Re: SORBS Contact
On Sun, 13 Aug 2006 21:11:58 -0700 David Schwartz [EMAIL PROTECTED] wrote: Obligation to _whom_? My only obligations are to those who _pay_ me for access to my systems/resources. If the people who *do* pay me for use of my systems/resources don't want that cr*p, then I do 'have an obligation' to _not_ deliver that traffic. Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it. You do realize that when we talk about sending data we are using language in a very loose way, right? Data isn't actually sent. When I send a packet of data, I still retain that data. If you lose it you have only lost your copy of it, not mine. Are you one of those people that makes an extra photcopy when you have to fax one to someone? Your argument is similar to a mall that claims they can shoot people who It is illegal to shoot people whether they enter your mall or not. The same would be the case if I used FedEx to return something of yours to you. If they destroyed your property, you would have a claim against them even though you didn't pay them for anything. IANAL but I am pretty sure that my claim would be against you, not FedEx. You would have to counter claim against FedEx because you made the contract with them. -- D'Arcy J.M. Cain darcy@druid.net | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 425 1212 (DoD#0082)(eNTP) | what's for dinner.
Re: SORBS Contact
David Schwartz wrote: Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it. The nonsense is here! I am not a lawyer, but I am pretty sure that if you abandon property (stretching the definition of property to get you foolishness into view) that I did not ask for on my property, I am am pretty sure that not only can I abate the nuisance, I in doing so have a tort claim against you for the damage and the cost of abatement. triviata deletia -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: SORBS Contact
Laurence F. Sheldon, Jr. wrote: David Schwartz wrote: Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it. The nonsense is here! I am not a lawyer, but I am pretty sure that if you abandon property (stretching the definition of property to get you foolishness into view) that I did not ask for on my property, I am am pretty sure that not only can I abate the nuisance, I in doing so have a tort claim against you for the damage and the cost of abatement. triviata deletia Too bad I'm no longer bright enough to read my own .sig! Among other things, it says there from time to time: Ex turpi causa non oritur actio which I believe to be Lawyer Latin for No cause of action may be founded upon an immoral or illegal act. (Thanks sixthformlaw.info for the quotation.) -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: SORBS Contact
On Sun, 13 Aug 2006 21:11:58 PDT, David Schwartz said: Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it. Of course, that only applies if you're dumb enough to answer '250 OK' to the '.' after the DATA. You 5xx that puppy anywhere before that, and you haven't taken custody of that data... pgpQOH1qXbosA.pgp Description: PGP signature
Re: SORBS Contact
On Aug 14, 2006, at 12:00 PM, [EMAIL PROTECTED] wrote: On Sun, 13 Aug 2006 21:11:58 PDT, David Schwartz said: Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it. Of course, that only applies if you're dumb enough to answer '250 OK' to the '.' after the DATA. You 5xx that puppy anywhere before that, and you haven't taken custody of that data... This is ridiculous (not your argument, Valdis, but the whole thread in general). If my customers ask me to, or accept via subscribing to a service with a TOS that so permits, me accepting their mail and throwing it away silently, then that's between me and them, nobody else. This is no different from me authorizing Mail Boxes Etc to be my proxy for UPS packages, and them being allowed to simply discard anything from, say, an ex-wife. My ex-wife has no claim, in this hypothetical, against MBE for tossing my package in the trash, because they're acting as my agent. Now, *I* might have a claim against MBE, if I never authorized them to do so and they didn't have a terms-of-service document which I'd agreed to (actively or passively) which said they could do it, but that's a claim between my agent and myself, not the sender. Cheers, D -- Derek J. Balling Manager of Systems Administration Vassar College 124 Raymond Ave Box 0406 - Computer Center 217 Poughkeepsie, NY 12604 W: (845) 437-7231 C: (845) 249-9731 smime.p7s Description: S/MIME cryptographic signature
RE: SORBS Contact
[combined responses] You do realize that when we talk about sending data we are using language in a very loose way, right? Data isn't actually sent. When I send a packet of data, I still retain that data. If you lose it you have only lost your copy of it, not mine. The packet includes its origin, destination, next hop, and like information. If the copy were identical to the original in all respects, it would not be a copy. There must be some distinction between the two, and it is that distinction that makes the copy useful. (That's why you made it.) Are you one of those people that makes an extra photcopy when you have to fax one to someone? Why fax something to someone at all then? If the fax really is the same as the original, why bother faxing? Obviously, there is a difference between the two copies, and the value of the duplicate is in that difference. The fact that the information can change physical form doesn't mean it isn't a coherent object. For example, my car may exchange electrons with your sidewalk, but that doesn't make it any less my car. The value of the car is not in which particular electrons it has (which can change) but in their arrangement and utility (which does not). If I have some information that I want to get to a particular place, and I make a copy and dispatch it toward its destination, that copy with its destination information behaves just like my car does. It changes on the way, but it does not ever become any less my car (or the ultimate recipient's car) regardless of whose roads it travels over. Your argument is similar to a mall that claims they can shoot people who It is illegal to shoot people whether they enter your mall or not. Precisely. Your obligation not to destroy someone else's data is a basic tort obligation that applies to how you must treat other people's property, even if it happens to be on your network. The same would be the case if I used FedEx to return something of yours to you. If they destroyed your property, you would have a claim against them even though you didn't pay them for anything. IANAL but I am pretty sure that my claim would be against you, not FedEx. You would have to counter claim against FedEx because you made the contract with them. You could make a claim against me and I could counter claim against FedEx. But you could also claim against FedEx directly. They destroyed your property. Whatever you're smoking, you've really gotta share some with the rest of us. :P I guarantee you that there is not a single packet that I will route which is neither from nor to someone I have a contract with. If you want to give away free service to people without contracts that is your right, but I sure as hell don't have to. Transit networks route many packets that are neither from nor to anyone they have a contract with. They pass the traffic from aggregators to aggregators. This is the same as a person who walks from store to store in a mall even though he has no contract with the stores, the stores have contracts with the mall. Packets are not property, there is no intrinsic value in returning them to sender. Plus I guarantee you if you drop off a package with Fedex and don't pay for it (thus entering into a contract with them for services), they will eventually throw it in the trash rather than deliver it. Packets are property. There is no value in returning them to sender but there is value in delivering them to the recipient. If the lack of return value is evidence against property, why is the presence of delivery value not evidence for? I don't deny that you can drop a packet on the floor if nobody paid you to carry it and you did nothing to solicit its presence on your network. That is not the same as the case where somebody paid you to carry the packet, but the person who paid you is not the owner of the packet but merely someone similarly contracted by the owner. This is no different from me authorizing Mail Boxes Etc to be my proxy for UPS packages, and them being allowed to simply discard anything from, say, an ex-wife. My ex-wife has no claim, in this hypothetical, against MBE for tossing my package in the trash, because they're acting as my agent. You are quite correct *if* they are the agent for the intended recipient. In the general case, a transit carrier will not be an agent for the intended recipient and possibly not for the originator either. Of course, that only applies if you're dumb enough to answer '250 OK' to the '.' after the DATA. You 5xx that puppy anywhere before that, and you haven't taken custody of that data... Exactly. I think the mail case is simpler though because it is quite rare for an email message to wind up in the hands of someone who has no contractual relationship with either the sender or the recipient. Exceptions would include things like relay rape where I
Re: SORBS Contact
The thread was originally very benefitial (for me, as we use SORBS and provide some basic SMTP services), despite being somewhat off-topic for NANOG... but has now evolved into the Battle of Awful Analogies(tm). Discussions of this type always resort to the same analogy, for that matter: cars. It seems we've reached that point. Also, as I'm still fairly new here: why do so many NANOG threads go this route (pun intended)? Are some folks here unable to simply say what they mean? Just curious. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networkinghttp://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Re: SORBS Contact
On Sun, 2006-08-13 at 13:29, Robert Bonomi wrote: If you want 'reliable' delivery, you _pay_ the recieving system (and the intermediaries) for that service. Your lack of patience with something other people _give_ you the free use of is, quite simply, an inexcusable display of arrogance and presumption. here here! very well said entire post, I have left only this para tho, because my second comment, and thats my suggestion is they can pay for a co-located machine that they can go out and get a domain for and run their own mail server on and get as much spam and virus's they want :) that of course will never interfere with 99. reptv % of customers *dont* want. -- Regards, Noel Butler System Administrator Internet Services L.C.P No. 251002 http://counter.li.org --- This Email and any attachments may contain legally privileged information and remains confidential. You may not reveal any of the contents to anyone without the authors express authority to do so. If you are not the intended recipient please notify the sender of this error and delete immediately. ---
RE: SORBS Contact
Last time I saw someone so strenously crying that 'thou must accept mail' and trying so hard to justify why we should accept it was a low life toss pot scum sucking spammer, ooops I mean direct marketer, ahh stuf fit, both the same thing ...not implying anything here but if the shoe fits On Tue, 2006-08-15 at 06:46, David Schwartz wrote: [combined responses] You do realize that when we talk about sending data we are using language in a very loose way, right? Data isn't actually sent. When I send a packet of data, I still retain that data. If you lose it you have only lost your copy of it, not mine. The packet includes its origin, destination, next hop, and like information. If the copy were identical to the original in all respects, it would not be a copy. There must be some distinction between the two, and it is that distinction that makes the copy useful. (That's why you made it.) Are you one of those people that makes an extra photcopy when you have to fax one to someone? Why fax something to someone at all then? If the fax really is the same as the original, why bother faxing? Obviously, there is a difference between the two copies, and the value of the duplicate is in that difference. The fact that the information can change physical form doesn't mean it isn't a coherent object. For example, my car may exchange electrons with your sidewalk, but that doesn't make it any less my car. The value of the car is not in which particular electrons it has (which can change) but in their arrangement and utility (which does not). If I have some information that I want to get to a particular place, and I make a copy and dispatch it toward its destination, that copy with its destination information behaves just like my car does. It changes on the way, but it does not ever become any less my car (or the ultimate recipient's car) regardless of whose roads it travels over. Your argument is similar to a mall that claims they can shoot people who It is illegal to shoot people whether they enter your mall or not. Precisely. Your obligation not to destroy someone else's data is a basic tort obligation that applies to how you must treat other people's property, even if it happens to be on your network. The same would be the case if I used FedEx to return something of yours to you. If they destroyed your property, you would have a claim against them even though you didn't pay them for anything. IANAL but I am pretty sure that my claim would be against you, not FedEx. You would have to counter claim against FedEx because you made the contract with them. You could make a claim against me and I could counter claim against FedEx. But you could also claim against FedEx directly. They destroyed your property. Whatever you're smoking, you've really gotta share some with the rest of us. :P I guarantee you that there is not a single packet that I will route which is neither from nor to someone I have a contract with. If you want to give away free service to people without contracts that is your right, but I sure as hell don't have to. Transit networks route many packets that are neither from nor to anyone they have a contract with. They pass the traffic from aggregators to aggregators. This is the same as a person who walks from store to store in a mall even though he has no contract with the stores, the stores have contracts with the mall. Packets are not property, there is no intrinsic value in returning them to sender. Plus I guarantee you if you drop off a package with Fedex and don't pay for it (thus entering into a contract with them for services), they will eventually throw it in the trash rather than deliver it. Packets are property. There is no value in returning them to sender but there is value in delivering them to the recipient. If the lack of return value is evidence against property, why is the presence of delivery value not evidence for? I don't deny that you can drop a packet on the floor if nobody paid you to carry it and you did nothing to solicit its presence on your network. That is not the same as the case where somebody paid you to carry the packet, but the person who paid you is not the owner of the packet but merely someone similarly contracted by the owner. This is no different from me authorizing Mail Boxes Etc to be my proxy for UPS packages, and them being allowed to simply discard anything from, say, an ex-wife. My ex-wife has no claim, in this hypothetical, against MBE for tossing my package in the trash, because they're acting as my agent. You are quite correct *if* they are the agent for the intended recipient. In the general case, a transit carrier will not be an agent for the intended recipient and possibly not for the originator either. Of course, that only applies if
Re: SORBS Contact
On Tue, 2006-08-15 at 02:13, Derek J. Balling wrote: Of course, that only applies if you're dumb enough to answer '250 OK' to the '.' after the DATA. You 5xx that puppy anywhere before that, and you haven't taken custody of that data... This is ridiculous (not your argument, Valdis, but the whole thread in general). Valdis's is correct, before the DATA is akin to hello anybody home and then does jack live there if I say yes he does, it does not mean you can come in just because jack lives there This is no different from me authorizing Mail Boxes Etc to be my proxy for UPS packages, and them being allowed to simply discard It is very different because you hold a physical package or something for someone you are paid by somebody to do it, unless you operate a charity -- Regards, Noel Butler System Administrator Internet Services L.C.P No. 251002 http://counter.li.org --- This Email and any attachments may contain legally privileged information and remains confidential. You may not reveal any of the contents to anyone without the authors express authority to do so. If you are not the intended recipient please notify the sender of this error and delete immediately. ---
RE: SORBS Contact
Obligation to _whom_? My only obligations are to those who _pay_ me for access to my systems/resources. If the people who *do* pay me for use of my systems/resources don't want that cr*p, then I do 'have an obligation' to _not_ deliver that traffic. Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it. Your argument is similar to a mall that claims they can shoot people who don't buy anything. After all, their only obligation is to those who pay them. But of course neither you nor they can do that. By setting up a network and connecting it to the Internet, you know that you will sometimes carry packets that are neither from nor to someone with whom you have a contract. Those are not your packets, and you have no contract with their owners, but you handle them in the ordinary course of your business, so you have a variety of tort obligations to them. The same would be the case if I used FedEx to return something of yours to you. If they destroyed your property, you would have a claim against them even though you didn't pay them for anything. I see the view you are expressing quite commonly among network operators and it is, IMO, dangerous. It is, of course, your network. But it handles other people's data. Of course, you can protect your own network. Just as FedEx can destroy a bomb if someone tries to ship it through them. But you cannot do whatever you want with your packets unless they really are your packets. I will defend your right to do anything reasonable. However, it is incorrect and dangerous to assert that because it's your network you can do anything you want. Even if it's your mall, you can't invite people into it and then shoot them just because you have no contract with them. DS
Re: SORBS Contact
On Sun, Aug 13, 2006 at 09:11:58PM -0700, David Schwartz wrote: Your argument is similar to a mall that claims they can shoot people who don't buy anything. After all, their only obligation is to those who pay them. But of course neither you nor they can do that. By setting up a network and connecting it to the Internet, you know that you will sometimes carry packets that are neither from nor to someone with whom you have a contract. Those are not your packets, and you have no contract with their owners, but you handle them in the ordinary course of your business, so you have a variety of tort obligations to them. Whatever you're smoking, you've really gotta share some with the rest of us. :P I guarantee you that there is not a single packet that I will route which is neither from nor to someone I have a contract with. If you want to give away free service to people without contracts that is your right, but I sure as hell don't have to. The same would be the case if I used FedEx to return something of yours to you. If they destroyed your property, you would have a claim against them even though you didn't pay them for anything. Packets are not property, there is no intrinsic value in returning them to sender. Plus I guarantee you if you drop off a package with Fedex and don't pay for it (thus entering into a contract with them for services), they will eventually throw it in the trash rather than deliver it. Of course, you can protect your own network. Just as FedEx can destroy a bomb if someone tries to ship it through them. But you cannot do whatever you want with your packets unless they really are your packets. The only thing you probably CAN'T do is take someone else's packets that were sent to you (either under contract or not) and sniff or alter them for the purpose of doing something Bad (tm) with the data (probably because said bad activity is already convered under some existing law, e.g. no extorting people, no impersonating others, etc). -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: SORBS Contact
From [EMAIL PROTECTED] Wed Aug 9 22:00:58 2006 To: nanog@merit.edu Subject: Re: SORBS Contact From: Allan Poindexter [EMAIL PROTECTED] Date: Wed, 09 Aug 2006 20:59:36 -0600 Matthew so would you consider as it is my network, that I should Matthew not be allowed to impose these 'draconian' methods and Matthew perhaps I shouldn't be allowed to censor traffic to and Matthew from my networks? If you want to run a network off in the corner by yourself this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic. Obligation to _whom_? My only obligations are to those who _pay_ me for access to my systems/resources. If the people who *do* pay me for use of my systems/resources don't want that cr*p, then I do 'have an obligation' to _not_ deliver that traffic. And _how_ I implement that, to the satisfaction of =my= customers, is NONE OF _YOUR_ BUSINSESS, since you are *not* one of my paying customers. I don't have to tell _you_ what I do; I don't have to listen to any of your 'complaints'; and I sure-as-hell don't have to defend, _to_you_, what I do. At LISA a couple of years ago a Microsoftie got up at the SPAM symposium and told of an experiment they did where they asked their hotmail users to identify their mail messages as spam or not. He said the users got it wrong some small percentage amount of the time. I was stunned at the arrogance and presumption in that comment. You can't tell from looking at the contents, source, or destination if something is spam because none of these things can tell whether the message was requested or is wanted by the recipient. The recipient is the only person who can determine these things. Do *you* _KNOW_ how hotmail came up with that determination that 'users got it wrong some small percentage of the time'? If you *don't*, you are exhibiting _at_least_ as much 'arrogance and presumption' as you accuse them of. I *KNOW*FOR*A*FACT*, that some people _do_, occasionally 'get it wrong'. I, _personally_, have done it. Be it an 'off-by-one' error in selecting and marking the message, to a long-delayed response to something _I_ sent, and that came in _without_ reference to what I sent, errors *DO* happen. Note: it can be _really_ easy to figure out if/when people mis-identify 'spam'. You ask them to classify a bunch of old messages, presented one at a time. You present the _same_ message *more*than*once*. If they mark it is 'good' three times, and 'spam' once. Then they *did* 'get it wrong' -- it's not certain _which_ way they 'got it wrong', but it *IS* absolutely certain that they did 'get it wrong' at least once. I've seen some of the stuff AOL _users_ flag as 'spam' -- content analysis *alone* virtually guarantees that they were flagged in error. Things like college acceptance letters from Division I schools, bank overdraft notices, NDRs for mail they themselves *sent*, 'delivery receipts' and/or 'read receipts' that they had _requested_ on mail they sent out, etc., etc. There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email lost silently due to blacklists, etc. is growing thin. If you want 'reliable' delivery, you _pay_ the recieving system (and the intermediaries) for that service. Your lack of patience with something other people _give_ you the free use of is, quite simply, an inexcusable display of arrogance and presumption.
Re: SORBS Contact
Steve Sobol wrote: Allan Poindexter wrote: Matthew so would you consider as it is my network, that I should Matthew not be allowed to impose these 'draconian' methods and Matthew perhaps I shouldn't be allowed to censor traffic to and Matthew from my networks? If you want to run a network off in the corner by yourself this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic. In many cases, that is a gross overgeneralization. Do you think anyone really wanted the Slammer worm, or complained when ISP's blocked it? I suspect he really means that. The whole game here is maximum dollar for minimum service. I was pretty much chased off of NANOG some years ago because of my undiplomatic insistence that the SP's had an obligation to block evil traffic (which in those would have been an easier matter than it is today). And yes, I didn't handle the diversionary flame wars and ad hominem attacks very well. Don't bother yourself, anybody, with looking them up. I work for a company that is contractually obligated to NOT carry certain traffic for our clients. the users got it wrong some small percentage amount of the time. I was stunned at the arrogance and presumption in that comment. You can't tell from looking at the contents, source, or destination if something is spam because none of these things can tell whether the message was requested or is wanted by the recipient. The recipient is the only person who can determine these things. You're right. But... So what? Perhaps it's because you're seeing things from an academic point of view and not from a business point of view, but your post mention nothing about contracts. People generally use DNSBLs without any formal agreement as to what they should expect. Without any formal agreement, you really can't talk about obligations to deliver traffic. In this case, your recourse is to not use the DNSBL. If you're mailing someone who has a DNSBL, you (as the sender) have *no* recourse other than to complain to the DNSBL user. Plus, as I pointed out earlier, some people contract with service providers to prevent certain traffic from getting to their networks (not just spam, either). There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email lost silently due to blacklists, etc. is growing thin. You're certainly welcome to encourage others not to use blacklists. Just understand that you have no right to complain when they decide to continue using those blacklists. Having said that, do understand that I don't think DNSBL's are a panacea, nor are their operators perfect. But in many cases, they can be a useful tool in the anti-spam arsenal. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: SORBS Contact
You're certainly welcome to encourage others not to use blacklists. Just understand that you have no right to complain when they decide to continue using those blacklists. Having said that, do understand that I don't think DNSBL's are a panacea, nor are their operators perfect. But in many cases, they can be a useful tool in the anti-spam arsenal. Weighing in with an opinion, as bad as blacklists *may be*, at least they let the sender know something's up. Not in an artful way, to be sure, but they give some notice. The sender can do _something_, including dropping his association with the recipient b/c it's not worth his time and trouble. Blackholing email because you think it's spam, OTOH, is pure evil. -- _ Nachman Yaakov Ziskind, FSPA, LLM [EMAIL PROTECTED] Attorney and Counselor-at-Law http://ziskind.us Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants
Re: SORBS Contact
Weighing in with an opinion, as bad as blacklists *may be*, at least they let the sender know something's up. Not in an artful way, to be sure, but they give some notice. The sender can do _something_, including dropping his association with the recipient b/c it's not worth his time and trouble. Blackholing email because you think it's spam, OTOH, is pure evil. Host type can only be used as a relatively small weighting factor toward blocking connections. However in the absence of any other reputation data on a particular IP, it's a safe way to trigger throttling or rate limiting. IMHO receivers have a right to filter traffic in any way that reduces abuse while serving the needs of their end users. There is a lot of pressure from end users and legitimate email senders to ensure that whatever blocking strategy is in use ensures that the good stuff is not blocked. Regards, Ken -- MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com -- Suite 203, 910 Richards St. Vancouver, BC, V6B 3C1, Canada Direct: +1-604-729-1741
Re: SORBS Contact
Ken Simpson wrote (on Fri, Aug 11, 2006 at 09:09:33AM -0700): Weighing in with an opinion, as bad as blacklists *may be*, at least they let the sender know something's up. Not in an artful way, to be sure, but they give some notice. The sender can do _something_, including dropping his association with the recipient b/c it's not worth his time and trouble. Blackholing email because you think it's spam, OTOH, is pure evil. Host type can only be used as a relatively small weighting factor toward blocking connections. However in the absence of any other reputation data on a particular IP, it's a safe way to trigger throttling or rate limiting. IMHO receivers have a right to filter traffic in any way that reduces abuse while serving the needs of their end users. There is a lot of pressure from end users and legitimate email senders to ensure that whatever blocking strategy is in use ensures that the good stuff is not blocked. I agree that IP by itself is of limited usefullness. My main point was that, however you came to your decision (today I'm not accepting SMTP from hosts with the number nine in their IP), you should reject mail you don't want, not accept it and toss it. -- _ Nachman Yaakov Ziskind, FSPA, LLM [EMAIL PROTECTED] Attorney and Counselor-at-Law http://ziskind.us Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants
Re: SORBS Contact
Michael Nicks wrote: Actually I think this thread progressed from someone getting dirty blocks, to complaining about liberal-listing-RBLs (yes SORBS is one), to RBLs defending themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements. Best Regards, -Michael Again please parse you and your as being generic and not targeted at Michael, this is merely a reply. (except in the first series of interrogatories, nor do I have any evidence that Michel is currently or has ever hosted anyone who has caused a listing in the AHBL) So, we shouldn't enforce _our_ policies on _our_ sites, that _our_ users agree with and assume that we follow because it's inconvenient for _you_? Assuming that I follow the rules that I have established, and published for review for the running of my list, how are my practices broken? Can I not conceivably list anyone who falls afoul of my listing policies at any time? Why should I, someone with years of experience running, maintaining and defending a DNSBL listen to you who lacks such experience (to my knowledge) as to how to run my list? Why should I, with the above mentioned points of experience listen to you as to how to run my list when your advice is in conflict with the policies that my list abides by, and that my uses expect and trust that I follow? Should I also listen to your thoughts on routing protocols so as to ensure you are not required to jump through hoops? Perhaps I should consult with you in designing my web site for similar reasons? Maybe I should have you review my security so that my network is not overly burdensome to you? Or, maybe I should show up at your facilities and start ripping out patch cables and torching servers and equipment used to provide service to people who fall afoul of my listing policies. I really don't think that you'd appreciate that. Therefore your statement that you should not have to jump through hoops is unsupportable. And believe me when I say this, there's a long list of people on the Internet that I consider to be idiots, and a large local deny file on my mailservers for entities I don't like, or don't want mail from that never make it into the AHBL. I, and Matthew (to my knowledge) does not bend the rules simply because it's convenient, or because the idiot deserved it. On the front page of the AHBL's website is a link in size 4 bold font. If you were told to come here to get removed from our list, please see this page. If you are for some reason incapable of figuring out how to follow the link, navigating your way to the lookup page in the subsequent instructions, and then determining and entering your IP address; then why are you running a mail server in the first place? Also on our site is our policies which every volunteer with access to the AHBL has read and agreed to follow. We also monitor raw incoming submissions to ensure the volunteers DO follow them. So feel free to read our policies, and if you like them, feel free to use our list if it suits your needs. If it does not, please feel free to direct your opinions to the bitbucket unless you want to come to me with both a problem and a rational solution, instead of bitching about how I do volunteer work. Andrew
Re: Question for the List Maintaners -- (Re: SORBS Contact)
Steve Sobol wrote: Matthew Sullivan wrote: replied off list Something to consider before replying: is this on or off topic for NANOG? (personally I think part of this is on topic, other parts of the thread are definitely off topic) It has been agreed that spam is offtopic, although the issue of hijacked netblocks certainly isn't. So I probably should have replied to you off-list (apologies to everyone else for lowering the S:N ratio). I don't know what the official word is on whether DNSBL operations in general are on-topic for this list. I would appreciate if the people in charge of deciding such things could tell me whether DNSBLs are on-topic or not... List maintainers, would you please rule on whether: 1/ DNSbl operations are on or off topic. 2/ Hijacked netblocks are on/off topic (I suspect on topic, but would like to see an official word). Regards, Mat
Re: SORBS Contact
hit D now, i've been trolled. [EMAIL PROTECTED] (Allan Poindexter) writes: ... I have one email address that has: ... In short it should be one of the worst hit addresses there is. All I have to do to make it manageable is run spamassassin over it. may the wind always be at your back. my troubles are different than yours, and i hope i can count on your support if i feel compelled take more drastic measures than you're taking. especially since one of my troubles is about a moral issue having to do with mutual benefit. if an isp's business success depends on them using access granted under an implied mutual benefit covenant and they decide to operate in a sole benefit manner, they can't expect me to continue to accept their traffic or their customer's traffic. simpler put, i won't run spamassassin to figure out what might or might not be spam after i receive it -- i'll just reject everything they send me. just because i think the linux kernel people are insane when they illegalize binary or proprietary kernel modules, doesn't mean i'm ready to live in a world where anyone on the internet can shift their costs to me with impunity. but i respect your right to treat your inbox as you see fit. can you say the same about me and my rights and my inbox, mr. poindexter? That is the mildest of several measures I could use to fix the spam problem. If it became truly impossible I could always fall back to requiring an address of the form apoindex+password and blocking all the one's that don't match the password(s). That would definitely fix the problem and doesn't require any pie in the sky re-architecting of the entire Internet to accomplish. if you wish to accept those costs, i hope noone opposes you. but i'm not willing to live that way, and i hope you won't try to force me to? For almost a decade now I have listened to the antispam kooks say that spam is going to be this vast tidal wave that will engulf us all. that would be me, and it has. Well it hasn't. It doesn't show any sign that it ever will. In the meantime in order to fix something that is at most an annoyance people in some places have instigated draconian measures that make some mail impossible to deliver at all or *even in some case to know it wasn't delivered*. The antispam kooks are starting to make snail mail look good. It's pathetic. that paragraph seems to be semantically equal to shut up and eat your spam so i hope i'm misinterpreting you. otherwise, it's your word, pathetic. The functionality of my email is still almost completely intact. The only time it isn't is when some antispam kook somewhere decides he knows better than me what I want to read. Spam is manageable problem without the self appointed censors. Get over it and move on. damn. i've been trolled. sorry everybody. -- Paul Vixie
Re: SORBS Contact
On Wed, 9 Aug 2006, Allan Poindexter wrote: william In the way you describe it any spam filter is bad any spam william filter manufacturer should go to jail... Manufacturer? No. It is perfectly permissible for a recipient to run a filter over his own mail if he wishes. An RBL is in fact kind-of like spam filter manufacturer or more precisely RBL operator is like spam filter manufacturer. I've not heard of antispam product manufacturer ever being in court because of spam classification problems with their product; in fact I've not even seen successful case brought against Microsoft and we do all know how much spam comes through because of deficiencies in their product... In any case I think what you have a problem with is not RBL lists or anti-spam filtering but situation where lists and filters are used without your knowledge and approval by your ISP[*] to filter your mail. My suggestion to you is to either have your own domain and run your own filtering system or to choose an ISP that provides you with capabilities to control their spam filter, for example by way of using SIEVE scripts. [*] I do want to point out though that if domain is owned by ISP they can decide what rules to set for their users. Any email address you get within that domain is not really yours but basically you're licensed to use that address as long as you pay your service fees and agree to policies and rules of the ISP (and license is in fact correct term because often enough company would have a trademark on their name and so when you use email address with such a name you need their permission, i.e. a license). I have in the past considered this antispam stuff ill advised or something I oppose. Expect me to fight it tooth and nail from now on. You need to understand first who to fight. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: SORBS Contact
On Aug 9, 2006, at 1:06 PM, Matthew Sullivan wrote: This is also why I took the time to create: http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt The reason I do not like RDNS naming scheme is because it forces one particular policy as part of the name. This is absolutely not expendable and incorrect architecture as RDNS is general concept for use with any number and types of protocols. What needs to be done is that policy record is associated with an address or name itself. The record can be a policy for specific protocol or maybe a general records that can support policies for multiple protocols. My preference is that you lookup RDNS name and they do additional lookup when you do need a policy information (this can for example be done with SPF record). Others have advocated putting policy record as TXT directly in IN-ADDR zone which is ok as well though I think PTR name is better because it allows to collect related names together and list with one policy (kind of like common static name schemes in fact). The idea being a common but extensible naming scheme for organisations want to specify generic/generated records rather than go to the hassle of creating individual records for each customer/host. If you generate a record you might as well generate some other record to go along with it, not that difficult. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: SORBS Contact
There is one very key point to make in this, use of *any* RBL is up to individual networks, no one makes anyone use them, and those that do must know and accept all risks involved when dealing with DUL's, SORBS operates a zone 'just for vernom' as well, just like spamcop and njabl and others, but if a network like many I can name want to use the full coverage , that is up to us, we know the risks and believe it does more good, EVERYTHING will have collateral damage and we know and accept that. On Thu, 2006-08-10 at 09:59, Matthew Sullivan wrote: Actually that's debatable - the SORBS DUHL is about IPs assigned to hosts/people/machines dynamically. We do not list addresses where the ISP have sent the list explictitly saying 'these are static hosts, but they are not allowed to send mail' - similarly we do list hosts in the DUHL where the ISP has said 'these are dynamic but we allow them to send mail' - it's about the people using the SORBS DUHL for their purposes, not for helping ISPs getting around the issue of whether to use SORBS as a replacement to port 25 blocking. Regards, Mat
Re: SORBS Contact
On 10 Aug 2006, at 00:06, Matthew Sullivan wrote: [...] This is also why I took the time to create: http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic- naming-schemes-00.txt Why is this information being encoded into the regular PTR records that already have another purpose, thus reducing its usefulness? It seems the only purpose is as a bandaid over dumb SORBS policy. Create a new SPF-like record if you want *additional* information in DNS. Don't clobber an existing service. There are things in the works that will enable the most complained about aspects of SORBS to be fixed and to go away permanently... The only thing that is delaying it is developer time... So I will say this publicly - those that want to see drastic changes @ SORBS that are, or have access to a perl coder with SQL knowledge, and is able to spend 20-40 hours of pure coding time writing a user interface for user permissions roles in Perl contact me off list as the user interface is the only thing that is holding up moving to the beta stage of the SORBS2 database. I have the skills and time, but zero inclination to support SORBS. In fact, I think I'll hack my mostly-default SpamAssassin configuration to ignore SORBS. Grepping mailboxes for the SA tag suggests that SORBS makes no difference in detecting spam, and it tags a number of legitimate correspondents, including, it appears, Spamcop at 204.15.82.27. (I'm going by the tags SA added to the message since I can't get past the CAPTCHA on your website to query that address.) Blacklisting competitors is a low and dirty trick.
Re: SORBS Contact
I'm not picking on William here; his message was just the last I saw in this thread which has gotten way out of hand. I have not discussed this thread with my fellow list admin team members either, though we can do that... But it would make our (the list admin team's) lives easier, as well as the lives of everyone else who reads nanog@, if people would REFRAIN FROM REPLYING to this thread and take it to a forum that specializes in generating bits by flaming about RBLs. Thank you in advance for your forbearance, ---Rob (member of nanog-admin, the [EMAIL PROTECTED] list admin team)
Re: SORBS Contact
On Wed, Aug 09, 2006 at 10:29:52PM -0500, Robert J. Hantson wrote: So with all this talk of Blacklists... does anyone have any suggestions that would be helpful to curb the onslaught of email, without being an adminidictator? Yes. First, run a quality MTA -- that *requires* an open-source MTA that is subject to ongoing, frequent, and strenuous peer review. I recommend one of {postfix, sendmail, exim, courier}. I recommend against qmail. Second, use the built-in capabilities of that MTA to block SMTP traffic from misbehaving mail servers. Examples: (1) Use the greet_pause (sendmail) or equivalent feature. (2) enable checks for forward and reverse DNS existence. (3) enable checks for HELO/EHLO (only to see if it's a FQDN, not to see if it matches connecting host). (4) use postgrey (or equivalent) with whitelisting of hosts that are known to you. And so on -- each MTA has a myriad of features that boil down to reject mail from misbehaving hosts and those features can be used to reject an awful lot of spam. (Yes, these measures will also occasionally reject mail from hosts which are either running highly broken software or which are badly misconfigured. This is a feature, not a bug, and the onus is on the operators of those hosts to bring them into compliance with Internet standards, both codified and de facto.) Third, Put in the Spamhaus DROP list on your border routers/firewalls. There is no reason to accept ANY network traffic, nor send any network traffic to, any network on that list. Nothing good can come of it -- for you, that is. Update once a month. Fourth, use a judicious selection of DNSBLs/RHSBLs (to do outright rejection). I use and recommend: Spamhaus XBL (which is the XBL+CBL combined zone). NJABL DSBL TQMcube zone: dhcp SORBS zones: http, socks, misc, smtp, web, zombie, dul AHBL I've never had a FP from the first three over many years of use. I've had a handful of scattered FPs from the second three, but each has been quickly addressed by the zone's maintainers -- and about half of those weren't their fault anyway, but they still fixed the problem. Fifth, if you don't need to accept mail from certain countries: don't. Many people (including me) refuse all mail from Korean and Chinese IP space because *at their site* it's 100.00% spam. TQMcube provides DNSBls for that, as do others. (Conversely, if you happen to be in either of those countries, you may find that 100.00% of your incoming traffic from the US is spam...in which case you should consider blocking all US IP space.) Sixth, consider a combination of AV/AS measures. One such combination might be ClamAV and SpamAssassin; another might use those two glued together with Amavis-new. But: it's not worth doing this until you've done all the other stuff, because otherwise you will burden these (relatively) computationally-intensive programs with traffic that you could -- and should -- have already rejected near the beginning of the SMTP transaction. If you use SpamAssassin, you can also use various DNSBLs as part of weighted scoring. This is a fallback if you're not comfortable using them to do outright rejection. Seventh, do not use SMTP callbacks -- they are abusive and readily lend themselves to DDoS attacks. They're also pointless and stupid. Don't bother using DomainKeys/SPF/whatever -- these technologies were failures from the beginning despite grandiose promises (Spam as a technical problem is solved by SPF). And do everything possible to make sure you don't emit outscatter (aka backscatter): reject during the SMTP conversation, don't accept-then-bounce. Eighth, get on the mailing lists that discuss this, like Spam-L, spam-research, spam-tools, spambayes, etc. NANOG really isn't the best place for this conversation. Finally, and perhaps most importantly: don't be a source of spam or a supporter of it (by providing HTTP, DNS or other services to spammers). Make sure you have a working, unblocked abuse address, read it, and act on what you receive there promptly - by immediately and permanently revoking all services that you're providing to spammers. Make sure that you have a TOS/AUP in place that allows you to shut them down without prior notice -- i.e. the only warning they get is the one in the TOS/AUP when they sign it. Add a clause that allows you to confiscate their data/equipment -- this will deter a *lot* of spammers from even trying to sign up with you, which in turn will greatly diminish the risk to your network and the amount of work you may have to do later. (The only reason any network has persistent/systemic issues with spam (as opposed to sporadic/isolated issues, which can happen to anyone) is that its operators are (1) lazy (2) stupid (3) incompetent (4) greedy. There are no exceptions. There are also no excuses.) ---Rsk
rDNS naming conventions (was: Re: SORBS Contact)
on Thu, Aug 10, 2006 at 01:11:50AM -0700, william(at)elan.net wrote: On Aug 9, 2006, at 1:06 PM, Matthew Sullivan wrote: This is also why I took the time to create: http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt The reason I do not like RDNS naming scheme is because it forces one particular policy as part of the name. Fair enough. FWIW, I've seen a wide variety of naming schemes (I've got a project that collects these as an antispam/anti-botnet measure, and so far we've got around 16K conventions documented for 11K domains). I've read and commented on the ID above; I think Mat's heart is in the right place but his hopes are too high. Not just because his approach is too English-focused (what of correo for mail? what of other i18n variants for 'static' or 'dynamic'?) but because I've seen so many bad examples of people using rDNS for nothing useful at all, I doubt they'll suddenly wake up and realize hey! I could have encoded something useful and meaningful into my PTR! But it's a start. Among my favorites are those who feel it necessary to add 'rev', 'reverse', 'ptr', 'ip', etc. to the PTR along with some encoding of the IP itself. People, we *know* it's a PTR. If we didn't know the IP, we couldn't have looked it up, so it's rather fruitless to encode it in the PTR, don't you think? I'm guilty of the same thing, as the IP does provide a differentiator as well as a way to say {something}.domain, or this IP is not used for anything in particular, but it's still an area in need of some inquiry. Ideally, speaking as a mail admin, I'd prefer that any given PTR have some indication of: - the assignment type and duration (short-term pool, long-term dyn, static, etc.) - the technology in use (dialup, cable, dsl, wireless, etc.) - whether it's assigned for 'business' or 'personal' use (yeah, I know, lousy distinction, but suggest a better one) These are all useful for those who have to make judgement calls about whether to trust output from a given source; this is true regardless of protocol. It just happens that for some, email is in high relief; for others, it might be IRC or Web spammers or SMS or ssh dictionary attacks or whatever. Of the 16K naming conventions I've got handy, over 100 refer to IPs that are labeled in one manner or another as unassigned. Of course, I collected them from spam I received here, but they're officially not in use. Thanks! I guess I'll refuse all mail from them. Over half are classified as 'generic' - namely, there is so little useful information in them we can't tell whether they're dynamic, static, residential, dialup/dsl/cable/wireless, or anything. Many, in fact, just start with 'host' and end with some variant of the IP address encoded into the PTR. Only 682 of ~16K provide us enough information for us to judge them as plainly 'static'. (There are a few other classifications that may suggest static assignment, such as 'nat', 'vlan', 'lan', 'colo', 'webhost', etc. but that's just guesswork - 'dhcp' may strongly denote dynamic, as may 'pool', but we've seen static DHCP as well as static pools, whatever they are.) The most popular approach beyond the simple host-foo seems to involve encoding geographic information into the PTR; after that is perhaps advertising hosted.by.superwebhost! or redundancy bigisp-foo-bar-baz.dyn.bigisp.net. Worst among those who actually provide rDNS in SE Asia is probably tm.net.my, who name all of their customer PTRs 'tm.net.my'. Hm. Maybe encoding the IP in the PTR ain't such a bad idea after all, especially for tracking down mass mailing viruses that HELO with the value of their PTR through NATs. On the bright side, people seem to have mostly woken up to the idea that if you're going to put static/dynamic identifiers into the PTR, you need to do it rightwards, rather than leftwards e.g. 1-2-3-4.east-campus.resnet.dhcp.pool.dyn.miskatonic.edu rather than dyn-pool.dhcp.resnet-1-2.east.3-4.campus.miskatonic.edu as the former is easily collected in formats such as sendmail's access.db and doesn't require expensive regex overhead or many, many entries to cover a single class of listing. I'm definitely seeing a shift towards the former approach from the latter, though there are always the jokers like 'dynamic_dsl_client.dsl.gol.net.gy' who woke up and changed their _s to -s one day this year, but left the positional aspects as is. And yes, that's the *full name* of the PTR, so at least you can block it all with an access.db entry. Your point below about having different schemes for policies in different realms is on target, but doesn't mitigate the responsibility of all ISPs to provide some useful information about their services to remote systems; a well-designed PTR can do that as a first-stage effort while we wait for $PROTOCOL's $ENHANCEMENT to stop $ABUSE to wend its way through the standards committees and implementation. My preference is that you lookup RDNS
Re: rDNS naming conventions (was: Re: SORBS Contact)
On 8/10/06, Steven Champeon [EMAIL PROTECTED] wrote: redundancy bigisp-foo-bar-baz.dyn.bigisp.net. Worst among those who actually provide rDNS in SE Asia is probably tm.net.my, who name all of their customer PTRs 'tm.net.my'. Hm. Maybe encoding the IP in the PTR There's at least one vietnamese ISP that has / had till recently set localhost as rDNS for all their IPs. -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: rDNS naming conventions (was: Re: SORBS Contact)
On Thu, Aug 10, 2006 at 10:21:45AM -0400, Steven Champeon wrote: on Thu, Aug 10, 2006 at 01:11:50AM -0700, william(at)elan.net wrote: On Aug 9, 2006, at 1:06 PM, Matthew Sullivan wrote: This is also why I took the time to create: http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt The reason I do not like RDNS naming scheme is because it forces one particular policy as part of the name. Fair enough. FWIW, I've seen a wide variety of naming schemes (I've got a project that collects these as an antispam/anti-botnet measure, and so far we've got around 16K conventions documented for 11K domains). first... as a draft, it carries ZERO weight. -IF- it becomes an RFC, its targeted status in INFORMATIONAL, e.g no standard of any kind. So no one is going to -force- you to implement it. hum... why does this draft remind me of the (in)famous WKS RR? what is WKS? you know, that RR type that specified the well known services running on/at the particular lable. WKS was depricated, in part due to the fact that black hats would use WKS to groom thair attack profiles. Use of the conventions outlined in this draft would be very useful in building targeted attacks. To paraphrase Randy Bush, I encourage all my competition to implement these guidelines. --bill
Re: SORBS Contact
Matthew Sullivan wrote: Mark Andrews wrote: Actually there can be false positive. ISP's who put address blocks into dialup blocks which have the qualification that the ISP is also supposed to only do it if they *don't* allow email from the block but the ISP's policy explicitly allows email to be sent. Actually that's debatable - the SORBS DUHL is about IPs assigned to hosts/people/machines dynamically. We do not list addresses where the ISP have sent the list explictitly saying 'these are static hosts, but they are not allowed to send mail' - similarly we do list hosts in the DUHL where the ISP has said 'these are dynamic but we allow them to send mail' - it's about the people using the SORBS DUHL for their purposes, not for helping ISPs getting around the issue of whether to use SORBS as a replacement to port 25 blocking. Regards, Mat This point in the thread seems as good as any to toss my two cents in. Matthew, I use your list. I am very appreciative of the efforts you expend on it since those translate directly into less efforts expended on my part. You have my vote. Keep up the good things that you do. This goes as well to the other DNSBL's, such as AHBL operators. I have had no real issues removing systems that wandered accidentally into sorbs. For those who cant tolerate any false positives from DNSBL. I recommend that the whitelisting procedure be as easy as the blacklisting procedure -- that means running a DNSWL. Make it as easy as moving email from one imap folder to another to process whitelisting. Include instructions in your SMTP errors. Educate your support staff. Joe
Re: rDNS naming conventions (was: Re: SORBS Contact)
At 15:47 + 8/10/06, [EMAIL PROTECTED] wrote: On Thu, Aug 10, 2006 at 10:21:45AM -0400, Steven Champeon wrote: on Thu, Aug 10, 2006 at 01:11:50AM -0700, william(at)elan.net wrote: On Aug 9, 2006, at 1:06 PM, Matthew Sullivan wrote: http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt The reason I do not like RDNS naming scheme is because it forces one particular policy as part of the name. Fair enough. FWIW, I've seen a wide variety of naming schemes (I've got a project that collects these as an antispam/anti-botnet measure, and so far we've got around 16K conventions documented for 11K domains). first... as a draft, it carries ZERO weight. -IF- it becomes an RFC, its targeted status in INFORMATIONAL, e.g no standard of any kind. So no one is going to -force- you to implement it. hum... why does this draft remind me of the (in)famous WKS RR? what is WKS? you know, that RR type that specified the well known services running on/at the particular lable. WKS was depricated, in part due to the fact that black hats would use WKS to groom thair attack profiles. Use of the conventions outlined in this draft would be very useful in building targeted attacks. To paraphrase Randy Bush, I encourage all my competition to implement these guidelines. Piling on here ... The effort is to infer the intent of a packet based on ancillary data. The twin dangers here are inference of intent and exposure of the ancillary data. The first part is like asking would I want to have security research done by a company on Glenwood Road or on Shady Lane? (Ya, know shady in security.) Legend has it that one research company moved it's location because of this, or maybe it was a joke that came afterwards. The second part is what ancillary data is exposed. You can require, you can request, or you can assume you won't get the data you need. Sometimes you won't get it because the giver doesn't want the headache of providing it or because the giver is afraid of the ancillary data going to nefarious uses. My point is that inferring intent based on incomplete data is faulty, but it seems to be useable in real life. However, once heuristics get encoded in deterministic algorithms, the results generally are not so good - mostly because the encoding of the heuristics fails. The answer is to include things like RFC 3514, (Note the pub date.) or ancillary data. But the solution of adding ancillary data maybe worse than the disease. This is just one of the hard problems. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Soccer/Futbol. IPv6. Both have lots of 1's and 0's and have a hard time catching on in North America.
Re: SORBS Contact
On Wed, 9 Aug 2006 23:51:58 -0400 Derek J. Balling [EMAIL PROTECTED] wrote: On Aug 9, 2006, at 10:59 PM, Allan Poindexter wrote: At LISA a couple of years ago a Microsoftie got up at the SPAM symposium and told of an experiment they did where they asked their hotmail users to identify their mail messages as spam or not. snip The recipient is the only person who can determine these things. Sure, but humans aren't perfectly accurate... Early tests with bayesian classifiers, on the false postive rate, tended to indicate that building a classifier with a lower false postive rate than the humans was pretty easy. Certainly my own experience is that I occassionaly tag things as junk, or mis-moderate messages to mailing lists. my own false postive rate is probably less than 1% spammassassain's is much lower than that. false negatives however are a reason I sitll have to tag things. I'm gonna hold up the I call bullshit card here. Recipients most certainly *can* get it wrong.
Re: SORBS Contact
- Original Message Follows - From: Allan Poindexter [EMAIL PROTECTED] this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic. No you don't. They're your property. You bought them and you can do anything you want with them. You could deliver one packet in a million if you chose to do so. Nothing'd work and no one would sign up for your service, but you could do it if you wanted to. scott
Re: rDNS naming conventions (was: Re: SORBS Contact)
on Thu, Aug 10, 2006 at 08:55:37PM +0530, Suresh Ramasubramanian wrote: On 8/10/06, Steven Champeon [EMAIL PROTECTED] wrote: redundancy bigisp-foo-bar-baz.dyn.bigisp.net. Worst among those who actually provide rDNS in SE Asia is probably tm.net.my, who name all of their customer PTRs 'tm.net.my'. Hm. Maybe encoding the IP in the PTR There's at least one vietnamese ISP that has / had till recently set localhost as rDNS for all their IPs. IIRC, that was fpt.vn; they replaced 'localhost' with the incredibly useful: adsl-pool-xxx.fpt.vn adsl-fix-xxx.fpt.vn dialup-xxx.fpt.vn adsl-dynamic-pool-xxx.fpt.vn \d+-\d+-\d+-xxx-dynamic.hcm.fpt.vn host-\d+-xx.hcm.fpt.vn \d+-\d+-\d+-xxx-dynamic.hcm.fpt.vn Yes, the 'xxx's are literals. e.g., $ host 210.245.14.143 143.14.245.210.in-addr.arpa domain name pointer dialup-xxx.fpt.vn. Or it may have been hnpt.com.vn, who replaced it with e.g., adsl.hnpt.com.vn Again, not terribly useful for tracking leakage via NATs. $ host 203.210.213.149 149.213.210.203.in-addr.arpa domain name pointer adsl.hnpt.com.vn. But hey, at least they *have* rDNS, I suppose that's something. I agree that judgements based entirely on rDNS are troublesome. So, too, are the side effects of chemotherapy. But we're trying to save the patient before the miracle cures arrive, and right now email is very, very sick indeed. And rDNS is a useful tool especially in a scoring-based environment. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/ rambling, amusements, edifications and suchlike: http://interrupt-driven.com/
Re: rDNS naming conventions (was: Re: SORBS Contact)
On 8/10/06, Steven Champeon [EMAIL PROTECTED] wrote: on Thu, Aug 10, 2006 at 08:55:37PM +0530, Suresh Ramasubramanian wrote: There's at least one vietnamese ISP that has / had till recently set localhost as rDNS for all their IPs. IIRC, that was fpt.vn; they replaced 'localhost' with the incredibly useful: There seem to be a couple in the area that do it: As of 5 minutes ago: % dig +short -x 203.160.1.3 -x 203.160.1.35 localhost. localhost. inetnum: 203.160.0.0 - 203.160.1.255 netname: VNPT-VNNIC-VN country: VN
Re: SORBS Contact
Allan Poindexter wrote: Matthew so would you consider as it is my network, that I should Matthew not be allowed to impose these 'draconian' methods and Matthew perhaps I shouldn't be allowed to censor traffic to and Matthew from my networks? If you want to run a network off in the corner by yourself this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic. In many cases, that is a gross overgeneralization. Do you think anyone really wanted the Slammer worm, or complained when ISP's blocked it? I work for a company that is contractually obligated to NOT carry certain traffic for our clients. the users got it wrong some small percentage amount of the time. I was stunned at the arrogance and presumption in that comment. You can't tell from looking at the contents, source, or destination if something is spam because none of these things can tell whether the message was requested or is wanted by the recipient. The recipient is the only person who can determine these things. You're right. But... So what? Perhaps it's because you're seeing things from an academic point of view and not from a business point of view, but your post mention nothing about contracts. People generally use DNSBLs without any formal agreement as to what they should expect. Without any formal agreement, you really can't talk about obligations to deliver traffic. In this case, your recourse is to not use the DNSBL. If you're mailing someone who has a DNSBL, you (as the sender) have *no* recourse other than to complain to the DNSBL user. Plus, as I pointed out earlier, some people contract with service providers to prevent certain traffic from getting to their networks (not just spam, either). There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email lost silently due to blacklists, etc. is growing thin. You're certainly welcome to encourage others not to use blacklists. Just understand that you have no right to complain when they decide to continue using those blacklists. Having said that, do understand that I don't think DNSBL's are a panacea, nor are their operators perfect. But in many cases, they can be a useful tool in the anti-spam arsenal. -- Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows Apple Valley, California PGP:0xE3AE35ED It's all fun and games until someone starts a bonfire in the living room.
Re: SORBS Contact
Allan Poindexter wrote: Todd There are simple solutions to this. They do work in spite of Todd the moanings of the few who have been mistakenly blocked. So it is OK so long as we only defame a few people and potentially ruin their lives? Weren't you the person complaining about *others* being alarmist? -- Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows Apple Valley, California PGP:0xE3AE35ED It's all fun and games until someone starts a bonfire in the living room.
Re: SORBS Contact
On Wed, 9 Aug 2006, Matthew Sullivan wrote: Sad state of affairs when ISPs are still taking money from spammers and providing transit to known criminal organisations. Hey Mat. You aren't wrong, but that doesn't absolve you of the responsibility to de-list in an efficient manner when you have made a mistake, or if the listing is no longer accurate (i.e. if all the spammers have been kicked off the netblock in question.) $DAYJOB lists spam filtering amongst the services we offer to our clients. I know we're using you to block IPs at the firewall, and we're probably also doing so at the server level. I am going to talk to my boss and co-workers about the impact of removing SORBS from our DNSBL list, because your replies lately have been snarky and completely unprofessional, including the reply quoted above. (Yes. It sucks that spammers are still spamming. So what?) I don't know what your problem is, but you're not making things any better by refusing to fix listings that aren't incorrect or, in some cases, never were. -- Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows Apple Valley, California PGP:0xE3AE35ED It's all fun and games until someone starts a bonfire in the living room.
Re: SORBS Contact
On Wed, 9 Aug 2006, Steve Sobol wrote: I don't know what your problem is, but you're not making things any better by refusing to fix listings that aren't incorrect or, in some cases, never were. Feh. Listings that are NO LONGER CORRECT, or in some cases, never were. Make sure brain is running before engaging fingers. :) -- Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows Apple Valley, California PGP:0xE3AE35ED It's all fun and games until someone starts a bonfire in the living room.
Re: SORBS Contact
I don't know what your problem is, but you're not making things any better by refusing to fix listings that aren't incorrect or, in some cases, never were. IMHO, it's not about making things 'better' - we don't expect NANOG'ers to be any more altruistic than other folk. It's about consumer protection, as the anti-spammers always say; if $BLACKLIST does a good job, we keep it. If it screws up too much, we go elsewhere. So Matt has an incentive to be correct, I should think. -- _ Nachman Yaakov Ziskind, FSPA, LLM [EMAIL PROTECTED] Attorney and Counselor-at-Law http://ziskind.us Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants
Re: SORBS Contact
Don't forget racketeering. A person who commits crimes such as extortion, loansharking, bribery, and obstruction of justice in furtherance of illegal business activities. I think most network operators have learned about the ultra-liberal listing activities of RBLs these days. -Michael -- Michael Nicks Network Engineer KanREN e: [EMAIL PROTECTED] o: +1-785-856-9800 x221 m: +1-913-378-6516 Dean Anderson wrote: SORBS is a well-known abusive/defamatory blacklist. In the US, that violates a number of state and federal laws: 1. defamation 2. illegal group boycott in violation of antitrust act 3. (usually) unauthorized blocking by ISP in violation of its contract with its customer, which is a violation of the electronic communications privacy act. 4. There are frequently state laws that apply to electronic communications that are even more broad. You _can_ make the US based ISP not use SORBS. Most ISPs know better, already. --Dean See also http://www.iadl.org. --Dean On Mon, 7 Aug 2006, Brian Boles wrote: Can someone from SORBS contact me offlist if they are on here On Tue, 8 Aug 2006, Stefan Hegger wrote: We have the same problem. We are blacklisted and I filled out the webform. I got an email regarding ticket number and account/password to track the ticket. But it seems that nobody is working on it. There has been extensive discussion on NANAE and NANABl newsgroups on this issue. The bottom line: The SORBS ticket queue is handled by a group of unpaid volunteers, and there is quite a backlog. That's why there is the automatic de-listing system in place, which requires proper host names and longer time-to-live (TTL) values in rDNS. Yes, it's a bit of work, but it beats waiting for someone to get around to your ticket. No, I'm not associated in any way with SORBS, just an interested observer and system administrator who has had to deal with listings myself. On Tue, 8 Aug 2006, Michael Nicks wrote: Sad state of affairs when looney people dictate which IPs are good and bad. On Tue, 8 Aug 2006, S. Ryan wrote: Even worse if your ISP uses it and demands you ask the 'offender' to get 'themselves' removed.
RE: SORBS Contact
[EMAIL PROTECTED] wrote: I don't know what your problem is, but you're not making things any better by refusing to fix listings that aren't incorrect or, in some cases, never were. IMHO, it's not about making things 'better' - we don't expect NANOG'ers to be any more altruistic than other folk. It's about consumer protection, as the anti-spammers always say; if $BLACKLIST does a good job, we keep it. If it screws up too much, we go elsewhere. So Matt has an incentive to be correct, I should think. I fear we're veering off topic, but the problem with the If $BLACKLIST does a job, we'll keep using it axiom is that it makes the assumption that the majority of mail admins who use blacklists as part of their antispam arsenal are keeping close tabs on the efficacy and accuracy of the blacklists they use. Unfortunately I don't believe that is generally the case. In my experience, most use blacklists as a set and forget kind of weapon, and the only method they use to judge the reliability of a list is how many spams it blocks, regardless of accuracy. Too often you find admins that, when presented with an example of a false-positive caused by an inaccurate blacklist, cop the, Don't talk to me, talk to the blacklist operators attitude. And it isn't entirely a lazy admin problem. There really seems to be no *good* way to judge the relative accuracy of different blacklists. You can read thier policies and procedures, but how do you know if they actually follow them? Keeping an eye on mailing lists and newsgroups can help some, but how do you separate the net.kooks complaining about a valid listing from people with legitimate gripes? Especially when the blacklist admins often come off as bigger net.kooks than their detractors? It winds up looking like a big catch-22 to me. Blacklist operators essentially punt all responsibility for incorrectly blocked emails on the mail admins, and the mail admins punt all responsibility for incorrect listings back at the blacklist operators. And that leaves us with *no one* taking responsibility, which makes me seriously question the wisdom of using blacklists at all anymore. Personally, I think completely automated systems with very short listing times may be the way to go. It removes the human element from the listing and delisting process in order to avoid the personality-conflict/vendetta listings that seem to poison a number of popular blacklists. In the long run, though, I think the spammers have won the DNS blacklist war already and our time is better spent developing better content filters to worry with the actual content of the email than where it came from. Andrew Cruse
Re: SORBS Contact
I think we can sufficiently indict SORBS by saying that they are a poorly managed email blacklist which isn't used by anyone with a clue, without putting on our tinfoil hats. http://www.iadl.org makes some interesting claims, but anyone who puts Paul Vixie in the same list of offenders with Alan Brown and Matt Sullivan is clueless at best. SORBS, SPEWS, etc. are a problem, but they aren't a criminal conspiracy, and claiming that they are isn't going to win any points among people who haven't followed the instructions at http://zapatopi.net/afdb/build.html Michael Nicks wrote: Don't forget racketeering. A person who commits crimes such as extortion, loansharking, bribery, and obstruction of justice in furtherance of illegal business activities. I think most network operators have learned about the ultra-liberal listing activities of RBLs these days. -Michael
Re: SORBS Contact
Albert Meyer wrote: I think we can sufficiently indict SORBS by saying that they are a poorly managed email blacklist which isn't used by anyone with a clue, without putting on our tinfoil hats. http://www.iadl.org makes some interesting claims, but anyone who puts Paul Vixie in the same list of offenders with Alan Brown and Matt Sullivan is clueless at best. SORBS, SPEWS, etc. are a problem, but they aren't a criminal conspiracy, and claiming that they are isn't going to win any points among people who haven't followed the instructions at http://zapatopi.net/afdb/build.html Please parse usage of you and your as being generic and not directed at Albert Meyer except insomuch that I am replying to his message, thanks. Correct me if I'm wrong but this thread started because someone acquired from ARIN IP Space which was previously infested with spammers. The person acquiring the IP space sent multiple tickets (which annoys the crap out of every support list I've ever contacted) within the period of less than a week. CAN-SPAM which is a poorly conceived and almost totally unenforced law allows spammers one week to remove users from their lists, and this person seems to expect instant turnaround from a volunteer organization. It's unfortunate that he got tainted space from a RIR, and further unfortunate that it takes time to process removals, and further unfortunate that he is not capable of reading and following the directions on Matthew's website which clearly describe how to achieve removal from SORBS. Calling unpaid volunteers clueless because they don't process removals instantly is in and of itself clueless, especially considering that 1. dozens of people are removed from SORBS daily and 2. this person has failed to follow the stated policies and procedures to be removed from SORBS. SORBS, SPEWS, The AHBL all operate on their own set of rules, it's up to the administrators of the mail servers that use our lists whether or not they agree with our policies. Remember, and this is very important: When blacklisting there is no such thing as a false positive. You are either blocked or you aren't at the determination of the administrator using our list. Blacklisting is not, nor has it ever been based on whether your message is spam or not. If it helps you, think of it more as wanted and unwanted e-mail. By using SORBS the administrator is stating I do not want e-mail from people Matthew believes are spammers, and only a clueless person would think to enforce their will on someone else's mail server. And yes if you request removal from the AHBL and can't follow the simple removal instructions, you are in my mind and in my list too clueless to contribute e-mail to the public Internet, I therefore don't miss your traffic and have never had one of my users complain that they miss it either. -- Andrew D Kirch | Abusive Hosts Blocking List | www.ahbl.org Security Admin | Summit Open Source Development Group | www.sosdg.org Key fingerprint = 4106 3338 1F17 1E6F 8FB2 8DFA 1331 7E25 C406 C8D2
Re: SORBS Contact
Actually I think this thread progressed from someone getting dirty blocks, to complaining about liberal-listing-RBLs (yes SORBS is one), to RBLs defending themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements. Best Regards, -Michael -- Michael Nicks Network Engineer KanREN e: [EMAIL PROTECTED] o: +1-785-856-9800 x221 m: +1-913-378-6516 Andrew D Kirch wrote: Albert Meyer wrote: I think we can sufficiently indict SORBS by saying that they are a poorly managed email blacklist which isn't used by anyone with a clue, without putting on our tinfoil hats. http://www.iadl.org makes some interesting claims, but anyone who puts Paul Vixie in the same list of offenders with Alan Brown and Matt Sullivan is clueless at best. SORBS, SPEWS, etc. are a problem, but they aren't a criminal conspiracy, and claiming that they are isn't going to win any points among people who haven't followed the instructions at http://zapatopi.net/afdb/build.html Please parse usage of you and your as being generic and not directed at Albert Meyer except insomuch that I am replying to his message, thanks. Correct me if I'm wrong but this thread started because someone acquired from ARIN IP Space which was previously infested with spammers. The person acquiring the IP space sent multiple tickets (which annoys the crap out of every support list I've ever contacted) within the period of less than a week. CAN-SPAM which is a poorly conceived and almost totally unenforced law allows spammers one week to remove users from their lists, and this person seems to expect instant turnaround from a volunteer organization. It's unfortunate that he got tainted space from a RIR, and further unfortunate that it takes time to process removals, and further unfortunate that he is not capable of reading and following the directions on Matthew's website which clearly describe how to achieve removal from SORBS. Calling unpaid volunteers clueless because they don't process removals instantly is in and of itself clueless, especially considering that 1. dozens of people are removed from SORBS daily and 2. this person has failed to follow the stated policies and procedures to be removed from SORBS. SORBS, SPEWS, The AHBL all operate on their own set of rules, it's up to the administrators of the mail servers that use our lists whether or not they agree with our policies. Remember, and this is very important: When blacklisting there is no such thing as a false positive. You are either blocked or you aren't at the determination of the administrator using our list. Blacklisting is not, nor has it ever been based on whether your message is spam or not. If it helps you, think of it more as wanted and unwanted e-mail. By using SORBS the administrator is stating I do not want e-mail from people Matthew believes are spammers, and only a clueless person would think to enforce their will on someone else's mail server. And yes if you request removal from the AHBL and can't follow the simple removal instructions, you are in my mind and in my list too clueless to contribute e-mail to the public Internet, I therefore don't miss your traffic and have never had one of my users complain that they miss it either. -- Andrew D Kirch | Abusive Hosts Blocking List | www.ahbl.org Security Admin | Summit Open Source Development Group | www.sosdg.org Key fingerprint = 4106 3338 1F17 1E6F 8FB2 8DFA 1331 7E25 C406 C8D2
Re: SORBS Contact
Michael Nicks wrote: Actually I think this thread progressed from someone getting dirty blocks, to complaining about liberal-listing-RBLs (yes SORBS is one), to RBLs defending themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements. Fair enough. End users ought not to have the functionality of email destroyed because originating SP's won't show due diligence in preventing abuse of the network. If you don't like SORBS, don't use it. Don't send email to anybody who does. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: SORBS Contact
On Wed, 9 Aug 2006, Michael Nicks wrote: themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements. We were hit by the requirement to include the word static in our DNS names to satisfy requirements. It wasn't enough to just say this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary standard. Took several weeks to get delisted even after that. -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
Re: SORBS Contact
Doesn't really surprise me to be frankly honest. :) The way their requirements are structured, they remind me a lot of a state agency. Best Regards, -Michael -- Michael Nicks Network Engineer KanREN e: [EMAIL PROTECTED] o: +1-785-856-9800 x221 m: +1-913-378-6516 Mikael Abrahamsson wrote: On Wed, 9 Aug 2006, Michael Nicks wrote: themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements. We were hit by the requirement to include the word static in our DNS names to satisfy requirements. It wasn't enough to just say this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary standard. Took several weeks to get delisted even after that.
Re: SORBS Contact
On Wed, 9 Aug 2006, Mikael Abrahamsson wrote: On Wed, 9 Aug 2006, Michael Nicks wrote: themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements. We were hit by the requirement to include the word static in our DNS names to satisfy requirements. It wasn't enough to just say this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary standard. Would people support if there was a defined and standardized way that providers can specify if the system with this ip address does or does not send email? There are several proposal for this but so far ISPs have not shown sufficient interest in implimenting any one - if number of ISPs agree to enter some records and it catches on then the need for 3rd party maintained lists of dynamic ip addresses would go away. --- Of course the root cause for all these still remains that certain OS vendor makes (and contines to) bad security design choices and this results in users of their system getting infected and being used as spam zombies. Combined with that is that many ISPs don't maintain good enough policies to shutdown infected users quickly or block their accounts from access to SMTP on per-user basis. Last is sometimes due to low margins and ISPs trying to cut cost and it is effecting abuse department - which the basicly the one part of the company that not only not make any money but causes to loose some business... -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: SORBS Contact
On 8/9/06, william(at)elan.net [EMAIL PROTECTED] wrote: --- Of course the root cause for all these still remains that certain OS vendor makes (and contines to) bad security design choices and this results in users of their system getting infected and being used as spam zombies. Combined with that is that many ISPs don't maintain good enough policies to shutdown infected users quickly or block their accounts from access to SMTP on per-user basis. Last is sometimes due to low margins and ISPs trying to cut cost and it is effecting abuse department - which the basicly the one part of the company that not only not make any money but causes to loose some business... That (blocking SMTP) could become illegal is some proposed net neutrality legislation is passed. I apologize in advance for stoking the flames
Re: SORBS Contact
Laurence End users ought not to have the functionality of email Laurence destroyed because originating SP's won't show due Laurence diligence in preventing abuse of the network. This is crisis mongering of the worst sort. Far more damage has been done to the functionality of email by antispam kookery than has ever been done by spammers. I have one email address that has: Existed for over a decade. Been posted all over Usenet and the Web in unmangled form. Only three letters so it gets spam from the spammers that send copies to every possible short address. All blacklisting turned off because that was causing too much mail to go into a black hole. In short it should be one of the worst hit addresses there is. All I have to do to make it manageable is run spamassassin over it. That is the mildest of several measures I could use to fix the spam problem. If it became truly impossible I could always fall back to requiring an address of the form apoindex+password and blocking all the one's that don't match the password(s). That would definitely fix the problem and doesn't require any pie in the sky re-architecting of the entire Internet to accomplish. For almost a decade now I have listened to the antispam kooks say that spam is going to be this vast tidal wave that will engulf us all. Well it hasn't. It doesn't show any sign that it ever will. In the meantime in order to fix something that is at most an annoyance people in some places have instigated draconian measures that make some mail impossible to deliver at all or *even in some case to know it wasn't delivered*. The antispam kooks are starting to make snail mail look good. It's pathetic. The functionality of my email is still almost completely intact. The only time it isn't is when some antispam kook somewhere decides he knows better than me what I want to read. Spam is manageable problem without the self appointed censors. Get over it and move on.
Re: SORBS Contact
On Thu, 2006-08-10 at 07:39, Aaron Glenn wrote: That (blocking SMTP) could become illegal is some proposed net neutrality legislation is passed. hahaha try enforcing that in other countries also, most networks are private (not state run) therefore we have the right to say yes/no what data enters our own network, because unless unless a contract (payment) exists for the senders ISP to receivers ISP to accept data off them, the senders ISP can be told to go to hell :) I apologize in advance for stoking the flames
Re: SORBS Contact
Allan Poindexter wrote: The functionality of my email is still almost completely intact. The only time it isn't is when some antispam kook somewhere decides he knows better than me what I want to read. Spam is manageable problem without the self appointed censors. Get over it and move on. Interesting comment - so would you consider as it is my network, that I should not be allowed to impose these 'draconian' methods and perhaps I shouldn't be allowed to censor traffic to and from my networks? Should you not be allowed to censor my traffic going to your network (if any)? The self appointed censors are not self appointed - they produce lists the admins of their own networks choose what traffic to accept or deny, if they choose to accept or deny based on a third party it doe not automatically make that person a self appointed censor. Regards, Mat
Re: SORBS Contact
On Thu, 2006-08-10 at 06:49, Mikael Abrahamsson wrote: We were hit by the requirement to include the word static in our DNS names to satisfy requirements. It wasn't enough to just say this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary standard. Took several weeks to get delisted even after that. We've had our moments with SORBS, Matthew is a very approachable person. Things get sorted out pretty quickly, generally within a few days, Matthew also has others who help him and one of them is an obnoxious . I do agree though, the requirment to have X TTL and 'static' or non 'dsl' 'dial' in DNS is a bit too far, I understand this is for automation, its the only part of SORBS i disagree with, that said we still use them, as do many large carriers ion this country, because the use of RBL's is for one reason, to STOP the wanker, and SORBS along with spamcop and spamhaus and njabl go a very long way to prevent peoples privacy being invaded by those vernom
Re: SORBS Contact
On 8/9/06, Noel [EMAIL PROTECTED] wrote: On Thu, 2006-08-10 at 07:39, Aaron Glenn wrote: That (blocking SMTP) could become illegal is some proposed net neutrality legislation is passed. Man, I really butchered that one. I look so much smarter when I don't post on NANOG... hahaha try enforcing that in other countries That has never stopped the US from making terrible policy (-: also, most networks are private (not state run) therefore we have the right to say yes/no what data enters our own network, because unless unless a contract (payment) exists for the senders ISP to receivers ISP to accept data off them, the senders ISP can be told to go to hell :) We're talking about owned Windows boxes on consumer/retail access networks (cable/dsl/whathaveyou).
Re: SORBS Contact
Steve Sobol wrote: On Wed, 9 Aug 2006, Matthew Sullivan wrote: Sad state of affairs when ISPs are still taking money from spammers and providing transit to known criminal organisations. Hey Mat. You aren't wrong, but that doesn't absolve you of the responsibility to de-list in an efficient manner when you have made a mistake, or if the listing is no longer accurate (i.e. if all the spammers have been kicked off the netblock in question.) If you checked with the original complainant you would find that both the zombie and DUHL listings are cleared. If you knew the ticket numbers and where they sit in the SORBS RT Support system you would know that there were multiple tickets logged the oldest now being 10 days, the most recent being 5 days - and under published policy the earliest was pushed into the more recent. You'll also note that the original complaint was about a single IP address as part of a /27 within a /19 listing. $DAYJOB lists spam filtering amongst the services we offer to our clients. I know we're using you to block IPs at the firewall, and we're probably also doing so at the server level. I am going to talk to my boss and co-workers about the impact of removing SORBS from our DNSBL list, because your replies lately have been snarky and completely unprofessional, including the reply quoted above. (Yes. It sucks that spammers are still spamming. So what?) The quoted text above is intended for a few that might still be on this list, non of which posted to this thread. The fact remains some ISPs provide transit to known criminal organisations for hijacked netblocks which are used for nothing but abuse (hosting trojans and viruses). Money talks. I don't know what your problem is, but you're not making things any better by refusing to fix listings that aren't incorrect or, in some cases, never were. Where do you get that from...? We fix incorrect listings as soon as notified and with no deliberate delay. If you are refering to listings like Dean Anderson's stolen netblock these are not delisted until such time as proof is obtained that our information is incorrect. We have been informed that Dean picked up that portable /16 (and 2 other networks - one of which was a non-portable UUNET block) when he parted company with OSF in 1998. I have been contacted on a few occasions by Dean demanding delisting, each time I have asked for proof that he did not steal the netblock from the OSFs creditors (taking without permission even from a company folding is still stealing) - his response was a lot of bluster followed by the creation of the IADL.org site. A few people (including myself) have attempted to contact 'The Open Group' who are the new owners of the old OSF organisation. I am not aware of a reply that has been received from anyone other than Dean indicating that Dean is the legitimate owner of the said netblock. You will also note that at least one of the netblocks that Dean has indicated that he was a legitimate owner of have been taken back and are reallocated. To date no-one has backed Dean up in his assertion that he did not steal the netblock, all that we have seen is a short time after the listing suddenly Dean started providing services to 'opengroup.org' and cited that as proof he owns the block - considering the OpenGroup is in the UK now and are now unlikely to be able to prove to a court that they are the legitimate owners of the netblock I don't see that as reason to consider Dean the legitimate owner. A verifiable document from the OSF/OpenGroup indicating that Dean Anderson is the legitimate owner of their /16 and it was transfered to him with their knowledge and permission is all that is required for delisting... however it seems Dean cannot obtain that adding weight to the view that he did indeed steal the netblocks. Something to consider before replying: is this on or off topic for NANOG? (personally I think part of this is on topic, other parts of the thread are definitely off topic) Regards, Mat
Re: SORBS Contact
Noel wrote: On Thu, 2006-08-10 at 06:49, Mikael Abrahamsson wrote: We were hit by the requirement to include the word static in our DNS names to satisfy requirements. It wasn't enough to just say this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary standard. Took several weeks to get delisted even after that. We've had our moments with SORBS, Matthew is a very approachable person. Things get sorted out pretty quickly, generally within a few days, Matthew also has others who help him and one of them is an obnoxious . I'd love to know which one... I have had several (had being the operative word) and from time to time some still are. I do agree though, the requirment to have X TTL and 'static' or non 'dsl' 'dial' in DNS is a bit too far, I understand this is for automation, It is for automation, but it is also so that the SORBS DUHL would become pointless. If a standard format was used admins would be able to choose their policy by simple regexs instead of relying on third-party lists which cannot possibly ever be 'uptodate' just because of the number of changes that happen on a daily basis around the world. This is also why I took the time to create: http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt There are things in the works that will enable the most complained about aspects of SORBS to be fixed and to go away permanently... The only thing that is delaying it is developer time... So I will say this publicly - those that want to see drastic changes @ SORBS that are, or have access to a perl coder with SQL knowledge, and is able to spend 20-40 hours of pure coding time writing a user interface for user permissions roles in Perl contact me off list as the user interface is the only thing that is holding up moving to the beta stage of the SORBS2 database. The SORBS2 database will allow registered RIR contacts to update list/delist parts/all of their netblocks within SORBS as well as getting instant reporting of issues (by mail or by SMS (fee applicable for SMS)) with minimal intervention from SORBS admins - this includes spam and DUHL listings. Regards, Mat
Re: SORBS Contact
Actually there can be false positive. ISP's who put address blocks into dialup blocks which have the qualification that the ISP is also supposed to only do it if they *don't* allow email from the block but the ISP's policy explicitly allows email to be sent. They have a default port 25 filter that will be turned off on request. i.e. they allow direct out going email on request. The said ISP *thinks* they are doing the right thing by listing the block when in reality they are lying by listing the block. Mark
Re: SORBS Contact
I'll post this back to NANOG as others are likely to comment similar ways... Michael J Wise wrote: On Aug 9, 2006, at 1:06 PM, Matthew Sullivan wrote: This is also why I took the time to create: http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt Seems like it specifies a bit TOO much detail, but. This is why it says that it is a suggestion and indicated that the level of detail you choose to use is upto you, however if you adopt some of the more specific detail you should use the less specific detail. ie if you follow it you should as a minimum specify static/dynamic. If you want to add more detail like service type, that is your choice, but you shouldn't specify the service types (eg wifi) without specifying static/dynamic (does that make sense?). Also it should be noted that it is a 'suggested naming scheme for generic records' and therefore not intended to be mandatory, further it says you should indicate the hostname of the machine in preference to generic records. The idea being a common but extensible naming scheme for organisations want to specify generic/generated records rather than go to the hassle of creating individual records for each customer/host. Regards, Mat
Re: SORBS Contact
Mark Andrews wrote: Actually there can be false positive. ISP's who put address blocks into dialup blocks which have the qualification that the ISP is also supposed to only do it if they *don't* allow email from the block but the ISP's policy explicitly allows email to be sent. Actually that's debatable - the SORBS DUHL is about IPs assigned to hosts/people/machines dynamically. We do not list addresses where the ISP have sent the list explictitly saying 'these are static hosts, but they are not allowed to send mail' - similarly we do list hosts in the DUHL where the ISP has said 'these are dynamic but we allow them to send mail' - it's about the people using the SORBS DUHL for their purposes, not for helping ISPs getting around the issue of whether to use SORBS as a replacement to port 25 blocking. Regards, Mat
Re: SORBS Contact
On Wed, Aug 09, 2006 at 03:42:32PM -0600, Allan Poindexter wrote: Far more damage has been done to the functionality of email by antispam kookery than has ever been done by spammers. That is not even good enough to be wrong. ---Rsk, with apologies to Enrico Fermi
Re: SORBS Contact
Mark Andrews wrote: Actually there can be false positive. ISP's who put address blocks into dialup blocks which have the qualification that the ISP is also supposed to only do it if they *don't* allow email from the block but the ISP's policy explicitly allows email to be sent. Actually that's debatable - the SORBS DUHL is about IPs assigned to hosts/people/machines dynamically. We do not list addresses where the ISP have sent the list explictitly saying 'these are static hosts, but they are not allowed to send mail' - similarly we do list hosts in the DUHL where the ISP has said 'these are dynamic but we allow them to send mail' - it's about the people using the SORBS DUHL for their purposes, not for helping ISPs getting around the issue of whether to use SORBS as a replacement to port 25 blocking. I wasn't thinking about SORBS. It was a general warning to only put blocks on lists where the usage matches the policy of the list. I was thinking about a Australian cable provider that doesn't do the right thing. I'm sure there will be other ISP's that also fail to check the list policy before nominating the address blocks for the lists. In reality there shouldn't be the need for dialup lists. Also most people don't really use the dialup lists correctly. They really should not be a absolute blocker. They should also turn off dialup pattern matching tests otherwise you are getting a double penalty for the same thing. Mark Regards, Mat -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
Re: SORBS Contact
Allan Poindexter wrote: The functionality of my email is still almost completely intact. The only time it isn't is when some antispam kook somewhere decides he knows better than me what I want to read. Spam is manageable problem without the self appointed censors. Get over it and move on. I rather suspect that your spam problem is manageable because other admins are using DNSBLs and are thereby putting pressure on ISPs to boot spammers off their networks. Even a list like SPEWS, which is used by very few people, may motivate ISPs to clean up their network. -- Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. - Brian W. Kernighan
Re: SORBS Contact
Mark Andrews wrote: I wasn't thinking about SORBS. It was a general warning to only put blocks on lists where the usage matches the policy of the list. Ah my apologies I misinterpreted. I was thinking about a Australian cable provider that doesn't do the right thing. I'm sure there will be other ISP's that also fail to check the list policy before nominating the address blocks for the lists. In reality there shouldn't be the need for dialup lists. You'll get nothing but agreement from me on that statement. There currently is a need for the list, however there *shouldn't* be any need for it. Regards, Mat
Re: SORBS Contact
Matthew so would you consider as it is my network, that I should Matthew not be allowed to impose these 'draconian' methods and Matthew perhaps I shouldn't be allowed to censor traffic to and Matthew from my networks? If you want to run a network off in the corner by yourself this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic. At LISA a couple of years ago a Microsoftie got up at the SPAM symposium and told of an experiment they did where they asked their hotmail users to identify their mail messages as spam or not. He said the users got it wrong some small percentage amount of the time. I was stunned at the arrogance and presumption in that comment. You can't tell from looking at the contents, source, or destination if something is spam because none of these things can tell whether the message was requested or is wanted by the recipient. The recipient is the only person who can determine these things. There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email lost silently due to blacklists, etc. is growing thin.
Re: SORBS Contact
On Wed, 9 Aug 2006, Allan Poindexter wrote: moanings of the hand wringers. In the meantime my patience with email lost silently due to blacklists, etc. is growing thin. don't let some third party you have no relation to determine the 'fate' of your email/messages? with all blacklists you run the same risk, someone else now controls the fate of your 'service'. Unless you have some very large hammer to beat them with it's going to cause you pain eventually, when they decide that ${PROVIDER} is 'gone black' or whatever they call it these days... or they just fat finger some entry. -Chris
RE: SORBS Contact
So with all this talk of Blacklists... does anyone have any suggestions that would be helpful to curb the onslaught of email, without being an adminidictator? Right now, the ONLY list we are using is that which is provided through spamcop. They seem to have a list that is dynamic and only blacklists during periods of high reports, then takes them off the list after a short time... Or am I just a little naive? Robert Hantson Network Operations Director QBOS, Inc - Dallas Texas www.qbos.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher L. Morrow Sent: Wednesday, August 09, 2006 10:19 PM To: nanog@merit.edu Subject: Re: SORBS Contact On Wed, 9 Aug 2006, Allan Poindexter wrote: moanings of the hand wringers. In the meantime my patience with email lost silently due to blacklists, etc. is growing thin. don't let some third party you have no relation to determine the 'fate' of your email/messages? with all blacklists you run the same risk, someone else now controls the fate of your 'service'. Unless you have some very large hammer to beat them with it's going to cause you pain eventually, when they decide that ${PROVIDER} is 'gone black' or whatever they call it these days... or they just fat finger some entry. -Chris
RE: SORBS Contact
On Wed, 9 Aug 2006, Robert J. Hantson wrote: So with all this talk of Blacklists... does anyone have any suggestions that would be helpful to curb the onslaught of email, without being an adminidictator? Right now, the ONLY list we are using is that which is provided through spamcop. They seem to have a list that is dynamic and only blacklists during periods of high reports, then takes them off the list after a short time... Or am I just a little naive? reference comment below about 'hammer to beat with' ... spamcop you aren't paying for that 'service' right? So what happens when someone reports someone you do business with? or messes up a report that affects someone you do business with? Oops! dropped your email due to a thirdparty we let 'moderate' our email, sorry! you COULD monitor deliveries to unused addresses in your domain and blacklist based on that... but that's a little dicey at times as well :( -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher L. Morrow On Wed, 9 Aug 2006, Allan Poindexter wrote: moanings of the hand wringers. In the meantime my patience with email lost silently due to blacklists, etc. is growing thin. don't let some third party you have no relation to determine the 'fate' of your email/messages? with all blacklists you run the same risk, someone else now controls the fate of your 'service'. Unless you have some very large hammer to beat them with it's going to cause you pain eventually, when they decide that ${PROVIDER} is 'gone black' or whatever they call it these days... or they just fat finger some entry. -Chris
Re: SORBS Contact
On 8/9/06, Allan Poindexter [EMAIL PROTECTED] wrote: There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email lost silently due to blacklists, etc. is growing thin. There are simple solutions to this. They do work in spite of the moanings of the few who have been mistakenly blocked. In the meantime my patience with email lost in the sea of spam not blocked by blacklists, etc. is growing thin. -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: SORBS Contact
On Aug 9, 2006, at 10:59 PM, Allan Poindexter wrote: At LISA a couple of years ago a Microsoftie got up at the SPAM symposium and told of an experiment they did where they asked their hotmail users to identify their mail messages as spam or not. He said the users got it wrong some small percentage amount of the time. I was stunned at the arrogance and presumption in that comment. You can't tell from looking at the contents, source, or destination if something is spam because none of these things can tell whether the message was requested or is wanted by the recipient. The recipient is the only person who can determine these things. I'm gonna hold up the I call bullshit card here. Recipients most certainly *can* get it wrong. Things I've seen reported as spam: - An autoresponse from [EMAIL PROTECTED] telling the user that the e- mail they had JUST sent to [EMAIL PROTECTED] had been accepted and was being fed to a human being for processing - Receipts for online purchases the user legitimately made ... and numerous other things just like this that, whether the user wants to call it spam or not, certainly is not spam. So yes, I would have to -- as much as it pains me in my heart of hearts -- agree with the Hotmail representative in your example. Users can and will get it wrong at the very least some small percentage of the time. Cheers, D -- Derek J. Balling Manager of Systems Administration Vassar College 124 Raymond Ave Box 0406 - Computer Center 217 Poughkeepsie, NY 12604 W: (845) 437-7231 C: (845) 249-9731 smime.p7s Description: S/MIME cryptographic signature
Re: SORBS Contact
On Aug 9, 2006, at 8:29 PM, Robert J. Hantson wrote: So with all this talk of Blacklists... does anyone have any suggestions that would be helpful to curb the onslaught of email, without being an adminidictator? Right now, the ONLY list we are using is that which is provided through spamcop. They seem to have a list that is dynamic and only blacklists during periods of high reports, then takes them off the list after a short time... Or am I just a little naive? Fairly naive. Spamcop blacklists a lot of IP addresses that send a lot of email that isn't spam. And some that send zero spam, by any sane definition. That doesn't mean to say it doesn't work for you, but don't mistake a list that'll block a mailserver for a week on the basis of one or two unsubstantiated reports as _safe_ solely because it will only block it for a week. Depending on your demographics SpamCop may have an acceptable false positive level, but it's not a list I advise most users to use as it regularly lists sources of large amounts of non-spam (such as, for example, mailservers used solely for closed-loop opt-in email). Despite that, though, it's quite effective if you're prepared to accept the false positive rate. You may want to look at the CBL or XBL if you're interested in a very effective IP based blacklist with a very low level of false positives. Not zero, but really pretty low. Pretty much all the others have levels of false positives that are bad enough that I wouldn't use them myself, though depending on the demographics of your recipients they may be acceptable to you. Using them to block mail to all recipients is likely to be problematic in most cases. Some recipients who choose to use it? Sure. As part of a scoring system? Perhaps. Blocking across all users? Probably a bad idea in most cases. Cheers, Steve
Re: SORBS Contact
Todd There are simple solutions to this. They do work in spite of Todd the moanings of the few who have been mistakenly blocked. So it is OK so long as we only defame a few people and potentially ruin their lives? Todd In the meantime my patience with email lost in the sea of Todd spam not blocked by blacklists, etc. is growing thin. Hmm. Let me think a minute. Nope not buying it. I have already given two simple solutions that don't involve potentially dropping job offers, wedding invitations, letters from old sweethearts, and other such irreplaceable email. Certainly it is impossible to guarantee all mail gets delivered. But to intentionally make it worse by deliberately deleting other people's email is arrogant and immoral. On the other side what do we have for those falsely defamed? I suppose we could psychically contact them to tell them their mail was deleted. Certainly email won't be reliable enough after these guys are done with it. If they worked for the post office these guys would be in jail.
Re: SORBS Contact
In the way you describe it any spam filter is bad any spam filter manufacturer should go to jail... On Wed, 9 Aug 2006, Allan Poindexter wrote: Todd There are simple solutions to this. They do work in spite of Todd the moanings of the few who have been mistakenly blocked. So it is OK so long as we only defame a few people and potentially ruin their lives? Todd In the meantime my patience with email lost in the sea of Todd spam not blocked by blacklists, etc. is growing thin. Hmm. Let me think a minute. Nope not buying it. I have already given two simple solutions that don't involve potentially dropping job offers, wedding invitations, letters from old sweethearts, and other such irreplaceable email. Certainly it is impossible to guarantee all mail gets delivered. But to intentionally make it worse by deliberately deleting other people's email is arrogant and immoral. On the other side what do we have for those falsely defamed? I suppose we could psychically contact them to tell them their mail was deleted. Certainly email won't be reliable enough after these guys are done with it. If they worked for the post office these guys would be in jail.
Re: SORBS Contact
Derek I'm gonna hold up the I call bullshit card here. Recipients Derek most certainly *can* get it wrong. Sorry I wasn't very clear. The results in the hotmail example were where the users said it wasn't spam but hotmail insisted it was. It is possible for a user to indentify non-spam as spam. But if a user says it isn't spam then it isn't no matter how much it might look like it might be. I have had this happend to me personally. Some of my fellow admins at the time insisted some of my incoming mail was spam. As it happened the mail (offering some telephone products) was specifically requested.
Re: SORBS Contact
Allan Poindexter wrote: Matthew so would you consider as it is my network, that I should Matthew not be allowed to impose these 'draconian' methods and Matthew perhaps I shouldn't be allowed to censor traffic to and Matthew from my networks? If you want to run a network off in the corner by yourself this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic. That's a very interesting statement. Here's my response, I'll deliver your traffic if it is not abusive if you delivery my non-abusive traffic. My definition of 'abusive' is applied to what I will let cross my border (either direction) - I expect you will want to do the same with the traffic you define as abusive, and I expect you to and support your right to do that. There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email lost silently due to blacklists, etc. is growing thin. Anyone using SORBS as I have intended and provided (and documented) will/should not silently discard mail. If anyone asks how to silently discard mail I actively and vigorously discourage the practice.* In fact because I disagree with that even in the case of virus infected mail I patches my postfix servers to virus scan inline so virus infected mail can be rejected at the SMTP transaction. RFC2821 is clear when you have issued an ok response to the endofdata command you accept responsibility for the delivery of that message and that should not fail or be lost through trivial or avoidable reasons - I consider virus detection and spam as trivial reasons - if you can't detect a reason for rejection at the SMTP transaction, deliver the mail. Regards, Mat * except in extreme/unusual circumstances - for example, there are 2 email addresses that if they send mail *to* me, they will get routed to /dev/null regardless of content.
Re: SORBS Contact
On 8/10/06, Allan Poindexter [EMAIL PROTECTED] wrote: Todd There are simple solutions to this. They do work in spite of Todd the moanings of the few who have been mistakenly blocked. So it is OK so long as we only defame a few people and potentially ruin their lives? That's quite a stretch there, bub. Defame means that it is somehow misrepresented as true, factual information. Publicly accessible (and non-mandatory) blacklists are opinions, not portrayed as fact by any stretch of the imagination. Todd In the meantime my patience with email lost in the sea of Todd spam not blocked by blacklists, etc. is growing thin. Hmm. Let me think a minute. Nope not buying it. If your inbound mail isn't at least 30% spam (or blocked spam attempts) these days, then you haven't been using the Internet long enough. I have better things to do than pass that 30% of mail traffic. The spam can FOAD as far as I care, and if there is a problem of a mistake with something improperly blocked, it is fixable (and takes a lot less maintenance time than dealing with the spam tsunami). Sorry, but those of us who have actually done this sort of thing for a living for a while know quite well why not every network can implement bayes-ish Report Spam button schemes (which are inaccurate anyhow, as you've pointed out), nor simply present all actual spam to the users (who would be flooded with well more than 30% in some cases -- there are in-use mailboxes on systems I've managed that would be above 99% spam if the spew weren't blocked at the gate). It's either lack of industry experience on your part, or you're yet another troll for a list renter or bulker -- which is it? Based on earlier statements of yours, I would give you the benefit of the doubt and assume the former. However, you just had to pull out the defame word in a completely invalid grammatical and legal context, so I'm starting to hedge bets on the latter. -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: SORBS Contact
william In the way you describe it any spam filter is bad any spam william filter manufacturer should go to jail... Manufacturer? No. It is perfectly permissible for a recipient to run a filter over his own mail if he wishes. Jail? Not what I said. I said postal workers couldn't get away with this behavior. The laws governing email are different. BUT: They aren't as different as is generally believed. Go read the ECPA sometime. Being legal isn't the same thing as being moral. The world would be a better place if people started worrying about doing what is right rather than only avoiding what will get them in jail. If I seem testy about this it is because I am. A friend of mine with cancer died recently. I learned later she sent me email befoe she died. It did not reach me because some arrogant fool thought he knew better than me what I wanted to read. And it isn't the first time or the only sender with which I have had this problem. I have had plenty of users with the same complaint as well. I have in the past considered this antispam stuff ill advised or something I oppose. Expect me to fight it tooth and nail from now on.
Question for the List Maintaners -- (Re: SORBS Contact)
Matthew Sullivan wrote: If you checked with the original complainant you would find that both the zombie and DUHL listings are cleared. If you knew the ticket numbers and where they sit in the SORBS RT Support system you would know that there were multiple tickets logged the oldest now being 10 days, the most recent being 5 days - and under published policy the earliest was pushed into the more recent. You'll also note that the original complaint was about a single IP address as part of a /27 within a /19 listing. OK. I have no problem with that. I want you to understand that my observation comes from seeing *many* people complain about a lack of response. If it was just a couple, that'd be a horse of another color. And frankly, it's not like you try to hide. You're a public figure here and on several other discussion forums. So I don't think it's unreasonable to assume that if people are having trouble reaching SORBS, it's not because the contacts aren't published. In fact, I've seen a number of complaints that people *have* contacted SORBS and have failed to get a response. The quoted text above is intended for a few that might still be on this list, non of which posted to this thread. The fact remains some ISPs provide transit to known criminal organisations for hijacked netblocks which are used for nothing but abuse (hosting trojans and viruses). I'm not arguing that fact. Whether or not it was an appropriate response is another matter. I don't know what your problem is, but you're not making things any better by refusing to fix listings that aren't incorrect or, in some cases, never were. Where do you get that from...? We fix incorrect listings as soon as notified and with no deliberate delay. If you are refering to listings like Dean Anderson's stolen netblock these are not delisted until such time as proof is obtained that our information is incorrect. Perhaps refusal is not the proper word, and I apologize for using it. It does imply intent. failure may be a more accurate description. permission even from a company folding is still stealing) - his response was a lot of bluster followed by the creation of the IADL.org site. Yup, I know. I'm there too. I am one of Dean's most vocal detractors. Something to consider before replying: is this on or off topic for NANOG? (personally I think part of this is on topic, other parts of the thread are definitely off topic) It has been agreed that spam is offtopic, although the issue of hijacked netblocks certainly isn't. So I probably should have replied to you off-list (apologies to everyone else for lowering the S:N ratio). I don't know what the official word is on whether DNSBL operations in general are on-topic for this list. I would appreciate if the people in charge of deciding such things could tell me whether DNSBLs are on-topic or not... -- Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows Apple Valley, California PGP:0xE3AE35ED It's all fun and games until someone starts a bonfire in the living room.
Re: SORBS Contact
Sorry I wasn't very clear. The results in the hotmail example were where the users said it wasn't spam but hotmail insisted it was. It is possible for a user to indentify non-spam as spam. But if a user says it isn't spam then it isn't no matter how much it might look like it might be. Phishing spam leaps immediately to mind as a counterexample; the fact that the user mistakes it for legit mail is exactly the problem. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: SORBS Contact
We have the same problem. We are blacklisted and I filled out the webform. I got an email regarding ticket number and account/password to track the ticket. But it seems that nobody is working on it. Best Stefan On Monday 07 August 2006 20:54, Brian Boles wrote: Can someone from SORBS contact me offlist if they are on here My most recent allocation from ARIN turned out to be dirty IP's, and I'm having trouble getting them removed following the steps on their website (no action on tickets opened). 64.79.128.0/20 Brian Boles [EMAIL PROTECTED] -- Stefan Hegger Internet System Engineer [EMAIL PROTECTED] Tel: +49 5241 8071 334 Lycos Europe GmbH Carl-Bertelsmann Str. 29 Postfach 315 33311 Gütersloh
Re: SORBS Contact
If you are blacklisted due of SPAM, and this happens often when you are an ISP, there is not automatic process. Stefan On Tuesday 08 August 2006 11:36, Stephen Satchell wrote: Stefan Hegger wrote: We have the same problem. We are blacklisted and I filled out the webform. I got an email regarding ticket number and account/password to track the ticket. But it seems that nobody is working on it. There has been extensive discussion on NANAE and NANABl newsgroups on this issue. The bottom line: The SORBS ticket queue is handled by a group of unpaid volunteers, and there is quite a backlog. That's why there is the automatic de-listing system in place, which requires proper host names and longer time-to-live (TTL) values in rDNS. Yes, it's a bit of work, but it beats waiting for someone to get around to your ticket. No, I'm not associated in any way with SORBS, just an interested observer and system administrator who has had to deal with listings myself. -- Stefan Hegger Internet System Engineer [EMAIL PROTECTED] Tel: +49 5241 8071 334 Lycos Europe GmbH Carl-Bertelsmann Str. 29 Postfach 315 33311 Gütersloh
Re: SORBS Contact
Sad state of affairs when looney people dictate which IPs are good and bad. -Michael Brian Boles wrote: Can someone from SORBS contact me offlist if they are on here My most recent allocation from ARIN turned out to be dirty IP's, and I'm having trouble getting them removed following the steps on their website (no action on tickets opened). 64.79.128.0/20 http://64.79.128.0/20 Brian Boles [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Michael Nicks Network Engineer KanREN e: [EMAIL PROTECTED] o: +1-785-856-9800 x221 m: +1-913-378-6516
Re: SORBS Contact
Even worse if your ISP uses it and demands you ask the 'offender' to get 'themselves' removed. Michael Nicks wroteth on 8/8/2006 7:27 AM: Sad state of affairs when looney people dictate which IPs are good and bad. -Michael Brian Boles wrote: Can someone from SORBS contact me offlist if they are on here My most recent allocation from ARIN turned out to be dirty IP's, and I'm having trouble getting them removed following the steps on their website (no action on tickets opened). 64.79.128.0/20 http://64.79.128.0/20 Brian Boles [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Re: SORBS Contact
On Tue, 8 Aug 2006, S. Ryan wrote: I have recommended to every client in the past to drop any ISP that uses SORBS, but amazingly there are still plenty of clueless ISPs out there that use SORBS. Hank Nussbacher http://www.interall.co.il Even worse if your ISP uses it and demands you ask the 'offender' to get 'themselves' removed. Michael Nicks wroteth on 8/8/2006 7:27 AM: Sad state of affairs when looney people dictate which IPs are good and bad. -Michael Brian Boles wrote: Can someone from SORBS contact me offlist if they are on here My most recent allocation from ARIN turned out to be dirty IP's, and I'm having trouble getting them removed following the steps on their website (no action on tickets opened). 64.79.128.0/20 http://64.79.128.0/20 Brian Boles [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC.
Re: SORBS Contact
Michael Nicks wrote: Sad state of affairs when looney people dictate which IPs are good and bad. Sad state of affairs when ISPs are still taking money from spammers and providing transit to known criminal organisations. / Mat
Re: SORBS Contact
Someone is providing you transit.. what gives? :) Matthew Sullivan wroteth on 8/8/2006 4:33 PM: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=ISO-8859-1; format=flowed Michael Nicks wrote: Sad state of affairs when looney people dictate which IPs are good and bad. Sad state of affairs when ISPs are still taking money from spammers and providing transit to known criminal organisations. / Mat
Re: SORBS Contact
Brian Boles wrote: Can someone from SORBS contact me offlist if they are on here My most recent allocation from ARIN turned out to be dirty IP's, and I'm having trouble getting them removed following the steps on their website (no action on tickets opened). 64.79.128.0/20 http://64.79.128.0/20 If course checking this we find that SORBS is not the only problem you have... http://www.completewhois.com/hijacked/files/64.79.128.0.txt Regards, Mat
Re: SORBS Contact
On Wed, 9 Aug 2006, Matthew Sullivan wrote: Brian Boles wrote: Can someone from SORBS contact me offlist if they are on here My most recent allocation from ARIN turned out to be dirty IP's, and I'm having trouble getting them removed following the steps on their website (no action on tickets opened). 64.79.128.0/20 http://64.79.128.0/20 If course checking this we find that SORBS is not the only problem you have... http://www.completewhois.com/hijacked/files/64.79.128.0.txt That was old user of that ip block. The block has been deleted and ARIN now reassigned/reallocated it to somebody else. The file you need to watch (which gets updated when ip block previously hijacked is no longer an issue) is: http://www.completewhois.com/hijacked/hijacked_flist.txt (though a few more legacy blocks listed there got deleted in last months, so it does need to be updated again) -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: SORBS Contact
william(at)elan.net wrote: That was old user of that ip block. The block has been deleted and ARIN now reassigned/reallocated it to somebody else. The file you need to watch (which gets updated when ip block previously hijacked is no longer an issue) is: http://www.completewhois.com/hijacked/hijacked_flist.txt (though a few more legacy blocks listed there got deleted in last months, so it does need to be updated again) Ta, missed that link previously. Regards, Mat