Innocent casualty of Spews
Rocco Maglio
our client's mail. At no time have we ever allowed a spammer to reside
on our network.
- March 4, 2003
Our net block 208.254.77.1 - 128 became listed on spews because of
Datastream Group spamming. We contacted UUNET about the spews listing
and were given a new ip range. We migrated to this new ip range (It is
not an easy task to move 15 web servers to a new ip ranges without
incurring any down time).
- June 2, 2003
Our new netblock 65.249.64.129-254 became listed on spews because of
OPTIN-HOST.com. They were spamming on 65.249.64.1-128. We contacted
UUNET and were given a new ip range 65.249.66.1-254. We again migrated
to the new range. This range was not on spews in June. We are listed
as the reverse DNS for this range. At no time since June has spam been
sent out from 65.249.66.1-254.
- Aug 13, 2003
Our netblock 65.249.66.1-254 is listed on spews. The evidence file
says that gettinthewordout.com was spamming from this range. I can
verify that they have not sent a spam from that range since June 2.
What can we do to avoid being listed on spews? There is not a large
co-location facility in our area (UUNET, Exodus) that does not have
difficulty with there clients getting listed on spews. Is it possible
to unblock the range 65.249.66.1-254?
Thank you,
Rocco Maglio
Bill Cole
ro...@dotmarketing.com (Rocco Maglio) wrote:
You need to think about quality, not size, when picking a provider.
there is nothing significant that you can get from a 'big name' like the
bankrupt UUNet or the being-firesold Exodus that a smaller provider
without massive red ink and empty cubicles cannot provide. If you
absolutely must have a high-quality colocation facility in a tight
geographic range, you do indeed limit your options, but for you that
seems like a non-issue. If you can live with a little more physical
distance (say, within the greater Miami area) and can live with the fact
that the companies you find have not been in the financial news as
teetering on the verge of catastrophic collapse, you should find that
you have more options than you seem to think. Frankly, the 'big names'
are very often the lowest quality providers when it comes to maintaining
the trust of other networks, with UUNet and Exodus being 2 of the worst.
You may even want to consider a carrier-neutral data center facility
where you can get connections from multiple providers and not have to
worry about whether a single network is up or down or whether they have
so emasculated their abuse desk that they can't keep a significant
fraction of their colo space off SPEWS for any significant period.
In short: you have more options than you think. Those options may well
cost you more money, but that's a fact of capitalism: better-quality
goods cost more money in a competitive market. You have the experience
of being unable to get acceptable-quality goods from UUNet.
--
Clues for the blacklisted: <http://www.scconsult.com/bill/dnsblhelp.html>
Current Peeve: Challenge/Response users who don't
whitelist people that they send mail to.
Shmuel (Seymour J.) Metz
at 03:04 PM, ro...@dotmarketing.com (Rocco Maglio) said:
>Subject: Innocent casualty of Spews
ITYM Innocent casualty of uunet.
>- Aug 13, 2003
>Our netblock 65.249.66.1-254 is listed on spews.
No. 65.249.62.0 - 65.249.66.255 is listed.
>The evidence file
>says that gettinthewordout.com was spamming from this range. I can
>verify that they have not sent a spam from that range since June 2.
Which range? What is relevant is 65.249.62.0 - 65.249.66.255, which
you don't have the logs for.
>What can we do to avoid being listed on spews?
You aren't listed; uunet is. You can't get uunet delisted; only uunet
can do that.
>There is not a large
>co-location facility in our area (UUNET, Exodus) that does not have
>difficulty with there clients getting listed on spews.
I'm not surprised; you're talking about a slum. Even without SPEWS you
would be at risk of being blocked, simply for being in a uunet IP
block.
>Is it possible to unblock the range 65.249.66.1-254?
Ask uunet; the ball is in their court.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
Any unsolicited bulk E-mail will be subject to legal action. I reserve the
right to publicly post or ridicule any abusive E-mail.
Reply to domain Patriot dot net user shmuel+news to contact me. Do not reply
to spam...@library.lspace.org
p...@icke-reklam.ipsec.nu
Change provider. Havn't you learnt from experience ?
> Thank you,
> Rocco Maglio
--
Peter HÃ¥kanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
adam brower
>
> I work for Dotmarketing. Our company creates web sites. We also host
> our client's mail. At no time have we ever allowed a spammer to reside
> on our network.
>
technically speaking, perhaps. see below.
> - March 4, 2003
> Our net block 208.254.77.1 - 128 became listed on spews because of
> Datastream Group spamming. We contacted UUNET about the spews listing
> and were given a new ip range. We migrated to this new ip range (It is
> not an easy task to move 15 web servers to a new ip ranges without
> incurring any down time).
>
> - June 2, 2003
> Our new netblock 65.249.64.129-254 became listed on spews because of
> OPTIN-HOST.com. They were spamming on 65.249.64.1-128. We contacted
> UUNET and were given a new ip range 65.249.66.1-254. We again migrated
> to the new range. This range was not on spews in June. We are listed
> as the reverse DNS for this range. At no time since June has spam been
> sent out from 65.249.66.1-254.
>
> - Aug 13, 2003
> Our netblock 65.249.66.1-254 is listed on spews. The evidence file
> says that gettinthewordout.com was spamming from this range. I can
> verify that they have not sent a spam from that range since June 2.
>
no. i can verify that they were sending it from
UUNET Technologies, Inc. UUNET1996B (NET-208-192-0-0-1)
208.192.0.0 - 208.255.255.255
I Net Values, Inc UU-208-254-75-192-D4 (NET-208-254-75-192-1)
208.254.75.192 - 208.254.75.255
instead:
http://groups.google.com/groups?selm=aa3c8bfd.0306180836.1bf66883%40posting.google.com
> What can we do to avoid being listed on spews? There is not a large
> co-location facility in our area (UUNET, Exodus) that does not have
> difficulty with there clients getting listed on spews. Is it possible
> to unblock the range 65.249.66.1-254?
>
one thing you can do is stop prevaricating.
; <<>> DiG 8.3 <<>> @ns1.dotmarketing.net OPTIN-HOST.com A +norecur
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63152
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; OPTIN-HOST.com, type = A, class = IN
;; AUTHORITY SECTION:
OPTIN-HOST.com. 19h55m8s IN NS ns1.OPTIN-HOST.com.
OPTIN-HOST.com. 19h55m8s IN NS ns2.OPTIN-HOST.com.
;; ADDITIONAL SECTION:
ns1.OPTIN-HOST.com. 1d17h16m36s IN A 208.254.69.120
ns2.OPTIN-HOST.com. 1d7h14m6s IN A 69.60.10.5
;; WHEN: Wed Aug 13 17:54:27 2003
so it seems you are not an innocent casualty,
but rather a dead soldier.
adam
--
Dr. Anton Squeegee
Maglio says...
> I work for Dotmarketing. Our company creates web sites. We also host
> our client's mail. At no time have we ever allowed a spammer to reside
> on our network.
>
> - March 4, 2003
> Our net block 208.254.77.1 - 128 became listed on spews because of
> Datastream Group spamming. We contacted UUNET about the spews listing
> and were given a new ip range. We migrated to this new ip range (It is
> not an easy task to move 15 web servers to a new ip ranges without
> incurring any down time).
Translation: "Rather than lose revenue by kicking a lucrative
spammer off our network, we simply moved to an unblocked IP range to
evade the well-justified SPEWS listing."
> - June 2, 2003
> Our new netblock 65.249.64.129-254 became listed on spews because of
> OPTIN-HOST.com. They were spamming on 65.249.64.1-128. We contacted
> UUNET and were given a new ip range 65.249.66.1-254. We again migrated
> to the new range. This range was not on spews in June. We are listed
> as the reverse DNS for this range. At no time since June has spam been
> sent out from 65.249.66.1-254.
Translation: "We were blocked again (rightfully so), but we
thought we could ignore the problem and move again."
> - Aug 13, 2003
> Our netblock 65.249.66.1-254 is listed on spews. The evidence file
> says that gettinthewordout.com was spamming from this range. I can
> verify that they have not sent a spam from that range since June 2.
News flash: Whether spam originated from your specific IP space is
101% irrelevant. Ask yourself this question: "Are our customers
spamming, or advertising web sites hosted on our network with spam?"
If the answer is "Yes," then the only way to avoid a SPEWS listing
is to kick said sites or hosting off your network. Period.
In other words: Persistent spammer support services (hosting, mail
support, DNS, ANYthing) is cause for a SPEWS listing. Based on your own
description of your company's behavior, in terms of playing musical
address ranges rather than dealing with your pet spammers, I'd say said
listing is very much deserved.
> What can we do to avoid being listed on spews? There is not a large
> co-location facility in our area (UUNET, Exodus) that does not have
> difficulty with there clients getting listed on spews. Is it possible
> to unblock the range 65.249.66.1-254?
Sure. Kick your spamming customers off. Permanently. Announce that
fact to the newsgroup at large, and politely request that your range(s)
be delisted. SPEWS will probably unblock as soon as you stop supporting
spammers in any way, shape, or form.
I'm not them. Just a happy user of their services.
--
Dr. Anton Squeegee, Director, Dutch Surrealist Plumbing Institute
(Known to some as Bruce Lane, KC7GR)
kyrrin a/t bluefeathertech d-o=t c&o&m
"Quando Omni Flunkus Moritati" (Red Green)
Cliff Heller
> - March 4, 2003
> Our net block 208.254.77.1 - 128 became listed on spews because of
> Datastream Group spamming. We contacted UUNET about the spews listing
> and were given a new ip range.
[snip]
> OPTIN-HOST.com. They were spamming on 65.249.64.1-128. We contacted
> UUNET and were given a new ip range 65.249.66.1-254.
[snip]
> - Aug 13, 2003
> Our netblock 65.249.66.1-254 is listed on spews. The evidence file
> says that gettinthewordout.com was spamming from this range. I can
> verify that they have not sent a spam from that range since June 2.
You are victim of UUNET, not of spews.
It should be clear that UUNET doesn't care that it has spamming
customers, or that it's blocks are being listed in SPEWS as a result.
They are willing to inconvenience you (while still taking your money)
because they care more about the spammers money than yours.
SPEWS is just responding to the spam problem.
UUNET is the one doing you harm. Simply shuffling you from one ip range
to another is an inadequate solution for you. Did you demand that they
give you an iprange with a guarantee that it wont ever be listed in
SPEWS? Did you demand compensation from them for the trouble they are
causing you? Did you demand that they remove spammers from their
network?
--
"Letters may be used to construct words, phrases and sentences that may be
deemed offensive."
-Warning label on children's alphabet blocks
Rocco Maglio
casulty of spews either Dotmarketing (The company I work for) is a
spammer or we should switch hosting providers. I would like to respond
to each of these answers.
Dotmarketing does not spam and we do not allow our customers to spam.
We build java/.net based web applications for Fortune 10,000
companies. The people that were spamming are not our customers. They
are UUNETs customers and happen to have been near our ip ranges. Any
customer of ours is informed that if they spam their hosting contract
will be terminated. We cannot afford to be listed on spews it cost us
about $10,000 to migrate to a new ip range.
Switching to a small hosting provider is not an option either. We
require two racks with 24 hour monitoring and a high bandwidth
connection to the Internet. When a large company (GAP, IVAX
Pharmaceutical, etc) is trying to decide if you will host their java
based web applications, they have to have heard your hosting provider.
In Miami there are only two co-location facilities that meet our
requirements (Exodus and UUNET). Both of these co-location facilities
have large netblocks listed on spews.
"Dr. Anton Squeegee" <Spammers...@dev.null> wrote in message news:<MPG.19a485aa7...@192.168.42.131>...
Jim Seymour
ro...@dotmarketing.com (Rocco Maglio) writes:
[snip]
> The people that were spamming are not our customers. They
> are UUNETs customers and happen to have been near our ip ranges.
>
"Near?" As adam asked, what's this, Rocco?
$ dig @65.249.66.1 IMAILBROADCAST.COM +norecur
; <<>> DiG 2.0 <<>> @65.249.66.1 IMAILBROADCAST.COM any +norecur
;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 10
;; flags: qr ra ; Ques: 1, Ans: 2, Auth: 2, Addit: 2
;; QUESTIONS:
;; IMAILBROADCAST.COM, type = ANY, class = IN
;; ANSWERS:
IMAILBROADCAST.COM. 149709 NS ns1.optin-host.COM.
IMAILBROADCAST.COM. 149709 NS ns2.optin-host.COM.
;; AUTHORITY RECORDS:
IMAILBROADCAST.COM. 149709 NS ns1.optin-host.COM.
IMAILBROADCAST.COM. 149709 NS ns2.optin-host.COM.
;; ADDITIONAL RECORDS:
ns1.optin-host.COM. 149709 A 208.254.69.120
ns2.optin-host.COM. 113559 A 69.60.10.5
How is it that authoritative answers for optin-host.com ended-up
on *your* DNS server?
Or maybe adam and I are confused?
--
Jim Seymour | "Some of the lies are so strange it
jsey...@LinxNet.com | makes you wonder about the spammer's
LinxNet Spam Files: | sanity."
http://www.LinxNet.com/misc/spam | - Ed Foster, "The Gripe Line" 6/24/02
Cliff Heller
> In Miami there are only two co-location facilities that meet our
> requirements (Exodus and UUNET). Both of these co-location facilities
> have large netblocks listed on spews.
Guess, you'll have to get them to stop providing spam support services
then or remain in spews.
Mike Andrews
> I have recieved two basic answers to my post about being an innocent
> casulty of spews either Dotmarketing (The company I work for) is a
> spammer or we should switch hosting providers. I would like to respond
> to each of these answers.
> Dotmarketing does not spam and we do not allow our customers to spam.
> We build java/.net based web applications for Fortune 10,000
> companies. The people that were spamming are not our customers. They
> are UUNETs customers and happen to have been near our ip ranges. Any
> customer of ours is informed that if they spam their hosting contract
> will be terminated. We cannot afford to be listed on spews it cost us
> about $10,000 to migrate to a new ip range.
> Switching to a small hosting provider is not an option either. We
> require two racks with 24 hour monitoring and a high bandwidth
> connection to the Internet. When a large company (GAP, IVAX
> Pharmaceutical, etc) is trying to decide if you will host their java
> based web applications, they have to have heard your hosting provider.
> In Miami there are only two co-location facilities that meet our
> requirements (Exodus and UUNET). Both of these co-location facilities
> have large netblocks listed on spews.
SO what's keeping you from using the co-lo facility in Miami *and*
smarthosting your outbound mail somewhere cleaner? Nothing says you
have use to send your mail from UU or Exodus netspace, AFAICS.
It would be better, IMHO, if you could avoid using UU or Exodus
facilities altogether. As things stand, could you possibly just
use them for transit to equipment located elsewhere?
--
Mike Andrews
mi...@mikea.ath.cx
Tired old sysadmin since 1964
Yippee
15:04:44 GMT and decided it was time to write:
>I work for Dotmarketing. Our company creates web sites. We also host
>our client's mail. At no time have we ever allowed a spammer to reside
>on our network.
Good for you.
>- March 4, 2003
>Our net block 208.254.77.1 - 128 became listed on spews because of
>Datastream Group spamming.
Let's get one thing straight: that isn't your netblock - it's UUnet's
and UUnet is listed for spam support.
>We contacted UUNET about the spews listing
>and were given a new ip range. We migrated to this new ip range (It is
>not an easy task to move 15 web servers to a new ip ranges without
>incurring any down time).
So clearly, your ISP UUnet decided they wanted to keep the spammer and
move you around. This was your first warning. From this point onwards,
you were no longer innocent.
>- June 2, 2003
>Our new netblock 65.249.64.129-254 became listed on spews
Again: that isn't your netblock - it's UUnet's and UUnet is listed for
spam support.
>because of
>OPTIN-HOST.com. They were spamming on 65.249.64.1-128. We contacted
>UUNET and were given a new ip range 65.249.66.1-254. We again migrated
>to the new range. This range was not on spews in June. We are listed
>as the reverse DNS for this range. At no time since June has spam been
>sent out from 65.249.66.1-254.
So what did this tell you? Did you not begin to wonder *why* UUnet was
doing nothing about its spamming parasites, but was moving you around
instead?
>- Aug 13, 2003
>Our netblock 65.249.66.1-254 is listed on spews.
That isn't your netblock, either - it's UUnet's and UUnet is listed for
spam support.
>The evidence file
>says that gettinthewordout.com was spamming from this range. I can
>verify that they have not sent a spam from that range since June 2.
*If* that is true and remains true, and UUnet has done nothing to remove
the spammer from its network, the listing will age off. This'll take
time and only SPEWS knows how long.
>What can we do to avoid being listed on spews?
You have several options:
1. As a paying customer, lean on UUnet hard enough to become a
responsible and trustworthy ISP, kick its spammers off its network and
report the kills in news:news.admin.net-abuse.e-mail
Unfortunately, it's more likely hell will freeze over next week and pigs
will fly to the moon tomorrow, so it's not really the best option.
2. Use another network, owned by a more responsible and trustworthy ISP,
to send out your e-mail - deduct the costs from your UUNet bill.
3. Leave UUNet as fast as you can.
The last option is probably the best one, especially in the long term.
UUnet has known for a long time that its network is infested with
spamming parasites and it refuses to do something about it. Therefore,
UUnet has become an untrustworthy entity and its packets are dropped by
more and more ISP's and internet users. If nothing changes in UUNet's
attitude, the situation is likely to get much worse.
>There is not a large
>co-location facility in our area (UUNET, Exodus) that does not have
>difficulty with there clients getting listed on spews.
That's a pity, but it has never been a reason for SPEWS to reconsider
its policies. As a happy SPEWS user, I would be disappointed if it were.
I don't want *any* e-mail from UUnet netblocks for as long as they are
spam supporters.
>Is it possible to unblock the range 65.249.66.1-254?
I'm not SPEWS, but as far as I can tell: no.
--
Y.
McWebber
news:313f98de.03081...@posting.google.com...
> I work for Dotmarketing. Our company creates web sites. We also host
> our client's mail. At no time have we ever allowed a spammer to reside
> on our network.
>
> - March 4, 2003
> Our net block 208.254.77.1 - 128 became listed on spews because of
> Datastream Group spamming. We contacted UUNET about the spews listing
> and were given a new ip range. We migrated to this new ip range (It is
> not an easy task to move 15 web servers to a new ip ranges without
> incurring any down time).
Did you think about moving off of UUnet?
>
> - June 2, 2003
> Our new netblock 65.249.64.129-254 became listed on spews because of
> OPTIN-HOST.com. They were spamming on 65.249.64.1-128. We contacted
> UUNET and were given a new ip range 65.249.66.1-254.
I see a big clue in the past two events.
> We again migrated
> to the new range. This range was not on spews in June. We are listed
> as the reverse DNS for this range. At no time since June has spam been
> sent out from 65.249.66.1-254.
Who said any spam was sent from that range? Doesn't UUnet/MCI still own
those IPs?
>
> - Aug 13, 2003
> Our netblock 65.249.66.1-254 is listed on spews. The evidence file
> says that gettinthewordout.com was spamming from this range. I can
> verify that they have not sent a spam from that range since June 2.
Can you guarantee they won't?
>
> What can we do to avoid being listed on spews?
Get off of UUnet might be a good start according to your pervious
experience.
> There is not a large
> co-location facility in our area (UUNET, Exodus) that does not have
> difficulty with there clients getting listed on spews.
Who is your local telco? Don't they offer any of these services? But, nobody
who uses SPEWS will probably care because it's your problem to solve. You
happen to be in a part of FL infested with spammers. I'm sure there are
alternatives for connection. It may not be the best price, but that's the
cost of doing business.
> Is it possible
> to unblock the range 65.249.66.1-254?
It's possible, but I wouldn't expect it to happen. Especially as those IPs
aren't even swipped to you and as you indicated you have changed ranges
three times. Next week those IPs could be in the hands of spammers. rDNS
doesn't mean much. Get your own ARIN allocation.
--
McWebber
No email replies read
If someone tells you to forward an email to all your friends
please forget that I'm your friend.
ru.ig...@usask.ca
>We cannot afford to be listed on spews it cost us
>about $10,000 to migrate to a new ip range.
Well, you have a bigger problem than you think. SPEWS is not
really who you should be talking to. Here is the scale of your
problem. SPEWS only generates a list of what it thinks are spammers
OR spam friendly ISPs. Up to that point, there's no effect on
anyone because a list is simply a file or set of files. What
happens next is that a WHOLE BUNCH of ISPs have decided they LIKE
the SPEWS list and have decided OF THEIR OWN VOLITION to use it.
These ISPs are your customers' IT departments. Why do they like
it? Because they find UUNET (among others) to be a haven for
spammers, so they WANT to block the ranges that SPEWS SUGGESTS.
Note, I said "suggests", because individual ISPs that use SPEWS
don't have to use SPEWS (it takes some work to use it), and also
have the option to allow traffic through despite SPEWS listings.
So, instead of blaming SPEWs, you should be talking to UUNET to
convince them to remove spammers (after all, they are the actual
source of your problem), or to your customers' IT dept to convince
them to open a hole in their spamblocks for you (after all, they
are the ones doing the blocking).
ru
Richard Johnson
ro...@dotmarketing.com (Rocco Maglio) wrote:
> Dotmarketing does not spam and we do not allow our customers to spam.
> We build java/.net based web applications for Fortune 10,000
> companies. The people that were spamming are not our customers.
Yet, as adam brower pointed out, and I have confirmed [1], your servers
provide authoritative DNS for optin-host.com.
So, if spammer optin-host.com/unsubscribe-server.com is not your
customer, would they then be one of your own trade names?
Richard
-------
% dig any +norecursive optin-host.com @ns1.dotmarketing.net
; <<>> DiG 9.2.2 <<>> any +norecursive optin-host.com
@ns1.dotmarketing.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48223
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;optin-host.com. IN ANY
;; ANSWER SECTION:
optin-host.com. 172775 IN NS ns1.optin-host.com.
optin-host.com. 172775 IN NS ns2.optin-host.com.
;; AUTHORITY SECTION:
optin-host.com. 172775 IN NS ns1.optin-host.com.
optin-host.com. 172775 IN NS ns2.optin-host.com.
;; ADDITIONAL SECTION:
ns1.optin-host.com. 172775 IN A 208.254.69.130
ns2.optin-host.com. 172775 IN A 69.60.10.5
;; Query time: 134 msec
;; SERVER: 65.249.66.1#53(ns1.dotmarketing.net)
;; WHEN: Thu Aug 14 16:29:41 2003
;; MSG SIZE rcvd: 128
% dig a +norecursive optin-host.com @ns1.dotmarketing.net
; <<>> DiG 9.2.2 <<>> a +norecursive optin-host.com @ns1.dotmarketing.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38450
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;optin-host.com. IN A
;; ANSWER SECTION:
optin-host.com. 3600 IN A 208.254.69.131
;; Query time: 131 msec
;; SERVER: 65.249.66.1#53(ns1.dotmarketing.net)
;; WHEN: Thu Aug 14 16:30:05 2003
;; MSG SIZE rcvd: 48
% dig mx +norecursive optin-host.com @ns1.dotmarketing.net
; <<>> DiG 9.2.2 <<>> mx +norecursive optin-host.com
@ns1.dotmarketing.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13798
;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; QUESTION SECTION:
;optin-host.com. IN MX
;; ANSWER SECTION:
optin-host.com. 3478 IN MX 10 mail.optin-host.com.
;; AUTHORITY SECTION:
optin-host.com. 172620 IN NS ns1.optin-host.com.
optin-host.com. 172620 IN NS ns2.optin-host.com.
;; ADDITIONAL SECTION:
mail.optin-host.com. 3478 IN A 208.254.69.131
ns1.optin-host.com. 172620 IN A 208.254.69.130
ns2.optin-host.com. 172620 IN A 69.60.10.5
;; Query time: 133 msec
;; SERVER: 65.249.66.1#53(ns1.dotmarketing.net)
;; WHEN: Thu Aug 14 16:32:16 2003
;; MSG SIZE rcvd: 137
--
To reply via email, make sure you don't enter the whirlpool on river left.
My mailbox. My property. My personal space. My rules. Deal with it.
http://www.river.com/users/share/cluetrain/
axlq
In article <313f98de.03081...@posting.google.com>,
Rocco Maglio <ro...@dotmarketing.com> wrote:
>I have recieved two basic answers to my post about being an innocent
No, actually you've received one pertinent question, which you have
not answered:
Why is *your* nameserver the one that gives authorative answers for
the spammer optin-host.com?
Looks from here like your SPEWS listing isn't due to spammers near
your IP space, but spammers directly associated with your IP space.
See the reply from adam in this thread.
-A
[posted and emailed]
PSCHROEBEL
If Spews ever gets around to delisting our space, I will be glad to
host your servers but, getting de-listed isn't an easy thing to do and
. . . no spamming please.
-Peter
Niko Mikkanen
> spammers, so they WANT to block the ranges that SPEWS SUGGESTS.
> Note, I said "suggests", because individual ISPs that use SPEWS
> don't have to use SPEWS (it takes some work to use it), and also
> have the option to allow traffic through despite SPEWS listings.
> ru
One (imho) important addition to that: There's nothing that says people
have to use the SPEWS list as given. Nothing prevents people who
download the list from adding or removing IPs and IP ranges from their
version of the list as they see fit.
After the initial "moving costs us thousands" reaction, how about trying
to talk to people who are bouncing your email due to SPEWS listing? If
they whitelist you, fine and dandy. If they don't, well, I guess there's
a message for you in it somewhere...
GNiko
Rob Skinner
wrote:
>One (imho) important addition to that: There's nothing that says people
>have to use the SPEWS list as given.
Where does one FIND the SPEWS list? I'm using another list right now,
but SPEWS seems to be the standard.
Thanks for any advice
McWebber
news:fbadc3ce.03081...@posting.google.com...
> >
> > >
>
>
> host your servers but, getting de-listed isn't an easy thing to do and
> . . . no spamming please.
>
Since you replied to me....
No thanks. I have a host and it's not UUnet.
If you meant to reply to the poster I was replying to.. You might try that.
Rocco Maglio
Dotmarketing has the range 65.249.66.1-254. No where in your dig (name
lookup) does this range appear. How can you claim to have confirmed
that Dotmarketing provides the DNS for optin-host.com. If we were
providing their DNS you would see 65.249.66.1 as one of their DNS
servers. This is not the case
They are not our customer!!!
Richard Johnson <rn...@whirlpool.river.com> wrote in message news:<bhh2os$r...@library1.airnews.net>...
Rocco Maglio
Optin-host.com preceeded us on that ip range and followed the
convention of having their name server on the first ip of their range.
Their nameservers are listed below. They no long list
ns1.optin-host.com as 65.249.66.1, it is now at 208.254.69.130.
; <<>> DiG 9.2.1 <<>> optin-host.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32396
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;optin-host.com. IN A
;; ANSWER SECTION:
optin-host.com. 3586 IN A 208.254.69.131
;; AUTHORITY SECTION:
optin-host.com. 71260 IN NS ns1.optin-host.com.
optin-host.com. 71260 IN NS ns2.optin-host.com.
;; ADDITIONAL SECTION:
ns1.optin-host.com. 172786 IN A 208.254.69.130
ns2.optin-host.com. 172786 IN A 69.60.10.5
;; Query time: 40 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Aug 15 09:17:25 2003
;; MSG SIZE rcvd: 116
ax...@spamcop.net (axlq) wrote in message news:<bhh7gj$o2a$2...@blue.rahul.net>...
Jim Seymour
ro...@dotmarketing.com (Rocco Maglio) writes:
> Richard you did the dig (name lookup) yourself for optin-host.com.
> Dotmarketing has the range 65.249.66.1-254. No where in your dig (name
> lookup) does this range appear.
Argggg! Rocco, I owe you an apology. I did the same thing:
; <<>> DiG 2.0 <<>> @65.249.66.1 IMAILBROADCAST.COM any +norecur
;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 10
;; flags: qr ra ; Ques: 1, Ans: 2, Auth: 2, Addit: 2
;; QUESTIONS:
;; IMAILBROADCAST.COM, type = ANY, class = IN
;; ANSWERS:
IMAILBROADCAST.COM. 149709 NS ns1.optin-host.COM.
IMAILBROADCAST.COM. 149709 NS ns2.optin-host.COM.
;; AUTHORITY RECORDS:
IMAILBROADCAST.COM. 149709 NS ns1.optin-host.COM.
IMAILBROADCAST.COM. 149709 NS ns2.optin-host.COM.
;; ADDITIONAL RECORDS:
ns1.optin-host.COM. 149709 A 208.254.69.120
ns2.optin-host.COM. 113559 A 69.60.10.5
Then turned around and asked you "How is it that authoritative
answers for optin-host.com ended-up on *your* DNS server? Or maybe
adam and I are confused?"
We *were* confused :(.
There's no "aa" flag (authoritative answer) on that result. Thus:
that nameserver is *not* authoritative for optin-host.com. My bad.
What's happened is that somebody, at some time, queried your
nameserver for optin-host.com, it went out and got the answer, and
cached it. Subsequent queries, even queries with "no recursion"
turned on, returned the cached answer.
*I* know better, dammit. A newbie mistake for which I apologize
profusely.
Rocco, you might wish to reconfigure your nameservers to deny
recursive queries by hosts outside of your network for zones not
yours. Admittedly this was not *your* fault. Clearly the fault is
with those of us who stupidly mis-read the dig results. But denying
recursive queries for zones not your own to those outside of your own
networks might prevent future such newbie mistakes resulting in you
again being wrongly accused.
Again: My sincere apologies for accusing you wrongly! And to those
whom my comments misled.
Mike Andrews
> Thanks for any advice
<http://www.spews.org> for a start.
Look at the links under "Using SPEWS".
--
VBScript is designed to be a secure programming environment. It
lacks various commands that can be potentially damaging if used in
a malicious manner. This added security is critical in enterprise
solutions. -- support.microsoft.com
E-Mail Sent to this address will be added to the BlackLists
via Web:
www.spews.org/ask.cgi?x=
via DNS:
spews.relays.osirusoft.com
spews.bl.reynolds.net.au
l1.spews.dnsbl.sorbs.net
l2.spews.dnsbl.sorbs.net
via Downloadable Zone Files:
www.spews.org/spews_list_level1.txt
www.spews.org/spews_list_level2.txt
mirror.bliab.com/spews/SPEWS.bz2
mirror.bliab.com/spews/SPEWS2.bz2
spfilter.openrbl.org/data/spews/SPEWS.cidr.bz2
spfilter.openrbl.org/data/spews/SPEWS2.cidr.bz2
spfilter.sourceforge.net/data/spews/SPEWS.cidr.bz2
spfilter.sourceforge.net/data/spews/SPEWS2.cidr.bz2
treehouse.dyndns.org/spamhaus/reports/spews_list_level1.txt
treehouse.dyndns.org/spamhaus/reports/spews_list_level2.txt
Rocco Maglio
we still have two more years in our contract. No where in the contract
is there a clause
that lets us out if UUNET is on SPEWS. SPEWS was not an issue at the
time when the contract was written.
We have complained to UUNET on many occasions about the difficulty of
being listed on SPEWS and being force to change IP Ranges. UUNET is a
multinational company and we do not get a chance to talk to decision
makers, but we are complaining to our contacts. Changing IP ranges is
the only remedy that we have been able to get to solve the issue of
being listed on spews.
If SPEWS was to list all of UUNET in its block list few people would
use SPEWS, since UUNET supplies internet connectivity to large amounts
of the Internet. SPEWS should to be careful to only add ranges that
are spamming to their list or their list will become irrelavent, since
large amounts of non-spam mail will also get blocked.
Rocco
schro...@aol.com (PSCHROEBEL) wrote in message news:<fbadc3ce.03081...@posting.google.com>...
Mike Andrews
> If Dotmarketing wanted to leave UUNET, we would not be allowed since
> we still have two more years in our contract. No where in the contract
> is there a clause
> that lets us out if UUNET is on SPEWS. SPEWS was not an issue at the
> time when the contract was written.
Spam has been an issue for altogether too long a time, and UUNet's
role as a spam-tolerant provider has been documented over and over
in publicly-available repositories. Your failure to exercise proper
diligence in your selection of a provider rests solely with you.
> We have complained to UUNET on many occasions about the difficulty of
> being listed on SPEWS and being force to change IP Ranges. UUNET is a
> multinational company and we do not get a chance to talk to decision
> makers, but we are complaining to our contacts. Changing IP ranges is
> the only remedy that we have been able to get to solve the issue of
> being listed on spews.
Then you missed a good one: get some other (clean, and likely to stay
that way) provider to smarthost your outbound mail. Depending on the
volume, it could cost you from under US$100 to some thousands per
month but it's probably not going to be a major line item, and your
mail *will* get out that way.
Choose wisely.
> If SPEWS was to list all of UUNET in its block list few people would
> use SPEWS, since UUNET supplies internet connectivity to large amounts
> of the Internet. SPEWS should to be careful to only add ranges that
> are spamming to their list or their list will become irrelavent, since
> large amounts of non-spam mail will also get blocked.
Your opinion is noted. SPEWS will do what SPEWS sees fit to do, I
expect. If you're attempting to _instruct_ SPEWS, then I think you
are barking up the wrong tree at best. If all of UUNet winds up in
SPEWS, then I expect people will find ways around UUNet. The Internet
was designed with the idea of routing around damage.
The way things are going, I won't be surprised if UUNet tanks utterly
in any event, and we wind up having to pass packets around the gap
where it was. No great loss, but perhaps a temporary inconvenience.
Jim Seymour
>
> If SPEWS was to list all of UUNET in its block list few people would
> use SPEWS, since UUNET supplies internet connectivity to large amounts
> of the Internet.
Ah, the old "UUNET is too big to block" argument :). No doubt
there's *some* truth to that. But it's not absolute. I have several
rather large-ish chunks of UUNET space locally listed. Oddly enough,
as luck would have it, I've never received a single complaint about
legitimate email being rejected as a result of those listings. But I
do reject spam on a daily basis as a result of them.
> SPEWS should to be careful to only add ranges that
> are spamming to their list or their list will become irrelavent, since
> large amounts of non-spam mail will also get blocked.
[snip]
>
Maybe so. SPEWS' information *says* the list is for their own use,
and they're sharing it as a service to the Internet community. If,
*if*, that's true: Perhaps they don't care whether they become
"irrelevant" (to other mail admins) or not? I know I wouldn't care.
Keep in mind that a SPEWS listing isn't an absolute thing, either. A
site may wish to whitelist IP addresses or IP ranges within a
SPEWS-listed netblock. In such a case: A SPEWS-listed netblock could
be looked at as "blocks from which that which is not explicitly
allowed is denied." This appears to be an increasingly common
stance.
Not long ago, an Internet colleague pointed out to me that, by my
blocklisting big chunks of UUNET, I was effectively blocking big
chunks of the 'net, as so much of the 'net is UUNET space. My
response (paraphrased): "Yeah, so?"
Obviously *I* do not think UUNET "too big to block."
It is a sad thing to see what's become of the UUNET I knew when I was
a UUNET customer, long ago :(.
Murray Watson
<313f98de.0308...@posting.google.com>, on Fri, 15 Aug 2003
16:13:46 GMT, Rocco Maglio says...
> If Dotmarketing wanted to leave UUNET, we would not be allowed since
> we still have two more years in our contract. No where in the contract
> is there a clause
> that lets us out if UUNET is on SPEWS. SPEWS was not an issue at the
> time when the contract was written.
That leaves you with a quandary, stay with uunet and suffer the fate
they offer or break the contract and see where that goes.
> We have complained to UUNET on many occasions about the difficulty of
> being listed on SPEWS and being force to change IP Ranges. UUNET is a
> multinational company and we do not get a chance to talk to decision
> makers, but we are complaining to our contacts. Changing IP ranges is
> the only remedy that we have been able to get to solve the issue of
> being listed on spews.
That is an alternative, make uunet amend the contract so that this
will be your last move within uunet. In effect if they put you in a
listed block or a block is subsequently listed, the contract is
voided.
> If SPEWS was to list all of UUNET in its block list few people would
> use SPEWS, since UUNET supplies internet connectivity to large amounts
> of the Internet. SPEWS should to be careful to only add ranges that
> are spamming to their list or their list will become irrelavent, since
> large amounts of non-spam mail will also get blocked.
>
> Rocco
The indications are that initially Spews does list only spamming IPs,
it's when complaints about the spamming are being ignored by the
provider that the listing seems to expand and seems to continue
expanding until the provider recognizes the problem with their
customer that the rest of the Internet is experiencing.
It would appear that many providers, uunet being one of the larger is
content with ignoring the rest of the Internet, maybe it's their size
that makes them arrogant, irregardless, they don't seem to listen to
anyone's complaints. It appears that the only way to get their ear
is through their customers.
The systems that use Spews are or should be well aware of the way
Spews operate, if those systems did not accept Spews methodology, it
doesn't make sense that they would continue using it.
It's not Spews that blocking your blocks, it's the systems that have
accepted the way Spews works that are blocking uunet. This is they
way it's been for years, uunet knows this and they could care less
about the problems it's bad customers cause it's good customers,
otherwise they would act in a timely fashion on the complaints about
their bad customers.
--
About the only thing 'we' can do to a spammer, is ignore their email.
And if the spammers ISP doesn't wake up, we can ignore their email
too. We are simply sticking our network fingers in our network ears
and closing our network eyes, and humming.
WireGuy13 - 15 Dec 2002 21:35:35 GMT
McWebber
> Changing IP ranges
is
> the only remedy that we have been able to get to solve the issue of
> being listed on spews.
>
No, it's not.
The previous replies gave you other options, IIRC, such as using another
server for sending your email.
Yippee
16:13:46 GMT and decided it was time to write:
>If Dotmarketing wanted to leave UUNET, we would not be allowed since
>we still have two more years in our contract. No where in the contract
>is there a clause
>that lets us out if UUNET is on SPEWS. SPEWS was not an issue at the
>time when the contract was written.
I'm sure your contract with UUnet does not forbid you to start doing
business with other, more responsible ISP's today, if you want to. The
fact that you tied yourself *financially* to UUnet by signing such a
long contract is irrelevant to SPEWS and its users. If you really want
to reach SPEWS users, there are other ways.
>We have complained to UUNET on many occasions about the difficulty of
>being listed on SPEWS and being force to change IP Ranges. UUNET is a
>multinational company and we do not get a chance to talk to decision
>makers, but we are complaining to our contacts. Changing IP ranges is
>the only remedy that we have been able to get to solve the issue of
>being listed on spews.
Well, then it seems you're doomed to play musical IP's for the next few
years. Unless UUnet decides to become a reponsible and trustworthy
entity and kick its spamming parasites of its network, of course. From
what I've seen in the past, such action from UUnet would quickly lift
the SPEWS listing and make UUnet's non-spamming customers very happy.
>If SPEWS was to list all of UUNET in its block list few people would
>use SPEWS, since UUNET supplies internet connectivity to large amounts
>of the Internet. SPEWS should to be careful to only add ranges that
>are spamming to their list or their list will become irrelavent, since
>large amounts of non-spam mail will also get blocked.
I can't speak for other SPEWS users, but I for one would not mind at all
if SPEWS listed all UUnet IP space today. And Verio, and Level3, and
many more. I don't want *any* e-mail sent from networks operated by
spam-friendly ISP's. If any customers of spam-friendly ISP's want to get
in touch with me by e-mail, they better use a responsible and
trustworthy ISP for that. If they don't, for whatever reason, I'm not
interested.
--
Y. - not SPEWS.
Rocco Maglio
at our name server will respond. We are not providing DNS for
yahoo.com. For some reason the version of bind we are running does not
seem to respond to the no recursive option.
dig any +norecursive yahoo.com @ns1.dotmarketing.net
Richard Johnson <rn...@whirlpool.river.com> wrote in message news:<bhh2os$r...@library1.airnews.net>...
ru.ig...@usask.ca
>If SPEWS was to list all of UUNET in its block list few people would
>use SPEWS, since UUNET supplies internet connectivity to large amounts
>of the Internet. SPEWS should to be careful to only add ranges that
>are spamming to their list or their list will become irrelavent, since
>large amounts of non-spam mail will also get blocked.
Although the scale isn't not sufficiently similar enough, I believe
UUNET was once UDP'd (or nearly so). UDP = "Usenet Death Penalty"
in which a large number of news servers blocked all news messages
coming from UUNET (in this case). It made the news, and UUNET
changed some of its practices so that the UDP would be lifted.
Now, if UUNET responded to threats of a cutoff of a small aspect
of their service, one might think that a similar threat to a huge
aspect of their service would be taken just as seriously. The
question is, with something as ubiquitous as e-mail, would other
ISPs be willing to do the same. I suspect many SPEWS users would
be.
ru
Bill Cole
Rob Skinner <noemail-u...@rustyiron.com> wrote:
There is no standard. Maybe there was a quasi-standard back when MAPS
was running lists that were free and useful, but that's been a couple of
years.
SPEWS is the noisiest blacklist because they provide no means of direct
contact but instead suggest that listees discuss listing issues in
public fora, and because they list a lot of network space that never has
sent any spam at all but does handle some legitimate mail. In addition,
their rationale for listing is not always clear to many of the people
who end up in listed spce. All of this adds up to a lot of very public
complaints about SPEWS, and a significant amount of response to those
complaints, both defensive and explanatory.
Other lists (such as the SBL, CBL and OPM) in my experience catch more
spam than SPEWS and do so with far less rejection of legitimate mail.
In addition, if you are using a good mail server, you are not limited to
just one DNSBL. If you really want to use SPEWS, you should be able to
do so without giving up whatever other blacklist you are using.
--
Clues for the blacklisted: <http://www.scconsult.com/bill/dnsblhelp.html>
Current Peeve: Challenge/Response users who don't
whitelist people that they send mail to.
Jim Seymour
ro...@dotmarketing.com (Rocco Maglio) writes:
> The dig below will also return information. In fact anything you dig
> at our name server will respond. We are not providing DNS for
> yahoo.com. For some reason the version of bind we are running does not
> seem to respond to the no recursive option.
>
>
> dig any +norecursive yahoo.com @ns1.dotmarketing.net
Rocco, I feel I owe you one, so see if this doesn't help:
http://jimsun.linxnet.com/misc/bind_help.txt
Just remember the caveats about my level of expertise with DNS and
BIND ;).
Bill Gates (RBG)
news:BLGdnetNZY4...@comcast.com:
> "Rocco Maglio" <ro...@dotmarketing.com> wrote in message
> news:313f98de.0308...@posting.google.com...
>> Changing
>> IP ranges
> is
>> the only remedy that we have been able to get to solve the issue
>> of being listed on spews.
>>
>
> No, it's not.
> The previous replies gave you other options, IIRC, such as using
> another server for sending your email.
>
True.
Anyone have any info on whether being a Habeas customer would trump a
SPEWS listing? For OOTB SpamAssassin users, I think it would.
Rocco could pursue that avenue as yet another remedy.
Rocco: You claim that you have a contract with UUNet that you can't
get out of. I don't believe you. Provide a copy, for this group to
review.
--
Bill Gates ... my hero - NOT! Goto http://kmfms.com/
Reply to the newsgroup. Be warned: If you email me without 'nanae' in
the Subject, your email will be filed in /dev/null.
Like: SpamAssassin, RBLs, Mozilla, Spybot S&D, Trillian.cc, Spamcop.net
McWebber
news:Aqr%a.79$m03.27...@newssvr21.news.prodigy.com...
> > The previous replies gave you other options, IIRC, such as using
> > another server for sending your email.
> >
>
> True.
>
> Anyone have any info on whether being a Habeas customer would trump a
> SPEWS listing?
Huh? What would Habeas have to do with SPEWS? We've already seen the Habeas
headers faked so I'm not sure how useful it is.
> Rocco: You claim that you have a contract with UUNet that you can't
> get out of. I don't believe you. Provide a copy, for this group to
> review.
>
Probably every contract like that has a way out, if a lawyer were to review
it and also bring up the issue of UUnet not enforcing their published AUP
that was relied upon when signing the contract.
David Romerstein
$m03.27...@newssvr21.news.prodigy.com:
> Anyone have any info on whether being a Habeas customer would trump a
> SPEWS listing? For OOTB SpamAssassin users, I think it would.
Depends on how your whitelisting/blacklisting is set up.
The one similar setup that I'm aware of "OK"s things coming from HUL-listed
IPs, so they never get checked against either the local blocklist or any
third-party DNSbls (although SPEWS is not one of the DNSbls queried).
--
"I faced a fear of mine and shivered, but didn't blink" - Eve 6, "Enemy"
JerryMouse
>
> After the initial "moving costs us thousands" reaction, how about
> trying to talk to people who are bouncing your email due to SPEWS
> listing? If they whitelist you, fine and dandy. If they don't, well,
> I guess there's a message for you in it somewhere...
Ah, but how would he know if the mail's not being delivered?
Only a small part end-user filters actually 'bounce.' Most filters just dump
the spam.
JerryMouse
> If Dotmarketing wanted to leave UUNET, we would not be allowed since
> we still have two more years in our contract. No where in the contract
> is there a clause
> that lets us out if UUNET is on SPEWS. SPEWS was not an issue at the
> time when the contract was written.
Exactly. Things change. Do you really think UUNet will create a fuss? Have
you asked them what a buy-out would cost? What does your lawyer say? Exactly
what options in this area have you explored?
>
> We have complained to UUNET on many occasions about the difficulty of
> being listed on SPEWS and being force to change IP Ranges. UUNET is a
> multinational company and we do not get a chance to talk to decision
> makers, but we are complaining to our contacts. Changing IP ranges is
> the only remedy that we have been able to get to solve the issue of
> being listed on spews.
Your problem. A basic rule of the universe is to never ask something of
someone who does not have the power to grant your request. Quit talking to
the monkey - talk to the organ grinder.
>
> If SPEWS was to list all of UUNET in its block list few people would
> use SPEWS, since UUNET supplies internet connectivity to large amounts
> of the Internet. SPEWS should to be careful to only add ranges that
> are spamming to their list or their list will become irrelavent, since
> large amounts of non-spam mail will also get blocked.
You think?
E-Mail Sent to this address will be added to the BlackLists
> "McWebber" <mcwe...@my-deja.com> wrote in
> news:BLGdnetNZY4...@comcast.com:
> SPEWS listing? For OOTB SpamAssassin users, I think it would.
> Rocco could pursue that avenue as yet another remedy.
With the SpamAssassin evaluation I am doing:
{5 >= Suspect, 10 >= Spam, Both tagged,
put in separate folders, auto aged
(deleted over time).}
A message with a SPEWS score of +2.25 (Level 1)
and Habeas, but not infringer -9.9
assuming no other score for =====
any other reason (including -7.65
other BlackLists / BlockLists).
A message with a SPEWS score of +2.5 (Level 2)
and Habeas, but not infringer -9.9
assuming no other score for =====
any other reason (including -7.4
other BlackLists / BlockLists).
A message with a SPEWS score of +2.25 (Level 1)
and Habeas and infringer +9.9
assuming no other score for =====
any other reason (including +12.15
other BlackLists / BlockLists).
A message with a SPEWS score of +2.5 (Level 2)
and Habeas and infringer +9.9
assuming no other score for =====
any other reason (including +12.4
other BlackLists / BlockLists).
Of course if a Spam gets through due to Habeas,
Habeas & the ISP(s) get a LART, the domain & IP/24
and spamvertized domain(s) gets a +99.9 score.
SpamTraps will also get you a +99.9 score.
2nd offense IP/whole subnet(s) gets a +99.9 score.
3rd offense IP/whole AS(s) gets a +99.9 score.
If the Habeas - score caused much Spam to get through
it would get changed to less weight or would stop
using it, or in some extreme case where lots of spam
used the habeas mark, maybe a + score, essentially
making Habeas a Spam indicator.
Not to mention it is unlikely to get through based
on Habeas alone, as if it is spam it is likely to
hit the plethora of other rules.
The combination of the DNS BlackList / BlockList
scores alone could result in a +50.
(Due to this most spam in fact get a score over +25.)
{Spam over +25 also gets added to the bayesian database.}
No Spam has gotten through due to Habeas yet,
but one got through due to BondedSender.
Currently we get a total of 100 to 300 messages a day,
25 - 50 are legit, the remainder are Spam.
We are up to 4 SpamTraps entries,
3 WhiteList entries (due to content, not BlackLists / BlockLists),
16 Local BlackList entries (due to Spam from).
Bill Cole
"McWebber" <mcwe...@my-deja.com> wrote:
> "Bill Gates (RBG)" <RoastedBi...@hotmail.com> wrote in message
> news:Aqr%a.79$m03.27...@newssvr21.news.prodigy.com...
[...]
> > Rocco: You claim that you have a contract with UUNet that you can't
> > get out of. I don't believe you. Provide a copy, for this group to
> > review.
> >
>
> Probably every contract like that has a way out, if a lawyer were to review
> it and also bring up the issue of UUnet not enforcing their published AUP
> that was relied upon when signing the contract.
Any contract which is not followed by one side is in theory voided by
that failure. A smart and technically savvy lawyer might well make the
argument that an Internet connection which includes captive address
space implies a duty on the part of the true owner of that address space
to take reasonable and prudent steps to make sure that the address space
does not gain a bad reputation because of their failures. Given that
UUNet has an AUP and that they enforce that AUP in some cases and manage
to keep most of their address space unlisted at any time, it seems clear
that they COULD keep any given space unlisted by applying appropriate
resources, and by failing to do so they have breached the contract.
This is not a very novel approach. Housing lawyers have used such
approaches in breaking leases practically forever: a landlord who fails
to do necessary maintanence diligently can find himself without tenants
despite their leases, at least in some places.
Gary S. Callison
: With the SpamAssassin evaluation I am doing:
: {5 >= Suspect, 10 >= Spam, Both tagged,
: put in separate folders, auto aged
: (deleted over time).}
: A message with a SPEWS score of +2.25 (Level 1)
: A message with a SPEWS score of +2.5 (Level 2)
I'm curious: why are you scoring SPEWS level 2 higher than level 1?
--
Huey
E-Mail Sent to this address will be added to the BlackLists
Well there is a typo above
("Level 1" is SPEWS Level 1 only)
however where I said "Level 2"
it should have said "Level 1 & Level 2"
and I omitted Level 2 only (+0.25 score)
{Oh well, so much for getting it right the first time.}
Bill Gates (RBG)
news:UXudnVZYp4g...@comcast.com:
> "Bill Gates (RBG)" <RoastedBi...@hotmail.com> wrote in
> message news:Aqr%a.79$m03.27...@newssvr21.news.prodigy.com...
>> "McWebber" <mcwe...@my-deja.com> wrote in
>> news:BLGdnetNZY4...@comcast.com:
>>
>> > No, it's not.
>> > The previous replies gave you other options, IIRC, such as
>> > using another server for sending your email.
>> >
>>
>> True.
>>
>> Anyone have any info on whether being a Habeas customer would
>> trump a SPEWS listing?
>
> Huh? What would Habeas have to do with SPEWS? We've already seen
> the Habeas headers faked so I'm not sure how useful it is.
I believe one trumps the other in SA; that's why it's relevant here.
I said this in my previous post, but you snipped it. Take off the
blinders, dude.
If this guy is in spews, but not spamming, he can pay Habeas to have it
not matter (other than the $ he pays to Habeas). Similar to the $ he'd
pay for a smarthost.
I identify every message I get that has habeas headers or is sent from
a habeas whitelisted IP. The count is up to about 15, all but 3 of
which were from various ASRG posters using habeas headers, the other 3
were personal mail. None were spam. (But this is not the place to get
into whether habeas is effective apart from black/whitelist aspects of
the service. If you wish to discuss that, you could post with follow-
ups to nanae.)
Shmuel (Seymour J.) Metz
at 04:18 PM, ro...@dotmarketing.com (Rocco Maglio) said:
>Switching to a small hosting provider is not an option either.
For SPEWS, cutting holes in their listings is not an option. For many
administrators, whitelist addresses with uunet IP blocks is not an
option. You seem to be demanding the right to make your own business
decisions. Well, the companies blocking you *also* have the right to
make their own business decisions, and they are under no obligation to
protect you from the consequences of your decisions.
>We cannot afford to be listed on spews
That's something to take into account when deciding whether to remain
with uunet. It does not constitute an obligation. If a company decides
that they can't afford to accept traffic from uunet, or that they
can't afford to accept traffic from specific IP blocks at uunet,
that's their prerogative. If their decision is inconvenient, it's up
to you to deal with that inconvenience.
>In Miami there are only two co-location facilities that meet our
>requirements (Exodus and UUNET).
Then maybe you should consider self hosting. IAC, those blocking
Exodus, Florida or uunet have no obligation to you. --
Shmuel (Seymour J.) Metz, SysProg and JOAT
Any unsolicited bulk E-mail will be subject to legal action. I reserve the
right to publicly post or ridicule any abusive E-mail.
Reply to domain Patriot dot net user shmuel+news to contact me. Do not reply
to spam...@library.lspace.org
Shmuel (Seymour J.) Metz
at 03:02 PM, "Bill Gates (RBG)" <RoastedBi...@hotmail.com>
said:
>Anyone have any info on whether being a Habeas customer would trump a
> SPEWS listing?
Considering the issue with Topica, that knife could cut both ways.
Whether they have rehabilitated themselves remains to be seen. Prior
to the latest legal action I would have suggested rejecting anything
from a Habeus customer; now I'm just withholding judgement. Further,
there is no central authority making such decisions; the operators of
each network decide for themselves whether and how to use the data
from SPEWS. You'll have to make your own decision as to the risk.
Shmuel (Seymour J.) Metz
at 04:13 PM, ro...@dotmarketing.com (Rocco Maglio) said:
>SPEWS should to be careful to only add ranges that
>are spamming to their list or their list will become irrelavent,
No. SPEWS is relevant precisely because it dose *not* operate the way
you wish. Specifically, it is relevant because it is proactive. That's
what the "EW' part of the name is for.
Seth Breidbart
Rocco Maglio <ro...@dotmarketing.com> wrote:
>If Dotmarketing wanted to leave UUNET, we would not be allowed since
>we still have two more years in our contract. No where in the contract
>is there a clause
>that lets us out if UUNET is on SPEWS. SPEWS was not an issue at the
>time when the contract was written.
Does your contract specify that UUNET has an AUP?
Since UUNET is not enforcing that AUP (on its spammers), UUNET is
thereby violating the contract, which should allow you to cancel it
without penalty.
Seth
Hal Murray
>that failure. A smart and technically savvy lawyer might well make the
>argument that an Internet connection which includes captive address
>space implies a duty on the part of the true owner of that address space
>to take reasonable and prudent steps to make sure that the address space
>does not gain a bad reputation because of their failures. Given that
>UUNet has an AUP and that they enforce that AUP in some cases and manage
>to keep most of their address space unlisted at any time, it seems clear
>that they COULD keep any given space unlisted by applying appropriate
>resources, and by failing to do so they have breached the contract.
Does anybody know of that line of reasoning actually being used?
Successfully?
It seems good to me, but IANAL and I haven't seen the actual contracts.
--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's. I hate spam.