blacklisted, again

bad sector

unread,

Sep 7, 2023, 12:09:25 PM9/7/23

to

My email domain keeps getting *blacklisted* on
account of (as far as I'm able to determine)
the fact that my Domain-Name Hosting provider
falls under i.e.

"..is part of AS 16276 OVH FR and the Networks
167.114.128.0/18

Reverse DNS (PTR) exists and claimes to be:
sohsu1.dns77.com

Forward DNS for sohsu1.dns77.com is 167.114.138.246

This IP is not registered at ips.whitelisted.org"

I got this in a UCEPROTECT report from a store
whose email to me I could not reply to and who
stand to lose money on account of it (I stand to
lose a lot of time!!).

I put this SCAM in the same drawer as spam phonecalls
to avoid which one has to register oneself on a
white-list of people who do NOT want unsolicited
phonecalls. Seems to me that it's those who DO want
them that should have to register. It all smells like
shit. What are my options to avoid crap like this?

--
N2M (Notice To Merchants): if any part of our communication before,
during or after a transaction with you is routed to any 3rd party like
Googmole or Faecesbuch or such other without my explicit consent each
time then you will learn a lot about me and about marketing, but you
will never smell my money.

J.O. Aho

unread,

Sep 7, 2023, 8:44:47 PM9/7/23

to

On Thu, 07 Sep 2023 20:01:02 -0400, bad sector <forg...@invalid.net> wrote:
> Getting back to blacklisting, there's something that bugs me. I am
> however speaking as a server-ignorant end-user which also means outside
> of the techno tunnel. SPAM as such cannot be anon, or it wouldn't work
> because its purpose is to sell something so the victimn has to have a
> way to respond and THAT is surely traceable. On the other hand freedom
> of speech does not exist if anon speech does not. So what are we looking
> at here, a war on freedom of speech which is not only a right but a
> civic duty, or a war on spam which isn't anon anyway? Food for thought,
> doesn't the right to absolute freedom of speech far outweight the right
> to no spam? And by that I don't mean to tolerate spam but to call a
> spade a spade.

The bulk of spam comes from botnets with the majority of the ip addressess
sending the spam being clueless windows users whose systems are infected with
malware.

There are sales people who hire spam sending services to send a million or more
messages to "select lists". As long as they think they'll get sales that way,
they'll keep hiring spammers. Doesn't matter they they actually get any sales
or not, just whether they think they will or not.

While the email may or may not have a from address, with spam it's usually forged.

Most spam is promoting scams looking for yet another sucker to take money from,
or trying to spread malware for various purposes such as bulding their botnet.

While the receiving server knows which ip address connected to it, that address may
or may not get added to the headers in the email message depending on how the server
is configured.

A block list doesn't stop you from sending your email. The recipient is the one
blocking you by configuring their system not to accept messages from you.

You have no right to force the recipient to store your message on their computer.
It's their property you're trying to use when you send an email to them.

Regards, Dave Hodgins

bad sector

unread,

unread,

Sep 8, 2023, 12:10:26 AM9/8/23

> So if I get spam from some mookmook in timbucktoo then it's ok to
> nuke the whole continent; sickening microcancerish bullshit.

That is the reality. There is no other possibility than blocking an
entire mail system. Some ISPs don't care about spam and abusers use
other addresses. This often results in the listing of the entire AS and
therefore in the listing of innocent servers.

> > For you, convince your isp to take action as their failure to stop
> > their customers
>
> Yeah, right, my yearly equivalent of a bud-light 3-pack will really
> swing the pendulum. At one time it was pointed out that it was maybe
> smarter to have a dedicated rather than a shared server, even without
> being mail-server knowlegable I figured that I should pay more for a
> dedicated server. Did't make any difference though, none at all.

The hardware isn't relevant for the listing. Only the amount of spam
coming from the system that sends the mails out and the AS itself.

> > In the case of 167.114.138.246, it shows your ip address has not
> > sent spam, but
> > AS16276 (OVH Hosting, Inc.) have 816 ip addresses that have managed
> > to hit spamtraps used by uceprotect 4534 times in the last 7 days.
> > That's from http://www.uceprotect.net/en/rblcheck.php
>
> My "ISP" is Save-On-Hosting dot com. How namy of those spam trappers
> originated from THEM?

I cannot tell you how many, although it seems that OVH has spammers in
its network. they must remove them.

> Whose rights prvail, those who want spam-free mail or those who want
> to send non-spam mail without being prejudiced against? Is my right
> to communicate less than another's to receive no spam?

This is rather simple:
Somebody is responsible for the domain of the recipient. Either himself
or an ISP.

The operator decides that he want to block certain servers by using
blocklists.

If you recipient doesn't want them, he has to ask the admin to accept
mail for his address from any source.

Another possibility is that he runs its own domain with own mail server.

> > Most isps now block outgoing connections to port 25, except from
> > customers who
> > have registered with them as running a mail server. Those that
> > don't deserve
> > to be blocked from sending email.
>
> I have no idea what port 25 does, nor do I care!

If you have mail problems, you should care. :-)
tcp/25 is the port for smtp communication.
465 and 587 are SMTP submission (your mail client will contact the mail
provider´s SMTP server on that port) and require authentication, so
spammers cannot send mail to that port.
Spammers can send mail to port 25, because there auth must not be
required (you postbox at your house is also open for letters by
everyone).

Normal users that don't operate an SMTP server don't need to connect to
port 25.
To avoid that normaler users can send spam (intended or because of
malware), most ISPs block port 25 tcp outgoing, unless the customer
requests to unblock it.

> My ISP sets up a dedicated mail server in conjunction with my hosted
> web site and that's what I pay for. If anyone wants to blacklist ME
> for spam they should prove that MY server has originated spam or shut
> the fuck up and vanish from the list of breathing entities!

Can you proof that?
Mostly this server is shared with hundreds of customers. If one of them
abuses it, it will be blacklisted.
Most likely it is not your fault.

> ANYONE accused of ANY wrong doing has the right (at least in
> countries of 2-legged humanoids) to be presented with details AND
> evidence without which defense is impossible.

The recipient´s administrator can decide from whom he wants to accept
mail.
If the recipient itself wants control over that, he has to operate its
own infrastructure.

> > The good thing about getting blocked by uceprotect is that the
> > blocking will
> > stop when the spam stops. Many other blocklists do not have removal
> > policies.
> > Once listed, it's permanent.
>
> How sweet, not much help though when I just wasted a day trying to
> complete already initiated commercial exchanges essential to my
> farming activitioes in time before winter. In the particular case,
> today, I had twenty grand's worth of engine parts at various stations
> in a shipping system in various states of acceptability etc. etc.
> etc. How about MY right to communicate?

I know that your situation is bad, but the only way to permanently go
out of that is running your own servers in your own AS.

> The self-appointed netcops they should erect sanctions against the
> spam originators on a much more specific level through international
> cooperation and legistlation.

Technically this is not possible. They only reliable source is the
address of the server transmitting the spam to the target. The real
author can be easily forged.
The idea is to make the server operators ban such users and try to
limit abuse as much as possible.
Most operators do that, some don't. Some companies love spammers as
customers. Nobody wants spam from them. The victim are innocent
customers of the same company.

> As it is I agree with J.O. Aho, when you blacklist and demand money
> to be expeditiously unlisted that's called extortion and is a crime
> in most human circles. Just like the telephone spam-lists, I will
> have NO PART OF IT.

They only want money to unlist you immediately.
Somebody needs to do the work.
I can understand that they take money.
Although, they unlist you automatically after some days when no spam
comes from the IP.
http://www.uceprotect.net/en/index.php?m=7&s=0

bad sector

unread,

Sep 8, 2023, 7:23:53 AM9/8/23

to

On 9/8/23 00:31, David W. Hodgins wrote:
> On Fri, 08 Sep 2023 00:10:18 -0400, bad sector <forg...@invalid.net>
> wrote:
>
>> On 9/7/23 23:12, David W. Hodgins wrote:
>>
>>> What it sounds like you are advocating is taking away the right of
>>> owners of the
>>> servers to run them as they see fit. I don't think that's what you mean,
>>> but that's
>>> how it reads.
>>
>> And running servers as they see fit sounds a bit
>> like Zukerbarfs' business-model rhetoric the other
>> day responding to Canada's legislsation proposals.
>
> True. Canadians can still get Canadian news, but have to use a browser or
> rss reader, not facebook.

Not only that but I see that Radio-Canada (the Quebec and thus
francophone arm of the CBC) is setting up its own 'app' whatever that
may be.

>>> Any hosting service you consider buying, check the ip address at a site
>>> such as
>>> https://www.dnsbl.info/dnsbl-list.php
>>> It does a lookup of the ip address with many of the publicly accessible
>>> lists.
>>
>> Good point but it's a bit of 'buyer-beware' philo
>> which IMO is obsolete in civilized societies. Do
>> we allow unscrupolous surgeons to leave patients
>> to stich themselves up? Then why should we allow
>> unscrupolous anyone to act similarly?
>
> Forgot to add previously, If you want to run your own mail server, get your
> own domain name, set up an ns entry for the mail server and ensure the
> hosting
> service will set up reverse dns for that ip pointing to your mail server.

I do and I will (look into it), thanks. At this point in time and in
trail of some other comments in the thread, I'm not entirely sure if my
'mail server' is really a full autonomous mail server or just a bundled
mail server service (hitched to my my dedicated web server service after
I demanded it).

bad sector

unread,

Sep 8, 2023, 7:40:45 AM9/8/23

to

Money does say extortion but what is even more worrisome is that under
the guise of spam-control they recruit thousands of desparate customers
who blindly trusting the lists because they do limit spam then tether
themselves to the blacklists just to be free of yet another
administrative headache. Then, after a while, the blacklists start
leaning against the politically-incorrect and those who are thorns in
the sides of someone and the lists imperceptibly morphe into a
*disconnect from the world rental-service* for googlegoons. When so
fundamental concepts are involved there can be no gray areas and any
neo-egg with so called blacklists and ransom is by definition and
default a huge fog bank to be treated with extreme prejudice (pun intended).

bad sector

unread,

Sep 8, 2023, 7:45:08 AM9/8/23

to

It's not excluded, I'm waiting for my hoster to pull the raised ticket
and answer it. This WILL be the last chance (as it certainly isn't the
first incident). I'm NOT against providers being arm-twisted to move
against spam, I'm againts dangerous precedents and obscure gestapoisms.

bad sector

unread,

Sep 8, 2023, 8:03:30 AM9/8/23

to

No cigar. That sounds like a penalty to exercise a far more fundamental
freedom.

>> The self-appointed netcops they should erect sanctions against the
>> spam originators on a much more specific level through international
>> cooperation and legistlation.
>
> Technically this is not possible. They only reliable source is the
> address of the server transmitting the spam to the target. The real
> author can be easily forged.
> The idea is to make the server operators ban such users and try to
> limit abuse as much as possible.
> Most operators do that, some don't. Some companies love spammers as
> customers. Nobody wants spam from them. The victim are innocent
> customers of the same company.
>
>> As it is I agree with J.O. Aho, when you blacklist and demand money
>> to be expeditiously unlisted that's called extortion and is a crime
>> in most human circles. Just like the telephone spam-lists, I will
>> have NO PART OF IT.
>
> They only want money to unlist you immediately.

Here we enter another consideration. The merchant in question told me
that they receive daily reports of the blocked emails (if I understood
correctly, their IT guy was pretty arrogant and talking down to ME like
"I" was some criminal, I who as the paying customer put supper on this
family's table for crissake). Anyhow, IF it's true that they receive a
list of originators blacklisted that day then THEY should fork out the
money to have them immediately unlisted. NOT doing so means they don't
really want you as a paying customer; and I can live with that, there
ARE other merchants out there.

Carlos E. R.

unread,

Sep 8, 2023, 10:05:18 AM9/8/23

to

On 2023-09-07 23:19, David W. Hodgins wrote:
> On Thu, 07 Sep 2023 22:36:30 -0400, Carlos E. R.
> <robin_...@es.invalid> wrote:
>> Also, the received headers can be investigated. The last one is always
>> true, because it is your own mail server. So you trace backwards, one by
>> one... at some point, you need police and court cooperation from the
>> countries traversed by the mail, you need the police going to that
>> server and demanding the logs by force. In the end, after a lot of
>> money, you can find someone to put in prison. But not all countries are
>> going to collaborate...
>
> Not all servers keep logs, and those that do have limits on how long
> it's kept for, so speed would be another problem to deal with.

Just change the law so that they are mandated to keep logs.

Good luck with that.

>
>> Certainly, it may be coming from a compromised machine of some poor sod.
>> Well, he must be fined for having a machine compromised, for not paying
>> maintenance, for having faulty providers like M$.
>> After you fine a few thousands, people will take care.
>
> Nah. They'll just band together to replace the government with one
> that doesn't do that.
>
>> But we will not get that level of international cooperation.
>
> That's true!
>
> Regards, Dave Hodgins

--
Cheers,
Carlos E.R.

Carlos E. R.

unread,

Sep 8, 2023, 10:11:31 AM9/8/23

to

On 2023-09-07 20:02, David W. Hodgins wrote:
> On Thu, 07 Sep 2023 17:43:05 -0400, bad sector <forg...@invalid.net>
> wrote:
>> I don't know what spam-trap criteriae ARE, almost ALL people I know
>> don't either. Instead of bouncing MY emails why don't they email me with
>> the details that caused MY email to trap? And IF it's not MY email then
>> block the guilty IP address but not others at whichever single ISP, not
>> to mention chains of ISP's.
>
> The uceprotect block list doesn't actually block any email. The who are
> receiving
> the email, or the administrator's running their mail servers choose to
> use the
> uceprotect list. It's clearly explained how it works on their website,
> so those
> who are choosing to use it are doing so knowing full well that innocent
> customers
> of spam enabling isps will be caught up in it.
>
>> So if I get spam from some mookmook in timbucktoo then it's ok to nuke
>> the whole continent; sickening microcancerish bullshit.
>
> As the recipient, that's up to you. Sending email does not give the
> sender the right to force others to accept it. The recipient has the
> choice of whether or not to accept it.

That's debatable if the recipient is a business. Or anyone that has to
be publicly contactable, like government offices, say.

...

--
Cheers,
Carlos E.R.

David W. Hodgins

unread,

Sep 8, 2023, 11:26:29 AM9/8/23

to

On Fri, 08 Sep 2023 03:07:00 -0400, J.O. Aho <us...@example.net> wrote:
> All serious blocklists has a mechanism to be removed from the list,
> which do not involve loads of money.

To get the ip addresses unlisted all the isp has to do is stop sending
spam. After 7 days, it's automatically unlisted. No payment required.

The list is fully automated. If individuals want to pay to get an innocent
ip address unlisted instead of moving to an isp that doesn't support spam,
or getting that isp to stop supporting spam, then they have to pay for the
time of the admin to do that work.

Do you work for free?

Regards, Dave Hodgins

David W. Hodgins

unread,

Sep 8, 2023, 11:26:30 AM9/8/23

to

On Fri, 08 Sep 2023 10:11:28 -0400, Carlos E. R. <robin_...@es.invalid> wrote:
> That's debatable if the recipient is a business. Or anyone that has to
> be publicly contactable, like government offices, say.

There are regulatory rules that require some entities to retain records, including
received email messages. As far as I know, none of them require messages be
accepted and stored. The rejection logs would have to be kept, but not the spam.

Regards, Dave Hodgins

Carlos E. R.

unread,

Sep 8, 2023, 2:35:29 PM9/8/23

to

That's correct. And yes, those logs suffice.

--
Cheers,
Carlos E.R.

bad sector

unread,

Sep 8, 2023, 5:04:18 PM9/8/23

to

On 9/7/23 12:09, bad sector wrote:
>
> My email domain keeps getting *blacklisted* on
> account of (as far as I'm able to determine)
> the fact that my Domain-Name Hosting provider
> falls under i.e.
>
> "..is part of AS 16276 OVH FR and the Networks
> 167.114.128.0/18
>

> Reverse DNS (PTR) exists and claimes to be:
> sohsu1.dns77.com
>
> Forward DNS for sohsu1.dns77.com is 167.114.138.246
>
> This IP is not registered at ips.whitelisted.org"
>

> I got this in a UCEPROTECT report from a store
> whose email to me I could not reply to and who
> stand to lose money on account of it (I stand to
> lose a lot of time!!).
>
> I put this SCAM in the same drawer as spam phonecalls
> to avoid which one has to register oneself on a
> white-list of people who do NOT want unsolicited

> phonecalls. Seems to me that it's those who DO want
> them that should have to register. It all smells like

> shit. What are my options to avoid crap like this?

This may have been linked in the thread, I've lost track in the dizzying
debate, realtime check of your IP:

The complete IP check for sending Mailservers

https://multirbl.valli.org/lookup

When I drop it into my web navigator it checks my internet conection IP
address (use the e-ail option fro hosted web or email IP) but this too
has a lot of red in it, go figure. It is an entirely legit and MAJOR isp
who sells wholesale bandwith to a community radio network. I understand
that (and here I get into the networking tech tunnel where I have no
business being) some eyebrows get raised because several cutomers share
distribution antennas and maybe IP's, a mortal sin and definite no-no in
big-brother land where every user MUST be fully traceable, provide the
eye with a 7/24 streaming colonoscopy while also being continously
'accessible' by a smartphone that does sport a decorative OFF button but
can never be really turned off.

David W. Hodgins

unread,

Sep 8, 2023, 7:16:27 PM9/8/23

to

On Fri, 08 Sep 2023 17:04:06 -0400, bad sector <forgetski@_invalid.net> wrote:
> The complete IP check for sending Mailservers
>
> https://multirbl.valli.org/lookup

Thanks. I didn't know about that one.

Reminds me though, one of the reasons uceprotect is used by many, is that some
isps have a history of dealing with spammers by given them one ip, then when that
ip address gets blocked by too many other systems, moving the spammer to another ip
address and giving that ip address to a non spammer who then has to do the work to
get it delisted.

I stopped reporting spammers to their isp a long time ago. I don't remember if
OVH was one of those who was caught moving their spammers around or not.

Regards, Dave Hodgins

bad sector

unread,

Sep 8, 2023, 10:03:24 PM9/8/23

to

If we exterminated them then we wouldn't have all this overhead. I
consider them harmful vermin because by continuously probing for
untraceable broadcasting they're actually training big-bro to
systematically close every hole, and there went freedom of speech!

Marco Moock

unread,

Sep 9, 2023, 7:02:25 AM9/9/23

to

Am 08.09.2023 um 08:03:23 Uhr schrieb bad sector:

> On 9/8/23 05:01, Marco Moock wrote:
> > Am 07.09.2023 schrieb bad sector <forg...@INVALID.net>:

> > I know that your situation is bad, but the only way to permanently
> > go out of that is running your own servers in your own AS.
>
> No cigar. That sounds like a penalty to exercise a far more
> fundamental freedom.

I agree that this is a penalty to the ISP/hoster, although there is no
other way for them to learn that the need to do something against
spammers.

Be aware: The blocklist doesn't block you from sending emails, it
simply instruct the mail server of the recipient's domain to reject it.
The admin of a mail server can decide which mail he/she wants to
receive, they could also say that they block all @gmail addresses or
all mail at weekend.
If you want free speech to others, the need to be their own server
operators.

There is an automatic mechanism that removes the addresses from the
blocklist after some days, see the delisting policy.

http://www.uceprotect.net/en/index.php?m=7&s=6

Immediate delisting requires manual work that needs to be paid. I can
understand that.

Marco Moock

unread,

Sep 9, 2023, 7:18:43 AM9/9/23

to

This doesn't work, because IP addresses can be used by multiple people,
machines can be hacked, etc..

> Also, the received headers can be investigated. The last one is
> always true, because it is your own mail server.

Only this one can be trusted, the rest can be forged.

> So you trace backwards, one by one... at some point, you need police
> and court cooperation from the countries traversed by the mail, you
> need the police going to that server and demanding the logs by force.
> In the end, after a lot of money, you can find someone to put in
> prison.

These headers are no evidence, they can be forged like mail addresses
or display names.

> Certainly, it may be coming from a compromised machine of some poor
> sod. Well, he must be fined for having a machine compromised, for not
> paying maintenance, for having faulty providers like M$.

Have fun fining millions of people with malware on their machines.

> After you fine a few thousands, people will take care.

I think they would stop using mail, because many are too stupid to
understand how not to infect their machines.

> But we will not get that level of international cooperation.

You cannot do that even in the same country.

Carlos E. R.

unread,

Sep 9, 2023, 7:41:49 AM9/9/23

to

That is not a problem.

(with the assumption of full international cooperation and intent on
killing spam, which we know will not happen)

>
>> Also, the received headers can be investigated. The last one is
>> always true, because it is your own mail server.
>
> Only this one can be trusted, the rest can be forged.

Not a problem. You investigate each of them one by one, going backwards,
determining which are true and which is the first forged one.

(with the assumption of full international cooperation and intent on
killing spam, which we know will not happen)

>
>> So you trace backwards, one by one... at some point, you need police
>> and court cooperation from the countries traversed by the mail, you
>> need the police going to that server and demanding the logs by force.
>> In the end, after a lot of money, you can find someone to put in
>> prison.
>
> These headers are no evidence, they can be forged like mail addresses
> or display names.

See above.

>
>> Certainly, it may be coming from a compromised machine of some poor
>> sod. Well, he must be fined for having a machine compromised, for not
>> paying maintenance, for having faulty providers like M$.
>
> Have fun fining millions of people with malware on their machines.

Yes, I would have fun :-)

(with the assumption of full international cooperation and intent on
killing spam, which we know will not happen)

>
>> After you fine a few thousands, people will take care.
>
> I think they would stop using mail, because many are too stupid to
> understand how not to infect their machines.
>
>> But we will not get that level of international cooperation.
>
> You cannot do that even in the same country.

Well, there is no intention.

--
Cheers,
Carlos E.R.

bad sector

unread,

Sep 9, 2023, 7:44:03 AM9/9/23

to

On 2023-09-09 07:02, Marco Moock wrote:
> Am 08.09.2023 um 08:03:23 Uhr schrieb bad sector:
>
>> On 9/8/23 05:01, Marco Moock wrote:
>>> Am 07.09.2023 schrieb bad sector <forg...@INVALID.net>:
>
>>> I know that your situation is bad, but the only way to permanently
>>> go out of that is running your own servers in your own AS.
>>
>> No cigar. That sounds like a penalty to exercise a far more
>> fundamental freedom.
>
> I agree that this is a penalty to the ISP/hoster, although there is no
> other way for them to learn that the need to do something against
> spammers.

I don't agree that there a is no other way to get to spammers; I don't
wanna start a political sidebar but hadn't Osama been laid by team-6?

>
> Be aware: The blocklist doesn't block you from sending emails, it
> simply instruct the mail server of the recipient's domain to reject it.
> The admin of a mail server can decide which mail he/she wants to
> receive, they could also say that they block all @gmail addresses or
> all mail at weekend.
> If you want free speech to others, the need to be their own server
> operators.

Thanks, valid argument, I'll trade for "contributes to the degradation
of freedom of speech".

>> Here we enter another consideration. The merchant in question told me
>> that they receive daily reports of the blocked emails (if I
>> understood correctly, their IT guy was pretty arrogant and talking
>> down to ME like "I" was some criminal, I who as the paying customer
>> put supper on this family's table for crissake). Anyhow, IF it's true
>> that they receive a list of originators blacklisted that day then
>> THEY should fork out the money to have them immediately unlisted. NOT
>> doing so means they don't really want you as a paying customer; and I
>> can live with that, there ARE other merchants out there.
>
> There is an automatic mechanism that removes the addresses from the
> blocklist after some days, see the delisting policy.

Again the onus is on innocent victims to either wait or complain and TRY
to delist (often for extortion money). But if you look at it from a
practical and functional point of view and not from a that of a
hobby-internaut prowling for virtual pussy then even a few hours delay
can be *devastating*. I've DUMPED isp's because of frequent
interruptions lasting only tens of minutes. This is an extremely serious
and offensive demonstration of arrogance the result of which on innocent
victims is equal to cutting their electricity in the middle of winter
(the internet is no longer just another TV channel). We don't
carpet-bomb any more either (I think). Offing onto the recipient with
the copout that they are the ones who close their mailbox is equivalent
to "we give loaded guns to kids and they do whatever it is that they do
with them" (kids being a very good analogy because most recipients
haven't got a freakin' clue about anything IT really).

Richard Kettlewell

unread,

Sep 9, 2023, 7:46:26 AM9/9/23

to

"David W. Hodgins" <dwho...@nomail.afraid.org> writes:
> The isp has to learn about uceprotect and how to implement it. As explained at
> https://www.uceprotect.net/en/index.php?m=3&s=5
> "NOTE: By using Level 3 for blocking, be prepared to occasionally lose
> some required mails too. DO NOT BLAME US, YOU HAVE BEEN FOREWARNED!
>
> The recommended use of Level 3 is incorporating it into a scoring
> system, to give e.g. 2 points on a ‘match’ where 5 or more points
> trigger a spam tag."
>
> They chose to be a BOFH and use level 3 for rejecting the mail.

I’m not sure where level 3 comes from in this thread; as I’m writing, at
least, the query database lists the /24 containing the OP’s address at
level 2 as well. I guess it’s in the nature of things that the exact
listing varies with time.

At any rate, it’s up to the store (in conjunction with their email
provider) to decide how to defend themselves against spam. It’s not an
easy problem to solve.

--
https://www.greenend.org.uk/rjk/

Marco Moock

unread,

Sep 9, 2023, 7:55:41 AM9/9/23

to

Am 09.09.2023 um 12:46:24 Uhr schrieb Richard Kettlewell:

> "David W. Hodgins" <dwho...@nomail.afraid.org> writes:
> > The isp has to learn about uceprotect and how to implement it. As
> > explained at https://www.uceprotect.net/en/index.php?m=3&s=5
> > "NOTE: By using Level 3 for blocking, be prepared to occasionally
> > lose some required mails too. DO NOT BLAME US, YOU HAVE BEEN
> > FOREWARNED!
> >
> > The recommended use of Level 3 is incorporating it into a scoring
> > system, to give e.g. 2 points on a ‘match’ where 5 or more points
> > trigger a spam tag."
> >
> > They chose to be a BOFH and use level 3 for rejecting the mail.
>
> I’m not sure where level 3 comes from in this thread; as I’m writing,
> at least, the query database lists the /24 containing the OP’s
> address at level 2 as well. I guess it’s in the nature of things that
> the exact listing varies with time.

There are clear policies for every level:
http://www.uceprotect.net/en/index.php?m=3&s=4

> At any rate, it’s up to the store (in conjunction with their email
> provider) to decide how to defend themselves against spam. It’s not an
> easy problem to solve.

It is rather easy what they do: If some providers don't care about
spammers or accept them: The entire networks are going to be blocked.

Marco Moock

unread,

Sep 9, 2023, 7:59:05 AM9/9/23

to

You cannot log everything. E.g. a restaurant operates a public wifi.
Any customer can abuse it for sending spam, hacking other computers
with it and using them for sending spam.

> (with the assumption of full international cooperation and intent on
> killing spam, which we know will not happen)

It also doesn't work on a national basis, as long as there is no 100%
surveillance of EVERY network, even home networks.
And then you still have problems because you need to identify the user.
Think about public access points.

Stéphane CARPENTIER

unread,

Sep 9, 2023, 8:15:40 AM9/9/23

to

Le 09-09-2023, Marco Moock <mm+use...@dorfdsl.de> a écrit :
>
> Be aware: The blocklist doesn't block you from sending emails, it
> simply instruct the mail server of the recipient's domain to reject it.

Right. But recipient's servers are often managed by no-brainers. They
don't know how to judge if an email is valid. If they see your server is
at home, it's enough for them to block you. Even if everything else,
like your SPF, DKIM and DMARC are OK. If you are in PBL, you have to ask
spamhaus to remove you from their list. Some moron don't check anything
except spamhaus.

And really, to manage one's own mail server at home, the most difficult
part is not to be considered as a spammer by morons.

> The admin of a mail server can decide which mail he/she wants to
> receive, they could also say that they block all @gmail addresses or
> all mail at weekend.

They could, but as almost everyone has an email in gmail (at least to
use android), so they would be cut of the world. So nobody refuse gmail
emails and google keep to fight with yahoo to be the biggest spammer
in the world.

> There is an automatic mechanism that removes the addresses from the
> blocklist after some days, see the delisting policy.
>
> http://www.uceprotect.net/en/index.php?m=7&s=6
>
> Immediate delisting requires manual work that needs to be paid. I can
> understand that.

Each black list has his own mechanism. What's done by one is not always
processed in the same way by another.

--
Si vous avez du temps à perdre :
https://scarpet42.gitlab.io

Stéphane CARPENTIER

unread,

Sep 9, 2023, 8:42:35 AM9/9/23

to

Le 09-09-2023, Marco Moock <mm+use...@dorfdsl.de> a écrit :

>> There are many kinds of spam.
>>
>> On the spam that tries to sell you "something", there is always a way
>> to identify them, because obviously you need to contact them somehow
>> to buy whatever. BUT, you need international cooperation, police
>> forces and courts. ALL countries.
>>
>> So, if all governments wanted, they could kill spam by simply putting
>> in prison every spammer they find, one by one.
>
> This doesn't work, because IP addresses can be used by multiple people,
> machines can be hacked, etc..

He doesn't spoke about the IP of the sender, but of the way to contact
him. And somehow, he's right about it. If the IP of the sender is the
only way to contact him, then if I wait to long before getting in touch
with him, I wouldn't be able to, so the sender lost a potential client.

So the sender would need a valid and permanent link to be able to be
contacted by the receiver.

The issue with his argument is: I could sent spam with a link toward
someone else and the someone else would be prosecuted instead of me.
There are some ways around it, but it's a good start.

>> Also, the received headers can be investigated. The last one is
>> always true, because it is your own mail server.
>
> Only this one can be trusted, the rest can be forged.

Yes, it's the starting point from the next move.

>> So you trace backwards, one by one... at some point, you need police
>> and court cooperation from the countries traversed by the mail, you
>> need the police going to that server and demanding the logs by force.
>> In the end, after a lot of money, you can find someone to put in
>> prison.
>
> These headers are no evidence, they can be forged like mail addresses
> or display names.

As he said the last IP is real, if you forge your IP, you won't receive
answer. So it could work with UDP but not with TCP and emails are only
with TCP.

So you don't look at the IP before the last one. But you get in touch
with the last one and ask him for logs to know who was the before the
last one. And one by one, you can go back to the sender. The last issue
is the sender can be in a public place, like a MacDo, using a free IP
unable to know who used his service. Another issue, every intermediate
server can be in different countries, not all wanting to cooperate at
the same level.

>> Certainly, it may be coming from a compromised machine of some poor
>> sod. Well, he must be fined for having a machine compromised, for not
>> paying maintenance, for having faulty providers like M$.
>
> Have fun fining millions of people with malware on their machines.

It's not only fun, it's a lot of money: you don't want to secure your
computer? You pay, and if a million people have to pay it can be a lot
of money in the end.

It's what France tried to do with the hadopi law. In the beginning, the
law was: you are downloading a lot illegal stuff, it comes from your IP
so we don't need to know more about it, we remove your internet access.

But, happily, it was blocked by the EU and the law was changed. Now it's:
you have not secured the access to your connection, so someone used it
to download illegal stuff, so you are charged. It's not better, but the
law changed to acknowledge it. Happily, it's not used as much as it
could.

unread,

Sep 9, 2023, 10:26:06 AM9/9/23

to

Yes. But the issue is: you rarely have only one blacklist to take care
of. And when your email is rejected, you have to find out on which
blacklists you are and take care of them one by one.

unread,

Sep 9, 2023, 6:24:17 PM9/9/23

to

unread,

Sep 10, 2023, 3:20:52 AM9/10/23

to

I don't remember everything I did my configuration years ago. But there
are a lot of things to check when you configure your server. Those
checks could be done by the receiver, too. There are the DMARC, SPF and
DKIM for a start. There are some white lists which can be used. You can
see if you have the sender email in some address book on your side. You
can keep an history, to see if the IP is changing with every email for
example. The content of the mail can be checked too.

The grey list (ie: you ask the sender to send the email again in some
time) is pretty good too, even if it's not a score.

Stéphane CARPENTIER

unread,

Sep 10, 2023, 3:26:42 AM9/10/23

to

Le 10-09-2023, Marco Moock <mm+use...@dorfdsl.de> a écrit :

> Am 09.09.2023 um 22:24:15 Uhr schrieb Stéphane CARPENTIER:
>
>> Le 09-09-2023, David W. Hodgins <dwho...@nomail.afraid.org> a écrit
>> :
>> >
>> > The ip address is obtained during the tcp connection to the server.
>> > That cannot be forged (when tcp is implemented properly).
>>
>> I don't understand the parenthesis part. For me, it's easy to forge
>> the ip, but if it works with udp, as you don't receive the answer, it
>> won't work wit tcp.
>>
>> So you mean you can forge your ip address and it can work if tcp is
>> not implemented properly? How so? By guessing the answer? Buy spying
>> on the connection? Another way?
>
> Forging the IP isn't possible when you want to receive packages.

I know that, it's why I was surprised by the content of his parenthesis
which imply otherwise.

> IP forging is done to make somebody else receive the answers.

Yes, it was the first part of his answer. The other parts imply the
sender is spying the receiver, so he doesn't need to receive the answer
because he can see its content. But if it's good to attack someone, it's
way too heavy (ie: the cost is too high) for a spammer.

bad sector

unread,

Sep 10, 2023, 7:22:27 AM9/10/23

to

On 9/9/23 09:47, Marco Moock wrote:
> Am 09.09.2023 um 07:43:51 Uhr schrieb bad sector:
>
>> I don't agree that there a is no other way to get to spammers; I
>> don't wanna start a political sidebar but hadn't Osama been laid by
>> team-6?
>
> Completely different situation.
> How do you identify who (person) exactly sent the spam mails?
>
> There is NAT, CG-NAT, a whole /48 net for a customer that is being used
> by many people (family, guests, maybe neighbors).
> More efficient is to put put pressure on server operators that sent out
> spam, regardless from where it came to that server.
> This pressure will ensure that the operator takes care about it and
> tries to limit abuse. Nobody complains when 1 spam mail goes out, but
> if 100000 got out, it will be on blacklists.

I cannot step into the techno-tunnel; assuming that blanket blacklisting
is the only way then automated protocol should exist at he
blacklist-subscribers' (merchants or whoever) end to immediately
neutralize (unlist) email addresses of customers or such others that are
already in their address-book so to speak and who are therefore innocent
victims of THEIR irresposible subscription to carpet-bombing. If such
automated unlisting costs money then THEY should pay for it and pass it
on in prices as part of the cost of doing business in the freakin'
swamp. This could still feed an extorsion racket but at least it would
exempt those innocent victims who are already engaged in costly
processes, it being _theoretically_ less of a costwise injustice to be
blocked from an addressee that one is attempting to contact for a first
time. Then, if an extorsion racket grows it can be dealt with then.

>> Again the onus is on innocent victims to either wait or complain and
>> TRY to delist (often for extortion money).
>
> Fully agree, but that is the problem whit shared address ranges.
> Get your own ASN with your own nets and activity of others won't have
> impact on you.

That's waaaaay too much overhead for small operators and again it hits
exactly the wrong targets!

>> But if you look at it from a practical and functional point of view
>> and not from a that of a hobby-internaut prowling for virtual pussy
>> then even a few hours delay can be *devastating*. I've DUMPED isp's
>> because of frequent interruptions lasting only tens of minutes. This
>> is an extremely serious and offensive demonstration of arrogance the
>> result of which on innocent victims is equal to cutting their
>> electricity in the middle of winter (the internet is no longer just
>> another TV channel). We don't carpet-bomb any more either (I think).
>
> I agree that this situation is really, really bad for individual
> innocent customers.

It's gonna be worse for the subscribers, as I have just done to one.

>> Offing onto the recipient with the copout that they are the ones who
>> close their mailbox is equivalent to "we give loaded guns to kids and
>> they do whatever it is that they do with them" (kids being a very good
>> analogy because most recipients haven't got a freakin' clue about
>> anything IT really).
>
> Thats SMTP. Mail is controlled by domains and the MX servers are
> related to the domain and not only the recipient.
> A good mail provider offers to control the spam filter per customer, so
> maybe it is possible to enable a setting "accept ALL mail to my
> address".

You mean "except all mail from addresses in my addressbook" as in
existing contacts or customers? Something like that COULD be part of a
solution. In a sense that's already available (based on what my
supplier's IT guy told me i.e that they receive every day a list of
blocked addresses sent to them). That's just ONE of my comments to the
supplier "you chose to expose me to your carpet-bombing and even when
you KNEW that I'd ben hit you AGAIN CHOSE not to immediately unlist me
so fuck you".

bad sector

unread,

Sep 10, 2023, 7:40:35 AM9/10/23

to

read "accept" :-)

Marco Moock

unread,

Sep 10, 2023, 8:57:57 AM9/10/23

to

Am 10.09.2023 um 07:22:15 Uhr schrieb bad sector:

> On 9/9/23 09:47, Marco Moock wrote:
> > Am 09.09.2023 um 07:43:51 Uhr schrieb bad sector:
> >
> >> I don't agree that there a is no other way to get to spammers; I
> >> don't wanna start a political sidebar but hadn't Osama been laid by
> >> team-6?
> >
> > Completely different situation.
> > How do you identify who (person) exactly sent the spam mails?
> >
> > There is NAT, CG-NAT, a whole /48 net for a customer that is being
> > used by many people (family, guests, maybe neighbors).
> > More efficient is to put put pressure on server operators that sent
> > out spam, regardless from where it came to that server.
> > This pressure will ensure that the operator takes care about it and
> > tries to limit abuse. Nobody complains when 1 spam mail goes out,
> > but if 100000 got out, it will be on blacklists.
>
> I cannot step into the techno-tunnel; assuming that blanket
> blacklisting is the only way then automated protocol should exist at
> he blacklist-subscribers' (merchants or whoever) end to immediately
> neutralize (unlist) email addresses of customers or such others that
> are already in their address-book so to speak and who are therefore
> innocent victims of THEIR irresposible subscription to
> carpet-bombing.

Some provider offer that service, others don't. The only way out of
that is operating the server yourself or look for a company that
provides a service where decisions can be made per recipient address.

> If such automated unlisting costs money then THEY should pay for it
> and pass it on in prices as part of the cost of doing business in the
> freakin' swamp.

I agree.

> This could still feed an extorsion racket but at
> least it would exempt those innocent victims who are already engaged
> in costly processes, it being _theoretically_ less of a costwise
> injustice to be blocked from an addressee that one is attempting to
> contact for a first time. Then, if an extorsion racket grows it can
> be dealt with then.
>
>
> >> Again the onus is on innocent victims to either wait or complain
> >> and TRY to delist (often for extortion money).
> >
> > Fully agree, but that is the problem whit shared address ranges.
> > Get your own ASN with your own nets and activity of others won't
> > have impact on you.
>
> That's waaaaay too much overhead for small operators and again it
> hits exactly the wrong targets!

True, it is a huge task, although this is the ONLY way to prevent
overblocking because of bad or non-existent abuse management.

I run my own mail server at home with a small ISP. They have abuse
management.

> >> Offing onto the recipient with the copout that they are the ones
> >> who close their mailbox is equivalent to "we give loaded guns to
> >> kids and they do whatever it is that they do with them" (kids
> >> being a very good analogy because most recipients haven't got a
> >> freakin' clue about anything IT really).
> >
> > Thats SMTP. Mail is controlled by domains and the MX servers are
> > related to the domain and not only the recipient.
> > A good mail provider offers to control the spam filter per
> > customer, so maybe it is possible to enable a setting "accept ALL
> > mail to my address".
>
> You mean "except all mail from addresses in my addressbook" as in
> existing contacts or customers?

Would be possible too, but it is also possible to simply exclude
recipient address from mail filtering.

Carlos E. R.

unread,

Sep 10, 2023, 10:30:59 AM9/10/23

to

On 2023-09-09 07:59, Marco Moock wrote:
> Am 09.09.2023 um 07:41:45 Uhr schrieb Carlos E. R.:
>> On 2023-09-09 07:18, Marco Moock wrote:
>>> Am 07.09.2023 um 22:36:30 Uhr schrieb Carlos E. R.:
>>>> On 2023-09-07 20:01, bad sector wrote:
>>>>> On 9/7/23 15:24, J.O. Aho wrote:
>>>>>> On 07/09/2023 18:09, bad sector wrote:

...

>>>> Also, the received headers can be investigated. The last one is
>>>> always true, because it is your own mail server.
>>>
>>> Only this one can be trusted, the rest can be forged.
>>
>> Not a problem. You investigate each of them one by one, going
>> backwards, determining which are true and which is the first forged
>> one.
>
> You cannot log everything. E.g. a restaurant operates a public wifi.
> Any customer can abuse it for sending spam, hacking other computers
> with it and using them for sending spam.

That's not a problem.

There is a good server somewhere, possibly badly configured, which
accepted the mail from the compromised machine. And this good server
would log the event.

That good server would be fined. And the IP of the compromised machine
would be logged, then located by the police, and fined or confiscated
(even if the IP is dynamic).

(with the assumption of full international cooperation and intent on
killing spam, which we know will not happen)

>> (with the assumption of full international cooperation and intent on
>> killing spam, which we know will not happen)
>
> It also doesn't work on a national basis, as long as there is no 100%
> surveillance of EVERY network, even home networks.
> And then you still have problems because you need to identify the user.
> Think about public access points.

Not a problem.

You don't even need 100% surveillance.

--
Cheers,
Carlos E.R.

Carlos E. R.

unread,

Sep 10, 2023, 10:35:41 AM9/10/23

to

Yes, that is it.

>
> What I can tell is: when a spam network begins to be huge, it's stopped
> and I can see a decrease in spam. It's impressive, sometime I see less
> attack on my computer. I'm afraid I've being hacked and my computer is
> used behind my knowledge. And then I learn a massive network has been
> arrested and that explains it.
>
> So for the actual part, the little guys in their basement are safe and
> the effort is put on big companies (even if it's unofficial, we can call
> them that, the structure is the same).
>

--

Cheers,
Carlos E.R.

Marco Moock

unread,

Sep 10, 2023, 10:42:11 AM9/10/23

to

A really bad idea. Nobody could no operate a server anymore without
a huge risk. Just remember how many Exchange servers are going to be
hacked or people have bad passwords that are being cracked.

Carlos E. R.

unread,

Sep 10, 2023, 10:49:20 AM9/10/23

to

On 2023-09-09 08:42, Stéphane CARPENTIER wrote:
> Le 09-09-2023, Marco Moock <mm+use...@dorfdsl.de> a écrit :
>>> There are many kinds of spam.
>>>
>>> On the spam that tries to sell you "something", there is always a way
>>> to identify them, because obviously you need to contact them somehow
>>> to buy whatever. BUT, you need international cooperation, police
>>> forces and courts. ALL countries.
>>>
>>> So, if all governments wanted, they could kill spam by simply putting
>>> in prison every spammer they find, one by one.
>>
>> This doesn't work, because IP addresses can be used by multiple people,
>> machines can be hacked, etc..
>
> He doesn't spoke about the IP of the sender, but of the way to contact
> him. And somehow, he's right about it. If the IP of the sender is the
> only way to contact him, then if I wait to long before getting in touch
> with him, I wouldn't be able to, so the sender lost a potential client.
>
> So the sender would need a valid and permanent link to be able to be
> contacted by the receiver.
>
> The issue with his argument is: I could sent spam with a link toward
> someone else and the someone else would be prosecuted instead of me.
> There are some ways around it, but it's a good start.

Yeah, well, that's what good police work is about :-)

>
>>> Also, the received headers can be investigated. The last one is
>>> always true, because it is your own mail server.
>>
>> Only this one can be trusted, the rest can be forged.
>
> Yes, it's the starting point from the next move.
>
>>> So you trace backwards, one by one... at some point, you need police
>>> and court cooperation from the countries traversed by the mail, you
>>> need the police going to that server and demanding the logs by force.
>>> In the end, after a lot of money, you can find someone to put in
>>> prison.
>>
>> These headers are no evidence, they can be forged like mail addresses
>> or display names.
>
> As he said the last IP is real, if you forge your IP, you won't receive
> answer. So it could work with UDP but not with TCP and emails are only
> with TCP.
>
> So you don't look at the IP before the last one. But you get in touch
> with the last one and ask him for logs to know who was the before the
> last one. And one by one, you can go back to the sender. The last issue
> is the sender can be in a public place, like a MacDo, using a free IP
> unable to know who used his service. Another issue, every intermediate
> server can be in different countries, not all wanting to cooperate at
> the same level.

Exactly, so killing spam needs international cooperation.

In any case the spam post will have a true email address, URL, mail
address, phone... something that is true in order to place the purchase
order. You only need to go for that one and ignore the rest.

It may be valid for a limited time, though. Even so, if the police of
the country accesses that mail server, they might track the "merchant".

>
>>> Certainly, it may be coming from a compromised machine of some poor
>>> sod. Well, he must be fined for having a machine compromised, for not
>>> paying maintenance, for having faulty providers like M$.
>>
>> Have fun fining millions of people with malware on their machines.
>
> It's not only fun, it's a lot of money: you don't want to secure your
> computer? You pay, and if a million people have to pay it can be a lot
> of money in the end.
>
> It's what France tried to do with the hadopi law. In the beginning, the
> law was: you are downloading a lot illegal stuff, it comes from your IP
> so we don't need to know more about it, we remove your internet access.
>
> But, happily, it was blocked by the EU and the law was changed. Now it's:
> you have not secured the access to your connection, so someone used it
> to download illegal stuff, so you are charged. It's not better, but the
> law changed to acknowledge it. Happily, it's not used as much as it
> could.

Right.

>
>>> But we will not get that level of international cooperation.
>>
>> You cannot do that even in the same country.
>
> As he said, it's a choice. Nobody consider spam as important as other
> crimes. For other crimes, countries are cooperating. Not for spam, but
> it's only a choice.

Right.

--
Cheers,
Carlos E.R.

bad sector

unread,

unread,

Sep 11, 2023, 9:44:06 AM9/11/23

to

Am 08.09.2023 um 06:21:45 Uhr schrieb Jasen Betts:

> Thus it's much better to refuse at SMTP time, read the refusal
> message there's usually enough data there.

Good server operators give back the information in which dnsbl the IP
is listed in the SMTP reject message, so the server operator can check
why he is listed there.

David W. Hodgins

unread,

Sep 11, 2023, 1:55:52 PM9/11/23

to

That adds overhead for the smtp server. If you don't expect to ever need to be
sending traffic to or getting traffic an ASN that generates a lot of spam,
blocking that ASN at the firewall level cuts down the load.

It's not nice if there are any people using that ASN if they have a valid reason
to send ip traffic to/from to you, but if there isn't anyone where that's true,
it cuts the load on the server.

I wouldn't be surprised of all of ovh (AS16276) is already blocked in many
firewalls due to their support of spam.

Regards, Dave Hodgins

Mike Easter

unread,

Sep 11, 2023, 2:53:48 PM9/11/23

to

David W. Hodgins wrote:
> I wouldn't be surprised of all of ovh (AS16276) is already blocked in
> many firewalls due to their support of spam.

The UCEProtect vs ASNs w/ a 'problem' reputation is 'widespread'.

That blocklist policy is that a listed comes off 'spontaneously' in a
week if the 'spam count' improves sufficiently -OR- there is a 'for pay'
express delisting which is faster, but it doesn't keep a big block
holder from getting re-listed quickly.

As a result of the payola aspect and the 'readiness' to list, those
whose IPs are affected want to call UCEProtect a 'scam'.

In the 'extensive' wp article comparing blocklists, UCEProtect is listed
in the 'suspect' group.

> Suspect RBL providers are those who employ well-documented
> patterns[3] of questionable or reckless practices[4] or have
> questionable actors based on statements or communications from the
> RBL's principal management to official forums.

https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists

Naturally their tables of 'non-suspect' is MUCH more extensive than
those of suspect.

Of course, the old adage of 'my server, my rules' prevails here.

--
Mike Easter

unread,

Sep 11, 2023, 6:05:57 PM9/11/23

to

On 9/11/23 15:43, Mike Easter wrote:
> bad sector wrote:
>> I only have one question left: which of the following are behind it?
>
> My understanding is that one 'man'/person is behind UCEP, and naturally
> he is unhappy w/ the various 'forces' who are critical of his operation,
> particularly such as those related to other blocklists and apparently
> the IETF which is responsible for some kind of RFC which 'bothers' him.
>
> I haven't figured it out yet; something about BCP 7 of RFC 2008 which is
> way back in 1996.

Some kind of tit-for-tat from the past, or just plain parasitic
in-betweener instinct?

>> Claus von Wolfhausen Technical Director UCEPROTECT-Network
>
> wp
>> Because lists have varying methods for adding IP addresses and/or
>> URIs, it can be difficult for senders to configure their systems
>> appropriately to avoid becoming listed on a DNSBL. For example, the
>> UCEProtect DNSBL seems to list IP addresses merely once they have
>> validated a recipient address or established a TCP connection, even
>> if no spam message is ever delivered.

http://kontech.net/uceprotect-blacklist-scheme-2020/

"Your IP is listed in UCEPROTECT Level-3. Since your IP wasn't directly
involved.... you can exclude your IP from ..blocklists as UCEPROTECT
Levels 2 and 3 and others that are *importing* out WHITE LIST, by
regiostering your IP with us".

I think the FBI, RCMP, KGB and whatever should investigate all these
people and any connections between them. This is a protection racket,
pure and simple!

> ... and then people write articles about how to get on that list w/o
> ever sending any spam,

That bit about TOR caught my eye, I use it regularly. If I find out that
iot gets me on the gestapo list I will use it exlusivley and leave it on
7/24.

> but I'm not yet clear on how that works. Perhaps
> it is actually about being in a particular ASN block which gets listed,
> but not any spam from your 'own' IP.
>
> I've seen many discussions of that problem on usenet spam discussions.

--

"The higher climbs the monkey, the more it shows
its ass". Source uncertain, several candidates.

Mike Easter

unread,

Sep 11, 2023, 7:48:43 PM9/11/23

to

Marco Moock wrote:
> I agree that this is a penalty to the ISP/hoster, although there is no
> other way for them to learn that the need to do something against
> spammers.

I don't think a strategy designed to 'teach' an enterprise/business
something at the cost of using 'innocent victim users' as some kind of
fodder in an anti-spam war is a particularly good strategy.

I'm aware that many kinds of warfare employ ruthless tactics of killing
and starving the non-military citizen populace, but we mostly condemn
such actions.

From my reading about UCEP so far, it seems to me that the biz has
decided to employ a money-making scheme based on ill-advised
configurations of its clients, which are 'contrary' to the advice of the
larger and more wholesome community of blocklist creators and maintainers.

--
Mike Easter

Marco Moock

unread,

Sep 12, 2023, 2:31:09 AM9/12/23

to

Am 11.09.2023 um 11:53:43 Uhr schrieb Mike Easter:

> That blocklist policy is that a listed comes off 'spontaneously' in a
> week if the 'spam count' improves sufficiently -OR- there is a 'for
> pay' express delisting which is faster, but it doesn't keep a big
> block holder from getting re-listed quickly.

Payment is only possible if the system doesn't send out spam anymore.
If it send it out again, it will be listed again and the payment was
worthless.

Marco Moock

unread,

Sep 12, 2023, 2:34:51 AM9/12/23

to

Am 11.09.2023 um 15:11:57 Uhr schrieb bad sector:

> On 2023-09-11 14:53, Mike Easter wrote:
> > David W. Hodgins wrote:
> >> I wouldn't be surprised of all of ovh (AS16276) is already blocked
> >> in many firewalls due to their support of spam.
> >
> > The UCEProtect vs ASNs w/ a 'problem' reputation is 'widespread'.
> >
> > That blocklist policy is that a listed comes off 'spontaneously' in
> > a week if the 'spam count' improves sufficiently -OR- there is a
> > 'for pay' express delisting which is faster, but it doesn't keep a
> > big block holder from getting re-listed quickly.
> >
> > As a result of the payola aspect and the 'readiness' to list, those
> > whose IPs are affected want to call UCEProtect a 'scam'.
> >
> > In the 'extensive' wp article comparing blocklists, UCEProtect is
> > listed in the 'suspect' group.
> >
> >> Suspect RBL providers are those who employ well-documented
> >> patterns[3] of questionable or reckless practices[4] or have
> >> questionable actors based on statements or communications from the
> >> RBL's principal management to official forums.
> >
> > https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
> >
> > Naturally their tables of 'non-suspect' is MUCH more extensive than
> > those of suspect.
> >
> > Of course, the old adage of 'my server, my rules' prevails here.
> >
>
> I put you on a blacklist, you buy yourself off it, THAT's a variant
> of maffioso style extorsion. But that's not all..

They put your server on the Level 1 backlist if it send out spam and
annoys innocent people.
When the spamming stops for 1 week, you will be automatically removed.
You can pay to be removed immediately after your server stops sending
spam.

> "exploit: ...compromised, infected, proxies, or VPN or TOR exit nodes"
>
> It's a declared war on privacy, just as I suspected. Now doesn't that
> say it all? I only have one question left: which of the following are
> behind it?

I agree that including VPN services is against privacy and also against
normals server operators that have shitty ISPs and need a VPN to get
real connectivity with static IPv6 and IPv4, including access to reverse
DNS.

> - zukerbarf
> - googlegoons
> - bezoos
> - Billy
> - all of the above
>
> I just got off the list BTW.

Seems to be people from Germany and Switzerland.
Many clients are in the public sector according to the information I
read.

Marco Moock

unread,

Sep 12, 2023, 2:54:50 AM9/12/23

to

Am 11.09.2023 um 12:43:59 Uhr schrieb Mike Easter:

> bad sector wrote:
> > I only have one question left: which of the following are behind
> > it?
>
> My understanding is that one 'man'/person is behind UCEP, and
> naturally he is unhappy w/ the various 'forces' who are critical of
> his operation, particularly such as those related to other blocklists
> and apparently the IETF which is responsible for some kind of RFC
> which 'bothers' him.

There were people who treated blocklist operators, send them mail
bombs, dead animals etc.
Which RFC should bother him?
I would like to know.

> I haven't figured it out yet; something about BCP 7 of RFC 2008 which
> is way back in 1996.

This is about IPv4 address allocation, in what way does it refer to
mail?

> > Claus von Wolfhausen Technical Director UCEPROTECT-Network
>
> wp
> > Because lists have varying methods for adding IP addresses and/or
> > URIs, it can be difficult for senders to configure their systems
> > appropriately to avoid becoming listed on a DNSBL. For example, the
> > UCEProtect DNSBL seems to list IP addresses merely once they have
> > validated a recipient address or established a TCP connection, even
> > if no spam message is ever delivered.

You can get on that list for abuse too. Using RCPT TO: to verify
valid addresses is one of that (spammers seem to do that). VRFY exists
for that purpose, if that is disabled, the server operator doesn't want
people validate addresses.

> ... and then people write articles about how to get on that list w/o
> ever sending any spam, but I'm not yet clear on how that works.
> Perhaps it is actually about being in a particular ASN block which
> gets listed, but not any spam from your 'own' IP.

True, this is level 2 and 3.

> I've seen many discussions of that problem on usenet spam discussions.

Usenet can't be compared to mail via SMTP, it can be compared to mail
via UUCP.

In Usenet, the amount of servers is much, much less and open servers
where everybody can post without authentication exist in a small amount.
Most server operators care about abuse, Google doesn't.
This is where the most spam comes from.

Marco Moock

unread,

Sep 12, 2023, 2:59:41 AM9/12/23

to

Am 11.09.2023 um 16:48:38 Uhr schrieb Mike Easter:

> Marco Moock wrote:
> > I agree that this is a penalty to the ISP/hoster, although there is
> > no other way for them to learn that the need to do something against
> > spammers.
>
> I don't think a strategy designed to 'teach' an enterprise/business
> something at the cost of using 'innocent victim users' as some kind
> of fodder in an anti-spam war is a particularly good strategy.

How would you make ISPs care about abuse in their network?

Carlos E. R.

unread,

Sep 12, 2023, 8:15:46 AM9/12/23

to

Good. Perfect. All those to be fined.

--
Cheers,
Carlos E.R.

bad sector

unread,

Sep 12, 2023, 9:08:58 AM9/12/23

to

I expect that Soros and the WEC will fit too, all the well known actors
that want total surveillance of everyone all the time.

> Many clients are in the public sector according to the information I
> read.

Not surprised, most parasitic in-betweeners prefer the public sector
because it is the easiest of all prey, heading the herd to the trough
are corporations and big unions neither of which really want to slug it
out where they were originally supposed to in the entirely private
sector. The public sector cannot go bankrupt and it cannot run away so
at worst you get half of what you asked for in arbitration. You set up a
scam that govt. funkies would be horrified of mishandling at the risk of
their (also public-sector favoring unions' gift) great pay and security
packages. The fabricated demand is thus immediately created. Then you
blacklist alleged spam-permissive servers and force innocent victims to
pay ransom for their freedom to email. Then you do some spamming
yourself and repeat the process to guarantee what YOU consider a
renewable-resource: living off the innocent users herded into your arms
by their own government. In the old days interfering with the mail was a
hanging crime, it should be again.

--
Tuesdays are Devuan days: GNU/Linux 4 (chimaera), BIOS-boot,
DM=Unknown,Kernel=5.10.0-25-amd64 on x86_64,DM=Unknown,DE=XFCE,
ST=x11,grub2, GPT
https://imgur.com/x2A9zHw.png https://i.imgur.com/RsbswMP.png

bad sector

unread,

Sep 12, 2023, 9:22:01 AM9/12/23

to

How about requiring a license/permit to operate any mechanism involved
in the transmission of information, said permit being conditional to a
HOST of automated minute-by-minute satisfactory performance
measurements, JUST like we do with TV and radio under the authority of
communications commissions, but extend them to all internet facilities
including web-sites and the digital giants that Canada is currently
challenging? At the same time such mechanisms should also (structurally)
guarantee (optional) anonymity to underwrite true freedom of speech.
Unfortunately no government will do the above so the only actors left
going to bat for the right to communicate freely are private interests.

Marco Moock

unread,

Sep 12, 2023, 10:48:06 AM9/12/23

to

Am 12.09.2023 um 09:21:48 Uhr schrieb bad sector:

> How about requiring a license/permit to operate any mechanism
> involved in the transmission of information, said permit being
> conditional to a HOST of automated minute-by-minute satisfactory
> performance measurements, JUST like we do with TV and radio under the
> authority of communications commissions, but extend them to all
> internet facilities including web-sites and the digital giants that
> Canada is currently challenging?

Then you can close the free internet for everyone.
In Germany, we had this shit, you were not allowed to connect a
telephone on your own, you needed to pay ~1000$ for a modem.
I prefer blocklists of spammers instead, because every recipient
SMTP server can decide to implement or not implement them and not the
government.

Mike Easter

unread,

Sep 12, 2023, 12:25:40 PM9/12/23

to

'network' is an ambiguous term here.

Even 'netblock' would be ambiguous. Here we are talking about UCEP
'recklessly' listing *huge* ASNs in its level 3, and *THEN* its
ill-informed clients configure to block such a recklessly listed ASN
which 'broadly speaking' isn't guilty of spam at all.

You are creating a 'strawman argument' when you say that spam source
co-users are being punished along w/ the spammers. That isn't the same
thing at all.

I'm saying that UCEP is hurting and 'fleecing' innocents based on the
misuse of its products. Intentionally.

i'm also saying that the blocklist community as a whole, a larger body
of anti-spammers, is critical of UCEP for that.

--
Mike Easter

Marco Moock

unread,

Sep 12, 2023, 1:43:02 PM9/12/23

to

Am 12.09.2023 um 09:25:36 Uhr schrieb Mike Easter:

> Marco Moock wrote:
> > Mike Easter:
> >> Marco Moock wrote:
> >>> I agree that this is a penalty to the ISP/hoster, although there
> >>> is no other way for them to learn that the need to do something
> >>> against spammers.
> >>
> >> I don't think a strategy designed to 'teach' an enterprise/business
> >> something at the cost of using 'innocent victim users' as some kind
> >> of fodder in an anti-spam war is a particularly good strategy.
> >
> > How would you make ISPs care about abuse in their network?
> >
> 'network' is an ambiguous term here.
>
> Even 'netblock' would be ambiguous. Here we are talking about UCEP
> 'recklessly' listing *huge* ASNs in its level 3, and *THEN* its
> ill-informed clients configure to block such a recklessly listed ASN
> which 'broadly speaking' isn't guilty of spam at all.

It is true that the entire AS isn't guilty, but there are ISPs that
like spammers. They let them send spam and don't care about it.
The individual IPs get listed. The the spammer notices that and wants
another IP, the ISP gives it. The it is getting listed again. If that
happens too often, the entire AS will be listed.

ISP that cooperate with spammers are bad actors and most people don't
want them.
It is the recipient domain server operator´s who decide to implement
level 2/3 uceprotect blocklists.
I know this is bad for innocent customers of the ISP, but the question
is if they like a provider that supports spam. If not, they should
complain to their ISP and if that ISP doesn't care, they can look for
another.
According to the statistics of uceprotect, there is only a really small
amount of provider that tolerate spammers, but these are responsible
for a huge amount of the spam.

> I'm saying that UCEP is hurting and 'fleecing' innocents based on the
> misuse of its products. Intentionally.

Level 1 only lists IPs of spamming server. Level 2 and 3 list
networks/entire ASN.
It is clearly explained how these addresses come in and out.

If a server operator decides to block IPs that are listed in level 2 or
3, it is their decision because they are annoyed by these ISPs.
Customers of them who don't want to send spam should take action and
choose an ISP that cares about abuse.

> i'm also saying that the blocklist community as a whole, a larger
> body of anti-spammers, is critical of UCEP for that.

I agree that it is overblocking, but every kind of blocking will hit
innocents. The question is just: Why don't ISPs care about abuse?
If they care, they won't land on level 3.

It is completely clear that a huge amount of spam need to be sent from
an AS to land in that level.
And again, the recipient decides to implement that list. They could
also say: ISP xyz doesn't care about abuse mails we sent to them, we
will no block the entire AS in the firewall.

There is much stranger stuff:
Cisco Talos.
They list my IP on the suspicious list because of low mail volume.
I never had problems yet, but I don't send out much and only to a small
amount of addresses.

Mike Easter

unread,

Sep 12, 2023, 2:13:46 PM9/12/23

to

Marco Moock wrote:
> schrieb Mike Easter:
>> Marco Moock wrote:
>>> Mike Easter:
>>>> Marco Moock wrote:
>>>>> I agree that this is a penalty to the ISP/hoster, although there
>>>>> is no other way for them to learn that the need to do something
>>>>> against spammers.
>>>>
>>>> I don't think a strategy designed to 'teach' an enterprise/business
>>>> something at the cost of using 'innocent victim users' as some kind
>>>> of fodder in an anti-spam war is a particularly good strategy.
>>>
>>> How would you make ISPs care about abuse in their network?
>>>
>> 'network' is an ambiguous term here.
>>
>> Even 'netblock' would be ambiguous. Here we are talking about UCEP
>> 'recklessly' listing *huge* ASNs in its level 3, and *THEN* its
>> ill-informed clients configure to block such a recklessly listed ASN
>> which 'broadly speaking' isn't guilty of spam at all.
>
> It is true that the entire AS isn't guilty, but there are ISPs that
> like spammers. They let them send spam and don't care about it.
> The individual IPs get listed. The the spammer notices that and wants
> another IP, the ISP gives it. The it is getting listed again. If that
> happens too often, the entire AS will be listed.
>
> ISP that cooperate with spammers are bad actors and most people don't
> want them.

The problem is that it is NOT a 'black and white' issue. 'Normal'
providers don't *intentionally* permit spamming. So-called 'spam'
'comes about' all kinds of crazy ways such as backscatter.

It is one thing to 'land on' a UCEP level 1 list. It is an entirely
*different thing* to get swept up in a UCEP 2/3 AS list.

> It is the recipient domain server operator´s who decide to implement
> level 2/3 uceprotect blocklists.

And, I say that is an 'unhealthy' use of the list, and *everybody* (such
as the anti-spamming blocklist community of experts who know how to
prevent spam reception pretty effectively at reasonable 'cost' in terms
of server overhead) knows that it is unhealthy. And UCEP also /knows/
that such blocking isn't 'fair' and that is *WHY* they make a business
model of making money off non-spammers who have been adversely affected
by the known inappropriate use of the 2/3 listings.

> I know this is bad for innocent customers of the ISP, but the question
> is if they like a provider that supports spam. If not, they should
> complain to their ISP and if that ISP doesn't care, they can look for
> another.

I don't think you have characterized the ASNs which may land on the 2/3
list correctly.

> According to the statistics of uceprotect, there is only a really small
> amount of provider that tolerate spammers, but these are responsible
> for a huge amount of the spam.
>

That fact has nothing to do w/ our discussion. The healthy blocklist
use is successful in blocking huge amounts of spam. We don't *need*
unhealthy use.

>> I'm saying that UCEP is hurting and 'fleecing' innocents based on the
>> misuse of its products. Intentionally.
>
> Level 1 only lists IPs of spamming server. Level 2 and 3 list
> networks/entire ASN.
> It is clearly explained how these addresses come in and out.
>

Yes.

> If a server operator decides to block IPs that are listed in level 2 or
> 3, it is their decision because they are annoyed by these ISPs.
> Customers of them who don't want to send spam should take action and
> choose an ISP that cares about abuse.
>

I understand the concept of 'my server, my rules' but the result is that
innocent users who don't even configure servers are adversely affected,
as are innocent providers who don't spam, while UCEP makes money off
unhealthy behavior and innocent 'suffering'. There's something wrong there.

>> i'm also saying that the blocklist community as a whole, a larger
>> body of anti-spammers, is critical of UCEP for that.
>
> I agree that it is overblocking, but every kind of blocking will hit
> innocents. The question is just: Why don't ISPs care about abuse?
> If they care, they won't land on level 3.
>

The larger body of healthy blocklists also have some collateral damage,
but nothing that even comes close to what UCEP makes a living on.

> It is completely clear that a huge amount of spam need to be sent from
> an AS to land in that level.

The 'policing' of an entire huge ASN has to take place at a much more
granular level than the 'top' of the ASN number.

--
Mike Easter

Marco Moock

unread,

Sep 12, 2023, 3:22:44 PM9/12/23

to

I agree.

> 'Normal' providers don't *intentionally* permit spamming.

Then they will react fast enough to avoid being listed in level 2 or 3,
so only the IPs originating spam will be in the level 1 list.

> So-called 'spam' 'comes about' all kinds of crazy ways such as backscatter.

For backscatter, another blacklist exists.
Backscatter can be much reduced by configuring the mail server properly.

> It is one thing to 'land on' a UCEP level 1 list. It is an entirely
> *different thing* to get swept up in a UCEP 2/3 AS list.

Entirely true, but getting on level 2 or even 3 is harder and can be
avoided by reacting to abuse messages fast enough.

> > It is the recipient domain server operator´s who decide to implement
> > level 2/3 uceprotect blocklists.
>
> And, I say that is an 'unhealthy' use of the list, and *everybody*
> (such as the anti-spamming blocklist community of experts who know
> how to prevent spam reception pretty effectively at reasonable 'cost'
> in terms of server overhead) knows that it is unhealthy.

What do you mean with unhealthy?
It is a list for server operators who want to block network ranges of
ISPs that don't react quick to abuse messages.

> And UCEP also /knows/ that such blocking isn't 'fair' and that is *WHY* they
> make a business model of making money off non-spammers who have been
> adversely affected by the known inappropriate use of the 2/3 listings.

I can partially agree.
The make money by that, especially with whitelisting.
But be aware: Automatic removal doesn't cost money, manual removal need
manual work and that costs payoff.

> > I know this is bad for innocent customers of the ISP, but the
> > question is if they like a provider that supports spam. If not,
> > they should complain to their ISP and if that ISP doesn't care,
> > they can look for another.
>
> I don't think you have characterized the ASNs which may land on the
> 2/3 list correctly.

According to their lists they have a huge amount of impacts and these
are only the impacts that went to their spamtraps.

> > According to the statistics of uceprotect, there is only a really
> > small amount of provider that tolerate spammers, but these are
> > responsible for a huge amount of the spam.
> >
> That fact has nothing to do w/ our discussion. The healthy blocklist
> use is successful in blocking huge amounts of spam. We don't *need*
> unhealthy use.

True, but it is the server operators decision. Nobody is forced to
block incoming mail by ucep level 2 or 3 lists.
If these providers decide to,it MAY has the reason that from these
networks a huge amount of spam occurs.
I operate my own mail server without any block list, I currently don't
receive spam.

> >> I'm saying that UCEP is hurting and 'fleecing' innocents based on
> >> the misuse of its products. Intentionally.
> >
> > Level 1 only lists IPs of spamming server. Level 2 and 3 list
> > networks/entire ASN.
> > It is clearly explained how these addresses come in and out.
> >
> Yes.
>
> > If a server operator decides to block IPs that are listed in level
> > 2 or 3, it is their decision because they are annoyed by these ISPs.
> > Customers of them who don't want to send spam should take action and
> > choose an ISP that cares about abuse.
> >
> I understand the concept of 'my server, my rules' but the result is
> that innocent users who don't even configure servers are adversely
> affected, as are innocent providers who don't spam, while UCEP makes
> money off unhealthy behavior and innocent 'suffering'. There's
> something wrong there.

I can agree with the first, but how networks of providers that don't
spam come to the blocklist without at least one impact?
And if only a small amount of impacts occur, only the IPs affected will
land on level 1.

> >> i'm also saying that the blocklist community as a whole, a larger
> >> body of anti-spammers, is critical of UCEP for that.
> >
> > I agree that it is overblocking, but every kind of blocking will hit
> > innocents. The question is just: Why don't ISPs care about abuse?
> > If they care, they won't land on level 3.
> >
> The larger body of healthy blocklists also have some collateral
> damage, but nothing that even comes close to what UCEP makes a living
> on.
>
> > It is completely clear that a huge amount of spam need to be sent
> > from an AS to land in that level.
>
> The 'policing' of an entire huge ASN has to take place at a much more
> granular level than the 'top' of the ASN number.

Which do you suggest?
IIRC they already use a formula that cares about the size, so a few
amounts on a big ASN have another reaction that the same amount on a
tiny ASN.

Mike Easter

unread,

Sep 12, 2023, 3:46:32 PM9/12/23

to

Marco Moock wrote:
> According to their lists they have a huge amount of impacts and
> these are only the impacts that went to their spamtraps.

Not everything that 'hits' a spamtrap is a spam. For example, I was
reading a comment by someone at linode who said that

> Just from the security logs on our own linode servers, there are many
> "research scanners" on linode's network now. They constantly port
> scan and search all IP addresses for vulnerabilities. This causes
> large numbers of Linode's IP addresses to be blocked; adversely
> impacting us real customers who are not sending spam.

Not that I think 'anyone' - research or otherwise - should be
'recklessly' port scanning 'the world' - but 'hitting' a spamtrap w/ a
port scan and 'connecting' is NOT the same as spam.

That is what I mean by the black and white issue.

I don't know the answer to how to do the policing, but if it were easy
enough for customers to vote w/ their 'feet' by walking out of their
relationship w/ a server business, not only would it make sense to 'walk
out' of a server which belongs to an ASN which gets itself listed even
in UCEP 2/3, but it would also make sense to walk out of a provider
which uses UCEP 2/3 to block mail.

--
Mike Easter

bad sector

unread,

Sep 12, 2023, 5:29:42 PM9/12/23

to

Anyone who causes or otherwise contributes to interference with the
timely and proper delivery of legitimate mail or equivalent electronic
or digital traffic *should hang*, period. We've heard the rationale that
rights end where they step on others. Well, the right to no spam is not
an exception! I think I will develop a new sig, my current 'list' seems
inadequate.

--
It is YOUR responsibility to advise YOUR internet provider whether YOU
want email traffic sent to YOU to exclude emails passing through servers
that may also pass spam traffic. You may not even be aware that such
filtering is done on your behalf. But if knowingly or ignorantly YOU
nonetheless subscribe to the employ on your behalf of such spam
blacklists while failing to immediately remove my email address from
such blacklists enabled in the first place by people who have no
scruples about causing harm to innocent victims then in that act YOU
attack MY freedom to communicate. YOU attack my freedom to communicate
not only to you but to others as well by virtue of your support for the
existence of such lists. Upon the discovery of such I will never again
communicate any business or personal communications to you, thus in
effect removing YOU from my life as if YOU did not even exist because
that is exactly what you are doing to ME who never sent a single spam
message but whose right to freedom of speech is far more fundamental
than yours to receive no spam. This is especially applicable if YOUR
exercise of that right not only steps on but totally disposes of mine.
Keep all your records, you will have been warned sans-prejudice to any
right(s) I may be advised to defend by seeking legal rectification
against and compensation from you.

Mike Easter

unread,

Sep 12, 2023, 5:41:36 PM9/12/23

to

bad sector wrote:
> Anyone who causes or otherwise contributes to interference with the
> timely and proper delivery of legitimate mail or equivalent electronic
> or digital traffic *should hang*, period. We've heard the rationale that
> rights end where they step on others. Well, the right to no spam is not
> an exception! I think I will develop a new sig, my current 'list' seems
> inadequate.

One of the problems w/ one of my arguments:

> it would also make sense to walk out of a provider which uses UCEP 2/3 to block mail.

... is that the blocking of a mail is the most obvious to the *sender*
of the mail, NOT the person who failed to receive it, who would have to
be the one doing the walking as above.

Altho' it requires more resources to receive/process a spam (and label
it as such for the recipient), that 'investment' by the mail provider is
MUCH better for the recipient's 'well-being'. That way if the mail
provider mis-IDs a spam, the problem can be rectified.

Once I had a mail provider whose 'normal' spam id was very very leaky,
it also /offered/ a tighter configuration which included not only the
spam which the leaky filter IDed, but also any mail received from an
address not in my contacts. That was NOT a very good system. However,
I chose to turn off that filter and use a SpamPal system which was much
more effective, and also allowed me to 'catch' tons of spam (not in my
inbox) to be auto-submitted for contributing to the SpamCop blocklist.

My current mail provider's spam filters are excellent.

--
Mike Easter

Marco Moock

unread,

Sep 13, 2023, 3:39:25 PM9/13/23

to

Am 12.09.2023 um 12:46:27 Uhr schrieb Mike Easter:

> Marco Moock wrote:
> > According to their lists they have a huge amount of impacts and
> > these are only the impacts that went to their spamtraps.
>
> Not everything that 'hits' a spamtrap is a spam. For example, I was
> reading a comment by someone at linode who said that
>
> > Just from the security logs on our own linode servers, there are
> > many "research scanners" on linode's network now. They constantly
> > port scan and search all IP addresses for vulnerabilities. This
> > causes large numbers of Linode's IP addresses to be blocked;
> > adversely impacting us real customers who are not sending spam.
>
> Not that I think 'anyone' - research or otherwise - should be
> 'recklessly' port scanning 'the world' - but 'hitting' a spamtrap w/
> a port scan and 'connecting' is NOT the same as spam.

Full ack.

unread,

Sep 13, 2023, 7:50:23 PM9/13/23

to

On 9/13/23 17:31, Mike Easter wrote:
> bad sector wrote:
>> The list scammers are well aware of that, it couldn't be a milk cow
>> otherwise
>>
>> Real cops should investigate the incomes
>>
> I am very slightly more 'sympathetic' to the UCEP crooks, who ARE rather
> transparent about their game.

I wanna see interpol involvement, there should be
no panic if nothing is illegal, right?

- someone traps spam or creates spam suspects
- someone compiles a blacklist of alleged spamming servers
- someone promotes the idea of subscription as spam defense
- someone extracts innocent victims from blacklists for money

who's to say it's not all one and the same hand really?