[linux-elitists] Spam spam spam spam

Rob McGee list+Elite@nodns4.us
Fri Feb 18 13:42:32 PST 2005


On Friday 18 February 2005 12:53, Aaron Sherman wrote:
> On Thu, 2005-02-17 at 23:30, Karsten M. Self wrote:
> > Spamhaus's dossier on MCI is here:

Thanks, Karsten, and another interesting page is the Top 10 list. 
Without looking I bet anyone can guess who's Number One.

> >     http://www.spamhaus.org/sbl/sbl.lasso?query=SBL24036
> >
> >     157.130.205.94/32 is listed on the Register Of Known Spam
> > Operations (ROKSO) database as being assigned to, under the control
> > of, or providing service to a known professional spam operation run
> > by Alan Ralsky.
>
> Damn. I was using Spamhaus specifically because they only listed
> people who were known to originate spam (either because they were
> zombies (XBL) or spam sources (SBL)). Either I was wrong, or they've
> changed their policy to list groups punitively.

I don't see that as a punitive listing. The IP is known to be under 
control of Alan Ralsky. If he or Ruslan Ibragimov or any other known, 
unrepentant spammer was to sit at his computer and type a personal 
message just to me, I would see nothing wrong with blocking it.

I wouldn't want to deal with him in any form except in what I might be 
able to do to remove his access to the Internet. It's that Boulder 
Pledge sort of thing.

I am sorry, I know I sound like an obnoxious zealot. Those who get down 
in the trenches of the spam war you tend to get that way. Spammers have 
that certain quality about them that triggers reverse peristalsis in 
me. They seem to lack most normal thought processes, and perhaps ALL 
ethical thought processes.

Incidentally, I do not block or inhibit any of the many free Webmail 
services. Any ROKSO perpetrator could use one of those and contact me.

> So, I'm back to the drawing board. Does anyone know of a DNSBL that
> ONLY lists IPs that are known to be actively originating bulk UCE? I
> really do want to be able to get legitimate mail, even if it's from
> an email list retailer, spam software vendor, spammer's home system,

Here's where we apparently won't agree. Yes, it is true, at least in 
theory, that a spammer might occasionally have something useful to 
offer to me or to some other life form. I simply do not accept that 
they have the right to access MY mail server unless / until they are 
proven to be out of the spam business.

If you've taken the time to read the Spamhaus site, and of course  
anyone who would trust them to block mail should definitely do so, 
you'll see that this is their approach. Perpetrators are not listed in 
SBL / ROKSO until the *3rd* ejection from an ISP.

(Apparently you have done this ... to be explicit, I am speaking in 
indefinite terms above.)

In the case of MCI this approach is now a bit problematic, because MCI 
won't eject them. Spammers know where to find bullet-proof hosting. 
They're leaving (being kicked out of) China and going to MCI.

    Amazingly, in 2003 we had kicked Send-safe.com off 4 Chinese 
    "bullet-proof hosts" before they found safe haven at MCI in the
    US. MCI makes even the worst Chinese network look clean.
        -Steve Linford, Spamhaus.org, 2005/02/15

> a child molester, delinquent dad, or someone who speaks out against
> the government.

I agree that some of the RBL's I've seen do go overboard. AHBL, the  
late monkeys.com, RFC-ignorant, five-ten-sg, JammDNS, UCEProtect, and 
of course SPEWS. (I am SPEWS[1], BTW.) Oh, and the worst I think I came 
across was Blars. But I disagree that it's wrong to prohibit direct 
access to email from known spam gangs.

Back to the Boulder Pledge: economic damage is really the only way 
possible to stop spam. It has to begin to cost them more than they get 
from it. With the cooperation of the providers on that Top Ten list, 
it's really possible. Make and enforce punitive TOS. If someone spams 
they're contractually bound to pay a huge fine. Shut 'em down and 
collect.

What this whole Cerf thing comes down to is that we are trying to apply 
some pressure on MCI. I agree, it feels like we're unfairly singling 
out Cerf, and I'm certain Vint is the kind of geek I would really like 
to meet.

We discussed this on SPAM-L, too. It FEELS kind of mean, but it really 
is justified. Everyone on Earth has ethical obligations. Cerf is in a 
position where he could do some real damage to spammers. He's not doing 
it, and in fact, making lame excuses as to why not.

I am hoping that this kind of ethical pressure on Cerf and MCI will do 
some good. It might not. We'll see.

> I just want to shut off the pipe when people 
> demonstrate that they are willing to treat their pipe as a firehose.

That's YOUR pipe, not theirs. Send Safe steals the pipe from Windows 
machines, and their ISP's, everywhere, and then YOUR pipe.

ROKSO members have demonstrated this. If you know of a single listing 
which is in error in some way, Spamhaus will remove or revise it. And 
this gets us back to our fundamental disagreement about query=SBL24036. 
In my mind it's perfectly valid.

> I'm so tired of the punitive responses of listing those "providing
> service", "advertized by spam", netblocks with innocent users,
> netblocks which are "not valid mail sources" according to whatever

I feel guilty about blocking dynamic IP space, but unfortunately it's 
very effective, what with so much spew coming from zombies. Thanks to 
Send Safe et al!

> criteria, etc. I just want a clean, well-maintained, timely list of
> IPs that have connected to SMTP ports and delivered spam. I'll even
> pay for it!

It's a huge job. Conscientious RBL's like Spamhaus, Spamcop, SORBS and 
NJABL are doing the best they can. But there WILL be collateral damage 
from all this unless / until the economics kick in.



[1] Sedentary Person Emailing While Sipping.
-- 
    Rob - /dev/rob0



More information about the linux-elitists mailing list