ietf
[Top] [All Lists]

Re: Careful with those spamtools.....

2003-09-14 20:40:35
On Mon, 15 Sep 2003, Dr. Jeffrey Race wrote:

A few comments (interleaved) to clarify the record :)

On Sun, 14 Sep 2003 19:14:14 -0400 (EDT), Dean Anderson wrote:
Indeed.  These open relay blacklist sites were always a highly
questionable source for mail filtering.  Quite obviously, open relays have
no relationship to spam, so using an open relay blacklist is going to
block a lot of non-spam email.

==> That is the only way to get the attention of overworked (or
     incompetent) admins.

No, it isn't. And it is an illegal method, because you (if you are an
ISP), probably don't have permission to block non-spam mail.  Blocking
communications without permission is a (US) federal felony, which also has
a civil action, in which the intent requirement is reduced from
"intentional" to "knowing".

It obviously isn't necessary, as you point out:

In one case I had to contact (personally)
     Ziggy Switkowski, the chairman of Telstra, to get his firm to
     crack down on misuse of his network.  That solved the immediate
     problem (and that's what it took because the admins didn't do a
     thing except send auto-ignore messages), yet three years later Telstra
     is still a menace to the Internet.  See today's article

 
<http://www.zdnet.com.au/newstech/security/story/0,2000048600,20278508,00.htm>

SORBS is a very obscure list, that is little used. At present, I know of
only 2 people ever to use it:  Paul Vixie, and one other person who
stopped after I called them to explain what sort of list they are. That
looked into reasons, and stopped using SORBS.

SORBS is blacklisting our entire IP address space because they claim it
has been hijacked. It hasn't. SORBS has been told this.  Sullivan is a
crackpot.  Fortunately, not a widely used crackpot.  So, it seems highly
unlikely that very many real spammers would have any complaints about
them.  It hasn't caused us any mail problems. But they sent some
defamatory letters to The Open Group.

Last year, I was attacked by 2500+ machines, apparently under control of
radical antispammers, hoping to "teach me a lesson".  Vixie says he is in
touch with script kiddies, and that they are anti-spam. He says "they
rarely are spam abusers".  Given the large numbers of viruses that send
spam, it seems this isn't so rare.

On Sat, 13 Sep 2003, Harald Tveit Alvestrand wrote:
I followed some links today, and discovered to my horror that one of the
spamtools I'd been using had been throwing away some valid messages -
including some from this very list.

It turned out that OSIRUSOFT had gone belly-up,


==>Reportedly they had to cease operations because of DDOS attack. They
   must have been doing something right, and they deserve a cheer for
   that.   However they could indeed have shut down more gracefully. Boo.

I don't know for sure, but I think Osirusoft was also going to be sued. I
recently helped a company with information on how to sue them.  I don't
think DOS was the only reason to shutdown. Many such lists have shutdown
over the years: (and not because they were doing something right)

  ORBS.ORG  shutdown for fraud in NZ
  IMRSS.ORG booted by ISP
  Openrelaywatch.org booted by ISP
  ORBL.ORG booted by ISP
  ORDB.ORG was booted from UUnet service, and moved to a hacker
           friendly ISP in Denmark.
  ORBZ.ORG after crashing mailservers (investigation started for
criminal complaint), the promised to shutdown and stop scanning. The city
said that shutdown was unnecessary. But unknown to city officials,
ORBZ.ORG operator registered DSBL.ORG with phony Brazilian address. After
the city dropped the investigation, ORBZ continued, with DSBL.ORG.

Anyway, DDOS tends not to last too long before the attackers are found.

Also, Anti-spam sites tend to DOS other antispam sites. Certainly they
tend to blacklist each other quite a lot.

                --Dean

DSBL.ORG as it was in July, 2002


Registrant:
   Linux MM, c/o Conectiva Inc.
   R. Tocantins 89
   Cristo Rei
   80050430, Curitiba PR
   BR

   Registrar: Dotster (http://www.dotster.com)
   Domain Name: DSBL.ORG
      Created on: 22-MAR-02
      Expires on: 22-MAR-07
      Last Updated on: 22-MAR-02

   Administrative Contact:
      van Riel, Rik  riel(_at_)conectiva(_dot_)com(_dot_)br
      Linux MM, c/o Conectiva Inc.
      R. Tocantins 89
      Cristo Rei
      80050430, Curitiba  PR
      BR
      +55 41 360 2600

   Technical Contact:
      van Riel, Rik  riel(_at_)conectiva(_dot_)com(_dot_)br
      Linux MM, c/o Conectiva Inc.
      R. Tocantins 89
      Cristo Rei
      80050430, Curitiba  PR
      BR
      +55 41 360 2600


   Domain servers in listed order:
      C.NS.PENGUINHOSTING.NET
      A.NS.PENGUINHOSTING.NET
      B.NS.PENGUINHOSTING.NET


DSBL.ORG as it today:


Registrant:
   Rik van Riel
   3 Lan Drive
   suite 100
   Westford, MA 01886
   US

   Registrar: DOTSTER
   Domain Name: DSBL.ORG
      Created on: 22-MAR-02
      Expires on: 22-MAR-07
      Last Updated on: 15-AUG-03

   Administrative, Technical Contact:
      van Riel, Rik  riel(_at_)surriel(_dot_)com
      3 Lan Drive
      Suite 100
      Westford, MA  01886
      US
      +1 (978) 692 3113


   Domain servers in listed order:
      C.NS.PENGUINHOSTING.NET
      A.NS.PENGUINHOSTING.NET
      B.NS.PENGUINHOSTING.NET







<Prev in Thread] Current Thread [Next in Thread>