http://www.spews.org/html/S2749.html

Michael Duncan

unread,

Aug 11, 2003, 7:28:21 PM8/11/03

to

I would like to contact the admin of spews.org and have a formal
retest or clarification. On the report of abuse and reason for
listing is docdrugs.com

If you clearly do an reverse lookups and access all the known
offending sites they are all on an netblock in another ISP not via
west. I have 1 affected customer with a colo server in viawest
netblock.

Is there any other formal way of retesting or re-check again and have
only the affected netblock not all netblocks being listed?

My customer is on 216.87.82.20 and 21

the first example is: (pulled from site in subject)
1, 66.97.134.138, docdrugs.com / ns2.corptopia.com /
ns2.dns4providers.com (on listed viawest.net)

docdrugs.com is now: 195.85.231.14
whois query results:
Registrant:
P. GP
2000 Liberty Av., Suite 107
Miami Beach, FL 33131
United States

Domain Name: docdrugs.com

Administrative Contact:
Role Account (KTKB7) in...@docdrugs.com
P. GP
2000 Liberty Av., Suite 107
Miami Beach, FL 33131
United States
Phone: 786-417-3506

Technical Contact:
Role Account (KTKB7) in...@docdrugs.com
P. GP
2000 Liberty Av., Suite 107
Miami Beach, FL 33131
United States
Phone: 786-417-3506

Billing Contact:
Role Account (KTKB7) in...@docdrugs.com
P. GP
2000 Liberty Av., Suite 107
Miami Beach, FL 33131
United States
Phone: 786-417-3506

Record last updated on 2003-04-10 09:11:49.843
Record created on 2002-01-07 08:36:04.030
Record expires on 2004-01-08 21:43:51.000

Domain servers in listed order:
ns1.corptopia.com 65.127.191.164
ns1.industrialmeds.com 194.135.30.109
ns2.freepacifichosting.com
ns2.panamericanhosting.com
ns1.continentalhosting.com
ns1.fakinbacon.com 194.135.30.109
ns1.freepacifichosting.com
ns1.panamericanhosting.com
ns2.continentalhosting.com
ns2.corptopia.com 68.156.45.120
ns2.fakinbacon.com 65.127.191.164
ns2.industrialmeds.com 68.156.45.120
ns1.dns4providers.net
ns2.dns4providers.net
ns1.dns4providers.com
ns2.dns4providers.com

Registration Service Provider: R T H, Inc.
in...@bozombo.com
+1 (786) 4173506

Registrar: NAMES4EVER, http://www.names4ever.com

Bruce Pennypacker

unread,

Aug 11, 2003, 8:46:53 PM8/11/03

to

Michael Duncan wrote:
> I would like to contact the admin of spews.org and have a formal
> retest or clarification. On the report of abuse and reason for
> listing is docdrugs.com

As stated in the SPEWS FAQ (http:/www.spews.org/faq.html), SPEWS doesn't
contact anybody, at least they don't state that they're SPEWS admins if
they do. Anybody who contacts you claiming to represent SPEWS is most
likely lying. Individuals who contact you to complain about spam or
spam support from your systems *might* very well be SPEWS admins, but
they wouldn't tell you that.

> If you clearly do an reverse lookups and access all the known
> offending sites they are all on an netblock in another ISP not via
> west. I have 1 affected customer with a colo server in viawest
> netblock.
>
> Is there any other formal way of retesting or re-check again and have
> only the affected netblock not all netblocks being listed?
>
> My customer is on 216.87.82.20 and 21

It looks like SPEWS has already unlisted these IP's. Dunno if this was
done earlier or in response to your post however. Buf if you look at
http://www.spews.org/html/S2749.html you'll see the following:

|--------------------
2, 66.97.132.0 - 66.97.136.255, ViaWest
2, 66.97.128.0 - 66.97.143.255, ViaWest
2, 216.87.64.0 - 216.87.65.255, ViaWest
2, 216.87.64.0 - 216.87.95.255, ViaWest
2, 216.58.128.0 - 216.58.159.255, ViaWest
0, 216.58.160.0 - 216.58.175.255, ViaWest
2, 209.170.192.0 - 209.170.207.255, ViaWest
0, 209.170.192.0 - 209.170.223.255, ViaWest
---------------------|

Those 0's and 2's on the left hand side mean level 0 & level 2 listings.
Level 0 means they're not listed. I believe that they're left in for
a while only for reference. Level 2, which isn't used by most who do
use SPEWS, basically means that SPEWS is watching you closely because
you supported spammers in the past. To quote from the SPEWS FAQ, "This
includes all of Level 1, plus anyone who is spam-friendly, supporting
spammers, or highly suspicious, but not blatant enough to be included in
the Level 1 list yet."

Since most people don't block on level 2 this really shouldn't be a
problem for your customer. As long as viawest continues to behave
responsibly (terminating spammers, responding to e-mails to
ab...@viawest.net, etc) you should eventually see these drop from level
2 to level 0. However if evidence turns up that you're hosting or
aiding spammers in any way these level 2 listings could very quickly
revert back to level 1. Think of it kind of like being on probation -
one little slip-up and you could get in trouble again. Keep on the
straight and narrow and you'll be ok.

-Bruce

Murray Watson

unread,

Aug 11, 2003, 8:48:23 PM8/11/03

to

In news.admin.net-abuse.blocklisting - article
<ad89044e.03081...@posting.google.com>, on Mon, 11 Aug
2003 23:28:21 GMT, Michael Duncan says...

> I would like to contact the admin of spews.org and have a formal
> retest or clarification. On the report of abuse and reason for
> listing is docdrugs.com
>
> If you clearly do an reverse lookups and access all the known
> offending sites they are all on an netblock in another ISP not via
> west. I have 1 affected customer with a colo server in viawest
> netblock.
>
> Is there any other formal way of retesting or re-check again and have
> only the affected netblock not all netblocks being listed?
>
> My customer is on 216.87.82.20 and 21
>
> the first example is: (pulled from site in subject)
> 1, 66.97.134.138, docdrugs.com / ns2.corptopia.com /
> ns2.dns4providers.com (on listed viawest.net)

The line you cite is a history record. All your stuff is 0 or 2.
Keep it clean and history shows the 2's turn to 0's.

0 is no problems
2 seems to be watch. Some really strict admins will block on 2s,
you're better off not disturbing them.

adam brower

unread,

Aug 11, 2003, 9:03:54 PM8/11/03

to

Michael Duncan wrote:
>
> I would like to contact the admin of spews.org and have a formal
> retest or clarification. On the report of abuse and reason for
> listing is docdrugs.com
>
> If you clearly do an reverse lookups and access all the known
> offending sites they are all on an netblock in another ISP not via
> west. I have 1 affected customer with a colo server in viawest
> netblock.
>
> Is there any other formal way of retesting or re-check again and have
> only the affected netblock not all netblocks being listed?
>
> My customer is on 216.87.82.20 and 21

how are...

2, 66.97.132.0 - 66.97.136.255, ViaWest
2, 66.97.128.0 - 66.97.143.255, ViaWest
2, 216.87.64.0 - 216.87.65.255, ViaWest
2, 216.87.64.0 - 216.87.95.255, ViaWest
2, 216.58.128.0 - 216.58.159.255, ViaWest
0, 216.58.160.0 - 216.58.175.255, ViaWest
2, 209.170.192.0 - 209.170.207.255, ViaWest
0, 209.170.192.0 - 209.170.223.255, ViaWest

affecting you negatively?

fwiw, i can't figure out why docdrugs is in the
file, but i'm a trifle bleary-eyed right now.

hmmm...ns2.corptopia sez:

docdrugs.com. 43m20s IN A 195.85.231.14

;; ADDITIONAL SECTION:
mail.continentalhosting.com. 43m20s IN A 195.85.231.15
ns1.continentalhosting.com. 43m20s IN A 195.85.231.14
ns2.continentalhosting.com. 43m20s IN A 195.85.231.14
ns1.panamericanhosting.com. 43m20s IN A 195.85.231.14
ns2.panamericanhosting.com. 43m20s IN A 195.85.231.14
ns1.fakinbacon.com. 43m20s IN A 195.85.231.14
ns2.fakinbacon.com. 43m20s IN A 195.85.231.14
ns1.industrialmeds.com. 43m20s IN A 195.85.231.14
ns2.industrialmeds.com. 43m20s IN A 195.85.231.14
ns1.corptopia.com. 43m20s IN A 195.85.231.14
ns2.corptopia.com. 43m20s IN A 195.85.231.14
ns1.freepacifichosting.com. 43m20s IN A 195.85.231.14
ns2.freepacifichosting.com. 43m20s IN A 195.85.231.14
ns1.dns4providers.com. 43m20s IN A 195.85.231.14
ns2.dns4providers.com. 43m20s IN A 195.85.231.14
ns1.dns4providers.net. 43m20s IN A 195.85.231.14
ns2.dns4providers.net. 43m20s IN A 195.85.231.14
ns1.slimturkey.com. 43m20s IN A 195.85.231.14
ns2.slimturkey.com. 43m20s IN A 195.85.231.14

adam

--

adam brower

unread,

Aug 12, 2003, 6:03:05 AM8/12/03

to

Michael Duncan wrote:
>
> I would like to contact the admin of spews.org and have a formal
> retest or clarification. On the report of abuse and reason for
> listing is docdrugs.com
>
> If you clearly do an reverse lookups and access all the known
> offending sites they are all on an netblock in another ISP not via
> west. I have 1 affected customer with a colo server in viawest
> netblock.
>
> Is there any other formal way of retesting or re-check again and have
> only the affected netblock not all netblocks being listed?
>
> My customer is on 216.87.82.20 and 21
>
> the first example is: (pulled from site in subject)
> 1, 66.97.134.138, docdrugs.com / ns2.corptopia.com /
> ns2.dns4providers.com (on listed viawest.net)
>

*sigh* the spews zone as served by osirusoft
is b0rken:

;; ANSWER SECTION:
20.82.87.216.spews.relays.osirusoft.com. 12H IN TXT "[1] ViaWest, see http://spews.org/ask.cgi?S2749"

.even though the listings *should* be level 0
or level 2.

i suspect a bad build from ancient data. the
maintainer is unfortunately hors de combat at
present. i'm advising those who care *not*
to query spews through osirusoft (or the
aggregate zone with includes spews) until
the maintainer is able to repair things.

adam

--

Tom Betz

unread,

Aug 12, 2003, 8:33:42 AM8/12/03

to

adam brower <ad...@hermes-grp.com> wrote in
news:3F386C92...@hermes-grp.com:

> i'm advising those who care *not*
> to query spews through osirusoft (or the
> aggregate zone with includes spews) until
> the maintainer is able to repair things.

Maybe I missed it -- what's a good alternate zone to query for SPEWS?

Adam Lawhorne

unread,

Aug 12, 2003, 9:33:13 AM8/12/03

to

i recommend spews.bl.reynolds.net.au.

adam

--

McWebber

unread,

Aug 12, 2003, 9:31:43 AM8/12/03

to

"Tom Betz" <spamme...@pobox.com> wrote in message
news:Xns93D55FB8A2017g...@216.168.3.44...

IIRC, adam said spews.bl.reynolds.net.au
http://bl.reynolds.net.au/spews/

--
McWebber
No email replies read
If someone tells you to forward an email to all your friends
please forget that I'm your friend.

McWebber

unread,

Aug 12, 2003, 10:41:45 AM8/12/03

to

"Tom Betz" <spamme...@pobox.com> wrote in message
news:Xns93D55FB8A2017g...@216.168.3.44...

It would be nice if http://bl.reynolds.net.au/spews/ changed to mention
NANAB instead of NANAE, or dropped mention of posting to newsgroups as how
to get delisted.
"Probably the easiest way is to fix the issue that they have listed you for,
and then post to the Newsgroups known as NANAE. "

Michael Duncan

unread,

Aug 12, 2003, 11:08:35 AM8/12/03

to

Well as of yesterday (8-11-2003) at 4pm PST I pulled the report and
they where all 1's on VIA West for their netblocks.

I use spews for my mail relay servers and pop3 servers. I have one
customer that has webhosting and pop3 accounts with me, but they have
a 3rd party APP hosting solution that is colo in VIA West Netblock so
they get bounce email from their apps when sending to themselves.

Thanks for explaining the 1's, and 0's meaning to me that was very
helpful so that I know last night it was changed either by VIA West
complying with SPEWS rules and or per my request asking about the 1's
entry.

I'm thankful for all your help.

Bill Cole

unread,

Aug 12, 2003, 12:17:27 PM8/12/03

to

In article <3F386C92...@hermes-grp.com>,
adam brower <ad...@hermes-grp.com> wrote:

> *sigh* the spews zone as served by osirusoft
> is b0rken:
>
> ;; ANSWER SECTION:
> 20.82.87.216.spews.relays.osirusoft.com. 12H IN TXT "[1] ViaWest, see
> http://spews.org/ask.cgi?S2749"
>
> .even though the listings *should* be level 0
> or level 2.
>
> i suspect a bad build from ancient data. the
> maintainer is unfortunately hors de combat at
> present. i'm advising those who care *not*
> to query spews through osirusoft (or the
> aggregate zone with includes spews) until
> the maintainer is able to repair things.

This extends beyond the SPEWS data. The 'inputs' list (i.e. open relays,
in theory) is outdated as well, and there's no working way to get a
retest to get out of that list at this point.

I think it is probably a bad idea to be using ANY of the Osirusoft lists
until such time as they are brought back to function reasonably well.

--
Clues for the blacklisted: <http://www.scconsult.com/bill/dnsblhelp.html>

Current Peeve: Challenge/Response users who don't
whitelist people that they send mail to.

Shmuel (Seymour J.) Metz

unread,

Aug 12, 2003, 12:18:58 PM8/12/03

to

In <ad89044e.03081...@posting.google.com>, on 08/11/2003

at 11:28 PM, mdu...@winterlink.net (Michael Duncan) said:

>I would like to contact the admin of spews.org

See Q41.

>and have a formal retest or clarification.

They don't do that, although they are probably lurking in the news
groups.

>My customer is on 216.87.82.20 and 21

[H:\]whois -h whois.arin.net 216.87.82.20 and 21

OrgName: ViaWest Internet Services
OrgID: VINS
Address: 1444 Wazee St Ste 215
City: Denver
StateProv: CO
PostalCode: 80204
Country: US

NetRange: 216.87.64.0 - 216.87.95.255
CIDR: 216.87.64.0/19
NetName: VIAWEST-BLK-1
NetHandle: NET-216-87-64-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.VIAWEST.NET
NameServer: NS2.VIAWEST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1999-07-14
Updated: 2003-05-12

OrgAbuseHandle: ABUSE360-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +1-720-891-1015
OrgAbuseEmail: ab...@viawest.net

OrgTechHandle: ROUTI1-ARIN
OrgTechName: Routing
OrgTechPhone: +1-303-407-4700
OrgTechEmail: hostm...@viawest.net

Have you spoken to viawest about closing thier open relays[1]? IAC, if
the record is still level 2 then you shouldn't be affected.

[1] I don't know about the IP block you're in, but they seem to have
an open relay at 216.150.216.170.

--
Shmuel (Seymour J.) Metz, SysProg and JOAT

Any unsolicited bulk E-mail will be subject to legal action. I reserve the
right to publicly post or ridicule any abusive E-mail.

Reply to domain Patriot dot net user shmuel+news to contact me. Do not reply
to spam...@library.lspace.org

Tom Betz

unread,

Aug 12, 2003, 9:38:00 PM8/12/03

to

Quoth "McWebber" <mcwe...@my-deja.com> in news:7NWcnYqO_OzEZKWiU-
KY...@comcast.com:

> "Tom Betz" <spamme...@pobox.com> wrote in message
> news:Xns93D55FB8A2017g...@216.168.3.44...
>>

>> Maybe I missed it -- what's a good alternate zone to query for SPEWS?
>>
>
> IIRC, adam said spews.bl.reynolds.net.au
> http://bl.reynolds.net.au/spews/

Thanks, all.

E-Mail Sent to this address will be added to the BlackLists

unread,

Aug 13, 2003, 1:26:15 AM8/13/03

to

Yes, Reynolds it is a good source.
You are supposed to get a subscription.
"0-1,000 queries per day free, after registration"
see: bl.reynolds.net.au/subscription/

See also:
Newsgroups: news.admin.net-abuse.email
Message-ID: <bfe4cj$6u6$1...@bunyip.cc.uq.edu.au>
Date: Sun, 20 Jul 2003 23:10:42 +1000
From: Matthew Sullivan <news...@isux.com>
"If anyone is still looking for alternative SPEWS zone
lookup places whilst the various DoS'ing is happening,
you can get the SPEWS zones from:
l1.spews.dnsbl.sorbs.net
l2.spews.dnsbl.sorbs.net
However, note this is not replicated out on to any
secondaries at the moment so it isn't for mainstream use,
just a backup."

--
SPEWS: Only the listed ISP can do anything about the listing,
and only by stopping the spammer support first.

1) If you are NOT a ISP you are likely wasting your time,
unless you want an education and not a listing change.

2) If you are a ISP you are likely wasting your time,
unless you have terminated / removed ALL spammer support
services and keep it that way.