SPEWS S1562 Removal
Lei Nage
www.spews.org/html/S1562.html lists our IP (66.250.74.150) in the
66.250.67.0 - 66.250.77.255, Cogent (Systemic Solutions / Poison
Dragon Communications) (moved to level 2) block. We are unable to
operate our services properly and according to our ISP all their
attempts to get removed from SPEWS didn't bring any results. We may
consider the possibility of changing our ISP should we be sure it
won't happen to our next ISP, and the next one, and the next. How can
we be sure that the "reputable" service provider won't end up in the
SPEWS at some point and we won't get engaged into a full-time business
of chasing a good guy instead of minding (and taking care of) our own
business? Shouldn't there be another way of punishing those who may be
guilty without the tactics of carpet bombardments?
Our understanding is that we are far from being the only "end user"
victim of this situation. It would be real nice for the SPEWS guys to
introduce some humanity into their fully automated system. As for us,
we would really apreciate removal of our IP from the listing.
Thank you in advance,
Lei Nage
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Jim Seymour
It doesn't "concern" me, per se, in any context of the word. But
I'll comment anyway ;).
>
> www.spews.org/html/S1562.html lists our IP (66.250.74.150) in the
> 66.250.67.0 - 66.250.77.255, Cogent (Systemic Solutions / Poison
> Dragon Communications) (moved to level 2) block. We are unable to
> operate our services properly and according to our ISP all their
> attempts to get removed from SPEWS didn't bring any results.
[snip]
Two points: 1) As I understand: Few admins block on SPEWS "level 2"
listings. 2) Was it down-graded from a "level 1" listing to "level 2?"
If so, then your ISP's claim would appear to be without merit, wouldn't
you say?
> It would be real nice for the SPEWS guys to
> introduce some humanity into their fully automated system. As for us,
> we would really apreciate removal of our IP from the listing.
It would be real nice for the spammers and spam-supporting ISPs to put
a bit of humanity into *their* "systems," as well. I don't expect
that to happen any more than you can probably expect SPEWS to change
its policies (if history is any guide).
>
> Thank you in advance,
You're welcome.
--
Jim Seymour | "Some of the lies are so strange it
jsey...@LinxNet.com | makes you wonder about the spammer's
LinxNet Spam Files: | sanity."
http://www.LinxNet.com/misc/spam | - Ed Foster, "The Gripe Line" 6/24/02
Claes T
>To whom it may concern,
I'm not SPEWS, nor do I wait for mail from you. But still, my 2c's:
>www.spews.org/html/S1562.html lists our IP (66.250.74.150) in the
>66.250.67.0 - 66.250.77.255, Cogent (Systemic Solutions / Poison
>Dragon Communications) (moved to level 2) block. We are unable to
>operate our services properly and according to our ISP all their
>attempts to get removed from SPEWS didn't bring any results.
For once, this *seems* true. Discussed in January 2003 in threads
"SPEWS S477,S464, S1694, S2118, S2276, S703" and especially "SPEWS S
1562 Clarification? - Read" starting with Message-IDs
<3e3141af...@corp-radius.supernews.com> and
<3e2ef619....@corp-radius.supernews.com>. If I haven't missed
something, nothing was found motivating listing/keeping the blocks
(spamming poisondragon.com stills gives 66.250.72.2 as MX, but hard
for Cogent to do anything about that, isn't it? Harder than if it was
a NS I think.)
Sure, Cogent has a lot of cleaning to do - still got 28 Spamhaus SBL
listings for IPs under the responsibility of cogentco.com, 13 of those
regarding known spam gangs with ROKSO records - but no nearer you than
66.250.80.0/23. Dave, you listen? ;-)
btw, you are in a block listed at "level 2" - that level is thought
not to be widely used for blocking, so maybe you (rather the part you
try to mail) could contact the isp/company using SPEWS level 2
listings for blocking and ask them to whitelist you or to stop block
on level 2.
>We may
>consider the possibility of changing our ISP should we be sure it
>won't happen to our next ISP, and the next one, and the next. How can
>we be sure that the "reputable" service provider won't end up in the
>SPEWS at some point and we won't get engaged into a full-time business
>of chasing a good guy instead of minding (and taking care of) our own
>business?
You can't, but picking an ISP not in Spamhaus SBL (or at least not
with any ROKSO spammers) or if so not older then a week, and not in
SPEWS, chances are good they keep themselves out of blocklists in the
future as well.
>Shouldn't there be another way of punishing those who may be
>guilty without the tactics of carpet bombardments?
Yes, there should be a better way to have ISPs act harder and faster
against their spamming customers, and so protecting innocent from
being spammed. And it should be Peace On Earth, as well. We'll see
what is fulfilled first.
>Our understanding is that we are far from being the only "end user"
>victim of this situation. It would be real nice for the SPEWS guys to
>introduce some humanity into their fully automated system.
SPEWS humanity seems to be aimed primary to those of us getting spam,
not primary customers of ISPs with big spam problems, And that's fine
with me. But in this very case, I wish there should be some
clarifications in the SPEWS record what's keeping the block
66.250.72.0/24 listed, if no-one in this thead can tell/guess.
>As for us,
>we would really apreciate removal of our IP from the listing.
I do believe you :-) God luck!
Claes T
Mike Andrews
> To whom it may concern,
> www.spews.org/html/S1562.html lists our IP (66.250.74.150) in the
> 66.250.67.0 - 66.250.77.255, Cogent (Systemic Solutions / Poison
> Dragon Communications) (moved to level 2) block. We are unable to
> operate our services properly and according to our ISP all their
> attempts to get removed from SPEWS didn't bring any results. We may
> consider the possibility of changing our ISP should we be sure it
> won't happen to our next ISP, and the next one, and the next. How can
> we be sure that the "reputable" service provider won't end up in the
> SPEWS at some point and we won't get engaged into a full-time business
> of chasing a good guy instead of minding (and taking care of) our own
> business? Shouldn't there be another way of punishing those who may be
> guilty without the tactics of carpet bombardments?
> Our understanding is that we are far from being the only "end user"
> victim of this situation. It would be real nice for the SPEWS guys to
> introduce some humanity into their fully automated system. As for us,
> we would really apreciate removal of our IP from the listing.
The relevant parts of the SPEWS listing are:
: 1, 66.250.72.2, flyntvision.com / Poison Dragon Communications / mail.poisondragon.com
: 1, 66.250.72.3, flyntvision.com / Poison Dragon Communications
: 1, 66.250.72.0/25, Systemic Solutions / Poison Dragon Communications (Cogent)
: 1, 66.250.72.0/24, Cogent (Systemic Solutions / Poison Dragon Communications) (escalated)
: 2, 66.250.67.0 - 66.250.77.255, Cogent (Systemic Solutions / Poison Dragon Communications) (moved to level 2)
First, it appears that only 66.250.72.0/24 and smaller blocks are
listed at level 1; the larger block is listed at level 2, which
TTBOMK few ISPs (and no responsible ISPs AFAIC) block on.
Second, the level 2 listing is for your upstream, Cogent, and not for
you. Cogent has a _very_ bad reputation, which I think it has earned
abundantly, for being tolerant of spammers and unwilling to take
action to get them off its networks.
I don't know why 66.250.67.0 - 66.250.77.255 was moved to level 2,
but I suspect that if Cogent doesn't do something about the other
entities listed at level 1 in this record, then that big block will
be (again?) listed at level 1.
Now, if you want us to consider "humanity" in the SPEWS listings,
then you should be willing to consider the problems caused to a great
many more people by Cogent's hosting of spammers and Cogent's general
unwillingness to get rid of those spammers. We would really appreciate
not having spam from the Cogent-hosted spammers in our mailsystems.
I expect that the listing will disappear when the spammers go away.
You have some options in the meantime:
o Stay and suffer;
o Gripe at Cogent. You're paying them and abiding by the AUP; they
should enforce it evenly on all their subscribers;
o Smarthost your outbound mail with a reputable provider;
o Change providers.
"Choose wisely."
--
Mike Andrews
mi...@mikea.ath.cx
Tired old sysadmin
Perusion Hostmaster
> To whom it may concern,
>
> www.spews.org/html/S1562.html lists our IP (66.250.74.150) in the
> 66.250.67.0 - 66.250.77.255, Cogent (Systemic Solutions / Poison
> Dragon Communications) (moved to level 2) block. We are unable to
> operate our services properly and according to our ISP all their
> attempts to get removed from SPEWS didn't bring any results.
Of course not -- the spammer (poisondragon.com) is still there.
--
How far can you open your mind before your brains fall out?
Dolphin
message <alolvv0604sov535g...@4ax.com> reply:
<SNIP>
> But in this very case, I wish there should be some
> clarifications in the SPEWS record what's keeping the block
> 66.250.72.0/24 listed, if no-one in this thead can tell/guess.
<SNIP>
Maybe Cogent could start with removing the rDNS for the spammers'
66.250.72.2 IP, which now still points at spammers? And maybe
adding a nice 127.0.0.1 DNS would help spammers to speed up the
DNS re-pointing process.
$ host 66.250.72.2
2.72.250.66.in-addr.arpa domain name pointer ns2.poisondragon.com.
Dolphin.
--
URL: http://www.DolphinWave.org
Mail: on the web page (no spam)
ICQ: 6615461
Dolphin
message <b32dfb10.04010...@posting.google.com> reply:
> To whom it may concern,
>
> www.spews.org/html/S1562.html lists our IP (66.250.74.150) in the
> 66.250.67.0 - 66.250.77.255, Cogent (Systemic Solutions / Poison
> Dragon Communications) (moved to level 2) block. We are unable to
> operate our services properly and according to our ISP all their
> attempts to get removed from SPEWS didn't bring any results.
Maybe, it would be because of your ISP not removing their spammers
first, ones that got more and more of your ISP's space listed in
blocklists? Let's see...
$ host mail.poisondragon.com
mail.poisondragon.com has address 66.250.72.2
$ host 66.250.72.2
2.72.250.66.in-addr.arpa domain name pointer ns2.poisondragon.com
Surprise - they are still on the same Cogent IP, where they were
all the time! Now, tell me, on what grounds your ISP thought to
get the listing removed, if they did not remove the reason of it,
the spammers, from their IPs? And why they sound so surprised when
the listing was not removed by SPEWS, for them not removing their
spammers?
> We may
> consider the possibility of changing our ISP should we be sure it
> won't happen to our next ISP, and the next one, and the next.
Then you probably should do some investigation on your next ISP,
what is their reputation, before signing up with them. Cogent
definitely has a reputation of a hardcore spamhaus, by hosting
almost all of the worst spammers on their servers, refusing to
terminate them, and helping to trash e-mail boxes of people all
around the world (including your's). If you was doing a research
on say 'Cogent spamhaus', you would have already known it:
http://www.DolphinWave.org/spam/Cogent.txt
> How can
> we be sure that the "reputable" service provider won't end up in the
> SPEWS at some point and we won't get engaged into a full-time business
> of chasing a good guy instead of minding (and taking care of) our own
> business?
You, of course, put the "reputable" in quotes to make a tongue-in-cheek
comment on the Cogent spamhaus, right?
> Shouldn't there be another way of punishing those who may be
> guilty without the tactics of carpet bombardments?
Another way was already tried. You can see it in the SPEWS evidence
file. It begun from listing only the spammers' IPs. But it did not
get Cogent's attention. Hey, Cogent did not boot the spammers even
now, with the "tactics of carpet bombardments". Obviously, Cogent
does not consider the "destructions" to be significant, to finally
kick the spammers off. So, it seems, even wider "carpet bombardments"
should be used against Cogent.
Do you have any better idea on how to make Cogent to kick their spammers?
One that will not require "carpet bombardments", yet will be effective
enough for Cogent to kick them? We are all ears! Just keep in mind that
listing only the spammers was already tried with Cogent, and it was not
effective, at all (you can see it in the SPEWS evidence file, the first
lines).
> Our understanding is that we are far from being the only "end user"
> victim of this situation.
And you can fully thank Cogent for creating their reputation, one that
makes other admins to block major parts of the Cogent's IP space, or
the whole Cogent, at all. You may stop being a victim of the Cogent's
misbehaviour by moving to a reputable provider, or you can stay in the
Cogent's space, pay them, and enjoy being a victim. It's all up on you.
> It would be real nice for the SPEWS guys to
> introduce some humanity into their fully automated system. As for us,
> we would really apreciate removal of our IP from the listing.
Why not to ask Cogent, when they are going to get their stuff together,
and kick all their spammers, whom they happily host at present? Cogent's
IPs can't be removed from the blocklists while Cogent did not remove their
spammers.
> Thank you in advance,
>
> Lei Nage
You are welcome in advice.
Dolphin.
--
URL: http://www.DolphinWave.org
Mail: on the web page (no spam)
ICQ: 6615461
--
Shmuel (Seymour J.) Metz
at 12:39 PM, Ne...@hotmail.com (Lei Nage) said:
>To whom it may concern,
This is a public news group; your article concerns anyone who cares to
be concerned. Don't count on anybody from SPEWS responding to it; they
don't do that, at least not in an official capacity.
>www.spews.org/html/S1562.html lists our IP (66.250.74.150)
That's not your IP; you're only renting the use of it.
>Cogent
You've got more problems than just the SPEWS listing.
>moved to level 2
Why do you care?
>We are unable to operate our services properly
Why? Who is blocking you for a levvel 2 listing? Have you communicated
with them?
>according to our ISP
You believed them because?
>all their attempts to get removed from SPEWS
Attempts? They're still trying to have their cake and eat it too. They
need to get rid of their spammers, lock, stock and barrel, without
waiting to be listed. Anything less is simply an attempt at plausible
deniability, and won't wash.
>We may consider the possibility of changing our ISP should we be
>sure it won't happen to our next ISP,
You can never be sure, but there are steps that you can take to
protect yourself
1. Google is your friend
2. Ask, in writing, whether any of their customers are listed in
ROKSO.
3. Negotiate the contract terms so that you can leave with no penalty
if they sign on known spammers, fail to terminate spammers or fail
to adequately police network security.
>How can we be sure
How can you be sure that a safe won't fall on your head? And how is it
anybody else's responsibility?
>Shouldn't there be another way of punishing those who may be guilty
>without the tactics of carpet bombardments?
Sure. There should be a law providing a death penalty for spammers.
Instead, there is a law effectively giving them carte blanche.
Further, you are confusing SPEWS with some other list. SPEWS is far
too conservative to be used for punishment; it is only an early
warning system.
>Our understanding is that we are far from being the only "end user"
>victim of this situation.
Correct; there are millions of other victims of your provider. Your
provider is one of the reasons that they are using SPEWS.
>It would be real nice for the SPEWS guys to
>introduce some humanity into their fully automated system.
It would be real nice for your provider to introduce some humanity
into their spamming customers. And it would be real nice for my
provider to provide some humanity by blocking Cogent entirely. SPEWS
is only the messenger; the blame is Cogent's and its spamming
customers. On the Internet, nobody is bound by Omerta.
>As for us, we would really apreciate removal of our IP from the listing.
We (TINW) would really appreciate the removal of spammers from Cogent.
Take care of that and your issue will be resolved automatically.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
Unsolicited bulk E-mail will be subject to legal action. I reserve
the right to publicly post or ridicule any abusive E-mail.
Reply to domain Patriot dot net user shmuel+news to contact me. Do
not reply to spam...@library.lspace.org
JerryMouse
> To whom it may concern,
>
> consider the possibility of changing our ISP should we be sure it
> won't happen to our next ISP, and the next one, and the next. How can
> we be sure that the "reputable" service provider won't end up in the
> SPEWS at some point and we won't get engaged into a full-time business
> of chasing a good guy instead of minding (and taking care of) our own
> business?
To answer your question directly: "Reputable" service providers don't end up
in SPEWS. "Reputable" service providers don't sign up known spammers and
they immediately disconnect any of their existing clients that start
spamming.
>Shouldn't there be another way of punishing those who may be
> guilty without the tactics of carpet bombardments?
There are, but all of them are illegal and result in significant jail time.
Huey Callison
> Lei Nage wrote:
>> We may consider the possibility of changing our ISP should we be
>> sure it won't happen to our next ISP, and the next one, and the
>> next. How can we be sure that the "reputable" service provider won't
>> end up in the SPEWS at some point and we won't get engaged into a
>> full-time business of chasing a good guy instead of minding (and
>> taking care of) our own business?
> To answer your question directly: "Reputable" service providers don't
> end up in SPEWS. "Reputable" service providers don't sign up known
> spammers and they immediately disconnect any of their existing
> clients that start spamming.
That's a fine theory, but in practice, is there _any_ backbone provider
who has never had a SPEWS listing? Are there any mid-tier ISPs who have
never had a SPEWS listing? Is there a consumer-oriented internet entity
of any significance who has never had a problem with SPEWS?
You didn't answer his question, and it's a fine one. I'd be interested
in hearing an answer as well.
How can we be sure that the "reputable" service provider won't end up
in the SPEWS at some point and we won't get engaged into a full-time
business of chasing a good guy instead of minding (and taking care
of) our own business?
"Change providers" is one of the possible responses to a SPEWS listing,
but it isn't a complete answer. Change providers to _who_?
--
Huey
Clark Morgan
[...]
> Is there a consumer-oriented internet entity
> of any significance who has never had a problem with SPEWS?
aracnet.com (aka spiritone.com) . Pity the spammer who plies his/her
trade from this ISP. Actually, I can think of two who tried:
* a one-off customer got an account, started spamming and was terminated
promptly. Then the BOFH added a custom sendmail bounce message for
ensuing complaints that stated something to the effect:
550 - #customer XYZ terminated for spamming
Note: no mealy-mouthed, lawyer-sanctioned "we handled it message".
* Sanford Wallace set up shop (via a third party) at aracnet. When
discovered, aracnet's owner simply told Sandford to get out (no first
chance, no second chance, etc.).
Aracnet hosts spamblocked, for example.
JerryMouse
> On 2004-01-09, JerryMouse <nos...@bisusa.com> wrote:
>> Lei Nage wrote:
>>> We may consider the possibility of changing our ISP should we be
>>> sure it won't happen to our next ISP, and the next one, and the
>>> next. How can we be sure that the "reputable" service provider won't
>>> end up in the SPEWS at some point and we won't get engaged into a
>>> full-time business of chasing a good guy instead of minding (and
>>> taking care of) our own business?
>> To answer your question directly: "Reputable" service providers don't
>> end up in SPEWS. "Reputable" service providers don't sign up known
>> spammers and they immediately disconnect any of their existing
>> clients that start spamming.
>
> That's a fine theory, but in practice, is there _any_ backbone
> provider who has never had a SPEWS listing? Are there any mid-tier
> ISPs who have never had a SPEWS listing? Is there a consumer-oriented
> internet entity of any significance who has never had a problem with
> SPEWS?
Literally hundreds of thousands. SPEWS blocks < ~ 0.02 percent of IP space.
>
> You didn't answer his question, and it's a fine one. I'd be interested
> in hearing an answer as well.
> How can we be sure that the "reputable" service provider won't end
> up in the SPEWS at some point and we won't get engaged into a
> full-time business of chasing a good guy instead of minding (and
> taking care of) our own business?
I did answer the question - if the ISP is reputable, it won't end up on
SPEWS. SPEWS does not determine righteousness; SPEWS merely reports.
Reputation is first determined by several factors. Once an ISP is determined
to be a skel (sometimes a mope), then SPEWS simply reports that fact.
>
> "Change providers" is one of the possible responses to a SPEWS
> listing, but it isn't a complete answer. Change providers to _who_?
That's for us to know and for you to find out.
How do you know a potential ISP won't have serious billing problem, or cause
you to suffer interminable dropped-connections or periodic service outages
or lose your email altogether?
Seriously, you're asking who might be a reputable termite control company.
There are some national firms that do a superb job (Terminex/Earthlink) and
local companies likewise.
Get yourself a list of those ISPs that are even POSSIBLE for you and
research. Google-Groups is your friend:
Search: (potential ISP) + spam
If (potential ISP) passes this first sieve, discover the ISPs upstream and
repeat.
Jim Seymour
Huey Callison <bas-...@grace.speakeasy.net> writes:
> On 2004-01-09, JerryMouse <nos...@bisusa.com> wrote:
>> Lei Nage wrote:
>>> We may consider the possibility of changing our ISP should we be
>>> sure it won't happen to our next ISP, and the next one, and the
>>> next. How can we be sure that the "reputable" service provider won't
>>> end up in the SPEWS at some point and we won't get engaged into a
>>> full-time business of chasing a good guy instead of minding (and
>>> taking care of) our own business?
>> To answer your question directly: "Reputable" service providers don't
>> end up in SPEWS. "Reputable" service providers don't sign up known
>> spammers and they immediately disconnect any of their existing
>> clients that start spamming.
>
> That's a fine theory, but in practice, is there _any_ backbone provider
> who has never had a SPEWS listing? Are there any mid-tier ISPs who have
> never had a SPEWS listing? Is there a consumer-oriented internet entity
> of any significance who has never had a problem with SPEWS?
I don't know the answer to that for certain, but I can take an
educated guess: No, no and no?
*But* there *are* ISPs that seem less prone to wide-spread listings
than others. For example: None of my three ISPs (two at work, one at
home) often find any of their space listed. And when it does happen,
it doesn't often stay listed for long.
I've only once found myself SPEWSed. (Home ISP. Very white-hat.)
The listing lasted all of about a day.
>
> You didn't answer his question, and it's a fine one. I'd be interested
> in hearing an answer as well.
> How can we be sure that the "reputable" service provider won't end up
> in the SPEWS at some point and we won't get engaged into a full-time
> business of chasing a good guy instead of minding (and taking care
> of) our own business?
Can't. Obviously. If for no other reason than a "reputable"
provider may become disreputable at any time, for any number of
reasons. I suppose the best you can do is choose a provider that
seems reputable at the time, hope they stay that way, keep your eyes
open and be ready to move should it prove necessary.
Yeah, that sucks. But the stone-cold truth is that the 'net can no
longer tolerate misfeasance on the part of those whom enable network
abuse. Email, arguably one of the two most useful "killer apps" on
the 'net, can potentially be killed by the abuse or by the attempts
to thwart the abuse. I'm of the opinion that "dead is dead," and
that death by attempted abuse prevention is the less likely of the
two to be permanent.
I wouldn't *have* email if I couldn't run my own mail server.
Really. If I couldn't configure my own local blocklists, my own
choices of DNSbls and my own local filters, I wouldn't have email.
This *includes* using such aggressive solutions as SPEWS, should I
deem it necessary. This means, to me, that email, as a useful 'net
application, is already hanging by a thread. All it would take is
for my financial situation to worsen or my current ISP to go under
and that'd be the end of email for me.
I find this situation unacceptable.
>
> "Change providers" is one of the possible responses to a SPEWS listing,
> but it isn't a complete answer. Change providers to _who_?
To one that at least appears to be trying to behave responsibly.
This would leave Cogent, to cite the example that started this
thread, completely out of the equation.
I, btw, have cogent.blackholes.us configured into my mail servers at
home *and* at work. One of only two blackholes.us zones I use.
--
Jim Seymour | "Some of the lies are so strange it
jsey...@LinxNet.com | makes you wonder about the spammer's
LinxNet Spam Files: | sanity."
http://www.LinxNet.com/misc/spam | - Ed Foster, "The Gripe Line" 6/24/02
--