Please remove 69.238.46.131 - SORBSduhl/RangerSBL/RRBL
sthornley
dynamically allocated IP addresses. This is for a statically allocated,
T1 account. At SORBS, the block record for 69.238.46.0/24 was created
on 11/21/05, by person/organization unknown.
1) I've tried to create a ticket with SORBS on 12/8. While their
support/get help submission screen appeared to have accepted the data,
I was never given a ticket #. Later attempts do not appear to even
accept the data, merely stating that the address in question is in a
block of dynamically allocated addresses.
2) I've sent in a request to SBC to contact SORBS to rectify the
situation. I've not heard back from SBC, but will be contacting them
again,
3) I've had a PTR record created by SBC, so a reverse lookup now
succeeds. Yep, I'm a new sysadmin so bring on the mocking comments.
Better yet, point me to a URL that has a good checklist regarding "How
not to end up on a blacklist"
But in the meantime, would you please consider removing the one IP
address from the black lists, or better yet, remove our address block
(69.238.46.128/26) from the black lists?
Regards,
Scott Thornley
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Dave Platt
sthornley <sc...@sathornley.net> wrote:
>I'm not sure how this wound up as being shown as being in a block of
>dynamically allocated IP addresses. This is for a statically allocated,
>T1 account. At SORBS, the block record for 69.238.46.0/24 was created
>on 11/21/05, by person/organization unknown.
I can't speak for SORBS or the other lists (not having anything to do
with their operation).
I suspect, however, that your IP address ended up in a these lists not
because it's dynamically allocated, but because it's in a block of IP
addresses whose reverse DNS is extremely generic.
Although your own IP address has a reasonable PTR (to
"venus.nlayers.com", which resolves back to 69.238.46.131), a lot of
the other entries in this /24 have PTRs like
69-238-46-135.ded.pacbell.net
In other words, they don't point back to the actual customer... only
to the ISP... and this means that anybody trying to "do the right
thing" to report abuse on these addresses to the responsible party is
going to be led back to PacBell.
I'm sorry to say that PacBell and its SBC cousins do not have the
world's most wonderful reputation for acknowledging (let alone
responding in a meaningful way to) reports of spamming.
The "ded" presumably means "dedicated" (meaning "not dynamic") but
from the point of view of identifying the actual *responsible*
customer this PTR record is no more useful than something which reads
".dynamic." or ".dhcp." or ".adsl." or something else of that nature.
I believe that there are some DNSBLs which have a habit of lumping
truly-dynamic IP blocks (DHCP, PPPoE, etc.) together with those which
might be statically-allocated but which have so little meaningful
reverse-DNS-to-the-customer-level that they're effectively anonymous.
>1) I've tried to create a ticket with SORBS on 12/8. While their
>support/get help submission screen appeared to have accepted the data,
>I was never given a ticket #. Later attempts do not appear to even
>accept the data, merely stating that the address in question is in a
>block of dynamically allocated addresses.
I suspect that SORBS is one of those lists which doesn't try to draw a
distinction between "a large block of dynamically-allocated addresses"
and "a large block of addresses, which might or might not be
dynamically allocated, but which have little or no to-the-customer
trackability and might as well be dynamically-allocated."
>2) I've sent in a request to SBC to contact SORBS to rectify the
>situation. I've not heard back from SBC, but will be contacting them
>again,
I wish you the best of luck. I don't think it would be a good idea
for you to hold your breath while waiting for SBC on this one.
--
Dave Platt <dpl...@radagast.org> AE6EO
Hosting the Jade Warrior home page: http://www.radagast.org/jade-warrior
I do _not_ wish to receive unsolicited commercial email, and I will
boycott any company which has the gall to send me such ads!
phil-new...@ipal.net
| I'm not sure how this wound up as being shown as being in a block of
| dynamically allocated IP addresses. This is for a statically allocated,
| T1 account. At SORBS, the block record for 69.238.46.0/24 was created
| on 11/21/05, by person/organization unknown.
The 69.238.46.0/24 block consists almost entirely of generic addresses.
That's probably why it got listed at least on some lists. On others it
could be because it is SBC. Maybe they will make an exception for your
address, if they are in the practice of making lots of exceptions.
| 1) I've tried to create a ticket with SORBS on 12/8. While their
| support/get help submission screen appeared to have accepted the data,
| I was never given a ticket #. Later attempts do not appear to even
| accept the data, merely stating that the address in question is in a
| block of dynamically allocated addresses.
Given that SBC/Pacbell won't put proper rDNS names on 254 of these, I can
see how it got labeled as dynamic. But it is generic for sure (except
your address, which has different rDNS).
| 2) I've sent in a request to SBC to contact SORBS to rectify the
| situation. I've not heard back from SBC, but will be contacting them
| again,
I bet you never will. The attitude of SBC is that any blacklisting of
SBC's address is strictly the fault of the blacklist. I've dealt with
one SBC abuse staff member regarding an ongoing "spam attack" where one
of their customers was hitting one of my mail servers at a rate of about
15 attempts per second trying to relay email through it. It never was
an open relay, and all attempts were being rejected. But it continued
for most of the day until close to a million attempts were made. The
person at SBC basically said they would do nothing about it giving a
reason that basically was the same as "we're the phone company".
| 3) I've had a PTR record created by SBC, so a reverse lookup now
| succeeds. Yep, I'm a new sysadmin so bring on the mocking comments.
| Better yet, point me to a URL that has a good checklist regarding "How
| not to end up on a blacklist"
I'm glad you got that done. I block "ded.pacbell.net" by name, and so
with your rDNS, it won't be affected. But I do use some other lists so
it might be, anyway. So I whitelisted your domain name.
| But in the meantime, would you please consider removing the one IP
| address from the black lists, or better yet, remove our address block
| (69.238.46.128/26) from the black lists?
We'll have to see what they do.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
Morely Dotes
@g49g2000cwa.googlegroups.com:
> 2) I've sent in a request to SBC to contact SORBS to rectify the
> situation. I've not heard back from SBC, but will be contacting them
> again,
Imagine how responsive they are to non-customers. :-(
> 3) I've had a PTR record created by SBC, so a reverse lookup now
> succeeds. Yep, I'm a new sysadmin so bring on the mocking comments.
Everyone is new at some point (and if TPTB decide on a change of
software, could be "new" again). Being new is not cause for mocking.
Refusing to learn could be (I don't see any evidence of that here,
though).
> Better yet, point me to a URL that has a good checklist regarding "How
> not to end up on a blacklist"
You might consider creating one. After all, you're getting first-hand
experience at what not to do (and I bet you wish it was someone else's
experience).
> But in the meantime, would you please consider removing the one IP
> address from the black lists, or better yet, remove our address block
> (69.238.46.128/26) from the black lists?
Let's take a look.
nLayer seems to have a good SWIP, so that's no problem. SBC is not
doing you any real favors with it; they still list themselves as the IP
range contacts, essentially telling the world "don't trust our customer;
we don't:"
[whois.arin.net]
SBC Internet Services SBCIS-SIS80 (NET-69-224-0-0-1)
69.224.0.0 - 69.239.255.255
Amir Horovitz dba nLayers, Inc SBC06923804612826050309121449 (NET-69-238-
46-128-1)
69.238.46.128 - 69.238.46.191
# ARIN WHOIS database, last updated 2005-12-14 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[whois.arin.net]
CustName: Amir Horovitz dba nLayers, Inc
Address: Private Address
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2005-03-09
Updated: 2005-03-09
NetRange: 69.238.46.128 - 69.238.46.191
CIDR: 69.238.46.128/26
NetName: SBC06923804612826050309121449
NetHandle: NET-69-238-46-128-1
Parent: NET-69-224-0-0-1
NetType: Reassigned
Comment: Abuse contact ab...@swbell.net, Technical contact
n...@sbcis.sbc.com
RegDate: 2005-03-09
Updated: 2005-03-09
RTechHandle: PIA2-ORG-ARIN
RTechName: IPAdmin-PBI
RTechPhone: +1-800-648-1626
RTechEmail: pb...@txmail.sbc.com
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern Bell Internet
OrgAbusePhone: +1-800-648-1626
OrgAbuseEmail: ab...@sbcglobal.net
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern Bell Internet Services
OrgNOCPhone: +1-800-648-1626
OrgNOCEmail: sup...@swbell.net
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-800-648-1626
OrgTechEmail: IPAdmi...@sbis.sbc.com
You may want to consider changing the domain contact email address, too;
a YAHOO account doesn't encourage confidence in the domain's legitimacy
for anyone who doesn't know you personally:
Gili Raanan
nLayers
10258 Cold Harbor
Cupertino, CA
95014
US
Email: gilir...@yahoo.com
Voice: +1.4084826913
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
Marcus Aurelius
> 2) I've sent in a request to SBC to contact SORBS to rectify the
> situation. I've not heard back from SBC, but will be contacting them
> again,
With a couple of simple adjustments to DNS you should be able to get
delisted on your own by using SORBS' DUHL exclusion form.
For this to work, you'll need to increase the TTL of your records in
DNS.
Your MX record on nlayers.net has a TTL of 300 seconds.
The A record for venus.nlayers.net also has a TTL of 300 seconds.
The PTR record in rDNS has a TTL of 7200 seconds.
Make all of those 12 hours (43200 seconds) or more and you'll be
eligible for delisting according to SORBS' criteria.
As things are now, it looks like yous site is ready to up and move
somewhere else (after being terminated for AUP violations?) and be ready
for operations in 5 minutes. Hardly very "static" looking.
--
MA
Marcus Aurelius
> You may want to consider changing the domain contact email address, too;
> a YAHOO account doesn't encourage confidence in the domain's legitimacy
> for anyone who doesn't know you personally:
Isn't it also a violation of Yahoo TOS?
--
MA
Matthew Sullivan
> I can't speak for SORBS or the other lists (not having anything to do
> with their operation).
I can ;-)
> I suspect, however, that your IP address ended up in a these lists not
> because it's dynamically allocated, but because it's in a block of IP
> addresses whose reverse DNS is extremely generic.
>
> Although your own IP address has a reasonable PTR (to
> "venus.nlayers.com", which resolves back to 69.238.46.131), a lot of
> the other entries in this /24 have PTRs like
>
> 69-238-46-135.ded.pacbell.net
>
It'll get removed from SORBS automatically if we don't get to it first SBC have
confirmed rDNS of '.ded.pacbell.net' indicate dedicated links to CPEs.
Regards,
Mat
Cameron L. Spitzer
> I'm not sure how this wound up as being shown as being in a block of
> dynamically allocated IP addresses. This is for a statically allocated,
> T1 account. At SORBS, the block record for 69.238.46.0/24 was created
> on 11/21/05, by person/organization unknown.
I stopped using SORBS after some false positives. I doubt SORBS
is the biggest problem you're going to have with 69.238.46.131.
The real problem with sending from SBC's space is thousands
of unpublished block lists. SORBS is the tip of the iceberg
you just hit.
The problem is it's one IPA in a /16 (64K IPAs) that are
99.9% not supposed to be sending email, many of them trojaned and
spamming like hell, and owned by an imperious corporation with
(effectively) no abuse response.
In terms of SMTP connectivity, you are in one of the worst slums
in the world. We are blocking SBC a /16 at a time now.
I'm sure thousands of other admins are doing the same, and thousands
more are blocking all SBC and then whitelisting inside it.
Do yourself a big favor. Save time, risk, and money.
Get your business a second account someplace else, with IPAs
in a much better network neighborhood.
Keep the cheap DSL connectivity, but don't
bother trying to send email from the IPs that came with it
from SBC. Relay your outbound email through the account
at the better place.
Cameron
sthornley
like, after doing some more reading about other's woes on this list.
Ranger and SORBS admins, if I were to get PTR records that point to
nlayers.com rather than PAC Bell/SBC for our /26, would that be enough
to get us off your lists? I know playing whack-a-mole with records is a
pain in the butt, but this would mean only 3 records for the /24.
Regarding SBC - " We don't care, We don't have to. We're the phone
company" pretty much says it all. -Only 2 years and 3 months left on
our contract.
Regards,
Scott Thornley
David Cary Hart
>>
>
> It'll get removed from SORBS automatically if we don't get to it first
> SBC have confirmed rDNS of '.ded.pacbell.net' indicate dedicated links
> to CPEs.
>
Yes but that does not preclude the customer from allocating these IPs as
dynamic to their customers. Customer Premises Equipment would not
*seem* to be definitive.
--
Displayed Email Address is a SPAM TRAP
Our DNSRBL -
Eliminate Spam: http://www.TQMcube.com/spam_trap.php
Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
Zombie Graphs: http://www.TQMcube.com/zombies.php
GeoGraphics: http://www.TQMcube.com/origins.php
Scott Thornley
I've followed through on the suggestion to increase TTL's on all our A
and CNAME records. And the person who set up the account with SBC is
supposedly going to update our whois information, as well as pass the
torch over to me.
By management mandate to conserve $$, we're going to continue with SBC
for the short term. I'll investigate using a low cost proxy server in a
"good neighborhood". However, after writing that last sentence, it
occurs to me that there may be no such thing.
I am also reading the information on rfc-ignorant.org to make sure we
comply as best we can.
And per the suggestion above, will publish my "checklist" when it is
complete.
Regards,
Scott
Hal Murray
>company" pretty much says it all. -Only 2 years and 3 months left on
>our contract.
Anybody know if people have gotten out of long term contracts
because of "damaged goods"?
Does the fine print in the contract say that SBC/PacBell is
OK if they don't work?
--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's. I hate spam.
Dave Platt
Cameron L. Spitzer <spam...@merde.greens.org> wrote:
>Do yourself a big favor. Save time, risk, and money.
>Get your business a second account someplace else, with IPAs
>in a much better network neighborhood.
>Keep the cheap DSL connectivity, but don't
>bother trying to send email from the IPs that came with it
>from SBC. Relay your outbound email through the account
>at the better place.
There's another alternative available.
In many areas, you can sign up with an independent ISP who acts as a
reseller for SBC DSL service. In this arrangement, SBC continues to
provide your low-level DSL connectivity (at the ATM cell level), but
the DSL/ATM cells are routed over SBC's ATM network to the reseller
ISP, at which point they're reconstituted into Ethernet packets and
routed onwards. The ISP provides you with one or more IP addresses
from within their allocation.
I switched my home system over from "native" SBC DSL (with a static,
grandfathered PacBell.NET IP address) to a reseller (LMI.NET in
Berkeley) late in 2004, and I've never been sorry. The connection
seems to be just as robust (SBC does seem to be competent at keeping
the copper and ATM sides of things working), I have a static IP
address in LMI's allocation which has proper reverse DNS, LMI is
distinctly spam-hostile, and I don't have to worry about public or
private blocklists of SBC's IP space. The cost is just about the same
as it was when I was with SBC itself.
--
Dave Platt <dpl...@radagast.org> AE6EO
Hosting the Jade Warrior home page: http://www.radagast.org/jade-warrior
I do _not_ wish to receive unsolicited commercial email, and I will
boycott any company which has the gall to send me such ads!
--
Morely Dotes
> By management mandate to conserve $$, we're going to continue with SBC
> for the short term. I'll investigate using a low cost proxy server in a
> "good neighborhood". However, after writing that last sentence, it
> occurs to me that there may be no such thing.
It depends on the volume of traffic, really. Smarthosting can be fairly
inexpensive for a light outbound load.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
phil-new...@ipal.net
| Thanks for your replies. I was unfortunately expecting something of the
| like, after doing some more reading about other's woes on this list.
|
| Ranger and SORBS admins, if I were to get PTR records that point to
| nlayers.com rather than PAC Bell/SBC for our /26, would that be enough
| to get us off your lists? I know playing whack-a-mole with records is a
| pain in the butt, but this would mean only 3 records for the /24.
|
| Regarding SBC - " We don't care, We don't have to. We're the phone
| company" pretty much says it all. -Only 2 years and 3 months left on
| our contract.
So who is it that didn't do due diligence on the contract? That's something
that should already be done on contracts of any term, with the longer ones
being more important.
A good lawyer may be able to get the contract nullified on the evidence (and
there is a **LOT** of it available, and I'm sure many people here would be
more than happy to supply bunches of it) that SBC failed to provide proper
service that could be described as "access to the entire internet". But such
things can also take a lot of time and frustration. Courts are painfully way
too slow.
A better route might be just sticking with what you have now and using an
outside email hosting provider through whom you can relay your outgoing mail.
Whoever failed to do the due diligence could be asked to cover those costs :)
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
--
nosp...@mytrashmail.com
> So who is it that didn't do due diligence on the contract? That's something
> that should already be done on contracts of any term, with the longer ones
> being more important.
Of people who would get an "business Internet" connection from an
incumbent local exchange carrier, a CATV company or maybe even a Tier 1
provider, how many of them are going to be aware of a need for Due
Diligence?
It is my opinion that the majority of above lack any in-house
Internet expertise;
perhaps they gave the office manager some MCSA courses so s(he can
add/remove new users and mailboxes, taught her or her how to manage the
nightly backup rotation and maybe use the "Ghost" CDs the consultant who
set things up left for them when a PC starts giving too many BSODs.
I think this is a place the mainstream I.T. press have really dropped the
ball on; most of their writers would rather whine about "arbitrary
blacklists" and "brain dead spam filters" rather than educate their
readership about how to use Google, Spamhaus and even SPEWS websites to
check the reputation of the IP addresses they'll be using along with
steps they can take to reduce mail blocking, such as:
o sending important first-contact emails plain text only
o making sure the mail server has proper DNS in both directions that
distinguishes it as other than just another worm-spewing desktop PC
o restricting outside Port 25 LAN connectivity to authorized gateway
servers
And of course providers love to brag in their 4-color bleeds in the above
publications about their fully-meshed, totally redundant, generator-backed
multi-peered terabit-capacity networks and their "Internet-proven" servers
with double-redundant RAID arrays supported by fanatics and
not say a word about what they do to ensure other Internet sites are
willing to accept traffic from them and their customers.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Herb Oxley
From: address IS Valid.
Cameron L. Spitzer
> On Sat, 17 Dec 2005 01:21:39 +0000, Scott Thornley wrote:
>
>> By management mandate to conserve $$, we're going to continue with SBC
>> for the short term. I'll investigate using a low cost proxy server in a
>> "good neighborhood". However, after writing that last sentence, it
>> occurs to me that there may be no such thing.
>
> It depends on the volume of traffic, really. Smarthosting can be fairly
> inexpensive for a light outbound load.
I've been shopping for and buying various Internet services
since 1991, and I don't think I've ever seen anybody
*advertise* smarthosting service. (Except, perhaps, in
a .sig file in a spam newsgroup.) Apparently it's one
of those things the shopkeeper has to hide behind the
counter. I know the going rate for shared and dedicated
Web hosting, but I would have no idea how to shop for smarthosting.
Does anybody advertise it? If so, what do they call it?
And I'll bet all those folks who come here and ask about
it don't know either.
I'd appreciate it if someone who's done it would talk about how.
Cameron
Matthew Sullivan
> In article <pan.2005.12.17....@spamblocked.com>, Morely Dotes wrote:
>
>>On Sat, 17 Dec 2005 01:21:39 +0000, Scott Thornley wrote:
>>
>>
>>>By management mandate to conserve $$, we're going to continue with SBC
>>>for the short term. I'll investigate using a low cost proxy server in a
>>>"good neighborhood". However, after writing that last sentence, it
>>>occurs to me that there may be no such thing.
>>
>>It depends on the volume of traffic, really. Smarthosting can be fairly
>>inexpensive for a light outbound load.
>
>
> I've been shopping for and buying various Internet services
> since 1991, and I don't think I've ever seen anybody
> *advertise* smarthosting service. (Except, perhaps, in
> a .sig file in a spam newsgroup.) Apparently it's one
> of those things the shopkeeper has to hide behind the
> counter. I know the going rate for shared and dedicated
> Web hosting, but I would have no idea how to shop for smarthosting.
> Does anybody advertise it? If so, what do they call it?
> And I'll bet all those folks who come here and ask about
> it don't know either.
> I'd appreciate it if someone who's done it would talk about how.
You know if it wasn't for the fact people would acuse me of underhand
tactics with blocking etc... I'd offer a smarthosting service for people.
/ Mat
phil-new...@ipal.net
| phil-new...@ipal.net wrote:
|
|> So who is it that didn't do due diligence on the contract? That's something
|> that should already be done on contracts of any term, with the longer ones
|> being more important.
|
| Of people who would get an "business Internet" connection from an
| incumbent local exchange carrier, a CATV company or maybe even a Tier 1
| provider, how many of them are going to be aware of a need for Due
| Diligence?
Sadly, very few. That needs to be changed.
| It is my opinion that the majority of above lack any in-house
| Internet expertise;
Which is a major part of the problem.
| perhaps they gave the office manager some MCSA courses so s(he can
| add/remove new users and mailboxes, taught her or her how to manage the
| nightly backup rotation and maybe use the "Ghost" CDs the consultant who
| set things up left for them when a PC starts giving too many BSODs.
Sounds typical.
| I think this is a place the mainstream I.T. press have really dropped the
| ball on; most of their writers would rather whine about "arbitrary
| blacklists" and "brain dead spam filters" rather than educate their
| readership about how to use Google, Spamhaus and even SPEWS websites to
| check the reputation of the IP addresses they'll be using along with
| steps they can take to reduce mail blocking, such as:
That would be a very good approach if the press itself can be educated.
| And of course providers love to brag in their 4-color bleeds in the above
| publications about their fully-meshed, totally redundant, generator-backed
| multi-peered terabit-capacity networks and their "Internet-proven" servers
| with double-redundant RAID arrays supported by fanatics and
| not say a word about what they do to ensure other Internet sites are
| willing to accept traffic from them and their customers.
The quality of their address space.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
--
Morely Dotes
> And of course providers love to brag in their 4-color bleeds in the above
> publications about their fully-meshed, totally redundant, generator-backed
> multi-peered terabit-capacity networks and their "Internet-proven" servers
> with double-redundant RAID arrays supported by fanatics and
> not say a word about what they do to ensure other Internet sites are
> willing to accept traffic from them and their customers.
Which, as a rule, is inversely proportional to the size of the provider.
Cases in point: Comcast, SBC, MCI/UUNET/Wordlcom, Bellglobal, CARI.
In other words, if you want unfettered connectivity, look for:
1. A smaller provider.
2. A provider whose primary servers don't run Microsoft products.
And *then* perform due diligence.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
Sulu
news:slrndq8p4j....@truffula.sj.ca.us:
> In article <pan.2005.12.17....@spamblocked.com>, Morely
> Dotes wrote:
>> On Sat, 17 Dec 2005 01:21:39 +0000, Scott Thornley wrote:
>>
>>> By management mandate to conserve $$, we're going to continue with
>>> SBC for the short term. I'll investigate using a low cost proxy
>>> server in a "good neighborhood". However, after writing that last
>>> sentence, it occurs to me that there may be no such thing.
>>
>> It depends on the volume of traffic, really. Smarthosting can be
>> fairly inexpensive for a light outbound load.
>
> I've been shopping for and buying various Internet services
> since 1991, and I don't think I've ever seen anybody
> *advertise* smarthosting service. (Except, perhaps, in
> a .sig file in a spam newsgroup.) Apparently it's one
> of those things the shopkeeper has to hide behind the
> counter. I know the going rate for shared and dedicated
> Web hosting, but I would have no idea how to shop for smarthosting.
> Does anybody advertise it? If so, what do they call it?
> And I'll bet all those folks who come here and ask about
> it don't know either.
> I'd appreciate it if someone who's done it would talk about how.
>
> Cameron
>
As you asked, but only because you asked
Starting somewhere I know has the service
getting keywords google mail outbound relay (416000 hits[1])
(relay is required to avoid DMA(cough) providers)
On one provider I found said
"Spamming using this service absolutely will not be tolerated, and any
account found to be spamming will be immediately terminated, and
applicable cleanup fees charged as per our Acceptable Use Policy."
I see no mention of warning, so I expect them not to be block listed or
only briefly. If I were looking for a relay that wouldnt get blocked I
would be looking for strong assurances that I would be terminated if I
spammed.
The whiter the hat the better, cost as shown below is probably a marginal
consideration.
To get you in the ball park...
One set of prices I found (that seem to be par for the course)
150 relays per day - $14.95/year
300 relays per day - $26.95/year
450 relays per day - $38.95/year
600 relays per day - $49.95/year
900 relays per day - $79.95/year
1200 relays per day - $107.95/year
1500 relays per day - $139.95/year
2000 relays per day - $179.95/year
[1] The internet is big really big, You just won't believe how
vastly hugely mind-bogglingly big it is. I mean, you may think it's a ...
Malleus Ipe
> In article <pan.2005.12.17....@spamblocked.com>, Morely Dotes wrote:
>
>>On Sat, 17 Dec 2005 01:21:39 +0000, Scott Thornley wrote:
>>
>>
>>>By management mandate to conserve $$, we're going to continue with SBC
>>>for the short term. I'll investigate using a low cost proxy server in a
>>>"good neighborhood". However, after writing that last sentence, it
>>>occurs to me that there may be no such thing.
>>
>>It depends on the volume of traffic, really. Smarthosting can be fairly
>>inexpensive for a light outbound load.
>
>
> I've been shopping for and buying various Internet services
> since 1991, and I don't think I've ever seen anybody
> *advertise* smarthosting service. (Except, perhaps, in
> a .sig file in a spam newsgroup.) Apparently it's one
> of those things the shopkeeper has to hide behind the
> counter. I know the going rate for shared and dedicated
> Web hosting, but I would have no idea how to shop for smarthosting.
> Does anybody advertise it? If so, what do they call it?
> And I'll bet all those folks who come here and ask about
> it don't know either.
> I'd appreciate it if someone who's done it would talk about how.
>
>
> Cameron
>
I think 'advertising' it would attract the wrong type of customers ?
And it's not a market as such.
Not sure about others, but the smarthosting I/we (tinw) do is for
customers we personally know, it's more of a 'service' than a 'product',
meaning it's not something we make money off.
For *real paying* customers 'smarthosting' is already included in the sense
that we are very careful in advising / guiding customers which ISP to choose.
And smarthosting is a temporary thing for most who need it, once they move
from $crappy-blocked-isp to $new-isp smarthosting becomes moot ?
Dunno, my 2 cents.
K
--
*
Authenticity of this posting can no longer be
guaranteed since our finger-plant learned how
to type. . . .
*
Rev. Beergoggles
> You know if it wasn't for the fact people would acuse me of underhand
> tactics with blocking etc... I'd offer a smarthosting service for people.
While on one hand it takes some of the pressure off of spam friendly ISPs,
it also increases operating costs for clients that decide to stay with
smarmy hosting services. However, your correct, running both a RBL and
smarthost service does raise the question of conflict-of-interest.
--
rbg
phil-new...@ipal.net
| Cameron L. Spitzer wrote:
|> In article <pan.2005.12.17....@spamblocked.com>, Morely Dotes wrote:
|>
|>>On Sat, 17 Dec 2005 01:21:39 +0000, Scott Thornley wrote:
|>>
|>>
|>>>By management mandate to conserve $$, we're going to continue with SBC
|>>>for the short term. I'll investigate using a low cost proxy server in a
|>>>"good neighborhood". However, after writing that last sentence, it
|>>>occurs to me that there may be no such thing.
|>>
|>>It depends on the volume of traffic, really. Smarthosting can be fairly
|>>inexpensive for a light outbound load.
|>
|>
|> I've been shopping for and buying various Internet services
|> since 1991, and I don't think I've ever seen anybody
|> *advertise* smarthosting service. (Except, perhaps, in
|> a .sig file in a spam newsgroup.) Apparently it's one
|> of those things the shopkeeper has to hide behind the
|> counter. I know the going rate for shared and dedicated
|> Web hosting, but I would have no idea how to shop for smarthosting.
|> Does anybody advertise it? If so, what do they call it?
|> And I'll bet all those folks who come here and ask about
|> it don't know either.
|> I'd appreciate it if someone who's done it would talk about how.
|
| You know if it wasn't for the fact people would acuse me of underhand
| tactics with blocking etc... I'd offer a smarthosting service for people.
Indeed. That has been a major reason I've held back on it, though in my
case, only for providing advice to "unlist me" type postings found here
(which I frequently also email a copy to the poster). Those who are best
prepared (knowledge, skills, experience, and attitude) to offer such a
service also tend to be those wo offer the best advice, and in some cases
such as Matthew Sullivan, actually run a serious listing service. There
is certainly a more significant issue for the operator of a DNSBL, even
though I would expect such a sevice to be top notch in quality.
There is, of course, an available option for many businesses. Those that
have web hosting needs that exceed their office connectivity (e.g. usually
DSL which is slower in the direction needed to provide good web hosting
capacoty) will likely obtain that hosting offsite. The three most common
ways that is done is shared hosting (specifically managed by that provider)
dedicated hosting (you rent the whole server, but you manage it yourself),
and co-location (build your own server and place it at the provider site).
At least in the latter two of those ways, you can deploy your own smarthost
server right there. In the first of those ways, maybe that hosting provider
can offer it for you.
Those businesses not doing such hosting now may find that this can help
justify that expense.
Still, you do need competent network and systems engineering skills to be
sure you deploy email smarthosting correctly, securely, and reliably. So,
the business doing such would still have to pay someone for something that
most of the people here would generally be well qualified to do (and hence
the same "tooting your own horn" issue, again).
It isn't going to be free. Sadly, too many businesses have been riding on
the back of spam, getting discount rates from providers that are serving
spammers, and see the rise of cost from discount to normal as somehow being
an extra expense to be avoided (at our cost).
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
--
Morely Dotes
> Still, you do need competent network and systems engineering skills to be
> sure you deploy email smarthosting correctly, securely, and reliably
You also need really reliable and aggressive anti-virus software scanning
the relayed email, and killing any malware before it goes beyond the
smarthost.
I have a few smarthosting customers. On average, about 10 percent of their
outboudn mail is either backscatter with malware intact, or outright
malware (I don't really care very much which, it's bad either way).
However, of those running MS Exchange, fully 90 percent (or more) of their
outbound is malware (again, either backscatter or simply the result of
infestations).
In addition to a suite of anti-virus stuff, I have simple filters to kill
the most-obvious backscatter (which reduces CPU overhead rather a lot,
since you don't have to scan what you've alredy silently dropped).
TTBOMK, I'm not relaying anything malicious. Certainly no one has bothered
to tell me if I am.
And since I don't run a public blocklist, I don't feel I'm even in the
"appearance of" conflict-of-interest category.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
phil-new...@ipal.net
| phil-new...@ipal.net wrote in news:do45f...@news1.newsguy.com:
|
|> Still, you do need competent network and systems engineering skills to be
|> sure you deploy email smarthosting correctly, securely, and reliably
|
| You also need really reliable and aggressive anti-virus software scanning
| the relayed email, and killing any malware before it goes beyond the
| smarthost.
I'm definitely opposed to content filtering. I do understand the virus
issue is a bit different, but I'm not convinced that even this is an
appropriate step. Case in point: sending a copy of received malware to
the sending ISP in a complaint.
The principle reason for considering using such scanning would not be to
stop such mail for the sake of stopping it, but rather, to protect your
own network reputation. Thus the perils of offering smarthost service.
I'd definitely specify to customers a specific cost involved per incidence
of malware they try to relay through. A "cost" of their smarthost account
being suspended might be enough to be sure they take necessary steps on
their end.
| I have a few smarthosting customers. On average, about 10 percent of their
| outboudn mail is either backscatter with malware intact, or outright
| malware (I don't really care very much which, it's bad either way).
| However, of those running MS Exchange, fully 90 percent (or more) of their
| outbound is malware (again, either backscatter or simply the result of
| infestations).
You should at least require their inbound be run on or through servers that
at least prevent the backscatter issue. Offer them such a service.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
--
Morely Dotes
> You should at least require their inbound be run on or through servers that
> at least prevent the backscatter issue. Offer them such a service.
Since the vast majority of backscatter *is* malware, that's exactly what
I'm doing.
Feel free to run your own smarthosting service according to your own
rules, of course.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
Sulu
news:pan.2005.12.21....@spamblocked.com:
> On Tue, 20 Dec 2005 20:03:04 +0000, phil-news-nospam wrote:
>
>> You should at least require their inbound be run on or through
>> servers that at least prevent the backscatter issue. Offer them such
>> a service.
>
> Since the vast majority of backscatter *is* malware, that's exactly
> what I'm doing.
>
> Feel free to run your own smarthosting service according to your own
> rules, of course.
>
I would sign up for yours.
If I ran such asystem I would also make it clear I would/could run spam
content filters over the outgoing emails and
either reject them
or store them to a queue (unread by humans)
until the sender and I resolved the issue, by returning them to the
sender, or something else that their understanding of their need for
privacy would allow and I could believe.
ie No emails would leave my server unless I have reason to believe they
are not spam.
In fact I might only content check for spam some streams at some
times... :)
If one with that was available I would sign up for it instead.
Why?
Because
1/. it would give me the strongest assurance of continuity of service.
2/. If my machine ever got compromised the outbound relay would save me
from public embarassment.
axlq
Sulu <Sulu.2...@spamgourmet.com> wrote:
>If I ran such asystem I would also make it clear I would/could run spam
>content filters over the outgoing emails and
>
> either reject them
> or store them to a queue (unread by humans)
>
>until the sender and I resolved the issue, by returning them to the
>sender, or something else that their understanding of their need for
>privacy would allow and I could believe.
Sounds like such a system would not allow anywone to send spam
complaints that include the spam. You could allow these to go out
if they're addressed to 'abuse@...' but many places these days
require complaints sent to a domain contact if the abuse address
doesn't exist.
-A
Morely Dotes
> In article <Xns9734330891C88...@127.0.0.1>,
> Sulu <Sulu.2...@spamgourmet.com> wrote:
>>If I ran such asystem I would also make it clear I would/could run spam
>>content filters over the outgoing emails and
>>
>> either reject them
>> or store them to a queue (unread by humans)
>>
>>until the sender and I resolved the issue, by returning them to the
>>sender, or something else that their understanding of their need for
>>privacy would allow and I could believe.
>
> Sounds like such a system would not allow anywone to send spam
> complaints that include the spam. You could allow these to go out
> if they're addressed to 'abuse@...' but many places these days
> require complaints sent to a domain contact if the abuse address
> doesn't exist.
Obviously I can't speak for anyone else, but I don't think a live virus
should be allowed to go anywhere, once it's detected (with the exception of
sending it to certain virus lab addresses - which, incidentally I have not
exempted, because most of my users have no clue about those).
So, if a smarthosting customer (or even myself) is trying to forward a
virus in a spam complaint, it's not going through unless he deliberately
"breaks" the virus in a way that virus scanners will see as "not a virus."
Other content filtering is largely non-existent, because anything
originating at a known spam-source won't be accepted in the first place.
Why waste CPU cycles on deciding if something is spam, when you've already
decided to accept it? Those that get through usually hit one of my
spamtraps, or one of my users will report them to me, and result in
blocking of the source.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
Seth Breidbart
Morely Dotes <morel...@spamblocked.com> wrote:
>ax...@spamcop.net (axlq) wrote in news:doc8i6$6u6$3...@blue.rahul.net:
>> In article <Xns9734330891C88...@127.0.0.1>,
>> Sulu <Sulu.2...@spamgourmet.com> wrote:
>>>If I ran such asystem I would also make it clear I would/could run spam
>>>content filters over the outgoing emails and
>> Sounds like such a system would not allow anywone to send spam
>> complaints that include the spam. You could allow these to go out
>> if they're addressed to 'abuse@...' but many places these days
>> require complaints sent to a domain contact if the abuse address
>> doesn't exist.
>
>Obviously I can't speak for anyone else, but I don't think a live virus
>should be allowed to go anywhere, once it's detected (with the exception of
>sending it to certain virus lab addresses - which, incidentally I have not
>exempted, because most of my users have no clue about those).
Sure; but that's a small example set.
>Other content filtering is largely non-existent, because anything
>originating at a known spam-source won't be accepted in the first place.
What if someone using the service wanted to complain about blogspam
that he cut & pasted from his blog into the email? The content still
looks like spam.
Seth
Scott Thornley
If you would be so kind as to take a look at this manually (humanly?)
We are not automagically being removed from the SORBS duhl list. I'd do
this via your manual exception page, but our PTR TTL is only 7200 (the
default from SBC) I'll be putting in another change request with SBC to
change the TTL of our PTR record, but this will take a few days, and
the number of blocked emails is increasing.
Regards,
Scott
Morely Dotes
@reader1.panix.com:
>>Other content filtering is largely non-existent, because anything
>>originating at a known spam-source won't be accepted in the first place.
>
> What if someone using the service wanted to complain about blogspam
> that he cut & pasted from his blog into the email? The content still
> looks like spam.
It's not filtered by content. If it's not a virus, it's just email. Period.
My users are capable of running what little rudimentary content filtering
is necessary, *if* they think it's necessary.
I might *visually* mis-identify blogspam sent to me when I read it. The
server doesn't care if it's blogpsam or fake Rolex spam - all the server
wants to know is "is this coming from a blocked IP?" in which case it's not
getting in, or "is this a virus?" in which case it's accepted, and then
dropped on the floor.
In other words, if it's not a virus, it's going to get either a 2xx or a
5xx response. If it *is* a virus, it's being forwarded to Jimmy Hoffa.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
Seth Breidbart
Morely Dotes <morel...@spamblocked.com> wrote:
>se...@panix.com (Seth Breidbart) wrote in news:doclo6$16q$1
>@reader1.panix.com:
>
>>>Other content filtering is largely non-existent, because anything
>>>originating at a known spam-source won't be accepted in the first place.
>>
>> What if someone using the service wanted to complain about blogspam
>> that he cut & pasted from his blog into the email? The content still
>> looks like spam.
>
>It's not filtered by content. If it's not a virus, it's just email. Period.
>My users are capable of running what little rudimentary content filtering
>is necessary, *if* they think it's necessary.
Sorry, I was discussing outgoing email (using your smarthosting
services). Surely you take some precautions against your users
getting infected (say, by visiting a bad web site or something else
you can't prevent) and emitting tons of non-virus spam.
Seth
E-Mail Sent to this address will be added to the BlackLists
> Sounds like such a system would not allow anywone to send
> spam complaints that include the spam. You could allow
> these to go out if they're addressed to 'abuse@...' but
> many places these days require complaints sent to a domain
> contact if the abuse address doesn't exist.
Some recent spam trojans send spam to role accounts (like abuse).
--
E-Mail Sent to this address <Blac...@Griffin-Technologies.net>
will be added to the BlackLists.
Angel
> Obviously I can't speak for anyone else, but I don't think a live virus
> should be allowed to go anywhere, once it's detected (with the exception of
> sending it to certain virus lab addresses - which, incidentally I have not
> exempted, because most of my users have no clue about those).
>
> So, if a smarthosting customer (or even myself) is trying to forward a
> virus in a spam complaint, it's not going through unless he deliberately
> "breaks" the virus in a way that virus scanners will see as "not a virus."
In a case like that, I'd send the virus as an encrypted file, with the
password in the email. That has worked fine in the (very few) times I
had to send a suspect file.
--
Your friendly neighborhood Bastard Operator from Heaven. :-)
I spoke: "Let there be light!"
And behold! As soon as I threw the switch, there was light!
Sulu
> In article <Xns97339FFFBA9A9mo...@216.99.211.247>,
> Morely Dotes <morel...@spamblocked.com> wrote:
>>se...@panix.com (Seth Breidbart) wrote in news:doclo6$16q$1
>>@reader1.panix.com:
>>
>>>>Other content filtering is largely non-existent, because anything
>>>>originating at a known spam-source won't be accepted in the first
>>>>place.
>>>
>>> What if someone using the service wanted to complain about blogspam
>>> that he cut & pasted from his blog into the email? The content
>>> still looks like spam.
>>
>>It's not filtered by content. If it's not a virus, it's just email.
>>Period. My users are capable of running what little rudimentary
>>content filtering is necessary, *if* they think it's necessary.
>
> Sorry, I was discussing outgoing email (using your smarthosting
^^^^^^^^^^^^^
> services). Surely you take some precautions against your users
> getting infected (say, by visiting a bad web site or something else
> you can't prevent) and emitting tons of non-virus spam.
>
> Seth
When I posted higher up the thread so was I
>If I ran such a system I would also make it clear I would/could run spam
>content filters over the *outgoing* emails and
I dont mind where the thread went or goes but I think some ideas crossed
over back there somewhere and some people think other people said things
they didnt YMMV
Anyway I am wiser now, this is good.
Smart Host Version II
If I ran such asystem I would also make it clear I would/could run spam
content filters over the *outgoing* emails blah blah
I do that to protect me, if a legit customer goes spammy, gets bought out
by a spammer, get trojanned, ... I dont want to emit spam from my network
ever. So I Filter outgoing emails etal as before because coming from a
source that used to be clean is no guarantee it still is.
(Philosophical basis: all hats are black except mine)(but I dont have to
be rude or abrasive when I check)
It has been pointed out that spam reports etc. must be allowed out.
Ok various possibilities exist. All the good ones will
allow arbitrary email with arbitrary content (maybe not viri) to
arbitrary destinations, but not be useful to spammers.
Hmmm spammers = bulk LART = rare
use that as adesign basis its robust.
Now I would hire some smart RFC jockey to tell me how.
but crawling out on limb and guessing...
EG say
subject must contain string [xyz mysmarthost_domain_name] real subject
I strip [xyz mysmarthost_domain_name] on the way out and blah blah
god only knows what other RFC trick
There are some old relaying tricks, ... before my time...
source routing...
You can put + in names
XYZ
Email could be sent to Name+T...@specialLartRelay.Mydomain
I store an unread copy (count them/throttle) and send to Name@TrueDest
In event of dipute, I have a copy, I get to be umpire, I get to swing
the clue by 4. :)
The subject one may be crude but effective as its 'end user' easy to
paste a string in the subject. Source routing? might cause a melt down.
I think I like XYZ because anyone who cant do that shouldnt send a LART?
:)
Sulu
Morely Dotes
@reader1.panix.com:
> Sorry, I was discussing outgoing email (using your smarthosting
> services). Surely you take some precautions against your users
> getting infected (say, by visiting a bad web site or something else
> you can't prevent) and emitting tons of non-virus spam.
Other than watching for sudden huge increases in outbound traffic, no. My
"prospective customer vetting procedures" make it redundant.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
Scott Thornley
Dr. King was talking about a much more important topic, but still, I
can't find any better words than "Free at last! Free at last!"
Ok, enough frivolity, on to the next thing that's broken...
Scott
Sulu
> se...@panix.com (Seth Breidbart) wrote in news:dod2nm$ar8$1
> @reader1.panix.com:
>
>> Sorry, I was discussing outgoing email (using your smarthosting
>> services). Surely you take some precautions against your users
>> getting infected (say, by visiting a bad web site or something else
>> you can't prevent) and emitting tons of non-virus spam.
>
> Other than watching for sudden huge increases in outbound traffic, no.
> My "prospective customer vetting procedures" make it redundant.
Im not that good, sooner or later (in my case sooner) I would have a
customer who made a mistake and got owned by a spammer. (yes I see
monitoring,see below)
But as always your box your customers your rules, your risk analysis.
My fantasy, suppostions, conjectures, ... My rules.
I think I am still wet, and I still think the bad guys are way better
than me, I use defense in depth, redundant defence, and I am effectively
protecting nothing much at the moment.
"sudden huge increases" monitoring is good, I would want better but that
is not me making an economic decision about an actual business, so I cant
comment on what my accountant would let me have if I were talking about a
reality.
I see no points where we misunderstand one another....
Sulu
DevilsPGD
<angel...@spamcop.net> wrote:
>On 2005-12-21, Morely Dotes <morel...@spamblocked.com> wrote:
>> Obviously I can't speak for anyone else, but I don't think a live virus
>> should be allowed to go anywhere, once it's detected (with the exception of
>> sending it to certain virus lab addresses - which, incidentally I have not
>> exempted, because most of my users have no clue about those).
>>
>> So, if a smarthosting customer (or even myself) is trying to forward a
>> virus in a spam complaint, it's not going through unless he deliberately
>> "breaks" the virus in a way that virus scanners will see as "not a virus."
>
>In a case like that, I'd send the virus as an encrypted file, with the
>password in the email. That has worked fine in the (very few) times I
>had to send a suspect file.
I don't know about anyone else, but I treat encrypted ZIPs (and other
archives) as infected until shown otherwise, since it is/was a popular
way to bypass virus scanners.
--
It's only funny until somebody gets hurt...
Then it's hilarious.
Seth Breidbart
Morely Dotes <morel...@spamblocked.com> wrote:
>Other than watching for sudden huge increases in outbound traffic, no. My
>"prospective customer vetting procedures" make it redundant.
I would be really interested in learning what procedures can vet
prospective customers to ensure that none of the accepted ones ever
installs a buggy web application or fails to patch an insecure system
prior to the insecurity being found (since the finder might be a bad
guy who produces a -1 day exploit).
Checking traffic volume will at least keep the damage below the radar.
Seth
Morely Dotes
> In article <Xns97345690FAAC6mo...@216.99.211.247>,
> Morely Dotes <morel...@spamblocked.com> wrote:
>
>>Other than watching for sudden huge increases in outbound traffic, no.
>>My "prospective customer vetting procedures" make it redundant.
>
> I would be really interested in learning what procedures can vet
> prospective customers to ensure that none of the accepted ones ever
> installs a buggy web application or fails to patch an insecure system
> prior to the insecurity being found (since the finder might be a bad
> guy who produces a -1 day exploit).
Nothing is ever completely reliable, but I have the luxury of being picky.
If I don't think the prospect can manage his network sufficiently to suit
me, I have the ability to tell them I'd prefer not to be their vendor.
> Checking traffic volume will at least keep the damage below the radar.
Indeed.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Who is Brad Jesness? http://www.wilhelp.com/bj_faq/
To the spammers, my motto: FABRICATI DIEM, PVNC.
--
phil-new...@ipal.net
| Nothing is ever completely reliable, but I have the luxury of being picky.
| If I don't think the prospect can manage his network sufficiently to suit
| me, I have the ability to tell them I'd prefer not to be their vendor.
What about managing their network for them (and for the fee payment)?
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
--
Seth Breidbart
Gary L. Burnore <gbur...@databasix.com> wrote:
>On Wed, 21 Dec 2005 20:58:17 GMT, se...@panix.com (Seth Breidbart)
>wrote:
>>What if someone using the service wanted to complain about blogspam
>>that he cut & pasted from his blog into the email? The content still
>>looks like spam.
>
>Breaking it so it doesn't "look" like a virus would also make it not
>be a virus, no? Ie, breaking up the uuencoded or mime encoded text
>so it couldn't possibly execute?
Sure; that is, it will at worst be an inactive virus (one that takes a
lot of effort on the recipient's part to activate). That's useful for
sending to someone to analyze, but not too dangerous. ROT-13 of
BASE64 works fine here.
But blogspam looks like regular spam (or at least can), and breaking
up URLs to hide them from analyzers might or might not work (and if it
did, spammers would start doing it and then it wouldn't).