Previous Politech message: "David Scott Anderson: An unapologetic resume spammer, and a twist" http://www.politechbot.com/p-03730.html As a brief followup to my earlier message, I give the SpamCop folks (some of whom subscribe to Politech) high marks for responsiveness, although they also incorrectly listed my mail server as spam for 18 hours on Feb. 11. But the relays.osirusoft.com admin never explained why my server was blacklisted last week without a check performed first. -Declan --- Date: Mon, 8 Jul 2002 21:31:03 -0700 From: "James J. Lippard" <lippardat_private> To: Declan McCullagh <declanat_private> Subject: Re: FC: David Scott Anderson: An unapologetic resume spammer, and a twist I've also had problems with "jump-the-gun" blacklists--spamcop's blacklist has incorrectly listed securityfocus.com's mail server a few times. My most reliable spam filter seems to be Spam Assassin (http://spamassassin.taint.org). Spam Assassin is a spam scoring mechanism that can be used in conjunction with procmail to filter, saving copies of messages tagged as spam for periodic examination. It also can be used in conjunction with Vipul's Razor, where you report message body hashes to a central server, and Spam Assassin downloads the hashes reported by others periodically, so that you can be prepared to block spams that others have already received. -- Jim Lippard lippardat_private http://www.discord.org/ GPG Key ID: 0xF8D42CFE --- From: "Bort, Paul" <pbortat_private> To: "'declanat_private'" <declanat_private> Subject: The dark side of spam prevention (was David Scott Anderson: An un apologetic resume spammer, and a twist) Date: Tue, 9 Jul 2002 13:31:02 -0400 Declan, Our company was recently blacklisted as well, with the www.spews.org system, which blocks by IP address. Our IT staff spent a couple of weeks trying to figure out how this had happened, and how to contact SPEWS to get us removed. They not only appear to have an add-first-and-check-later policy similar to the one you encountered, but they also seem to consider themselves infallible. In our case, it took us a while to find why we were being blocked because they had added a very unclear IP address range to their files (their record # S888): 1, 64.211.95.0/23, COWLES/LUSKY/RALSKY / "XStrings/1.001" / Bridgecom.com (gblx.net) 1, 65.168.225.0/23, COWLES/LUSKY/RALSKY (Sprint) In both cases, a /23 network is described with the third octet being an odd number. "64.211.95.0/23" means that the first 23 bits of 64.211.95.0 plus 9 zeros is the lowest address of the subnet, and that the first 23 bits of 64.211.95.0 plus nine ones is the highest address of the subnet. In this case, that's 64.211.94.0 through 64.211.95.255. This caused our subnet to be blocked even though it wasn't obviously on the list. SPEWS' web site suggests that if there is something wrong with their data, I should post to net.admin.net-abuse.email describing the problem. This caused what appeared to be a knee-jerk reaction to expand the IP addresses covered by the block to any address that might have been originally intended: 64.211.94.0 - 64.211.96.255. Further examination of their records led me to post a second message on nanae, asking to have our range removed and suggesting a plausible explanation for the error (namely, that the subnet should have been /25 instead of /23, which would be consistent with the starting IP address specified and the details included in their record.) A couple weeks later, they removed us from their list. If I found two bad address ranges in just that one record, how many false positives are scattered throughout their database? Similar to your concern that a netizen might be intimidated by a spammer's harangue, I am concerned that blacklistings like the one we were subject too are very difficult to correct without a good understanding of CIDR and a little luck. One of the things that helped us was that while our e-mail administrator was getting frustrated and upset about this, I managed to stay calm enough to be polite in my newsgroup postings. From the rude messages others had posted to nanae regarding SPEWS, I suspect that shouting would not have gotten me very far. References: My postings to nanae: http://groups.google.com/groups?q=blacksilver23517&ie=UTF-8&oe=UTF-8&hl=en The SPEWS Record that we were included in: (which is now much shorter than it was in April) http://spews.org/html/S888.html And finally, SPEWS contact policy: http://spews.org/faq.html (Question 41) Please feel free to publish or excerpt this message for the list if you would like. I'm available at pbortat_private if you have any questions. Paul Bort Systems Engineer TMW Systems, Inc. pbortat_private blacksilver23517at_private P.S. Thanks for running a great list. It's a bit of sanity amidst the chaos. --- Subject: RE: David Scott Anderson: An unapologetic resume spammer, and a twist Date: Tue, 9 Jul 2002 01:39:08 -0700 From: "Clinton D. Fein" <clinton.feinat_private> To: <declanat_private> Hi Declan: I was sorry to learn about your "spam incident," and couldn't agree with you more that the current systems designed to prevent abuse are fundamentally flawed, and often end up doing a disservice to the wrong people. A couple of years back, before Mindspring was purchased by Earthlink, Mindspring blocked all postcards that were sent from annoy.com by adding it to their "Spaminator" service (which is now an Earthlink offering). While annoy.com postcards are not exactly Hallmark, and since we do not authenticate the identity of the sender (allowing for anonymous communications), we specifically have not enabled the ability to send bulk communications, and certainly are not attempting to sell any commercial services. In fact, in six years, we have yet to send one email message to our own registered users Despite numerous attempts to get Mindspring to take annoy.com off their list, Mindspring deemed that merely facilitating unsolicited communications met their definition of spam, and refused to remove annoy.com from their list. (This despite their own "refer a friend" service, or the countless "Send this Story to a Friend" feature on most news sites). Wired News covered the incident at the time (http://www.wired.com/news/topstories/0,1287,19680,00.html ) which was helpful in focusing attention on the definitions of spam, unsolicited vs. unwanted communications, commercial vs. non commercial communications and the extent to which complaints by consumers are appropriately managed. As you appear to have discovered for yourself, dealing with such accusations is time consuming and tedious, but in addition, there are other more serious implications. To erroneously list or characterize the communications of any service, whether its annoy.com or Politech as spam can dilute the trademark of the service, or the credibility and well earned reputation of a service like Politech. If Mindspring blocked annoy.com because they felt we suck, or because our content is awful or whatever reason they wanted to block us for, by all means. But to simply list us as spam is ridiculous. It's the equivalent of our placing Earthlink on a list of pedophiles, because there may be a chance that some of their customers collect child-pornography, and simply because one of our users requested it because they don't like Earthlink. In addition, both annoy.com and Politech genuinely block delivery to a specific email address upon request from the email address owner. More than I can say for most other companies that facilitate postcard or other content delivery systems. Finally, certain states define spamming as a criminal activity, the accusation of which is not to be taken lightly. It is encouraging to see that SpamCop consider false accusations a violation of their rules, and lends a glimmer of hope that future systems will recognize or investigate genuine reports of spam such as your initial one, as opposed to false accusations such as Anderson's. However, until companies like Earthlink clearly define what spam is -- is sending an unsolicited resume to you, for instance, spam if it is deliberately mailed to you because the sender knows who Declan McCullagh is? -- this problem will only worsen, damaging a lot of innocent people and organizations in the process. (I don't know whether annoy.com is still on the Spaminator list, since it is no longer accessible to the public). Your recent unpleasant experience reveals the complexity of the situation - still unresolved and fraught with problems years later. In much the same way that people's anxiety over perceived privacy violations often tends to cloud their First Amendment inclinations, the definition of spam and the technological and social protocols around it could definitely use some clarification. Clinton _____________________________________ Clinton Fein Editor & Publisher Annoy.com 370 7th Street, Suite 6 San Francisco, CA 94103 Phone: 415-552-7655 Fax: 415-552-7656 http://annoy.com/ _____________________________________ --- ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 13:42:46 PDT