On Tue, 7 Jun 2005, Alan DeKok wrote:
Dean Anderson <dean(_at_)av8(_dot_)com> wrote:
Its not credible to claim that a 10Mbs ethernet connection would be
saturated with email (as you reported)
My machine has never had had a 10Mbs connection to the net.
Your attempts at being coy are rather unbecoming. Please be honest. You
rported on freeradius that your machine used to have colo'd ethernet
connection. You reported on freeradius that your colo ISP asked you to
find service elsewhere because of your spam volume was saturating the
ethernet. [BTW, that alone should tell you that it isn't "normal" spam
volume]
to a one-person domain, and that this volume not be abuse.
You're assuming that the people buying the "100 million email" spam
CD's know it's a one-person domain.
The addresses have to find their way onto such cd's. If you start getting
mail like you have a million subscribers, then probably something is
wrong, because that doesn't usually happen. The cd creators would seem to
have no interest in putting fake addresses on the CD. [They would plainly
have interest in harvesting addresses, but that doesn't usually result in
thousands or millions of fake recipient addresses to a one person domain]
So either someone must have somehow fooled them into thinking you have
millions of subscribers, or perhaps _they_ have something against you.
But you (and your "experts") are the _only_ case of a one-person domain
that I've ever heard of, that gets this much email and subsequently argues
that it was somehow "normal".
What I _suspect_ is that one of the following is the truth:
you were either playing with harvesting, and got burned,
or someone else was playing with harvesting to burn you,
or someone used a list of open relays or proxies to mailbomb you.
What I _know_ [from your posted statistics and reported info] is that it
was not an ordinary sort of spam load, as you (and your "experts") have
claimed. And I _know_ that some of your "experts" were either involved
with, or at least supportive of those who abused open relays.
Further, as I recall, it stopped eventually, and was intermittent.
I think your position is based on something called "willful exaggeration"
<grins> You haven't seen the data, so I must be exaggerating.
I have some of the statistics, so yes. it is quite possible to draw
conclusions without the raw data. [that is why they call it data
reduction] Unless, of course, you lied in the statistics you reported.
But if you want to send me the raw data, I'll still take a look... You
shared it with others, and it is all yours, so its up to you.
This isn't the first time for such a statisical surprise. Operators have
previously been surprised before what can be inferred with indirect,
remote telemetry and statistics. The distance to a star, for example.
And no one has ever seen an atom, either. All surprises.
Indeed, A certain network operator I know (Nathan Mehl) is _still_ stunned
about an incident that happened way back in _1994_, where I determined his
news server was overloaded by looking at the times on packets. He had
first denied it was overloaded, and blamed the problem on our connection.
He was quite stunned when I showed him statistics on the connection and
timings on the news packets that indicated his server was overloaded. Only
then did he finally admit that it was overloaded. And others were also
complaining about their servers being overloaded. The problem was solved
by adding additional new server. [though he leaves that final admission
out of his recent retellings, I have most of the email from 1994, as well
as the load statistics. Tapes of home directories are indeed wonderful
devices, and properly stored, hold data for a long time.
[BTW this will go up on www.iadl.org sometime as an example of selective
memory vs defamation: Nathan Mehl was the engineer at BBN Planet. I think
it will go under the section on Chris Neill, it compares and contrasts
with Chris: Nathan can be somewhat forgiven for misremembering facts from
1994 many years later. In contrast, Chris was reporting right after the
event. But neither admits being wrong. [anti-spammers never admit being
wrong even conducting abuse like mailbombing] To summarize: Chris Neill
was a abuse admin with Verio who abused our relays from his desktop. He
was finally fired for this. He wasn't the only abuse admin fired for
abuse, but so far as I know, he is the only one who posted a diatribe
describing what happened to a public mailing list. But like many, rather
than accept responsibility for doing a "bad thing", he blames others (me)
for reporting his abuse. They never "remember" being wrong. And indeed,
no anti-spammer has ever rebuked him for his abuse. Most are sympathetic:
Abuse is OK, so long as its "for the cause". Anti-spammer generated junk
mail is euphemistically called "mailbombing"]
I know some of the "experts" that looked at your abuse, and they have been
known previously to be anti-spam zealots, one of which is known to
conducted (or supported) abuse of our relays.
I've never made that list public, and to the best of my knowledge,
neither have they.
I'm sure I don't have the _entire_ list. But Chris Parker of
Starnet/Megapop and company seem to be among the ones who said I was wrong
on freeradius. Our relays were subsequently abused by hundreds of IPs
from Starnet, and when I complained, Parker indicated that he would not
act on our complaints because he didn't consider open relay abuse to be
abuse. [which is actually consistent with what he told you about your
incident] It shows their support for abuse. I think we had to block port
25 from all of starnet's blocks. [And in 2003, when the open relay
blacklists shutdown, open relay abuse also stopped. It restarted in March
of this, but very, very lamely.]
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000