[linux-elitists] Spam spam spam spam

Karsten M. Self kmself@ix.netcom.com
Sat Feb 19 08:40:35 PST 2005


on Sat, Feb 19, 2005 at 09:35:31AM -0500, Aaron Sherman (ajs@ajs.com) wrote:
> On Fri, 2005-02-18 at 21:02 -0800, Karsten M. Self wrote:
> > on Fri, Feb 18, 2005 at 10:51:52PM -0500, Aaron Sherman (ajs@ajs.com) wrote:
> 
> > > Spam Support Services
> > >     Services providing 'bullet-proof' hosting for spam service
> > >     purposes, **serving 'spamware' sites**, or **knowingly providing
> > >     services for spam service purposes**.
> > > 
> > > That is, you get listed in the SBL, even if you've never sent out spam,
> > > because you provide support services or sell software related to spam.
> > 
> > Aaron: *please* stop posting bullshit here until you've found your
> > comprehension bit or do a *modicum* of research and/or testing.
> 
> Please stop dismissing what I say without responding to it in any way.
> You're flaming here, but I don't see any comprehension on your side
> either. Are you just trolling for my ire? If so, I suppose I've fallen
> for it. Congrats.

OK, I'll try taking it down a couple of notches....


First:  I was responding to a strong insinuation on your part that the
SBL was listing vast swathes of netspace on capricious definitions of
"spam support organizations".  That's what you wrote (Staples example),
and it's nowhere near the truth.


I really hope that the next question hinges on pragmatic realities and
degrees, not some absolute ideal.

The SBL includes IP space allocated to spam service organizations.  As a
small subset of listings, going through MCI's entries, I see four items,
all Send-Safe.com.  Three /32s and a /24.  For a net of 257 IPs.

I suppose if you've got legitimate, non-spam email traffic you plan to
transact with M. Ibragimov, this could be a problem.  Do you _really_
need to assure yourself the ability to email the Send-Safes of the
world?


The likelihood of it impacting on your gross business activities is
slight.  The SBL is designed to be conservative -- it lists known
Spamhuasen, hence the name.  OK, I was slightly inaccurate with my
earlier description.  However from a pragmatic PoV, and from an
effectiveness standpoint, it's pretty damned good.

And trust:  any business that _is_ attempting legit email communications
from SBL-listed space is going to be in a world of hurt already.  It's
IP space permanently burned through addition to countless private
blocklists.

 
> > SBL's definition of spammer and spam (support) services does *not*
> > extend to an entire ISP of the scale of MCI, regarless of how many
> > subnets of MCI _are_ actively engaged in spamming.  You're spewing FUD
> > worse than Microsoft prior to LinuxWorld....
> 
> I've NEVER said or implied that they did or would. 

You did.

> I simply said that they list IPs that have never issued spam because
> they are believed to be engaged in "support services". 

Fair point.  I was slightly inaccurate in my earlier statements.

I'd suggest if you've got gross concerns with this, you stop arguing
here and drop a line to Steve Linsford or query on a more spam-specific
list (spam-l comes to mind).  Linsford, as stated, runs a conservative
list, necessitated by who it serves.  You've apparently misunderstood
its charter:  identifying spamhauser.

That said, I'd hope your empathy for the send-safe's of the world to be
pretty muted:

    http://www.send-safe.com/

    Send-Safe is a bulk email software program based on a unique
    know-how sending technology. It provides real anonymous instant
    delivery - you can use your regular Internet connection because your
    IP address will never be shown in the email headers. Send-Safe
    performs email validation and displays delivery statistics in real
    time, which gives you the ability to evaluate the quality of your
    mailing lists. Send-Safe mailing software is free of charge. Our
    pricing is based on the number of emails you send over a given
    period of time. 

...and Linsford's got a good history of tracking things down and working
with ISPs.  In his business, you work on trust, it's about your only
asset.


Note his definition of spam services, it's pretty specific:

    Services providing 'bullet-proof' hosting for spam service purposes,
    serving 'spamware' sites, or knowingly providing services for spam
    service purposes.

If you've got a problem with that, by all means, find a different DNSBL.
Or do what I've been recommending for the past year:  run your own
spamminess stats by ASN/CIDR using asn.routeviews.org, and take
countermeasures based on your own experience with legit vs. illegitimate
mail loads.


> Again -- and I don't know why this is difficult -- my concern is
> stopping spam, not tying a yellow ribbon around my MTA. 

Ditto.

No reason which I should blow a few gaping holes in my defenses for the
benefit of the send-safes of the world though.

> I now use a DNSBL that lists known spam source IPs only, and I'm a
> happy camper. I have too little data as yet, but oddly enough XBL +
> this new spam-only DNSBL seems to be more effective than XBL-SBL too.

Well...

...SpamHaus, and I think someone may have said something like this
recently, identifies spamhauser.  Which means that spam originating from
locations _not_ identified with known spamhauser, won't get tagged.

   Memo to the list:  if you're going to use a DNSBL, *know its listing
   policy*.

DNSBLs are not magic bullets.  They're tools for mapping one
characteristic onto another.  With varying levels of specificity, but
other applicable usefulness.

 
 
> > > Hell, by that logic, they could list staples.com after sending them a
> > > "you sell office supplies to the following spammers" letter.

If that's *not* an implication that Spamhaus is blinding listing swaths
of IP space on capricious criteria, please elucidate.

I calls 'em like I sees 'em, Aaron.



> This whole thread began simply because someone sent out mail suggesting
> that we should use an ACM event as a PR stunt to shame Vint Cerf into
> making MCI do what WE think is right about a spammer. 

Point of fact:  MCI are hosting 192 listed _spam organizations_ per
SpamHaus, and have neither eliminated the problem nor provided evidence
that the listings are inaccurate.  The situation has persisted for
years.  There are new ROKSO entries from the past *week*.  The oldest
entries on the page are from 2002.  

Cerf is a senior officer of the company.  You're suggesting he take the
Kenny Boy Lay defense?  "I had no idea what was going on?"


> This is terrorism 

No, it's making a moral example, and asking someone, who really *should*
be deserving of respect, to take a look at himself in the mirror, and
decide if he's comfortable living the lie another day.



Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Never underestimate the importance of good grooming
    - Uncle Enzo, _Snow Crash_
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20050219/51e2c838/attachment.pgp 


More information about the linux-elitists mailing list