Ask Slashdot: Dealing With Anti-Spam Service Extortion? 279
An anonymous reader writes "I work for a European ISP, and lately we're receiving quite a few complaints from customers about not being able to send emails because of UCEProtect's listings. After checking with their site, we found out that our whole AS (!) was blacklisted. Their 'immediate removal policy' asks for money, around 90 euros Per IP for end users and 300 euros for ISPs, and their site has bold statements like
'YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL...'
Could this be considered extortion-blackmail ? Has anyone else on Slashdot dealt with this service before?"
Contact local prosecutors (Score:2, Interesting)
In the US, I'd say what they're doing is restraint of trade. It's kinda like what Yelp does here. People list a business or service. It cost extra to remove negative reports. I avoid them.
While you may not have the resources to deal with these assholes long term, maybe the lawyer will say "litegate" or they may just say "Pay the extortion".
Or you could just find the principles involved and do an Anonymous disclosure on them. Maybe they don't want a bullseye painted on their foreheads or their cars or w
Re: (Score:2, Informative)
www.law.cornell.edu/uscode/text/47/230
They can run this service within the law. Like it or not, it's legal.
Re: (Score:2)
Flip side.... (Score:3)
I'm a receiver, I use UCEProtect to score emails, they help to block a LOT of recent and bleeding edge spam. I don't have to pay them anything for their assistance.
Re: (Score:2)
And with spam that is a real problem (Score:2)
You find that when you start turning up spam solutions to high levels, a lot of legit shit gets filtered.
I mean if all you care about is blocking spam, I can give you a 100% solution: Just block "." as in the root of all DNS. No more spam, ever. Of course it also will have a massive false positive rate, you won't get any e-mail at all.
If a spam service just takes the "Block all of the things!" attitude it really isn't that useful overall.
Re: (Score:3)
L3 is pretty much reserved for networks that have been spewing ext ream amounts of spam and failed to do anything about it 250 ish are currently listed. Often the non technical guys in charge (also known as PHB's) are willing to ignore outbound spam from paying customers as it costs them nothing and makes them money. L3 is pretty much for those companies that ignore any and all outbound spam those with abuse@ sent to /dev/null as loosing there other customers is the only way to get them to act. As to rat
Re:And with spam that is a real problem (Score:4, Insightful)
And since anti-spam blacklist maintainers are fanatics who only get more fanatical, they do tend towards blocking /0 as their endgame.
Re: (Score:2)
Rarely a FP, perhaps one a year. Like I said, I don't use them (or any RBL) to block, I do use them to aid in scoring.
Re:Flip side.... (Score:4, Insightful)
There are two kinds of false positives: The individual email kind and the netblock kind. Users care about individual email. They want to receive legitimate email even if it comes from an IP address that belongs to a spam-friendly ISP. Blacklists are more concerned with netblocks. They don't rate individual messages. They rate ISPs. The submitter is affiliated with a hosting cooperative. They're probably not openly spam friendly, but cooperatives are usually short on manpower, so their monitoring and their response times may not make them sufficiently "tough on spam" for some tastes.
If UCEProtect is run properly, then they have evidence of spam coming from that netblock, and if their listing and delisting policies are well defined and implemented, then they are well within their rights to require compensation if an ISP wants them to manually check that they've cleaned up their act and expedite delisting. If UCEProtect is much too trigger happy, then wrongfully accused ISPs should complain to the recipients' ISPs who use UCEProtect to block email and get them to remove or reduce the influence in the scoring. A rogue DNSBL has no power if nobody uses them.
Re:Flip side.... (Score:5, Insightful)
"Spam is a problem where false positives generally cost less than false negatives"
This may be true if you are a basement dwelling slashdotter but out in the real world a single false positive is one too many. Try explaining your position to a client or executive who missed a million dollar inquiry due to your overly aggressive spam filters.
Do you know how hard it is to update their DB? (Score:5, Funny)
Adding an IP address to their whitelist is no easy thing. You see, they hire only blind, deaf quadriplegics, so each octet is entered in binary through a mouth open/close morse code interface. But that's only after your request makes it through the queue to be read through tactile forehead tapping tty... Perfectly understandable that these folks detest spam, isn't it?
By some definitions.... (Score:2)
blackmail [blak-meyl]
noun
1. any payment extorted by intimidation, as by threats of injurious revelations or accusations.
2. the extortion of such payment: He confessed rather than suffer the dishonor of blackmail.
3. a tribute formerly exacted in the north of England and in Scotland by freebooting chiefs for protection from pillage. verb (used with object)
4. to extort money from (a person) by the use of threats.
5. to force or coerce into a particular action, statement, etc
blackmailer, noun
blackmail (blækmel)
1. the act of attempting to obtain money by intimidation, as by threats to disclose discreditable information
2. the exertion of pressure or threats, esp unfairly, in an attempt to influence someone's actions
3. to exact or attempt to exact (money or anything of value) from (a person) by threats or intimidation; extort
4. to attempt to influence the actions of (a person), esp by unfair pressure or threats
Re:By some definitions.... (Score:4, Informative)
"You will not recieve e-mail during the next seven days UNLESS you agree to pay us 90 euro! No discussion possible!"
Sounds like blackmail to me .. It especially fits the definition "the act of attempting to obtain money by intimidation, as by threats to disclose discreditable information" - they are disclosing discreditable information, possibly even false - namely that you are a spammer, which may or may not be true. I don't think they will be so tough in court. I'd love to see them tried by the way.
Re: (Score:2)
The threat is that they will keep disclosing the information UNLESS you pay up.
Re: (Score:2)
It's more like someone you lent your CC did a charge back on a purchase, and the company added you to a list that has people who did a charge back in the last week on it.
Now that company is trusted enough that other stores use their list to block CCs that present a risk of charge backs.
They tell you that your CC will be removed in a week if you stop doing charge backs, or you can pay a fee to have it removed immediately.
So either wait a few days or pay them and you'll be fine. The lessen you should learn he
Analogies are fun (Score:2)
Actually it's more like a car dealership, where one customer is alleged by a private company to have driven their new car illegally, now all customers of that dealership have been banned from driving in any town that uses the "bad driver" list, for 7 days unless the dealer pays a fee on their behalf.
Re: (Score:2)
Close. Except change the car dealer to a company that just leases cars. The customers have the choice of changing their ISP, if the ISP is not willing to stop leasing cars to people that commit driveby shootings.
Sue in UK for defamation (Score:2)
Ask your company's legal team about options, such as suing in the UK for defamation.
Just a thought.
How about sending a bunch of spam from a laptop at an open Wifi like Starbucks, where the spam is promoting UCEprotect.org. Send it to/through Gmail and other blacklist organizations. The goal being to get them placed on a spam blacklist...
Either seems preferable to spending 300 Euros for an express de-list. Then, doing it again, etc.
Make sure you monitor out-going email through your ISP's servers so that n
Re: (Score:2)
How about sending a bunch of spam from a laptop at an open Wifi like Starbucks, where the spam is promoting UCEprotect.org. Send it to/through Gmail and other blacklist organizations. The goal being to get them placed on a spam blacklist...
How about considering the fact that 300 Euros is nothing to an ISP. But it's enough to make it infeasible for spammers to pay up.
:)
Ever considered the fact that UCEprotect might be a legitimate organization? (I wouldn't know)
Sure, the telling people that they are stupid if they claim blackmail and thusly, will not be allowed to delist, might not be the wording a lawyer would have used. But it's probably a lot less evil than the EULAs we click OK to on a daily basis, it least this one is honest
PLEASE NOTE THAT THIS IS AN OPTIONAL OFFER ONLY.
YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL, EXTORTION, SCAM OR SIMILAR BULLSHIT.
Also, not
Re: (Score:2)
How about considering the fact that 300 Euros is nothing to an ISP. But it's enough to make it infeasible for spammers to pay up.
A spammer with one IP address would be paying US$115 (I don't know why the summary lists the fees in Euros, as all of them are actually in US dollars) and US$345 for one "allocation". The de-listing has to come with a guarantee of not getting back on the list as easily (because the assumption is you're not going to pay to remove a real spammer). For those low prices, a real spammer would actually be glad to pay. And, without the guarantee, UCEPROTECT's unknown method of determining spam could put the IP
Re: (Score:2)
You say:
Ever considered the fact that UCEprotect might be a legitimate organization? (I wouldn't know)
But then you say:
PLEASE NOTE THAT THIS IS AN OPTIONAL OFFER ONLY.
YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL, EXTORTION, SCAM OR SIMILAR BULLSHIT.
I think we know whether they're a professional organisation...
Let's also take a look at their website [uceprotect.net], and their 'Cart00ney' publication [uceprotect.org] of legal documents Piratebay-stylee.
If they're not an outright illegitimate organisation, they're a jolly dubious one.
They also seem to imply that they're involved with 'Bavarian municipals', but seem awfully coy about naming them.
A good response may be to draw the attention of the service providers you can't get email through to as to the nature
Re: (Score:2)
Ask your company's legal team about options, such as suing in the UK for defamation.
Just a thought.
How about sending a bunch of spam from a laptop at an open Wifi like Starbucks, where the spam is promoting UCEprotect.org. Send it to/through Gmail and other blacklist organizations. The goal being to get them placed on a spam blacklist...
Either seems preferable to spending 300 Euros for an express de-list. Then, doing it again, etc.
Make sure you monitor out-going email through your ISP's servers so that no spam is being sent by your customers.
Not only is that immoral, it's likely illegal.
Re: (Score:2)
The summary states they're an ISP, so I don't think it's out of the question that a few customers picked up some malware. The malware might be sending out the spam that gets them blacklisted. The might use non-static addresses, which could've led to the whole block getting flagged. If you take them to court, this fact will not only ensure you lose, but
Excessive smiley faces (Score:5, Insightful)
Maybe it's the language barrier, but that seems like a lot of smiley faces and profanity for a professional organization.
Their revenue model seems odd as well - it's almost like they're set up just to extract money from senders.
My instinct is don't pay them, figure out why you got listed, and stop whatever triggered the listing.
If the customers are complaining excessively, consider the unblock fee - once. Definitely terminate the accounts of the spammers.
Re: (Score:2)
Maybe it's the language barrier, but that seems like a lot of smiley faces and profanity for a professional organization.
Agree, that's the story here...
Re:Excessive smiley faces (Score:4, Insightful)
We feel sorry for you :-) but it appears that you sent SPAM to the wrong people :-)
Re: (Score:2)
How can he terminate his only customers?
These customers whose actions made conducting business impossible - how can he not terminate them?
Some Suggestions (Score:5, Insightful)
Firstly, as Pamela Jones over at Groklaw would tell you in a heartbeat, convince someone at your company to take legal advice. If your company is contemplating action of any kind in response to what has happened, it is critically important that you understand that your intended steps will not undermine you at some later date. Only a legal professional can tell you that. So please, get proper legal advice.
Secondly, thinking about the relationship between yourself and the party you believe to be performing the blocking/spam filtering. Is the issue between your company and the third party, or your *clients* and the third party? I can understand that you are coming under fire from your clients, but please refer back to the first point, above.
Third, go get familiar with the relevant legal frameworks. Your legal support, when you hire, them, is going to start asking legal questions. You understand the tech, but take the time to familiarise yourself with the law. Start with: RIPA (the Regulation of Investigatory Powers, which, IIRC, makes it illegal to intercept any communication between two parties), PEC (the Privacy in Electronic Communications Act [2003]), and take a quick look at the DPA (Data Protection Act [1998]) inasmuch as the data being generated and acted upon by the third party [email addresses] was created for the express purpose of *routing email traffic*, not *filtering* email traffic. There may be an argument that the filtering is inappropriate. See how a lawyer (I'm not one) can help you here???
Fourth, are there any professional trade bodies or organisations that both your company and the third party subscribe to (i.e. a UK Association of ISPs) that may have a dispute handling process? Are the two parties able to sit down with an arbitrator? If so, this might be a free service that you could try?
Fifth, if all of the above fail, then use of the Internet in the UK is regulated by various Government departments and Quango Regulators, such as the ICO (Information Commissioner's Office) and Ofcom (the Communications Watchdog). As above if you have taken proper legal advice from a law firm with expertise in this area, they should advise you on the best method of engagement.
I understand that you want to help your clients, but in this case it's critically important that any steps you take don't make it worse. Legal advice must be step 1.
Hope this helps...
Yah... legal advice (Score:4, Interesting)
The guy posts the question as an AC. Why? That is a MAJOR red flag.
Secondly, no consumer ISP would tolerate such a question being asked on a public forum, they have lawyers in house to deal with this kind of stuff, they do NOT Ask Slashdot. Never. No way, no how.
10 to 1 that this is some east European with a couple of servers at a hosting party who hires them out to spammers and now finds his leased servers are useless to those same spammers because his IP range has been blocked and he wants them unbanned to he can continue to rent out his servers to spammers.
DNS block lists do on occasion hurt real newsletters. But this is about a legit newsletter, why is not mentioned? If this is a legit service that is being hurt, why is not mentioned. If it is a legit ISP that is being hurt, why is it not named?
Could it be that this question is posted by an AC with not even a hint about the nature of the hurt party being the very generic label "ISP" is that even the simplest google research would reveal that the ISP in question is a spam haven?
Anyway, a DNS list is just a list of numbers. It is a fact list that does nothing unless someone ELSE uses that list. Listing ip's on a list cannot be illegal and block mail from MY server is perfectly legal as well.
Spammers have tried fighting DNS lists for years now and failed. This question should never even have been asked.
Re: (Score:2)
No, it wouldn't get them blacklisted. It would just require them to wait a week each time they started spamming again. And would that be wrong? Most people here complain that offering the pay-to-get-off-the-list is blackmail. So wouldn't removing that option make everything OK?
It's not extortion (Score:4)
Obviously anyone giving you legal advice has failed due diligence. From their site: "Every IP listed will expire 7 days after the LAST abuse is detected, and FREE of charge."
So, find out whoever is spamming, and put a stop to it. It might be different if your ASN is listed, but I'd still be looking for spam sources on your own network.
Not blackmail, but libel (Score:2)
It looks more like UCEProtect is declaring to its customers that you are a spam haven and that they should not be accepting any mail from your systems. That sounds more they are libeling/slandering you. I am not a lawyer but I imagine an imaginative legal team would be able to sue UCEProtect in that way.
Re: (Score:3)
True, but then they'd be hit with proof: The spam that hit the spamtrap from that IP address. They keep those things!
UCEProtect isn't the first one to get sued. It won't be the last.
UCEprotect is spamtrap based (Score:5, Informative)
Stop sending spam, wait 7 days and your good. Your at level 3 your AS has been spewing spam for awhile and you have done NOTHING to fix it. As an ISP you should be checking all your IPs against all major spam lists and proactively dealing with spam. This will probably mean loosing customers. Some things to consider it's trivial to setup a relay server for your own mail servers outside your AS to keep outbound email going. Look into some technical means like transparent outbound spam filters, outbound port 25 syn rate limiting, or a plethora of other aids. Those clients will all claim it's triple opt in super secret they have everybody's dna on file, they are lies. Remember that spammers are at worst criminals at best have absolutely no morals in either event they have no compunction lying to you. Strengthen your TOS put BIG fines in there for repeated spamming wave them based on your gut and history. Often you need something to push legit companies to fix there issues.
All thing considered getting to l3 means your just ignoring the spam coming from your network. You need to get proactive and fix the root issue of spam spewing from your network. There are plenty of technical methods to avoid the 7 days block that are far cheaper then paying them. At the end of the day spend less energy railing about "blackmail" and more policing your network. If you do not, your facing the internet death penalty and the business needs to go under this is the internet working as intended.
Re: (Score:2)
No, ISPs are not police, they are private businesses and set their own rules and regulations.
No, it is not their "responsibility" in any legal sense. However, it is certainly prudent for them to think
UCEProtect is a spammer. (Score:5, Interesting)
I've had to deal with UCEProtect in my job as a system administrator. Whenever we got listed it was because their spambots (that send mail coming from the droppatrol.de domain) managed to get a bounce out of our system. We allow our users to forward mail offsite and some do to sites that are far far less permissive then us, and when that happens we properly send the bounce.
I would say that running spam bots, and then asking someone to pay to get off a blacklist that their spambots got you onto, is effectively organized crime type extortion.
There is a reason you are listed. (Score:5, Insightful)
There is a reason you are listed:
* You have spam originating from your system for too long of a time.
* You are unresponsive to reports.
So, your entire network range is listed. Everyone is bouncing emails. Everyone is complaining to you, and you've noticed. You've been forwarded the site, and you're contemplating just paying them off... except that it just won't work. You'll be relisted again, and with reason -- someone on your network spammed and nobody's listening.
Thus:
* If you haven't done so, open up abuse@ and point it to somebody with the power to diagnose, disable, and close accounts.
* If the guy behind abuse@ doesn't have said above power, GIVE IT TO HIM.
* If the guy behind abuse@ does, but doesn't use it, FIRE HIM.
* If you haven't done so, disable outbound port 25 at your border router with the exception of an out-bound SMTP server.
* Put an outbound spam filter in place.
If you are unwilling to do the above, then there is one last thing you will eventually do: CLOSE SHOP.
wrong on all accounts (Score:3)
* you do not have to have spam originating from your system, it can be perfectly normal e-mail to an address used by someone you knew in the past, that is now used by someone else as a spam honeypot.
UCEprotect sucks. It's no wonder the people behind it are hiding their identities.
Re: (Score:3)
Monitoring their blacklist for your IPs is not "hard"
Neither is distinguishing between "having open relays", "sending perfectly legitimte e-mail to addresses that have a new (domain) owner" and "sending spam", but they don't do it - you will always be slandered (called "spammer") and your business will be disrupted by their blacklisting, even if no spam e-mail was ever sent by your hosts. Last time I checked, they will even blacklist you for having a vacation responder at the address they send their probes to and on one occurrence they kept blacklisting us w
Course of action (Score:2)
2) Change your infrastructure to avoid that in the future (port 587, auth, etc)
3) Be patient, watch it work
These blacklist services break normal email (Score:5, Informative)
So we got blacklisted, and checking the logs we had *NO* outgoing email at the time of the accursed spam message(s). The blacklist service didn't give me the whole message, but it contained enough for me to find reference to it in my log.
Near as I can figure, some spammer sent email to us through an open relay, using a honeypot (you get classed as a spammer if you send email to this address ) as his spoofed 'from: address'. My mailer refused to accept the email to the abandoned address, so the relay returned the 'undelivered' message to the honeypot address.
Now I had several problems with this. First, to avoid blacklisting, I had to remove this helpful service. Now those messages go to
More recently, I had newsletter messages sent to a members of a private club bounced by their local ISP. The sending IP address was not listed in any blacklist I could find. The ISP was just refusing connection, No message, nothing. (I could send email to that ISP from other services like gmail) They wouldn't take my call ( I'm not their customer) so I had some of their customers call and ask "Why am I not getting these newsletter messages?" . I wasn't on the call, but it sounded like they just played dumb. A few of the list members gave us non-local-isp addresses (gmail , yahoo) and now they get the newsletter there.
Again, legitimate email loses out.
And finally, Just about every time, my "password reset" messages end up in people's spam folder. This is one of my most common support calls. (this even after the page where they request the password reset says right on it "check your spam folder" ) There are lots of false positives on spam.
Re: (Score:2)
It's not looks-legit.some.bogus.domain.ru. It's samedomainthatsentthemail.com/reset.php?code=longhash
Re: (Score:2)
Re: (Score:3)
The thing is that the script is not run until *DELIVERY TIME*, so postfix can't trigger that 550 error that the AC is talking about. The AC also is a bit off because they say it should be sent in response to the "TO: header". Actually, what they meant to say was in response to the "RCPT" SMTP command where the envelope sender is specified. That is done before the message is queued, while the remote host is still on the line.
So, yes, what you were doing causes backscatter, and is a problem for the reasons
As long as (Score:2)
As long as you confirm thricely that the targets of your spam are willing to receive it you should be good. I'd suggest meeting each and everyone of your in person and with verified live human witnesses present to attest that your prey is willing to subjected to the advertising that you are want to force upon him.
Stop sending spam then. (Score:5, Insightful)
I've seen this story several times before with people complaining about "blackmail" with different blacklists and filters, and in all cases I have ever seen there has been some sort of real problem. Remember that there are different levels of blacklisting, from the lowly backscatter blacklisting which hits a lot of legitimate organisations, up to Level 3 (which indicates that you've been informed of a problem for a long time but basically don't give a fuck), up to the next step which is de-peering or permanent widespread blacklisting. OP is clearly drinking in the last-chance saloon on this one.
Top tip: running an ISP is harder than it looks. Not managing abuse of your systems will eventually cause major problems, and in the worst cases will drive you out of business and have law enforcement forcing their way into you server rooms to take your kit. Don't assume that YOU are the innocent party and the the complainers are just making it up if you want to remain in the ISP business..
Re:Stop sending spam then. (Score:5, Informative)
If you don't want to be blacklisted, then stop sending spam. Simple.
You're an ignorant fool. Unfortunately, too many sysadmins are just as ignorant, so they trust these badly-run, possibly with malicious intent, services. We've never sent 1 spam e-mail in 12 years doing business online and have been blacklisted several times by UCEprotect due to them recycling old domains (which were used by users to register on our site) for use as spam honeypots. They wasted countless hours of our time for nothing.
Simple solution (Score:2)
When customers contact us because they can't receive certain mail, we try to whitelist the IP(s).
When customers complain that they can't send mail to a certain person because our IPs are blacklisted, we ask them to ask their recipients to have our ranges whitelisted. It's almost the only way this is going to work. No point in trying to have someone whitelist our range over the phone in a company with several layers of managers between a helpdesk-agent and a server-o
This Isn't Blackmail or Extortion (Score:2)
It's freedom of speech.
If UCEProtect has an email they think is spam they are perfectly within their rights to proclaim said email is spam from the tops of the highest mountains. Other people have the right to either listen to them (and block the OP), or ignore them (and not block the OP). They do not have to be real nice to the alleged spammer and spend thousands of man-hours a year on appeals. It would be nice of them if they did, but their is no legal requirement to be nice to people.
they don't tend to help you to track down the spam (Score:2)
sometimes I also have the feeling that these services are somewhat extortionist. I find this to be the case when they really don't help you in any way to track down the spam they think you're sending.
some of these are helpful and provide sample spam e-mails that they caught. usually the message ID is enough for me to track down the spam and spammer in question.
why such an organization would actually _not help_ fighting spam in this way is beyond me though.
Time to get rid of mail bounces (Score:4, Insightful)
For traditional reasons dating back to the dial-up UUCP era, most email systems are store and forward. That's really no longer necessary. In an "always-on" era, mail should be synchronous. When an SMTP server receives a mail that it needs to forward (presumably only to a known address) it should, while holding the incoming connection open, send the appropriate outgoing mail. If the outgoing send succeeds, the SMTP server should reply to the its client with success. If not, it replies with a failure code. No "bounce" messages are ever sent. So there's no possibility of sending a "bounce" message to a faked address. "Joe jobs" become completely ineffective.
Any non-success status from the outgoing send gets passed back to the incoming connection. If the destination server is down, the SMTP 450 status (Requested mail action not taken: mailbox unavailable) should be returned. For 4xx statuses, most mailers will resend, so the first mailer in the chain will handle retransmission. If the first mailer is a user SMTP client (rare today), the person sending will get an immediate fail, indicating that the mail was not received.
A simplified SMTP server like that would be appropriate for machines that only handle mail as a sideline and forward it somewhere else, like most web servers.
Re:I always go along and pay (Score:5, Interesting)
I used to run the AHBL (for those wondering, I am Andrew Kirch), my advice is this. UCEProtect isn't a protection scheme. They're just people who run a DNSBL and got tired of dealing with spammers lies for free. I am incredibly sympathetic, though I did not go the same route. I've been lied to, threatened, received death threads, etc. Eventually you stop doing it for free, and since I was unwilling to charge, I simply stopped. If you want to be delisted, pay, if you don't, don't. If one of your customers/friends/whatever is using UCEProtect, you can also contact them and ask them to stop. I've used it in the past, but not on a block outright basis. My policy applies only to my mail server though, and not yours.
Re:I always go along and pay (Score:4, Interesting)
That could be, but if the listing is inaccurate, they're likely guilty of defamation and probably other things as well if they're keeping the listing as such.
I don't know if in this case the listing is accurate, however, the OP could likely successfully file suit against them.
NEVER trust and AC (Score:5, Informative)
NEVER trust an AC. The TRUTH is RIGHT there on the linked page
FREE OF CHARGE REMOVAL:
There is no need for you to request removal, if you do not want to pay.
Every IP address temporary listed as Level 1 expires automatically 7 days after the last spam email from it hits our SPAMTRAPS. This means your IP address will be removed, lesson learned, no more spam from your computer.
The FREE option is listed FIRST, you ONLY need to pay if you want someone to manually check your SPAM sending IP can be cleared. Spammers LIE, they will abuse ANY complaint system and this costs time and energy.
Spammers rely on the low costs of their operation to remain profitable, they spend nothing and instead leech from others people infrastructure, efforts and time to make their money. The easiest way to combat this is to cost the Spammers time, energy and money. That hurts their profits the most and is the only way to hinder them.
Yes it sucks to hell and back if you are caught in between with your "legit" reasons to run a mass emailer from your own computer. But the needs of the many outweigh the needs of the one. Don't like it? You PAY ME then to deal with spam. You don't want to pay? Well... then what do you want? Email was ruined by the spammers, the old idea of anyone being able to mail anyone else is GONE thanks to them. You fix the spammers then because I am NOT going back to the days when 99% of email hitting my systems was spam.
Frankly there are so many alternatives to sending mass mail from your own system, only highly suspicious people want to go around this. And yes, loss of freedom for one means loss of freedom for all... but the costs associated with combatting spam all on your own are just to big. Installing a DNS blacklist is a cheap reliable option and the number of people hurt by it are statistical rounding errors. Really, nobody I know still uses their own email system but instead uses something like gmail with their own domain name. I use Amazon. And gosh, it just works.
Basically, it all comes down who has to spend time and effort. The recipient or the mailer. Do YOU have to make sure as a sender that your system can send to everyone OR does the recipient have to make sure that he can receive from everyone?
The recipient is the person with the least interest here in case of spam AND indeed in regular emails. If some entity wants to mail me from some home IP in black listed range. What is my motivation in wanting to receive said message? The spammer/sender is the one who needs the message to be received.
AND ALL THIS BLACKLIST REQUIRES: Is that AFTER your system has been caught sending spam, it stops sending spam for 7 days. That is all. Just 7 days without spam. The AC whiner clearly is running a system that sends endless spam. He needs to deal with that and NOT demand the entire rest of the world open their system to his spammy criminal customers.
When you sign up for Amazon EMS there are several security measures in place to avoid you using their systems to send spam. That is because Amazon and other email providers spend a LOT of money making sure their IP range remains unblocked and they do this by having people actively making sure no spam is send through their system.
Is it that difficult to ask that an ISP does the same?
Again yes it sucks if you are caught in between but hey, there are alternatives and YOU are FREE to come up with a better system. In the meantime, I take my DNS blacklist thank you very much and not shed a tear about your home mail setup. Hey, at least it is better then in the old days when many including me would just black list entire regions of the world. Still do for that matter, you would be suprised how much less attempts at hacking you get on a small webserver if you just block Africa, Asia, Middle Eaast, East-block, South-America etc etc. But you might get a legit visitor from those regions! For a local amateur soccer club home page?
My time is money,
Re: (Score:3, Insightful)
It isn't necessarily about their delisting policy, more about their listing policy. UCEProtect also run Backscatterer, which lists based on if you send out of office/bouncebacks to spam mail. This will often bleed over into their 'main' block list.
At the end of the day, if you're blocking people for having the courtesy to set a message that states "I'm out of the office", then you shouldn't be taken seriously as a block list provider.
Re: (Score:2)
Because checking basic things before sending that sort of thing is hard? If your validating basic things before sending these automated replies your never going to hit these backlists. It's not 1989 anymore you can not just autoreply to every inbound message hell you should not have done it then either.
Re:NEVER trust and AC (Score:5, Insightful)
I have the questionable pleasure of experiencing a deluge of backscatter since the rise of the Festi botnet, and I must say that I find the lack of sanity checks on automated replies appalling. It is not a courtesy to autorespond to spam by sending the spam "back" to a person who didn't send it in the first place and gave you all the information you need to clearly and easily establish that fact (Domainkeys / SPF).
There is only one place for automatically sending a message back to the original sender, and that's before accepting the mail in the first place. The sender sends the address information first. Reject the email then and there and include your out of office information with the bounce. Once you've accepted the mail, don't autorespond.
I agree about companies needing to push SPF and the like more. Sure, it still can cause some headache supporting.. but it helps address the problem.
As for the second bit, you've got to be joking. First, putting the out of office in the bounceback does nothing to mitigate the issue. You're still receiving an email for each and every bounced email. Second, millions of people have email that is hosted through another company. They realistically cannot set up individual bouncebacks for every single customer.
Re: (Score:2)
Unfortunately, vacation replies *CANNOT* currently be sent before accepting the mail. The reality is that people simply *DO NOT READ* SMTP error messages at all.
I've been running an experimental system on my main mail server for a couple of years now, which quarantines messages at the SMTP DATA phase if it is uncertain about the message (based on SpamAssassin, greylisting, etc...). It includes a URL that the sender can visit to release their message for immediate delivery.
I've only ever had *ONE* person u
ISPs can't work with this (Score:5, Informative)
If you run an ISP and use dynamic address allocation, chances are that a low percentage of your users is infected and they appear to be coming from your entire address pool. This will mean that in practice, your entire AS will be blacklisted permanently.
The way it often is solved, is that the abuse department for the ISP sets up a "custom" communications protocol with the blacklist operators. In that protocol, it's usually described how the blacklister deals with IPs (only block individuals, block for $lease_period) and that the ISP will get abuse mail for each of those offending IPs. In return, the ISP will have to take measures to pull the offending machine/customer offline in a very short timeframe, usually well within 24 hrs after the abuse mail has been sent. Often ISPs will have some sort of mechanism that will re-route the customers sending spam into a walled garden environment, in which they can only send mail via the outgoing mail servers of the ISP and not browse the web, apart from web sites of the ISP themselves and anti-virus and update websites and such.
This is by no means a perfect solution, since you are automatically tossing customers in a non net-neutrality setup because some third party triggered your abuse system. However, when configured and tweaked correctly, you get less than 3% false positives and your customers generally appreciate what you do. If you deal openly and swiftly with the false positives, even those tend to agree with your policy, but you have to make sure that you help them quickly and take the blame.
If you have a setup like this working in your environment, getting a "custom" deal with the blacklist admins usually isn't that hard, but you have to take the initiative and prove to them that you do anything reasonably within your power to take care of spammers and zombies, before they will cut you some slack.
Re: (Score:2)
But...but... (Score:4, Insightful)
"Frankly there are so many alternatives to sending mass mail from your own system, only highly suspicious people want to go around this."
I am a journalist, and I know what the laws are around email, subpoenas, (lack of any) protections under the (US) law, and the cost of lawsuits. I keep my own server, on my own premises, and keep logs only long enough for diagnostic purposes. All email is deleted after 2 weeks unless it is specifically moved to a location meant to be saved for the same reasons. I have been doing this, or parts of it, since before my ISP offered mail services, over 20 years now FWIW. Some people call me paranoid, I point to things like MegaUpload and call them ignorant. I guess that I would be considered "highly suspicious" according to many government agencies.
So there you go, there is at least one good reason to do the above, although I rarely send out mass mailings, probably less than one a year.
As for the rest of your points, I totally agree. Thanks for trying to stop the spam.
-Charlie
Re: (Score:3, Informative)
So, if there is *one* low-rate (one message per day) zombie spambox connected somewhere in Comcast LA's AS, the reasonable thing for a blacklist maintainer to do is to blacklist *every* Comcast customer in LA?
Yes. It's not worth anybody's time and effort to sort through sock puppets beyond that scale. Questions of who is responsible for what falls into the category of "Not my fucking problem."
We have already long since learned that the chainsaw really is preferable to the scalpel when dealing with spam.
Re: (Score:2)
If it's nit worth doing it right, perhaps they should get out of the business?
no, actually it *is* worth doing it wrong. follow the money.
Re:NEVER trust and AC (Score:5, Interesting)
Wouldn't happen with Comcast, because they block outgoing 25, and force everything through their mail server where they can implement sanity and outgoing spam checks.
That, I think, is the point of blocking the entire AS.
Re: (Score:2)
They wouldn't do that because Comcast would send a team of ninja spec-ops lawyers to blow their shit up.
$110 is for the low-hanging fruit.
Re:Someone is full of himself (Score:5, Informative)
been hiding under a rock much?
http://en.wikipedia.org/wiki/The_Abusive_Hosts_Blocking_List [wikipedia.org], considering his own name is HARDLY spattered over the internet as a karma whore / full of himself - I would be much more likely to to believe him than some trolling A/C that has what, committed translations from English UK to English US? Of course that is on the assumption that the poster is who he says he is but if you did actually google rather than being arrogant and full of yourself - then you would find that the guy has indeed been rather involved in anti spam lawsuits etc.
http://www.declude.com/Articles.asp?ID=262 [declude.com]
OR
"My name is Andrew D Kirch, I'm one of the founders of the AHBL, and served in that capacity until 2008. I've been harassed, extorted, sued, and defamed by a Mr. Richard Morton Scoville, a resident of San Antonio, Texas for a period of 7 years. During that time I have suffered nearly irreparable damage to my character, and public reputation. I've been questioned by police, and my customers, and I have incurred over $10,000 in legal costs defending myself in court against this person."
So, AC - is your code contributions worth $10k to you?
OR
http://www.ahbl.org/legal/scoville/courtdocs [ahbl.org]
Let me just make another assumption here, You are American and don't know who "Tim" Berners-Lee is either? I actually couldn't care less if you do or don't know who he is - but my point being is you wouldn't do the extra effort to look it up.
not posted anon, because I've not been a pussy since 1994.
Re:Someone is full of himself (Score:5, Insightful)
Hola, thanks for pointing out this to the AC above. I'm the current maintainer of the AHBL, Brielle.
After a while of maintaining a DNSbl, you start to refine your policies and how you handle things - unfortunately, with the amount of douchebags and assholes who operate mail servers and networks out there, those policies tend to get more restrictive and locked down to prevent abuse.
We used to offer a whitelisting service, where responsible ISPs could register to avoid auto-listing of their blocks. Had to nuke that due to being lied to and threatened (big surprise there). I used to provide free consulting to smaller ISPs who got listed to assist them in cleaning up their networks, securing their servers, etc. Had to nuke that program too - you can thank GoDaddy for that.
These ISPs, the ones that whine about being listed, usually have a good reason why they are listed. They won't publicly admit it obviously, but the almighty buck tends to override the common sense that you need to properly control and manage your own networks. If you are willing to allow your customers to spam, abuse, and just be downright shitheads from your IP space in exchange for money, then you need to be willing to accept the consequences.
The only reason why things are the way they are today, is because people don't know how to behave and be a good online neighbor. In other words...
"This is why we can't have nice things!"
Re: (Score:2)
Violence is the last refuge of the incompetent.
By the time it is the last refuge it is almost certainly too late for violence to do any good. The competent get to violence _much_ sooner.
Paraphrased. L. Long.
Re: (Score:2)
Mod this boy up!
Re: (Score:2)
lots of places use them, and it really shits me.
Most of them list you for stupid reasons, eg having a dynamic ip (even if it is really static, and they will only remove dynamic listings if you are the ip range owner)
Its a constant support hassle for me.
Re:People still use blacklists??? (Score:5, Interesting)
Re: (Score:3)
I feel your pain, but as a small-time hosting provider the dynamic-IP blocklists reduce spam by about 90%. In reality there are very very few legitimate mail servers located on a dynamic range. You are an unfortunate example. I currently get less than 1 complaint per year on false-positive rejection. For me this is an unfortunate but acceptable loss compared to the large amount of spam I no longer receive.
Comment removed (Score:4, Funny)
Re: (Score:2)
Unfortunately, it IS effective. If you are really that concerned about it, then pay the fee to get a fixed IP, or relay your mail to a server than has a fixed IP. It's not expensive.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Insightful)
Indeed. We use a similar blacklist on our systems and it eliminated a massive chunk of spam from bots trying to reach out and touch you directly.
There just isn't any good reason to be operating a SMTP server on a residential connection; the user either needs to go through their ISP or they need to move to proper hosting in a datacenter (more uptime, static IPs, clearly not an end-user system).
Re:People still use blacklists??? (Score:5, Interesting)
The way this is handled in Finland that each isp has one outgoing SMTP-relay server that you have to use, you can't send the mail directly out. You can receive all the mail you want but the outgoing pipe has restrictions to prevent open/miss-configured servers, works great. (I have my own mail server with such arrangement on a static IP)
If you are a ISP I would suggest a similar arrangement to prevent all your customers sending spam :)
Re: (Score:3)
It's like that with most ISPs worldwide. You can still use another SMTP server if you use one with SSL on another port though.
Re: (Score:2)
>This seems bad. My ISP should not be interfering with traffic.
It is bad. Especially if you want to have actually mitm secure email with certs at both ends. This is a whole lot easier if you control the MTA.
DJ
Re:People still use blacklists??? (Score:5, Interesting)
There just isn't any good reason to be operating a SMTP server on a residential connection
In the EU (and probably elsewhere too) there are VERY compelling reasons to do so. ISPs are required by law to store all your e-mail (and other) traffic and make it available to the government at a whim. So much for the basic human right to privacy and private communications (but hey if you're no turrerist you've got nothing to hide eh?) They are still snooping port 25 and probably reading it at the receiving end anyway, but I'll be doing anything in my power to hinder the government from snooping on my private communications.
Re: (Score:3)
Re: (Score:2)
not the ISP as in "i use my ISP to contact my mail server", but only the ISP as in "i use the mailbox provided by my ISP". So they are required to snoop on the metadata (from, to, date) of mail sent via their own servers.
Encryption (Score:3)
In the EU (and probably elsewhere too) there are VERY compelling reasons to do so.
So use encryption. While you lose the ability to perform server based searches your email content remains secure and you don't have the hassle of running your own SMTP server.
Re: (Score:2, Insightful)
There just isn't any good reason to be operating a SMTP server on a residential connection
And this philosophy is what brought Europe down and is killing the U.S. It isn't up to you to decide if what I want to do is a good idea.
I run my own mail server. At home. And here's one good reason why.
All my personal contacts, emails, etc. that sync to my smartphone... don't go through Google, Apple or Microsoft. Essentially I run my own cloud.
Is privacy and wanting control of our data/contacts, at least keeping the nexus away from the corporate giants, not a "good reason"? Who are you to unilaterall
Re: (Score:2)
Anyone running their own mail server should be using a static IP address.
Re: (Score:3)
I can see why this is a problem for ISPs and hosts. Some people have been claiming the demise of email for years wha
Re: (Score:3, Insightful)
Re: (Score:3)
I call BS on that post.
The blacklist people don't block anything. All they do is publish a list with IP addresses. Isn't that covered under your precious free speech thingy?
Its the providers that use the blacklist that you should worry about.
Re: (Score:3)
They do in fact block people, in many instances the blacklists are automatically loaded and many providers do use them cause of the spam problems they're experiencing.
No, blacklists do not block anyone. The providers are blocking people.
Re: (Score:2)
the police in my country had to remove an erroneous criminal record from someone because it was blocking him from employment
Again, no, the potential employers that were checking the blacklist were blocking. I imagine the police had to remove the erroneous record because it was libellous.
Blacklists can and often DO get considered IN COURT as blocking people
Just because a court treats it as true doesn't mean it is, even if COURT is in all caps.
Re: (Score:3)
the potential employers that were checking the blacklist were blocking. I imagine the police had to remove the erroneous record because it was libellous.
In other words, using defamation to encourage others to block people is as bad as blocking people.
Re: (Score:3)
That's not an assumption. It's a description of where the fault lies. Blacklists are a tool. If you use the tool incorrectly, then it's you who's the problem, not the tool. The solution isn't to bitch about being blacklisted, the solution is to fix the poorly-implemented system.
Re: (Score:3)
No, the responsible party is always the person choosing to implement the blacklist as a total arbiter. The black list is not the fault, but the person configuring the system. The blame should be placed in the correct place.
Re: (Score:3)
When did the IRA sue Channel 4? Do you have a link for that?
Depends on the country, but you might get away with publishing a list of "scum". In the UK, the PCC would be more likely to handle general misconduct. I'm not sure calling someone "scum" is any more legally actionable than calling them "absolute shits" or similar. Where it becomes legal is if an actionable statement is made, such as publishing a list of "terrorist scum", or a list of people described as being "IRA terrorists".
Depending on how you d
UK is part of EU (Score:2)
Re: (Score:2)
Wrong. You shouldn't be using port 25 to submit mail to the SMTP server of your e-mail provider these days. You should be using port 587 (mail submission). Works just fine with smtp.gmail.com.
Re: (Score:2)
Re: (Score:2)
"Guess what? Grandma's computer is sending out spam in the background as fast as her system and connection limits will allow."
Then your connection limits are inadequate, you should secure the SMTP servers that you provide on whitelisted ranges (i.e. grandma's connection should NEVER be able to send direct SMTP to random servers without a minimum of a secure connection, which almost all UK ISP's enforce, for instance, and require you to use THEIR authenticated, secured outbound mail servers if you want to se