gateway.wcg.com (65.77.117.10) is being blacklisted by the spamhaus service. Can someone at Williams Communications get this taken care of? Your mail server is being blocked by everyone who uses spamhaus and it's delaying important mail from your company to one of our customers.
gateway.wcg.com (65.77.117.10) is being blacklisted by the spamhaus service.
Can someone at Williams Communications get this taken care of?
Your mail server is being blocked by everyone who uses spamhaus and it's delaying important mail from your company to one of our customers. Customers who use blacklists compiled by vengeance-oriented folk deserve what they get: No email.
Suggested solutions: a) whitelist williams b) stop using SBLs similar to spamhaus. It is a question of trust: Do you trust spamhaus to block 'evil' spammers? Do you trust them after they blocked important mails to your clients that could -not- -possibly- have been spam? Make your own conclusions. -alex
Maybe I've missed something but since when did spamhaus become vengeance oriented? All we try to do is eliminate as much spam as we can using a wide variety of blacklists at the same time. Thanks alex@pilosoft.com wrote:
Customers who use blacklists compiled by vengeance-oriented folk deserve what they get: No email.
Suggested solutions: a) whitelist williams b) stop using SBLs similar to spamhaus.
It is a question of trust: Do you trust spamhaus to block 'evil' spammers?
Do you trust them after they blocked important mails to your clients that could -not- -possibly- have been spam?
Make your own conclusions.
-alex
Maybe I've missed something but since when did spamhaus become vengeance oriented? All we try to do is eliminate as much spam as we can using a wide variety of blacklists at the same time. The moment they started blacklisting IPs that never sent spam. (AKA williams corporate mail servers).
-alex
In a message written on Wed, Sep 24, 2003 at 05:14:04PM -0400, alex@pilosoft.com wrote:
The moment they started blacklisting IPs that never sent spam. (AKA williams corporate mail servers).
For those who care: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL10731 I quote: ] WilTel Communications Group's Corporate Mail Relays ] Continued hosting of Eddy Marin spam gang and others have caused this ] listing. Previous warnings and spam reports had no effect. So, they have decided since WilTil has one (alleged?) spammer customer none of wiltel should be allowed to send or receive e-mail anymore. The complete list of Williams issues is at: http://www.spamhaus.org/sbl/listings.lasso?isp=wcg As per usual, no amount of collateral damage is deemed unacceptable. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
Yo Leo! On Wed, 24 Sep 2003, Leo Bicknell wrote:
So, they have decided since WilTil has one (alleged?) spammer customer none of wiltel should be allowed to send or receive e-mail anymore.
Works for me. Zero tolerance for those writing pink contracts with known spam gangs. Please send further complaints to WilTel not Nanog. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
Even though this is off topic, I'd have to say that this seems very odd from SpamHaus. They never seemed to isolate entire ranges but seemed more specific. I can also say they were very fast to remove issues once the spammers were removed and were also quite helpful. I wonder does this strategy demonstrate some sort of change or is it just a one off? ----- Original Message ----- From: <alex@pilosoft.com> Cc: <nanog@merit.edu> Sent: Wednesday, September 24, 2003 2:14 PM Subject: Re: williams spamhaus blacklist
Maybe I've missed something but since when did spamhaus become vengeance oriented? All we try to do is eliminate as much spam as we can using a wide variety of blacklists at the same time. The moment they started blacklisting IPs that never sent spam. (AKA williams corporate mail servers).
-alex
On Wed, 24 Sep 2003 16:28:52 -0700 Scott Granados <scott@wworks.net> wrote:
Even though this is off topic, I'd have to say that this seems very odd from SpamHaus. They never seemed to isolate entire ranges but seemed more specific. I can also say they were very fast to remove issues once the spammers were removed and were also quite helpful.
I wonder does this strategy demonstrate some sort of change or is it just a one off?
disclaimer: i do not speak for spamhaus. i have used the sbl for many years, found it effective, and believe that steve linford and his crew are honestly trying to do a good job with a difficult project. now, to answer your question. spamhaus normally is extremely focused. they keep detailed records that explain why they have chosen to block specific ranges. they are oriented towards spammers of fixed address, that is, they don't chase open relays, they don't chase abused proxies, or anything of that sort. there are other lists that perform those functions. the blacklisting of ISP ranges is very rare, it only occurs perhaps once a year, in extreme cases. several years ago, the sbl listed sprint's coporate mail servers during a period when sprint was providing connectivity for many spamhausen. sprint responded by appointing a new head of abuse, and giving him the power to terminate spammers. sprint's corporate mail servers were delisted, and their network is now fairly clean. we don't jokingly call their service "sprintpink" any more. it takes a lot to get your ISP's corporate mail servers listed on the sbl. wcg's problems must be pretty severe. in another message, Leo Bicknell refered to Eddy Marin & crew as (i think) "alleged spammers". there's nothing alleged about it. the Eddy Marin spam gang in Boca Raton is one of the nastiest bunches of vile spamming slime you will ever see. this is all extremely well documented. go see the spamhaus site for documentation, it's all there. cheers, richard (the scary thing is that spamming may be the closest thing to a legitimate business that Eddy Marin has ever been involved in.) -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
In a message written on Wed, Sep 24, 2003 at 07:42:39PM -0400, Richard Welty wrote:
there's nothing alleged about it. the Eddy Marin spam gang in Boca Raton is one of the nastiest bunches of vile spamming slime you will ever see. this is all extremely well documented. go see the spamhaus site for documentation, it's all there.
What you're missing in my argument is that it doesn't matter. I have no idea who Eddy Marin is, nor do I care. Blocking wcg's corporate mail servers is not the solution. Sure, it may get someone's attention at wcg, but it may also harm a lot of "innocent" communications, sales talking to clients, other wiltel customers requesting support, heck, the secretary ordering lunch to be delivered. There are laws against spam. If you have evidence, sue in civil court, or get a DA to go for it in criminal court. Don't lob a hand grenade in the general direction of the spammer and hope it all comes out ok. Osama and his followers told us for years they didn't like what we were doing, and then escalated by flying a plane into a building to "get our attention". That must have been ok by the same logic. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
On Wed, Sep 24, 2003 at 08:01:48PM -0400, Leo Bicknell wrote:
What you're missing in my argument is that it doesn't matter. I have no idea who Eddy Marin is, nor do I care. Blocking wcg's corporate mail servers is not the solution. Sure, it may get someone's attention at wcg, but it may also harm a lot of "innocent" communications, sales talking to clients, other wiltel customers requesting support, heck, the secretary ordering lunch to be delivered.
Your first statement isn't true. Of course you care. If you didn't care who was spamming, you wouldn't be using a DNSBL to block them. By using a BL to block spammers, you are saying you don't want to receive spam. The terms of use are known and clearly listed on each BL's site. You should have known that SBL would do this in extreme cases, if you chose to use them.
On Wed, 24 Sep 2003, Leo Bicknell wrote:
Osama and his followers told us for years they didn't like what we were doing, and then escalated by flying a plane into a building to "get our attention". That must have been ok by the same logic.
Godwin's Law should probably be extended to September 11 references. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
On Wed, 24 Sep 2003, Andy Walden wrote:
On Wed, 24 Sep 2003, Leo Bicknell wrote:
Osama and his followers told us for years they didn't like what we were doing, and then escalated by flying a plane into a building to "get our attention". That must have been ok by the same logic. Godwin's Law should probably be extended to September 11 references.
I was thinking exactly the same thing. 9/11 has become the rallying cry of those on the losing side of a debate. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
(Apologies to nanog, I make a point of not discussing spam issues here, but I feel an uncontrollable urge to respond to this one as it concerns Spamhaus directly) At 20:01 -0400 (GMT) 24/9/03, Leo Bicknell wrote:
In a message written on Wed, Sep 24, 2003 at 07:42:39PM -0400, Richard Welty wrote:
there's nothing alleged about it. the Eddy Marin spam gang in Boca Raton is one of the nastiest bunches of vile spamming slime you will ever see. this is all extremely well documented. go see the spamhaus site for documentation, it's all there.
What you're missing in my argument is that it doesn't matter. I have no idea who Eddy Marin is, nor do I care.
Eddy Marin is The Spam King, not your average garden-variety spammer. You might not care who Marin is but we unfortunately have to.
Blocking wcg's corporate mail servers is not the solution.
It's not a nice solution but it's sometimes the only solution available (to us). It's not an easy decision and it's a very rare one for us, but when a provider hosts a major spam gang long-term and looks set to continue indefinitely, escalating the issue by listing the corporate mail relays focuses the escalation only on the provider himself and not on his customers. We at that moment in time deem the provider to be 'knowingly supplying a spam support service'.
but it may also harm a lot of "innocent" communications, sales talking to clients, other wiltel customers requesting support, heck, the secretary ordering lunch to be delivered.
The Internet is now brimming with people who are almost in tears each time they check their mail and sort through their spam to see if there's any mail in it. Well over 50% of all email on the Internet is now spam (most ISPs say 60%+ of their incoming mail). That a provider's CEO, sales staff, or the secretary ordering lunch are inconvenienced due to an escalation caused by them allowing known spammers to cause such problems for all the rest of the Internet, is not our prime concern. The arguments of whether it's right or wrong can go on indefinitely but until someone invents a better solution this is all we have.
There are laws against spam. If you have evidence, sue in civil court, or get a DA to go for it in criminal court.
That's a joke right?
Osama and his followers [...]
I see, perhaps I shouldn't have responded to this post afterall. But for the benefit of those providers on nanag who use our SBL system, rest assured we will be removing the escalation 'any minute now' as WCG are now in contact with us and I understand are pulling spammer plugs. Regards, -- Steve Linford The Spamhaus Project http://www.spamhaus.org
At 07:42 PM 24-09-03 -0400, Richard Welty wrote:
the blacklisting of ISP ranges is very rare, it only occurs perhaps once a year, in extreme cases. several years ago, the sbl listed sprint's coporate mail servers during a period when sprint was providing connectivity for many spamhausen. sprint responded by appointing a new head of abuse, and giving him the power to terminate spammers. sprint's corporate mail servers were delisted, and their network is now fairly clean. we don't jokingly call their service "sprintpink" any more.
AS3339 has a zero tolerance for spamming. With just one spam complaint we block the IP in question. We have a downstream customer that has many cybercafes in Africa that generate http and smtp spam and we block each complaint within 48 hours. None the less, here is a recent email extract I received from someone: "Hank, I am not a Spamhaus.org representative in any shape or form. I do not claim to speak for Spamhaus.org in any capacity. The University of xxxxxx is, however, a customer (i.e. as of this morning, we block e-mails from IP addresses listed on Spamhaus SBL). I am just guessing what might happen if the problem is not sorted out. I am sure you already know that the standard escalation procedure for many blocklists is first to block the single offending IP address, then the immediate smallest block that it is contained in according to WHOIS, then the entire block of the ISP, and if that fails to stop the spam, then the corporate MXes of the upstream ISP may be blocklisted." Basically, we are being told if we don't drop the customer, our corporate MXes will be blocked. I would not call this an "extreme case", but it would appear that overzealous anti-spammers are perhaps going a bit overboard. Regards, Hank
On Thu, 25 Sep 2003 12:50:58 +0200 Hank Nussbacher <hank@att.net.il> wrote:
AS3339 has a zero tolerance for spamming. ... None the less, here is a recent email extract I received from someone: ... "Hank, I am not a Spamhaus.org representative in any shape or form. I do not claim to speak for Spamhaus.org in any capacity. The University of xxxxxx is, however, a customer (i.e. as of this morning, we block e-mails from IP addresses listed on Spamhaus SBL). ... Basically, we are being told if we don't drop the customer, our corporate MXes will be blocked. I would not call this an "extreme case", but it would appear that overzealous anti-spammers are perhaps going a bit overboard.
i'd say that's more than a little bit of a reach. they admit right up front that they don't speak for spamhaus (steve linford can speak for spamhaus, and he's apparently reading this thread on nanog.) a spamhaus customer can hardly threaten a spamhaus listing, only spamhaus investigators can do that. what you're describing doesn't sound like a situation that would get you onto spamhaus. this spamhaus customer is talking through their hat. additionally, to the best of my knowledge, spamhaus listing and escalation procedures differ from the ones you described. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
At 12:50 +0200 (GMT) 25/9/03, Hank Nussbacher wrote:
AS3339 has a zero tolerance for spamming. With just one spam complaint we block the IP in question. We have a downstream customer that has many cybercafes in Africa that generate http and smtp spam and we block each complaint within 48 hours.
None the less, here is a recent email extract I received from someone:
"Hank, I am not a Spamhaus.org representative in any shape or form. I do not claim to speak for Spamhaus.org in any capacity. The University of xxxxxx is, however, a customer (i.e. as of this morning, we block e-mails from IP addresses listed on Spamhaus SBL).
I am just guessing what might happen if the problem is not sorted out.
I am sure you already know that the standard escalation procedure for many blocklists is first to block the single offending IP address, then the immediate smallest block that it is contained in according to WHOIS, then the entire block of the ISP, and if that fails to stop the spam, then the corporate MXes of the upstream ISP may be blocklisted."
That describes the escalation procedure of SPEWS, but is not at all accurate for the SBL, we do not expand listings sideways into customer space or block whole ISPs [*].
Basically, we are being told if we don't drop the customer, our corporate MXes will be blocked. I would not call this an "extreme case", but it would appear that overzealous anti-spammers are perhaps going a bit overboard.
Luckily he claimed up-front to not be speaking for Spamhaus. I can sympathize with the level of frustration of someone being bombarded in spam, however we do not run escalations for single spammers (unless the problem is chronic, but even then we'd always contact the ISP and exhaust all other avenues). [*] Although we do not list whole U.S. or European ISPs, that's not strictly true for other areas of the net the "offshore" spammers have gravitated to. We are currently leaning on China heavily and are at this moment blocking large parts of Chinanet Shanghai (online.sh.cn) ADSL netblocks, as it's the worst of the China spam problems with 120 separate SBL listings all of US-based spammers (all the usual make-penis-fast crowd) hosted mainly on Shanghai ADSL lines. Spammers like Alan Ralsky these days pump everything out via SoBig-opened proxies with everything hosted in China, all run from Detroit using VPN. The Chinese are now understanding this but it's taken some time. That escalation should resolve itself 'any moment now' too as they say they're starting the process of tracking down and kicking off the hoard of pests they've acquired these last months. -- Steve Linford The Spamhaus Project http://www.spamhaus.org
On Wed, 24 Sep 2003 alex@pilosoft.com wrote:
Customers who use blacklists compiled by vengeance-oriented folk deserve what they get: No email.
Suggested solutions: a) whitelist williams b) stop using SBLs similar to spamhaus.
It is a question of trust: Do you trust spamhaus to block 'evil' spammers?
Do you trust them after they blocked important mails to your clients that could -not- -possibly- have been spam?
Make your own conclusions.
-alex
Providers that sleep the dogs deserve exactly what they get: No email. Suggested solutions: a) find a ethical provider that responses to abuse complaints b) I can't think of anything better than a. It is a question of trust: Do you trust Williams to be ethical to their Internet peers and respond to abuse issues? Do you trust them after they -repeatedly- -ignore- abuse complaints regarding your clients receiving spam from a spamhaus on their network? Make your own conclusions. -justin
participants (13)
-
alex@pilosoft.com
-
Andy Walden
-
Avleen Vig
-
Dan Hollis
-
Eliot Lear
-
Gary E. Miller
-
Hank Nussbacher
-
Justin Shore
-
Len Rose
-
Leo Bicknell
-
Richard Welty
-
Scott Granados
-
Steve Linford