Mailing List SIMS@mail.stalker.com Message #10824
From: Bill Cole <listbill@scconsult.com>
Subject: Re: Spews/Osirusoft buttheads
Date: Wed, 8 May 2002 00:26:01 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
At 10:55 AM -0600 5/7/02, LuKreme  imposed structure on a stream of electrons, yielding:
Spews/Osirusoft have blacklisted my secure SIMS server because some
fuckwit on another system advertised a website on my ISP's network.
Idiots blacklisted every IP address on the ISP despite the fact that the
ISP is secured from Spam and had NOTHING to do with sending the spam.
|--------------------
1, 24.244.140.85, www.securetags.com
1, 24.244.140.0/25, www.securetags.com (Maxil)
1, 198.31.27.5, mail.securetags.com / nppn.net
1, 198.31.27.6, securetags.com / nppn.net
1, 198.31.27.0/28, securetags.com / nppn.net (interfold.net)
1, 198.31.27.0/24, securetags.com / nppn.net (interfold.net)
1, 66.106.186.131, securetags.com / nppn.net / NS2.ESN.BZ
1, 66.106.186.128/25, securetags.com / nppn.net / NS2.ESN.BZ (ALGX)
1, 207.174.31.4, securetags.com / nppn.net
1, 207.174.31.0/24, securetags.com / nppn.net (CHISP.NET)
---------------------|

Spamming via hi-jacked Formmail scripts.


Notice that my server's IP (207.164.31.23) is not listed in their "proof"

That IP is also not in SPEWS. Or any other list that I can see. I assume you mean 207.174.31.23?

It looks like the connection is that chisp.net is doing DNS for the spammers, who are sending spam by way of hijacked systems, both Formmail scripts and open proxies.

I happen to think that anyone who uses SPEWS is making a statement that they don't really care about getting mail. However, the statement that SPEWS is making with that listing is simple  and apparently true: the listed network is being run by people who provide services to spammers on it.

I am of the opinion that blocking mail for that reason is absurd in 2002, because way too few people took that approach in 1996 for it to be workable today. The spammer-tolerant network operators control most of 0.0.0.0/0 and an operation like SPEWS can at best only list some tiny slice of them, and would be pointless if it listed them all.

I am, needless to say, pretty fucking pissed off, especially since the
original spam mail has NOTHING to do with my ISP.

That's not the point of SPEWS. It's not the RBL, it's not an objective criteria list like RSS, RSL, or DUL, it's a subjective list of networks (NOT individual addresses) where spammers receive services. It is not a list that should be used by anyone who really wants to get any mail, because in reality it would be possible to fit just about any network of /24 scale or larger into their apparent standards. This is why I urge people who use the relays.osirusoft.com DNSBL to ignore the 127.0.0.4  (SPEWS) entries.

So, whom do I sue?

First, you'd need subpoenas for information about who exactly SPEWS is. Osirusoft is just aggregating the SPEWS data, not maintaining it. Joe Jared at Osirusoft might know who is behind SPEWS, but he might not. The people doing the SPEWS hosting and DNS might know as well.

It's bullshit like this that killed ORBS

No, the BS that killed ORBS was that Alan Brown listed addresses as tested-open  relays which were in fact NOT open relays, had passed tests repeatedly by him and others, and just happened to belong to his former upstream ISP's who he owed a significant amount of money for services rendered. Alan Brown is a deadbeat who used ORBS for his personal extortion needs, not just someone who believed in secondary and tertiary boycotts.

 and it
osirusoft is pulling this crap

Osirusoft is not SPEWS.

then I will willingly and gladly beat them
senseless with the full weight and fury of the US Courts.  Any idiot could
get anyone they wanted blacklisted using this method.  How about a spam
mailing advertising osirusoft?  Would be funny ot see them on their own
blacklists.

There is really no question about whether the nppn.net folks are behind the spam. They are not exactly newcomers. There is no question that they are receiving services (DNS, specifically) from your ISP. that is the sort of thing that SPEWS will base a listing on, and they are very open about it.

As I see it, you will be wasting your time with a lawyer. As annoying as it may be, the real damage is likely very small because no one who considers their mail worth getting uses SPEWS. I don't really know who SPEWS is beyond some rather uncertain connection to an older anonymous entity. I don't know anyone that I would bet on knowing who runs the list, except for knowing that connection. You would have a hell of a time finding the John Doe in this case, it might be someone outside of the US, and there's not much to collect.  You are far better off chasing down whatever bounces you got to the people who rejected the mail and convincing them to either stop using SPEWS or to whitelist you.

--
Bill Cole
bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster