[linux-elitists] Spam spam spam spam
Karsten M. Self
Fri Feb 18 21:02:36 PST 2005
on Fri, Feb 18, 2005 at 10:51:52PM -0500, Aaron Sherman (firstname.lastname@example.org) wrote:
> On Fri, 2005-02-18 at 22:26, Karsten M. Self wrote:
> > > Damn. I was using Spamhaus specifically because they only listed people
> > > who were known to originate spam (either because they were zombies (XBL)
> > > or spam sources (SBL)). Either I was wrong, or they've changed their
> > > policy to list groups punitively.
> > I believe you're misunderstanding how Spamhaus works.
> No, I'm really not. At least not now. I may have misinterpreted their
> information BEFORE, or they may have changed. That's hard to tell.
> > The SBL itself *is* just known spam-source IPs. SpamCop's DNSBL is
> > similar.
> > However, in addition to this, Spamhaus provides *aggregate* level
> > information on ISPs and KSOs, to provide useful information to those
> > trying to address spam at a higher level.
> If you're saying that the SBL is a combination of some internal data and
> some external data, fine.... but it's still useless because they provide
> no way (same resolved IP for both types of data) to differentiate.
> If you are saying that this aggregate data is not in the SBL directly,
> then either you're wrong, or their Web site is. Let me use Spamhaus's
> own words (emphasis mine):
> Listing Criteria
> The criteria for listing IPs **in the SBL** is:
> Spam Sources
> Spammers sending bulk email verified to be unsolicited (spam)
> directly from static IPs under the spammer's control.
> Spam Gangs
> Spam gangs listed in ROKSO - including preemptively listing new
> netblocks each time known spammers move to new hosts.
> Spam Services
> Spammers' mail servers, web servers, DNS and other servers used in
> Spam Support Services
> Services providing 'bullet-proof' hosting for spam service
> purposes, **serving 'spamware' sites**, or **knowingly providing
> services for spam service purposes**.
> That is, you get listed in the SBL, even if you've never sent out spam,
> because you provide support services or sell software related to spam.
Aaron: *please* stop posting bullshit here until you've found your
comprehension bit or do a *modicum* of research and/or testing.
SBL's definition of spammer and spam (support) services does *not*
extend to an entire ISP of the scale of MCI, regarless of how many
subnets of MCI _are_ actively engaged in spamming. You're spewing FUD
worse than Microsoft prior to LinuxWorld....
I think you'll find that the listed space for MCI in the SBL is the 192
*justified* and *validated* entries under the MCI 'lasso' entry:
Those are CIDR specs, and you'll find that the largest subnet is a /19.
8192 IPs is by no means the bulk of MCI's allocation. The largest class
is /32s (single IP). The total is 50,849 listed IPs, or an average of
245 per listing.
Count CIDR IPs
----- ---- ------
1 19 8192
3 20 4096
1 21 2048
6 22 1024
16 23 512
38 24 256
14 25 128
21 26 64
25 27 32
13 28 16
8 29 8
1 30 4
45 32 1
===== ==== ======
----- ---- ------
> Hell, by that logic, they could list staples.com after sending them a
> "you sell office supplies to the following spammers" letter.
One industrial-strength clue shipped, expedited freight. *Please* do us
all a favor and accept delivery.
> I'm looking to block spam coming to my doorstep, not tie a yellow ribbon
> around my and my customers' MTAs.
> > Suggest you read Spamhaus's specs _with_ comprehension.
> Turns out I have... finally.
Karsten M. Self <email@example.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Google is a blind user. A billionaire blind user with tens of millions of
friends, all of whom hang on his every word.
- Karsten M. Self
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20050218/0b5d6644/attachment.pgp
More information about the linux-elitists