UCEPROTECT
Jimbo
I am an IT Professional. I work for a company in the United States
which represents well over 3000 clients across the country and we also
provide international communications when the need arises. We are an
answering service and we are contracted by our clients to send their
messages to them. We represent the first point of contact for many of
these people and businesses. Among them are mission critical clients
and messaging involving medical information that is often very time
sensitive. We ended up on your blacklist among others because of a
nasty root kit, which we have since eradicated from our system,
implemented port 25 blocking outbound, and was accepted for removal
imediately from 7 other major blacklists. None of these respected
operations charged for removal and the removal took place almost
immediately. We sent along written record of our system analysis
showing no open relays or connections and have shored up our
security. I know we are only at level 1. We are waiting for 7 days
to pass for automatic removal. However, what you do not explain is
how we will know when the last days was, according to your "system",
that spam was detected, so we will have a gauge of when we can expect
the automatic removal. It might be wise to allow for some kind of way
to let those who are blocked, see the progress going on with respect
to their ip addresses. You also may want to rethink charging for
immediate removal when nearly all other blacklist sites do not do
this. Some sites, such as ours, through no fault of our own, never
meant to inconvenience anyone. I am sure you can appreciate the fact
that we are now being inconvenienced along with our clients. We are
not charging anyone for that. So meeting people in the middle and not
charging money to allow some of the legitimate IP addresses to be de-
listed seems fair as long as they have met the criteria for not
letting things happen again. It is understandable that if more spam
or bad behavior is detected by a blacklist from an IP address that was
removed only shortly before, it should be immediately blacklisted once
again. Tht only makes sense.
Thanks for the listen,
James Kusler
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
stinky
<e44d543e-92eb-4edd...@j1g2000prb.googlegroups.com>,
Jimbo <colo...@comcast.net> wrote:
> Guten tag.
> I am an IT Professional. I work for a company in the United States
> which represents well over 3000 clients across the country and we also
> provide international communications when the need arises. We are an
> answering service and we are contracted by our clients to send their
> messages to them. We represent the first point of contact for many of
> these people and businesses. Among them are mission critical clients
> and messaging involving medical information that is often very time
> sensitive.
Sounds like redundancy is important to you. I hope your company has
redundant lines on different providers. That will provide the uptime
that you seem to be communicating that you have to provide for your
clients. Plus having multiple lines on different providers might keep
the email flowing if you somehow are blocked due to an infected
computer(s).
> We ended up on your blacklist among others because of a
> nasty root kit, which we have since eradicated from our system,
> implemented port 25 blocking outbound, and was accepted for removal
> imediately from 7 other major blacklists.
Good. I am glad that you have fixed your problem and that the 7 other
major blocklists removed you (blacklists is a term typically not used
due to the negativity associated with it)
> None of these respected
> operations charged for removal and the removal took place almost
> immediately.
Great! I am glad that they can process removals without having to charge
to do so. I guess they have another avenue of funding and/or their case
load is not as great as others so that they have time to do quick
removals.
> We sent along written record of our system analysis
> showing no open relays or connections and have shored up our
> security.
You have done a great job in your reporting of your security issues. I
commend you on your actions
> I know we are only at level 1. We are waiting for 7 days
> to pass for automatic removal.
I believe that is the way UCEPROTECT works.
> However, what you do not explain is
> how we will know when the last days was, according to your "system",
> that spam was detected, so we will have a gauge of when we can expect
> the automatic removal.
I can't speak to that as I am not associated with UCEPROTECT.
> It might be wise to allow for some kind of way
> to let those who are blocked, see the progress going on with respect
> to their ip addresses.
That sounds like a great idea. Maybe that can be implemented in the
future. That is up to those that run UCEPROTECT.
> You also may want to rethink charging for
> immediate removal when nearly all other blacklist sites do not do
> this.
Like I said above maybe they have other funding to pay for extra
personnel to work at the 'immediate removal' queue. Maybe other sites
don't have as much 'removal traffic'.
> Some sites, such as ours, through no fault of our own, never
> meant to inconvenience anyone. I am sure you can appreciate the fact
> that we are now being inconvenienced along with our clients. We are
> not charging anyone for that.
Please don't blame the victims for being abused via your network. Your
(and your customers) inconvenience is of your own doing. As for charging
for your inconvenience, that doesn't make sense. If you want to get your
emails out without interruption you need to have another line installed,
especially if your communications are 'critical'. In the meantime you
could check to see if you could relay your email through another host
"smarthost".
> So meeting people in the middle and not
> charging money to allow some of the legitimate IP addresses to be de-
> listed seems fair as long as they have met the criteria for not
> letting things happen again.
What is a "legitimate IP address"? Whether or not a company is
'legitimate' or not doesn't change the fact that abuse is coming from an
IP address or a range of IP addresses. The blocklists attempt to prevent
abuse. To define some IP addresses as 'legitimate' vs those that are not
legitimate is profiling and would open a DNSBL up to legal issues.
One thing that you might not be grasping is that the end users/networks
configure their mail servers to use various DNSBL's. Have you contacted
the networks that are blocking you and ask them to whitelist you?
> It is understandable that if more spam
> or bad behavior is detected by a blacklist from an IP address that was
> removed only shortly before, it should be immediately blacklisted once
> again. Tht only makes sense.
Please look up snowshoe spammers in google. The process you speak of was
tried many years ago to no avail. Spammers buy blocks of addresses and
keep moving around when sending out spam. Also look up whack-a-mole.
IIRC, UCEPROTECT has a policy if an ip address is back on a list within
a short period of time it goes to a different level. Again, I don't
represent UCEPROTECT nor do I know their policies for all situations.
I do hope your network is removed soon as I see that you have taken
great care in explaining your situation and cleaned up your systems.
.
E-Mail Sent to this address will be added to the BlackLists
> We are waiting for 7 days to pass for automatic removal.
> However, what you do not explain is how we will know
> when the last days was,
Note: the usenet newsgroup news.admin.net-abuse.blocklisting
is not UCEPROTECT themselves.
Looking at my SpamTraps, I'd say about ~2008 Aug 15
Why don't you just search you mail server logs for the last
time you hit their spamtraps?
They have made it very obvious, e.g.
550 UCEPROTECT-Policy Server decided: 550 (V3.4-EXPO-####)
You hit a Spamtrap.
Counter to blacklisting increase for your IP.
421 Service not available, closing transmission channel
550 UCEPROTECT-Policy Server decided: 550 (V3.4-EXPO-####)
We have no user with that account here.
No PTR (Reverse-DNS) is assigned to your IP.
Welcome to UCEPROTECT-Level 1.
550 UCEPROTECT-Policy Server decided: 550 (V3.4-EXPO-####)
We have no user with that account here.
Your IP was detected to be a Dialup.
Welcome to UCEPROTECT-Level 1.
{Note I have seen the version #s change, so search your logs
for the "550 UCEPROTECT-Policy Server decided: 550" or some
part of that, or "Welcome to UCEPROTECT" if you are only
concerned with the ones that get your IPs listed, if you
search for just "UCEPROTECT" you might get rejects from
others that use the UCEPROTECT DNSbl.
ARIN Direct Allocation to Northwest Telephone, Inc. nti.us
NWTI (NET-66-45-192-0-1) AS16503 N-W-TELEPHONE nti.us
66.45.192.0/19 (66.45.192.0 - 66.45.223.255)
Reassigned DARREN SMITH SMITH (NET-66-45-208-232-1) nti.us
66.45.208.232/29 (66.45.208.232 - 66.45.208.239)
235.208.45.66.IN-ADDR.ARPA -> mail.sound-tele.com
mail.sound-tele.com -> 66.45.208.237
{wolfenet.com / netos.com}
sound-tele.com : MX smtpin01.netos.com -> 216.251.100.19
19.100.251.216.IN-ADDR.ARPA -> smtpin01.netos.com
AS1982 ASN-NWNEXUS nwnexus.com
--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.
jfse...@hotmail.com
eradicated the threat, and tightened our security (which we thought
was pretty tight anyway... we spend enough money on it!). We too, as
per all legitimate businesses can't stand spam and the time and
resources it consumes but I find it incongruous that any anti-spam
system (blacklist, blocklist, call it what you will) can have the
temerity to have a 7 day standard period or a FEE for quicker removal
when, as far as I can ascertain at this time no other blocklist
attempts to profit from someone elses misery (and it is misery to
those that are hit by viruses that a number of the current anti-virus
software programmes missesd and let in, including our own). Our
misfortune saw us listed I believe by 4 different lists, all but ONE
now cleared. It appears the UCEPROTECT policy is a profit making
policy and not the glorified mission it has published on it's website
"The project’s mission is to stop mail abuse, globally". It should
read "The project’s mission is to stop mail abuse, and legitimate mail
for as long as we decide, globally"! I mean really, in todays world 7
days it just rediculous!
I accept that blocklists need to exist, I accept that when a problem
arises, the offending server needs to be cut off from the rest of the
world... until it is fixed, and not beyond that. If UCEPROTECT was
truly interested in keeping the internet open to legitimate users then
their policy would factor that in. Within a few hours or so of
realising we had an infection and realising we were on some
blocklists, we isolated the offending hardware, and only when we were
sure of the rest of our network, we started the process of de-
listing. When we got to UCEPROTECT, it was already showing up as "No
longer a risk, your IP got listed :-(", so if UCEPROTECT acknowledges
we are no longer a risk then.....?
We are legitimate, we had a problem and it is fixed, but we have
important and legitimate email that needs delivering and UCEPROTECT's
policy is preventing that. The UCEPROTECT policy needs to be reviewed
more in line with all the other systems where, on submission of an
explanation form, the IP addresss is unlisted, if it re-offends
straight away then and only then make the reinstatement period longer
at each new offence.
Common sense really should prevail!
For the non-geeks like us, we often wonder if spam and viruses are in
fact created deliberately so as to create a market for anti-virus
providers and perhaps... even blocklisting organisations... makes you
think doesn't it?
jfse...@hotmail.com
I have now followed various links from UCEPROTECT, one was to
blacklistalert.org which show us as being listed on 3 sites...
abuse.rfc-ignorant.org, l1.apews.org and of course UCEPROTECT.
However, when our IP is entered and looked up on those other two
sites, they come up as clear. The rfc-ignorant.org site allows you to
then proceed and check to see if we were rejected or removed from
their list... ours comes up with no matches? So why are we shown on
blacklistalert.org as being there? I realise this is not UCEPTOTECT,
but it all part of this same thread... that being that UCEPROTECT is
preventing my business from operating because of their draconian 7 day
policy, so I am doing alI I possibly can to find options to follow and
of course ensure that these organisations that can cause so much
misery - while admitting they do a job that is unfortunately necessary
- are in fact in the "real world" and that these lists are in "real
time". Which obviously they are not!
Again I say common sense really should prevail and the UCEPROTECT
policy in particular reviewed!
Stephen Satchell
fact, I've not held an abuse-desk position for almost a year. That
said, let me add my pair-o'-pennies to your posting.
jfse...@hotmail.com wrote:
> We too were hit by the Root Kit Virus, as was Jimbo, we too have
> eradicated the threat, and tightened our security (which we thought
> was pretty tight anyway... we spend enough money on it!). We too, as
> per all legitimate businesses can't stand spam and the time and
> resources it consumes
Time is money for everyone, and lost resources are lost resources. One
of the reasons that there are DNSBLs is to help reduce the lost time,
the lost money, and the lost resources on the part of the receivers of spam.
> but I find it incongruous that any anti-spam
> system (blacklist, blocklist, call it what you will) can have the
> temerity to have a 7 day standard period or a FEE for quicker removal
> when, as far as I can ascertain at this time no other blocklist
> attempts to profit from someone elses misery (and it is misery to
> those that are hit by viruses that a number of the current anti-virus
> software programmes missesd and let in, including our own).
Many of us (and I include myself even though I'm "out of the business"
for the moment) feel that the time to spend money on anti-spam efforts
is *before* the spam, or backscatter, or bot-mail goes out. When your
failure to effectively act causes me to lose time, money, and sleep then
I'm happy when UCEPROTECT detects this and takes action. That keeps my
mail-using customers from screaming at me (at least about your mail).
The engineering term for that seven-day waiting period from fix to
delisting is "hysteresis": in this context, to insure the spam has
really stopped from a location and not just into a lull. It's the
"proof" of the fix.
Much of UCEPROTECT is reportedly an automatic operation, funded by
individuals who believe it's a good tool to help reduce the waste caused
by spam. It works more or less on automatic, with operators to watch
over the overall operation to see that it continues to work in good
order. The details are left to the mechanisms, with wrenching applied
when there is a demonstrated fault.
Your listing, by your own admission, is not a fault of UCEPROTECT.
You are asking someone to go into the workings of a well-functioning
machine and make a change of state. Who do you think should pay for an
operator to do something that is not part of the normal functioning of
the machine that is UCEPROTECT?
> Our
> misfortune saw us listed I believe by 4 different lists, all but ONE
> now cleared. It appears the UCEPROTECT policy is a profit making
> policy and not the glorified mission it has published on it's website
> "The project’s mission is to stop mail abuse, globally".
From where I sit, this is an accurate statement. Unconditionally so.
> It should
> read "The project’s mission is to stop mail abuse, and legitimate mail
> for as long as we decide, globally"! I mean really, in todays world 7
> days it just rediculous!
(You need to examine your spelling checker; I think that's "ridiculous")
Then you haven't been involved in any legal actions, have you? The
gears of the law grinds VERY slowly, very slowly indeed, for both civil
and criminal actions. In some cases, years can go by, which is a whole
lot longer than seven days. Arbitrations can go very quickly, or drag
on for months. The fact that a response for wrongful action in the
e-mail world can be reversed in seven days is a speeding bullet when
compared to what can happen: your IP address added to hundred or even
thousands of private blocking lists and *never* being removed. This is
the good thing about a DNSBL: something *can* be done, and at Internet
speed.
> I accept that blocklists need to exist, I accept that when a problem
> arises, the offending server needs to be cut off from the rest of the
> world... until it is fixed, and not beyond that. If UCEPROTECT was
> truly interested in keeping the internet open to legitimate users then
> their policy would factor that in.
It has.
> Within a few hours or so of
> realising we had an infection and realising we were on some
> blocklists, we isolated the offending hardware, and only when we were
> sure of the rest of our network, we started the process of de-
> listing.
You are the rare bird, if this is indeed an accurate statement. The
reason I got put on an abuse desk was that the prior chair-warmer wasn't
nearly as rigorous about maintaining that order: fix the problem, then
ask for delisting. That person would forget the first step.
> When we got to UCEPROTECT, it was already showing up as "No
> longer a risk, your IP got listed :-(", so if UCEPROTECT acknowledges
> we are no longer a risk then.....?
You misunderstand the message. Whoever put that message together uses
language a little differently that you do. (I find it a bit amusing,
especially as I can understand the usage from reading the Frank Herbert
"Dune" series.) When an Internet Protocol address is "at risk", from my
interpretation, it means that there has been bad stuff seen from that
address, but not so much stuff that it rises to the criteria of being
listed. Once that threshold(s) has/have been reached, the IP address is
taken out of the "Risk", or watch, state and put into the "Listed" state.
> We are legitimate, we had a problem and it is fixed, but we have
> important and legitimate email that needs delivering and UCEPROTECT's
> policy is preventing that. The UCEPROTECT policy needs to be reviewed
> more in line with all the other systems where, on submission of an
> explanation form, the IP addresss is unlisted, if it re-offends
> straight away then and only then make the reinstatement period longer
> at each new offence.
>
> Common sense really should prevail!
And common sense, to me, says that I need to watch for any repeat for a
period of time. UCEPROTECT says seven days. When I had a spammer on my
systems, they would be quiet for days and then start up again. It's a
real issue. You take issue with the amount of time.
By the way, to really understand the problem from the abuse-desk
perspective, look up "snowshoe spammer". It has a bearing on this
discussion.
> For the non-geeks like us, we often wonder if spam and viruses are in
> fact created deliberately so as to create a market for anti-virus
> providers and perhaps... even blocklisting organisations... makes you
> think doesn't it?
Spam and viruses are indeed created deliberately. For profit most of
the time, for "street cred" in other cases. To build the coffers of
DNSBL operators? My experience says not just no, but "HELL NO".
Virus infections don't "just happen". There are published Best
Practices to prevent your systems from being owned by a virus. That is
the best prevention.
(Or use an operating environment that isn't prone to being cracked.)
E-Mail Sent to this address will be added to the BlackLists
> I realise this is not UCEPTOTECT, but it all part of this
> same thread... that being that UCEPROTECT is preventing my
> business from operating
They are not, if your recipients want / need / expect messages
from you, they can make certain they get them, regardless of
your mail servers IP being listed in UCEPROTECT, or any other
DNSbl.
> Again I say common sense really should prevail and the
> UCEPROTECT policy in particular reviewed!
I find UCEPROTECT's seven day delisting policy too lenient.
--
E-Mail Sent to this address <Blac...@Griffin-Technologies.net>
will be added to the BlackLists.
--
Herb Oxley
appears to be more open than say MessageLabs, Postini, Symantec or Trend
Micro when to comes to listings and delisting policies.
If "jimbo" and "jsefton" did the proper research they'd see the E50
delisting fee goes towards paying for the people who go into the
UCEPROTECT system to clear a listing before it would otherwise expire in 7
days from the last hit to a UCEPROTECT spam trap server from the IP
address in question.
In my opinion, UCEPROTECT's obligation is only to their customers,
licencees and other users of their lists.
If UCEPROTECT's (de)listing policies cause problems for those who
purchase their anti-spam appliance with ongoing maintenance, or
purchase licenses for the UCEPROTECT BSD application I am sure UCEPROTECT
will change their policies as they have done in the past when they stopped
using APEWS as a rejection criteria and eventually ceased hosting the
APEWS lists.
>From what I gather from the UCEPROTECT *system*, it is fairly easy for a
UCEPROTECT licensee to "whitelist" a given IP address if the listing is
causing problems; for those who simply use the UCEPROTECT data with other
server software, its up to them to have an anti-spam system which allows
for exemptions.
I think the 7 days is a reasonable amount of time to make sure the owner
of the IP address in question has indeed secured their network; of course
there are those who might have a local policy of "once spam has been
received from a given IP address we'll block that address until someone on
the LAN side requests delisting".
In many cases, rules changes to firewalls and routers to implement a Port
25 block or even rebooting a mail server to remove malware can't be done
until the weekend, hence the 7 day wait.
One poster mentions spending "enough on security" ... I'm sure he ( or his
bosses) has a tighter grip on the concept that security isn't something
to be acheived by just throwing money at it.
Packaged security software isn't going to address restricting Port 25
access to the official SMTP gateways if needed or regular LAN users having
the rights to install whatever executables on their Windows PC.
--
Herb Oxley
No connection with UCEPROTECT although I would
consider it as part of an anti-spam defense system.
Shmuel (Seymour J.) Metz
08/16/2008
at 05:37 PM, jfse...@hotmail.com said:
>We too, as per all legitimate businesses can't stand spam
We've heard that line before.
>but I find it incongruous that any anti-spam
>system (blacklist, blocklist, call it what you will) can have the
>temerity to have a 7 day standard period or a FEE for quicker removal
And I find it arrogant, bordering on hybris, for you to blame the victims
instead of taking responsibility for the consequences of your negligence.
>when, as far as I can ascertain at this time no other blocklist attempts
>to profit from someone elses misery
By refusing to spend the money to maintain a clean network, *YOU* are the
one profiting from someone else's misery.
>It appears the UCEPROTECT policy is a profit making policy
Would that it were so; their low expedite fee encourages recidivism. Would
you be happier if it were a flat 7 days, with no option to buy your way
out of the wait? Some other lists do that, and the wait isn't always as
short as UCEPROTECT's.
>It should read
If UCEPROTECT ever decides that you understand their goals, perhaps
they'll hire you to change the wording of their web site. Until then,
they'll leave it in the hands of someone who does understand their goals.
>I accept that blocklists need to exist,
As long as they don't inconvenience you.
>I accept that when a problem
>arises, the offending server needs to be cut off from the rest of the
>world... until it is fixed, and not beyond that.
And I accept that they should be cut off until they've compensated the
rest of the net for the damage they've caused.
>If UCEPROTECT was truly interested in keeping the internet open to
>legitimate users then their policy would factor that in.
Why should they factor in your self-serving opinions? If you want a DNSBL
run on that basis, start one yourself. For that matter, how is a
carelessly run network legitimate?
>Within a few hours or so of realising we had an infection and
>realising we were on some blocklists,
Why didn't you realise that you had an infection *before* getting on the
block lists? A *legitimate* network would have.
>We are legitimate, we had a problem and it is fixed, but we have
>important and legitimate email that needs delivering
Then pay the expedite fee. TANSTAAFL.
>The UCEPROTECT policy needs to be reviewed
Only by the operators of UCEPROTECT and its users.
>more in line with all the other systems
UCEPROTECT isn't a clone of "all the other systems"; if it were then there
would be no need for it. The name of the game is diversity, not
monoculture. For that matter, I wouldn't mind seeing UCEPROTECT's policy
reviewed more in line with the DNSBL's that aren't as lenient as it is.
>Common sense really should prevail!
Indeed, and common sense says that you're not an unbiased critic.
>For the non-geeks like us,
There is no us. You have no standing to speak for anybody except yourself.
>we often wonder if spam and viruses are in fact created deliberately
>so as to create a market for anti-virus providers
Is there a special on conspiracy theories? That might make a warped sort
of sense for trojan, virus and worm infestation, but that dog won't hunt
for spam.
>makes you think doesn't it?
Yes, but I already did.
In <03d3af97-8707-42eb...@z11g2000prl.googlegroups.com>, on
08/16/2008
at 10:59 PM, jfse...@hotmail.com said:
>that being that UCEPROTECT is preventing my business from operating
No they're not.
>because of their draconian 7 day policy,
Would that it were draconian.
>so I am doing alI I possibly can to find options to follow
You already had an option; you refused to exercise it.
>Again I say common sense really should prevail
Which is quite different from what you are demanding. Common sense says
that if it's too easy to get out of the list then you'll be lax about
staying off of it. Common sense says that they shouldn't spend their
resources gratis for your convenience.
>and the UCEPROTECT policy in particular reviewed!
Be carefull what you ask for; you might get it. Would you be happier if
they reviewed it and determined that 7 days wasn't long enough? If they
determined that it was unfair to allow you to buy an early out?
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
Fred Mobach
> We too were hit by the Root Kit Virus, as was Jimbo, we too have
> eradicated the threat, and tightened our security (which we thought
> was pretty tight anyway... we spend enough money on it!).
The amount of money spent on security does not say anything to me about
the security level of your infrastructure. Which seems not to be what
it should be.
> We too, as
> per all legitimate businesses can't stand spam and the time and
> resources it consumes but I find it incongruous that any anti-spam
> system (blacklist, blocklist, call it what you will) can have the
> temerity to have a 7 day standard period or a FEE for quicker removal
> when, as far as I can ascertain at this time no other blocklist
> attempts to profit from someone elses misery (and it is misery to
> those that are hit by viruses that a number of the current anti-virus
> software programmes missesd and let in, including our own).
If you don't like the 7 day period of UCEPROTECT don't use it. Even
better, you can create your own DNSBL with your own policy and offer it
for free to the world.
FYI, if I would have noticed your mail server's IP address in a spam
message and the whois information for that IP address would not reveal
the operator or indicate a network for residential use I would block
the IP address locally and forget about it.
> Our
> misfortune saw us listed I believe by 4 different lists, all but ONE
> now cleared.
It's not a misfortune, it's a consequence of your choice to use to best
virus and spam supporting platform known to the world. And as a
consequence the rest of the world can suffer with an extra load of spam
because of your choice, which is apparently in my view a bad choice.
> We are legitimate, we had a problem and it is fixed, but we have
> important and legitimate email that needs delivering and UCEPROTECT's
> policy is preventing that.
You opted for a bad platform and want others to bear the cost for your
bad choice. No, thanks.
--
Fred Mobach - fr...@mobach.nl
website : http://fred.mobach.nl
.... In God we trust ....
.. The rest we monitor ..
stinky
<03d3af97-8707-42eb...@z11g2000prl.googlegroups.com>,
jfse...@hotmail.com wrote:
> Addendum to previous post...
> I realise this is not UCEPTOTECT,
> but it all part of this same thread... that being that UCEPROTECT is
> preventing my business from operating because of their draconian 7 day
> policy, so I am doing alI I possibly can to find options to follow and
> of course ensure that these organisations that can cause so much
> misery - while admitting they do a job that is unfortunately necessary
> - are in fact in the "real world" and that these lists are in "real
> time". Which obviously they are not!
You again are incorrect. UCEPROTECT is NOT preventing your business from
operating. As no one knows what your business does we (TINW) can only
suspect that you do something besides sending out emails all day long,
only to entities that use UCEPROTECT on their servers.
NOW, there might be some entities out there that use UCEPROTECT on their
own servers....by their own choice.....to give some form of filtering,
protection against abusive systems. If some of those entities are your
'customers' then your customers are preventing your business from
sending emails to them. CONTACT THEM!!!!
Look up the term whitelist. Contact the admins of the
domains/companies/entities that are blocking your emails and talk to
them about using UCEPROTECT. If they find out that UCEPROTECT is causing
too much 'legit' email to be blocked they will stop using UCEPROTECT.
> Again I say common sense really should prevail and the UCEPROTECT
> policy in particular reviewed!
It does prevail. The fact that UCEPROTECT's lists are being used (by
choice) by various entities means it works for someone.
I personally don't use them myself.
.
Shmuel (Seymour J.) Metz
08/12/2008
at 11:50 AM, Jimbo <colo...@comcast.net> said:
>Guten tag.
Bokeir tov. You'll probably get more responses if you make your articles
easier to read by breaking up the long paragraphs.
>Among them are mission critical clients and messaging involving
>medical information that is often very time sensitive.
That sounds like a good reason for paying the expedite fee.
>We ended up on your blacklist
We (TINW) are not UCEPROTECT, although people from UCEPROTECT are
subscribed.
>None of these respected operations charged for removal and
>the removal took place almost immediately.
Their lists, their rules. UCEPROTECT has different rules, and its users
seem to be content with them.
>We sent along written record of our system analysis
>showing no open relays or connections and have shored up our security.
Good.
>It might be wise to allow for some kind of way
>to let those who are blocked,
UCEPROTECT isn't blocking you.
>see the progress going on with respect to their ip addresses.
I'd like them to do so, provided that it doesn't compromise their spam
traps.
>You also may want to rethink charging for immediate removal
>when nearly all other blacklist sites do not do this.
Why? Who should bear the expense if not the guilty network? Is the fee
even large enough to recover their expenses?
>Some sites, such as ours, through no fault of our own,
Then whose negligence was it that got you listed? UCEPROTECT didn't
install the root kit, nor did they administer your network in a fashion
that allowed the root kit in.
>never meant to inconvenience anyone.
But you did. Lack of intent does not negate the damage.
> I am sure you can appreciate the fact
>that we are now being inconvenienced along with our clients.
The net at large was inconvenienced by your negligence. Why should
UCEPROTECT be inconvenienced by allowing you to jump the queue?
>So meeting people in the middle
They *ARE* meeting people in the middle, by allowing for an expedited
removal at all. I, for one, believe that it is a bad idea, but their list,
their rules. The ball is in your court.
> and not charging money to allow some of the legitimate IP addresses
>to be de-listed
If they were sources of abuse or in a network that was a source of abuse
then they're not legitimate.
>seems fair
To you. Run your own DNSBL and your ideas of what is fair will be
relevant. They're not relevant to list operators who disagree, nor to list
users who disagree. To me it doesn't seem fair to allow you to buy your
way out of a listing instead of having a minimum waiting period.
>It is understandable that if more spam or bad behavior is detected
>by a blacklist from an IP address that was removed only shortly
>before, it should be immediately blacklisted once again.
It makes even more sense to impose costs such that playing whack-a-mole is
no longer an option.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
--
stinky
<56ad18ef-c150-419a...@n38g2000prl.googlegroups.com>,
jfse...@hotmail.com wrote:
> We too were hit by the Root Kit Virus, as was Jimbo, we too have
> eradicated the threat, and tightened our security (which we thought
> was pretty tight anyway... we spend enough money on it!).
You might want to go back to the companies that you purchased your
security products and find out why their products didn't live up to the
expectations that you had for them.
> We too, as
> per all legitimate businesses can't stand spam and the time and
> resources it consumes
Especially from companies that don't have proper security setup to not
allow their computers to be used to spam.
> but I find it incongruous that any anti-spam
> system (blacklist, blocklist, call it what you will) can have the
> temerity to have a 7 day standard period or a FEE for quicker removal
> when,
Do you think that hosting a DNSBL is a free proposition? Who pays for
the data lines? Who pays for the computers doing the hosting? Who pays
for the registration for the domains? When you figure out these answers
you begin to complain about charging for faster delisting.
> as far as I can ascertain at this time no other blocklist
> attempts to profit from someone elses misery (and it is misery to
> those that are hit by viruses that a number of the current anti-virus
> software programmes missesd and let in, including our own).
I love the "we didn't do any thing wrong" attitude. Do you not think
that your insecure box caused problems for others? Does the world
revolve around you only? What a limited attitude.
As for a number of anti-virus software programs not catching the
infections your computer(s) had....you need to go back to your vendors
and ask for an explanation of why their products failed. Don't blame the
victims of the insecurity of your networks.
> Our
> misfortune saw us listed I believe by 4 different lists, all but ONE
> now cleared.
Good, sadly it took a listing to get your attention of a box that was
infected. I bet you are more vigilant on watching your networks in the
future. (i.e. lesson learned)
> It appears the UCEPROTECT policy is a profit making
> policy and not the glorified mission it has published on it's website
> "The project零 mission is to stop mail abuse, globally". It should
> read "The project零 mission is to stop mail abuse, and legitimate mail
> for as long as we decide, globally"! I mean really, in todays world 7
> days it just rediculous!
What is ridiculous is that an admin comes in and complains about being
blocked when it is the admins fault that the computer(s) under their
control are infected. The simple fact that you have to wait 7 days is
dictated by a couple of reasons. First, look up the term "snowshoe
spammer". Second, you incorrectly assume that UCEPROTECT is in the
for-profit business. Do you have any idea how many listings and requests
for removal they receive on a hourly basis? Do you know how many people
it would take to facilitate removal if everyone wanted it done
immediately? Since there is no full time staff, they move slower.
Have you ever applied for a passport? If so, did you see where you can
get it sooner? What did you have to do to get it sooner? Just ask and
complain? NOPE....NADA..... you had to PAY for the expedited service.
Welcome to 'todays world'.
> I accept that blocklists need to exist, I accept that when a problem
> arises, the offending server needs to be cut off from the rest of the
> world... until it is fixed, and not beyond that.
They have to exist due to insecure computers.
> If UCEPROTECT was
> truly interested in keeping the internet open to legitimate users then
> their policy would factor that in. Within a few hours or so of
> realising we had an infection and realising we were on some
> blocklists, we isolated the offending hardware, and only when we were
> sure of the rest of our network, we started the process of de-
> listing. When we got to UCEPROTECT, it was already showing up as "No
> longer a risk, your IP got listed :-(", so if UCEPROTECT acknowledges
> we are no longer a risk then.....?
So you are saying that UCEPROTECT should just wait around until YOU need
them to do something for YOU. Hmm....your world must be an interesting
place.
> We are legitimate, we had a problem and it is fixed, but we have
> important and legitimate email that needs delivering and UCEPROTECT's
> policy is preventing that.
NOPE. You are COMPLETELY wrong in that statement. UCEPROTECT doesn't
prevent your email from being sent nor does it keep it from being
delivered ****UNLESS**** a server is configured by a third-party/owner
to use UCEPROTECT's lists. UCEPROTECT doesn't go around and force admins
to use their lists. Your issue of delivery is with the servers and
domains you are sending to. Contact them.
> The UCEPROTECT policy needs to be reviewed
> more in line with all the other systems where, on submission of an
> explanation form, the IP addresss is unlisted, if it re-offends
> straight away then and only then make the reinstatement period longer
> at each new offence.
It works just fine for many companies/entities/people. If you have a
better system get it online.
> Common sense really should prevail!
Yep it should. When someone has an infected computer they shouldn't go
around and blame everyone else for blocking it. They also need to
realize that the world doesn't revolve around them.
> For the non-geeks like us, we often wonder if spam and viruses are in
> fact created deliberately so as to create a market for anti-virus
> providers and perhaps... even blocklisting organisations... makes you
> think doesn't it?
AS for the anti-virus providers.....could be
as for the blocklisting organizations? There is no profit in it when you
consider the amount of time and the cost of data lines, computers.
.
jfse...@hotmail.com
I am extremely happy that Spam Blocking organisations exist (I already
said that above), but I still think there needs to be a "bigger
picture" element included in UCEPROTECT's policy. I have already
admitted we had a problem, I already said how the other lists allowed
re-instatement without a 7 day cooling off period or a payment. What
more do you or they want?
We didn't write the virus that infected one of our PCs, we didn't
openly allow it contaminate it. All our PCs are loaded with up to
date anti-virus software! All of our network is set for automatic
updates for the anti-virus software we use (I assume naming them is
inappropriate), all of them are set for automatic Windows updates, my
staff are inducted to never open emails that they are unsure of why
they are receiving them, we have our email software set not to display
external links, we have disabled the preview screen, our mail server
is set up using 3 different DNSBLs... what more are we supposed to
have done?
As for hysteresis, all for it, when warranted. Surely a "7 day cut-off
from the world penalty" for a one-off offence, even to abuse-desk
chair sitters can't seem fair? I have no issues with a 7 day ban if
we were to re-offend within some nominal time frame... say anytime up
to 3 months.... or whatever is deemed appropriate?
I also took offence at UCEPROTECT's notation that if legal action were
taken against them for a blocklist then the IP in question would be
listed until litigation was finalised... are you seriously telling me
that you would agree with that policy in all cases? I would seriously
hope not!
Everything about the the way UCEPROTECT operates infers that every
listing, every IP address detected by a spam trap deserves it! They
are to blame and UCEPROTECT have no responsibility to anyone except
their "paying" customers... and if you aren't one "well tough!" A bit
rich when they can have such an impact on those innocently caught out,
despite their best efforts.
As for picking on my spelling, why waste your energy considering I
believe it is "you" that misunderstood the UCEPROTECT message I pasted
into my post, it wasn't written actually by the author of Dune, nor an
extract... I will repeat it for you..
> When we got to UCEPROTECT, it was already showing up as
> "No longer a risk, your IP got listed :-("
I'll translate the English for you... it says we are "NO LONGER" a
risk but we "ARE" listed and then they have a little "frownie" to
highlight the point that we are listed... or I guess alternativelythe
translation might be that we are no longer a risk BECAUSE we are
listed... if the latter, then it is a rather a smug way of putting it
I would have thought especially with the use of the frownie. Either
translation isn't the sort of stuff to make the reader very happy
though, wouldn't you think?
Anyway, Stephen I have already given in, you and UCEPROTECT's belief
that everyone is a deliberate spammer until proven otherwise is
embarrassing for the world, so I will wait patiently until my 7 days
are up and resume trying to make a living.
Perhaps if you were still on an abuse desk rather than allowing
computers to determine whether the collective "we" (our IP addresses
anyway) are innocent or otherwise, then maybe, just maybe the world
would be a more compassionate and human world?
E-Mail Sent to this address will be added to the BlackLists
> It is understandable that if more spam or bad behavior
> is detected by a blacklist from an IP address that was
> removed only shortly before, it should be immediately
> blacklisted once again. Tht only makes sense.
If it gets my attention, locally, _forever_.
(or until I get a request to unblock it by one of _my_ end users.)
Paraphrased: IP / CIDR / ASN / ISP spams my servers once,
shame on them; ... spams my servers twice, shame on me.
--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.
--
E-Mail Sent to this address will be added to the BlackLists
> I also took offence at UCEPROTECT's notation that if
> legal action were taken against them for a blocklist
> then the IP in question would be listed until litigation
> was finalised... are you seriously telling me that you
> would agree with that policy in all cases? I would
> seriously hope not!
Absolutely!
If that is their policy.
(I think it is, as well as some other DNSbls.)
--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.
--
Stephen Satchell
> Sorry Stephen I don't think you get it...
I respectfully disagree.
> I am extremely happy that Spam Blocking organisations exist (I already
> said that above), but I still think there needs to be a "bigger
> picture" element included in UCEPROTECT's policy. I have already
> admitted we had a problem, I already said how the other lists allowed
> re-instatement without a 7 day cooling off period or a payment. What
> more do you or they want?
Proof that the problem will *stay* fixed.
As other people have told you, different DNSBLs have different rules.
Rules for being listed, rules for the listing to be removed.
Oh, yes, UCEPROTECT isn't blocking you. All UCEPROTECT does is publish
information about what it has seen from your IP addresses. It's a
little like a credit agency, except that other network operators (or
perhaps your competitors?) aren't telling UCEPROTECT your IP addresses
are having a problem, your owned systems do that for you directly.
> We didn't write the virus that infected one of our PCs, we didn't
> openly allow it contaminate it. All our PCs are loaded with up to
> date anti-virus software! All of our network is set for automatic
> updates for the anti-virus software we use (I assume naming them is
> inappropriate), all of them are set for automatic Windows updates, my
> staff are inducted to never open emails that they are unsure of why
> they are receiving them, we have our email software set not to display
> external links, we have disabled the preview screen, our mail server
> is set up using 3 different DNSBLs... what more are we supposed to
> have done?
Do what I used to do: watch your logs. Most problems don't turn up
without making some kind of wave -- the biggest indicator is the huge
upturn in "no such user" rejections. By acting right then, you would
have avoiding being listed in several of those blocking lists.
Design your mail system around systems with secure OS. For example, if
you need to use Microsoft Exchange in your business, you can "front-end"
the Microsoft server with a Linux or BSD system running a properly
configured PostFix installation.
Or use a commercial mail server that does all the necessary hardening
and monitoring for you.
> As for hysteresis, all for it, when warranted. Surely a "7 day cut-off
> from the world penalty" for a one-off offence, even to abuse-desk
> chair sitters can't seem fair? I have no issues with a 7 day ban if
> we were to re-offend within some nominal time frame... say anytime up
> to 3 months.... or whatever is deemed appropriate?
If it were a one-off occurrence, you would never have been listed in the
first place. It was *repeated* occurrences, or a huge, huge volume,
that triggered the listing. I expect that, if you had someone watching
your mail logs, you would have seen the problem long before a blocking
list would take action. (I'm not counting lists like
five-seven-whatever, which seems to be a hair-trigger list.)
> I also took offence at UCEPROTECT's notation that if legal action were
> taken against them for a blocklist then the IP in question would be
> listed until litigation was finalised... are you seriously telling me
> that you would agree with that policy in all cases? I would seriously
> hope not!
I most certainly do approve. Legal action is supposed to be done as a
last resort, not at the first action. When a person moves to try to
solve the problem in a Court of Law, then I say let the situation remain
static until the Court decides what needs to be done.
It helps when you stop thinking you're the innocent victim. Someone
nailed you. That says the measures you took weren't effective. So who
is to blame for that?
> Everything about the the way UCEPROTECT operates infers that every
> listing, every IP address detected by a spam trap deserves it! They
> are to blame and UCEPROTECT have no responsibility to anyone except
> their "paying" customers... and if you aren't one "well tough!" A bit
> rich when they can have such an impact on those innocently caught out,
> despite their best efforts.
Someone else said the right word: TANSTAAFL.
Oh, and I've been in your position, several times. I worked out the
problems and then worked with the blocking lists. Unlike you, I did
have the patience for the process to work as it was designed to do. The
saga of how I got a /24 out of SPEWS (a more draconian list than
UCEPROTECT) is well-documented here in the NANAE newsgroup. So I've
been on your side of the fence.
"Innocent" would me you are running a secure OS for your mail server.
Windows ain't that OS.
> As for picking on my spelling, why waste your energy considering I
> believe it is "you" that misunderstood the UCEPROTECT message I pasted
> into my post, it wasn't written actually by the author of Dune, nor an
> extract... I will repeat it for you..
>
>> When we got to UCEPROTECT, it was already showing up as
>> "No longer a risk, your IP got listed :-("
>
> I'll translate the English for you... it says we are "NO LONGER" a
> risk but we "ARE" listed and then they have a little "frownie" to
> highlight the point that we are listed... or I guess alternativelythe
> translation might be that we are no longer a risk BECAUSE we are
> listed... if the latter, then it is a rather a smug way of putting it
> I would have thought especially with the use of the frownie. Either
> translation isn't the sort of stuff to make the reader very happy
> though, wouldn't you think?
I stand behind my interpretation.
> Anyway, Stephen I have already given in, you and UCEPROTECT's belief
> that everyone is a deliberate spammer until proven otherwise is
> embarrassing for the world, so I will wait patiently until my 7 days
> are up and resume trying to make a living.
There is much you can do during the seven days, as others have pointed
out. Responsible mail administrators have ways of making exceptions for
sender that need to contact specific receivers -- it's called
white-listing. So you don't have to not "make a living" while the
system verifies that your mail system is indeed fixed. You *can* get
through to people whose mailboxes are protected with UCEPROTECT. It
just takes a little work, and some competence on the other end.
> Perhaps if you were still on an abuse desk rather than allowing
> computers to determine whether the collective "we" (our IP addresses
> anyway) are innocent or otherwise, then maybe, just maybe the world
> would be a more compassionate and human world?
Talk to the spammers. THEY are the problem. If the spammers would just
observe the letter AND the spirit of RFC 1855, the world would be more
compassionate and human. Even if the network operators would force
their customers (as I used to do) to observe RFC 1855, the problem
wouldn't be nearly as large.
The problem used to be worse for system operators when the US National
Science Foundation was running the show: violate the rules and you were
disconnected. From everything. For a long time -- measured in months
or years, not days.
So, in one sense, UCEPROTECT's mechanical system is far more forgiving
than the human system that used to be in place.
E-Mail Sent to this address will be added to the BlackLists
> Everything about the the way UCEPROTECT operates infers
> that every listing, every IP address detected by a spam
> trap deserves it!
They do, _every_ IP that emits spam does deserve to be listed,
that UCEPROTECt often does not list on the first occurance,
is why a variety of DNSbls need to be used to meet most
mail server admin's needs.
> They are to blame and UCEPROTECT have no responsibility
> to anyone except their "paying" customers... and if you
> aren't one "well tough!"
Yes, exactly.
If you are not a maintainer or user of their products,
your opinion matters little.
If you don't like that, tough cookies.
> A bit rich when they can have such an impact on those
> innocently caught out, despite their best efforts.
No one who's servers are emitting spam is innocent.
(Despite their best efforts, or whishes.)
>> When we got to UCEPROTECT, it was already showing up as
>> "No longer a risk, your IP got listed :-("
>
> I'll translate the English for you... it says we are
> "NO LONGER" a risk but we "ARE" listed and then they have
> a little "frownie" to highlight the point that we are listed...
> or I guess alternativelythe translation might be that we are
> no longer a risk BECAUSE we are listed... if the latter,
I think it is, the IP is no longer at risk of getting listed,
it is now listed.
Had you looked at it before it got listed, it might have said
e.g. {as I check 58.168.68.58 right now, it says}:
IP Status Listingrisk Optional Expressdelisting
58.168.68.58 NOT LISTED HIGH not available
DNS Problem
i.e. There is a high chance / risk of that IP getting listed,
if it hits their spamtraps.
Depending on the situation / condition, some IPs have to hit
their spamtraps _many_ times to get listed, in other conditions
/ situations, it doesn't take very many spamtrap hits to get
a IP listed.
> Perhaps if you were still on an abuse desk rather than
> allowing computers to determine whether the collective
> "we" (our IP addresses anyway) are innocent or otherwise,
> then maybe, just maybe the world would be a more
> compassionate and human world?
I doubt that (although only he can answer).
I think, most abuse desk admins & mail server admins
are fairly BOFH towards sources of spam hitting their servers.
{Regardless of it being negligence, incompetence, or intentional.}
--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.
--
Martijn Lievaart
> Sorry Stephen I don't think you get it...
>
> I am extremely happy that Spam Blocking organisations exist (I already
> said that above), but I still think there needs to be a "bigger picture"
> element included in UCEPROTECT's policy. I have already admitted we had
> a problem, I already said how the other lists allowed re-instatement
> without a 7 day cooling off period or a payment. What more do you or
> they want?
Look, you caused the problem, live with the results. Even if you did
everything industry standard to prevent the incident from happening, it
did happen.
If you need your email to get out, UCEPROTECT is not your only problem,
you should have backup mechanisms anyway. All kind of problems can crop
up with email. You do have a secondary Internet connection and a
smarthost standby, don't you? Why not use them? Don't blame UCEPROTECT
for your inadequate setup.
> As for hysteresis, all for it, when warranted. Surely a "7 day cut-off
> from the world penalty" for a one-off offence, even to abuse-desk chair
> sitters can't seem fair? I have no issues with a 7 day ban if we were
> to re-offend within some nominal time frame... say anytime up to 3
> months.... or whatever is deemed appropriate?
You still don't get it. That policy is seen by the users of UCEPROTECT as
fair. So if those users use UCEPROTECT to block your emails, take it up
with them. Surely they can whitelist you or even stop using UCEPROTECT.
> I also took offence at UCEPROTECT's notation that if legal action were
> taken against them for a blocklist then the IP in question would be
> listed until litigation was finalised... are you seriously telling me
> that you would agree with that policy in all cases? I would seriously
> hope not!
Why not? 1) You DO have backup policioes in place, don't you? 2) Anyone
initiating litigation against UCEPROTECT is obviously more interested in
suing than correcting the problem.
Again, the users of UCEPROTECT are fine with this.
>
> Everything about the the way UCEPROTECT operates infers that every
> listing, every IP address detected by a spam trap deserves it! They are
> to blame and UCEPROTECT have no responsibility to anyone except their
> "paying" customers... and if you aren't one "well tough!" A bit rich
> when they can have such an impact on those innocently caught out,
> despite their best efforts.
Such huge impact? If this is so important to you, why don't you have a
backup strategy? Sounds like you have a serious security issue in the
availability department.
>> When we got to UCEPROTECT, it was already showing up as "No longer a
>> risk, your IP got listed :-("
>
> I'll translate the English for you... it says we are "NO LONGER" a risk
> but we "ARE" listed and then they have a little "frownie" to highlight
> the point that we are listed... or I guess alternativelythe translation
> might be that we are no longer a risk BECAUSE we are listed... if the
> latter, then it is a rather a smug way of putting it I would have
> thought especially with the use of the frownie. Either translation
> isn't the sort of stuff to make the reader very happy though, wouldn't
> you think?
It may be a bit technical, but it is accurate. That you infer something
else from it, is not somebody elses problem.
>
> Anyway, Stephen I have already given in, you and UCEPROTECT's belief
> that everyone is a deliberate spammer until proven otherwise is
> embarrassing for the world, so I will wait patiently until my 7 days are
> up and resume trying to make a living.
No one said that you are a deliberate spammer. That kind of assumptions
is what makes this thread so painful (especially for you). Take a deep
breath, reread what has been said and see that no one accuses you of that.
By accusing Stephen and UCEPROTECT this way, you make the discussion very
difficult. Needlessy so.
> Perhaps if you were still on an abuse desk rather than allowing
> computers to determine whether the collective "we" (our IP addresses
> anyway) are innocent or otherwise, then maybe, just maybe the world
> would be a more compassionate and human world?
It's not about innocent as in "not did anything deliberately wrong", it's
about hitting spamtraps. You did that. You have to live with the
consequences. Trying to make it into something else only makes you look
foolish.
M4
Matthias Leisi
> [7 days "cool-off" policy]
> [listings for threat of legal action]
> [listings based on spamtraps with little room for maneuvre]
> [UCEPROTECT and it's mode / tone of communications]
That's the way life is. You may like it or not, but there are some mail
administrators who do value UCEPROTECTs assessment of an IP address'
reputation regardless (or because) of this modus operandi.
> Anyway, Stephen I have already given in, you and UCEPROTECT's belief
> that everyone is a deliberate spammer until proven otherwise is
> embarrassing for the world, so I will wait patiently until my 7 days
> are up and resume trying to make a living.
How is this UCEPROTECT listing really affecting you in real life? How
many emails have been rejected / spam-dumped because of this listing?
Who is denying you which service because of this listing?
-- Matthias
jfse...@hotmail.com
back and look at the woods not the trees.
I have never been in a debate with so many narrow minded, self-
justifying BINARY people in my life... and I don't usually shy away
from a decent debate!
Please................. step outside - breathe the air and smile!
Why is it so hard to understand the principal of innocent until proven
guilty? Courts worldwide make decisions that a lot of us (even broad
minded people like me) can't comprehend - i.e. he/she was consumed by
rage so it's now Manslaughter not Murder... etc. etc. Why is the IT
fraternity is so single-minded as to think accidents just can't
happen?
Why is it the IT fraternity think ignorance of the depths to which
virus makers and spam creators can go to is not a decent reason to cut
the sentence, especially if the end-user of products sold and
supported worldwide thought they had done everything as the book said?
If we (the IT consumers) weren't paying so-called IT professionals, so-
called anti-virus software providers, so-called operating system
providers to provide systems that work, then I would understand... if
you guys are so brilliant, make a system that is foolproof, spamproof,
virusproof AND user -friendly , then we'd all buy IT instead of the
systems we have already purchased!
Don't shoot the fallen, it's too late, they have already fallen, shoot
the protagonists, shoot the companies that sell software that is not
what it should be, the virus makers, the spammers.... what part of
this concept is hard to comprehend?
Of course we could all switch to Linux [the geeks choice], and it's
variants.... you are all kidding right... get the user friendly bit
happening and you might just have me for one, after all, I'm old
enough to remember the variants of DOS!
As I said before I give up...
E-Mail Sent to this address will be added to the BlackLists
> Why is it so hard to understand the principal of innocent
> until proven guilty? Courts worldwide make decisions
> that a lot of us (even broad minded people like me)
> can't comprehend - i.e. he/she was consumed by rage so
> it's now Manslaughter not Murder... etc. etc.
> Why is the IT fraternity is so single-minded as to think
> accidents just can't happen?
What you don't understand,
is I don't care why a IP / CIDR / ASN / ISP is a source of
abuse.
I don't care if it was a accident, malfeasance,
negligence, mis-administration, or intentional.
I just want to prevent it from happening again,
and the most expeditious way to do that is to blacklist
it locally, or perhaps null-route it.
I only need to change that block, if one of _my_ endusers
needs / wants / expects messages from that
IP / CIDR / ASN / ISP.
Anything more like complaining to ISPs that seem by far
and wide to ignore reports of abuse, has turned out to
be just a waste of my time.
> Why is it the IT fraternity think ignorance of the depths
> to which virus makers and spam creators can go to is not
> a decent reason to cut the sentence, especially if the
> end-user of products sold and supported worldwide thought
> they had done everything as the book said?
It isn't a reason to cut a "sentence" short.
{Kind of like ignorance of the law is no excuse.}
> If we (the IT consumers) weren't paying so-called IT
> professionals, so-called anti-virus software providers,
> so-called operating system providers to provide systems
> that work, then I would understand... if you guys are so
> brilliant, make a system that is foolproof, spamproof,
> virusproof AND user -friendly , then we'd all buy IT
> instead of the systems we have already purchased!
Many manage to run, many systems that never get compromised,
no one else should have to tolerate abuse because of
choices you made, nor perhaps if you lack the necessary
knowledge skill or experience.
> Don't shoot the fallen, it's too late, they have already
> fallen, shoot the protagonists, shoot the companies that
> sell software that is not what it should be, the virus
> makers, the spammers....
I'd like to shoot the spammers, unfortunately that is not
legal where I live.
Instead I work to prevent my services from accepting any
possible future abuse from IPs / CIDRs / ASNs / ISPs
that have demonstrated _once_ they are a source of abuse.
> Of course we could all switch to Linux [the geeks choice],
> and it's variants.... you are all kidding right...
Spoken like a person without the necessary knowledge, skills,
and experience to keep their devices they attach to the
internet from bing a source of abuse.
> I'm old enough to remember the variants of DOS!
I still use DOS on several computers,
as well as occasionally a 8" floppy on a CPM machine.
--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.
--
Seth
<jfse...@hotmail.com> wrote:
>I am extremely happy that Spam Blocking organisations exist (I already
>said that above), but I still think there needs to be a "bigger
>picture" element included in UCEPROTECT's policy.
You think there does, they apparently think there doesn't.
Their server, their rules.
You are free to start your own DNSBL according to your own rules. If
others think yours is better, they'll use yours and UCEPROTECT will
fade into irrelevance. If others think UCEPROTECT is better, they'll
keep using it.
Freedom is wonderful.
> I have already
>admitted we had a problem, I already said how the other lists allowed
>re-instatement without a 7 day cooling off period or a payment. What
>more do you or they want?
They want a 7 day period without spam to have (what they consider to
be) sufficient evidence that the problem is actually solved.
>We didn't write the virus that infected one of our PCs, we didn't
>openly allow it contaminate it.
You did allow it. "openly" isn't relevant.
How is someone to know you won't allow the next one to come along, or
the one after that?
> All our PCs are loaded with up to
>date anti-virus software!
Which didn't work so well last time, did it?
> All of our network is set for automatic
>updates for the anti-virus software we use (I assume naming them is
>inappropriate), all of them are set for automatic Windows updates, my
>staff are inducted to never open emails that they are unsure of why
>they are receiving them, we have our email software set not to display
>external links, we have disabled the preview screen, our mail server
>is set up using 3 different DNSBLs... what more are we supposed to
>have done?
You're supposed to do whatever it takes to avoid emitting spam. It
really is just that simple.
A huge amount of effort and expense that fails does not suffice. A
trivial amount that succeeds (e.g. put an Apple // on the net with a
custom mailswerver) suffices.
>As for hysteresis, all for it, when warranted.
Who gets to decide when it's warranted? (Hint: Their server, their
rules.)
> Surely a "7 day cut-off from the world penalty" for a one-off
>offence, even to abuse-desk chair sitters can't seem fair?
I'm not interested in fairness, I'm interested in blocking spam.
>I also took offence at UCEPROTECT's notation that if legal action were
>taken against them for a blocklist then the IP in question would be
>listed until litigation was finalised... are you seriously telling me
>that you would agree with that policy in all cases?
I would. Why would someone litigate (which takes months or years)
rather than fix the problem (plus wait, at most, a week; or pay about
15 minutes of one lawyer's time)? The only reason I can see is that
they want to keep spamming and not be listed.
>Everything about the the way UCEPROTECT operates infers that every
>listing, every IP address detected by a spam trap deserves it!
It emitted spam, didn't it? Everybody deserves to have the truth
told.
> They are to blame and UCEPROTECT have no responsibility to anyone
>except their "paying" customers... and if you aren't one "well
>tough!"
Under what circumstances does a publisher have an obligation to
entities being published about? The rule is not to lie, other than
that, they publish whatever they want.
> A bit rich when they can have such an impact on those innocently
>caught out, despite their best efforts.
I don't care whether the spam came because your best efforts were
insufficient or because you didn't put in much effort. The point that
matters to me is the emission of spam.
>Perhaps if you were still on an abuse desk rather than allowing
>computers to determine whether the collective "we" (our IP addresses
>anyway) are innocent or otherwise, then maybe, just maybe the world
>would be a more compassionate and human world?
And people would receive more spam.
Seth
Matthias Watermann
> [...]
> Why is it so hard to understand the principal of innocent until proven
> guilty?
Well, that's just how it works, isn't it? The IP in question was
considered "innocent" (otherwise the OP would probably wailed earlier)
until it became "guilty" by hitting quite a number of SPAM traps. So now
the OP is sort of "on probation" (for seven days as far as UCEPROTECT
is concerned). So I really don't understand what you're complaining
about. Especially since that probation period should be expired by
now (the OP's message was posted on 2008-08-12).
--
Matthias
/"\
\ / ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
X - AGAINST M$ ATTACHMENTS
/ \
John.G.
<steenky-B71F13...@ispnews.usenetserver.com>:
Without knowing/seeing their turnover from delisting or subscription
fees, etc and all their operating expenses, it would be probably hard
to guess whether they make a profit or not.
Fred Mobach
> Why is it so hard to understand the principal of innocent until proven
> guilty?
Exactly that principle is used by UCEPROTECT and other DNSBL's : your IP
address / your ISP's networks are not by default blocked, only the
emission of spam or legal threats will attract enough attention to get
eventually blocked.
> If we (the IT consumers) weren't paying so-called IT professionals,
> so- called anti-virus software providers, so-called operating system
> providers to provide systems that work, then I would understand... if
> you guys are so brilliant, make a system that is foolproof, spamproof,
> virusproof AND user -friendly , then we'd all buy IT instead of the
> systems we have already purchased!
I don't mind that you buy the concept of user-friendly server
administration, but I don't buy it. For me server administration will
remain a profession which has to be learned and to do it good people
have to understand what's going on under the hood.
> Don't shoot the fallen, it's too late, they have already fallen, shoot
> the protagonists, shoot the companies that sell software that is not
> what it should be, the virus makers, the spammers.... what part of
> this concept is hard to comprehend?
I assume you bought OS software, mail server software, anti-spam and
anti-virus software from companies. That was your choice so it's up to
you to shoot. Or to learn that what said companies suggested to you is
not exactly what they delivered. Perhaps you might also reconsider your
previous choices.
> Of course we could all switch to Linux [the geeks choice], and it's
> variants.... you are all kidding right... get the user friendly bit
> happening and you might just have me for one, after all, I'm old
> enough to remember the variants of DOS!
DOS ? You refer to IBM's Disk Operation System on S/360 ? In those days
that was very new and good to work with that. Better than what I used
on the IBM 1130. :-)
--
Fred Mobach - fr...@mobach.nl
website : http://fred.mobach.nl
.... In God we trust ....
.. The rest we monitor ..
--
stinky
<3bd5ffd5-3e4a-4818...@x16g2000prn.googlegroups.com>,
jfse...@hotmail.com wrote:
> I really think some of you "professional" spam killers need to step
> back and look at the woods not the trees.
>
> I have never been in a debate with so many narrow minded, self-
> justifying BINARY people in my life... and I don't usually shy away
> from a decent debate!
There is no narrow-mindedness here. This has been debated ad nauseum.
Your way of doing DNSBLs will NOT work. Period. As for supporting data,
do a google groups search in NANAE and NANABl.
> Please................. step outside - breathe the air and smile!
Sounds too much like "get a life" to me.
> Why is it so hard to understand the principal of innocent until proven
> guilty? Courts worldwide make decisions that a lot of us (even broad
> minded people like me) can't comprehend - i.e. he/she was consumed by
> rage so it's now Manslaughter not Murder... etc. etc. Why is the IT
> fraternity is so single-minded as to think accidents just can't
> happen?
Because the days of providers and networks working together have long
since moved on. Today the internet is the 'wild west'. One has to
protect their own networks. If you want to place blame somewhere blame
the company that made the OS on the computer(s) that became infected and
caused this problem.
> Why is it the IT fraternity think ignorance of the depths to which
> virus makers and spam creators can go to is not a decent reason to cut
> the sentence, especially if the end-user of products sold and
> supported worldwide thought they had done everything as the book said?
Then the end-user needs to take greater measures to protect their
computers. Especially if they are an 'admin'. Not staying up with all
the new viruses is no longer an excuse. There are monitoring programs
that can be configured to show any processes that are not normal for a
given computer(s).
> If we (the IT consumers) weren't paying so-called IT professionals, so-
> called anti-virus software providers, so-called operating system
> providers to provide systems that work, then I would understand... if
> you guys are so brilliant, make a system that is foolproof, spamproof,
> virusproof AND user -friendly , then we'd all buy IT instead of the
> systems we have already purchased!
Have you gone back to your vendors and asked them why their systems
failed you?
The system you ran into does a good job for those that use it. It
blocked an infected machine. A machine that YOU are responsible for.
> Don't shoot the fallen, it's too late, they have already fallen, shoot
> the protagonists, shoot the companies that sell software that is not
> what it should be, the virus makers, the spammers.... what part of
> this concept is hard to comprehend?
You really like to blame others. Have you gone out and 'shot' the
others? Have you had any conversations with your suppliers yet?
> Of course we could all switch to Linux [the geeks choice], and it's
> variants.... you are all kidding right... get the user friendly bit
> happening and you might just have me for one, after all, I'm old
> enough to remember the variants of DOS!
WOW! DOS. FRAH
> As I said before I give up...
You still don't get that UCEPROTECT doesn't block any emails, the admins
of the servers that use UCEPROTECT are the ones that block the emails.
Until you can get your head around that you will still exist in your own
land.
Seth
>guilty?
Why can't you? The principal is _presumed_ innocent until proven
guilty, and it's one that the _government_ is required to follow (in
the US). I can decide that it's unwise to invite you into my home
based on whatever I decide, and therefore exclude you from my home. I
don't need any kind of proof of anything.
> Why is the IT fraternity is so single-minded as to think accidents
>just can't happen?
Accidents can happen. I don't want accident-prone people working on
my stuff.
>Why is it the IT fraternity think ignorance of the depths to which
>virus makers and spam creators can go to is not a decent reason to cut
>the sentence, especially if the end-user of products sold and
>supported worldwide thought they had done everything as the book said?
It isn't a sentence. I protect my systems. I don't care about you.
If, in my sole judgment, the cost (risk) of accepting email from you
exceeds the value (to me) of accepting it, then it gets rejected.
That's a value judgment, not any kind of punishment.
>If we (the IT consumers) weren't paying so-called IT professionals, so-
>called anti-virus software providers, so-called operating system
>providers to provide systems that work, then I would understand...
You aren't paying me. It's not my fault that you've chosen to pay
people who aren't providing what you need.
> if you guys are so brilliant, make a system that is foolproof,
>spamproof, virusproof AND user -friendly , then we'd all buy IT
>instead of the systems we have already purchased!
Yeah, right. Compare the security and sales of BSD vs. Microsoft.
And there is no "you guys". There are lots of individuals, each
making his own decisions. Some of us take advice from others,
sometimes.
>Don't shoot the fallen, it's too late, they have already fallen, shoot
>the protagonists, shoot the companies that sell software that is not
>what it should be, the virus makers, the spammers.... what part of
>this concept is hard to comprehend?
It's irrelevant. I'm not shooting anybody. I'm protecting _my_
systems.
>Of course we could all switch to Linux [the geeks choice], and it's
>variants.... you are all kidding right... get the user friendly bit
>happening and you might just have me for one,
But you just said that if we had something more secure everybody would
buy it. Now you admit that if it were that, plus other stuff, one
person might.
Seth
DevilsPGD
Watermann <li...@mwat.de> wrote:
>On Tue, 19 Aug 2008 20:49:30 +0000, jfsefton wrote:
>
>> [...]
>> Why is it so hard to understand the principal of innocent until proven
>> guilty?
>
>Well, that's just how it works, isn't it? The IP in question was
>considered "innocent" (otherwise the OP would probably wailed earlier)
>until it became "guilty" by hitting quite a number of SPAM traps. So now
>the OP is sort of "on probation" (for seven days as far as UCEPROTECT
>is concerned). So I really don't understand what you're complaining
>about. Especially since that probation period should be expired by
>now (the OP's message was posted on 2008-08-12).
Assuming, of course, that the flow of garbage from that IP has ceased.
If not, expiry will be in the uncertain future by now.
jfse...@hotmail.com
1. How about at least THIS suggestion... how about UCEPROTECT at least
publish to me, and other listees, WHEN we last hit a spam trap so we
have some idea when our world(s) might resume some modicum of the
normality we still feel we DESERVE? Surely that doesnh't compromise
UCEPROTECT's policy that you guys seem to think fair... and I note in
some posts, too fair?
2. Please note that I don't hide behind a threat of blacklisting you,
if you were to actually want to reply directly to me, whether to vent
your spleen or... offer suggestions!
3. Seth, please don't infer I suggested UCEPROTECT lied in any of my
posts... that's just not cricket, and is in itself an untruth.... what
I said is that I feel strongly that their policy is beyond the pale -
you disagree, that is fine, you are allowed your opinion, as I am
allowed mine. Also, I don't really care that you don't care.. you say
you provide a service to your clients... as I do (well did), you don't
have ownership of all the hardware necessary to make that work, the
collective world does!
4. As a business operator, I employed people, who presented themselves
as IT professionals to set my system(s) up... obviously nowhere near
as good as some of you that have posted here though because from the
posts that have been posted... as uncanny as it may appear, you all
seem so incredibly knowledgeable! Apart from a couple of exceptions,
not one of you has given me any suggestions that might be even worth
following up, or any concession that any point I have raised might
actually be valid, or even worth considering? I say... thanks.... for
the help from this new group!
5. It was made obviious to me that one needs to type these posts in
something that spell-checks, then copy and paste so one doesn't fall
into the trap of one's intelligence being degraded for a typo...
surely the content is more important?
I am sure you have read many emails and posts from people where no-one
capitalises, punctualtes, or even spell words that are remotely close
to correct, mine was close enough.. although I admit, incorrect...
doesn't make me a sub-citizen with no right to an opinion.... read
some of my detractors posts and correct them!
6. Yes I trusted my IT contractors to set it up safe, yes they appear
to have failed... first listing... 7 days... sorry, I still can't
comprehend any of the posts that have an issue with having a scaled
system?
7. Stinky - No I don't think hosting a DNSBL is a free proposition,
but I do believe if you look at their sponsor page it might become
clearer to you... IT professionals & businesses selling stuff we
thought we already bought the equivalent of! And one sponsor's link
there hasn't worked since the time I have been posting here... perhaps
they can't sell their products because they too are having problems,
as I did, perhaps not, I have no idea... do you?
8. Stephen, yes, perhaps unfortunately we are using a Microsoft
system... and I have passed on your suggestion to my IT guys regarding
a Linux front end... perhaps, thanks may be in order for one of the
few positive suggestions in this thread... more may be revealed if I
decide to keep coming to this news group.
9. Matthias, unsure as to how to answer your question/proposition... I
have asked our on-ramp provider, and some of our client's providers to
see if they use UCEPROTECT and the responses to date are ranging from
"No", "Not sure" , "Don't think so", "Haven't got a clue" to "NOT IN A
PINK FIT" (only one of the last one though although it did warm the
cockles of my heart considerably for some reason ;-] ), so I don't
know why at this stage we are having a 72% rejection rate... still
working on it though, as I am also working on my so-called IT guys...
and you blocklisting/blacklisting professionals of course!
Bye... ( well.... for now maybe, depends on the next lot of diatribe I
read I guess!)
That is my revised post... as mentioned above..
However as of this evening I can report that my 7 days are up... in
fact it was approx. 10pm last night Eastern Aussie time... and guess
what... we can now send mail (Hooray)... it has been fun (well not
really to be truthful) being judged as something less than I believe I
really am... actually quite bright (I know... self opinionated)...
MAYBE I made a poor decision on who to pick as my IT people, or MAYBE
I didn't, with the lack of positive suggestions and actual help from
this news group, how am I supposed to know?
Actually I sort of know more now than before (unfortunately, no thanks
to this newsgroup)... I have at least learnt how to set my own
firewall up... I have now blocked port 25 to everything on my LAN
except the mail server... had this been done by my IT guys then I
would have never been here...it wasn't the server that got the virus!
Surprised none of you offered that little bit of information to me,
instead all the rhetoric in support of UCEPTOTECT's policy... which is
still (my opinion) draconian!
stinky
<74060362-de76-46e9...@a8g2000prf.googlegroups.com>,
jfse...@hotmail.com wrote:
> MY definite last word(s)... (re-worded due to moderator intervention)
>
> 1. How about at least THIS suggestion... how about UCEPROTECT at least
> publish to me, and other listees, WHEN we last hit a spam trap so we
> have some idea when our world(s) might resume some modicum of the
> normality we still feel we DESERVE? Surely that doesnh't compromise
> UCEPROTECT's policy that you guys seem to think fair... and I note in
> some posts, too fair?
Do you want them to this for "you" for free? Somehow you still have the
notion that UCEPROTECT owes you something. Remember the whole 'pay for
an expedited expired removal' is what caused this issue. (i.e. they have
other duties).
> 2. Please note that I don't hide behind a threat of blacklisting you,
> if you were to actually want to reply directly to me, whether to vent
> your spleen or... offer suggestions!
Ok, several answers have been given by those that have been involved in
both side of this. I point to Steven Satchell's posts. He came from
being listed to being an advocate to help those that are listed.
> 4. As a business operator, I employed people, who presented themselves
> as IT professionals to set my system(s) up... obviously nowhere near
> as good as some of you that have posted here though because from the
> posts that have been posted... as uncanny as it may appear, you all
> seem so incredibly knowledgeable! Apart from a couple of exceptions,
> not one of you has given me any suggestions that might be even worth
> following up, or any concession that any point I have raised might
> actually be valid, or even worth considering? I say... thanks.... for
> the help from this new group!
Most have telling you what the issues are. You have failed to understand
that UCEPROTECT isn't in business for you or to cater to you.
> 5. It was made obviious to me that one needs to type these posts in
> something that spell-checks, then copy and paste so one doesn't fall
> into the trap of one's intelligence being degraded for a typo...
> surely the content is more important?
>
> I am sure you have read many emails and posts from people where no-one
> capitalises, punctualtes, or even spell words that are remotely close
> to correct, mine was close enough.. although I admit, incorrect...
> doesn't make me a sub-citizen with no right to an opinion.... read
> some of my detractors posts and correct them!
I actually HATE spellings flames and grammar flames. We agree in this
point.
> 6. Yes I trusted my IT contractors to set it up safe, yes they appear
> to have failed... first listing... 7 days... sorry, I still can't
> comprehend any of the posts that have an issue with having a scaled
> system?
Sorry they failed you. Too many IT 'professionals' are not really
professional. I have seen too many people, companies that have been
messed over by these 'professionals'. I am not sure about your
contractors but I have seen it elsewhere.
> 7. Stinky - No I don't think hosting a DNSBL is a free proposition,
> but I do believe if you look at their sponsor page it might become
> clearer to you... IT professionals & businesses selling stuff we
> thought we already bought the equivalent of! And one sponsor's link
> there hasn't worked since the time I have been posting here... perhaps
> they can't sell their products because they too are having problems,
> as I did, perhaps not, I have no idea... do you?
You realize that is isn't free yet you complain about charging for an
escalated removal request. Sadly, these days there are less people
having to do more work. A charge to stop the regular cycles of work is
needed.
> 8. Stephen, yes, perhaps unfortunately we are using a Microsoft
> system... and I have passed on your suggestion to my IT guys regarding
> a Linux front end... perhaps, thanks may be in order for one of the
> few positive suggestions in this thread... more may be revealed if I
> decide to keep coming to this news group.
I am glad that you listened to Stephen. He knows what he is talking
about and it might be good to continue a dialog with him outside of here.
> 9. Matthias, unsure as to how to answer your question/proposition... I
> have asked our on-ramp provider, and some of our client's providers to
> see if they use UCEPROTECT and the responses to date are ranging from
> "No", "Not sure" , "Don't think so", "Haven't got a clue" to "NOT IN A
> PINK FIT" (only one of the last one though although it did warm the
> cockles of my heart considerably for some reason ;-] ), so I don't
> know why at this stage we are having a 72% rejection rate... still
> working on it though, as I am also working on my so-called IT guys...
> and you blocklisting/blacklisting professionals of course!
You need to look at your bounce logs and see who is blocking you and
work from there.
> Bye... ( well.... for now maybe, depends on the next lot of diatribe I
> read I guess!)
>
> That is my revised post... as mentioned above..
>
> However as of this evening I can report that my 7 days are up... in
> fact it was approx. 10pm last night Eastern Aussie time... and guess
> what... we can now send mail (Hooray)...
BUZZ!!!!!!! You have made another mistake. SORRY. You were ALWAYS able
to send emails. Please don't get that wrong. That shows that you don't
understand how DNSBL's work.
> it has been fun (well not
> really to be truthful) being judged as something less than I believe I
> really am... actually quite bright (I know... self opinionated)...
> MAYBE I made a poor decision on who to pick as my IT people, or MAYBE
> I didn't, with the lack of positive suggestions and actual help from
> this news group, how am I supposed to know?
You have stepped into a mess that others have been before. The biggest
problem that I see is that you didn't realize that asking for a
expedited removal request should cost money. UPS charges extra for 1/2
day shipping vs ground shipping. It is a common practice.
> Actually I sort of know more now than before (unfortunately, no thanks
> to this newsgroup)... I have at least learnt how to set my own
> firewall up... I have now blocked port 25 to everything on my LAN
> except the mail server... had this been done by my IT guys then I
> would have never been here...it wasn't the server that got the virus!
Sorry that you didn't give a mapping of your internal networks. Helpful
information can't be given without having all the information needed to
give the helpful information.
> Surprised none of you offered that little bit of information to me,
> instead all the rhetoric in support of UCEPTOTECT's policy... which is
> still (my opinion) draconian!
what is draconian is that people use an OS that is insecure and then
blame everyone else for their misfortunes.
.
E-Mail Sent to this address will be added to the BlackLists
> I have asked our on-ramp provider, and some of our
> client's providers to see if they use UCEPROTECT and the
> responses to date are ranging from "No", "Not sure" ,
> "Don't think so", "Haven't got a clue" to "NOT IN A PINK FIT"
> (only one of the last one though although it did warm the
> cockles of my heart considerably for some reason ;-] ),
> so I don't know why at this stage we are having a 72%
> rejection rate...
What do the rejection messages say, and specifically what
servers are the rejection messages coming from?
Although one message might not have enough info,
many (72% ?) should have plenty of info to track the
issue down, many of the rejects may have nothing to do
with UCEPROTECT. Do all the rejects mention UCEPROTECT
in the message?
--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.
--
Seth
>1. How about at least THIS suggestion... how about UCEPROTECT at least
>publish to me, and other listees, WHEN we last hit a spam trap so we
>have some idea when our world(s) might resume some modicum of the
>normality we still feel we DESERVE? Surely that doesnh't compromise
>UCEPROTECT's policy that you guys seem to think fair... and I note in
>some posts, too fair?
How much accuracy do you want? If they publish the exact time, a
spammer could figure out their spamtraps. They do publish with 1-week
accuracy. So you're quibbling over the details.
> Also, I don't really care that you don't care.. you say
>you provide a service to your clients... as I do (well did),
You don't provide a service to my clients.
> you don't have ownership of all the hardware necessary to make that
>work, the collective world does!
There's no "collective world" that owns stuff. I own some of it.
Other people own other stuff. Some of us [tinu] cooperate and allow
each other some usage of our stuff. Some people do bad things when
permitted usage of my stuff, and get cut off from such usage. It's up
to me to decide who to permit to use my stuff, and up to others to
decide if I should be permitted to use theirs.
Sometimes, people offer advice. Sometimes, other people use their
advice.
>6. Yes I trusted my IT contractors to set it up safe, yes they appear
>to have failed... first listing... 7 days... sorry, I still can't
>comprehend any of the posts that have an issue with having a scaled
>system?
Nobody has an issue with a scaled system. UCEPROTECT chooses to scale
the way _they_ want to.
>Actually I sort of know more now than before (unfortunately, no thanks
>to this newsgroup)... I have at least learnt how to set my own
>firewall up... I have now blocked port 25 to everything on my LAN
>except the mail server... had this been done by my IT guys then I
>would have never been here...it wasn't the server that got the virus!
>Surprised none of you offered that little bit of information to me,
How was anyone here to know you were NATing a whole network to the
same IP as your mail server?
Seth
axlq
>publish to me, and other listees, WHEN we last hit a spam trap
Why would they do that? Such information would potentially reveal
the identity of the spam trap. You have your logs. Look for reject
messages and act on them.
And I fail to understand why you seem to blame UCEPROTECT for your
problems. UCEPROTECT isn't blocking you. Others who agree with
UCEPROTECT's policies are blocking you. If you don't like that,
take it up with those who are blocking you.
>4. As a business operator, I employed people, who presented themselves
>as IT professionals to set my system(s) up... obviously nowhere near
>as good as some of you that have posted here
Obviously. And I'm not being sarcastic.
>not one of you has given me any suggestions that might be even worth
>following up, or any concession that any point I have raised might
>actually be valid, or even worth considering?
What you have posted so far, has been posted before by others, and
considred repeatedly. Try to understand that the responses you
received were given from that background.
>6. Yes I trusted my IT contractors to set it up safe, yes they appear
>to have failed... first listing... 7 days... sorry, I still can't
If you look back in this thread, there are plenty of valid reasons
why 7 days is adequate. Your lack of redundant alternatives (if you
are serious about the importance of email in your business) is not
my problem.
>9. Matthias, unsure as to how to answer your question/proposition... I
>have asked our on-ramp provider, and some of our client's providers to
>see if they use UCEPROTECT and the responses to date are ranging from
>"No", "Not sure" , "Don't think so", "Haven't got a clue" to "NOT IN A
>PINK FIT" (only one of the last one though although it did warm the
>cockles of my heart considerably for some reason ;-] ), so I don't
>know why at this stage we are having a 72% rejection rate...
Maybe the people you spoke to have no technical background to know.
You need to speak with a provider's abuse desk, and not a customer
service person
>Bye... ( well.... for now maybe, depends on the next lot of diatribe I
>read I guess!)
Refrain from posting diatribes of your own, and others will do the same.
>Actually I sort of know more now than before (unfortunately, no thanks
>to this newsgroup)... I have at least learnt how to set my own
>firewall up... I have now blocked port 25 to everything on my LAN
>except the mail server... had this been done by my IT guys then I
>would have never been here...it wasn't the server that got the virus!
>Surprised none of you offered that little bit of information to me,
>instead all the rhetoric in support of UCEPTOTECT's policy... which is
>still (my opinion) draconian!
Blocking port 25 is standard practice. Why would you need anyone
to suggest that? Your so-called "IT professionals" should have had
the knowledge to do that from day 1. You were the one who came in
complaining about UCEPROTECT's policy. You set the direction of
this discussion.
-A
E-Mail Sent to this address will be added to the BlackLists
> 1. How about at least THIS suggestion... how about
> UCEPROTECT at least publish to me, and other listees,
> WHEN we last hit a spam trap
They could, (although many DNSbls don't).
At risk of repeating myself too often;
Why don't you just search your mail server logs for the last
time you hit their spamtraps?
They have made it very obvious, e.g.
550 UCEPROTECT-Policy Server decided: 550 (V3.4-EXPO-####)
You hit a Spamtrap.
Counter to blacklisting increase for your IP.
421 Service not available, closing transmission channel
550 UCEPROTECT-Policy Server decided: 550 (V3.4-EXPO-####)
We have no user with that account here.
No PTR (Reverse-DNS) is assigned to your IP.
Welcome to UCEPROTECT-Level 1.
550 UCEPROTECT-Policy Server decided: 550 (V3.4-EXPO-####)
We have no user with that account here.
Your IP was detected to be a Dialup.
Welcome to UCEPROTECT-Level 1.
{Note I have seen the version #s change, so search your logs
for the "550 UCEPROTECT-Policy Server decided: 550" or some
part of that, or "Welcome to UCEPROTECT" if you are only
concerned with the ones that get your IPs listed, if you
search for just "UCEPROTECT" you might get rejects from
others that use the UCEPROTECT DNSbl.
--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.
--
Matthias Leisi
> not one of you has given me any suggestions that might be even worth
> following up, or any concession that any point I have raised might
> actually be valid, or even worth considering? I say... thanks.... for
> the help from this new group!
We asked questions, which you chose to ignore. You know, we ask such
questions for a particular reason...
Thanks for making us waste our time on you. It won't happen again.
-- Matthias
Martijn Lievaart
> 4. As a business operator, I employed people, who presented themselves
> as IT professionals to set my system(s) up... obviously nowhere near as
> good as some of you that have posted here though because from the posts
> that have been posted... as uncanny as it may appear, you all seem so
> incredibly knowledgeable! Apart from a couple of exceptions, not one of
> you has given me any suggestions that might be even worth following up,
> or any concession that any point I have raised might actually be valid,
> or even worth considering? I say... thanks.... for the help from this
> new group!
How about my advice that if email is so important to your company, you
should give more thought about redundancy or fallback? I think it's very
sound advice. If you don't think so, you're entitled to your opinion, but
don't say you didn't get any useful advice at all.
>
> 5. It was made obviious to me that one needs to type these posts in
> something that spell-checks, then copy and paste so one doesn't fall
> into the trap of one's intelligence being degraded for a typo... surely
> the content is more important?
You misspelled obvious... :-)
> 6. Yes I trusted my IT contractors to set it up safe, yes they appear to
> have failed... first listing... 7 days... sorry, I still can't
> comprehend any of the posts that have an issue with having a scaled
> system?
Then read them again! They are not that difficult to comprehend. But this
time, think as a mail recipient, or an email server operator. Not as a
self assigned victim.
> 8. Stephen, yes, perhaps unfortunately we are using a Microsoft
> system... and I have passed on your suggestion to my IT guys regarding a
> Linux front end... perhaps, thanks may be in order for one of the few
> positive suggestions in this thread... more may be revealed if I decide
> to keep coming to this news group.
Shop around for some advice. The default linux-before-Exchange setup I
encounter often is actually worse than what you have now, as it does not
know valid users from invalid ones.
In fact, Exchange had a very bad rep, and deservedly so. Early release of
Exchange could NOT be secured at all, and had all kind of less fatal but
very annoying bugs. But today, a well set up Exchange server is no threat
to the Internet, contrary what many people will tell you.
But ANY server connected to the Internet, and that includes mail servers
have to be set up very carefully. It's not rocket science, but 99% of so
called Internet savvy IT professionals actually know very little about
that. If you get someone who understands what has happened to you, you've
found a good one. If he doesn't, get someone else.
HTH,
M4
Hal Murray
>At risk of repeating myself too often;
>
>Why don't you just search your mail server logs for the last
> time you hit their spamtraps?
>
> They have made it very obvious, e.g.
>
>550 UCEPROTECT-Policy Server decided: 550 (V3.4-EXPO-####)
> You hit a Spamtrap.
> Counter to blacklisting increase for your IP.
> 421 Service not available, closing transmission channel
....
If the problem was a virus, then it will be hard to search the logs.
If as he says, they cleaned up the virus problems, then that puts
a bound on when something hit UCEPROTECT's spamtraps.
--
These are my opinions, not necessarily my employer's. I hate spam.
phil-new...@ipal.net
| 1. How about at least THIS suggestion... how about UCEPROTECT at least
| publish to me, and other listees, WHEN we last hit a spam trap so we
| have some idea when our world(s) might resume some modicum of the
| normality we still feel we DESERVE? Surely that doesnh't compromise
| UCEPROTECT's policy that you guys seem to think fair... and I note in
| some posts, too fair?
If this impacts you significantly, then you have a significant volume of
outgoing email. So check your logs for when the _first_ instance of being
blocked due to UCEPROTECT occurred, add 1 week, and you will have a rather
good estimate of when the listing will expire ... assuming you are not now
hitting any spamtraps.
| 2. Please note that I don't hide behind a threat of blacklisting you,
| if you were to actually want to reply directly to me, whether to vent
| your spleen or... offer suggestions!
For the most part I do not blacklist my abuse@ address. That is, any
mail server in regular blacklists can still send email to my abuse@
address. However, I do have a special blacklist that abusers of my
abuse@ address can get into, which even blocks access to my abuse@
address. I'm sure you'd never get onto that list.
| 3. Seth, please don't infer I suggested UCEPROTECT lied in any of my
| posts... that's just not cricket, and is in itself an untruth.... what
| I said is that I feel strongly that their policy is beyond the pale -
| you disagree, that is fine, you are allowed your opinion, as I am
| allowed mine. Also, I don't really care that you don't care.. you say
| you provide a service to your clients... as I do (well did), you don't
| have ownership of all the hardware necessary to make that work, the
| collective world does!
Any user of UCEPROTECT is free to make their own exceptions. These are
called whitelists.
| 4. As a business operator, I employed people, who presented themselves
| as IT professionals to set my system(s) up... obviously nowhere near
| as good as some of you that have posted here though because from the
| posts that have been posted... as uncanny as it may appear, you all
| seem so incredibly knowledgeable! Apart from a couple of exceptions,
| not one of you has given me any suggestions that might be even worth
| following up, or any concession that any point I have raised might
| actually be valid, or even worth considering? I say... thanks.... for
| the help from this new group!
Have you actually checked the credentials of the people you employed?
There are a LOT of "paper tigers" out there, people who study for an
MCSE (which doesn't test for any real world scenarios like this) and
people who simply stuff their resumes.
Maybe quiz them about email blacklists. Ask them how they go about
making a mail server solidly secure against any form of spammer abuse
as a vector fo spamming.
| 5. It was made obviious to me that one needs to type these posts in
| something that spell-checks, then copy and paste so one doesn't fall
| into the trap of one's intelligence being degraded for a typo...
| surely the content is more important?
s/obviious/obvious/ :-)
| I am sure you have read many emails and posts from people where no-one
| capitalises, punctualtes, or even spell words that are remotely close
| to correct, mine was close enough.. although I admit, incorrect...
| doesn't make me a sub-citizen with no right to an opinion.... read
| some of my detractors posts and correct them!
I prefer that people NOT use spell checkers. That way I can get a
better understanding of their level of education, etc. Spelling errors
are different from typos, and a small number of errors mean nothing.
Consistent patterns in errors do, however.
| 6. Yes I trusted my IT contractors to set it up safe, yes they appear
| to have failed... first listing... 7 days... sorry, I still can't
| comprehend any of the posts that have an issue with having a scaled
| system?
Contracted? Cancel contract and get new ones. Include requirements
to be secure with specific financial penalties for failures.
| 7. Stinky - No I don't think hosting a DNSBL is a free proposition,
| but I do believe if you look at their sponsor page it might become
| clearer to you... IT professionals & businesses selling stuff we
| thought we already bought the equivalent of! And one sponsor's link
| there hasn't worked since the time I have been posting here... perhaps
| they can't sell their products because they too are having problems,
| as I did, perhaps not, I have no idea... do you?
How is it that selling stuff depends so heavily on email?
Didn't you know that email is dying out because so many networks just
can't configure correctly?
| 8. Stephen, yes, perhaps unfortunately we are using a Microsoft
| system... and I have passed on your suggestion to my IT guys regarding
| a Linux front end... perhaps, thanks may be in order for one of the
| few positive suggestions in this thread... more may be revealed if I
| decide to keep coming to this news group.
One frustration I hear about so much, and have experienced in a couple
jobs, is that _managers_ dictate that Microsoft be used instead of some
system that is easier to secure and manage and is more reliable. The
techies don't get a say; they do it the way management wants (even if
it is wrong and doomed to failure), or they move on.
So how is it your case is different? How is it that your business cannot
seem to specify what you want?
| 9. Matthias, unsure as to how to answer your question/proposition... I
| have asked our on-ramp provider, and some of our client's providers to
| see if they use UCEPROTECT and the responses to date are ranging from
| "No", "Not sure" , "Don't think so", "Haven't got a clue" to "NOT IN A
| PINK FIT" (only one of the last one though although it did warm the
| cockles of my heart considerably for some reason ;-] ), so I don't
| know why at this stage we are having a 72% rejection rate... still
| working on it though, as I am also working on my so-called IT guys...
| and you blocklisting/blacklisting professionals of course!
I'm not running your network, or reviewing your logs, or have any insider
knowledge of your network, so I cannot say why you have a high rejection
rate. I might be able to get _some_ info without a lot of effort based
on a list of all your IP address ranges (of the outgoing server machines).
| Bye... ( well.... for now maybe, depends on the next lot of diatribe I
| read I guess!)
|
| That is my revised post... as mentioned above..
|
| However as of this evening I can report that my 7 days are up... in
| fact it was approx. 10pm last night Eastern Aussie time... and guess
| what... we can now send mail (Hooray)... it has been fun (well not
| really to be truthful) being judged as something less than I believe I
| really am... actually quite bright (I know... self opinionated)...
| MAYBE I made a poor decision on who to pick as my IT people, or MAYBE
| I didn't, with the lack of positive suggestions and actual help from
| this news group, how am I supposed to know?
If the rejection rate just suddenly dropped from 72% to 0%, then that is
quite amazing that so many are using UCEPROTECT. I use it. But I use a
few others, too. Other networks are using it exclusively? And so many
of them. I'm impressed.
| Actually I sort of know more now than before (unfortunately, no thanks
| to this newsgroup)... I have at least learnt how to set my own
| firewall up... I have now blocked port 25 to everything on my LAN
| except the mail server... had this been done by my IT guys then I
| would have never been here...it wasn't the server that got the virus!
| Surprised none of you offered that little bit of information to me,
| instead all the rhetoric in support of UCEPTOTECT's policy... which is
| still (my opinion) draconian!
This isn't a forum on how to setup a network properly. That should be learned
in other ways. If you are hiring IT professionals, that should be part of the
package. Any decent IT person would know to do all this stuff from the get-go.
I will agree with you on this one point: UCEPROTECT's policy is draconian.
But that's WHY I like it. That's why I use it. I believe it is necessary
and essential to take draconian measures, given so many of the things that
spammers are doing.
BTW, even though you post from googlegroups.com, I can see your post when it
is a part of a thread that some who don't use googlegroups.com post in. But
I won't see any newly initated posts from googlegroups.com. Google is doing
a horrible job of blocking OUTgoing spam, both in usenet and email. I am on
the verge of blocking their email service here, too (spam levels are about 3x
the legitimate mail levels, when looking at what comes from Google). Other
networks would have been blocked long ago well below that level.
--
|WARNING: Due to extreme spam, googlegroups.com is blocked. Due to ignorance |
| by the abuse department, bellsouth.net is blocked. If you post to |
| Usenet from these places, find another Usenet provider ASAP. |
| Phil Howard KA9WGN (email for humans: first name in lower case at ipal.net) |
Shmuel (Seymour J.) Metz
08/18/2008
at 10:22 PM, jfse...@hotmail.com said:
>Sorry Stephen I don't think you get it...
Well, somebody doesn't get it ;-)
>but I still think there needs to be a "bigger
>picture" element included in UCEPROTECT's policy.
There is, and you don't like the results.
> I already said how the other lists allowed
>re-instatement without a 7 day cooling off period or a payment.
What you haven't said is why it is relevant.
>What more do you or they want?
How about accepting responsibility for your own actions?
>We didn't write the virus that infected one of our PCs,
You did, however, operate them in a fashion that made them vulnerable.
>All our PCs are
Running insecure software.
>loaded with up to date anti-virus software!
That's a band-aid when the underlying software is a swiss cheese.
>what more are we supposed to have done?
What others have already told you. Run secure software. Monitor your
network.
>As for hysteresis, all for it, when warranted.
No you're not; you're for it when it doesn't inconvenience you.
>Surely a "7 day cut-off from the world penalty" for a
>one-off offence,
Get your straw dummies while they're fresh! You have two contrary to fact
assumptions in that one phrase.
>I also took offence at UCEPROTECT's notation that if legal action were
>taken against them for a blocklist then the IP in question would be
>listed until litigation was finalised...
I'd take offense if they did it covertly, but as long as they follow their
published policy it doesn't give me heartburn.
>are you seriously telling me
>that you would agree with that policy in all cases?
No, he hasn't told you yet, but it is not an unreasonable policy. It
affects, of course, the potential users' evaluations of suitability for
particular purposes.
>Everything about the the way UCEPROTECT operates infers that every
>listing, every IP address detected by a spam trap deserves it!
You are the one doing the inferring. AFAIK there is no 7 day waiting
period for correcting errors.
>They are to blame and UCEPROTECT have no responsibility to anyone
>except their "paying" customers... and if you aren't one
>"well tough!"
If spam comes from your network then it is appropriate to list you. Their
policy is simply that they will not help you to externalize your costs.
>A bit rich when they can have such an impact on those innocently
>caught out,
Those using that type of DNSBL don't care about guilt, they care about
risk. If you run your network in such a way that it is risky to accept
traffic then they don't care if you are pure as the driven snow. Results
count, not excuses.
>despite their best efforts.
There were no best efforts in your case; you were negligent.
>Anyway, Stephen I have already given in, you and UCEPROTECT's belief
>that everyone is a deliberate spammer until proven otherwise
Lying about Steven's beliefs won't hurt Steven and could harm you.
>Perhaps if you were still on an abuse desk rather than allowing
>computers to determine whether the collective "we" (our IP addresses
>anyway) are innocent or otherwise, then maybe, just maybe the world
>would be a more compassionate and human world?
Yes, Steven should be more compassionate to abusers, as Afterburner was.
;-)
What you keep missing is that your network was *not* innocent. The listing
was due to negligence, and no amount of spin control will alter that fact.
All that you can accomplish by denying it is to convince some admins to
block your network preemptively, should you convince them that they can't
trust you to clean up your act.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
Shmuel (Seymour J.) Metz
08/19/2008
at 08:49 PM, jfse...@hotmail.com said:
>I really think some of you "professional" spam killers need to step back
>and look at the woods not the trees.
Well, somebody does.
>I have never been in a debate with so many narrow minded, self-
>justifying BINARY people in my life...
PKB. From where I sit, you lack the objectivity to make a credible
analysis of a bunch of people about whom you know nothing. You cane in
here with a chip on your shoulder and went downhill from their.
>Please................. step outside - breathe the air and smile!
Demonstrate your sincerity.
>Why is it so hard to understand the principal of innocent until proven
>guilty?
Why do you keep raising straw dummies instead of debating the real issues?
So far the only one that lacks understanding is you. And BTW, where is
*your* presumption of innocence with regard to UCEPROTECT and the members
of this news group?
>Courts
A sysadmin is not a judge, he's a gatekeeper. Like your neighbor bar
owner, he doesn't need to ask twelve good men and true whether to let you
in.
>Why is the IT fraternity is so single-minded as to think accidents
>just can't happen?
Why do you cheat on your wife?
>Why is it the IT fraternity think ignorance of the depths to which virus
>makers and spam creators can go to is not a decent reason to cut the
>sentence,
Why is it that you're out of jail? See, you're not the only one that can
ask pointless rhetorical questions. The fact is that refusing access is an
exercise in private property and not a penal sentence.
>especially if the end-user of products sold and
>supported worldwide thought they had done everything as the book said?
A sysadmin is not a social worker.
>If we (the IT consumers) weren't paying so-called IT professionals, so-
>called anti-virus software providers, so-called operating system
>providers to provide systems that work, then I would understand...
You *AREN'T* paying UCEPROTECT, so they don't owe you any services.
>if you guys are so brilliant, make a system that is foolproof,
>spamproof, virusproof AND user -friendly ,
I want a pony.
>then we'd all buy IT instead of the
>systems we have already purchased!
No you wouldn't. Google for Gresham's law.
>Don't shoot the fallen,
We (TINW) aren't policemen or soldiers. Even if we were, "He needed
killing" is no substitute for official orders.
>what part of this concept is hard to comprehend?
The part where your unwarranted assumptions are critical.
>Of course we could all switch to Linux
I see a game of "Yes, but" coming.
>[the geeks choice], and it's variants.... you are all kidding right
As I thought, you don't really care about the same problem that we do.
>get the user friendly bit happening
So by you windoze is user friendly?
> after all, I'm old enough to remember the variants of DOS!
As I thought, a newbie.
>As I said before I give up...
ObPiratesOfPenzance.
In <74060362-de76-46e9...@a8g2000prf.googlegroups.com>, on
08/21/2008
at 11:33 AM, jfse...@hotmail.com said:
>Apart from a couple of exceptions, not one of you has given me any suggestions that might be even worth following up,
ITYM that you reused to follow up good suggestions.
>or any concession that any point I have raised might
>actually be valid,
Did you want us (TINU) to lie in order to make you feel good? Do you
understand the difference between conceding a valid point and pretending
that an invalid point is valid?
>so I don't know why at this stage we are having a 72% rejection rate.
Have you read the rejection messages? Talked to the postmasters?
>with the lack of positive suggestions and actual help
Rejecting positive suggestions and actual helps tends to convince people
that you aren't really interested in help, and they expend their efforts
elsewhere.
>instead all the rhetoric in support of UCEPTOTECT's policy
It was *YOU* that made UCEPROTECT the issue. Had you instead asked for
help in cleaning up your network, and had you been open to the
suggestions, then you would have gotten a lot more help.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
--
jfse...@hotmail.com
FYI
IT Guys I used - no longer employed by me...
A redundancy set up almost complete with new IT guys... just waiting
an onother broadband connection, second server already installed and
ready to go.
Logs told me nothing... it was a virus as my first post said...
unfortunately the spammer who made the virus didn't have the
consideration to leave me log files.
As for the logs all they said were..."Error code 10060. The host was
either not contactable or it rejected your connection" and the
messages themselves are set not to bounce back to the sender - only a
message generated by MailEnable (recommended by the first IT guys
instead of the generic Microsoft one) which basically says there is
either a delay or a failure. Error code 10060, means time-out
apparently?
Can't currently find anyone local to me that is remotely interested in
setting up a Linux buffer between my Microsoft network and the
internet... but, still researching.
We have initiated regular port 25 traffic checks and log checks,
albeit we haven't needed this measure for the previous 6 years (i.e.
when we installed our own mail server).
We have, as a result of recent event now spent rather a large number
of dollars & heaps of time due to this blockage and the apparent need
to throw yet more money at IT guys, hardware & software providers...
makes the 50 Euros pale into insignificance really I guess, but that
would only line UCEPROTECT's pockets and do nothing to improve my
actual problem... caused by said trojan or whatever it was (Cutwail
Virus).
Another note (which I think already posted)... I too use
Blocklisting(s) to reduce incoming spam to my server, I agree there is
a need for them... but 7 days?
As for the question as to why we went from 72% rejection to 0%
instantly - I have no idea. I have noticed that Spamcop has a bit to
say about Telstra (my on-ramp) and bigpond (Telstra's sister company)
changing port 25 rules, perhaps I was blocked by them either because
of UCEPROTECT... or perhaps not, I have no way of knowing? Needless
to say I have been needling them as much as this group since our mail
first had problems.. and it MAY be coincidence that I was cleared the
same day UCEPROTECT dropped me off their list, I have no way of
knowing! All I know is mail started leaving my server after I was
dropped from UCEPROTECT's list...
So I am posting this to terminate my involvement with this thread
(although I am sure I have said that twice before). I am really
posting this to let you know that I DID read what was posted and to
admit that when I thought more about the bigger picture you all
painted, I could see why you are so motivated. It is still (in my
opinion) a shame however that the majority of you see the need to
support UCEPROTECT's 7 day policy!
Re. said UCEPROTECT policy, I agree it is their server and they have
the RIGHT to do what THEY want, as you collectively pretty well said
(over and over again...LOL). I will still disagree with where that
policy currently sits however... which is MY RIGHT!
PS Hate yelling (capitals) how does one get to use bold here?
PPS I threw a few spellos in there to keep those that see the need...
something else to post!
E-Mail Sent to this address will be added to the BlackLists
> If the problem was a virus, then it will be hard to
> search the logs.
>
> If as he says, they cleaned up the virus problems,
> then that puts a bound on when something hit
> UCEPROTECT's spamtraps.
... so he could expect delisting about seven days after he
fixed his issues. That should have been obvious.
The only reason I can see for him asking,
is he is not certain that the spam stopped,
when he fixed that particular issue.
If the trojaned PC sent the Spam direct, and not through
its configured mail servers.
--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.
--
Martijn Lievaart
> PS Hate yelling (capitals) how does one get to use bold here?
There's *bold*, _underline_ and /italics/. Many newsreaders will even
render that correctly.
M4
Hal Murray
jfse...@hotmail.com writes:
>Hi
>FYI
>
>IT Guys I used - no longer employed by me...
>
>A redundancy set up almost complete with new IT guys... just waiting
>an onother broadband connection, second server already installed and
>ready to go.
Would you have done anyhing if UCEPROTECT had let you get unlisted
easily?
You seem to be trying to convince us that UCEPROTECT is the bad guy.
How about looking for others to blame?
Here is my list:
The user/employee that clicked on the link that infected his PC.
The anti-virus software that didn't catch it.
The OS that needs anti-virus software.
The IT guys that didn't teach you about that mess.
The manager who selected the IT guys, OS, anti-virus crap,
and hired the user...
I don't know much about Windows. I'm pretty sure if you run Windows
and let people click random things, you will eventually get infected
like this. It's just a matter of some virus getting lucky enough to
get past your anti-spam filters and find one of your (l)users before
the anti-virus companies add it to their tables.
It seems to me that 50 Euros is a "medium" size penalty. If it was
10K Euros, you probably couldn't afford it. If it was 2 cents, you
wouldn't notice it. 50 Euros is enough to make you pay attention
but not very much if you consider how much time you have spent here
complaining about it.
Did you consider deducting it from what you pay the IT guy or the
user who got infected?
--
These are my opinions, not necessarily my employer's. I hate spam.
--
Shmuel (Seymour J.) Metz
08/23/2008
at 11:15 PM, jfse...@hotmail.com said:
>It is still (in my
>opinion) a shame however that the majority of you see the need to support
>UCEPROTECT's 7 day policy!
It is a shame that we need DNSBL's at all. It's not something that the
admins are doing because it's cool; they're doing it because the spammers
have made it necessary. I'm not the only one here to remember when
maintaining an open relay was consider to be a socially desirable thing to
do; the spammers killed that early on.
Get your congresscritter to pass an "Orson Swindle" law and maybe the
admin's won't need to be quite as proactive.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
--
jfse...@hotmail.com
relatively easily by filling out a form as we did with the others,
then maybe I wouldn't have done everything I have to date. Some of
it, definitley, but all of it, I sadly doubt it.
Having settled a little since de-listing, I have as you can see kept
monitoring this thread. Some of you that have read all my posts will
have noted that I am somewhat less "antagonistic" and perhaps a little
more accepting of the predicament we got ourselves into.
So again Hal, my hat goes off to you for my next comment...
I still think 50 Euros or 7 days is extortion, a lot of the posts here
whinged about the cost of these systems and commented on "who" is
paying for them (a number of them thought I should pay the lot!).
I am pretty sure Jimbo... and I know for certain I, would have paid 10
Euros for an express de-listing AND would, as I have said on numerous
previous posts, accepted a 7 day secondary listing if we hadn't
actually fixed the problem and re-offended.
That is 20 Euros that I believe UCEPROTECT has missed out on, just
from this thread... and countless knows how many others over a long
period of time.
Now on the other hand Hal... UCEPROTECTS website doesn't exactly say
whether 7 days is from the time they caught the first Spam from my PC,
or the last... and gosh, yes... it took, we think... about 24 hours
to become fully aware & isolate the PC in question... so was I blocked
for 7 days from that day (when spam would have stopped) or 7 days from
the first day, which as I just said we believe was 24 hours later? 24
hours mattered a lot to me... hence my reference to some kind of a
deadline being published on UCEPROTECT's website... (hence the new
redundancy plan).
Please note everyone that keeps referring me to the logs - it *was* a
virus... hence no outbound logs! Yes I saw the rejections in the
logs.. and we wasted time (in hind-sight) complaining to our on-ramp
provider first, because of the obtuse message our logs show which I
posted earlier... then... we checked the listings (yet another
revision in our procedures manual).
Seymour J... unnecessary reference to my wife... whom I love
dearly.... she's been very ill and off work since April and in
hospital currently... not that you probably give a hoot! (Surprised
you got that through the moderator, considering the mild things I
tried to post and had rejected). For one who was looking in his
wriiten text to seem so righteous and intellectual, you failed if it
was directed at, or to me!
Sorry to have wasted so much of your time... nobody however had to
post anything if you didn't want to... a couple of posts implied it
was a waste of time being here... so don't be here, if communicating
with me is a waste of your time! It is however a forum... and I had
something to say.
Fred Mobach
> Please note everyone that keeps referring me to the logs - it *was* a
> virus... hence no outbound logs!
Might I suggest another setup where :
- clients sent e-mail via an internal e-mail server
- the firewall accept outgoing e-mail from the e-mail server
- the firewall doesn't accept outgoing e-mail from the clients.
That might save you some time and money and us (tinu) some spam.
--
Fred Mobach - fr...@mobach.nl
website : http://fred.mobach.nl
.... In God we trust ....
.. The rest we monitor ..
--
David W. Hodgins
> I still think 50 Euros or 7 days is extortion, a lot of the posts here
> whinged about the cost of these systems and commented on "who" is
> paying for them (a number of them thought I should pay the lot!).
Would you prefer a 7 day listing, with no chance of early delisting?
That way the automated software could handle the task, without any manual
intervention, required by the administrators. Much less work for the
blocklist operators, that way.
> Now on the other hand Hal... UCEPROTECTS website doesn't exactly say
> whether 7 days is from the time they caught the first Spam from my PC,
> or the last... and gosh, yes... it took, we think... about 24 hours
>From http://www.uceprotect.net/en/
"The truth is: Every IP listed will expire 7 days after the LAST abuse
is detected, and FREE of charge."
Seems pretty clear to me.
I prefer the approach of blocking all ip addresses owned by a spam sending
system permanently, unless a whitelisting is requested by a recipient.
While you've had to learn, the hard way, that many people here have no sympathy
for the admin of a system that sends spam, at least you have learned. Many make
the mistake of resorting to legal threats, and end up in many permanent blocklists,
as a result.
I'm glad that you've learned, for example, that port 25 blocking on m$ end user
systems is needed.
I understand that you feel that the charge for early delisting is not appropriate.
But be careful, what you ask for. :)
There are two obvious alternatives, should they choose do drop the fee. Free early
delisting (at least for the first listing), which is the option you'd like, or no
option for early delisting. Which do you think the admins would choose, if they did
decide to drop the fee?
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Seth
<jfse...@hotmail.com> wrote:
>Please note everyone that keeps referring me to the logs - it *was* a
>virus... hence no outbound logs!
Why does your firewall permit machines that aren't supposed to send
mail to make any outgoing connections on Port 25? (More importantly,
to receive ACKs to Port 25?)
Seth
Artie Lange
> In article <f95321b7-15be-41b6...@c65g2000hsa.googlegroups.com>,
> <jfse...@hotmail.com> wrote:
>
>> Please note everyone that keeps referring me to the logs - it *was* a
>> virus... hence no outbound logs!
>
> Why does your firewall permit machines that aren't supposed to send
> mail to make any outgoing connections on Port 25? (More importantly,
> to receive ACKs to Port 25?)
>
> Seth
>
AND! If those connections are allowed even by mistake, there should be a
log entry in the firewall, I would hope.
phil-new...@ipal.net
| Seth wrote:
|> In article <f95321b7-15be-41b6...@c65g2000hsa.googlegroups.com>,
|> <jfse...@hotmail.com> wrote:
|>
|>> Please note everyone that keeps referring me to the logs - it *was* a
|>> virus... hence no outbound logs!
|>
|> Why does your firewall permit machines that aren't supposed to send
|> mail to make any outgoing connections on Port 25? (More importantly,
|> to receive ACKs to Port 25?)
|>
|> Seth
|>
|
| AND! If those connections are allowed even by mistake, there should be a
| log entry in the firewall, I would hope.
Stored safely away in whatever is leftover from the 4MB of flash memory after
the OS image?
--
|WARNING: Due to extreme spam, googlegroups.com is blocked. Due to ignorance |
| by the abuse department, bellsouth.net is blocked. If you post to |
| Usenet from these places, find another Usenet provider ASAP. |
| Phil Howard KA9WGN (email for humans: first name in lower case at ipal.net) |
--
Grant
>>From http://www.uceprotect.net/en/
>
> "The truth is: Every IP listed will expire 7 days after the LAST abuse
> is detected, and FREE of charge."
>
> Seems pretty clear to me.
I think that what jfse...@hotmail.com was saying is that there's not an
indicator on the uceprotect site of when the 7 day clock started.
While I tend to agree that such an indicator would be a nice thing to
have (whether that be a date the last offending message was received, or
a countdown clock, or a note of what day the listing will fall off) my
guess is that would possibly cut down on the amount of "express
delisting" payments received. It's possible that some admins would
weigh the cost of the $50 against the cost of being listed for another X
days and make a judgment call.
As it stands now, the only thing you can safely assume if listed is that
if you don't pay the fee, then you ought to figure it'll be 7 days.
Grant T.
og...@yahoo.com
972-805-0579
Shmuel (Seymour J.) Metz
08/25/2008
at 04:48 PM, jfse...@hotmail.com said:
>I still think 50 Euros or 7 days is extortion,
Would you be happier if they allowed you to post a sizable bond, to be
forfeit if more spam comes out of your network over the next 30 days?
Again, inflated accusations just destroy your credibility.
>That is 20 Euros that I believe UCEPROTECT has missed out on, just from
>this thread...
And probably 100 Õ in costs that they've saved. Their expedite fee is
almost certainly too low to pay their expenses.
>(a number of them thought I should pay the lot!).
There you go again!
>Please note everyone that keeps referring me to the logs - it *was* a
>virus... hence no outbound logs!
Then you should be blocking outbound port 25.
>Seymour J... unnecessary reference to my wife
Whoosh! I was illustrating why it is improper for you to ask questions
that are really accusations contrary to fact. You seem to believe that it
depends on whose ox is gored.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
--