ietf-mxcomp
[Top] [All Lists]

Abusive blacklist

2005-01-11 08:30:39
Terry, you are using an abusive "blacklist".  SORBS, like ORBS, has no 
qualms about lying about those they don't like.

In our case, they don't like the fact that I revealed their secret spam 
support operations. (They scan for open relays and then give that 
information to abusers.)

Anyway, one can easilly see that 130.105/16 is not hijacked, nor is
198.3.136/21 hijacked.  Neither registrant is out of business.  The false
claims of hijacking came from Alan Brown (of ORBS infamy) who was found in
court to be a liar, engaging in defamation and false statements against
ISPs he didn't like, for he personal financial benefit.  Alan Brown and
Matthew Sullivan are not authoritative for the registrations and have no
authority to make any kind of statement about their registration.

People who are genuinely interested in anti-spam should shun those who use
such tools for personal attacks. (The Judge in one of the ORBS cases noted
also that Brown was using false ORBS listings as a personal attack, not
based on any genuinely held belief.)

                --Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   


---------- Forwarded message ----------
Date: Mon, 10 Jan 2005 14:44:29 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON(_at_)cirrus(_dot_)av8(_dot_)net>
To: dean(_at_)av8(_dot_)com
Subject: Returned mail: see transcript for details

The original message was received at Mon, 10 Jan 2005 14:44:18 -0500
from dakota.av8.net [130.105.19.131]

   ----- The following addresses had permanent fatal errors -----
<terry(_at_)ashtonwoodshomes(_dot_)com>
    (reason: 553 5.3.0 <terry(_at_)ashtonwoodshomes(_dot_)com>... Message from 
130.105.36.66 rejected - see http://www.dnsbl.us.sorbs.net/cgi-bin/lookup?IP= 
130.105.36.66)

   ----- Transcript of session follows -----
... while talking to mail.ashtonwoodshomes.com.:
DATA
<<< 553 5.3.0 <terry(_at_)ashtonwoodshomes(_dot_)com>... Message from 
130.105.36.66 rejected - see http://www.dnsbl.us.sorbs.net/cgi-bin/lookup?IP= 
130.105.36.66
550 5.1.1 <terry(_at_)ashtonwoodshomes(_dot_)com>... User unknown
<<< 503 5.0.0 Need RCPT (recipient)
Reporting-MTA: dns; cirrus.av8.net
Received-From-MTA: DNS; dakota.av8.net
Arrival-Date: Mon, 10 Jan 2005 14:44:18 -0500

Final-Recipient: RFC822; terry@ashtonwoodshomes.com
Action: failed
Status: 5.3.0
Remote-MTA: DNS; mail.ashtonwoodshomes.com
Diagnostic-Code: SMTP; 553 5.3.0 <terry@ashtonwoodshomes.com>... Message from 
130.105.36.66 rejected - see http://www.dnsbl.us.sorbs.net/cgi-bin/lookup?IP= 
130.105.36.66
Last-Attempt-Date: Mon, 10 Jan 2005 14:44:24 -0500
--- Begin Message ---
On Sun, 9 Jan 2005 terry(_at_)ashtonwoodshomes(_dot_)com wrote:


Agreed, but near sighted.  If the sending MTA had done some sort of 
validation to ensure the message
was not forged when it accepted it, then we wouldn't have a blowback problem. 
 You cannot blame
subsequent MTA's in the path for detecting and rejecting bad email when its 
something the first hop
MTA could (and should) have done in the first place!

And just what sort of validation would that be?

You are talking about a normal closed relay. It cannot use SPF to validate 
its own users.

His point I think is that if the virus is trying to send directly to the MTA 
it would get rejected
with no bounce back (because the virus wouldn't process a bounce).

If an MTA.1 accepted a virus message, and tried relaying it to MTA.2, when 
MTA.2 rejects it as
forged, and MTA.1 processes a bounce, well, NO SYMPATHY FOR MTA.1, it should 
have taken steps to
prevent the virus/forgery etc from being accepted by itself in the FIRST 
PLACE.

Your lack of sympathy for MTA.1 is unfortunate, but unrealistic.  Even
taking steps to prevent viruses does not catch all virues.  Even using
SMTP AUTH on a closed relay does not prevent forgery.

                --Dean


-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   



--- End Message ---
<Prev in Thread] Current Thread [Next in Thread>