Re: Past policies versus present and future uses
On 1/25/2021 11:34 AM, Rubens Kuhl wrote: They are not losing IPs because of hosting questionable content. Correct - but from reading the Brian Krebs article on this, that was the justification that Ron Guilmette used for going after Parler and DDoS-Guard. -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032
Re: Past policies versus present and future uses
/(sent again since the last one had the inline graphic stripped out - so this one links to the graphic on a website)/ A take on the 1979 movie "When A Stranger Calls" - "have you checked the children?" becomes "have you checked the IP registration?" Have you checked the IP registration? https://www.invaluement.com/have-you-checked-the-ip-registration.jpg The vast majority of the time, Ron Guilmette does "the Lord's work" - but THIS time - it looks to me like he put his political biases ahead of legit anti-abuse, and it's no surprise that we now have a trail of destruction left behind, along with much "innocent bystander" collateral damage. Is DDoS-Guard without blame? Probably not, but them hosting some occasional criminals is NOT UNLIKE EVERY OTHER GLOBAL NETWORK! So like other large and diversity global networks, anti abuse should focus on removing their worst criminals/spammers. By these SAME standards, many other large and famous networks should lose most or much of their IPs too! So here we are, with many OTHER networks now legitimately freaked out about losing their IPs, and with massive potential collateral damage that might hurt many "innocent bystanders" each time that is done! -- Rob McEwen, invaluement
Re: Past policies versus present and future uses
A take on the 1979 movie "When A Stranger Calls" - "have you checked the children?" becomes "have you checked the IP registration?" Have you checked the IP registration? The vast majority of the time, Ron Guilmette does "the Lord's work" - but THIS time - it looks to me like he put his political biases ahead of legit anti-abuse, and it's no surprise that we now have a trail of destruction left behind, along with much "innocent bystander" collateral damage. Is DDoS-Guard without blame? Probably not, but them hosting some occasional criminals is NOT UNLIKE EVERY OTHER GLOBAL NETWORK! So like other large and diversity global networks, anti abuse should focus on removing their worst criminals/spammers. By these SAME standards, many other large and famous networks should lose most or much of their IPs too! So here we are, with many OTHER networks now legitimately freaked out about losing their IPs, and with massive potential collateral damage that might hurt many "innocent bystanders" each time that is done! -- Rob McEwen, invaluement
Re: AFRINIC IP Block Thefts -- The Saga Continues
On 11/16/2020 9:54 AM, Tom Beecher wrote: I would like to formally request that Mr. Cohen's privileges to post to this list be revoked, or otherwise curtailed. +1 Several months ago, Elad Cohen went on record claiming that I was secretly "Rob Shultz" from Spamhaus - an outrageous lie. (Spamhaus is actually my competitor... and I've only ever known a few people there - and not even that well.) What I had to do to (somewhat!) clear my name - so that the average person who doesn't know me could tell with a high degree of certainty that Elad Cohen lies about me weren't true - took away many hours out of my life and got me in trouble with maawg for discussing too many details about the people at maawg events whom I had interacted with (to show that me and this other Rob couldn't possibly be the same person). Note that I barely know "Rob Shultz", and hadn't even heard of "Rob Shultz" until AFTER I saw Cohen's accusation. I don't think that "Rob Shultz" is a bad person at all - from what little I know about him - but these accusations could potentially cause frustration/confusion in the niche market served by both invaluement (my company) and Spamhaus. The way Elad Cohen pushes ludicrous/unfounded conspiracy theories that are easily proven false - makes me question his mental heath. Ironically, at the same time, I'm actually somewhat of an *EXTREMIST* when it comes to free-speech and the free flow of ideas. I absolutely hate it when others shut down opposing ideas due to being "offended". But what makes this case DIFFERENT - is that I draw a line at slander/libel. I gave Elad Cohen every opportunity to prove his accusations - and he wasn't able to. And, again, what I had to explain about my meetings with people (aka "witnesses") at maawg - to prove that Elad was lying - caused me irreparable damage with maawg. His slander/libel is damaging to others. He doesn't add any value (at least, none that I can find) - he only harms other people in malicous ways. -- Rob McEwen, invaluement
Re: CNAME records in place of A records
On 11/8/2020 7:10 PM, Matt Palmer wrote: On Fri, Nov 06, 2020 at 05:07:26AM -0500, Dovid Bender wrote: Sorry if this is a bit OT. Recently several different vendors (in completely different fields) where they white label for us asked us to remove A records that we have going to them and replace them with CNAME records. Is there anything *going around* in the security aranea that has caused this? The closest thing to a *security* issue I can think of is IP agility in the face of DDoS attacks -- most booter-style attacks are dumb as rocks, and null-routing the target IP and moving all the customers on that IP to another one is the easiest solution. However, there are many *other* great reasons to get customers to CNAME onto their SaaS vendors, including: * No need to coordinate routine renumbering events; * IPv6 support; * CAA record (SSL cert issuance) support; and * no doubt a bunch of other reasons I've forgotten for the moment. Basically, if you sign up for a SaaS that uses your own domain and they *don't* give you a CNAME target to point at, I'd be very cautious, because they're either *very* new to the game, or they're probably also operationally deficient in a lot of other areas, too. - Matt except - don't forget that the root of a domain (that domain without "www." or any other label) - cannot have a CNAME as the "A" record - fwiw... -- Rob McEwen, invaluement
Re: Consolidation of Email Platforms Bad for Email?
On 9/8/2020 10:59 AM, Matt Harris via NANOG wrote: Once you get into that small club, it's just as hard to get kicked out, and unfortunately that means that if abuse, UCE, etc is coming from those hosts, they've got an even higher chance of hitting your inbox. So while in theory it might work the way you're thinking, in practice it hasn't because once you are in that club, a lot of the financial motivation to prevent abuse of your service - that is, inbox deliverability for your client base - goes away. +1 Likewise, we're at a point now where if a criminal phish or virus comes from the largest few email hosters, and you provide them emails with full headers - the accounts do NOT get shut down. They literally don't think this is their problem. And likewise, data storage sites (GoogleDrive, OneDrive, etc) from the largest providers often will host malware for weeks or months without being shut down - or the malware at least persists for many days after being reported. The same is often true for their redirectors. Wwhat is frustrating is that the long-standing industry standard of "you're responsible both for what you both send and host - even if the malware wasn't intended" - seems to be lost. Likewise, back in the spring months of 2018, google's "goo[.]gl" shortner went crazy for a few months, and was being MASSIVELY abused by spammers, and was being used as an "end run around" URI DNSBLs (SURBL, URIBL, ivmURI, DBL). I collected 15K examples of abused shortners that were "live", and sent those to Google. At the time I sent those, only about 500 of that 15K had been shut down. What was infuriating was that 80% of these 15K shortners were pointing to only 12 spammer's domains. These should have been trivial to prevent! The OTHER infuriating thing was that my INITIAL response from my contacts at Google was - (I paraphrase) "other spam filters should just follow the redirect, and block these spams based on the URI it redirects to" - WOW! I sent them a very stern email about that. (and for comparison, abused Bitly shortners were mostly getting shut down within 2 hours - so "everyone does it" was NOT a decent excuse!) Like I said - the long-standing industry standard of "you're response both for what you both send and host - even if the malware wasn't intended" - seems to be lost on some of these large providers. Thankfully, this had a happy ending. After some "tough love" - Google replied back and said (I paraphrase), "we were planning on shutting that down - or at least shutting down the ability to add new ones - and due to your feedback - we're going to push that up a few months" - and so soon afterwards, they finally did terminate those 15K shortners - and stopped allowing new ones. So this is to Google's credit - but the problem had persisted for months - and it seemed like a lot of cultural/industry standards in the Internet Security industry seemed lost on them. Sadly, while this situation had a good ending - similar problems with the largest providers persist. At the same time, they sure can be draconian in how they block smaller providers who had a rare and short-lived security incident. The hypocrisy is incredible. For example, Microsoft will sometimes *permanently* block a small email hoster for a short one or two hour compromised email account situation that caused spam to be sent from that small hosters - but that was quickly fixed - even if that hoster sends MUCH legit email. It almost FEELS like extortion - since many of the IT people running those small-ish servers sometimes get frustrating - and move their email to the cloud - and then guess who OFTEN gets their email hosting business? -- Rob McEwen, invaluement
Re: CloudFlare Issues?
I think they were down for about 30 or so minutes, but came back up right about the time you hit the send button --Rob McEwen On 7/17/2020 5:38 PM, Chris Grundemann wrote: Looks like there may be something big up (read: down) at CloudFlare, but their status page is not reporting anything yet. Am I crazy? Or just time to give up on the internet for this week? -- @ChrisGrundemann http://chrisgrundemann.com -- Rob McEwen invaluement
Re: RIPE NCC Executive Board election
On 5/13/2020 9:46 AM, Elad Cohen wrote: Real identities behind "The Spamhaus Project": "Rob Shultz" - Rob McEwen (https://www.invaluement.com/) Elad made this public allegation one of RIPE "Open Source Working Group" mailing lists, that he started here: https://www.ripe.net/ripe/mail/archives/opensource-wg/2020-April.txt Here is my response to this allegation (new thread): https://www.ripe.net/ripe/mail/archives/opensource-wg/2020-May/93.html It went back and forth - you can read all the *drama* in that thread. Elad "doubled down" by publicly saying to me: /*"You are a complete liar. You are Rob Shultz."*/ I then put it to bed in the following thread: https://www.ripe.net/ripe/mail/archives/opensource-wg/2020-May/000100.html If anyone has the SLIGHTEST SUSPICION that this might be true, PLEASE read those threads. He ended up being put on "moderated" status on the RIPE forum and was publicly reprimanded here: https://www.ripe.net/ripe/mail/archives/opensource-wg/2020-May/99.html He called me a "liar" - but has produced ZERO evidence to support his assertion - even though I "called his bluff" and asked him to "put up for shut up". He wouldn't "shut up" - but he also is not capable for "putting up" because the only evidence he has - is delusions that only exist inside his mind. I'm not a psychiatrist - but Elad is either very maliciously and unprofessionally lying to attack anti-spam people - or has a serious mental illness and needs psychiatric help. One or the other. Does this mean everything he says is factually wrong? I didn't claim that. I don't have the time nor inclination to fact check his long rants. But I do know that I'm not, nor have ever been, "Rob Schultz" and that I don't secretly work with/for Spamhaus in any way/shape/form. And I really don't like being called a "liar" on a public forum by someone. There are many out there who might run across posts like that and not bother to get the whole context, and might not know the real truth. So things like this can become an annoyance for many years to come. -- Rob McEwen https://www.invaluement.com
Re: IPv6 Pain Experiment
On 10/7/2019 7:37 AM, Valdis Klētnieks wrote: On Mon, 07 Oct 2019 03:03:45 -0400, Rob McEwen said: Likewise for spam filtering - spam filtering would be knocked back to the stone ages if IPv4 disappeared overnight. IPv6 is a spam sender's dream come true, since IPv6 DNSBLs are practically worthless. Riddle me this: Why then have spammers not abandoned IPv4 and moved to IPv6 where we're totally powerless to stop their floods of spam? I'm tired of hearing the excuse "We can't move to IPv6 because then we couldn't stop the spam" - if that were true, then every organization that *has* moved to IPv6 would be drowning in spam. (1) as Stephen Satchell said... because a huge percentage of mailboxes (perhaps the vast majority?) are still behind servers that (wisely!) only listen on IPv4 for non-auth connections, so spammers would have to make extremely large deletions to their distribution list if they only sent to emails where the mail server only listened on IPv6. (2) For my own commercial anti-spam blacklist, I've had SEVERAL new subscribers this past year who specifically complained about spams that my anti-spam blacklists (AND all the other ones like Spamhaus, etc!) were NOT blocking. I requested more information about the ones that weren't getting blocked... and they were almost all IPv6-sent spams. I simply explained to them that they do NOT have to do this, and that most of that spam will go away the moment that their server only listens on IPv4 (at least, for non-SMTP-AUTH email - they can still listen for IPv6 authenticated email without these problems). I also explained to them that there hadn't been a situation in the history of the world where an email didn't make it to a server that only listened on IPv4 for non-authenticated email. (3) Many IPv6 mail servers have had to invest/expend significantly more resources per mailbox. (4) trying to get everyone to move too quickly to IPv6 POTENTIALLY actually damages email and harms OTHER's spam filtering. Why? Because it enables listwashing. A spammer can literally send to 10s of thousands of email addresses each from a separate /64 block, with a one-to-one relationship between the /64 block and the recipient email address. Then they can listwash spamtrap addresses based on which of those /64 blocks get blacklisted. It ALSO harms email because shady marketers get the idea that there are endless new IPs to burn through, and that only emboldens them. So when it comes to email, it turns out that IPv4 scarcity (for non-auth connections) is a feature not a bug! But, if desired, you can STILL have massive amounts of IPv6 clients sending via SMTP authentication - so this won't limit your ability for your refrigerator to send authenticated email to you! (so that greatly minimizes the "but we're running out" longer-term argument - besides the fact that this isn't really a HUGE problem anyways - since IPv6 clients already are already able to connect to IPv4 servers) -- Rob McEwen https://www.invaluement.com
Re: IPv6 Pain Experiment
On 10/7/2019 2:03 AM, Masataka Ohta wrote: Forrest Christian (List Account) wrote: I've been ignoring this discussion because I feel this ship sailed many years ago, and IPv6, like it or hate it, is the best way forward we have. A problem is that there is a cliff edge in front of you. Likewise for spam filtering - spam filtering would be knocked back to the stone ages if IPv4 disappeared overnight. IPv6 is a spam sender's dream come true, since IPv6 DNSBLs are practically worthless. Yes, there are OTHER filtering techniques, but none that scale nearly so much with as extremely little resources required. And this is a problem for large and small organizations. Even the very largest email systems would be extremely disrupted if IPv4 DNSBLs (internal and/or 3rd party) were not available within the very near future. Solutions to this problem would then severely disrupt their business/financial models for those mail systems since the overhead costs per mailbox would significantly increase. -- Rob McEwen https://www.invaluement.com
Re: What can ISPs do better? Removing racism out of internet
On 8/7/2019 10:50 AM, Tony Patti wrote: FYI, /Bloomberg BusinessWeek/ published _TODAY_ a 3,200-word article by Felix Gillette entitled* "Section 230 Was Supposed to Make the Internet a Better Place. It Failed"* https://www.bloomberg.com/news/features/2019-08-07/section-230-was-supposed-to-make-the-internet-a-better-place-it-failed If the whole Section 230 gets deleted - and isn't carefully replaced - then many DNSBLs and spam filters and spam filtering technology providers with get sued out of business (even if just by SLAPP lawsuits suddenly making more progress and costing a fortune in attorney feeds). These costs will then get passed onto consumers in the form of either MUCH WORSE spam filtering, or much higher costs for email hosting services. The same is true for Internet content filters, too. Be careful what you wish for, you might get it! -- Rob McEwen
Re: What can ISPs do better? Removing racism out of internet
I'm so tired of this thread - but the bottom line is that censorship and even the definition of "hate" and "racism" (especially when used in the vernacular!) are extremely subjective and can lead to situations where reasonable people disagree. And if/when such policies are implemented to try to limit or shut down such speech, horrific unintended collateral damage will LIKELY occur. Also, totalitarian regimes OFTEN use the same arguments to get their foot in the door of controlling and suppressing speech. Even now, the mainstream news media is ALREADY highlighting a very selective part of these murderer's ideologies, and suppressing other parts, in order to convey an overall impression of their ideologies that doesn't actually match them, but furthers certain biased agendas. So actions to suppress "hate speech" and "racism" based on the 1/2 truths that most have been brainwashed to believe about these evil murderers' beliefs (1/2 contradicted by their own actual writings, which are already evil!), is ALREADY well on its way towards potentially causing collateral damage by unplugging or suppressing forums/platforms that really don't closely match the actual ideology of the shooters. Again, I'm not defending the murderers in the slightest - I'm just saying that many of those in favor of limiting speech are the SAME crowd that is either publishing or consuming content that describes the shooters' ideologies in a certain particular way that purposely tries to make them look like a DIFFERENT group of deranged people, in order to advance a biased agenda. So we're already well on the way towards the collateral damage I mentioned above. Also, I'm not saying that nothing should ever be done, or that we can't make any changes or improvements, but the cure might end up being potentially much worse than the disease if we're not careful. -- Rob McEwen
Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
On 1/11/2019 2:50 PM, Grant Taylor via NANOG wrote:
On 01/11/2019 12:32 PM, Rob McEwen wrote:
but if done right, fwiw,, wouldn't that be sent over SMTP using TLS
encryption?
Oy vey. in-flight vs at-rest encryption.
which is why i said "fwiw", acknowledging upfront that TLS transmission
encryption has a limited scope. I guess you missed that? But I was
specifically replying to a complaint about passwords being sent in plain
text, and I was suggesting that TLS would solve that problem. At that
point in the discussion, it wasn't a discussion about all things
encryption. ("context" is very helpful - are you still facepalming?)
On 01/11/2019 12:32 PM, Rob McEwen wrote:
(but, then again, that ALSO requires a certificate!)
Let's Encrypt works perfectly fine for that too. }:-)
Exactly! That was sort of my point too. The person creating that
dumpsterfire list seemed to be trying to avoid having to install a
security certificate, but having that security certificate solves other
problems besides the website getting https, such as enabling TLS, too.
That was my basic point, I was just trying to be less wordy.
--
Rob McEwen, invaluement
Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
On 1/11/2019 1:11 PM, Andreas Ott wrote: Admittedly, mailman does send you the password in clear text over SMTP if you ask for it but if done right, fwiw,, wouldn't that be sent over SMTP using TLS encryption? (but, then again, that ALSO requires a certificate!) -- Rob McEwen, invaluement
Re: Rising sea levels are going to mess with the internet
On 7/26/2018 4:22 PM, valdis.kletni...@vt.edu wrote: Let's run the math. 1mm/additional per year. So 1 the first year, 2 aditional the second, ... and the century year then adds 100mm or 4 inches*by itself*. But we need to add years 1 to 99's contributions too... sum(1..100) = 101 * 50 or 5050mm. Divide by 25.4 and you get 198 inches cumula You misinterpreted what I said. I was merely saying that the current yearly increase is about 1 mm more than the yearly increase was from 40 years ago. (But maybe not even that much!) I was NOT saying that each year was increasing by a rate that was mm more than the previous year. Your calculation is based on year-to-year acceleration of growth. In fact, that year-to-year /*acceleration*/ of rising sea levels is actually a ~0.025 mm average increase over the previous year. (this is HALF the thickness of a single sheet of paper!) So try your calculation again - except see how impressive that "compound interest" you talk about is when the year-to-year acceleration of growth over the previous year is only 0.025 mm. ALSO - I say "average rate of increase" because the graph is not a smooth line. Like almost everything, it is jagged - where some years show signs of more rapid acceleration, and other years show a decrease in acceleration, or even a lowering of the sea levels. Anytime one of the other hits a historical extreme, it raises curiosity that we might be in the middle of a fundamental shift to a "new normal". But before anyone assumes that we're about to hit a new normal where that .025 mm year-to-year increase in the rate of rising - is about to accelerate - note that, in fact, the sea levels have actually LOWERED in the past couple of years. (not just rising less fast - ACTUALLY LOWERING). (see blue line at the end of this graph: https://insideclimatenews.org/content/average-global-sea-level-rise-1993-2017) -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032
Re: Rising sea levels are going to mess with the internet
On 7/26/2018 3:49 PM, valdis.kletni...@vt.edu wrote: On Thu, 26 Jul 2018 15:39:51 -0400, Rob McEwen said: JUST BARELY curve upwards. So I dug into THEIR actual data - and even THEIR data shows something like a cumulative 1mm/year increase - and - it took ~40 years or so to get to that 1mm increase (to be extra clear, this is a reported increase over how much oceans are rising now compared to ~40 years ago. But I'm not even sure this added up to even a full 1 mm.) Compound interest is a bitch. But NOT so much when the rate of increase is THIS tiny. Yes, if the rate of the increase holds steady, then this could start causing a lot of problems EVENTUALLY. But this still only adds up to an ADDITIONAL 4 inches (total!) per century (over what would have happened). That is an amount and time-scale that warrants concern and long-range planning. However, extreme measures that would harm our economy in the short term (and in many cases wouldn't have helped anyways) are counter productive because they then put us on a long-term less healthy economic trajectory that would make us less able to afford the future changes that would be needed to deal with this extremely long-term problem. ANALOGY: Freshman college kid becomes a health nut and spends all his money on only the best specialized organic foods, exotic vitamins, and a membership at the best health club, even paying extra for a personalized trainer. Then he has to drop out of college because he can't afford it. Then he runs out of money and can't get a decent paying job because he doesn't have a college education. Now he eats horrible cheap food and works long hours at a low paying job that leaves him little time to properly exercise. (in general - solving a SMALL problem with a BIG solution - like this - causes problems) -- Rob McEwen
Re: Rising sea levels are going to mess with the internet
On 7/26/2018 1:32 PM, Rod Beck wrote: You are simply wrong. The sea level is rising at an increasing rate. The average sea level will go up by 30 centimeters to 1 meter by 2100. And of course, the storm surge will increase by a multiple of that. Sources: NOAA. Looking at the SAME sources (NOAA, NASA, etc) - as scary as those "Mt Everest" charts look (where they make 3.5mm/year rising look like Mt Everest) - the lines on THEIR charts are ALMOST perfectly straight and JUST BARELY curve upwards. So I dug into THEIR actual data - and even THEIR data shows something like a cumulative 1mm/year increase - and - it took ~40 years or so to get to that 1mm increase (to be extra clear, this is a reported increase over how much oceans are rising now compared to ~40 years ago. But I'm not even sure this added up to even a full 1 mm.) These sources ALSO have all kind of scary PREDICTIONS or ESTIMATES about FUTURE acceleration that goes MUCH faster - just like they did 10 and 20 years go - but their scary predictions never materialize. Does pointing out these FACTS - using data from the SAME sources that you are using - STILL qualify me for the "flat earth society"? On this same thread, I've also been called a "climate change denier", and otherwise insulted multiple times - for just pointing out clear indisputable facts. Others keep pointing out how "a majority of scientist disagree" - yet that 97% figure that keeps getting thrown around - was from ONE SINGLE extremely flawed study that has since been thoroughly debunked. BTW - in my original message, I did state: "But I suppose that it might be a good idea to take inventory of the absolute lowest altitude cables and make sure that they are not vulnerable to the type of flooding that might happen more often after a few decades from now after the ocean has further risen about 2 inches? But the sky is not falling anytime soon." So ALSO - everyone - please ALSO stop arguing with a "straw man" here - I never said that there wasn't anything to be concerned about. -- Rob McEwen
Re: Rising sea levels are going to mess with the internet
On 7/23/2018 2:03 PM, Owen DeLong wrote: Actually, the graphic that is at the top of that link does support his claims. I was thinking that too - but it could ALSO have something to do with the fact that literally hundreds of millions of Indians and Chinese citizens joined the 1st world economy - and started doing things like driving cars - in recent decades. That could be a larger factor than their particular political/economic systems. ALSO: The BEST arguments on this thread for why we should worry about flooding or rising water levels - came from arguments that the actual continents are shifting in ways that cause certain coasts to rise or sink - regardless of the actual overall ocean depth. I don't know much about that - but I do know that (1) THAT particular situation has NOTHING to do with CO2 levels or emissions. (2) the parts of this conversation that does have to do with CO2 levels is specifically based on the theory that (a) high CO2 levels cause warming, which then (b) causes the icecaps to melt, which then causes (c) the sea levels to rise at an accelerated pace (beyond what it did when the overall CO2 levels were lower), as a direct result of increasing levels of CO2 in the atmosphere. but (c) is junk science - since it is NOT happening - the acceleration of sea levels rising beyond an average of 3.5mm/year is almost non-existent - therefore discussions of CO2 levels and emissions unnecessarily politicizes this discussion. Or, at least, the people who are complaining about how this doesn't belong on NANOG (which is a reasonable assessment) - and who complain about "climate deniers" - shouldn't be able to shut down certain factual and logical arguments (that rock their world) - yet not have a problem with continued discussion about CO2 levels and emissions. (that would be hypocritical and unscientific) -- Rob McEwen
Re: Rising sea levels are going to mess with the internet
On 7/23/2018 3:55 AM, Saku Ytti wrote: On Mon, 23 Jul 2018 at 05:55, Rob McEwen wrote: Meanwhile, global warming alarmists have ALREADY made MANY dire predictions about oceans levels rising - that ALREADY didn't even come close to true. Now this discussion does not belong to NANOG Yes - sad isn't it - that someone else brought this up. but 'global warming alarmist' is worrying term to me. What is the perceived harm you're trying to reduce? Are the acts which try to address the problem the harm you'd like to see avoided? Anytime a "big solution" is applied to a "small problem" (or non-existent problem), problems arise. At the least, mis-allocation of resources can cause situations where other important issues fail to get addressed when the small problem gets an over-allocation of resources. (and real peoples' lives get damaged in the process) Much in same way, compelling majority of scientists (>95%) believe in human caused global warming Your ">95%" is MORE junk science. The popular percentage to throw out is "97%" - as quoted by Obama and many others - this came from 2013 paper by John Cook - that was so incredibly and dishonestly flawed as to basically be unscientific propaganda. (1) many scientists' papers were falsely classified and (2) he did a "bait and switch" where he "read into" certain papers stuff that wasn't really there. http://www.populartechnology.net/2013/05/97-study-falsely-classifies-scientists.html https://www.theguardian.com/environment/blog/2014/jun/06/97-consensus-global-warming Real science makes "risky predictions" and then is willing to redo the hypothesis when those predictions don't happen as predicted. In contrast, junk science stubbornly sticks to preconceived biases even when the data continually fails to validate the hypothesis (which is happening here!). The fact that you're so quick to try your "appeal to authority" with that fake ">95%" percentage - and you don't seem to understand that a mis-allocation of resources based on junk science is NOT a victim-less crime (so to speak - not technically a crime - but REAL people ARE damaged by this) - undermines your credibility. Tell you what, I'll admit that I might be wrong the first time that we see a 5+mm per year average of sea level rising over a 5 year period. HINT: We won't. For example, look at the blue line at the end of this "scary graph" from a "climage change" site that has your same viewpoint: https://insideclimatenews.org/content/average-global-sea-level-rise-1993-2017 - as scary as that chart looks like at first glance - it shows little-to-no *acceleration* - the rate of increase holds steady at 3.5 mm/year - BUT HERE IS THE INTERESTING PART: even this pro-climate change site's own graph shows that the sea levels have failed to rise AT ALL over the past couple of years. But 15 years from now, we'll see new rounds of NEW dire predictions about alarming FUTURE sea level risings that are allegedly just around the corner. -- Rob McEwen
Re: Rising sea levels are going to mess with the internet
For the past 100+ years, the sea levels have been rising by about 2-4 mm per year. If you go to the following two sites: https://oceanservice.noaa.gov/facts/sealevel.html https://climate.nasa.gov/vital-signs/sea-level/ You'll see all kinds of scary language about dire predictions about how the sea levels are rising and accelerating. And you'll see SCARY charts that look like Mt. Everest. But when you dig into the actual data, you'll find that there MIGHT have been (at most!) a CUMULATIVE 1mm/year acceleration... but even that took about 4 decades to materialize, it could be somewhat within the margin of error, and it might be a part of the fake data that often drives this debate. Meanwhile, global warming alarmists have ALREADY made MANY dire predictions about oceans levels rising - that ALREADY didn't even come close to true. The bottom line is that there is no trend of recently observed sea level rising data that is even close to being on track to hit all these dire predictions within the foreseeable future. And even as the West has reduced (or lessened the acceleration of) CO2 emissions - this has been easily made up for by the CO2 emission increases caused by the modernization of China and India in recent decades. And, again, there were articles like this 10, 15, and even 20 years ago that made very similar predictions - that didn't happen. So, it is hard to believe that the dire predictions in this article could come true in 15 years. But I suppose that it might be a good idea to take inventory of the absolute lowest altitude cables and make sure that they are not vulnerable to the type of flooding that might happen more often after a few decades from now after the ocean has further risen about 2 inches? But the sky is not falling anytime soon. Rob McEwen On 7/22/2018 9:01 PM, Sean Donelan wrote: https://www.popsci.com/sea-level-rise-internet-infrastructure Rising sea levels are going to mess with the internet, sooner than you think [...] Despite its magnitude, this network is increasingly vulnerable to sea levels inching their way higher, according to research presented at an academic conference in Montreal this week. The findings estimate that within 15 years, thousands of miles of what should be land-bound cables in the United States will be submerged underwater. “Most of the climate change-related impacts are going to happen very soon,” says Paul Barford, a computer scientist at the University of Wisconsin and lead author of the paper. [...] -- Rob McEwen
Re: Whois vs GDPR, latest news
On 5/26/2018 3:36 PM, JORDI PALET MARTINEZ via NANOG wrote: Talking from the experience because the previous laws in Spain, LOPD and LSSI Jordi, LOPD/LSSI does not = GDPR But even if there was a probability that GDPR would operate like they do: (1) it is alarming that the fines mentioned on GDPR are 10-20X higher than even LOPD/LSSI's higher fines -AND- regarding LOPD/LSSI's relatively low minimum fine of 600 EUROs that you mentioned - it was explicated mentioned on the page you referenced - HOWEVER there is NOT any similar official (relatively) low-cost fines mentioned for GDPR anywhere there is only that NOT-reassuring "up to" phrase. For someone hit with a GDPR fine, I don't think telling them, "JORDI PALET MARTINEZ claimed that the fine will be more reasonable for a smaller business that had a less egregious offense" - is going to necessarily make it so. Believe me, I WANT you to be my GDPR fairy. I really really do. But I have to operate my business more realistically. -- Rob McEwen https://www.invaluement.com
Re: Whois vs GDPR, latest news
On 5/26/2018 2:36 PM, Michel 'ic' Luczak wrote: Original text from EU Commission: "Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 10 000 000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher” -> Administrative fines_up to_ 10M (or 2% if your 2% is higher than 10M). It’s a cap, not a minimum. Thanks for the clarification. But whether that fine will be less than 10M is extremely vague and (I guess?) left up to the opinions or whims of a Euro bureaucrat or judge panel, or something like that... based on very vague and subjective criteria. I've searched and nobody can seem to find any more specifics or assurances. Therefore, there is NOTHING that a very small business with a very small data breach or mistake, could point to... to give them confidence than their fine will be any less than 10M Euros, other than that "up to" wording - that is in the same sentence where it also clarifies "whichever is larger". All these people in this discussion who are expressing opinions that penalties in such situations won't be nearly so bad - are expressing what may very with be "wishful thinking" that isn't rooted in reality. -- Rob McEwen https://www.invaluement.com
Re: Whois vs GDPR, latest news
On 5/26/2018 12:29 PM, JORDI PALET MARTINEZ via NANOG wrote: I don't recall right now the exact details about how they calculate the fine The *MINIMUM* fine is 10M euros. SEE: https://www.gdpreu.org/compliance/fines-and-penalties/ This is true no matter how small the business, and (potentially) even if there was just one minor incident. And the law is so vague and expansive - and with such massive minimum fines - that I wonder if this might be exploited to target political rivals/enemies? Or those who donate to such? It certainly could easily be weaponized! And before it even gets nearly to that point, it could also turn into the equivalent of the tiny city of Waldo, Florida (USA) (population 1K)... who turned their police force into a speeding-ticket revenue factory for some time before the State of FL shut them down. Certainly, the Euro bureaucrats are incentivized. -- Rob McEwen https://www.invaluement.com
Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent
On 5/15/2018 5:34 AM, Rich Kulawiec wrote: That's enough right there. HTML markup in email is used exclusively by three kinds of people: (1) ignorant newbies who don't know any better (2) ineducable morons who refuse to learn (3) spammers. There are no exceptions. For years, I was very disciplined about using plain-text only for my outbound messages... but then I got frustrated with seeing email I had posted (to lists like this) - come back with horribly bad line wrapping - that made for very choppy readability. (This may have been better or worse depending on which software or device I was reading it on?) Then, when I switched to using my Thunderbird client's "plain and html" setting, that problem went away, and posts that I made didn't look like someone high on drugs typed them. -- Rob McEwen https://www.invaluement.com
Re: Is WHOIS going to go away?
On 4/25/2018 10:50 AM, Anne P. Mitchell Esq. wrote: And of course then there's the conventional wisdom that (some) anti-spammers see secret registration as a sign that you are likely a spammer, or otherwise engaged in bad activities For example: http://www.spamresource.com/2010/02/whois-privacy-protect-what-spamfighters.html (and I concur... although I do understand the frustration about the phone spam, too - I recently registered a dozen domains and I was getting 10+ calls a day for weeks - which I why I recommend starting with a hidden registration - then switching to an unhidden registration some weeks later. This isn't a perfect solution, but it helps since the hit freshly registered domains the hardest.) -- Rob McEwen https://www.invaluement.com
Re: Is WHOIS going to go away?
On 4/25/2018 11:39 AM, Aaron C. de Bruyn via NANOG wrote: don't happen if I use private registration SUGGESTION: Initially register with private registration - then change it to regular non-hidden registration a few weeks later or so. (hopefully before putting it into production, especially if used for/with/in emails) I think this will cut down on the majority of those crazy spam phone calls. -- Rob McEwen https://www.invaluement.com
Re: Attacks from poneytelecom.eu
On 1/4/2018 12:36 PM, valdis.kletni...@vt.edu wrote: On Thu, 04 Jan 2018 09:48:24 -0700, Michael Crapse said: I've never dealt with a support queue that resolved the issue faster than a direct contact. Which would the user prefer - a guaranteed 15 minute response time from the queue, or 10 minute from a direct contact, unless it's an hour because they're in a meeting, or the next day because they're out sick, or 2 weeks because they're on vacation? Bonus points for recognizing there's a confirmation bias effect here - people will remember the 2 week response time more than they'll remember the 5 minutes faster the rest of the time. Hint: How many "I haven't heard back in a week" do we see here and on the mailop list, and how many "Congrats to so-n-so who fixed my problem in 5 minutes flat?" Also, unless the requester already has a close relationship with someone in that department at the company they are contacting - it is sort of offensive to contact them without FIRST filling out the form and allotting a reasonable time for a response. Then, if filling out the form didn't work as fast as expected - THEN it might be appropriate to contact someone directly to help escalate the form submission. That is the RIGHT way to do these things. The opposite of this produces insufficiency, miscommunication, legal entanglements (if things didn't get handled properly), lost audit-trails/metrics etc. Some larger companies FORBID their employees from doing such direct help that is entirely outside their regular support system. -- Rob McEwen
Re: Purchased IPv4 Woes
On 3/20/2017 10:25 AM, Mike Hammett wrote: He did mention Hotmail. I have no idea which blacklist is allegedly charging $2500 for investigating a listing. (I wonder if he meant to type $25.00?) Either way, I don't know who that is. But I will say that, in general, many requesting a delisting from a blacklist OFTEN assume that a particular hoster that is blocking their messages MUST therefore be caused by the particular "known" blacklist they found themselves to be on. But, in many such cases, the host had their own internal blacklist or was using some OTHER 3rd party blacklist - that was possibly responding to the same "root cause" that the other "known" blacklist was reacting to as well, but where that particular "known" blacklist wasn't actually the direct reason that this hoster was blocking that sender. So (absent more specific info proving such) this "known" blacklist that is allegedly charging a fee for research... could easily NOT be related to hotmail. (and probably isn't!) -- Rob McEwen
Re: Purchased IPv4 Woes
On 3/12/2017 2:00 PM, Baldur Norddahl wrote: Sorry but this is not true. The address space does not lose that much in value and in fact most address space that has been used for end users is already tainted in the same way (due to botnets etc). Also, you're comparing apples-to-oranges. Dynamically allocated IPs for "end users" are not suppose to host mail and web servers - at least not professional and high-quality hosting services. This is why their outbound speed is almost always governed down to a trickle (often order of magnitudes slower then the download speeds), and port 25 is often blocked (when not headed to the mail server hosted by the particular ISP which controls that space). Such IPs are OFTEN preemptively blacklisted by Spamhaus's PBL list: https://www.spamhaus.org/pbl/ If someone wants to run a mail server (or even a web server) from such space - then they have a whole bunch of OTHER problems besides who/what damaged the space before they acquired it. Their first problem is that they are trying to tow a boat with their bicycle. -- Rob McEwen
Re: Purchased IPv4 Woes
On 3/12/2017 2:00 PM, Baldur Norddahl wrote: Den 12/03/2017 kl. 18.49 skrev Rob McEwen: This motivation goes a LONG way towards countering the profit motives that hosters/ISPs/Datacenters/ESPs have in selling services to spammers - there is MUCH money to be made doing so. But the longer term repercussions of damaged IP reputation makes that a *bad* long-term investment (even if the short-term gains are lucrative). Sorry but this is not true. The address space does not lose that much in value and in fact most address space that has been used for end users is already tainted in the same way (due to botnets etc). First, I'm on the front lines of this particular fight - and my conversations I have with mail senders (of all various types) gives me constant 1st-hand confirmation of these facts you deny. But don't take my word for it - consider the following article written by Brian Krebs: https://krebsonsecurity.com/2015/08/like-cutting-off-a-limb-to-save-the-body/ If what you said is true, then Hostwinds wouldn't have ever seen a need to reform - and they wouldn't have ever reformed. And many of the hosters who had more foresight and never had to learn this less the hard way - would have likewise followed hostwinds footsteps (except without the the reform part) Also, if any good hosting company just let their guard down and started allowing just any spammer to purchase services - their IP space reputation would nosedive across-the-board to the lowest of depths... that occasional random botnets on a residential dynamic IPs - could never get to. -- Rob McEwen
Re: Purchased IPv4 Woes
On 3/12/2017 11:40 AM, valdis.kletni...@vt.edu wrote: How does Spamhaus find out the block has been resold? How do other DNS-based blacklist operators find out? Spamhaus and other reasonable and well-run DNSBLs: (1) have reasonable auto-expiration mechanisms (which cover the vast majority of these situations where a block gets a new and more ethical owner) (2) and have all various different monitoring and feedback mechanisms - which may not be perfect and may not have God-like omniscience - but generally get things right before too long - they have overall very excellent telemetry and they don't get very much wrong at any one point in time. In contrast, much of the cause of this problem described on this thread is caused by system admins relying less on well-run blacklists, and rely more on "set it and forget it" manual blocking of IPs and subnets at their perimeter. (in contrast to well-run DNSBLs...) They then often have ZERO expirations happening - listing are basically permanent - until manually removed - and their telemetry/feedback is just horrific compared to a well-run DNSBL. There also are not any public lookup forms in the world where a sender can determine which such manual blocks are found on which ISP/hosters/datacenters. The good news here - is that this becomes further motivation for senders to be vigilant to protect their IPs reputation - knowing that a lack of such effort can quickly lead to their IP space becoming "damaged goods". This motivation goes a LONG way towards countering the profit motives that hosters/ISPs/Datacenters/ESPs have in selling services to spammers - there is MUCH money to be made doing so. But the longer term repercussions of damaged IP reputation makes that a *bad* long-term investment (even if the short-term gains are lucrative). Meanwhile, btw - moving all mail servers to IPv6 too fast... ELIMINATES that motivation. Almost everyone reading this paragraph on NANOG has no idea just (a) how much this incentive keeps email sane and manageable - and (b) just how bad things will get if this incentive is removed, via moving all MTAs to IPv6. (In an all-IPv6 world - if you ruin your IP reputation by making a ton of money selling to spammers - there are always vast amounts of new space to acquire) I can tell you that, ultimately, this is the ONLY thing keeping hosters/ISPs/Datacenters/ESPs from selling services to spammers. Some who deny that this statement applies to them - will at least move the goalposts somewhat, now matter how good of intentions they may think they have. (human nature always dominates) (but there is no problem moving all email *clients* to IPv6 - where their IPv6-sent mail then SMTP-authenticates to mail servers... which then send that message to other mail servers via IPv4 - at least for the foreseeable future) -- Rob McEwen
Re: Wanted: volunteers with bandwidth/storage to help save climate data
On 12/16/2016 4:48 PM, Hugo Slabbert wrote: This started as a technical appeal, but: https://www.nanog.org/list 1. Discussion will focus on Internet operational and technical issues as described in the charter of NANOG. 6. Postings of political, philosophical, and legal nature are prohibited. EXACTLY - but I had to finally respond because it was getting obnoxious... all the "we all think this way and we KNOW that the other side is wrong"--implications/statements embedded in various previous posts. -- Rob McEwen
Re: Wanted: volunteers with bandwidth/storage to help save climate data
On 12/16/2016 3:30 PM, Ken Chase wrote: http://abcnews.go.com/US/north-carolina-bans-latest-science-rising-sea-level/story?id=16913782 North Carolina is not banning science. It is banning absolutely preposterous and manipulated junk science. A 39-inch rise in the ocean levels over the next century is based on fear-mongering and junk science designed to scare politicians into increasing grant $$ from the federal government. It is not based on science. In fact, the sea levels continue to rise at the SAME TINY 2-4mm per year that they've been rising at for decades, with ZERO sign of an increase. If global warming was real and cumulative - this shouldn't even be possible, based all that we've been told over the past 20 years. Every article that states that oceans rising at alarmingly faster rates - due to global warming - either lie about or manipulate the the data... or they grab one relatively small short term spike and extrapolates from that. Meanwhile, dozens of sea-level rising predictions from so-called credible scientists have not only failed, but failed by order of magnitudes, and again, relied upon junk science. True science makes "risky predictions" and is willing to throw out the theory when that theories "risky predictions" don't come true. But I truly due hope that this collection process is successful because I hope that ALL of this (mostly) manipulated data gets recorded for posterity so that (honest) scientists a century from now can do extensive studies on how/why science became so political and manipulated as they look back on the first few decades of the 21st century's slide into a strong long-term cooling trend, due to long term cyclical sun cycles. This is not a victim-less crime. This manipulation of the data by global warmongers harms people because is miscalculates resources and damages the economy. Does that mean we should spew toxic waste into rivers or streams or spew smog into the air? Of course not. But global warming and CO2 being a cause of it... and "oceans rising" has MUCH junk science behind it. Still, I hope this data is preserved. The truth will win out in the long term. (as is already starting to happen) -- Rob McEwen
Re: improved NANOG filtering
On 10/26/2015 5:15 PM, Patrick W. Gilmore wrote: And the first person who says “who has seen $URL” or similar in a message gets bounced, then bitches about “operational nature” of NANOG. I think it is probably not a great idea to add things like URI checkers to NANOG. We can bitch & moan about people supposed to modify it to hxxp or whatever, but reality is people like to copy/paste and this is not unreasonable on NANOG. That is a good point. Personally, I think whole spam samples should be linked to a pastebin post. and individual references to a spammer's domain or ip should have a space inserted before each dot. What can be frustrating when this isn't done ... is that discussions about spam can intermittently get filtered on the client side, sometimes by active participants in a thread... and inconsistently. which is frustrating... and which is why everyone OUGHT to use such tactics when providing spam samples or when discussing spammy IPs or domains. But you're correct. Filtering on the server side of lists is not as simple as it sounds due to the risk of mistakenly blocking legit messages in a discussion about spam. Still, it may not be as problematic as you think to deploy such measures. When the sender gets a rejection notice, they often figure out what happened and resend with the spam obfuscated, fwiw. If someone complains, tell them that they should have known to obfuscate the spam (or spammy domain or IP), or post the spam sample to pastebin As least, that is my suggestion. But I know there isn't an easy answer to this. -- Rob McEwen
Re: The spam is real
On 10/26/2015 3:25 PM, William Allen Simpson wrote: What's the exploit that corrupted the sites? ... All the sites that I checked (without the added suffix) seem legit. But maybe they are spammer sites? How do we know? Most involve wordpress vulnerabilities that a spammer exploited, where the spammer then installed their spammy content on someone else's otherwise legit website. (other vulnerabilities happen too.) NOTE: Anyone using wordpress need to be vigilante about keeping it updated (and associated plugins updated)! That makes these particularly hard to blacklist because they always involve SOME amount of "collateral damage" (though often a small and well-justified amount) AND the same algorithms that help URI/domain blacklists to not have FPs, likewise often (and often mistakenly) prevent many of these from getting blacklisted... which explains why many of these were not on very many URI or domain blacklists. -- Rob McEwen
improved NANOG filtering
On 10/26/2015 12:06 PM, Job Snijders wrote: I expect some protection mechanisms will be implemented, rather sooner then later, to prevent this style of incident from happening again. Job, I can't tell for sure if you're a NANOG admin? Or if you're making educated guesses about what you think that NANOG will do? If you really are a NANOG admin, I suggest adding some kind of URI filtering for blocking the message based on the the domains/IPs found in the clickable links in the body of the message. Here are 4 such lists: SURBL URIBL invaluement URI SpamHaus' DBL list (all very, very good!) My own invaluementURI list did particularly well on this set of (mostly hijacked) spammy domains, possibly listing ALL of them! I spot checked about 40 of them and couldn't find a single one that wasn't already listed on ivmURI at the time of the sending. But then I discovered that my sample set wasn't truly random. So I can't say for sure, but it looks like ivmURI had the highest hit rate, possibly by a wide margin. (I wish I had meticulously collected ALL of them and checked ALL of them at the time they were received!) Since then, more of these are now listed on the other URI/domain blacklists. (but that doesn't mean as much if they weren't listed at the time the spam was sent!) Nevertheless, going forward, I recommend checking these at multirbl.valli.org (or mxtoolbox) to see *which* domain blacklist(s) would have blocked the spam at the time of the sending... to get an idea of which blacklists are best for blocking this very sneaky series of spams. PS - I'd be happy to provide complementary access to invaluement data to NANOG, if so desired. -- Rob McEwen
Re: surge of "new message" spams hitting NANOG
On 10/24/2015 11:04 PM, Rob McEwen wrote: I just checked the all the spammy domains found on tonight's surge of spams that hit NANOG oops. "all" didn't really mean "all". I had mistakenly though that I was getting all of them and that I was bypassing all spam filtering for NANOG messages. Turns out, I was instead doing minimal filtering... so that caused most of them to be blocked in my spam filtering. Then I ran those stats on what was really a small subset of the ones that slipped past that minimal level of filtering i was using on NANOG message. So my sample set may not have been representative of the whole. Sorry for the confusion. -- Rob McEwen
surge of "new message" spams hitting NANOG
I just checked the all the spammy domains found on tonight's surge of spams that hit NANOG ...I checked them at http://multirbl.valli.org to see *which* DNS blacklists had each domain in the clickable link of each spam blacklisted. I did that check about an hour after those were sent, which was went I sat down at my computer and saw that. Here are the results: africancichlidphotos DOT com --listed on ivmURI --listed on HostKarma africameetsafrica DOT com --listed on ivmURI arpitshah DOT co DOT in --listed on ivmURI --listed on SpamHaus DBL dinkinsautoservice.com --listed on ivmURI --listed on HostKarma electronicstradingllc DOT com --listed on ivmURI hutsonlegal DOT com --listed on ivmURI --listed on HostKarma janatyachar.org --listed on ivmURI --listed on URIBL --listed on HostKarma marketingdeguerrilla DOT net --listed on ivmURI --listed on URIBL --listed on SURBL micheleruiz DOT com --listed on ivmURI --listed on HostKarma ogdenautomotiveinc DOT com --listed on ivmURI pilotsref DOT com --listed on ivmURI photographytoday DOT org --listed on ivmURI --listed on HostKarma probeautystudios DOT com --listed on ivmURI purefitnesslincoln DOT com --listed on ivmURI rosasmedley DOT com --listed on ivmURI --listed on HostKarma thomasanthonyguerriero DOT co --listed on ivmURI throughaglassdarkly DOT net --listed on ivmURI signranch DOT com --listed on ivmURI --listed on SpamHaus DBL stillbontechnology DOT com --listed on ivmURI studioprodutora DOT com DOT br --listed on ivmURI urbanfoodstrategies DOT com --listed on ivmURI As shown, I was happy to see that my own ivmURI blacklist was 21 for 21, and nothing else came close to that. (I also verified that ALL of the ivmURI listings happened BEFORE those spams were sent to NANOG). Keep in mind... this isn't a true measure of any one of those domain blacklists' overall effectiveness since this is just one tiny metric of one small type of very sneaky spam. So please don't think I'm trying to say that ivmURI is a replacement for SpamHaus' DBL list or SURBL or URIBL, etc... because those lists do likewise catch some spammy domains that ivmURI misses or hadn't gotten to yet. But it was still very satisfying to see this success. If it would help, I'll be happy to provide the operator of NANOG complementary access if so desired. PS - if the "hits" on other blacklists for these domains suddenly expands, that would be due to added listings which happened AFTER those spams were sent to the NANOG list. (and after I did this check) -- Rob McEwen +1 478-475-9032
Re: Fw: important message
A lot of web sites have been infected by criminal spammers in the past couple of years. More recently, massive amounts of legitimate web sites run by non-spammers which used older versions of WordPress (in particular)... have had their web sites hacked into by criminal spammers. The WordPress exploit is epidemic. Since most of these sites are legitimate, they are difficult to blacklist because blacklisting them does cause some amount of collateral damage (though usually a very acceptable and targeted amount of collateral damage--given the circumstances). The problem here is that the SAME algorithms which help the better domain-based anti-spam blacklists to NOT have false positives--OFTEN--also prevent THESE sites from getting blacklisted--even when the infection is active. Those are arguably False Negatives, especially in the more extreme cases when much spam is spewing, with relatively little legit mail containing these domains! Plus, feeling sorry for the site owner's "collateral damage" is like thinking that it is unfair that someone with a highly contagious disease, who got it from irresponsible behavior (dirty needle, etc), wasn't allowed allowed to walk in a crowded public area. When a web site is hosting such malicious content, the web site owner SHOULD lose some privileges until such time that they've cleaned up their mess. Because of this situation, some changes were made to the invaluementURI domain blacklist (ivmURI) about 1 or 2 years ago... to enable it to better surgically target THESE types of exploited domains, yet with a reasonable balance that (hopefully) wouldn't trigger too many FPs. So far, that has been highly successful and I see evidence that other such lists (surbl, uribl, and SpamHaus's DBL list) have made some improvements in this area too. For example, ivmURI had THIS particular domain blacklisted for over a week now (with nobody else listing it!)... and I seem to recall two such messages slipping through just weeks ago ago where the domain in one was only on SpamHaus' DBL list, and the other was only listed on ivmURI. (or was that the SA list where I saw those 2 messages?) even as I type this, ivmURI seems to be the only blacklist which has "globalreagents DOT com" blacklisted, fwiw -- Rob McEwen
Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
Pv4 too fast for this reason alone. when you say, "north of 10%"... I wonder, what is that percentage if you don't include client-to-server SMTP-Authenticated traffic? Also, since such a low percentage of mail servers currently accept IPv6 traffic, all my worst fears about spam filtering in the IPv6 world are not going to be on display since the vast majority of spammers don't send via IPv6. This a ticking time bomb if IPv6 mail server traffic is pushed too fast. Just because it works now doesn't mean it will be workable later. I DO have some solutions in mind, but at this point in the discussion... it seems like a waste of time to even mention them when so many don't take these problems seriously. I think many are underestimating how much scarcity of IPs is helping ESPs and hosters try hard to keep their IPs clean. I'm on the front lines in fighting the most sneakiest spam and in dealing with grayhat ESPs who try to not send spam, but don't try that hard and WOULD be more worried about making more sales that month--EXCEPT that but don't want to see their *scarce* IPv4 IPs soiled. When others who are not on the front lines blow these concerns off, I'm reminded of the phrase, "let them eat cake". -- Rob McEwen +1 478-475-9032
Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
On 10/2/2015 1:10 AM, Mark Andrews wrote: or working out how many addresses a site needs when handing out address blocks At first, I'm with you on this.. but then when you got to the part I quoted above... it then seems like dividing lines can get really blurred here and this statement might betray your premise. A site needing more than 1 address... subtly implies different usage case scenarios... for different parts or different addresses on that block... which could slip back into... "you blocked my whole /48... but the spam was only coming from this tiny corner of the block over here (whether that be a one IP, a /64, or a /56)... and now other parts of the block that were sending out legit mail, are suffering". Likewise, sub-allocations can come into play, where a hoster is delegated a /48, but then subdivides it for various customers. -- Rob McEwen +1 478-475-9032
Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
On 10/2/2015 12:18 AM, Mark Andrews wrote: A hoster can get /48's for each customer. Each customer is technically a seperate site. It's this stupid desire to over conserve IPv6 addresses that causes this not IPv6. In theory, yes. In practice, I'm skeptical. I think many will sub-delegate /64s Plus, nobody has yet addressed the fact that new /48s will be just so EASY to obtain since they are going to be plentiful... therefore... the LACK of scarcity will make hosters and ESP... NOT be very motivated to keep their IP space clean... as is the case now with IPv4. Also, it seems so bizarre that in order to TRY to solve this, we have to make sure that MASSIVE numbers of individual IPv6 IP addresses.. that equal numbers that my calculate can't reach (too many digits)... would all be allocated to one single combined usage scenario. Then allocating only /48s multiples that number by 65K. Mind boggling -- Rob McEwen +1 478-475-9032
Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
On 10/1/2015 11:58 PM, Rob McEwen wrote: And blocking at the /48 level WOULD cause too much collateral damage if don't indiscriminately. I meant, "if done indiscriminately" excuse my other more minor typos too. I get in a hurry and my fingers don't always type what my brain is thinking :) -- Rob McEwen +1 478-475-9032
Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
On 10/1/2015 11:44 PM, Mark Andrews wrote: IPv6 really isn't much different to IPv4. You use sites /48's rather than addresses /32's (which are effectively sites). ISP's still need to justify their address space allocations to RIR's so their isn't infinite numbers of sites that a spammer can get. A /48 can be subdivided into 65K subnets. That is 65 *THOUSAND*... not the 256 IPs that one gets with an IPv4 /24 block. So if a somewhat legit hoster assigns various /64s to DIFFERENT customers of theirs... that is a lot of collateral damage that would be caused by listing at the /48 level, should just one customer be a bad-apple spammer, or just one legit customer have a compromised system one day. Conversely, if a more blackhat ESP did this, but it was unclear that this was a blackhat sender until much later.. then LOTS of spam would get a "free pass" as individual /64s were blacklisted AFTER-THE-FACT, with the spammy ESP still having LOTS of /64s to spare.. remember, they started with 65 THOUSAND /64 blocks for that one /48 allocation (Sure, it would eventually become clear that the whole /48 should be blacklisted). other gray-hat situations between these two extremes can be even more frustrating because you then have the same "free passes" that the blackhat ESP gets... but you can't list the whole /48 without too much collateral damage. SUMMARY: So even if you moved into blocking at the /64 level, the spammers have STILL gained an order of magnitudes advantage over the IPv4 world any way you slice it. And blocking at the /48 level WOULD cause too much collateral damage if don't indiscriminately. And this is assuming that individual IPs are NEVER assigned individually (or in smaller-than-/64-allocations) . (maybe that is a safe assumption? I don't know? regardless, even if that were a safe assumption, the spammers STILL have gained a massive advantage) -- Rob McEwen +1 478-475-9032
Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
On 10/1/2015 11:18 PM, corta...@gmail.com wrote: Excuse my probable ignorance of such matters, but would it not then be preferred to create a whitelist of proven Email servers/ip's , and just drop the rest? Granted, one would have to create a process to vet anyone creating a new email server, but would that not be easier then trying to create and maintain new blacklists? I have heard that mentioned before. Unfortunately, this wouldn't work: (1) we already have extensive IPv4 whitelists, many of which are used by prominent anti-spam blacklists (and ISPs) to prevent false positives. However, if tomorrow, ALL IPv4 blacklists disappears, and all mail servers only allowed in the traffic coming from the IPs listed on the better IPv4 whitelists, then a massive percentage of VERY legit mail would STILL be blocked. Therefore, if IPv4 whitelists can't keep up in the IPv4 work, how are they going to do so in the IPv6 world? (2) Then there is the chicken-N-egg problem. How do you get your mail delivered if you are a new sender, but aren't on that list yet. How do you prove your sending practices are valid if you can't get your first e-mail delivered? (3) Any solution to that "chicken-N-egg problem"... which tries to provide some kind of verification of legit senders... is a hoop that the spammers could jump through just as easily... and they will! (some of them doing so convince that they are doing nothing wrong because they were told that the list they bought isn't spam because the recipient forgot to uncheck a button that said, "receive offers from third parties"!) (4) and this idea oversimplifies the complexity of the spam problem. For example, many of the better blacklists know just when it is appropriate to blacklist that legit sender who sends 100 legit messages a day, but had a compromised system that triggered 50 thousand spam to be sent out that day... and the better blacklists are good about delisting that sender soon after the problem is fixed. But in a whitelist-only world, you're stuck receiving all that spam! -- Rob McEwen +1 478-475-9032
How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
those IPv6's IPv4 predecessors sometimes could send that botnet spam directly to the recipient's mail server). So push IPv6 all you want.. .even "force" it... but please don't be too quick to rush the elimination of IPv4 anytime soon. And lets keep MTA sending IPs (which is server-to-server traffic) as IPv4-only, even if they are able to receive their own customers' SMTP auth mail via IPv6. Otherwise, we'll be having discussions one day about how to limit WHICH and HOW MANY IPv6 addresses can be assigned to MTAs! (hey, maybe that isn't a bad idea either!) -- Rob McEwen
Re: SPAM: AW: important
On 9/24/2015 9:20 AM, TR Shaw wrote: Strange as it has been listed in SURBL for ever since the site was cracked. fwiw, likewise, that same spammy domain has been on invaluement's URI blacklist since 9/17/2015 2:27 a.m. (+- a couple of minutes) -- Rob McEwen
Re: FCC releases Open Internet document
On 3/12/2015 1:30 PM, William Kenny wrote: NO BLOCKING: A person engaged in the provision of broadband Internet access service, insofar as such person is so engaged, shall not block lawful content, applications, services, or nonharmful devices, subject to reasonable network management. The document (if I read it correctly) states that "reasonable network management" includes spam filtering (yeah!) However, in spite of that... it seems to give the MISTAKEN impression that: (1) ALL spam is ALWAYS... NOT-lawful content (2) ALL lawful content is NEVER spam. (again, I'm not saying the document says this directly... only that it seems to give that impression at times!) But, in fact, there is actually MUCH spam that is 100% legal, but also 100% unsolicited/undesired and therefore frequently blocked by spam filters, and rightly so. I just hope that nobody argues in a court of law that their exceptions for spam filtering only applies to UNLAWFUL spam!!! THAT would be a DISASTER!!! Nevertheless, in such a circumstance, 47 USC 230(c)(2) should prevail and trump any such interpretation of this! (If anyone thinks that 47 USC 230(c)(2) might not prevail over such an interpretation, please let me know... and let me know why?) -- Rob McEwen
Re: Verizon Policy Statement on Net Neutrality
On 2/28/2015 1:48 PM, Lamar Owen wrote: The bigger picture is (a) HOW they got this authority--self-defining it in, and (b) the potential abuse and 4th amendment violations, not just today's "foot in the door" details! How they got the authority is through the Communications Act of 1934, as passed and amended by our elected representatives in Congress, with the approval of our elected President. For roughly two decades of having a widely-publicly-used Internet, nobody realized that they already had this authority... until suddenly just now... we were just too stupid to see the obvious all those years, right? And how nice that the people who decided that this authority suddenly existed, are the ones who voted themselves that authority (referring to the vote on Thursday), and will be wielding that authority. Nobody has refuted my statement that their stated intentions for use of this authority, and their long term application of that authority, could be frighteningly different. What they say they will do for now... and what they COULD do in the future if this power grab stands--without anything more than another one of their little votes amongst themselves--could be very very different. FOR PERSPECTIVE... CONSIDER THIS HYPOTHETICAL: Suppose that the EPA was given a statutory power to monitor air quality (which is likely true, right)... decades later, a group of EPA officials have a little vote amongst themselves and they decide that they now define the air INSIDE your house is also covered by those same regulations and monitoring directives for outside air. Therefore, to carry out their task of monitoring the air inside your home, they conduct random warrent-less raids inside your homes, thus violating your 4th amendment rights. If the CO2 levels are too high (because someone likes to smoke), that person then gets fined, or their house gets bulldozed, etc. When asked about how they get that authority, someone like Lamar Owen points out that Congress gave them this authority in such-in-such clean air act past so many decades ago. I know that hypothetical example is even more preposterous than this net neutrality ruling... but probably not that much more! (in BOTH cases, the power grab involves an intrusion upon privately-owned space.. using a statute that was originally intended for public space) But the bigger picture isn't what the FCC STATES that they will do now.. it is what unelected FCC officials could do, with LITTLE accountability, in the future. Arguing for/against this power grab... only based on what they say they will do for now, is very naive. Future generations may ask us, "why didn't you stop this?" When we answer, "well, it wasn't implemented as badly when it first started". They'll reply, "but you should have checked to see how far this could go once that power grab was allowed (or ignored!)" -- Rob McEwen
Re: Verizon Policy Statement on Net Neutrality
On 2/27/2015 1:28 PM, Lamar Owen wrote: You really should read 47CFR§8. It won't take you more than an hour or so, as it's only about 8 pages. The bigger picture is (a) HOW they got this authority--self-defining it in, and (b) the potential abuse and 4th amendment violations, not just today's "foot in the door" details! Today's altruistic intentions... is a DIFFERENT ISSUE (though still important.. and I find much of their wording very open-ended... lots of "reasonables" in there.. and lots of possible protections or legal things that are EXTREMELY abusive... yet still universally considered legal!) To use an extreme example, if a democratically elected chief executive of a republic self-appointed himself a dictator-for-life, and stated that he would use those powers to imprison those who engage in human trafficking... would you really cheerleader him for fighting human trafficking and call his new authority a good thing? In the same way, I don't like the BASIS for this authority... and what it potentially means in the long term... besides what they state that they intend to do with this new authority they've appointed themselves in the short term. -- Rob McEwen +1 478-475-9032
Re: Verizon Policy Statement on Net Neutrality
On 2/27/2015 12:49 PM, Stephen Sprunk wrote: This case seems to prove that the telco/cable duopoly can't _always_ buy the FCC rulings they desire; every now and then, the US govt surprises us and actually represents the people. I know that ISPs are not perfect. Nothing is perfect. But what is incredible about this whole debate... is (1) how few people are actually suffering right now. If "net neutrality" had never made the news... and you went out and talked to 10,000 people, and forced them to sit down and write out their top 100 problems in life... and compiled all 1 million answers... I doubt internet connectivity problems or slow internet speeds would come up more than a few times... if even once! (2) meanwhile, we're such spoiled brats because... the bandwidth usage per second... AND the total number of users... AND the usage scenarios... AND the amount of hours of usage per day per person... has all SKYROCKETED in the past 15 years. It is AMAZING that the ISPs have kept pace. And this wasn't easy. My business is spam filtering and e-mail hosting... and in that related business... the usage levels per dollar of revenue (literally.. the # of MBs per dollar of revenue) is order of magnitudes higher than it was 15 years ago... and, like others, I've had to do amazing things to keep things flowing well with the same basic $/user. (getting faster hardware wasn't even nearly enough) That wasn't easy. (3) when ISPs abuse their power, consumers can vote with their wallet to another access points. Yes, the choices are somewhat limited, but there are CHOICES (including 4G).. and, btw, there would have been MORE choices if the economy wasn't continuing to be anemic over the past several years. In contrast, when the government abuses their power, it is MUCH harder to move to another country. Plus, a bad ISP can only make someone's life so miserable. But an out-of-control government that has too much power can fine you, imprison you, IRS audit you, over-regulate you, legally (and illegally) spy on you, etc. (Just merely defining private networks as if they were "public airways"... is already a huge potential 4th amendment violation... why stop with cables moving data? Why not just make your hard drive... or your files in your filing cabnet part of their jurisdiction, too? Can they vote that in too? If you think not, tell me... what is stopping them that applies DIFFERENTLY from what they just did?) We're solving an almost non-existing problem.. by over-empowering an already out of control US government, with powers that we can't even begin to understand the extend of how they could be abused... to "fix" an industry that has done amazingly good things for consumers in recent years. -- Rob McEwen
Re: Verizon Policy Statement on Net Neutrality
On 2/27/2015 11:04 AM, Miles Fidelman wrote: [VERISON should say...] this won't effect us at all Until those hundreds of pages are made public, how can anyone possibly know if that if that is even a truthful statement? Furthermore, what they SAY they intend to do with that authority... and what they COULD possibly do with such authority in the not-too-distant future... might be frighteningly different. FOR EXAMPLE... can I borrow your credit card? I'm just going to lock it in my safe and not use it until the next time we meet up again? (what I say I will do with it.. and what I COULD do with your credit card... could be frighteningly different!) But since we they did such a great job rolling out Obamacare with no "unintended consequences", I'm sure their promises and good intentions for their use of the authority over the packets moving across PRIVATELY-OWNED internet infrastructure... that they just voted themselves... will be just peachy, right? BTW - you should see my seashell collection... I keep it spread thoughout all the beaches of the entire world. Yesterday, I voted myself ownership over all of them. -- Rob McEwen
Re: Verizon Policy Statement on Net Neutrality
Scott Fisher, I think Verizon's statement was brilliant, and entirely appropriate. Some people are going to have a hard time discovering that being in favor of Obama's version of "net neutrality"... will soon be just about as cool as having supported SOPA. btw - does anyone know if that thick book of regulations, you know... those hundreds of pages we weren't allowed to see before the vote... anyone know if that is available to the public now? If so, where? Rob McEwen On Fri, Feb 27, 2015 at 9:10 AM, Scott Fisher wrote: Funny, but in my honest opinion, unprofessional. Poor PR. On Fri, Feb 27, 2015 at 9:05 AM, Larry Sheldon wrote: http://publicpolicy.verizon.com/blog/entry/fccs-throwback-thursday-move-imposes-1930s-rules-on-the-internet
Re: More Godaddy DNS and whois server issues?
On 9/4/2014 12:55 PM, Steve Atkins wrote: > On Sep 4, 2014, at 9:22 AM, Mark Keymer wrote: > >> > Hi, >> > >> > So this started a little while ago but seems to be getting worse. >> > >> > What I am seeing is dns servers over at godaddy not replying however I >> > seem to be able to traceroute ok to them. Also I have started to see that >> > the whois.godaddy.com servers also seem to be having issues as well with >> > "Whois information is currently unavailable. Please try again later." >> > >> > Anyone else also seeing issues this morning? And able to confirm the issue >> > is with godaddy? > I've seen reports of this for a week or so, with the symptoms looking like > overly aggressive abuse / query rate handling - packets from networks > containing busy resolvers being blocked. > > Grapevine tells me that they don't think they're doing it intentionally > (maybe they outsourced something and it broke?). a few hours ago... One of my MX gateway filtering clients (for the small spam filtering portion of my business) was having trouble this morning with their own users accessing webmail (hosted on their exchange server), and I discovered that the "a" record was resolving from some locations, but not from others. The domain was using GoDaddy's "domaincontrol.com" series of name servers. I thought that they might have had wrong host names in their registrar records and I told my client to contact Godaddy, verify that these were correct, and ask Godaddy about possible timeout and/or "no answer" issues. I tried querying the host name from one location (direct to Godaddy's DNS) and I'd get an answer, then from another location (direct to Godaddy's DNS) and I would get a seemingly endless timeout. -- Rob McEwen +1 (478) 475-9032
Re: QOS improvement suggestion for NANOG list members
On 8/19/2014 1:44 PM, Doug Barton wrote: > > or, learn how to filter e-mail into folders like the big kids. :) At first glance, that sounds wise... but there is a problem with that strategy... doing that can EASILY cause a person to miss (or read too late!) critical "zero hour" issues that come up on occasion... btw - Even thought the following analogy is far from perfect, this sort of reminds me of a poor quality spam filtering system where the end users spend so much time looking for FPs in the "spam folder"...that the spam might as well have been delivered to the inbox! In the meantime, I'm very good at quickly ignoring the messages that aren't relevant to my business nor time-sensitive... based on the subject line... especially since it is easy to ignore entire threads based on their subject line... and NANOG's volume isn't huge... but then the word "URGENT" in all caps gets a little annoying. -- Rob McEwen +1 (478) 475-9032
QOS improvement suggestion for NANOG list members
RE: QOS improvement suggestion for NANOG list members Go to the search feature of your e-mail, and search for all messages from the NANOG list that has the word "URGENT" in the subject line... then delete them! Then, there will be a LESSER chance of overlooking a truly urgent messages from your own customers! (and hopefully that thread will die soon! Otherwise, you may need to repeat this every couple of days for a hopefully short while.) This might improve the quality of service that you provide to your own clients. -- Rob McEwen +1 (478) 475-9032
Re: Next steps in extortion case - ideas?
On 6/28/2014 1:57 PM, Markus wrote: > Sorry, maybe that line wasn't clear. What I meant is: he targets > anyone, everywhere, including individuals and businesses in the US. I think it will be easier/faster if a US victim pursues this with law enforcement, since, in general, legal systems often don't take complaints from foreign nationals very seriously. Maybe you join forces with a US-victim? -- Rob McEwen +1 (478) 475-9032
Re: Next steps in extortion case - ideas?
On 6/28/2014 10:32 AM, Markus wrote: > There's an individual out there on the web that has been blackmailing > hundreds of people and companies in a specific area of business for years. You mentioned that this person resides in the US. Does he always target people outside the US? (from what you know about him) -- Rob McEwen +1 (478) 475-9032
Re: why IPv6 isn't ready for prime time, SMTP edition
On 3/25/2014 10:51 PM, Jimmy Hess wrote: > I would suggest the formation of an "IPv6 SMTP Server operator's club," That comes across too much like the failed FUSSP ideas. What happens when spammers try to get onboard? Who is the arbitrator? How fast could they react? And then you have legit senders who get infections or compromised accounts? Or what about a hoster who gets one bad-apple customer. This isn't so simple! Not so black & white. Yet if we instead focus on "truthful labeling of identity", then established e-mail reputation systems and established blacklists which have spent YEARS fine tuning these things... can be best prepared to sort these things about based on the reputation of the domain at the end of a sender's FCrDNS. Then the free market will properly choose the best blacklists that block the most spam with the least FPs... and the "politics" of some club won't be a negative factor. NOTE: antispam blacklists don't effectively work like men with their feet on a desk smoking cigars asking, 'should we block this sender'... 'should we whitelist this sender'... the spammers are ORDER OF MAGNITUDES faster than that! And then you'd have too many legit orgs that happen to be small.. that would be effectively blacklisted by not being able to get "into the club". i would be a nightmare! -- Rob McEwen +1 (478) 475-9032
Re: why IPv6 isn't ready for prime time, SMTP edition
On 3/25/2014 10:25 PM, Brielle Bruns wrote: > > Like I said in a previous response, if you are going to make rdns a > requirement, why not make SPF and DKIM mandatory as well? many ISPs ALREADY require rDNS. So making that standard official for IPv6 is isn't asking for much! It is a NATURAL progression. As I mentioned in a previous message, i think IPv6 should go farther and require FCrDNS, with the host name ending with the sender's actual real domain so that proper identity is conveyed. (then when a spammer uses a "throwaway domain" or known spammy domain... as the domain at the end of the rDNS, they have only themselves to blame when the message is rejected!) SPF is somewhat "dead"... because it breaks e-mail forwarding situations. Anyone who blocks on a bad SFP is going to have significant FPs. And by the time you've dialed down the importance of SPF to prevent FPs (either by the receiver not making too big of a deal about ir, or the sender using a NOT strict SFP), it then becomes impotent. About the only good usage of SPF is to change a domain's record to "strict" in situations where some e-mail on that domain is being "picked on" by a "joe job" where their address is forged into MANY spams over a period of time. (not just the occasional hit that everyone gets). otherwise, SPF is worthless. Maybe we should require DKIM for IPv6, too? But what I suggested about FCrDNS seems like a 1st step to me. -- Rob McEwen +1 (478) 475-9032
Re: why IPv6 isn't ready for prime time, SMTP edition
On 3/25/2014 9:24 PM, Brielle Bruns wrote:
> Last time I checked, there is no RFC that states that using SMTP
> transport is mandatory with the originator having rDNS (ipv4/ipv6).
> It may be SUGGESTED or RECOMMENDED, but not MANDATORY or REQUIRED. It
> is an arbitrary decision made by each mail provider.
For IPv6, FCrDNS... using NOT "dynamic formatted" host names... and
with the host name ending in the sender's main domain... *should* be
mandatory. And +1 THOUSAND for everything that John Levine said in his
last few messages!
Additionally... [addressing this topic in general from here on, not
talking specifically to Brielle...]
I have a unique perspective on this... as I manage an anti-spam
blacklist which blacklists many of the snowshoe spammers and "can-spam
complient" spammers whose practices are 100% legal, and who are not
sending to a single caught-you-red-handed honeypot trap. Many of them
abuse blackhat and grayhat ESPs. Unfortunately, in some instanaces, that
"abuse" is symbiotic ("wink wink"), where the blackhat ESP will know
that a sender's practices are extremly suspect (or worse), but will look
the other way in exchange for much needed revenue. In fact, with the
worldwide economy still in somewhat of a drag for about the 6th year in
the row, I'm seeing evidences that *some* ESPs are lowering their
standards a little to even more accommodate this crap. Some once-proud
ESP who claimed they never do this, are in fact doing it.
Still, a HUGE deterrent is getting their IP reputation "soiled"up on
senderbase.org and getting on many blacklists. That becomes a "safety
net" that keeps some of these ESPs from going off the deep end. And,
again, I'm on the front lines dealing with this everyday. Therefore,
SCARCITY of IPv4 IPs... is a FEATURE.. NOT a bug when it comes to
keeping ESPs under control. And it also gives hosters/datacenters
motivation to likewise "police" potential customers because the hoster
or datacenter is left with the damage long after they've kicked a
spammer off of their network.
ALL of that would "unravel"... ALL OF IT! ... if we all started
using IPv6 for sending authenticated mail. (workstations sending mail to
their own mail server could send via IPv6 all they wanted to.. that
wouldn't be a problem at all) But if all or most MTAs switched to IPv6,
it would be a nightmare and what is sad is that MANY people reading this
message are STILL going to GREATLY underestimate my warning after
reading this. There are, unfortunately, many poeple who won't listen to
reason and logic and require a real world nightmare before they
"believe"... much like a 2-year-old who doesn't believe his parents'
warning to not touch a hot stove... until AFTER he touches it. But we
don't all have that luxury, do we?
IPv6 is a spammer's dream!
But REQUIRING FCrDNS for IPv6 ... using a NOT "dynamic formatted" host
name... and with the host name ending in the sender's main domain...
would go a long way towards mitigating these problems as then there
would be more "truth in sending" as the rDNS would then properly convey
both reputation and identity to the sender. I wish that could becomes a
universal IPv6 SMTP standard... yesterday!
PS - but even then, I'm told that there may be issues with overrunning
DNS caches should spammers send each spam from a unique IP and
slowing down of processing of mail when rDNS lookups happen on each
individual IP. To go back over the "root problem" that I never
mentioned, a spammer would send out a million spams, each from a unique
IP address, without even having that large of an IPv6 allocation. IPv6
MTAs is NOT something to be "rushed into". Anyone promoting rushing into
that... is not very well informed. (to put it nicely).. or they are a
spammer who can't wait for all the fun to commence.
--
Rob McEwen
Re: AOL Email Blocking
On 1/24/2014 2:53 PM, Robert Webb wrote: > A while back I enlisted help for setting up a small email list server. > It is now complete but only AOL is blocking my outbound email. Send me your IP (off list if desired) and I'll evaluate it and possibly provide some feedback that may be helpful! -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: DNS Whois Requirements
On 7/27/2013 7:20 PM, Rob McEwen wrote: > They cut off all access Correction... that didn't come across the right way. They didn't just cut everyone's access off. What I meant was that anyone who didn't re-signup by filling out a rather comprehensive form, with very pointed questions about their usage, were cut off. But PLENTY of warning was given. I actually got lazy and didn't get the form in on time... so my access was cut off for a period of time. But that was my own fault. (and showed that they were serious about this!) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: DNS Whois Requirements
On 7/27/2013 6:11 PM, John Curran wrote: > Excellent pointer Frank... I confess, I haven't followed this conversation very closely (which meandered around much, given the random few messages I saw.. who has the time to read them all?). So forgive me if I'm repeating some of the info already covered. But I think you all would be very interested in some of my experiences this past year! To ARIN's credit, they revamped their requirements for data access just this past year. They cut off all access, then made members resend in new Bulk Whois agreements to keep their access turned on. So ARIN is obviously doing some GOOD things to try to prevent their data from being used by marketers! I think our usage of that data might be one of the most credible situations in existence. I manage an anti-spam blacklist which is used by hundreds of organizations across the world, including multiple Fortune 500 technology companies and even a few notable ISPs. One of our three blacklists preemptively blocks /24 blocks if/when we see a pattern where a snowshoe spammer is burning through the IPs on that block one at a time... we then blacklist that /24 block (well... sort of...). But our ivmSIP/24 list is no ordinary /24 list. We OFTEN set up boundaries if/when we detect either (a) any other IP(s) on that block that we deem as legit, and/or (b) a situation where portions of the same /24 block are delegated to DIFFERENT organizations. In those cases, we only blacklist the subsection of the /24 block belonging to the spammers, making ivmSIP/24 a much safer list for outright blocking or high scoring... in comparison to what can be accomplished with other /24 anti-spam blacklists. Having ARIN data is an invaluable tool that helps ivmSIP/24 do a better job of only blacklisting the spammers, while leaving the innocent bystandards untouched, in situations where the /24 block is shared by spammers and non-spammers. I know it is frustrating that marketers somehow continue to game the system... but I hope that this never causes the legit uses of that data, such as what we're doing... to be discontinued. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: PRISM: NSA/FBI Internet data mining project
On 6/9/2013 2:26 PM, Rob McEwen wrote: > There are notable exceptions... for example, an employer is really the > owner of the mailbox, not their employee. Therefore, there is an > argument that government employees don't have "privacy rights" from the > government for their official work e-mail accounts. There are probably > several other exceptions like that. But such exceptions are a tiny > percentage of the whole. I should mention... there also "exceptions to the exceptions". While it is totally legal and ethical for a boss to snoop on his employee's e-mails (in a business), I would think it would be very unethical and illegal, for example, for the executive branch to snoop on a congressional aide's e-mail, to gain "intel" on political opponents even if that congressional aide were a government employee and the e-mail was a ".gov" address. But I'm not sure where those lines are drawn with regards to the US Federal Government. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: PRISM: NSA/FBI Internet data mining project
Dan, I doubt anyone can answer your question easily because you seem to have contradictions in your scenario. At one point you say: > private company to collect information about terrorist entities, who > in turn privately contracts with the top X telecom providers and Y > social media companies but then you continue: > to obtain all available information that it can, via TAP ports or > direct database access. and then: > That private organization, through analysis, knows a lot about you I'm confused, in your scenario, is the data collection limited to "terrorist entities", or does your statement, "all available information that it can" mean that it gets everyone's info, and then does their filtering later? Additionally, one would hope that by "terrorist entities", you would be referring to those who plan on hurting or killing innocent people, whether that be an Islamofactist terrorist planning to blow up a government building, or a right wing terrorist planning to do the same (for different reasons), or a environmentalists planning to sink a legal whaling boat, or a anti-abortionist planning to blow up an abortion clinic... take your pick. The point being that mass-killing of innocent people is the common thread... NOT the politics. And I hope that you haven't downward defined this to someone that could be easily used to "pick off" political opponents, right? > Have your 4th Amendment rights been abridged in this scenario Sorry if this comes across as rude or snobby, but I think you just need to read the 4th Amendment about 20 times to yourself and let it all soak in. TO ANSWER YOUR QUESTION: If the Federal Government is paying a private entity to do the snooping, then they are a defacto agent of the state. That doesn't make the 4th amendment apply any less applicable. Even then, to abide by the 4th amendment, there should be SPECIFIC persons/orgs AND specific info/items that are being searched where that search is SPECIFICALLY approved by a judge or court IN ADVANCE (no super wide "blanket" approvals, no broad fishing expeditions)... only THEN does the searching for the information meet 4th amendment requirements. The fact that the search was of your e-mail or phone records doesn't make the 4th amendment apply any less than if they were looking inside the drawer in the nightstand next to your bed! There are notable exceptions... for example, an employer is really the owner of the mailbox, not their employee. Therefore, there is an argument that government employees don't have "privacy rights" from the government for their official work e-mail accounts. There are probably several other exceptions like that. But such exceptions are a tiny percentage of the whole. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: PRISM: NSA/FBI Internet data mining project
On 6/7/2013 11:42 AM, Dan White wrote: > I believe it's your responsibility to protect your own data, not the > government's, and certainly not Facebook's. Dan, I agree with everything you said in your last post. Except this part misses the point. Yes, it may not be their job to protect the data, but they do have certain responsibilities to not enable the snooping/sharing of my data beyond what is either obviously expected and/or what is clearly found in licensing/terms. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: PRISM: NSA/FBI Internet data mining project
On 6/7/2013 9:50 AM, Dan White wrote: > OpenPGP and other end-to-end protocols protect against all nefarious > actors, including state entities. I'll admit my first reaction yesterday > after hearing this news was - so what? Network security by its nature > presumes that an insecure channel is going to be attacked and > compromised. > The 4th Amendment is a layer-8 solution to a problem that is better > solved > lower in the stack. That is JUST like saying... || now that the police can freely bust your door down and raid your house in a "fishing expedition", without a search warrant, without court order, and without "probable cause"... the solution is for you to get a stronger metal door and hide all your stuff better.|| You're basically saying that it is OK for governments to defy their constitutions and trample over EVERYONE's rights, and that is OK since a TINY PERCENTAGE of experts will have exotic means to evade such trampling. But to hell with everyone else. They'll just have to become good little subjects to the State. If grandma can't do PGP, then she deserves it, right? Yet... many people DIED to initiate/preserve/codify such human rights... but I guess others just give them away freely. What a shame. Ironically, many who think this is no big deal have themselves benefited immensely from centuries of freedom and prosperity that resulted from "rule of law" and the U.S. Constitution/Bill of Rights. > I assume these taps were put in place under the auspices of (by order of) > homeland security or some such. If there were some financial incentive > involved, I'd be surprise. Some of the authors of the laws that were used to justify these are already starting to come forward saying, "it wasn't suppose to go that far". And to the extent that some laws were followed correctly, any such laws that do not conform to the 4th Amendment are suppose to be invalid, and eventually, officially invalidated. I think what has happened here is that stuff like this was nudging the 4th amendment aside... and little-by-little, kept getting worse... just like the Frog in the slowly heating water who doesn't know that he is now boiling to death. Does ANY REASONABLE person on this list REALLY think that the government snooping through your e-mail without warrant or court order is DIFFERENT in nature than the government sneaking into your home and snooping through your desk? Yes, it is easier. Yes, we ought to know that mail is less secure (from the BAD guys!!!). Otherwise, there really isn't any difference. This is a flagrant violation of the 4th amendment. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: PRISM: NSA/FBI Internet data mining project
The "oh well, it happens, who cares, guess you need PGP" comments on this thread are idiotic. Some of you would benefit from reading the text of the 4th Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized" The Washington Post mentioned some "safeguards"... but those were pathetic. Why? They seemed to be similar to the following analogy: "we'll keep that video camera in your home, recording your every move, and we promise we'll close our eyes when reviewing the tape whenever it shows you naked". THAT is essentially what they're saying. The access described by both the Washington Post and The Guardian is essentially unfettered/unmetered/unmonitored. Just as a doctors take the "hippocratic oath" to maintain decent standards which are to the benefit of modern civilization... shouldn't IT/Networking/Internet professionals (NANOG readers!!!) have standards that, hopefully, distinguishes us from... say... the State-run ISP of North Korea. And if these allegations are true... then... I have a difficult time believing that there was no "quid pro quo" involved. Especially since such companies risk a backlash and huge loss of customers if/when this gets out. So I don't think they'd do this without some kind of return in favor. Did they get special tax treatment? Tarp money of any kind (maybe to a parent company)? Easing of regulation enforcement? If there was "quid pro quo", then what a bunch of F'ing whores, selling their own customers down the river... to make a buck... and potentially contributing to a future tyranny. Sure, the US government probably only use this to catch the bad guys today... but what would a *corrupt* adminstration do with such data in the future... stick the IRS on their political enemies? (oh, wait, that just happened... h) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-932
Re: Ok: this is a targetted attack
On 2/11/2013 4:39 PM, Sean Lazar wrote: > Jay, you need to have SPF records for your domain. This will prevent the > spoofing you are seeing. yep, while the purpose and effectiveness of SPF records are generally VERY overrated... yet for a situation like this, an SPF record is VERY valuable and it would be advised that you set this to a rather strict record for a period of time. (just try to account for all the various 3rd party sending scenarios your users do, like sending from a blackberry server, or e-mail forwarding, for any other situation where a legit 3rd party IP would be legitimately sending mail with a "from" address using your domain, etc.) Then again, if this is "spear phishing" or very personalized harassment, then the value of an SPF record would be somewhat uncharted territory (at least for me)... it would be interesting to see if that improves things. But, at the least, it would likely help some. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Looking for success stories in Qwest/Centurylink land
On 1/29/2013 12:21 PM, William Allen Simpson wrote:
> ill-informed racist
Really? And you call me a "troll", too?
> anti-Obama diatribe that has no place on this list.
I never said anything about Obama, but, at face value, the 'Disclose'
Act was totalitarian in nature. Something I'd expect to see only
seriously proposed in the old Soviet Union. Those who enthusiastically
supported it are/were statist thugs. Proposing a bill which limits free
political speech by putting ridiculous and hugely-expensive burdens on
"mom & pop" bloggers typing from their living room computers is
something straight out of East Germany circa 1960 (except with today's
technology). If that means I'm talking about Obama, so be at... "if the
shoe fits..." but to say this is "racist" is laughable. Also, you can
try to dismiss the Disclose act critics by throwing labels at them...
but interesting that you didn't go on record challenging the facts in
that wsj op-ed, or go on record supporting the Disclose act. ("attach
the messenger" as a means of avoiding the actual subject material...
much like your 100% baseless "racist" accusation towards me.)
Also, you're right, at a couple of points, I did get FCC and FEC labels
mixed up. But my larger points stand. The campaign finance law passed
several years ago and the proposed 'Disclose' Act demonstrated less than
pure intentions regarding the Federal Government's desire to control
information. And the Federal Government's "net neutrality" proposals ARE
100% all about 4th amendment violations, as a means towards controlling
information. Even if I'm wrong and those proposing "net neutrality" have
100% best intentions (they don't), then a trampling of the 4th amendment
would STILL become a "law of unintended consequences", at least in the
implementation proposes I've read.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
Re: Looking for success stories in Qwest/Centurylink land
On 1/29/2013 11:38 AM, valdis.kletni...@vt.edu wrote: > So where are all the arrests and convictions for the mortgage games and > other Wall Street malfeasance that led to the financial crisis of 2008? > Seems that was a tad more egregious than anything Enron did, so there should > have been more arrests and convictions? Not everyone gets caught. But across the board, corrupt private businesses get caught & pay a price and/or disappear ...far more often than corrupt government entities. But even with the financial crisis of 2008, there was SOME reckoning. Bernie Madoff is in jail. Lots of CEOs lost their jobs. Boards of Fortune 500 companies are NOW... FINALLY... doing the due diligence that used to not get done. Those things have to be done since everyone if fighting for survival right now. Nobody can afford to do less... except the Feds... who continue to operate/spend like its 1999. More locally, on a smaller scale, I know of specific appraisers & real estate investors who are in jail right now because they finally got caught in a scam where (1) the investor would buy a property at a low price, (2) his appraiser, who was in on the scam, would issue an appraisal that was ridiculously high, (3) the real estate investor would then get a LARGE loan on that property, (4) the investor would then spend that money on "expenses"... showing no money "on paper", it was "laundered" (5) investor would declare bankruptcy and give those properties back to the bank. (6) bank discovers that their "collateral" on a 200K loan is really worth 40K. (repeat times 10 since the investor did this several times over just before declaring bankruptcy. Again, those guys are in jail. And the rules on preventing that have been tightened. I agree, not enough people like that went to jail... but LESS of this gets caught and punished with regard to the Federal government's graft & corruption. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Muni network ownership and the Fourth
On 1/29/2013 10:59 AM, Jay Ashworth wrote: >> From: "Rob McEwen" >> (C) The fact that the Internet is a series of PRIVATE networks... NOT >> owned/operated by the Feds... is a large reason why the 4th amendment >> provides such protections... it becomes somewhat of a "firewall" of >> protection against Federal gov't trampling of civil liberties... but >> if they own the network, then that opens up many doors for them. > Regular readers know that I'm really big on municipally owned fiber networks > (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, > second, fourth, and fifth, particularly), and this is the first really good > counter-argument I've seen, and it honestly hadn't occurred to me. > > Rob, anyone, does anyone know if any 4th amendment case law exists on muni- > owned networks? Good question. Here is another thing to consider regarding SOME muni network... (at least where private citizens/businesses subscribe to that network) When any government entity desires log files from an ISP, and if that ISP is very protective of their customer's privacy and civil liberties, then the ISP typically ONLY complies with the request if there is a proper court order, granted by a judge, after "probable cause" of some kind of crime has been established, where they are not on a fishing expedition. But, in contrast, if the city government owns the network, it seems like a police detective contacting his fellow city employee in the IT department could easily circumvent the civil liberties protections. Moreover, there is an argument that the ISP being stingy with such data causes them to be "heros" to the public, and they gain DESIRED press and attention when they refuse to comply with such requests without a court order. In contrast, the city's IT staff and the police detective BOTH share the SAME boss's boss's boss. The IT guy won't get a pat on the back for making life difficult for the police department. He'll just silently lose his job eventually, or get passed up for a promotion. The motivation will be on him to PLEASE his fellow city employees, possibly at the expense of our civil liberties. PS - of course, no problems here if the quest to gain information involves a muni network that is only used by city employees. PPS - then again, maybe my "log file example" doesn't apply to the particular implementation that Jay described? Regardless, it DOES apply to various government implementations of broadband service. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Looking for success stories in Qwest/Centurylink land
e current administration is crawling with statist thugs, that is why. They can't help themselves. it is in their blood. (notice that I'm NOT defending the Republican administration FCC, nor do I care to. Your example is besides the point and not relevant to this conversation. But the attempted "net neutrality" power grab is relevant. Notice ALSO that neither do I defend all practices of ISPs' bandwidth allocations. But, again, their customers do have the option to "vote with their wallets". Such options are lost with a Federal Gov't monopoly.) >> Finally, while I've witnessed incompetence amongst certain unnamed baby >> bells, there ARE... MANY... bright spots in Internet connectivity. >> Frankly, we're spoiled by our successes. And the worst of the baby >> bells, like all baby bells, do NOT have a monopoly. [...] >> > You seem to be living in an alternate universe. Those of us who > actually owned an ISP know the ILEC oligopolies well. Nope. I've seen it where I live... where I routinely notice some of the most incompetent behavior/service from our baby bell... yet I've often seen very excellent and competent service from Cox Communications. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Looking for success stories in Qwest/Centurylink land
On 1/28/2013 4:57 PM, david peahi wrote: > and underscores the need for a national broadband buildout in the USA, funded > and run by the Federal Government Maybe Australia has a better track record... but over the past few decades, the US Federal government: (A) ...cannot do a darn thing without MASSIVE graft & corruption... plus massive overruns in costs... including a HEAVY dose of "crony capitalism" where, often, the companies who get the contracts are the ones who pad the wallets of the politicians in charge. About the ONLY thing the Feds do efficiently is write & mail checks. (B) In the US, we have this thing called the 4th amendment which ensures a certain level of freedom and civil liberties and privacy. Unfortunately, 4th amendment rights essentially disappear if the US Federal government owns and operates broadband access. Additionally, such ownership will then allow them to control/regulate the information... to ensure that information damaging to the incumbent politicians is minimized, especially close to election times. (as they did with campaign finance reform!) And their ability to "eavesdrop" increases exponentially, as legal and technical hurtles significantly lessen! (C) This allows them to do what the FCC ACTIVELY trying to do recently, but hasn't yet found a way. Ya think this is "conspiracy hysteria"? Again, look at aspects of campaign reform law, which limited certain ads close to election time in a manner which disproportionately benefits incumbents! Furthermore, when the Federal Government proposes atrocious things like the proposed "Disclose Act" (from just a few years ago), then you have to wonder about their true motivations. Here is an article written by 8 former FCC chairmen about the "Disclose Act": http://online.wsj.com/article/SB10001424052748703460404575244772070710374.html ...can any sane person read that article... and then trust the US Federal Gov't motives with owning/operating vast amounts of Broadband? Finally, while I've witnessed incompetence amongst certain unnamed baby bells, there ARE... MANY... bright spots in Internet connectivity. Frankly, we're spoiled by our successes. And the worst of the baby bells, like all baby bells, do NOT have a monopoly. Often, they must compete with (at minimum) the local cable access provider. For example, in many areas that the baby bells failed to provide competent service, the local cable access provider filled the void, and did much better. I'm trying to not "name & shame"... but I've seen THAT... FIRST HAND. The market will eventually sort this out... and in many cases already has! Meanwhile, Amtrack and the Post Office show no signs of ever making it without their MASSIVE taxpayer subsidies. And the Department of Education continues to not know where billions of dollars goes each year... Yet, in contrast, Enron execs in are jail and Enron is no longer in existence. As I said, the free market tends to sort these things out over time. (especially when crony capitalism is NOT a part of the mix.) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Contact at Tucows domains?
On 1/21/2013 12:58 PM, Rob McEwen wrote: > I just got a very good contact sent off-list. Assume this is resolved > unless/until I can't get a reply/resolution from the e-mail I just sent. > In that case, I'll post an update. I keep getting off-list lectures about how accepting payment via credit card (verses another payment method) is NOT a requirement of a registrar (or registrar reseller). That is/was NOT the issue and is besides the point. The problems are MUCH more fundamental than that. Sorry if my original wording of my original e-mail contributed to that misunderstanding. But, as I mentioned, I think I've just alerted the right people at Tucows who SHOULD be able to resolve this. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Contact at Tucows domains?
On 1/21/2013 12:24 PM, Rob McEwen wrote: > RE: Contact at Tucows domains? I just got a very good contact sent off-list. Assume this is resolved unless/until I can't get a reply/resolution from the e-mail I just sent. In that case, I'll post an update. Thanks! -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Contact at Tucows domains?
RE: Contact at Tucows domains? Anyone know a good high-level contact at Tucows Domains? I have a customer who is having a problem with a Tucows Reseller. (massive problems!)... and Tucow's own domain support line isn't being very helpful. (the guy just wants to pay with a credit card for the renew his domain... he is NOT asking for much!) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: [SHAME] Spam Rats
On 1/9/2013 9:58 PM, Julian DeMarchi wrote: > There is an anti-spam company called Spam Rats[1] > They have listed a /24 of my companies for lack of PTRs in the range I find SpamRats' lists helpful in spam filtering as a low scoring list because it puts some new emitters which haven't had time to build up bad reputation "over the top". Having said that, they actually have 3 lists, and only one of those 3 lists involves listing IPs ONLY based on "no PTR". They also have an "all" list, but they document on their web site how to query the "all" list, but then ignore those return codes indicating the "no PTR" list. That is how I use them because I didn't need their "no PTR" list since it would be redundant for me since I was already checking for "no PTR" myself... and I didn't want to score twice on that one attribute. But if your information is accurate and I understand you correctly, then I agree that they shouldn't list the whole /24 in their PTR list if SOME of those IPs *do* have PTRs. (Actually, I wasn't aware that any of their lists involved /24 blocks. They should probably be more clear about that on their web site.) On their web site, on the http://www.spamrats.com/about.php page, under the heading, "NEW - SpamRats All", they describe this method of querying their "all" list, but ignoring their PTR list's particular return code. I think they made THAT suggestion FOR VERY GOOD REASON. Therefore, you could use this to your advantage by going back to whichever recipient blocked your mail and say... "hey, you're NOT using spamRATS in a manner that they suggested", then point them to the section I referenced and explain that many don't use their "no PTR" list since most spam filters already do that. Maybe that could be a short term solution for you? (probably better than nothing) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: guys != gender neutral
On 9/27/2012 2:47 PM, Brian Christopher Raaen wrote: > Here is the south we simply use "y'all". That's what I was thinking. Also, btw, I disagree with that earlier comment about gender usage in the Bible, as least in regards to the New Testament. The Greek language of that time period is the most specific/nuanced/sophisticated language in the history of the world far more specific/nuanced/sophisticated than modern day European languages. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
On 6/15/2012 4:30 PM, Rob McEwen wrote: > Certainly, 65,536 /64 blocks in a /24 > allocation another typo. I meant: Certainly, 65,536 /64 blocks in a /48 allocation -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
On 6/15/2012 4:30 PM, Rob McEwen wrote: > And/or limit (what would be considered) valid IPv6 mail servers to > those assigned a particular IP on particularly large-sized block... then > sending IP not within those specs. oops. typo. That last part should have been: "then block sending IPs not within those specs" -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
On 6/15/2012 11:59 AM, Jay Ashworth wrote: > http://news.cnet.com/8301-1009_3-57453738-83/fbi-dea-warn-ipv6-could-shield-criminals-from-police/ I don't know how much of this has been covered on NANOG, and I personally have a healthy innate distrust of government power grabs and intrusive government information grabs. However, having said that, as someone on the anti-spam front lines, I think that IPv6 may well be a tremendous gift to spammers if accepting mail from IPv6 becomes a free-for-all, as I understand it to be. First, it is NOT a problem to accept your own authenticated user's mail via their IPv6 connection to your server. Therefore, for the point I'm raising, consider that the millions of a large ISP's *own* customers can transition to sending their mail through that ISP's mail server vi IPv6 without any problems. (if problems arise, it would probably be more a problem with weak authentication?) But for all other mail, such as mail sent from valid mail servers to other valid mail servers... then the following two suggestions would go a long way: (1) simple don't accept IPv6 mail for the foreseeable future. (In this case, scarcity of IPv4 addresses is a FEATURE, not a bug.) (2) And/or limit (what would be considered) valid IPv6 mail servers to those assigned a particular IP on particularly large-sized block... then sending IP not within those specs. (3) MANY hosters who aren't deliberate spammers, but really don't care to police abusive customers much except when dragged kicking and screaming... and there are MANY such hosters... have a motivation to keep their IPv4 mail server addresses "clean". in an IPv6 world, I think they'll not care because they'll get these huge allocations where they'll figure that they have YEARS of IP blocks to burn through before recycling them. As it stands now, if they get too sloppy, then their next customer isn't happy when senderbase.org has their new IPs as already in the "poor" category. Again, THAT is a feature, not a bug. Moreover, as I said, scarcity of IPs, with regards to mail servers, is a feature... not a bug. If these suggestions are not followed/heeded, MANY reading this right now will look back a decade from now and say, "wouldn't it have been great if we could have somehow created a situation where valid mail server IPs for IPv6 could have been more scarce and not a free-for-all?" In the "free for all" world, a spammer could send thousands or even millions of spams, each from a different IPv6 address... with each IP indexed back to the sender (to aid in "listwashing" of recipient addresses that triggered blacklistings), and not use a single IP twice. Furthermore, even if the IPs are blacklisted at the /64 level, as I understand it, some of the allocations happening are so generous, this statement could still be somewhat true where the spammer send each spam from a separate /64 block? Certainly, 65,536 /64 blocks in a /24 allocation is a hell of a lot more /64 blocks to burn through than the 256 IPs in an IPv4 /24 allocation!!! Again, keep in mind that the massive expansion of sending IP from a customer that is routed via to their own ISP's mail server, hopefully using authentication, is unaffected by this suggestion. So your future refrigerator and oven can STILL send you an e-mail from its IPv6 ip address. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Configuration Systems
On 6/8/2012 10:44 AM, Keith Medcalf wrote: > That is *the* definition of "Cloud". The term "Cloud" is a proxy for the > expression "under the exclusive control of a third-party over which we have > no influence nor control in order to gain plausibile denibility and CYA > ptotection if something bad happens". Here is my take on this... I think that hosting/datacenter admins sat around one day and lamented about the fact that so many of their clients were buying dedicated hosting servers and utilizing a very tiny percent of the CPU & storage. Often, the customer had been burned by "shared hosting" years earlier because of another shared hosting customer on the same server crashing the entire server, thus making everyone on that box suffer. So dedicated hosting became critical for many businesses who outsourced their hosting. But, again, many of those boxes sat year round utilizing something like <5% of CPU, and <5% of the available disk space (after OS installation). Then "virtual servers" matured, where you could create entire logically partitioned boxes running on the same server. These were sold as "virtual dedicated" servers, which was a step up from "shared hosting", and a step down from getting a dedicated server. But many didn't like this because they it was inherent that they were stuck on the same box with other customers. Those with deep pockets didn't take the bait. It had a niche, but didn't make for a good "sales pitch". Next, they found a way to leverage virtual servers by making it so that the virtual server didn't have to reside on one box... but could dynamically use various resources from a server farm, as needed. (for a simplified explanation). Thus, the "cloud" was then born. Now... all those unused CPU cycles and disk space are not wasted any more... they are dynamically put to use. RESULT>>>the aggregate sum of all that re-allocatable drive space and CPU cycles is ENORMOUS. It makes for a massively more efficient leveraging of hardware and software. The ratio of hardware costs to costumer revenue is massively better for a hoster/datacenter compared to selling traditional dedicated servers. That is not necessarily bad because some of the cost savings is passed back to the consumer in the form of lower prices. So this is not evil. Plus, there is an ability to "scale up" that exists with the cloud (where affordable!). But the funny part about this is that (a) the extent that cost savings are passed back to the client AND (b) the improved "scale up" technology.. those are the ONLY 2 benefits of cloud computing. Everything else is to benefit the hoster/datacenter. That so many CEOs/CTOs/directors/etc have bought into the hype, and see some kind of magical benefits seemingly beyond this... is just amazing. Personally, I prefer paying a little extra for my own dedicated and/or co-located servers... where I'm in total control of ALL aspects of hardware/software. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
