Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?
Jeff Breidenbach wrote: > Tony's counterargument about false > positives doesn't hold water, because if a list is running afoul of > blocklists, it is pretty much screwed anyway. Help me out here please! How 'screwed'? I am not running an open relay according to testing via http://www.abuse.net/cgi-bin/relaytest. and no spam has ever emanated from my SMTP server (212.47.80.97 if anyone wants to try their luck). If I am on a blocklist currently that could explain why mail-archive no longer archives my list msgs sent to it. I know I'm not on Spamcop, have checked. Which others do you use? The first and worst example was orbz.gst-group.co.uk and malicious - an aggrieved ex-employee of my ISP, cix.co.uk, set up a blocklist and proceeded to add their entire IP block to it. But Orbz shut down Dec 2001. Regards Tony Sleep - http://www.halftone.co.uk ___ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?
Tony Sleep wrote: Jeff Breidenbach wrote: Tony's counterargument about false positives doesn't hold water, because if a list is running afoul of blocklists, it is pretty much screwed anyway. Help me out here please! How 'screwed'? I am not running an open relay according to testing via http://www.abuse.net/cgi-bin/relaytest. and no spam has ever emanated from my SMTP server (212.47.80.97 if anyone wants to try their luck). $ whois [EMAIL PROTECTED] says inetnum: 212.47.80.0 - 212.47.80.254 netname: CONSTELLATION-ASDL-WAN descr:ASDL WAN Addresses descr:Alcom Internetix ASDL Access Range country: GB I suppose somebody might be blacklisting all ADSL ranges on the theory that they're likely home PCs which are easily hacked... Maybe the answer for the moment is for mail-archive to have a little whitelist just for mail servers in your situation. - Dan ___ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?
On November 20, 2003 at 10:21, Dan Kegel wrote: > $ whois [EMAIL PROTECTED] > > says > > inetnum: 212.47.80.0 - 212.47.80.254 > netname: CONSTELLATION-ASDL-WAN > descr:ASDL WAN Addresses > descr:Alcom Internetix ASDL Access Range > country: GB > > I suppose somebody might be blacklisting all ADSL ranges > on the theory that they're likely home PCs which are easily > hacked... Which may be bad policy. I think it is fairly common for small business and groups to actually have ADSL connections to the Net, but are operating under non-home user accounts. The same may apply to cable-based connections also. ADSL and cable are very economical for ISPs and small organizations to get connected to the Net. If ISPs have policies about not running servers on personal home systems and/or restricting mail traffic to only route through their mail server, they can enforce such policies via router configurations. Instead, some ISPs tend to block traffic that only serves their best financial interests (like blocking ipsec to force people to upgrade to more expensive services). However, such configuration would not stop worm-based spam. I.e. A worm designed to send spam could easily send mail through the ISP MTA by checking the systems outbound MTA setting. Of course, such worms would get the attention of ISPs since their servers will be at risk of being blacklisted, requiring them to be more proactive at contacting customers with infected systems. --ewh ___ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
[Gossip] unsubcribe??
can anyone tel me how to unsubscribe here? - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard ___ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?
>If I am on a blocklist currently that could explain why mail-archive no >longer archives my list msgs sent to it. No, that's not it. Mail-Archive is receiving filmscanners mail, but is having some sorting problems with the filmscanner headers. I need more time to investigate, hopefully I'll have some over the next few days. I'm not ignoring you; it's just hard to deal with multiple issues at a time. Heck, one at a time is a challenge. When I said that lists are screwed anyway if they are blocklisted, it is because their mail is probably not going to reach many of their subscribers anyway. Lots of ISPs and companies are using blocklists. -Jeff ___ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?
[EMAIL PROTECTED] (Tony Sleep) writes: > Help me out here please! How 'screwed'? I am not running an open > relay according to testing via > http://www.abuse.net/cgi-bin/relaytest. and no spam has ever > emanated from my SMTP server (212.47.80.97 if anyone wants to try > their luck). That IP address is not listed in any RBL that I know of. (My Perl script for querying RBLs is available upon request.) That said, there are blocklists whose policies would permit listing you, such as dynablock.easynet.nl. I am in a ranting mood today. So, here is my Brief History of Spam. For most of the 90s, spam only originated from three sources: 1) Spam-friendly ISPs 2) Throw-away dialup accounts 3) Open mail relays All of these are fairly easy to identify. In particular, open relays are easy to test. So many blocklists appeared, whose stated purpose was to list one or both of these sorts of systems. Also, open mail relays do not really hide the source of the spam, because even the worst MTA (Exchange) adds a Received: header before relaying the mail. Some admins objected to open relay probes on the theory that they themselves are network abuse. The argument is long and irrelevant, but the upshot is that some mail server owners started blocking open relay probes while still running open relays. This angered the maintainers of some blocklists, who started listing hosts even when they passed the relay tests. This was irresponsible, but not surprising, since many blocklist owners are volunteers (i.e., immature children with an axe to grind). This behavior, among other things, gave blocklists a bad name. Now, this is where many people's knowledge of the story ends. Even today, you can still find lots of Web pages and articles and sysadmins talking about "open relays" and blocklist wars and so on. But today, essentially zero spam is sent via open relays. And dialup accounts are too slow for most spammer's purposes. Today, almost all spam originates from: 1) Spam-friendly ISPs 2) Open *proxies* For several reasons, open proxies are much more insidious than open relays. First, since they are just forwarding a raw TCP/IP connection, they add no headers to the message. So it is impossible to identify the actual originating IP address. Second, it is harder to test for an open proxy, since they can be running a variety of software and could be listening on any port. And while a blocklist operator needs to find *all* open proxies, a spammer needs to find only one. And finally... Sobig. Beginning in January of 2003, the Sobig family of Email worms (Sobig.A through Sobig.F) have converted every infected machine into a Wingate proxy. This means there are now hundreds of thousands of open proxies in the world, waiting to be abused at any spammer's pleasure. (Indeed, some security experts believe Sobig was invented by spammers.) Something like 80% of all spam today is sent via open proxies. Most of these open proxies are running on an unsuspecting user's dialup, DSL, or cable modem connection. Testing all of them is essentially impossible, although some blocklists (e.g., list.dsbl.org) are still trying. But practically speaking, there is no way to tell the difference between an infected machine and an uninfected one. The solution? Block all cable/DSL/dialup address ranges. (This is what dialups.easynet.nl is for.) Done. Why does this work? Because cable/DSL/dialup providers all tell their customers to use "mail.isp.net" or somesuch as their outbound SMTP server. So mail from those customers never comes directly from the dynamic address range; it always comes from the ISP's mail hub. So blocking the dynamic range does not affect ordinary users' mail. ...which brings us back to you, Tony. Presumably, your DSL provider has a mail hub which you are authorized to use. Why not configure your MTA to relay all mail via that hub, and rely on the ISP to keep that hub out of the blocklists? - Pat ___ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?
>Out of curiosity, how much do pay to use [*.mail-abuse.org]? >And how well do they work? In theory, I don't have to pay anything because Mail-Archive is a hobby project. [1] In practice, I don't pay anything because I never noticed when MAPS went commercial 2.5 years ago and cut off my service. I only noticed this the other day, and was a little too embarassed to bring it up. [1] http://mail-abuse.org/feestructure.html ___ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
Re: [Gossip] Re: oodles of spam lists at Mail-Archive.com?
Jeff Breidenbach <[EMAIL PROTECTED]> writes: > It more or less matches Marc Merlin's setup for SourceForge > discussed here: > > http://www.mail-archive.com/mailman-users%40python.org/msg01672.html So you are using the *.mail-abuse.org lists? Out of curiosity, how much do pay to use them? And how well do they work? > Adding the spl.spamhaus.org "sbl.spamhaus.org" It is easily the most responsibly run (free) blacklist. - Pat ___ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
