[linux-elitists] Spam spam spam spam

Karsten M. Self kmself@ix.netcom.com
Fri Feb 18 21:02:36 PST 2005 

on Fri, Feb 18, 2005 at 10:51:52PM -0500, Aaron Sherman (ajs@ajs.com) wrote:
> On Fri, 2005-02-18 at 22:26, Karsten M. Self wrote:
> 
> > > Damn. I was using Spamhaus specifically because they only listed people
> > > who were known to originate spam (either because they were zombies (XBL)
> > > or spam sources (SBL)). Either I was wrong, or they've changed their
> > > policy to list groups punitively.
> > 
> > I believe you're misunderstanding how Spamhaus works.
> 
> No, I'm really not. At least not now. I may have misinterpreted their
> information BEFORE, or they may have changed. That's hard to tell.
> 
> > The SBL itself *is* just known spam-source IPs.  SpamCop's DNSBL is
> > similar.
> > 
> > However, in addition to this, Spamhaus provides *aggregate* level
> > information on ISPs and KSOs, to provide useful information to those
> > trying to address spam at a higher level.
> 
> If you're saying that the SBL is a combination of some internal data and
> some external data, fine.... but it's still useless because they provide
> no way (same resolved IP for both types of data) to differentiate.
> 
> If you are saying that this aggregate data is not in the SBL directly,
> then either you're wrong, or their Web site is. Let me use Spamhaus's
> own words (emphasis mine):
> 
>         http://www.spamhaus.org/sbl/sbl-rationale.html
>         
>         Listing Criteria
>         
>         The criteria for listing IPs **in the SBL** is:
>         
> Spam Sources
>    Spammers sending bulk email verified to be unsolicited (spam)
>    directly from static IPs under the spammer's control.
>
> Spam Gangs
>    Spam gangs listed in ROKSO - including preemptively listing new
>    netblocks each time known spammers move to new hosts.
>
> Spam Services
>     Spammers' mail servers, web servers, DNS and other servers used in
>     spamming.
>
> Spam Support Services
>     Services providing 'bullet-proof' hosting for spam service
>     purposes, **serving 'spamware' sites**, or **knowingly providing
>     services for spam service purposes**.
> 
> That is, you get listed in the SBL, even if you've never sent out spam,
> because you provide support services or sell software related to spam.

Aaron: *please* stop posting bullshit here until you've found your
comprehension bit or do a *modicum* of research and/or testing.

SBL's definition of spammer and spam (support) services does *not*
extend to an entire ISP of the scale of MCI, regarless of how many
subnets of MCI _are_ actively engaged in spamming.  You're spewing FUD
worse than Microsoft prior to LinuxWorld....


I think you'll find that the listed space for MCI in the SBL is the 192
*justified* and *validated* entries under the MCI 'lasso' entry:

    http://www.spamhaus.org/sbl/listings.lasso?isp=mci.com

Those are CIDR specs, and you'll find that the largest subnet is a /19.
8192 IPs is by no means the bulk of MCI's allocation.  The largest class
is /32s (single IP).  The total is 50,849 listed IPs, or an average of
245 per listing.

    Count CIDR   IPs
    ----- ---- ------
        1   19   8192
        3   20   4096
        1   21   2048
        6   22   1024
       16   23    512
       38   24    256
       14   25    128
       21   26     64
       25   27     32
       13   28     16
        8   29      8
        1   30      4
       45   32      1
    ===== ==== ======
      192       50849
    ----- ---- ------


> Hell, by that logic, they could list staples.com after sending them a
> "you sell office supplies to the following spammers" letter.

One industrial-strength clue shipped, expedited freight.  *Please* do us
all a favor and accept delivery.

 
> I'm looking to block spam coming to my doorstep, not tie a yellow ribbon
> around my and my customers' MTAs.
> 
> > Suggest you read Spamhaus's specs _with_ comprehension.
> 
> Turns out I have... finally. 

Nope.



Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Google is a blind user.  A billionaire blind user with tens of millions of
    friends, all of whom hang on his every word.
    - Karsten M. Self
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20050218/0b5d6644/attachment.pgp

More information about the linux-elitists mailing list