[linux-elitists] Spam spam spam spam

Karsten M. Self kmself@ix.netcom.com
Sat Feb 19 22:42:17 PST 2005


on Sat, Feb 19, 2005 at 11:29:12PM -0500, Aaron Sherman (ajs@ajs.com) wrote:
> On Sat, 2005-02-19 at 08:40 -0800, Karsten M. Self wrote:
> > on Sat, Feb 19, 2005 at 09:35:31AM -0500, Aaron Sherman (ajs@ajs.com) wrote:
> 
> > > Please stop dismissing what I say without responding to it in any way.
> > > You're flaming here, but I don't see any comprehension on your side
> > > either. Are you just trolling for my ire? If so, I suppose I've fallen
> > > for it. Congrats.
> 
> > OK, I'll try taking it down a couple of notches....
> 
> Thanks. I'll make the same attempt.

Appreciated....
 
> > I suppose if you've got legitimate, non-spam email traffic you plan to
> > transact with M. Ibragimov, this could be a problem.  Do you _really_
> > need to assure yourself the ability to email the Send-Safes of the
> > world?
> 
> It's not that. My concern is that they are taking punitive action --
> essentially setting themselves up as a court. 

I don't see punative action.  I see a policy:  "we list IP space
allocated to known spam gangs".  Including, with limits to egregious
cases, vendors of spamming software and services.  I'll note that
qmail's popular in the ejunk crowd, but don't believe djb's listed by
SH.  While it's a tool that can be turned, qmail (or other MTAs, or
GNU/Linux or BSD OSs) isn't specifically targeted at spam activities.
It just happens to be somewhat suited and popular at same.

> What I had thought they were doing was providing information on the
> origins of spam, not attempting to block the mail services of those
> who are involved with spamming. As you point out later: bad sysadmin.
> I should have read more carefully.

Right.
 
> I'm an anti-blacklist advocate who finally gave up and admitted that I
> needed one. I chose one because it didn't list large netblocks for
> political reasons, and I was wrong. Doh.

Not politics.  Past actions.

As for DNSBLs:  you *do* have to be careful in selecting 'em, and you
*do* have to be careful in monitoring what specifically they block.  One
aspect of my own spam LARTing script is DNSBL checks against a number of
lists.  Not for blocking actions, but to see which if any of the DNSBLs
does a decent job of picking up spam.  Note that I'm not testing false
positives.

Quick stats based on 2005 results ('X' indicates hits, blank indicates
no hit).  SpamHaus and SpamCop catch the most spam (about half).  SPEWS
actually does considerably less.  11,139 is the total spams reported.
In the past I've looked at multi-factor matches, which tend to be pretty
good (e.g.:  spam will trigger at least *one* check ~90%+ of the time).

FYI:

  Freq  DNSBL           Match ('X')
  ----- -----------     -----------
  11139 RFCI WHOIS:   
  11139 IPWHOIS:       
  11083 DSBL Multihop: 
  11074 Relays ORDB:   
  11028 RFCI BogusMX:  
  10727 Blitzed OPM:   
  10500 Dynablock BL:  
  10246 SPEWS L1:      
  10086 SPEWS L2:      
   9676 DSBL Proxy:    
   9624 RFCI WHOIS:    
   8341 RFCI P'master: 
   8191 RFCI Abuse:    
   6301 SORBS OR:      
   6164 Relays VISI:   
   6123 Composite BL:  
   5872 SpamCop:       
   5623 Spamhaus:      
   5516 Spamhaus:	X
   5267 SpamCop:	X
   5016 Composite BL:	X
   4975 Relays VISI:	X
   4838 SORBS OR:	X
   2948 RFCI Abuse:	X
   2798 RFCI P'master:	X
   1515 RFCI WHOIS:	X
   1463 DSBL Proxy:	X
   1053 SPEWS L2:	X
    893 SPEWS L1:	X
    639 Dynablock BL:	X
    412 Blitzed OPM:	X
    111 RFCI BogusMX:	X
     65 Relays ORDB:	X
     56 DSBL Multihop:	X

 
> > Linsford, as stated, runs a conservative list, necessitated by who
> > it serves.  You've apparently misunderstood its charter:
> > identifying spamhauser.
> > 
> > That said, I'd hope your empathy for the send-safe's of the world to
> > be pretty muted:
> 
> I don't empathize with most criminals, but I worry about the actions
> that we take against them. If we, the people with good intentions, erode
> the social safeguards about taking punitive action against individuals
> and organizations, then we have no one to complain to when action is
> taken against us. You know the famous quote that starts, "first they
> came for the communists..."

Yeah, it's in my sigfile.

When I start feeling that spammers are a group whose rights are being
unjustly trammeled, as opposed to a group who's unjustly trammeling
others rights and resources, I'll give it some thought.  I don't see
that day arriving anytime soon.  I *do* see spam and other forms of
network abuse ruining a highly useful medium, *and* one of the few
effective goads to those running the nets being external sanction
(Karsten's principle of network hygiene).

 
> >    Memo to the list:  if you're going to use a DNSBL, *know its listing
> >    policy*.
> 
> Yeah.... and once again, doh.
> 
> > Cerf is a senior officer of the company.  You're suggesting he take the
> > Kenny Boy Lay defense?  "I had no idea what was going on?"
> 
> Not at all. I don't advocate or condone blackmailing -- by threat of
> public nuisance -- ANY executive of ANY company. I also think Cerf has
> earned a bit of extra slack, but that's beside the point.
> 
> > > This [going after MCI via Cerf via ACM] is terrorism 
> > 
> > No, it's making a moral example, and asking someone, who really *should*
> > be deserving of respect, to take a look at himself in the mirror, and
> > decide if he's comfortable living the lie another day.
> 
> Ask any monster what they see in the mirror...
> 
> I ask you, though -- if someone did this to you, would you consider it
> anything but blackmail / terrorism? How would you react? Do you see this
> having a positive result?

There's several groups that an action such as this may affect:

  - The Vint Cerfs of the world.  Great quote from the recent
    presidential election, Bill Maher, talking to Ralph Nader:  
    "I'm giving this [picture of O.J. Simpson] to remind you that
    someone can have a lifetime of being considered a hero and then ruin
    it because of one thing." You can't ride your laurels forever.

  - The MCIs of the world:  Hiring the Vint Cerfs won't CYA.

  - The ACMs of the world:  Honoring someone with a checkered record is
    not going to be painless.

  - The rest of the world:  if you're planning on pulling a Cerf, it's
    not going to work.


If you haven't noticed:  I don't mind calling what I see.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    It is kinda awkward to have this "vote stuffing" feature.
    - Diebold Electronic Voting Machine memos.
      http://www.scoop.co.nz/mason/stories/HL0309/S00106.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20050219/9396caa0/attachment.pgp 


More information about the linux-elitists mailing list