paradox@nac.net (Ryan Pavely) writes:
Wholy jesus :)
http://maps.vix.com/cgi-bin/lookup?207.68.152.137
ps.. 207.68.152.137=msn.com's mx host.
well, ok, so we blackholed microsoft (for the second time now). the blockade lasted 3.5 days, and they used several interesting tricks: first they moved their mail relays to different addresses -- hoping, i suppose, that we would not notice the spam being relayed through the new set? then they sent out a simply *amazing* bit of direction to their customers (many of them, it seems, were calling the 1-800-* number asking why their mail was bouncing). we heard it from one of their customers who was kind enough to include in their complaint to us the mail they'd been given by their microsoft network representative: |Greetings-- | |I am at a loss. I contacted MSN to see what it could do about helping |correct a problem with mail we send to my wife's sister. It says it cannot |help me. What do I have to do in order to send mail to this family member? | |I am enclosing MSN's response to my query; it includes my message sending |them to the MAPS screens: |---------------------------------------------------------- |Hello, | |Thank you for posting to Ask msn Member Support. I appreciate the |opportunity to assist you. | |We apologize for the inconvenience of having your mail blocked by this |server. I have visited the website that the message referred you to and |regret to inform you that we can do nothing from MSN as far as |configuration settings to your system to stop them from blocking the mail. |It is their system that set the block, and it will need to be their system |that removes it. According to the website that you were referred to they |are only blocking that particular IP address. If in fact this is true then |you should be able to send E-mail after you log off MSN and log back on. |MSN gives you a new IP address each time you log on. I do not know for |sure, but am more likely to believe that they have in fact blocked all MSN |and MSN.COM domain names from sending mail. If this is true then even |changing IP addresses will not help you send mail to the address you are |attempting to mail. You need to contact the postmaster of the domain you |are attempting to send mail through. In all likelihood this would be |addressed as "postmaster@(domain name.com)" where (domain name) represents |the name of the ending of the address you are attempting to send to. For |example...if you were attempting to send to an MSN address it would be |"postmaster@msn.com" I apologize for the trouble, but if anyone can stop |this domain from blocking users mail transport it is the domain itself. |Hope this helps explain things. | |In order to ensure a quick response to future concerns; please continue to |utilize the on-line forms at the address provided below. If you reply to |this email, be sure to include the original message. | |http://memberservices.msn.com/ | |We hope you are enjoying The Microsoft Network, and we look forward to |meeting all your service needs. | |Thanks, |msn Member Support and i have to admit, until i saw the above text, i was worried that maybe we shouldn't have blackholed MSN. whenever we have to blackhole something large, we get mail from RBL subscribers asking "are you crazy?" or similar. i hate to shake the tree too hard all at once -- the wrong things fall out. but when i saw what microsoft was telling their customers, it became clear to me that this was a battle we could not avoid. hearts and minds, etc. i'd like to correct one misimpression, though: i don't do the RBL alone. i make the decision whenever we have to blackhole somebody, since i'm the one that gets sued. but there's a team of volunteers working night and day to research spam sources and relays, answer phones, help people reconfigure their sendmail (or other mailers), and fill my inbox with just the really *high*quality* spam rather than the run-of-the-mill stuff that doesn't need blackholing (or which came from or through a place that was willing to plug their spam leak.) any indication you may have seen that i could last even five minutes as the main and only RBL guy was incorrect, and holding that view in any form would dishonour the very real and necessary work performed by the whole MAPS RBL team. microsoft, btw, finally called in late this morning and said "ok, we give up, we'll turn off third party relay on our mail gateways." it's not done yet, but they told us when to expect it to be done, and so we've removed them from the RBL until at least that time. we're still getting about two complaints per minute from the backlog of msn.com customers who are only now getting back and finding bounced mail in their inboxes. hopefully it'll level off soon. the only other fun thing i'd've said had i made it to NANOG for my usual RBL status update this last time, is that someone asked us to remove 2.0.0.0/8 from the RBL since the IP address of their mail server ended in ".2" and some customer had done a manual "nslookup" in the RBL.MAPS.VIX.COM zone for their address but without reversing it first (remember, we're like IN-ADDR.ARPA) and had cancelled a leased T1 on the basis that they refused to deal with spammers. OUCH! i hate it when that happens. i offered to intercede, but was told that it was just too late. however, we can't removed 2.0.0.0/8 from the RBL until IANA allocates it, as we still get periodic complaints from people who get blackholed when they try to use unallocated address space. we ask where they got their address space and then we never hear back from them. but note -- the only reason it doesn't work for them is the RBL; there's not wide-enough-spread ingress route filtering going on out there, since most of the net, except for RBL subscribers, is actually reachable from unallocated address space. i know that jerry and tony and others are working on this, but i thought i'd point out to those assembled that it's a REAL problem -- try it yourself and note how far you can get, assuming that your BGP neighbors don't filter ingress, it's definitely a safe bet that THEIR neighbors won't. -- Paul Vixie La Honda, CA "Many NANOG members have been around <paul@vix.com> longer than most." --Jim Fleming pacbell!vixie!paul (An H.323 GateKeeper for the IPv8 Network)