Re: Israeli ISP and Blacklisting

[Arik Baratz]

On Fri, Jul 25, 2008 at 8:40 AM, Imri Zvik <[EMAIL PROTECTED]> wrote:

> Let me get this straight - You claim you already know of a specific user
> that is abusing you over and over. You complain that this ISP is not willing
> to help. I'm offering to help you, and I'm in the position to do so.
> You refuse with the lame excuse I (or the company I work for) might sue
> you? COME ON. Sounds quite evasive to me. If you really care and want
> something to be done, you can use my help - If you want to continue with
> this trolling, please, stop wasting my time.
>
>
This doesn't become you, Imri.

I will send the LIST OF USERS that are spamming me to the abuse address. If
hypothetically, you are the ISP discussed, you should be able to help me
then.

Just give me some time to write a python script to download my spam folders
and sort through the headers to find them.

Besides, what good does it do to me that you're going to close the users'
account this one singular time? I'm talking about years of continued abuse
by many of your users. It's not going to be a one-off, and if mail to abuse
doesn't seem to help, this one-off isn't going to do much of a difference
anyway.

So if I automate my scripts to the level that I can trust them to run
unattended, I might be able to make it run on a regular basis and send
automated messages to abuse, complete with headers and PGP signed, and then
create a graph showing exactly how effective the abuse complaints are (i.e.
how many messages I got after the first complaint and for how long). It
might be an interesting experiment. I have however just recently relocated
and am still pretty busy in a new role, location, country and continent so
it will take some time.

If it works out I might even do it for all Israeli ISPs and track it on a
web page... Hmm...

-- Arik

Re: Israeli ISP and Blacklisting

[Dotan Cohen]

2008/7/24 Imri Zvik <[EMAIL PROTECTED]>:
> How many people in this list thinks it's a good idea?
>

By default, yes. If someone needs to send email from localhost, let
them specifically request it from their ISP. Then they can't claim
stupid when SPAM is sent from their IP (be it static or dynamic).

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

RE: Israeli ISP and Blacklisting [summary and stop]

[Imri Zvik]

1. vauge and general, what can I do with with misconfigured systems around the 
globe? These system might not return a bounce for many other rejections/errors. 
How can you *ever* know?
 
2. So now *you* are deciding for other people (say, Oleg) what to do with their 
internet access? Who died and made you the queen? What if customer of ISP X 
still wants to use his email account at ISP Y? I can tell you for a fact there 
are more than one client who does that.
 
The fact *you* don't follow this use case doesn't mean other people aren't 
either.
uceprotect is an example for a *bad* way to fight spam. The way they want is 
just like taking the driving licences from everybody and make them ride the 
bus, just because some people are speeding.
 
It's not that other RBLs doesn't block - it's just that most of them are doing 
it in a much more sane and productive way.
 

 

 




From: Noam Rathaus [mailto:[EMAIL PROTECTED]
Date: ה 24/07/2008 18:21
To: Imri Zvik
Cc: linux-il
Subject: Re: Israeli ISP and Blacklisting [summary and stop]



Hi,

1) You are right, but not every plays by the rules, we recently had to prevent
ezmlm from sending bounces for unsubscribed people as it was being used for
spam, and getting us spam marked - so playing by the rules might be the right
thing, but it is not always the intelligent thing to do.

2) I heard you the 10th time, I told you don't block, I think in today's world
it is reasonable to block port 25, people either use:
a) web mail (Gmail, Yahoo, Walla, etc)
b) corporate mail via VPN
c) home mail (outlook express, etc) at home

None of this falls under the Internet cafe problem, and I know, as I drank
quite a few cafes in my life.

uceprotect is one example, if I had another one I would show it, sorry,
doesn't mean its not the right/wrong example.

On Thursday 24 July 2008 17:46:51 Imri Zvik wrote:
> 1. Usually it would block the sending system during the SMTP session - so
> if the mail system you are using is properly configured you should get ALL
> the bounces.
>
> 2. You ignored my repeated question - Do you think blocking port 25 all
> together (as they suggest) is a good idea? Keep in mind that if all ISPs
> where to implement that, and you are a Netvision customer, for example, and
> want to send email through 012 Smile mail system using your username and
> password at 012, It wouldn't be possible.
>
> If you are sitting at some coffee place that offers free wifi with ISP
> different than yours, and want to send an email using your ISP mail
> servers, you wouldn't be able to do that.
>
> If you have your own mail server and don't want to route your email through
> your ISP - you wouldn't be able to do that.
>
> This is the *only* way you can live up to uceprotect's expectations in the
> long run.
>
> I am *really* interested to know how many users in this list are pro this
> suggestion, and how many are against it.
>
>
>
>
> -Original Message-
> From: Noam Rathaus [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 24, 2008 5:13 PM
> To: Imri Zvik
> Cc: linux-il
> Subject: Re: Israeli ISP and Blacklisting [summary and stop]
>
> Hi,
>
> I am not completely blocked, but I don't want to be partially blocked
> either.
>
> At least two emails bounced (to two unique destinations) saying we were
> blacklisted, I cannot tell you how many were blocked and didn't bounce - it
> will take me days, if ever to know.
>
> I will solve your security problems, can't help you with your spam problems
> - not my expertise.
>
> Arik didn't disappear, maybe he has work to do beside answering emails here
> - I trust Arik to get back to you.
>
> On Thursday 24 July 2008 17:06:04 Imri Zvik wrote:
> > Again, you are putting it as if you are completely blocked and you cannot
> > send mails at all. Can you please tell me how many of your mails were
> > blocked due to this listing, and to how many unique destinations?
> >
> > Only one person (Arik) complained about actual problem, and when I asked
> > for information he disappeared.
> >
> > It seems you don't really want to solve anything, or suggest any feasible
> > solutions.
> >
> > I ask again - do you think blocking port 25 completely is a good idea?
> > Can you live with that? How many people in this list thinks it's a good
> > idea?
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Noam Rathaus Sent:
> > Thursday, July 24, 2008 4:33 PM
> > To: linux-il
> > Subject: Re: Israeli ISP and Blacklisting [summary and stop]
> >
> > Hi,
> >
> > My last email on the subject :)
> >
> > As it appears that some people are pro-ISP, some are con-ISP, and I don't
> > care which is which
> >
> > All I wanted to see, whether this is a global issue, apparently it is,
> > more than one is willing to talk about it, I believe others simply don't
> > know they are blacklisted, others have yet to be affected by it, and
> > others more don't know they are affected.
> >

RE: Israeli ISP and Blacklisting

[Imri Zvik]

Let me get this straight - You claim you already know of a specific user that 
is abusing you over and over. You complain that this ISP is not willing to 
help. I'm offering to help you, and I'm in the position to do so.
You refuse with the lame excuse I (or the company I work for) might sue you? 
COME ON. Sounds quite evasive to me. If you really care and want something to 
be done, you can use my help - If you want to continue with this trolling, 
please, stop wasting my time.
 
 
 



From: [EMAIL PROTECTED] בשם Arik Baratz
Date: ה 24/07/2008 18:09
To: Imri Zvik; linux-il
Subject: Re: Israeli ISP and Blacklisting




On Thu, Jul 24, 2008 at 11:22 PM, Imri Zvik <[EMAIL PROTECTED]> wrote:


I can only assume you are addressing me. 

Due to the latest trend of libel suits, I cannot confirm nor deny.
 

You are just flaming now. You have no idea what we are doing to stop or 
fight spam, and this public list is not the place to list those things.



For the particular ISP I was talking about, I know that the same authenticated 
user has sent me messages after several complaints, so I know for a fact that 
the same user keeps spamming. I'm only answering you here because I don't want 
to create the state of "שתיקה כהודאה" (silence as admittance, lit trans)
 


2.   If you have any repeating issues with spammers using our mail 
system, I would be GLAD to know about it. Please provide me with full headers.




I appreciate your suggestion. I will obviously not contact you because that 
would mean that you are the ISP I was talking about. I will however make an 
attempt to create a compendium of the headers from the last 30 days of spam 
that I have and send it to the abuse address of the offending ISP. It will take 
me some time as analyzing 1000s of spam messages means that I need to write 
code to do it, but I will get to it eventually.

-- Arik 

Re: Israeli ISP and Blacklisting [summary and stop]

[Oron Peled]

On Thursday, 24 בJuly 2008, Noam Rathaus wrote:
> Oh a friend of mine (thanks) pointed me to this:
> ISPs that block Port 25
> 
> This list contains some of the major ISPs that block port 25 on their
> servers 

That does not mean we want every ISP to copy their behaviour.

> Comcast ATTBI

Yes, those are the ones that were caught red-handed playing games
with their customers P2P traffic and are under federal investigation.
Good example indeed.

We have enough reason to suspect (big understatement) that our ISP's
are very keen on doing what these "big boys" are doing.
Thanks, but no thanks. I'll second Oleg -- ISP's are not and should
not be allowed messing with their customers traffic!

Regarding spam. AFAIR, in the standard contract with ISP's the customer
already agree not to use the account for any illegal purpose, blah,
blah,... If/when spam is formally illegal (I think the severe cases are
already covered by current law in Israel, but not sure) there would not
be a problem applying this in various ways: closing the account,
taking legal actions (e.g: compensation for the collateral damage
caused by the spammer etc.)

Let's not try to use a cure that is worse than the disease.

-- 
Oron Peled Voice/Fax: +972-4-8228492
[EMAIL PROTECTED]  http://www.actcom.co.il/~oron
"UNIX was not designed to stop you from doing stupid things, because
that would also stop you from doing clever things."
 --Doug Gwyn

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[Oleg Goldshmidt]

shimi <[EMAIL PROTECTED]> writes:

> Do you have any better solution? :)

Well, merits and downsides of different solutions may be (and are)
discussed at length. I do not intend to spend my time on it. However,
I do postulate the following: no solution that prevents me from doing
something perfectly legal and normal just because someone else
somewhere *may* be doing something nasty is utterly unacceptable. Any
solution that does not impose this restriction on me is
better. Filtering IP addresses is a crude and rude workaround with
unacceptable side effects and not a solution of the actual
problem. Generalizing further, ISPs must not filter *anything* by
default, unless specifically requested by the client.

I have used my own SMTP server for years (on a dial-up, and later on a
DSL connection, until a few months ago), and I can recall only two
recipients who rejected my emails because of it - that foreign ISP
that I mentioned earlier and HaifaU. As I mentioned, I encountered one
major email service that filtered my (then) ISP's mail servers. So
based on a representative sample of one I guess blacklists blocking
all (or Israeli) dial-up/DSL addresses are not used much.

-- 
Oleg Goldshmidt | [EMAIL PROTECTED]

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[shimi]

On Thu, Jul 24, 2008 at 8:17 PM, Oleg Goldshmidt <[EMAIL PROTECTED]> wrote:

> shimi <[EMAIL PROTECTED]> writes:
>
> > Or did you just use users dial-up/DSL/cable IP ranges in your test,
> > which SHOULD be blacklisted (why would a home user need to emit SMTP
> > traffic on his own instead of his ISP SMTP servers, where proper
> > authentication and thus logging and auditing can be taken care of?
>
> I am sorry? Why shouldn't I be able to use my own SMTP server and
> instead be forced to rely on someone else's that might or might not
> work better than mine, be blacklisted, or whatever? Why should I
> *need* my own SMTP server? Sorry, but it's none of anyone's
> business. Avoiding the ISP's "logging and auditing" can be reason
> enough.



If _every_ spammer on earth (including "what do you wanr from us? we have an
opt-out option!") would be sent to jail for a couple of years, I would
totally agree with you.

However, my filters block between _hundreds_ to _thousands_ of spam messages
_per day_, most of them coming from... those addresses. So it makes some
sense to have a list of them...

In a perfect world, I would agree with you completely; It is a hassle to use
a smarthost indeed. But until there would be some way of non-centralized
origin-authenticated SMTP with a web-of-trust domain list (so people will
not just register new domains to evade blacklisting) that you could
configure a "positive-trust-threshold" you agree to receive mail from  - I
think that having an RBL that lists spamming netblocks is a Good To Have
thing. It is the receiver who shall decide if s/he wishes to receive traffic
from people listed there... better than blocking port 25 alltogether...

Do you have any better solution? :)

-- Shimi

Re: Israeli ISP and Blacklisting

[Oleg Goldshmidt]

shimi <[EMAIL PROTECTED]> writes:

> Or did you just use users dial-up/DSL/cable IP ranges in your test,
> which SHOULD be blacklisted (why would a home user need to emit SMTP
> traffic on his own instead of his ISP SMTP servers, where proper
> authentication and thus logging and auditing can be taken care of?

I am sorry? Why shouldn't I be able to use my own SMTP server and
instead be forced to rely on someone else's that might or might not
work better than mine, be blacklisted, or whatever? Why should I
*need* my own SMTP server? Sorry, but it's none of anyone's
business. Avoiding the ISP's "logging and auditing" can be reason
enough.

I recall that at one point of time, not so long ago, I found out that
a particular foreign ISP that shall remain unnamed used exactly the
type of blocking you advocate (e.g., refuse all emails not coming from
"authorized" servers - by the way, it is not blacklisting, it is
effectively whitelisting, i.e., everything is blocked by default
except what we decide to allow). I decided to switch my home SMTP
server to use my ISP (that shall remain unnamed) as smarthost, and
quickly found out that my mail no longer gets to yahoo.com. Guess what
- I send much more email to yahoo.com addresses than to the particular
foreign ISP that implemented the stupid policy. In fact, I don't think
I have sent a single email to any address of theirs ever since.

> Most RBLs will list all non-ISP-managed block ranges for the above
> reasons, regardless of their location on the globe...

And in any geographical location with half-decent regulation this
should be outlawed outright - it is not up to an ISP or carrier to
decide what service I can or cannot run on my computers.

-- 
Oleg Goldshmidt | [EMAIL PROTECTED]

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Israeli ISP and Blacklisting

[Imri Zvik]

It means they have 208 IPs that sent at least *one* spam in the past 7 days 
from a range that includes 131070 hosts!
The way they are calculating it, it means it could be that they only got 208 
spam emails in the last 7 days, and that was enough to block the whole A class. 
I'm sorry, but this is not reasonable - It doesn't even leave room for the ISP 
to cooperate and deal with the spammer.

I need to understand - are you in favor of blocking port 25? How many people in 
this list thinks it's a good idea?


-Original Message-
From: Noam Rathaus [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 24, 2008 4:36 PM
To: Imri Zvik
Cc: shimi; linux-il
Subject: Re: Israeli ISP and Blacklisting

Just my two cents, I checked a few IP addresses that are listed under the AS 
of zahav.net.il, as well as the mail server of zahav.net.il

And it is very close to getting RBL blocked:

84.94.0.0/15 - ATTENTION Increased Listingrisk  - Level 1 listed spammers
within the last 7 days 208 -Escalation to Level 2
by Level 1 records 445

But ignore it, as this RBL (http://www.uceprotect.net/en/rblcheck.php) is 
nothing to worry about, as you mentioned - rarely used or trusted.

On Thursday 24 July 2008 16:30:50 Imri Zvik wrote:
> Shimi,
>
>
>
> I cannot speak on behalf of other ISPs, but if you have problems with the
> one I'm working at, please share the information with me, and I promise you
> I will get to the bottom of this.
>
>
>
> Bottom line, I can assure you that *WE* are doing *a lot* to deal with spam
> from our mail system/network. Again, as evidence we have good scores at big
> and widely used RBLs.
>
> I also know, from second hand, that the other ISPs are also putting a lot
> of efforts in order to deal with this issue.
>
> This all discussion started from *one* RBL which is notorious for its harsh
> treatment. No one provided any specific problem, and everybody jumped into
> the conclusion that if this RBL is blocking you, it means you are not doing
> anything to deal with spam. This conclusion is just wrong.
>
>
>
>
>
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shimi
> Sent: Thursday, July 24, 2008 4:16 PM
> To: Imri Zvik
> Cc: Noam Rathaus; linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
>
>
> Imri,
>
> On Thu, Jul 24, 2008 at 3:57 PM, Imri Zvik <[EMAIL PROTECTED]> wrote:
>
> How do you know abuse@ doesn't "really take care of users"? It seems like
> your whole response is generalizing and vague.
>
>
> I know because if after two weeks from their reply that they will "handle
> it" I see the same user doing the same thing again from the same ISP,
> then...
>
> What does an AUP worth if it is not enforced?
>
> The whole Israeli spam market is dominated by a VERY little amount of
> people, and there is a reason that they're still spamming. Given that there
> are like 3 ISPs in the country nowdays, they're not doing so because they
> jump from an ISP to ISP after each one is denying them service, rather then
> because they're paying customers, and denying them service means less
> income.
>
>
>
>   I don't see how the old QoS argument as anything to do with dealing with
> abuse. I must remind you that downloading copyrighted materiel is
> officially abuse too.
>
>
> It does for a very simple reason; ISPs care only about cashflow. Removing
> bad users from the possibility to get service leads for less profits.
> Paying more for bandwidth leads for less profits.
>
> Re. your comment about copyrighted material, I have three things to say:
>
> 1.I don't really understand how is that abuse; You're not attacking any
> system, and you're distrubing no-one (besides RIAA, BSA and others - but
> that's not abuse). 2. The ISPs want to play the police and court? Fine, I
> guess it's their right (and being a FOSS user, I couldn't care less...) -
> if the law permits them to observe traffic and sabotage it - I have no
> problem with that (what about BitTorrent to download the latest Linux
> release?) 3.  They DENY the fact that they're doing it! They claim that
> "there are no means to do that!". If you don't believe me, read official
> commentary from various spokesmen in Ynet articles regarding slow P2P in
> various ISPs.
>
> Finally, I was not even talking about P2P - that was YOUR assumption.
> They're [at least some of them] QoSing NON-HTTP traffic. Like CVS checkout
> from an Open Source project, or my connection to an IRC network (how else
> can you explain a 180ms ICMP but a 1 second IRC "ping" command roundtrip?).
> How is that an abuse or illegal?
>
> But that's really OT, so let's stop here. I was just giving another example
> for "we deserve this for not standing for our customer rights".
>
> -- Shimi


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

Re: Israeli ISP and Blacklisting [summary and stop]

[Noam Rathaus]

Oh a friend of mine (thanks) pointed me to this:
ISPs that block Port 25

This list contains some of the major ISPs that block port 25 on their servers 
(http://www.postcastserver.com/help/Port_25_Blocking.aspx):
AT&T (can be unblocked at the request)
MindSpring
BellSouth
MSN
CableOne
NetZero
Charter
People PC
Comcast ATTBI
Sprynet
Cox
Sympatico.ca
EarthLink
Verio
Flashnet
Verizon
MediaOne

All are ISPs that understand the problem port 25 poses, and decided to do 
something   

 
On Thursday 24 July 2008 18:21:57 Noam Rathaus wrote:
> Hi,
>
> 1) You are right, but not every plays by the rules, we recently had to
> prevent ezmlm from sending bounces for unsubscribed people as it was being
> used for spam, and getting us spam marked - so playing by the rules might
> be the right thing, but it is not always the intelligent thing to do.
>
> 2) I heard you the 10th time, I told you don't block, I think in today's
> world it is reasonable to block port 25, people either use:
> a) web mail (Gmail, Yahoo, Walla, etc)
> b) corporate mail via VPN
> c) home mail (outlook express, etc) at home
>
> None of this falls under the Internet cafe problem, and I know, as I drank
> quite a few cafes in my life.
>
> uceprotect is one example, if I had another one I would show it, sorry,
> doesn't mean its not the right/wrong example.
>
> On Thursday 24 July 2008 17:46:51 Imri Zvik wrote:
> > 1. Usually it would block the sending system during the SMTP session - so
> > if the mail system you are using is properly configured you should get
> > ALL the bounces.
> >
> > 2. You ignored my repeated question - Do you think blocking port 25 all
> > together (as they suggest) is a good idea? Keep in mind that if all ISPs
> > where to implement that, and you are a Netvision customer, for example,
> > and want to send email through 012 Smile mail system using your username
> > and password at 012, It wouldn't be possible.
> >
> > If you are sitting at some coffee place that offers free wifi with ISP
> > different than yours, and want to send an email using your ISP mail
> > servers, you wouldn't be able to do that.
> >
> > If you have your own mail server and don't want to route your email
> > through your ISP - you wouldn't be able to do that.
> >
> > This is the *only* way you can live up to uceprotect's expectations in
> > the long run.
> >
> > I am *really* interested to know how many users in this list are pro this
> > suggestion, and how many are against it.
> >
> >
> >
> >
> > -Original Message-
> > From: Noam Rathaus [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, July 24, 2008 5:13 PM
> > To: Imri Zvik
> > Cc: linux-il
> > Subject: Re: Israeli ISP and Blacklisting [summary and stop]
> >
> > Hi,
> >
> > I am not completely blocked, but I don't want to be partially blocked
> > either.
> >
> > At least two emails bounced (to two unique destinations) saying we were
> > blacklisted, I cannot tell you how many were blocked and didn't bounce -
> > it will take me days, if ever to know.
> >
> > I will solve your security problems, can't help you with your spam
> > problems - not my expertise.
> >
> > Arik didn't disappear, maybe he has work to do beside answering emails
> > here - I trust Arik to get back to you.
> >
> > On Thursday 24 July 2008 17:06:04 Imri Zvik wrote:
> > > Again, you are putting it as if you are completely blocked and you
> > > cannot send mails at all. Can you please tell me how many of your mails
> > > were blocked due to this listing, and to how many unique destinations?
> > >
> > > Only one person (Arik) complained about actual problem, and when I
> > > asked for information he disappeared.
> > >
> > > It seems you don't really want to solve anything, or suggest any
> > > feasible solutions.
> > >
> > > I ask again - do you think blocking port 25 completely is a good idea?
> > > Can you live with that? How many people in this list thinks it's a good
> > > idea?
> > >
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of Noam Rathaus Sent:
> > > Thursday, July 24, 2008 4:33 PM
> > > To: linux-il
> > > Subject: Re: Israeli ISP and Blacklisting [summary and stop]
> > >
> > > Hi,
> > >
> > > My last email on the subject :)
> > >
> > > As it appears that some people are pro-ISP, some are con-ISP, and I
> > > don't care which is which
> > >
> > > All I wanted to see, whether this is a global issue, apparently it is,
> > > more than one is willing to talk about it, I believe others simply
> > > don't know they are blacklisted, others have yet to be affected by it,
> > > and others more don't know they are affected.
> > >
> > > And me as the person wanting to send emails in a non-spam and legal way
> > > is left with the only alternative to move out his servers from Israel -
> > > specifically the mail server - as Israeli ISPs are RBLed - YES YES just
> > > one RBL and he is a bad bad RBL - which asks too many things - but
> > > apparently some ISPs ag

Re: Israeli ISP and Blacklisting [summary and stop]

[Arik Baratz]

On Fri, Jul 25, 2008 at 12:13 AM, Noam Rathaus <[EMAIL PROTECTED]>
wrote:

>
> Arik didn't disappear, maybe he has work to do beside answering emails here
> -
> I trust Arik to get back to you.
>
> > Only one person (Arik) complained about actual problem, and when I asked
> > for information he disappeared.
>
>
Nope I didn't disappear - I sent a message 35 minutes ago to the list -
wasn't it received?

-- Arik

RE: Israeli ISP and Blacklisting

[Imri Zvik]

You are again misreading what I wrote.
I never said we are not dealing with it, but that I don't think that
blocking people access all together is a good solution.
Again, you are clinging to *ONE* RBL, ignoring the *GOOD* scores at
other major RBLs.



Please don't distort my words.


-Original Message-
From: Noam Rathaus [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 24, 2008 4:43 PM
To: Imri Zvik
Cc: Omer Zak; linux-il
Subject: Re: Israeli ISP and Blacklisting

Imri,

Ok - don't block anything.

Continue as usual

I understand that this war was lost when I renewed my contract for
server 
hosting in Israel.

I should have seen this and moved them to somewhere better.

If that doesn't bring to light the issue - causes to to understand that
this 
needs to be resolved, I guess I didn't do my job correctly.

On Thursday 24 July 2008 16:37:50 Imri Zvik wrote:
> Noam,
>
> You do realize that what you mean is that the ISP will block port 25
all
> together - meaning, that all of you people running your own mail
server
> at home will be forced to use your ISP as a smarthost (either with
> manual configuration, or using traffic redirection at the ISP
routers).
>
> I'm sure you already forgot, but when the ISPs blocked the netbios
ports
> few years ago in order to stop worms outbreaks, a lot of people
> complained that the ISPs shouldn't block ports at all.
>
>
>
> -Original Message-
> From: Noam Rathaus [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 24, 2008 4:24 PM
> To: Imri Zvik
> Cc: Omer Zak; linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
> Hi,
>
> This RBL, even if is a bit extremist, is something used by a few of
our
> customers's commercial spam filtering product.
>
> So this affects not just me, but others, but I am getting the feeling
> here
> that the messenger is getting shot, and we are giving a lean hand to
the
>
> ISPs, as it is too difficult to "protected themselves".
>
> But if you are happy with the level of service Israeli ISPs are
giving,
> enjoy,
> I think for one, customers should demand better.
>
> This debate brings me back to the day when Code Red was bringing down
> servers,
> and people complained that ISPs wouldn't block offending computers,
and
> the
> ISPs retaliated with freedom of speak and moving response - silly.
Same
> here,
> the ISP should prevent SPAM I don't care how, but they should, I am
> working
> with T-Mobile both in Europe and in United States, and you (as an end
> customer) send out mail directly unless it goes through their SMTP
> servers -
> if you have a VPN do whatever you want.
>
> BTW The company takes money in order to discourge people from nagging
> them to
> get removed.
>
> On Thursday 24 July 2008 15:45:03 Imri Zvik wrote:
> > Noam,
> > Again, and I will try to type it slowly so you can understand - You
>
> are
>
> > talking about *ONE* RBL, which is notorious for blocking whole AS,
and
> > refusing to work with it's abuse departments. You are clinging to
this
> > RBL listing as if being listed at this particular RBL means that we
>
> (as
>
> > in Israel or the ISP) are now completely cut-off from the world, or
>
> that
>
> > if you are listed in this RBL it means your ISP is doing nothing to
> > fight abuse.
> >
> > It's either you misunderstand how extreme this RBL is, and how fast
>
> and
>
> > for how little they block a whole AS, or you are just trying to
flame.
> >
> >
> >
> > -Original Message-
> > From: Noam Rathaus [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, July 24, 2008 3:09 PM
> > To: Imri Zvik
> > Cc: Omer Zak; linux-il
> > Subject: Re: Israeli ISP and Blacklisting
> >
> > Hi,
> >
> > You are right, it is easy to get RBLed, and semi-easy to get out of
an
> > RBL,
> > but it doesn't help to email abuse@ or anything else, if your ISP is
> > marked
> > as bad.
> >
> > On Thursday 24 July 2008 14:31:48 Imri Zvik wrote:
> > > *Sigh* Don't you have anything better to do? I can report that
>
> Israeli
>
> > > ISPs get decent cooperation (well most of the times, and from most
> > > RBLs). No one is going to block Israel completely.
> > >
> > > If you have a specific email that was blocked, or a specific RBL
>
> (with
>
> > > reasonable demands) you want to be removed from, please email
abuse@
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of Omer Zak
> > > Sent: Thursday, July 24, 2008 1:38 PM
> > > To: linux-il
> > > Subject: Re: Israeli ISP and Blacklisting
> > >
> > > I have E-mailed my ISP about this.
> > >
> > > You may want to add to your E-mail to your ISP also your concerns
>
> that
>
> > > since ALL Israeli ISPs are blacklisted, the entire country is in
> >
> > danger
> >
> > > of being backlisted as a country.
> > >
> > > While the real reason for such an action would be political, the
>
> spam
>
> > > handling situation is too convenient excuse to pass up.
> > >
> > > On Thu, 2008-07-24 at 12:57 +0300, Noam Rathaus wrote:
> > > > Hi,
> > > >
>

Re: Israeli ISP and Blacklisting [summary and stop]

[Noam Rathaus]

Hi,

1) You are right, but not every plays by the rules, we recently had to prevent 
ezmlm from sending bounces for unsubscribed people as it was being used for 
spam, and getting us spam marked - so playing by the rules might be the right 
thing, but it is not always the intelligent thing to do.

2) I heard you the 10th time, I told you don't block, I think in today's world 
it is reasonable to block port 25, people either use:
a) web mail (Gmail, Yahoo, Walla, etc)
b) corporate mail via VPN
c) home mail (outlook express, etc) at home

None of this falls under the Internet cafe problem, and I know, as I drank 
quite a few cafes in my life.

uceprotect is one example, if I had another one I would show it, sorry, 
doesn't mean its not the right/wrong example.

On Thursday 24 July 2008 17:46:51 Imri Zvik wrote:
> 1. Usually it would block the sending system during the SMTP session - so
> if the mail system you are using is properly configured you should get ALL
> the bounces.
>
> 2. You ignored my repeated question - Do you think blocking port 25 all
> together (as they suggest) is a good idea? Keep in mind that if all ISPs
> where to implement that, and you are a Netvision customer, for example, and
> want to send email through 012 Smile mail system using your username and
> password at 012, It wouldn't be possible.
>
> If you are sitting at some coffee place that offers free wifi with ISP
> different than yours, and want to send an email using your ISP mail
> servers, you wouldn't be able to do that.
>
> If you have your own mail server and don't want to route your email through
> your ISP - you wouldn't be able to do that.
>
> This is the *only* way you can live up to uceprotect's expectations in the
> long run.
>
> I am *really* interested to know how many users in this list are pro this
> suggestion, and how many are against it.
>
>
>
>
> -Original Message-
> From: Noam Rathaus [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 24, 2008 5:13 PM
> To: Imri Zvik
> Cc: linux-il
> Subject: Re: Israeli ISP and Blacklisting [summary and stop]
>
> Hi,
>
> I am not completely blocked, but I don't want to be partially blocked
> either.
>
> At least two emails bounced (to two unique destinations) saying we were
> blacklisted, I cannot tell you how many were blocked and didn't bounce - it
> will take me days, if ever to know.
>
> I will solve your security problems, can't help you with your spam problems
> - not my expertise.
>
> Arik didn't disappear, maybe he has work to do beside answering emails here
> - I trust Arik to get back to you.
>
> On Thursday 24 July 2008 17:06:04 Imri Zvik wrote:
> > Again, you are putting it as if you are completely blocked and you cannot
> > send mails at all. Can you please tell me how many of your mails were
> > blocked due to this listing, and to how many unique destinations?
> >
> > Only one person (Arik) complained about actual problem, and when I asked
> > for information he disappeared.
> >
> > It seems you don't really want to solve anything, or suggest any feasible
> > solutions.
> >
> > I ask again - do you think blocking port 25 completely is a good idea?
> > Can you live with that? How many people in this list thinks it's a good
> > idea?
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Noam Rathaus Sent:
> > Thursday, July 24, 2008 4:33 PM
> > To: linux-il
> > Subject: Re: Israeli ISP and Blacklisting [summary and stop]
> >
> > Hi,
> >
> > My last email on the subject :)
> >
> > As it appears that some people are pro-ISP, some are con-ISP, and I don't
> > care which is which
> >
> > All I wanted to see, whether this is a global issue, apparently it is,
> > more than one is willing to talk about it, I believe others simply don't
> > know they are blacklisted, others have yet to be affected by it, and
> > others more don't know they are affected.
> >
> > And me as the person wanting to send emails in a non-spam and legal way
> > is left with the only alternative to move out his servers from Israel -
> > specifically the mail server - as Israeli ISPs are RBLed - YES YES just
> > one RBL and he is a bad bad RBL - which asks too many things - but
> > apparently some ISPs agree to doing it.
> >
> > On Thursday 24 July 2008 15:58:42 you wrote:
> > > On Thu, Jul 24, 2008 at 10:11 PM, Noam Rathaus
> > > <[EMAIL PROTECTED]> wrote:
> > >
> > > I am taking my "stuff" elsewhere, the ISP's responsibility is to
> > > provide
> > >
> > > > service, and it should be good service - meaning stopping others from
> > > > abusing
> > > > the network, which in turn is used against me - as I am blocked in an
> > > > RBL.
> > >
> > > Let me suggest a radical idea.
> > >
> > > I think that it is a good thing that Israel will be blocked in as many
> > > RBLs as possible.
> > >
> > > And here's why. For the people on this list, it's a big deal but not
> > > critical. I put it to you that most companies will deal with it one way
>

RE: Israeli ISP and Blacklisting [summary and stop]

[Imri Zvik]

1. Usually it would block the sending system during the SMTP session - so if 
the mail system you are using is properly configured you should get ALL the 
bounces.

2. You ignored my repeated question - Do you think blocking port 25 all 
together (as they suggest) is a good idea? Keep in mind that if all ISPs where 
to implement that, and you are a Netvision customer, for example, and want to 
send email through 012 Smile mail system using your username and password at 
012, It wouldn't be possible.

If you are sitting at some coffee place that offers free wifi with ISP 
different than yours, and want to send an email using your ISP mail servers, 
you wouldn't be able to do that.

If you have your own mail server and don't want to route your email through 
your ISP - you wouldn't be able to do that.

This is the *only* way you can live up to uceprotect's expectations in the long 
run.

I am *really* interested to know how many users in this list are pro this 
suggestion, and how many are against it.

 


-Original Message-
From: Noam Rathaus [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 24, 2008 5:13 PM
To: Imri Zvik
Cc: linux-il
Subject: Re: Israeli ISP and Blacklisting [summary and stop]

Hi,

I am not completely blocked, but I don't want to be partially blocked either.

At least two emails bounced (to two unique destinations) saying we were 
blacklisted, I cannot tell you how many were blocked and didn't bounce - it 
will take me days, if ever to know.

I will solve your security problems, can't help you with your spam problems - 
not my expertise.

Arik didn't disappear, maybe he has work to do beside answering emails here - 
I trust Arik to get back to you.

On Thursday 24 July 2008 17:06:04 Imri Zvik wrote:
> Again, you are putting it as if you are completely blocked and you cannot
> send mails at all. Can you please tell me how many of your mails were
> blocked due to this listing, and to how many unique destinations?
>
> Only one person (Arik) complained about actual problem, and when I asked
> for information he disappeared.
>
> It seems you don't really want to solve anything, or suggest any feasible
> solutions.
>
> I ask again - do you think blocking port 25 completely is a good idea? Can
> you live with that? How many people in this list thinks it's a good idea?
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Noam Rathaus Sent: Thursday, July 24, 2008 4:33 PM
> To: linux-il
> Subject: Re: Israeli ISP and Blacklisting [summary and stop]
>
> Hi,
>
> My last email on the subject :)
>
> As it appears that some people are pro-ISP, some are con-ISP, and I don't
> care which is which
>
> All I wanted to see, whether this is a global issue, apparently it is, more
> than one is willing to talk about it, I believe others simply don't know
> they are blacklisted, others have yet to be affected by it, and others more
> don't know they are affected.
>
> And me as the person wanting to send emails in a non-spam and legal way is
> left with the only alternative to move out his servers from Israel -
> specifically the mail server - as Israeli ISPs are RBLed - YES YES just one
> RBL and he is a bad bad RBL - which asks too many things - but apparently
> some ISPs agree to doing it.
>
> On Thursday 24 July 2008 15:58:42 you wrote:
> > On Thu, Jul 24, 2008 at 10:11 PM, Noam Rathaus <[EMAIL PROTECTED]>
> > wrote:
> >
> > I am taking my "stuff" elsewhere, the ISP's responsibility is to provide
> >
> > > service, and it should be good service - meaning stopping others from
> > > abusing
> > > the network, which in turn is used against me - as I am blocked in an
> > > RBL.
> >
> > Let me suggest a radical idea.
> >
> > I think that it is a good thing that Israel will be blocked in as many
> > RBLs as possible.
> >
> > And here's why. For the people on this list, it's a big deal but not
> > critical. I put it to you that most companies will deal with it one way
> > or another, by tunneling their ways somehow. I can think of 10 ways right
> > now.
> >
> > The people who will suffer are the "regular users", those who use the ISP
> > mailbox (gaaa!) and have zero technical knowhow. There are a lot of them,
> > which means that they will make a lot of noise.
> >
> > The ISPs will then become a relatively unregulated industry that
> > apparently doesn't work properly without regulation. It also has a status
> > of a quasi-essential infrastructure. I sincerely hope that the regulator
> > will step up to the plate and regulate the ISPs and what they need to do
> > to spammers, in an effort to make the infrastructure usable again. Maybe
> > our star will shine and we'll see some heavy-handed anti-spam law,
> > especially if the ISPs respond to regulation by saying the burden is too
> > high because spammers don't have an incentive to stop.
> >
> > So before you start flaming, consider this: Change only happen out of
> > necessity. The stronger the necessity - the 

Re: Israeli ISP and Blacklisting

[Arik Baratz]

On Thu, Jul 24, 2008 at 11:59 PM, Imri Zvik <[EMAIL PROTECTED]> wrote:

> It means they have 208 IPs that sent at least *one* spam in the past 7 days
> from a range that includes 131070 hosts!
> The way they are calculating it, it means it could be that they only got
> 208 spam emails in the last 7 days, and that was enough to block the whole A
> class. I'm sorry, but this is not reasonable - It doesn't even leave room
> for the ISP to cooperate and deal with the spammer.
>
> I need to understand - are you in favor of blocking port 25? How many
> people in this list thinks it's a good idea?
>
>
Although I don't think it's good to block port 25, I think that allowing
port 25 only for customers who sign an agreement which says that:

* They will pay 1500NIS for every message from their account
   - backed by a credit card with pre-authorization of the card
* If a recipient has complained
   - showing the full headers
   - and the message was sent in bulk
   - and the sender cannot prove that the recipient actually asked for the
message
  = by showing the double opt-in message logs complete with IP addresses

Sometimes people forget that they signed up for a list.

-- Arik

Re: Israeli ISP and Blacklisting

[Arik Baratz]

On Thu, Jul 24, 2008 at 11:22 PM, Imri Zvik <[EMAIL PROTECTED]> wrote:

>  I can only assume you are addressing me.
>
Due to the latest trend of libel suits, I cannot confirm nor deny.


>  You are just flaming now. You have no idea what we are doing to stop or
> fight spam, and this public list is not the place to list those things.
>
> For the particular ISP I was talking about, I know that the same
authenticated user has sent me messages after several complaints, so I know
for a fact that the same user keeps spamming. I'm only answering you here
because I don't want to create the state of "שתיקה כהודאה" (silence as
admittance, lit trans)


>
> 2.   If you have any repeating issues with spammers using our mail
> system, I would be GLAD to know about it. Please provide me with full
> headers.
>
>
I appreciate your suggestion. I will obviously not contact you because that
would mean that you are the ISP I was talking about. I will however make an
attempt to create a compendium of the headers from the last 30 days of spam
that I have and send it to the abuse address of the offending ISP. It will
take me some time as analyzing 1000s of spam messages means that I need to
write code to do it, but I will get to it eventually.

-- Arik

Re: Israeli ISP and Blacklisting

[Noam Rathaus]

Hi,

This RBL, even if is a bit extremist, is something used by a few of our 
customers's commercial spam filtering product.

So this affects not just me, but others, but I am getting the feeling here 
that the messenger is getting shot, and we are giving a lean hand to the 
ISPs, as it is too difficult to "protected themselves".

But if you are happy with the level of service Israeli ISPs are giving, enjoy, 
I think for one, customers should demand better.

This debate brings me back to the day when Code Red was bringing down servers, 
and people complained that ISPs wouldn't block offending computers, and the 
ISPs retaliated with freedom of speak and moving response - silly. Same here, 
the ISP should prevent SPAM I don't care how, but they should, I am working 
with T-Mobile both in Europe and in United States, and you (as an end 
customer) send out mail directly unless it goes through their SMTP servers - 
if you have a VPN do whatever you want.

BTW The company takes money in order to discourge people from nagging them to 
get removed.

On Thursday 24 July 2008 15:45:03 Imri Zvik wrote:
> Noam,
> Again, and I will try to type it slowly so you can understand - You are
> talking about *ONE* RBL, which is notorious for blocking whole AS, and
> refusing to work with it's abuse departments. You are clinging to this
> RBL listing as if being listed at this particular RBL means that we (as
> in Israel or the ISP) are now completely cut-off from the world, or that
> if you are listed in this RBL it means your ISP is doing nothing to
> fight abuse.
>
> It's either you misunderstand how extreme this RBL is, and how fast and
> for how little they block a whole AS, or you are just trying to flame.
>
>
>
> -Original Message-
> From: Noam Rathaus [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 24, 2008 3:09 PM
> To: Imri Zvik
> Cc: Omer Zak; linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
> Hi,
>
> You are right, it is easy to get RBLed, and semi-easy to get out of an
> RBL,
> but it doesn't help to email abuse@ or anything else, if your ISP is
> marked
> as bad.
>
> On Thursday 24 July 2008 14:31:48 Imri Zvik wrote:
> > *Sigh* Don't you have anything better to do? I can report that Israeli
> > ISPs get decent cooperation (well most of the times, and from most
> > RBLs). No one is going to block Israel completely.
> >
> > If you have a specific email that was blocked, or a specific RBL (with
> > reasonable demands) you want to be removed from, please email abuse@
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Omer Zak
> > Sent: Thursday, July 24, 2008 1:38 PM
> > To: linux-il
> > Subject: Re: Israeli ISP and Blacklisting
> >
> > I have E-mailed my ISP about this.
> >
> > You may want to add to your E-mail to your ISP also your concerns that
> > since ALL Israeli ISPs are blacklisted, the entire country is in
>
> danger
>
> > of being backlisted as a country.
> >
> > While the real reason for such an action would be political, the spam
> > handling situation is too convenient excuse to pass up.
> >
> > On Thu, 2008-07-24 at 12:57 +0300, Noam Rathaus wrote:
> > > Hi,
> > >
> > > Has anyone here tried to get the Bezeq Internation, Barak or
>
> Netvision
>
> > to get
> >
> > > them off the blacklisting found here:
> > > http://www.uceprotect.net/en/rblcheck.php
> > >
> > > Apparently all the Israeli ISP are blacklisted here (any host you
>
> put
>
> > there in
> >
> > > their hosting range) - and all because they don't have a policy of
> >
> > cleaning
> >
> > > up their network from spammers.
> > >
> > > This means we are all losing emails we send because our ISPs are
>
> doing
>
> > a bad
> >
> > > job.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting [summary and stop]

[Noam Rathaus]

Hi,

My last email on the subject :)

As it appears that some people are pro-ISP, some are con-ISP, and I don't care 
which is which

All I wanted to see, whether this is a global issue, apparently it is, more 
than one is willing to talk about it, I believe others simply don't know they 
are blacklisted, others have yet to be affected by it, and others more don't 
know they are affected.

And me as the person wanting to send emails in a non-spam and legal way is 
left with the only alternative to move out his servers from Israel - 
specifically the mail server - as Israeli ISPs are RBLed - YES YES just one 
RBL and he is a bad bad RBL - which asks too many things - but apparently 
some ISPs agree to doing it.


On Thursday 24 July 2008 15:58:42 you wrote:
> On Thu, Jul 24, 2008 at 10:11 PM, Noam Rathaus <[EMAIL PROTECTED]>
> wrote:
>
> I am taking my "stuff" elsewhere, the ISP's responsibility is to provide
>
> > service, and it should be good service - meaning stopping others from
> > abusing
> > the network, which in turn is used against me - as I am blocked in an
> > RBL.
>
> Let me suggest a radical idea.
>
> I think that it is a good thing that Israel will be blocked in as many RBLs
> as possible.
>
> And here's why. For the people on this list, it's a big deal but not
> critical. I put it to you that most companies will deal with it one way or
> another, by tunneling their ways somehow. I can think of 10 ways right now.
>
> The people who will suffer are the "regular users", those who use the ISP
> mailbox (gaaa!) and have zero technical knowhow. There are a lot of them,
> which means that they will make a lot of noise.
>
> The ISPs will then become a relatively unregulated industry that apparently
> doesn't work properly without regulation. It also has a status of a
> quasi-essential infrastructure. I sincerely hope that the regulator will
> step up to the plate and regulate the ISPs and what they need to do to
> spammers, in an effort to make the infrastructure usable again. Maybe our
> star will shine and we'll see some heavy-handed anti-spam law, especially
> if the ISPs respond to regulation by saying the burden is too high because
> spammers don't have an incentive to stop.
>
> So before you start flaming, consider this: Change only happen out of
> necessity. The stronger the necessity - the swifter the change. Lithium-ion
> batteries did not come to be before laptops and cellphones became a
> commodity. Hybrid cars didn't become a reality before gas prices went so
> high that people actually started buying them. And conversly, think of
> Israel's desalination plants - how they come to be whenever there's a year
> or two of draft, and then fall apart at the first sign of a rainy year.
>
> And since one of the participants in this discussion at least seems to work
> for an ISP, the same ISP from which I get most of my Hebrew spam, the same
> ISP from which spam contains the header of the ISP's own relay, and passes
> SPF checks, the same ISP which gets messages to the abuse alias from me
> every month and never responds (robots excluded) - I view your behaviour as
> aiding and abetting the spammers. I have proof that the addresses the
> spammers use could never have been gotten from me (heck my domain was
> dictionary-attacked by them), and I hope that you get blacklisted as much
> as possible. I also hope that your users leave you for this very reason and
> that you fail financially, so the spammers have to find a less hospitable
> environ. I wish this ruin on you because you are acting, in my personal
> opinion, in bad faith and in cohorts with the sort of people who I would
> like to see their activity as felonious. I hope that once the regulation
> comes you will continue with your bad behaviour as to become the first test
> case of disobeying the regulation and that you shall lose and become the
> precedent for any other such case. You know who you are.
>
> -- Arik


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[Noam Rathaus]

Just my two cents, I checked a few IP addresses that are listed under the AS 
of zahav.net.il, as well as the mail server of zahav.net.il

And it is very close to getting RBL blocked:

84.94.0.0/15 - ATTENTION Increased Listingrisk  - Level 1 listed spammers
within the last 7 days 208 -Escalation to Level 2
by Level 1 records 445

But ignore it, as this RBL (http://www.uceprotect.net/en/rblcheck.php) is 
nothing to worry about, as you mentioned - rarely used or trusted.

On Thursday 24 July 2008 16:30:50 Imri Zvik wrote:
> Shimi,
>
>
>
> I cannot speak on behalf of other ISPs, but if you have problems with the
> one I'm working at, please share the information with me, and I promise you
> I will get to the bottom of this.
>
>
>
> Bottom line, I can assure you that *WE* are doing *a lot* to deal with spam
> from our mail system/network. Again, as evidence we have good scores at big
> and widely used RBLs.
>
> I also know, from second hand, that the other ISPs are also putting a lot
> of efforts in order to deal with this issue.
>
> This all discussion started from *one* RBL which is notorious for its harsh
> treatment. No one provided any specific problem, and everybody jumped into
> the conclusion that if this RBL is blocking you, it means you are not doing
> anything to deal with spam. This conclusion is just wrong.
>
>
>
>
>
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shimi
> Sent: Thursday, July 24, 2008 4:16 PM
> To: Imri Zvik
> Cc: Noam Rathaus; linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
>
>
> Imri,
>
> On Thu, Jul 24, 2008 at 3:57 PM, Imri Zvik <[EMAIL PROTECTED]> wrote:
>
> How do you know abuse@ doesn't "really take care of users"? It seems like
> your whole response is generalizing and vague.
>
>
> I know because if after two weeks from their reply that they will "handle
> it" I see the same user doing the same thing again from the same ISP,
> then...
>
> What does an AUP worth if it is not enforced?
>
> The whole Israeli spam market is dominated by a VERY little amount of
> people, and there is a reason that they're still spamming. Given that there
> are like 3 ISPs in the country nowdays, they're not doing so because they
> jump from an ISP to ISP after each one is denying them service, rather then
> because they're paying customers, and denying them service means less
> income.
>
>
>
>   I don't see how the old QoS argument as anything to do with dealing with
> abuse. I must remind you that downloading copyrighted materiel is
> officially abuse too.
>
>
> It does for a very simple reason; ISPs care only about cashflow. Removing
> bad users from the possibility to get service leads for less profits.
> Paying more for bandwidth leads for less profits.
>
> Re. your comment about copyrighted material, I have three things to say:
>
> 1.I don't really understand how is that abuse; You're not attacking any
> system, and you're distrubing no-one (besides RIAA, BSA and others - but
> that's not abuse). 2. The ISPs want to play the police and court? Fine, I
> guess it's their right (and being a FOSS user, I couldn't care less...) -
> if the law permits them to observe traffic and sabotage it - I have no
> problem with that (what about BitTorrent to download the latest Linux
> release?) 3.  They DENY the fact that they're doing it! They claim that
> "there are no means to do that!". If you don't believe me, read official
> commentary from various spokesmen in Ynet articles regarding slow P2P in
> various ISPs.
>
> Finally, I was not even talking about P2P - that was YOUR assumption.
> They're [at least some of them] QoSing NON-HTTP traffic. Like CVS checkout
> from an Open Source project, or my connection to an IRC network (how else
> can you explain a 180ms ICMP but a 1 second IRC "ping" command roundtrip?).
> How is that an abuse or illegal?
>
> But that's really OT, so let's stop here. I was just giving another example
> for "we deserve this for not standing for our customer rights".
>
> -- Shimi


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting [summary and stop]

[Noam Rathaus]

Hi,

I am not completely blocked, but I don't want to be partially blocked either.

At least two emails bounced (to two unique destinations) saying we were 
blacklisted, I cannot tell you how many were blocked and didn't bounce - it 
will take me days, if ever to know.

I will solve your security problems, can't help you with your spam problems - 
not my expertise.

Arik didn't disappear, maybe he has work to do beside answering emails here - 
I trust Arik to get back to you.

On Thursday 24 July 2008 17:06:04 Imri Zvik wrote:
> Again, you are putting it as if you are completely blocked and you cannot
> send mails at all. Can you please tell me how many of your mails were
> blocked due to this listing, and to how many unique destinations?
>
> Only one person (Arik) complained about actual problem, and when I asked
> for information he disappeared.
>
> It seems you don't really want to solve anything, or suggest any feasible
> solutions.
>
> I ask again - do you think blocking port 25 completely is a good idea? Can
> you live with that? How many people in this list thinks it's a good idea?
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Noam Rathaus Sent: Thursday, July 24, 2008 4:33 PM
> To: linux-il
> Subject: Re: Israeli ISP and Blacklisting [summary and stop]
>
> Hi,
>
> My last email on the subject :)
>
> As it appears that some people are pro-ISP, some are con-ISP, and I don't
> care which is which
>
> All I wanted to see, whether this is a global issue, apparently it is, more
> than one is willing to talk about it, I believe others simply don't know
> they are blacklisted, others have yet to be affected by it, and others more
> don't know they are affected.
>
> And me as the person wanting to send emails in a non-spam and legal way is
> left with the only alternative to move out his servers from Israel -
> specifically the mail server - as Israeli ISPs are RBLed - YES YES just one
> RBL and he is a bad bad RBL - which asks too many things - but apparently
> some ISPs agree to doing it.
>
> On Thursday 24 July 2008 15:58:42 you wrote:
> > On Thu, Jul 24, 2008 at 10:11 PM, Noam Rathaus <[EMAIL PROTECTED]>
> > wrote:
> >
> > I am taking my "stuff" elsewhere, the ISP's responsibility is to provide
> >
> > > service, and it should be good service - meaning stopping others from
> > > abusing
> > > the network, which in turn is used against me - as I am blocked in an
> > > RBL.
> >
> > Let me suggest a radical idea.
> >
> > I think that it is a good thing that Israel will be blocked in as many
> > RBLs as possible.
> >
> > And here's why. For the people on this list, it's a big deal but not
> > critical. I put it to you that most companies will deal with it one way
> > or another, by tunneling their ways somehow. I can think of 10 ways right
> > now.
> >
> > The people who will suffer are the "regular users", those who use the ISP
> > mailbox (gaaa!) and have zero technical knowhow. There are a lot of them,
> > which means that they will make a lot of noise.
> >
> > The ISPs will then become a relatively unregulated industry that
> > apparently doesn't work properly without regulation. It also has a status
> > of a quasi-essential infrastructure. I sincerely hope that the regulator
> > will step up to the plate and regulate the ISPs and what they need to do
> > to spammers, in an effort to make the infrastructure usable again. Maybe
> > our star will shine and we'll see some heavy-handed anti-spam law,
> > especially if the ISPs respond to regulation by saying the burden is too
> > high because spammers don't have an incentive to stop.
> >
> > So before you start flaming, consider this: Change only happen out of
> > necessity. The stronger the necessity - the swifter the change.
> > Lithium-ion batteries did not come to be before laptops and cellphones
> > became a commodity. Hybrid cars didn't become a reality before gas prices
> > went so high that people actually started buying them. And conversly,
> > think of Israel's desalination plants - how they come to be whenever
> > there's a year or two of draft, and then fall apart at the first sign of
> > a rainy year.
> >
> > And since one of the participants in this discussion at least seems to
> > work for an ISP, the same ISP from which I get most of my Hebrew spam,
> > the same ISP from which spam contains the header of the ISP's own relay,
> > and passes SPF checks, the same ISP which gets messages to the abuse
> > alias from me every month and never responds (robots excluded) - I view
> > your behaviour as aiding and abetting the spammers. I have proof that the
> > addresses the spammers use could never have been gotten from me (heck my
> > domain was dictionary-attacked by them), and I hope that you get
> > blacklisted as much as possible. I also hope that your users leave you
> > for this very reason and that you fail financially, so the spammers have
> > to find a less hospitable environ. I wish thi

Re: Israeli ISP and Blacklisting

[shimi]

Imri,

On Thu, Jul 24, 2008 at 3:57 PM, Imri Zvik <[EMAIL PROTECTED]> wrote:

>  How do you know abuse@ doesn't "really take care of users"? It seems like
> your whole response is generalizing and vague.
>

I know because if after two weeks from their reply that they will "handle
it" I see the same user doing the same thing again from the same ISP,
then...

What does an AUP worth if it is not enforced?

The whole Israeli spam market is dominated by a VERY little amount of
people, and there is a reason that they're still spamming. Given that there
are like 3 ISPs in the country nowdays, they're not doing so because they
jump from an ISP to ISP after each one is denying them service, rather then
because they're paying customers, and denying them service means less
income.

>
> I don't see how the old QoS argument as anything to do with dealing with
> abuse. I must remind you that downloading copyrighted materiel is officially
> abuse too.
>
>
It does for a very simple reason; ISPs care only about cashflow. Removing
bad users from the possibility to get service leads for less profits. Paying
more for bandwidth leads for less profits.

Re. your comment about copyrighted material, I have three things to say:

   1. I don't really understand how is that abuse; You're not attacking any
   system, and you're distrubing no-one (besides RIAA, BSA and others - but
   that's not abuse).
   2. The ISPs want to play the police and court? Fine, I guess it's their
   right (and being a FOSS user, I couldn't care less...) - if the law permits
   them to observe traffic and sabotage it - I have no problem with that (what
   about BitTorrent to download the latest Linux release?)
   3. They DENY the fact that they're doing it! They claim that "there are
   no means to do that!". If you don't believe me, read official commentary
   from various spokesmen in Ynet articles regarding slow P2P in various ISPs.

Finally, I was not even talking about P2P - that was YOUR assumption.
They're [at least some of them] QoSing NON-HTTP traffic. Like CVS checkout
from an Open Source project, or my connection to an IRC network (how else
can you explain a 180ms ICMP but a 1 second IRC "ping" command roundtrip?).
How is that an abuse or illegal?

But that's really OT, so let's stop here. I was just giving another example
for "we deserve this for not standing for our customer rights".

-- Shimi

RE: Israeli ISP and Blacklisting [summary and stop]

[Imri Zvik]

Again, you are putting it as if you are completely blocked and you cannot send 
mails at all. Can you please tell me how many of your mails were blocked due to 
this listing, and to how many unique destinations?

Only one person (Arik) complained about actual problem, and when I asked for 
information he disappeared.

It seems you don't really want to solve anything, or suggest any feasible 
solutions. 

I ask again - do you think blocking port 25 completely is a good idea? Can you 
live with that? How many people in this list thinks it's a good idea?


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noam Rathaus
Sent: Thursday, July 24, 2008 4:33 PM
To: linux-il
Subject: Re: Israeli ISP and Blacklisting [summary and stop]

Hi,

My last email on the subject :)

As it appears that some people are pro-ISP, some are con-ISP, and I don't care 
which is which

All I wanted to see, whether this is a global issue, apparently it is, more 
than one is willing to talk about it, I believe others simply don't know they 
are blacklisted, others have yet to be affected by it, and others more don't 
know they are affected.

And me as the person wanting to send emails in a non-spam and legal way is 
left with the only alternative to move out his servers from Israel - 
specifically the mail server - as Israeli ISPs are RBLed - YES YES just one 
RBL and he is a bad bad RBL - which asks too many things - but apparently 
some ISPs agree to doing it.


On Thursday 24 July 2008 15:58:42 you wrote:
> On Thu, Jul 24, 2008 at 10:11 PM, Noam Rathaus <[EMAIL PROTECTED]>
> wrote:
>
> I am taking my "stuff" elsewhere, the ISP's responsibility is to provide
>
> > service, and it should be good service - meaning stopping others from
> > abusing
> > the network, which in turn is used against me - as I am blocked in an
> > RBL.
>
> Let me suggest a radical idea.
>
> I think that it is a good thing that Israel will be blocked in as many RBLs
> as possible.
>
> And here's why. For the people on this list, it's a big deal but not
> critical. I put it to you that most companies will deal with it one way or
> another, by tunneling their ways somehow. I can think of 10 ways right now.
>
> The people who will suffer are the "regular users", those who use the ISP
> mailbox (gaaa!) and have zero technical knowhow. There are a lot of them,
> which means that they will make a lot of noise.
>
> The ISPs will then become a relatively unregulated industry that apparently
> doesn't work properly without regulation. It also has a status of a
> quasi-essential infrastructure. I sincerely hope that the regulator will
> step up to the plate and regulate the ISPs and what they need to do to
> spammers, in an effort to make the infrastructure usable again. Maybe our
> star will shine and we'll see some heavy-handed anti-spam law, especially
> if the ISPs respond to regulation by saying the burden is too high because
> spammers don't have an incentive to stop.
>
> So before you start flaming, consider this: Change only happen out of
> necessity. The stronger the necessity - the swifter the change. Lithium-ion
> batteries did not come to be before laptops and cellphones became a
> commodity. Hybrid cars didn't become a reality before gas prices went so
> high that people actually started buying them. And conversly, think of
> Israel's desalination plants - how they come to be whenever there's a year
> or two of draft, and then fall apart at the first sign of a rainy year.
>
> And since one of the participants in this discussion at least seems to work
> for an ISP, the same ISP from which I get most of my Hebrew spam, the same
> ISP from which spam contains the header of the ISP's own relay, and passes
> SPF checks, the same ISP which gets messages to the abuse alias from me
> every month and never responds (robots excluded) - I view your behaviour as
> aiding and abetting the spammers. I have proof that the addresses the
> spammers use could never have been gotten from me (heck my domain was
> dictionary-attacked by them), and I hope that you get blacklisted as much
> as possible. I also hope that your users leave you for this very reason and
> that you fail financially, so the spammers have to find a less hospitable
> environ. I wish this ruin on you because you are acting, in my personal
> opinion, in bad faith and in cohorts with the sort of people who I would
> like to see their activity as felonious. I hope that once the regulation
> comes you will continue with your bad behaviour as to become the first test
> case of disobeying the regulation and that you shall lose and become the
> precedent for any other such case. You know who you are.
>
> -- Arik


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EM

Re: Israeli ISP and Blacklisting

[Noam Rathaus]

Imri,

Ok - don't block anything.

Continue as usual

I understand that this war was lost when I renewed my contract for server 
hosting in Israel.

I should have seen this and moved them to somewhere better.

If that doesn't bring to light the issue - causes to to understand that this 
needs to be resolved, I guess I didn't do my job correctly.

On Thursday 24 July 2008 16:37:50 Imri Zvik wrote:
> Noam,
>
> You do realize that what you mean is that the ISP will block port 25 all
> together - meaning, that all of you people running your own mail server
> at home will be forced to use your ISP as a smarthost (either with
> manual configuration, or using traffic redirection at the ISP routers).
>
> I'm sure you already forgot, but when the ISPs blocked the netbios ports
> few years ago in order to stop worms outbreaks, a lot of people
> complained that the ISPs shouldn't block ports at all.
>
>
>
> -Original Message-
> From: Noam Rathaus [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 24, 2008 4:24 PM
> To: Imri Zvik
> Cc: Omer Zak; linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
> Hi,
>
> This RBL, even if is a bit extremist, is something used by a few of our
> customers's commercial spam filtering product.
>
> So this affects not just me, but others, but I am getting the feeling
> here
> that the messenger is getting shot, and we are giving a lean hand to the
>
> ISPs, as it is too difficult to "protected themselves".
>
> But if you are happy with the level of service Israeli ISPs are giving,
> enjoy,
> I think for one, customers should demand better.
>
> This debate brings me back to the day when Code Red was bringing down
> servers,
> and people complained that ISPs wouldn't block offending computers, and
> the
> ISPs retaliated with freedom of speak and moving response - silly. Same
> here,
> the ISP should prevent SPAM I don't care how, but they should, I am
> working
> with T-Mobile both in Europe and in United States, and you (as an end
> customer) send out mail directly unless it goes through their SMTP
> servers -
> if you have a VPN do whatever you want.
>
> BTW The company takes money in order to discourge people from nagging
> them to
> get removed.
>
> On Thursday 24 July 2008 15:45:03 Imri Zvik wrote:
> > Noam,
> > Again, and I will try to type it slowly so you can understand - You
>
> are
>
> > talking about *ONE* RBL, which is notorious for blocking whole AS, and
> > refusing to work with it's abuse departments. You are clinging to this
> > RBL listing as if being listed at this particular RBL means that we
>
> (as
>
> > in Israel or the ISP) are now completely cut-off from the world, or
>
> that
>
> > if you are listed in this RBL it means your ISP is doing nothing to
> > fight abuse.
> >
> > It's either you misunderstand how extreme this RBL is, and how fast
>
> and
>
> > for how little they block a whole AS, or you are just trying to flame.
> >
> >
> >
> > -Original Message-
> > From: Noam Rathaus [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, July 24, 2008 3:09 PM
> > To: Imri Zvik
> > Cc: Omer Zak; linux-il
> > Subject: Re: Israeli ISP and Blacklisting
> >
> > Hi,
> >
> > You are right, it is easy to get RBLed, and semi-easy to get out of an
> > RBL,
> > but it doesn't help to email abuse@ or anything else, if your ISP is
> > marked
> > as bad.
> >
> > On Thursday 24 July 2008 14:31:48 Imri Zvik wrote:
> > > *Sigh* Don't you have anything better to do? I can report that
>
> Israeli
>
> > > ISPs get decent cooperation (well most of the times, and from most
> > > RBLs). No one is going to block Israel completely.
> > >
> > > If you have a specific email that was blocked, or a specific RBL
>
> (with
>
> > > reasonable demands) you want to be removed from, please email abuse@
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of Omer Zak
> > > Sent: Thursday, July 24, 2008 1:38 PM
> > > To: linux-il
> > > Subject: Re: Israeli ISP and Blacklisting
> > >
> > > I have E-mailed my ISP about this.
> > >
> > > You may want to add to your E-mail to your ISP also your concerns
>
> that
>
> > > since ALL Israeli ISPs are blacklisted, the entire country is in
> >
> > danger
> >
> > > of being backlisted as a country.
> > >
> > > While the real reason for such an action would be political, the
>
> spam
>
> > > handling situation is too convenient excuse to pass up.
> > >
> > > On Thu, 2008-07-24 at 12:57 +0300, Noam Rathaus wrote:
> > > > Hi,
> > > >
> > > > Has anyone here tried to get the Bezeq Internation, Barak or
> >
> > Netvision
> >
> > > to get
> > >
> > > > them off the blacklisting found here:
> > > > http://www.uceprotect.net/en/rblcheck.php
> > > >
> > > > Apparently all the Israeli ISP are blacklisted here (any host you
> >
> > put
> >
> > > there in
> > >
> > > > their hosting range) - and all because they don't have a policy of
> > >
> > > cleaning
> > >
> > > > up their network from spammers.
> > > >
> >

RE: Israeli ISP and Blacklisting

[Imri Zvik]

Noam,

You do realize that what you mean is that the ISP will block port 25 all
together - meaning, that all of you people running your own mail server
at home will be forced to use your ISP as a smarthost (either with
manual configuration, or using traffic redirection at the ISP routers).

I'm sure you already forgot, but when the ISPs blocked the netbios ports
few years ago in order to stop worms outbreaks, a lot of people
complained that the ISPs shouldn't block ports at all.



-Original Message-
From: Noam Rathaus [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 24, 2008 4:24 PM
To: Imri Zvik
Cc: Omer Zak; linux-il
Subject: Re: Israeli ISP and Blacklisting

Hi,

This RBL, even if is a bit extremist, is something used by a few of our 
customers's commercial spam filtering product.

So this affects not just me, but others, but I am getting the feeling
here 
that the messenger is getting shot, and we are giving a lean hand to the

ISPs, as it is too difficult to "protected themselves".

But if you are happy with the level of service Israeli ISPs are giving,
enjoy, 
I think for one, customers should demand better.

This debate brings me back to the day when Code Red was bringing down
servers, 
and people complained that ISPs wouldn't block offending computers, and
the 
ISPs retaliated with freedom of speak and moving response - silly. Same
here, 
the ISP should prevent SPAM I don't care how, but they should, I am
working 
with T-Mobile both in Europe and in United States, and you (as an end 
customer) send out mail directly unless it goes through their SMTP
servers - 
if you have a VPN do whatever you want.

BTW The company takes money in order to discourge people from nagging
them to 
get removed.

On Thursday 24 July 2008 15:45:03 Imri Zvik wrote:
> Noam,
> Again, and I will try to type it slowly so you can understand - You
are
> talking about *ONE* RBL, which is notorious for blocking whole AS, and
> refusing to work with it's abuse departments. You are clinging to this
> RBL listing as if being listed at this particular RBL means that we
(as
> in Israel or the ISP) are now completely cut-off from the world, or
that
> if you are listed in this RBL it means your ISP is doing nothing to
> fight abuse.
>
> It's either you misunderstand how extreme this RBL is, and how fast
and
> for how little they block a whole AS, or you are just trying to flame.
>
>
>
> -Original Message-
> From: Noam Rathaus [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 24, 2008 3:09 PM
> To: Imri Zvik
> Cc: Omer Zak; linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
> Hi,
>
> You are right, it is easy to get RBLed, and semi-easy to get out of an
> RBL,
> but it doesn't help to email abuse@ or anything else, if your ISP is
> marked
> as bad.
>
> On Thursday 24 July 2008 14:31:48 Imri Zvik wrote:
> > *Sigh* Don't you have anything better to do? I can report that
Israeli
> > ISPs get decent cooperation (well most of the times, and from most
> > RBLs). No one is going to block Israel completely.
> >
> > If you have a specific email that was blocked, or a specific RBL
(with
> > reasonable demands) you want to be removed from, please email abuse@
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Omer Zak
> > Sent: Thursday, July 24, 2008 1:38 PM
> > To: linux-il
> > Subject: Re: Israeli ISP and Blacklisting
> >
> > I have E-mailed my ISP about this.
> >
> > You may want to add to your E-mail to your ISP also your concerns
that
> > since ALL Israeli ISPs are blacklisted, the entire country is in
>
> danger
>
> > of being backlisted as a country.
> >
> > While the real reason for such an action would be political, the
spam
> > handling situation is too convenient excuse to pass up.
> >
> > On Thu, 2008-07-24 at 12:57 +0300, Noam Rathaus wrote:
> > > Hi,
> > >
> > > Has anyone here tried to get the Bezeq Internation, Barak or
>
> Netvision
>
> > to get
> >
> > > them off the blacklisting found here:
> > > http://www.uceprotect.net/en/rblcheck.php
> > >
> > > Apparently all the Israeli ISP are blacklisted here (any host you
>
> put
>
> > there in
> >
> > > their hosting range) - and all because they don't have a policy of
> >
> > cleaning
> >
> > > up their network from spammers.
> > >
> > > This means we are all losing emails we send because our ISPs are
>
> doing
>
> > a bad
> >
> > > job.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[Arik Baratz]

On Thu, Jul 24, 2008 at 10:11 PM, Noam Rathaus <[EMAIL PROTECTED]>
wrote:

I am taking my "stuff" elsewhere, the ISP's responsibility is to provide
> service, and it should be good service - meaning stopping others from
> abusing
> the network, which in turn is used against me - as I am blocked in an RBL.
>

Let me suggest a radical idea.

I think that it is a good thing that Israel will be blocked in as many RBLs
as possible.

And here's why. For the people on this list, it's a big deal but not
critical. I put it to you that most companies will deal with it one way or
another, by tunneling their ways somehow. I can think of 10 ways right now.

The people who will suffer are the "regular users", those who use the ISP
mailbox (gaaa!) and have zero technical knowhow. There are a lot of them,
which means that they will make a lot of noise.

The ISPs will then become a relatively unregulated industry that apparently
doesn't work properly without regulation. It also has a status of a
quasi-essential infrastructure. I sincerely hope that the regulator will
step up to the plate and regulate the ISPs and what they need to do to
spammers, in an effort to make the infrastructure usable again. Maybe our
star will shine and we'll see some heavy-handed anti-spam law, especially if
the ISPs respond to regulation by saying the burden is too high because
spammers don't have an incentive to stop.

So before you start flaming, consider this: Change only happen out of
necessity. The stronger the necessity - the swifter the change. Lithium-ion
batteries did not come to be before laptops and cellphones became a
commodity. Hybrid cars didn't become a reality before gas prices went so
high that people actually started buying them. And conversly, think of
Israel's desalination plants - how they come to be whenever there's a year
or two of draft, and then fall apart at the first sign of a rainy year.

And since one of the participants in this discussion at least seems to work
for an ISP, the same ISP from which I get most of my Hebrew spam, the same
ISP from which spam contains the header of the ISP's own relay, and passes
SPF checks, the same ISP which gets messages to the abuse alias from me
every month and never responds (robots excluded) - I view your behaviour as
aiding and abetting the spammers. I have proof that the addresses the
spammers use could never have been gotten from me (heck my domain was
dictionary-attacked by them), and I hope that you get blacklisted as much as
possible. I also hope that your users leave you for this very reason and
that you fail financially, so the spammers have to find a less hospitable
environ. I wish this ruin on you because you are acting, in my personal
opinion, in bad faith and in cohorts with the sort of people who I would
like to see their activity as felonious. I hope that once the regulation
comes you will continue with your bad behaviour as to become the first test
case of disobeying the regulation and that you shall lose and become the
precedent for any other such case. You know who you are.

-- Arik

RE: Israeli ISP and Blacklisting

[Imri Zvik]

Noam,
Again, and I will try to type it slowly so you can understand - You are
talking about *ONE* RBL, which is notorious for blocking whole AS, and
refusing to work with it's abuse departments. You are clinging to this
RBL listing as if being listed at this particular RBL means that we (as
in Israel or the ISP) are now completely cut-off from the world, or that
if you are listed in this RBL it means your ISP is doing nothing to
fight abuse.

It's either you misunderstand how extreme this RBL is, and how fast and
for how little they block a whole AS, or you are just trying to flame.

 

-Original Message-
From: Noam Rathaus [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 24, 2008 3:09 PM
To: Imri Zvik
Cc: Omer Zak; linux-il
Subject: Re: Israeli ISP and Blacklisting

Hi,

You are right, it is easy to get RBLed, and semi-easy to get out of an
RBL, 
but it doesn't help to email abuse@ or anything else, if your ISP is
marked 
as bad.

On Thursday 24 July 2008 14:31:48 Imri Zvik wrote:
> *Sigh* Don't you have anything better to do? I can report that Israeli
> ISPs get decent cooperation (well most of the times, and from most
> RBLs). No one is going to block Israel completely.
>
> If you have a specific email that was blocked, or a specific RBL (with
> reasonable demands) you want to be removed from, please email abuse@
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Omer Zak
> Sent: Thursday, July 24, 2008 1:38 PM
> To: linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
> I have E-mailed my ISP about this.
>
> You may want to add to your E-mail to your ISP also your concerns that
> since ALL Israeli ISPs are blacklisted, the entire country is in
danger
> of being backlisted as a country.
>
> While the real reason for such an action would be political, the spam
> handling situation is too convenient excuse to pass up.
>
> On Thu, 2008-07-24 at 12:57 +0300, Noam Rathaus wrote:
> > Hi,
> >
> > Has anyone here tried to get the Bezeq Internation, Barak or
Netvision
>
> to get
>
> > them off the blacklisting found here:
> > http://www.uceprotect.net/en/rblcheck.php
> >
> > Apparently all the Israeli ISP are blacklisted here (any host you
put
>
> there in
>
> > their hosting range) - and all because they don't have a policy of
>
> cleaning
>
> > up their network from spammers.
> >
> > This means we are all losing emails we send because our ISPs are
doing
>
> a bad
>
> > job.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Israeli ISP and Blacklisting

[Imri Zvik]

You misread it. If a dynamic and non-dynamic IP sits under the same AS number, 
they will both get blacklisted, no matter if the dynamic IP was "clearly 
marked" as dynamic and the static "clearly marked" as one.

They want the ISP to block port 25 all together from "dynamic IPs".


-Original Message-
From: Noam Rathaus [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 24, 2008 3:09 PM
To: Imri Zvik
Cc: shimi; linux-il
Subject: Re: Israeli ISP and Blacklisting

Hi,

Exactly you prove my point, you proved that none of the Israeli ISPs are doing 
anything to:
1) Clearly mark what is an DSL, modem, etc connection so they will all be 
listed as spammer by default
2) Clearly mark what are 'static'/'hosted' IP address so they will not fall 
under category 1
3) Clearly do a good job of reverse-PTR records - I had to fight with barak to 
get it for our server - they claimed it costs money to do, I said this is 
minimal service - in the end they gave it to me for free - wow
4) ISP should do the minimal effort of not allowing, proxy, open relay, 
vulnerable servers, infected computers from being in their HOSTED farm, not 
talking about dialup or DSL, or any other small business/home users.

On Thursday 24 July 2008 14:52:39 Imri Zvik wrote:
> You are *SO* wrong.
>
> It takes the following to get your whole AS blocked:
>
> "UCEPROTECT-Level 3 lists all IP's within an ASN if more than 100 IP's, but
> also a minimum of 0.2% of all IP's allocated to this ASN got Level 1 listed
> within the last 7 days."
>
> Now, to get listed in their Level 1 DB you need the following:
>
> " Level 1 exclusively lists IP addresses with either wrong or missing or
> generic reverse DNS (PTR record), or “dialup” connections [typically
> suggesting a home/other user with a dynamic connection], or computers with
> exploited / exploitable security holes (e.g. open proxies, open relays,
> vulnerable webservers, virus infected etc) or which are assigned to
> well-known spammers.
>
> When one of these conditions / criteria is met, and it only takes one
> spamtrap to be hit from such a system, the IP address will be automatically
> listed at UCEPROTECT BLacklist Level 1. "
>
> Please notice the last sentence.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Noam Rathaus Sent: Thursday, July 24, 2008 2:32 PM
> To: shimi
> Cc: linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
> Hi,
>
> I haven't dropped water into a boiling pan for nothing if you go here:
> http://www.uceprotect.net/en/rblcheck.php
>
> You will see that the IP (a hosted server):
> 192.117.232.213
>
> Is all ok, beside the last one, which is due to the fact that Bezeq Int is
> blacklisted, at first I thought it was just them, but I checked three other
> IP addresses we have, and the other ISPs are blacklisted as well
>
> As:
> 3845 of 1107456 (0.347 %) addresses they have are marked as spammers - not
> spam senders, but routinely sending spam, and ISP not blocking them after
> an abuse email is issued.
>
> On Thursday 24 July 2008 14:09:42 shimi wrote:
> > On Thu, Jul 24, 2008 at 12:57 PM, Noam Rathaus <[EMAIL PROTECTED]>
> >
> > wrote:
> > > Hi,
> > >
> > > Has anyone here tried to get the Bezeq Internation, Barak or Netvision
> > > to get
> > > them off the blacklisting found here:
> > > http://www.uceprotect.net/en/rblcheck.php
> > >
> > > Apparently all the Israeli ISP are blacklisted here (any host you put
> > > there in
> > > their hosting range) - and all because they don't have a policy of
> > > cleaning up their network from spammers.
> > >
> > > This means we are all losing emails we send because our ISPs are doing
> > > a bad
> > > job.
> >
> > Hi Noam,
> >
> > Did you check the Israeli ISPs outgoing SMTP servers addresses and saw
> > that they're blacklisted?
> >
> > Or did you just use users dial-up/DSL/cable IP ranges in your test, which
> > SHOULD be blacklisted (why would a home user need to emit SMTP traffic on
> > his own instead of his ISP SMTP servers, where proper authentication and
> > thus logging and auditing can be taken care of?
> >
> > Most RBLs will list all non-ISP-managed block ranges for the above
> > reasons, regardless of their location on the globe...
> >
> > -- Shimi


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

Re: Israeli ISP and Blacklisting

[shimi]

On Thu, Jul 24, 2008 at 2:31 PM, Noam Rathaus <[EMAIL PROTECTED]>
wrote:

> Hi,
>
> I haven't dropped water into a boiling pan for nothing if you go here:
> http://www.uceprotect.net/en/rblcheck.php
>
> You will see that the IP (a hosted server):
> 192.117.232.213
>
> Is all ok, beside the last one, which is due to the fact that Bezeq Int is
> blacklisted, at first I thought it was just them, but I checked three other
> IP addresses we have, and the other ISPs are blacklisted as well
>
> As:
> 3845 of 1107456 (0.347 %) addresses they have are marked as spammers - not
> spam senders, but routinely sending spam, and ISP not blocking them after
> an
> abuse email is issued.
>

Hi again Noam,

I do agree with you that it's bad that abuse departments don't really take
care of users (why would they? they earn their money, and closing abusive
users hurts the cashflow...) - I know - because I, myself, contacted them
many times, complete with logs and proof for misconducts of their users
(including cracking attempts to servers, and I am NOT talking about
portscanning), and nothing really happened...

I didn't know we got to the place where our complete AS is blocked (you
didn't specify this detail in the first message), so I assumed it's the
usual cause :)

Anyways, we, the IL users, probably deserve it, the same way we deserve our
ISPs cutting down their bandwidth and causing our non-HTTP traffic to crawl
by QoSing what's left... and why do we deserve it? Because we didn't cause
the first ISP that did it to bankrupt by eliminating all their users (i.e.
boycotting).

It's the "everything is gonna be OK" approach.

The second thing I would like to say is... people who do serious antispam
business will not block e-mail by those RBLs - they mostly create loss for
the businesses who use them... this is really not the way to solve the
problem. The problem is... that no way is [1].

-- Shimi

[1] http://oldwww.temp.ahbl.org/funny/response1.php

Re: Israeli ISP and Blacklisting

[Noam Rathaus]

Hi,

I never said they marked the whole country, maybe you should read the email 
better.

I asked why doesn't the ISP mark the AS of the dialup, and DSL, etc as a 
separate entity - like hosting/teleco companies do in the US, and Europe.

If the answer (yours or theirs) is because we are:
1) Too small
2) Care too little
3) RBL is wrong

I am taking my "stuff" elsewhere, the ISP's responsibility is to provide 
service, and it should be good service - meaning stopping others from abusing 
the network, which in turn is used against me - as I am blocked in an RBL.

On Thursday 24 July 2008 14:46:10 Imri Zvik wrote:
> Noam,
> They are blocking the *WHOLE* AS, not IP ranges. They blocked the whole
> AS number I'm using because 0.596 % of the ips in that AS sent "spam".
> Do you think that is that reasonable.
> I've just googled for that RBL, and found out a lot of ranting
> (including a recent thread in NANOG). Apparently, they are demanding
> money if you want your AS to be removed...
>
> Anyway, one RBL doesn't equal to "The whole country is blocked!". If you
> have any specific problem, why don't you try your [EMAIL PROTECTED]
>
>
>
> -Original Message-
> From: Noam Rathaus [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 24, 2008 2:35 PM
> To: Imri Zvik
> Cc: linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
> Sorry but I don't understand why you guys think I checked dynamic
> ranges?
>
> I checked hosting ranges, and these SHOULD BE CLEAN, no one in the
> hosting
> farm should be sending out SPAM, it is against the policy of the hosting
>
> company, it is clearly written in the agreement you sign when you come
> in
> into their farm.
>
> Same thing for illegal content, piracy, etc.
>
> On Thursday 24 July 2008 14:24:02 Imri Zvik wrote:
> > I'm sorry, but checking hosting/dynamic ranges is just misleading. It
>
> is
>
> > impossible to clean these ranges, and even though the ISPs try.
> >
> > I don't know this specific RBL, but I don't think it's a widely used
>
> one
>
> > - Anyway, they "punish" whole AS numbers which seems quite harsh.
> > If you would _actually_ read what they are suggesting, you would have
> > seen that it is impossible to implement in Israel (Can you imagine
>
> what
>
> > will happen if the ISP's will just block port 25 and *force* you to
>
> use
>
> > their own mail servers? I can just see the angry postbacks in ynet..).
> >
> > What you should be checking is the ranges that the ISP mail system
>
> uses;
>
> > If you will take Smile 012 for example, and check it's reputation in
> > senderbase.org, you will see that most of the servers are listed as
> > "GOOD", and some as "Neutral":
>
> http://www.senderbase.org/senderbase_queries/detailip?search_string=84.9
>
> > 5.2.0%2F24
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Noam Rathaus
> > Sent: Thursday, July 24, 2008 12:58 PM
> > To: linux-il
> > Subject: Israeli ISP and Blacklisting
> >
> > Hi,
> >
> > Has anyone here tried to get the Bezeq Internation, Barak or Netvision
> > to get
> > them off the blacklisting found here:
> > http://www.uceprotect.net/en/rblcheck.php
> >
> > Apparently all the Israeli ISP are blacklisted here (any host you put
> > there in
> > their hosting range) - and all because they don't have a policy of
> > cleaning
> > up their network from spammers.
> >
> > This means we are all losing emails we send because our ISPs are doing
>
> a
>
> > bad
> > job.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[Noam Rathaus]

Hi,

You are right, it is easy to get RBLed, and semi-easy to get out of an RBL, 
but it doesn't help to email abuse@ or anything else, if your ISP is marked 
as bad.

On Thursday 24 July 2008 14:31:48 Imri Zvik wrote:
> *Sigh* Don't you have anything better to do? I can report that Israeli
> ISPs get decent cooperation (well most of the times, and from most
> RBLs). No one is going to block Israel completely.
>
> If you have a specific email that was blocked, or a specific RBL (with
> reasonable demands) you want to be removed from, please email abuse@
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Omer Zak
> Sent: Thursday, July 24, 2008 1:38 PM
> To: linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
> I have E-mailed my ISP about this.
>
> You may want to add to your E-mail to your ISP also your concerns that
> since ALL Israeli ISPs are blacklisted, the entire country is in danger
> of being backlisted as a country.
>
> While the real reason for such an action would be political, the spam
> handling situation is too convenient excuse to pass up.
>
> On Thu, 2008-07-24 at 12:57 +0300, Noam Rathaus wrote:
> > Hi,
> >
> > Has anyone here tried to get the Bezeq Internation, Barak or Netvision
>
> to get
>
> > them off the blacklisting found here:
> > http://www.uceprotect.net/en/rblcheck.php
> >
> > Apparently all the Israeli ISP are blacklisted here (any host you put
>
> there in
>
> > their hosting range) - and all because they don't have a policy of
>
> cleaning
>
> > up their network from spammers.
> >
> > This means we are all losing emails we send because our ISPs are doing
>
> a bad
>
> > job.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[Noam Rathaus]

Hi,

Exactly you prove my point, you proved that none of the Israeli ISPs are doing 
anything to:
1) Clearly mark what is an DSL, modem, etc connection so they will all be 
listed as spammer by default
2) Clearly mark what are 'static'/'hosted' IP address so they will not fall 
under category 1
3) Clearly do a good job of reverse-PTR records - I had to fight with barak to 
get it for our server - they claimed it costs money to do, I said this is 
minimal service - in the end they gave it to me for free - wow
4) ISP should do the minimal effort of not allowing, proxy, open relay, 
vulnerable servers, infected computers from being in their HOSTED farm, not 
talking about dialup or DSL, or any other small business/home users.

On Thursday 24 July 2008 14:52:39 Imri Zvik wrote:
> You are *SO* wrong.
>
> It takes the following to get your whole AS blocked:
>
> "UCEPROTECT-Level 3 lists all IP's within an ASN if more than 100 IP's, but
> also a minimum of 0.2% of all IP's allocated to this ASN got Level 1 listed
> within the last 7 days."
>
> Now, to get listed in their Level 1 DB you need the following:
>
> " Level 1 exclusively lists IP addresses with either wrong or missing or
> generic reverse DNS (PTR record), or “dialup” connections [typically
> suggesting a home/other user with a dynamic connection], or computers with
> exploited / exploitable security holes (e.g. open proxies, open relays,
> vulnerable webservers, virus infected etc) or which are assigned to
> well-known spammers.
>
> When one of these conditions / criteria is met, and it only takes one
> spamtrap to be hit from such a system, the IP address will be automatically
> listed at UCEPROTECT BLacklist Level 1. "
>
> Please notice the last sentence.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Noam Rathaus Sent: Thursday, July 24, 2008 2:32 PM
> To: shimi
> Cc: linux-il
> Subject: Re: Israeli ISP and Blacklisting
>
> Hi,
>
> I haven't dropped water into a boiling pan for nothing if you go here:
> http://www.uceprotect.net/en/rblcheck.php
>
> You will see that the IP (a hosted server):
> 192.117.232.213
>
> Is all ok, beside the last one, which is due to the fact that Bezeq Int is
> blacklisted, at first I thought it was just them, but I checked three other
> IP addresses we have, and the other ISPs are blacklisted as well
>
> As:
> 3845 of 1107456 (0.347 %) addresses they have are marked as spammers - not
> spam senders, but routinely sending spam, and ISP not blocking them after
> an abuse email is issued.
>
> On Thursday 24 July 2008 14:09:42 shimi wrote:
> > On Thu, Jul 24, 2008 at 12:57 PM, Noam Rathaus <[EMAIL PROTECTED]>
> >
> > wrote:
> > > Hi,
> > >
> > > Has anyone here tried to get the Bezeq Internation, Barak or Netvision
> > > to get
> > > them off the blacklisting found here:
> > > http://www.uceprotect.net/en/rblcheck.php
> > >
> > > Apparently all the Israeli ISP are blacklisted here (any host you put
> > > there in
> > > their hosting range) - and all because they don't have a policy of
> > > cleaning up their network from spammers.
> > >
> > > This means we are all losing emails we send because our ISPs are doing
> > > a bad
> > > job.
> >
> > Hi Noam,
> >
> > Did you check the Israeli ISPs outgoing SMTP servers addresses and saw
> > that they're blacklisted?
> >
> > Or did you just use users dial-up/DSL/cable IP ranges in your test, which
> > SHOULD be blacklisted (why would a home user need to emit SMTP traffic on
> > his own instead of his ISP SMTP servers, where proper authentication and
> > thus logging and auditing can be taken care of?
> >
> > Most RBLs will list all non-ISP-managed block ranges for the above
> > reasons, regardless of their location on the globe...
> >
> > -- Shimi


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Israeli ISP and Blacklisting

[Imri Zvik]

You are *SO* wrong.

It takes the following to get your whole AS blocked:

"UCEPROTECT-Level 3 lists all IP's within an ASN if more than 100 IP's, but 
also a minimum of 0.2% of all IP's allocated to this ASN got Level 1 listed 
within the last 7 days."

Now, to get listed in their Level 1 DB you need the following:

" Level 1 exclusively lists IP addresses with either wrong or missing or 
generic reverse DNS (PTR record), or “dialup” connections [typically suggesting 
a home/other user with a dynamic connection], or computers with exploited / 
exploitable security holes (e.g. open proxies, open relays, vulnerable 
webservers, virus infected etc) or which are assigned to well-known spammers. 

When one of these conditions / criteria is met, and it only takes one spamtrap 
to be hit from such a system, the IP address will be automatically listed at 
UCEPROTECT BLacklist Level 1. 
"

Please notice the last sentence.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noam Rathaus
Sent: Thursday, July 24, 2008 2:32 PM
To: shimi
Cc: linux-il
Subject: Re: Israeli ISP and Blacklisting

Hi,

I haven't dropped water into a boiling pan for nothing if you go here:
http://www.uceprotect.net/en/rblcheck.php

You will see that the IP (a hosted server):
192.117.232.213

Is all ok, beside the last one, which is due to the fact that Bezeq Int is 
blacklisted, at first I thought it was just them, but I checked three other 
IP addresses we have, and the other ISPs are blacklisted as well

As:
3845 of 1107456 (0.347 %) addresses they have are marked as spammers - not 
spam senders, but routinely sending spam, and ISP not blocking them after an 
abuse email is issued.

On Thursday 24 July 2008 14:09:42 shimi wrote:
> On Thu, Jul 24, 2008 at 12:57 PM, Noam Rathaus <[EMAIL PROTECTED]>
>
> wrote:
> > Hi,
> >
> > Has anyone here tried to get the Bezeq Internation, Barak or Netvision to
> > get
> > them off the blacklisting found here:
> > http://www.uceprotect.net/en/rblcheck.php
> >
> > Apparently all the Israeli ISP are blacklisted here (any host you put
> > there in
> > their hosting range) - and all because they don't have a policy of
> > cleaning up their network from spammers.
> >
> > This means we are all losing emails we send because our ISPs are doing a
> > bad
> > job.
>
> Hi Noam,
>
> Did you check the Israeli ISPs outgoing SMTP servers addresses and saw that
> they're blacklisted?
>
> Or did you just use users dial-up/DSL/cable IP ranges in your test, which
> SHOULD be blacklisted (why would a home user need to emit SMTP traffic on
> his own instead of his ISP SMTP servers, where proper authentication and
> thus logging and auditing can be taken care of?
>
> Most RBLs will list all non-ISP-managed block ranges for the above reasons,
> regardless of their location on the globe...
>
> -- Shimi


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Israeli ISP and Blacklisting

[Imri Zvik]

Noam,
They are blocking the *WHOLE* AS, not IP ranges. They blocked the whole
AS number I'm using because 0.596 % of the ips in that AS sent "spam".
Do you think that is that reasonable.
I've just googled for that RBL, and found out a lot of ranting
(including a recent thread in NANOG). Apparently, they are demanding
money if you want your AS to be removed...

Anyway, one RBL doesn't equal to "The whole country is blocked!". If you
have any specific problem, why don't you try your [EMAIL PROTECTED]



-Original Message-
From: Noam Rathaus [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 24, 2008 2:35 PM
To: Imri Zvik
Cc: linux-il
Subject: Re: Israeli ISP and Blacklisting

Sorry but I don't understand why you guys think I checked dynamic
ranges?

I checked hosting ranges, and these SHOULD BE CLEAN, no one in the
hosting 
farm should be sending out SPAM, it is against the policy of the hosting

company, it is clearly written in the agreement you sign when you come
in 
into their farm.

Same thing for illegal content, piracy, etc.

On Thursday 24 July 2008 14:24:02 Imri Zvik wrote:
> I'm sorry, but checking hosting/dynamic ranges is just misleading. It
is
> impossible to clean these ranges, and even though the ISPs try.
>
> I don't know this specific RBL, but I don't think it's a widely used
one
> - Anyway, they "punish" whole AS numbers which seems quite harsh.
> If you would _actually_ read what they are suggesting, you would have
> seen that it is impossible to implement in Israel (Can you imagine
what
> will happen if the ISP's will just block port 25 and *force* you to
use
> their own mail servers? I can just see the angry postbacks in ynet..).
>
> What you should be checking is the ranges that the ISP mail system
uses;
> If you will take Smile 012 for example, and check it's reputation in
> senderbase.org, you will see that most of the servers are listed as
> "GOOD", and some as "Neutral":
>
http://www.senderbase.org/senderbase_queries/detailip?search_string=84.9
> 5.2.0%2F24
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Noam Rathaus
> Sent: Thursday, July 24, 2008 12:58 PM
> To: linux-il
> Subject: Israeli ISP and Blacklisting
>
> Hi,
>
> Has anyone here tried to get the Bezeq Internation, Barak or Netvision
> to get
> them off the blacklisting found here:
> http://www.uceprotect.net/en/rblcheck.php
>
> Apparently all the Israeli ISP are blacklisted here (any host you put
> there in
> their hosting range) - and all because they don't have a policy of
> cleaning
> up their network from spammers.
>
> This means we are all losing emails we send because our ISPs are doing
a
> bad
> job.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[Noam Rathaus]

Sorry but I don't understand why you guys think I checked dynamic ranges?

I checked hosting ranges, and these SHOULD BE CLEAN, no one in the hosting 
farm should be sending out SPAM, it is against the policy of the hosting 
company, it is clearly written in the agreement you sign when you come in 
into their farm.

Same thing for illegal content, piracy, etc.

On Thursday 24 July 2008 14:24:02 Imri Zvik wrote:
> I'm sorry, but checking hosting/dynamic ranges is just misleading. It is
> impossible to clean these ranges, and even though the ISPs try.
>
> I don't know this specific RBL, but I don't think it's a widely used one
> - Anyway, they "punish" whole AS numbers which seems quite harsh.
> If you would _actually_ read what they are suggesting, you would have
> seen that it is impossible to implement in Israel (Can you imagine what
> will happen if the ISP's will just block port 25 and *force* you to use
> their own mail servers? I can just see the angry postbacks in ynet..).
>
> What you should be checking is the ranges that the ISP mail system uses;
> If you will take Smile 012 for example, and check it's reputation in
> senderbase.org, you will see that most of the servers are listed as
> "GOOD", and some as "Neutral":
> http://www.senderbase.org/senderbase_queries/detailip?search_string=84.9
> 5.2.0%2F24
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Noam Rathaus
> Sent: Thursday, July 24, 2008 12:58 PM
> To: linux-il
> Subject: Israeli ISP and Blacklisting
>
> Hi,
>
> Has anyone here tried to get the Bezeq Internation, Barak or Netvision
> to get
> them off the blacklisting found here:
> http://www.uceprotect.net/en/rblcheck.php
>
> Apparently all the Israeli ISP are blacklisted here (any host you put
> there in
> their hosting range) - and all because they don't have a policy of
> cleaning
> up their network from spammers.
>
> This means we are all losing emails we send because our ISPs are doing a
> bad
> job.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[Noam Rathaus]

Hi,

I haven't dropped water into a boiling pan for nothing if you go here:
http://www.uceprotect.net/en/rblcheck.php

You will see that the IP (a hosted server):
192.117.232.213

Is all ok, beside the last one, which is due to the fact that Bezeq Int is 
blacklisted, at first I thought it was just them, but I checked three other 
IP addresses we have, and the other ISPs are blacklisted as well

As:
3845 of 1107456 (0.347 %) addresses they have are marked as spammers - not 
spam senders, but routinely sending spam, and ISP not blocking them after an 
abuse email is issued.

On Thursday 24 July 2008 14:09:42 shimi wrote:
> On Thu, Jul 24, 2008 at 12:57 PM, Noam Rathaus <[EMAIL PROTECTED]>
>
> wrote:
> > Hi,
> >
> > Has anyone here tried to get the Bezeq Internation, Barak or Netvision to
> > get
> > them off the blacklisting found here:
> > http://www.uceprotect.net/en/rblcheck.php
> >
> > Apparently all the Israeli ISP are blacklisted here (any host you put
> > there in
> > their hosting range) - and all because they don't have a policy of
> > cleaning up their network from spammers.
> >
> > This means we are all losing emails we send because our ISPs are doing a
> > bad
> > job.
>
> Hi Noam,
>
> Did you check the Israeli ISPs outgoing SMTP servers addresses and saw that
> they're blacklisted?
>
> Or did you just use users dial-up/DSL/cable IP ranges in your test, which
> SHOULD be blacklisted (why would a home user need to emit SMTP traffic on
> his own instead of his ISP SMTP servers, where proper authentication and
> thus logging and auditing can be taken care of?
>
> Most RBLs will list all non-ISP-managed block ranges for the above reasons,
> regardless of their location on the globe...
>
> -- Shimi


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Israeli ISP and Blacklisting

[Imri Zvik]

*Sigh* Don't you have anything better to do? I can report that Israeli
ISPs get decent cooperation (well most of the times, and from most
RBLs). No one is going to block Israel completely.

If you have a specific email that was blocked, or a specific RBL (with
reasonable demands) you want to be removed from, please email abuse@

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Omer Zak
Sent: Thursday, July 24, 2008 1:38 PM
To: linux-il
Subject: Re: Israeli ISP and Blacklisting

I have E-mailed my ISP about this.

You may want to add to your E-mail to your ISP also your concerns that
since ALL Israeli ISPs are blacklisted, the entire country is in danger
of being backlisted as a country.

While the real reason for such an action would be political, the spam
handling situation is too convenient excuse to pass up.


On Thu, 2008-07-24 at 12:57 +0300, Noam Rathaus wrote:
> Hi,
> 
> Has anyone here tried to get the Bezeq Internation, Barak or Netvision
to get 
> them off the blacklisting found here:
> http://www.uceprotect.net/en/rblcheck.php
> 
> Apparently all the Israeli ISP are blacklisted here (any host you put
there in 
> their hosting range) - and all because they don't have a policy of
cleaning 
> up their network from spammers.
> 
> This means we are all losing emails we send because our ISPs are doing
a bad 
> job.

-- 
"Kosher" Cellphones (cellphones with blocked SMS, video and Internet)
are menace to the deaf.  They must be outlawed!
(See also:
http://www.zak.co.il/tddpirate/2006/04/21/the-grave-danger-to-the-deaf-f
rom-kosher-cellphones/)
My own blog is at http://www.zak.co.il/tddpirate/

My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Israeli ISP and Blacklisting

[Imri Zvik]

I'm sorry, but checking hosting/dynamic ranges is just misleading. It is
impossible to clean these ranges, and even though the ISPs try.

I don't know this specific RBL, but I don't think it's a widely used one
- Anyway, they "punish" whole AS numbers which seems quite harsh.
If you would _actually_ read what they are suggesting, you would have
seen that it is impossible to implement in Israel (Can you imagine what
will happen if the ISP's will just block port 25 and *force* you to use
their own mail servers? I can just see the angry postbacks in ynet..).

What you should be checking is the ranges that the ISP mail system uses;
If you will take Smile 012 for example, and check it's reputation in
senderbase.org, you will see that most of the servers are listed as
"GOOD", and some as "Neutral":
http://www.senderbase.org/senderbase_queries/detailip?search_string=84.9
5.2.0%2F24


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noam Rathaus
Sent: Thursday, July 24, 2008 12:58 PM
To: linux-il
Subject: Israeli ISP and Blacklisting

Hi,

Has anyone here tried to get the Bezeq Internation, Barak or Netvision
to get 
them off the blacklisting found here:
http://www.uceprotect.net/en/rblcheck.php

Apparently all the Israeli ISP are blacklisted here (any host you put
there in 
their hosting range) - and all because they don't have a policy of
cleaning 
up their network from spammers.

This means we are all losing emails we send because our ISPs are doing a
bad 
job.

-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[shimi]

On Thu, Jul 24, 2008 at 12:57 PM, Noam Rathaus <[EMAIL PROTECTED]>
wrote:

> Hi,
>
> Has anyone here tried to get the Bezeq Internation, Barak or Netvision to
> get
> them off the blacklisting found here:
> http://www.uceprotect.net/en/rblcheck.php
>
> Apparently all the Israeli ISP are blacklisted here (any host you put there
> in
> their hosting range) - and all because they don't have a policy of cleaning
> up their network from spammers.
>
> This means we are all losing emails we send because our ISPs are doing a
> bad
> job.
>

Hi Noam,

Did you check the Israeli ISPs outgoing SMTP servers addresses and saw that
they're blacklisted?

Or did you just use users dial-up/DSL/cable IP ranges in your test, which
SHOULD be blacklisted (why would a home user need to emit SMTP traffic on
his own instead of his ISP SMTP servers, where proper authentication and
thus logging and auditing can be taken care of?

Most RBLs will list all non-ISP-managed block ranges for the above reasons,
regardless of their location on the globe...

-- Shimi

Re: Israeli ISP and Blacklisting

[Dotan Cohen]

On 2008-07-24, Noam Rathaus <[EMAIL PROTECTED]> wrote:
> Hi,
>
> So you use an external service for emails?
>
> If so who?
>
> Otherwise, do you have you server in the US (or elsewhere) just for that?
>

Yes, I have a server in the US for handling email to dotancohen.com. I
use gmail for mailing lists. For those who cannot maintain their own
server, I recommend a mail hosting service (can be have for $3 per
month + domain for $7 per year) or webmail. Either way, be sure to
back up locally!

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Re: Israeli ISP and Blacklisting

[Noam Rathaus]

Hi,

I have no idea who is the guy to talk to, anyone has an email list 
of "manager" of ISP we can send our email to?

[EMAIL PROTECTED] won't cut it here.

On Thursday 24 July 2008 13:37:41 Omer Zak wrote:
> I have E-mailed my ISP about this.
>
> You may want to add to your E-mail to your ISP also your concerns that
> since ALL Israeli ISPs are blacklisted, the entire country is in danger
> of being backlisted as a country.
>
> While the real reason for such an action would be political, the spam
> handling situation is too convenient excuse to pass up.
>
> On Thu, 2008-07-24 at 12:57 +0300, Noam Rathaus wrote:
> > Hi,
> >
> > Has anyone here tried to get the Bezeq Internation, Barak or Netvision to
> > get them off the blacklisting found here:
> > http://www.uceprotect.net/en/rblcheck.php
> >
> > Apparently all the Israeli ISP are blacklisted here (any host you put
> > there in their hosting range) - and all because they don't have a policy
> > of cleaning up their network from spammers.
> >
> > This means we are all losing emails we send because our ISPs are doing a
> > bad job.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[Noam Rathaus]

Hi,

So you use an external service for emails?

If so who?

Otherwise, do you have you server in the US (or elsewhere) just for that?

On Thursday 24 July 2008 13:14:26 Dotan Cohen wrote:
> On 2008-07-24, Noam Rathaus <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > Has anyone here tried to get the Bezeq Internation, Barak or Netvision to
> > get them off the blacklisting found here:
> > http://www.uceprotect.net/en/rblcheck.php
> >
> > Apparently all the Israeli ISP are blacklisted here (any host you put
> > there in their hosting range) - and all because they don't have a policy
> > of cleaning up their network from spammers.
> >
> > This means we are all losing emails we send because our ISPs are doing a
> > bad job.
>
> The solution is to have Bezeq, Netvision, and the other Israeli ISPs
> to behave responsibly. I agree with blacklisting them until they clean
> up their act.
>
> That said, this is the reason that I do not trust _any_ ISP with my email.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[Omer Zak]

I have E-mailed my ISP about this.

You may want to add to your E-mail to your ISP also your concerns that
since ALL Israeli ISPs are blacklisted, the entire country is in danger
of being backlisted as a country.

While the real reason for such an action would be political, the spam
handling situation is too convenient excuse to pass up.


On Thu, 2008-07-24 at 12:57 +0300, Noam Rathaus wrote:
> Hi,
> 
> Has anyone here tried to get the Bezeq Internation, Barak or Netvision to get 
> them off the blacklisting found here:
> http://www.uceprotect.net/en/rblcheck.php
> 
> Apparently all the Israeli ISP are blacklisted here (any host you put there 
> in 
> their hosting range) - and all because they don't have a policy of cleaning 
> up their network from spammers.
> 
> This means we are all losing emails we send because our ISPs are doing a bad 
> job.

-- 
"Kosher" Cellphones (cellphones with blocked SMS, video and Internet)
are menace to the deaf.  They must be outlawed!
(See also: 
http://www.zak.co.il/tddpirate/2006/04/21/the-grave-danger-to-the-deaf-from-kosher-cellphones/)
My own blog is at http://www.zak.co.il/tddpirate/

My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Ad-hoc wireless connection... Help?

[Gilboa Davara]

Hello all,

I'm trying to setup a temporary ad-hoc wireless connection between my
firewall (CentOS5) and my laptop. (F9, NM disabled)
The wireless connection will sit on the "red" side of the firewall (and
will be disabled most of the time), so passphrase security should be OK.
(At least for now)

As far as I could gather (By using google), I should issue
(more-or-less) the same commands on both ends.
E.g.:

FW: (rt61)
$ ifconfig ra0 192.168.200.1 up
$ iwconfig ra0 channel 11 rate 11M key XX essid name

Notebook: (Intel chipset)
$ ifconfig wlan0 192.168.200.2 up
$ iwconfig wlan0 channel 11 rate 11M key XX essid name

Ping doesn't work; ARP doesn't resolve IPs.
What am I doing wrong?

- Gilboa

P.S. AFAIK the rt61 driver doesn't support Master mode, so I cannot
setup an AP and I rather not use a permanent wireless AP.




=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Israeli ISP and Blacklisting

[Dotan Cohen]

On 2008-07-24, Noam Rathaus <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Has anyone here tried to get the Bezeq Internation, Barak or Netvision to get
> them off the blacklisting found here:
> http://www.uceprotect.net/en/rblcheck.php
>
> Apparently all the Israeli ISP are blacklisted here (any host you put there in
> their hosting range) - and all because they don't have a policy of cleaning
> up their network from spammers.
>
> This means we are all losing emails we send because our ISPs are doing a bad
> job.
>

The solution is to have Bezeq, Netvision, and the other Israeli ISPs
to behave responsibly. I agree with blacklisting them until they clean
up their act.

That said, this is the reason that I do not trust _any_ ISP with my email.

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Israeli ISP and Blacklisting

[Noam Rathaus]

Hi,

Has anyone here tried to get the Bezeq Internation, Barak or Netvision to get 
them off the blacklisting found here:
http://www.uceprotect.net/en/rblcheck.php

Apparently all the Israeli ISP are blacklisted here (any host you put there in 
their hosting range) - and all because they don't have a policy of cleaning 
up their network from spammers.

This means we are all losing emails we send because our ISPs are doing a bad 
job.

-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: nfs problems

[Erez D]

FYI,

i removed the nfs-user-server and install nfs-kernel-server and
everything works now ...

On Wed, Jul 9, 2008 at 3:21 PM, Erez D <[EMAIL PROTECTED]> wrote:
> hi
>
> i have a diskless client booting with tftp and nfsroot (debian lenny on
> kurobox-pro, as client, pc with hardy64 as server)
>
> the whole filesystem is mounted via (rw,no_root_squash)
>
> on the client:
> when i try to create a new file - no problems
> when i try to edit that file, i get : "Can't open file for writing", and the
> file is truncated to zero size
> looking from the nfs server verifies that the file was truncated ...
>
> i.e.
>
> vi /etc/newfile
> :w -> sucess (my information is saved correctly)
> :w (again) -> Can't open file for writing, ( and file is truncated to size 0
> )
>
> if i try to read/write the file from the nfs-server, it works just fine.
>
>
> any idea ?
>
> erez.
>
>
>
>

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]