[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Message for Alex



PureBytes Links

Trading Reference Links

Bob wrote:
(regarding blacklists)

>I had the same thing happen to me when we were emailing last
>week. I did exactly what you say above and redailed, and the second
>try sending to you seemed to go through (and I never mentioned to
>you I had the problem with the first try). So, it seems you are
>exactly correct that at some point someone else on my ISP must have
>hit a spam filter and then I randomly got the same IP address on a
>dial up line.

Lucky it was only that one IP address.  Many blocking lists just block
the entire range of IP addresses in the dial-up pool, but usually such a
wide block is only for SMTP connections (meaning you aren't sending
through your ISP's mail server, but directly from your own computer
which is acting as its own mail server -- which is usually against the
terms of service of any dial-up ISP).

>When this happened I looked at the www.dnsbl.sorbs.net site. It says if you 
>get on their blacklist you have to pay them to get off.

Actually that's a good idea, if you understand how an IP address
gets on sorbs to begin with.  I've spoken with the list operator by
email off and on; I think he's doing the right thing.  Time isn't
free.  He has every right to expect compensation for dealing with an
IP address that has hard evidence of spamming him in the past.  I
know I would.

>It seems (from a very quick read) they give the spam filter
>software away for free, then if their spam software catches you in
>their net, you (or your ISP as the case may be) have to bribe them
>to get off the blacklist.

Yes.  If I maintained such a list, it's mine to operate as I please.
I would use my list to protect my own network, as is my right.  If
someone listed wants access to my network, and their network has a
history of spamming, I would ask compensation to take the time to
remove them from the list.  This is what sorbs.net does.  The fact
that other ISPs also choose to use their list is a sign of their
trust in sorbs; if sorbs' list results in too many false-positives,
then it will not be used by anyone but sorbs.

>The site also said something about Americans should stop whining about 
>First Amendment rights :-). Here, these are the exact words from the site:
>
><<<<
>Note: Americans, the First Amendment does not apply outside of the USA, nor 
>should you cry for its direction....

You snipped the relevant ending to that sentence: "...as any DNS based
block lists also have the right to publish truthful information."

This is a response to spammers whining that they have a "free speech"
right to spam anyone they want, therefore they shouldn't be blocked.
The answer to that is, a list operator has the right to maintain and
publish a truthful list of addresses which have sent him spam, which is
all sorbs.net does.

>It did say that the money they make is going to a legal defense fund to 
>help stop spamming. Even so, there has to be a better approach to stop 
>spamming than this blackmail approach :-).

The best solution of all is for ISPs to quit protecting their
spammers.  All ISPs have policies that prohibits spamming.  Few
actually enforce it.  The major ones like uu.net, level3.net,
verio.net, and especially att.net, have a long-established record
of looking the other way and ignoring complaints from spam victims.
ATT has even been caught agreeing to a "pink contract" with one
customer - a contract agreeing to ignore spam complaints (pink is
the color of SPAM, the Hormel product).  This was publicized a
few years ago to the embarrassment of ATT.  They haven't changed,
they're just more protective about their contracts now.

If wholesale blocking and blackmail causes them to fail to provide
the service their customers pay for, perhaps they'll wake up.

>Seriously, now ISPs have to take complaints from their users that they are 
>randomly getting bad IP addresses on dial up lines, then the ISP needs to 
>determine which IP addresses are bad and bribe the spam filter software 
>vendor. All because one of their customers sent an email with a word in the 
>title that this spam filter doesn't like.

There are four misconceptions in that paragraph:

1.  ISPs *should* have to take complaints from their users if the
ISP's spamming customers are making life miserable for legitimate
users.

2.  ISPs *should* be aware of blocking lists and work with the list
operators to stay off the lists.  Blocking lists are a reality,
unfortunately, and will be as long as ISPs are lax in enforcement.

3.  If an ISP objects to being on a particular list, and the list
owner wants payment, well, that's the way it goes; the ISP doesn't
own the list, after all.  AND (most important) the list operator
does not do the blocking.  Those who subscribe to the list do
the blocking to protect their own networks.  An alternative to
negotiating with a list operator is to negotiate with those other
ISPs who use the list to block traffic.

4.  The widely-used blocking lists don't use content-based spam
filters that look for suspicious words.  They generally use
spamtraps.  This is what happened to Ian.  One of Sorbs.net's
spamtraps was hit from an IP address that was later assigned to Ian.
There is no question that it was spam, because it was received by a
spamtrap.  Spamtraps are special addresses seeded in hidden parts on
web pages for spiders to harvest.  These addresses are not mailboxes
read by any human being, they serve as triggers for blacklisting
originating IP addresses.  The only way that they can receive mail
is for them to be harvested by a spammer.  ANY mail received by
these spamtraps will therefore be spam.  The content doesn't matter.

Spamtraps are usually secret, so that they cannot be abused.  I
have some of my own.  One such address on sorbs.net is public: if
you send mail to listme@xxxxxxxxx you will be listed automatically.
Same is true for blockme@xxxxxxxxxxxxxxxxxxxxx  These are useful
-- I use them to submit to a spammer's "unsubscribe" web page.
Anything on an unsubscribe list should never be spammed, but
spammers are notorious for selling these addresses as live
and deliverable, so it's a good way to get spammers blocked
pre-emptively.

-Alex