[linux-elitists] Spam spam spam spam
Fri Feb 18 13:42:32 PST 2005
On Friday 18 February 2005 12:53, Aaron Sherman wrote:
> On Thu, 2005-02-17 at 23:30, Karsten M. Self wrote:
> > Spamhaus's dossier on MCI is here:
Thanks, Karsten, and another interesting page is the Top 10 list.
Without looking I bet anyone can guess who's Number One.
> > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL24036
> > 126.96.36.199/32 is listed on the Register Of Known Spam
> > Operations (ROKSO) database as being assigned to, under the control
> > of, or providing service to a known professional spam operation run
> > by Alan Ralsky.
> Damn. I was using Spamhaus specifically because they only listed
> people who were known to originate spam (either because they were
> zombies (XBL) or spam sources (SBL)). Either I was wrong, or they've
> changed their policy to list groups punitively.
I don't see that as a punitive listing. The IP is known to be under
control of Alan Ralsky. If he or Ruslan Ibragimov or any other known,
unrepentant spammer was to sit at his computer and type a personal
message just to me, I would see nothing wrong with blocking it.
I wouldn't want to deal with him in any form except in what I might be
able to do to remove his access to the Internet. It's that Boulder
Pledge sort of thing.
I am sorry, I know I sound like an obnoxious zealot. Those who get down
in the trenches of the spam war you tend to get that way. Spammers have
that certain quality about them that triggers reverse peristalsis in
me. They seem to lack most normal thought processes, and perhaps ALL
ethical thought processes.
Incidentally, I do not block or inhibit any of the many free Webmail
services. Any ROKSO perpetrator could use one of those and contact me.
> So, I'm back to the drawing board. Does anyone know of a DNSBL that
> ONLY lists IPs that are known to be actively originating bulk UCE? I
> really do want to be able to get legitimate mail, even if it's from
> an email list retailer, spam software vendor, spammer's home system,
Here's where we apparently won't agree. Yes, it is true, at least in
theory, that a spammer might occasionally have something useful to
offer to me or to some other life form. I simply do not accept that
they have the right to access MY mail server unless / until they are
proven to be out of the spam business.
If you've taken the time to read the Spamhaus site, and of course
anyone who would trust them to block mail should definitely do so,
you'll see that this is their approach. Perpetrators are not listed in
SBL / ROKSO until the *3rd* ejection from an ISP.
(Apparently you have done this ... to be explicit, I am speaking in
indefinite terms above.)
In the case of MCI this approach is now a bit problematic, because MCI
won't eject them. Spammers know where to find bullet-proof hosting.
They're leaving (being kicked out of) China and going to MCI.
Amazingly, in 2003 we had kicked Send-safe.com off 4 Chinese
"bullet-proof hosts" before they found safe haven at MCI in the
US. MCI makes even the worst Chinese network look clean.
-Steve Linford, Spamhaus.org, 2005/02/15
> a child molester, delinquent dad, or someone who speaks out against
> the government.
I agree that some of the RBL's I've seen do go overboard. AHBL, the
late monkeys.com, RFC-ignorant, five-ten-sg, JammDNS, UCEProtect, and
of course SPEWS. (I am SPEWS, BTW.) Oh, and the worst I think I came
across was Blars. But I disagree that it's wrong to prohibit direct
access to email from known spam gangs.
Back to the Boulder Pledge: economic damage is really the only way
possible to stop spam. It has to begin to cost them more than they get
from it. With the cooperation of the providers on that Top Ten list,
it's really possible. Make and enforce punitive TOS. If someone spams
they're contractually bound to pay a huge fine. Shut 'em down and
What this whole Cerf thing comes down to is that we are trying to apply
some pressure on MCI. I agree, it feels like we're unfairly singling
out Cerf, and I'm certain Vint is the kind of geek I would really like
We discussed this on SPAM-L, too. It FEELS kind of mean, but it really
is justified. Everyone on Earth has ethical obligations. Cerf is in a
position where he could do some real damage to spammers. He's not doing
it, and in fact, making lame excuses as to why not.
I am hoping that this kind of ethical pressure on Cerf and MCI will do
some good. It might not. We'll see.
> I just want to shut off the pipe when people
> demonstrate that they are willing to treat their pipe as a firehose.
That's YOUR pipe, not theirs. Send Safe steals the pipe from Windows
machines, and their ISP's, everywhere, and then YOUR pipe.
ROKSO members have demonstrated this. If you know of a single listing
which is in error in some way, Spamhaus will remove or revise it. And
this gets us back to our fundamental disagreement about query=SBL24036.
In my mind it's perfectly valid.
> I'm so tired of the punitive responses of listing those "providing
> service", "advertized by spam", netblocks with innocent users,
> netblocks which are "not valid mail sources" according to whatever
I feel guilty about blocking dynamic IP space, but unfortunately it's
very effective, what with so much spew coming from zombies. Thanks to
Send Safe et al!
> criteria, etc. I just want a clean, well-maintained, timely list of
> IPs that have connected to SMTP ports and delivered spam. I'll even
> pay for it!
It's a huge job. Conscientious RBL's like Spamhaus, Spamcop, SORBS and
NJABL are doing the best they can. But there WILL be collateral damage
from all this unless / until the economics kick in.
 Sedentary Person Emailing While Sipping.
Rob - /dev/rob0
More information about the linux-elitists