEWS can be set up to block the
compromised box IP's, which is a more efficient use of your limited
server resources, and zero's into the problem of spamming.  If you
provide a blocklist of compromised IP's, you'll find more people
willing to use SPEWS, which in the long run will benefit all of us, by
cutting off the spammers ability to send.

As to the compromised IP's. As reports of spam from an IP come in,
place them in the blocklist, for one year. Why one year? Check most of
your spam emails that have an URL to a web site. Most of them are of
the "amsnbzxw.com" or other randomly selected letter/type URL's. And,
doing a whois shows most all of them are registered for one year only,
hence the one year block. (That particular URL was on a Vicodin spam,
do a whois on it, you see what I mean). Blocklist the IP that the
email came from (which shows as a box in Russia, figures), and you
deny that box sending any more spam. But, a lot more people have to
use SPEWS than they do now in order to be effective against spam.
Thats why the change in tactics. Think "surgical strike" rather than
"nuke the world".

Have an arbitration process so that alledged spam can refute the
charge of spamming. In reality, looking at most of the spam I get, and
I get hundreds a day, none of the spammers will enter into an
arbitration, they know they done wrong.  But, give that as an option.
I've monitored NANAE for a long time, and I can think of a few
regulars here I would recommend to join an arbitration board.
(AndroidCat, Detox, Rich Clark, to name a few).

You could set it up as part of a discussion board, with a section
devoted to removal requests. But remember at this point, you're mostly
blocking compromised boxes, so you won't see a lot of requests. Other
sections of the discussion board could be for spam fighting
discussions, etc.  I've been a member of IRC/Unity (comprised of
IRCop's and Admins from the various IRC networks) since it's
inception, and in their closed list, we discuss many ways to fight
attacks and other security issues on IRC. You could take a lesson from
IRC/Unity and have a "members only" section for sensitive discussions
that you don't want spammers to see.

What part does Chatmag or myself play in this? If you set it up as
I've suggested, I'll remove the article regarding yourself and SPEWS,
and also delete the reference in our News section. If you are willing
to create a discussion board, and your web host does not give you that
capability, I'll host it on my servers, setting you as Admin.

I'll also to the best of our ability promote SPEWS as a viable
resource in the fight against spam, by including special articles in
our Safety Section, News, and linking SPEWS in the various topics
within the directory that would best target newbies.  A lot of
Chatmag's traffic is newbies to chat and the Internet, so you'd be
targeting people that NEED good information regarding spam.

Whatever else we can do, we'll do. It's all up to you now.

Pete

(Secret message to a certain someone. Photographic proof: ugly guys
with money still get the girl :) )

On 26 Jun 2004 18:16:12 -0700, edi...@chatmag.com (Pete) wrote:

I firmly believe you've been smoking the drapes.

--
"There's a fine line between being on the
leading edge and being in the lunatic fringe."
- Frank Armstrong

On 26 Jun 2004 18:16:12 -0700, edi...@chatmag.com (Pete) wrote:

Not so secret message to you, Petey:  Your 'girl' may be a nice
person, but it's pretty obvious she's none too picky.

Now go away lest I slap your head on the nekkid clown for the new
issue of The Spew.

--
Oh what a tangled web they weave when
spammers hook up with legal sleaze.
-unknown, but it could have been me.

The brain droppings of Pete were posted in
news:a1a265bb.0406261716.10df5d94@posting.google.com on 26 Jun 2004:

<snip>

Sorry.  I don't buy it.  After spending 18 months (on and off) reading
posts and seeing how a strong of "oh shit - I just screwed up big time"
affects lackadasical ISPs, I am strongly convinced that IP range blocking
is precisely the tool needed to motivate those careless ISPs (being
charitable here) to better screen their clientele.

Anything less is a waste of time.

In fact, I recommend such tactics to as many people as possible.

Thanks for the compliment, but I am totally unqualified and haven't the
time.

<snip>

Regards,
Detox

Hey Pete, maybe you should see a doctor about that those voices you keep
hearing. Or maybe just readjust the foil hat.

Foaming at the mouth Kook, meet Foaming at the mouth Kook.

Someday in the distant future, archeologists digging thru the ruins of
news.admin.net-abuse.email  will discover that edi...@chatmag.com (Pete)
had this to say on 26 Jun 2004:

Why would SPEWS want to be associated with a lunatic?

--
     I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM)
"I don't live in a police state. I am in Ohio" - Annie, spamcop troll

In article <a1a265bb.0406261716.10df5...@posting.google.com>,
        edi...@chatmag.com (Pete) writes:
[snip]

You're sharp enough to figure that out, yet...

Based on some seriously flimsy "evidence," you're ready to pronounce
Mr. Gilsenan as SPEWS.  I don't know who SPEWS is, so I cannot say
with authority you're wrong, but I strongly suspect you are.

No, "we" don't all know that.  Here's a shocker for you: My own
private ACLs are created/operated on principles very similar to those
of SPEWS, except I usually "escalate" right off the bat.

[snip]

Oh, now you're going to "educate" us about trojaned PeeCee's, are
you?  Heh.

Whatever gives you the idea that SPEWS cares about you or your little
on-line publication?  A publication of so little import that it took
15 months between the time you published an article on perhaps the
most contentious DNSbl there is, and its mention in *the* newsgroup
devoted to email abuse.  That is some ego trip you're on.  SPEWS has
included in their "escalations," entities a whole lot bigger than
your little operation.  Get a grip, man.

What's the frequency, Kenneth?

--
Jim Seymour                          | "Some of the lies are so strange it
WARNING: The "From:" address is a    |  makes you wonder about the spammer's
spam trap.  DON'T USE IT!  Use:      |  sanity."
jseym...@LinxNet.com                 |   - Ed Foster, "The Gripe Line" 6/24/02

news:sc8sd0d8qphmgfmcdji4knj8vtd9f10bi2@4ax.com...

I agree with this post. Blackhole thier IP's at will folks.

"The men who really believe in themselves are all in lunatic
asylums. -- G.K. Chesterton

--
James Riden / j.ri...@massey.ac.nz / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.