Previous Politech message: http://www.politechbot.com/p-04943.html --- Date: Wed, 9 Jul 2003 15:00:32 -0400 From: Philo <philoat_private> To: declanat_private Subject: Final Anti-spam blacklists comment Declan, I've gotten quite a few replies regarding my blacklist comment. While I don't agree with all of them, I wanted to acknowledge that they are all well-worded arguments, and some of them have given me food for thought. While I still don't agree with blacklisting millions of users for the abuses of a handful, I will also grant that Comcast has issues which I plan to address to them, most notably trying (once again) to get them to give their business customers honest static IP's properly registered at ARIN. Thanks to the Politech community for being a true community and offering rational discourse instead of some of the vitriolic anti-spam rhetoric I feared. -- Best regards, Philo mailto:philoat_private --- Date: Wed, 09 Jul 2003 22:39:58 +0530 From: Suresh Ramasubramanian <sureshat_private> Organization: Outblaze Limited - http://www.outblaze.com That URL says it all - and is one of the oldest such blocklists around ... http://www.mail-abuse.org/dul/enduser.html You can just relay your mail through a static IP - say your cablemodem provider's mailservers. Or through some other mailserver you have access to, using SMTP AUTH. Whatever. This is as old a non-issue as any. Nothing new to see here. Move on, folks ... srs --- Date: Wed, 9 Jul 2003 10:31:04 -0700 (PDT) Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? From: "Brendan O'Connor" <brendanat_private> This has actually been going on for a long time. I used to operate my own domain and mail server off a cable-modem connection and would frequently get rejected from more paranoid sites. This issue became a much bigger problem when AOL stopped allowing incoming may from dynamic IP's. Of course, the Terms of Service for most cable providers explictly say that they do not allow you to run servers of any kind, including e-mail. Oh well, you get what you pay for. I found that a reasonably cost-effective solution to this problem was to lease a server on the internet with a static IP for a nominal fee ($15 a month, IIRC) which I can use freely to host my own domain ... Not only is the service significantly more reliable, it also has MUCH better bandwidth than my cable connection here at home. Regards, Brendan --- Date: Wed, 09 Jul 2003 12:29:46 -0500 To: declanat_private From: Mickey Chandler <micklcat_private> Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? >some of the blacklists are listing the IP's that cablemodem >providers assign their clients. This isn't done without reason. The rationale is that you really should be using your ISP's mail servers. They're set up for your use and in fact, most often the IP ranges listed in things such as the MAPS DUL are provided by the ISPs which own those ranges, not searched for by the blocking list providers. A quick check of my spam file shows that since 4/7 I've gotten 10 spams from comcast (philo's provider). Those spams range in subject from porn to body part enlargement to "internet detective" software to mortgage offers. Now certainly, 10 in 2 months isn't an overwhelming number (just a little under 1% of my total for the time period). But, it does show that spammers are using comcast IPs to send out their messages. If you have a legitimate reason for running an outbound mail server, you should first of all make sure that running a server is ok with your provider, and then write the blocking list provider and ask to be removed. I run one on my little DSL box since it's ok with my provider and don't have problems with being blocked, but this isn't quite the problem for me since I pay for a static IP. -- Mickey Chandler micklcat_private "History will be kind to me for I intend to write it." Winston Churchill --- Date: Wed, 09 Jul 2003 09:57:25 -0700 From: Steve Gertz <steveat_private> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130 Declan, As a mail administrator, it's my concern to reduce the amount of spam my users get. Someone behind a cable modem (or dial-up internet connection) attempting to send email to my servers directly is not acceptable. The spam levels are too great to allow this. The user can easily send outbound mail to their provider's mail server, allowing for easier tracking in the case of spam, and is completly transparent to the publisher. Regarding the red herring of 'trying to keep the spirit of the internet alive,' the mail administrators on the other end of the line want to keep it alive, but we need you to be pollite and follow the rules. Steve --- Date: Wed, 9 Jul 2003 12:59:27 -0400 (EDT) Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? From: "Ryan Dlugosz" <ryanat_private> To: declanat_private Declan McCullagh said: > Declan, some of the blacklists are listing the IP's that cablemodem > providers assign their clients. This is screwing small publishers - > often cablemodem is the only broadband we can get (no DSL out past a > DLC), so their unilateral decision that "cablemodem=spammer" has > screwed a lot of people. Hi Declan, I have a bit of experience with this situation & I'd offer the only "good" solution that I found to Philo... Many ISPs (such as AOL) and blacklist providers are treating all mail from servers located in "residential IP blocks" as spammers. It's a sad truth, but many spammers do in fact live on the residential IP blocks, using their cable modem connections & mass mail applications to distribute their pitches. Also, it is a common occurrence to find an open relay to spam through on residential IP blocks, either because of carelessness in configuration/administration or just because the owner doesn't even know that they're running it. I don't necessarily agree with the policy that these ISPs are adopting, but I can see a line of reason behind all of it. I ran into this problem some time ago, as I host my own email & messages to a friend's AOL account were mysteriously bouncing with an error similar to the one you're receiving. The only good solution to this problem is to send mail from a host that is not located on a residential IP block. You can do this in one of two ways. You can either pay more money to your ISP and get a "business account" with static addresses, or you can route your mail through another SMTP server. I chose the later, as my ISP already provides me with an outgoing SMTP server that I'd previously never used. You can still run your own SMTP server, but you want to set it up so that it routes all outgoing mail to the ISPs SMTP server. This is straightforward in sendmail, and should also be in most all other SMTP servers. Now all mail is coming from a server which does not live on the res-block, so the blacklists and ISPs will not reject it. Clearly, the arbitrary block on mail originating from residential IPs hurts people like you and I who like to run their own services, but I imagine that we represent a minute percentage of the broadband user community. It's annoying for us, but the group that should *really* be upset about this are the users of those ISPs! I know that I wouldn't stand for this kind of treatment from my provider. Good luck with the email & feel free to contact me off-list if you've got more specific questions on how to configure things. -Ryan PS - Declan, thanks for a great list! -- Ryan Dlugosz ryanat_private http://dlugosz.net --- Date: Wed, 9 Jul 2003 10:29:28 -0700 Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) From: Tom Collins <tomat_private> To: declanat_private Content-Transfer-Encoding: 7bit On Wednesday, July 9, 2003, at 08:45 AM, Declan McCullagh wrote: >Declan, some of the blacklists are listing the IP's that cablemodem >providers assign their clients. This is screwing small publishers - >often cablemodem is the only broadband we can get (no DSL out past a >DLC), so their unilateral decision that "cablemodem=spammer" has >screwed a lot of people. Out here (in Phoenix), Cox recently started blocking all outbound SMTP connections from their cablemodem customers. This forced many of my hosting customers to start using Cox SMTP servers instead of connecting to our server via SMTP AUTH. It's quite inconvenient for those with laptops who connect from multiple locations. My friends who have been affected by this speculate that Cox is trying to pressure customers into upgrading to its business class of service (which is, of course, more money). >Their decision seems to be based on the fact that my IP is listed as >"dynamic" as it's issued by a DHCP server and listed >as dynamic in ARIN. However, my IP hasn't changed in over a >year. I think they're being asinine and seriously misguided. Most >importantly, they're doing the baby/bathwater thing and hurting those >of us who are trying to keep the spirit of the internet alive. Philo, and others in the same situation, may have to resort to routing all outbound mail through their ISP's mail server to avoid bounces. Either that, or a colo server that they have control over (and can configure to accept inbound SMTP on alternate ports if necessary). Of course, if the ISP's server has problems, it can slow delivery of the mail. I worry that after forcing customers to use their (ISP's) SMTP servers, they'll limit each customer's sending ability in some way (limited number of recipients, limited message size, etc.) -- Tom Collins tomat_private Visit sniffter.com for info on the Sniffter hand-held Network Tester --- Date: Wed, 9 Jul 2003 13:20:59 -0400 (EDT) From: "Matthew G. Saroff" To: Declan McCullagh <declanat_private> cc: politechat_private Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? What is going on is a failure of the free market to come up with a solution. Spammers have a way of communicating advertisements at such a low unit cost, that it pays to send your email to everyone. The economics are such, that it pays to send email to a thousand people even if only one can actually read it (Chinese spam). In response to perceived problems of user annoyance, consumption of system resources, the market supplies solutions. These solutions vary from sophisticated heuristic programs, to those that try to determine the intent of the sender (which includes black lists). The spammers develop techniques to evade this, and the coping mechanisms become more intrusive and aggressive. Absent a greater societal solution (legislation), I see this as leading to email, becoming gated communities, where only preapproved access is allowed. -- Matthew Saroff "A modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness." -- John Kenneth Galbraith p.s. please delete the email if you forward to Politech. --- From: "Alex Neuman van der Hans" To: <declanat_private> Subject: REMOVEMYEMAIL RE: Anti-spam blacklists list cable modems, hurting small publishers? Date: Wed, 9 Jul 2003 12:07:58 -0500 Organization: Neuman Consulting This is easily circumvented by using your ISP's (your Cable Provider's?) SMTP server for outgoing e-mail. You can still use your own server for incoming mail, just point your server to deliver all outgoing mail to your ISP's server. Alex Neuman Panamá City, Republic of Panama --- Date: Wed, 9 Jul 2003 13:03:00 -0400 From: "Christopher A. Petro" <petroat_private> To: Declan McCullagh <declanat_private> Cc: philo <philoat_private> Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? On Wed, Jul 09, 2003 at 11:45:51AM -0400, Declan McCullagh wrote: > Their decision seems to be based on the fact that my IP is listed as > "dynamic" as it's issued by a DHCP server and listed > as dynamic in ARIN. However, my IP hasn't changed in over a > year. I think they're being asinine and seriously misguided. Most > importantly, they're doing the baby/bathwater thing and hurting those > of us who are trying to keep the spirit of the internet alive. This is not a terribly unreasonable restriction. Many ISPs do (and should) block outgoing port 25 for normal customers. The ISP provides its own mail server that can be used for sending outgoing mail. For personal use that works just fine. The better ISPs with this policy allow you to sign a contract allowing them to arbitrarily cut off your access if they see spam in exchange for opening port 25, but I wouldn't expect that sort of flexibility from a cable provider. Sending the mail through the cable ISP's mail server will fix this problem unless they place a restriction on the number of messages. Since I assume he has residential, rather than business, cable service this would also not be an unreasonable restriction. Residential cable contracts normally disallow anything but personal use, and anything involving bulk mailing is probably at least organizational, if not commercial. He may be able to get business cable service with fewer restrictions and an IP that's not in a listed dialup block, depending on the ISP. Because they do allow outgoing port 25, he could also relay the mail through another server if someone would allow him to do so. -- Christopher A. Petro .. petroat_private .. 917-346-1536 --- Date: Wed, 09 Jul 2003 12:59:22 -0400 From: Brad <bradat_private> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3; MultiZilla v1.4.0.2) Gecko/20030312 X-Accept-Language: en-us, en MIME-Version: 1.0 To: declanat_private Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? I just want to highlight his last point, it's not "cabe modem = spammer" it's "dynamic ip = spammer". I agree that dynamic IP's shouldn't be blocked and I certainly don't. However, dynamic users should be able to use an upstream SMTP server provided by their ISP. I wonder what exactly they are "publishing" that can't be sent through their ISP's smtp? Nevermind that every cable modem terms of service I've seen forbids commercial server on residential dynamic connections... --- X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.3 To: declanat_private Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? In-reply-to: Your message of "Wed, 09 Jul 2003 11:45:51 EDT." <5.2.1.1.0.20030709114509.0ae4d0e0at_private> From: Dave Close <daveat_private> Date: Wed, 09 Jul 2003 09:53:33 -0700 Sender: daveat_private philo <philoat_private> wrote: >Declan, some of the blacklists are listing the IP's that cablemodem >providers assign their clients. This is screwing small publishers - >often cablemodem is the only broadband we can get (no DSL out past a >DLC), so their unilateral decision that "cablemodem=spammer" has >screwed a lot of people. Philo seems to be one of those who doesn't complain until "they" come for him, by which time all those who might have supported him have already been taken. We all need to recognize that the problem can't be resolved by adjustments to the blacklist algorithms. So long as the lists do indirect blocking - blocking, not spammers, but addresses which may have been used by, or are related to those used by, spammers - they will inevitably block some legitimate users. Some say we should just accept this collateral damage. Did philo complain about blocking legit dial-up users? -- Dave Close, Compata, Costa Mesa CA "You can't go to Windows Update daveat_private, +1 714 434 7359 and get a patch for stupidity." dhcloseat_private -- Kevin Mitnick --- X-Sender: dlaflamme1at_private X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Wed, 09 Jul 2003 12:53:23 -0400 To: declanat_private From: Nick Laflamme <dplaflammeat_private> Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? I'm confused by Philo's complaint. Is Philo saying that the blacklists are blocking the SMTP servers run by the service providers that provide cable modem access to their clients, or are the blacklists blocking the end-user IP address ranges? My home access provider is a cable modem provider. I point all of my outbound SMTP traffic at their SMTP engine; they relay it to the rest of the world. It doesn't sound like Philo is using such a scheme. If so, why not? The assumption doesn't seem to be "cable user == spammer"; it seems to be "distributed SMTP server == spammer." I don't think this would vary for other connection methods, unless those connection methods come with dedicated IP addresses. Even then, I'd be shocked if Philo's provider wouldn't lease a dedicated IP address for an additional fee. :-) Just a thought, Nick --- To: declanat_private Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? In-reply-to: Your message of "Wed, 09 Jul 2003 11:45:51 EDT." <5.2.1.1.0.20030709114509.0ae4d0e0at_private> From: Dave Close <daveat_private> Date: Wed, 09 Jul 2003 09:53:33 -0700 philo <philoat_private> wrote: >Declan, some of the blacklists are listing the IP's that cablemodem >providers assign their clients. This is screwing small publishers - >often cablemodem is the only broadband we can get (no DSL out past a >DLC), so their unilateral decision that "cablemodem=spammer" has >screwed a lot of people. Philo seems to be one of those who doesn't complain until "they" come for him, by which time all those who might have supported him have already been taken. We all need to recognize that the problem can't be resolved by adjustments to the blacklist algorithms. So long as the lists do indirect blocking - blocking, not spammers, but addresses which may have been used by, or are related to those used by, spammers - they will inevitably block some legitimate users. Some say we should just accept this collateral damage. Did philo complain about blocking legit dial-up users? -- Dave Close, Compata, Costa Mesa CA "You can't go to Windows Update daveat_private, +1 714 434 7359 and get a patch for stupidity." dhcloseat_private -- Kevin Mitnick --- Date: Wed, 9 Jul 2003 13:23:20 -0400 From: Steven Champeon <schampeoat_private> To: Declan McCullagh <declanat_private> Cc: philoat_private Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? on Wed, Jul 09, 2003 at 11:45:51AM -0400, Declan McCullagh wrote: > > --- > > Date: Tue, 8 Jul 2003 21:29:28 -0400 > From: philo <philoat_private> > To: declanat_private > Subject: Blacklist Complaint: Fwd: Postmaster Notify: Delivery Failure. > > Declan, some of the blacklists are listing the IP's that cablemodem > providers assign their clients. This is screwing small publishers - > often cablemodem is the only broadband we can get (no DSL out past a > DLC), so their unilateral decision that "cablemodem=spammer" has > screwed a lot of people. A small correction: it is not "cablemodem = spammer" that has been decided; it is "cablemodem = sucker running vulnerable OS cracked by spammer and now acting as source of nine tenths of the spam on the net". So, get a fixed IP address from your service provider and have them set you up with reverse DNS that doesn't look like a compromised box likely to be running an illicit smtp proxy. I've been using a set of patterns that match dsl, cable, dialup, etc. hosts for some three months now (I'm up to over 600 patterns, for nearly as many different providers worldwide) and as a result, I have cut my spam load from a peak of 1500/day in mid-May to ~40-60/day today. Spam costs us all money. Your claim - that our fighting spam by blocking an address you or your provider hasn't bothered to list as fixed - is specious and ignores the aggregate costs of fighting spam from open proxies and trojans, spread across every mail server and abuse desk, versus the relatively small cost to you to get your provider to change your rDNS so you look like a non-dynamic host. > Their decision seems to be based on the fact that my IP is listed as > "dynamic" as it's issued by a DHCP server and listed > as dynamic in ARIN. However, my IP hasn't changed in over a > year. I think they're being asinine and seriously misguided. Most > importantly, they're doing the baby/bathwater thing and hurting those > of us who are trying to keep the spirit of the internet alive. I do appreciate your efforts to "keep the spirit of the Internet alive". I'm trying to keep the spirit of the Internet alive for my users and myself, by making email usable again, and your dynamically-assigned IP looks like every other dynamically-assigned IP on the Net, which is the source of 95-98% of the spam we're getting these days. Please bite the bullet and get proper rDNS, as the spirit of the Internet would have you do in the first place, if you're going to be running a mail server. > Philo > > > 571 dialup user rejected; see: http://www.mail-abuse.org/dul/enduser.html Another list in widespread use is the PDL: http://dialups.visi.com/ http://www.pan-am.ca/pdl/ I don't find it very effective, frankly, which is why I started writing my own rules to block mail from dynamic IPs. Here's some recent (mid-June) statistics regarding how much spam is coming from dynamic IPs: Of a total of 977 rejected messages on one server (June 16th, between 4am and approximately 6pm): - 647 'did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA' 49 attbi.com 39 comcast.net 17 dsl-verizon.net 11 net.ar 16 rr.com 12 swbell.net 19 t-dialin.net - 89 were rejected as being direct from cable/dsl/dialup 11 attbi.com 11 comcast.net 5 dsl-verizon.net 3 ntl.com 3 rogers.com 2 rima-tde.net 2 swbell.net 2 t-dialin.net 2 tie.cl 2 fuse.net - 241 were rejected as spam 192 of these were sent to spamtraps 49 of these were sent from known spammer domains Of a total of 2751 dropped connections on my low priority MX since 4am Sunday: 178 attbi.com 177 comcast.net 68 t-dialin.net 63 rr.com 41 dsl-verizon.net 27 charter.com 25 btopenworld.com 24 videotron.ca 24 ntl.com 23 verizon.net 23 swbell.net 22 interbusiness.it 19 co.uk 18 rogers.com 17 net.ar 16 optonline.net 15 ameritech.net 14 net.br 14 ne.jp 12 surfer.at 12 mindspring.com 12 mchsi.com 11 com.ar </snip> All of these hosts are in dynamic netblocks. The "did not issue" hosts were those running spamware that chokes on a multiline SMTP greeting (or, possibly, MTA software such as Mimesweeper, which also fails to accept a multiline greeting) but in any event, the connections were made in such a way as to suggest a spammer at work: the same delivery address was targeted, often from /different/ sender addresses, from a wide variety of dynamic hosts, in a sort of round robin rotation. If I reject a delivery attempt to a spamtrap from, say, dsl-ull-92-76.42-151.net24.it, within a few seconds the spammer tries to deliver to the same address, but this time from 2-222-44-252.client.insightBB.com, then 202.155.121.155, then from c-24-245-68-107.mn.client2.attbi.com, then from 200.46.19.167, then from adsl-64-168-213-146.dsl.lsan03.pacbell.net. I have logs full of these. I also have archives full of spam that was rejected from dynamic ranges I knew about several times before they found a dynamic IP I didn't know to block - hence the 600+ rules in my sendmail config to block as many such netblocks as I can - always based on the rDNS, so having a rDNS that didn't match a known dynamic naming convention would let mail from you through to my servers. IMHO, it's your responsibility to register your IP as static and get a rDNS entry set up that reflects this non-dynamic nature. You'll do more to fight spam, reduce the stress of possibly having your mail rejected, and do more to restore the spirit of the Internet by being a responsible Netizen. Cheers, Steve -- hesketh.com/inc. v: (919) 834-2552 f: (919) 834-2554 w: http://hesketh.com Book publishing is second only to furniture delivery in slowness. -b. schneier --- Date: Wed, 9 Jul 2003 13:52:58 -0400 From: Rich Kulawiec <rskat_private> To: Declan McCullagh <declanat_private> Cc: philo <philoat_private> Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? On Wed, Jul 09, 2003 at 11:45:51AM -0400, Declan McCullagh wrote: > Declan, some of the blacklists are listing the IP's that cablemodem > providers assign their clients. True. All DNSBLs have different policies, and *some* of them list IP addresses that are one or more of: - IP addresses assigned to dialups - IP addresses assigned to DSL connections - IP addresses assigned to cable connections - dynamically allocated IP addresses (e.g. DHCP) This is because IPs in this class are a HUGE source of spam. (See below.) This, in turn, is partly because such connections are readily available at low cost, but it's also because hundreds of thousands of such systems are in use (or ready for us) as a distributed spamplifier, because they are running open proxy servers. And that in turn is either because their owners configured them that way, or installed software that configured them that way, or because they've been infected by viruses/worms which are designed for that purpose. (Windows + broadband = happy spammers.) Note that other DNSBLs may also choose to list such IP addresses for other, different criteria such as: - non-functional/non-responsive ISP "abuse" address - receipt of numerous spams from entire IP block - ISP failure to address spam and other abuse issues Again, it depends on which DNSBL. You can find out which ones are listing you (and why) by going to http://combat.uxn.com/ and using it to search the DNSBLs (that it knows about) for your IP address, then following the resulting links. (Another useful site for doing this: http://www.openrbl.org/) > This is screwing small publishers - No, it's not doing any such thing. They can either: - use their ISP's mail servers for outbound mail -- which is what they SHOULD be doing anyway if they have a dynamic address, and may be mandated by their TOS - get a static IP (which most services offer as part of "business-class" service) - and/or get proper forward and reverse DNS set up so that it's clear to everyone who/what is on that IP - use a "smarthost" - an external mail server which handles their outbound traffic (very easy to set up) among many other options. > often cablemodem is the only broadband we can get (no DSL out past a > DLC), so their unilateral decision that "cablemodem=spammer" has > screwed a lot of people. No such decision has been made. The decision has been made (by those DNSBLs which list these IPs, and presumably, by those people who are using those DNSBLs) that "cablemodem IP address = unacceptably high probability of spam". Based on available data, that appears to be an very sound decision. > Their decision seems to be based on the fact that my IP is listed as > "dynamic" as it's issued by a DHCP server and listed as dynamic in ARIN. It's impossible to say without knowing the specific IP in question, which DNSBLs list it, and then querying those DNSBLs to find out why. For example, *some* IP addresses are not only marked as "dynamic", they're marked as "dynamic and known spam source" or "dynamic and open proxy". > I think they're being asinine and seriously misguided. I don't think so at all. It's a highly effective anti-spam tactic, and is an extension of the listing of known dialup IP addresses which has already been in place for a number of years. If there's anything "asinine and seriously misguided", it's the complete failure of the ISPs running these networks to properly manage them: their incompetence and neglect has made it necessary to put these measures in place. (This is not to overlook the other places where responsibility needs to be placed: the owners of those systems are responsible for what the systems do, and of course the spammers are responsible for hijacking them.) For example, my guess is that you are at 68.38.193.22, which appears to be part of Comcast's cablemodem network in Virginia. Here is a list of just the Comcast systems which attempted to deliver spam to one (1) of the mail servers I'm running during just one (1) day; I've listed each one only once, even though some of them made multiple attempts: bgp01039934bgs.southg01.mi.comcast.net bgp01550497bgs.anapol01.md.comcast.net bgp458735bgs.avenel01.nj.comcast.net bgp590601bgs.jdover01.nj.comcast.net bgp952755bgs.canton01.mi.comcast.net bgp965052bgs.derbrn01.mi.comcast.net c-67-160-100-181.client.comcast.net c-67-161-110-208.client.comcast.net c-67-162-14-188.client.comcast.net c-67-162-172-233.client.comcast.net c-67-162-44-18.client.comcast.net c-67-163-153-109.client.comcast.net c-67-163-87-228.client.comcast.net c-67-166-125-65.client.comcast.net obj1204.shmptn01.nj.comcast.net pcp01160215pcs.rocsth01.mi.comcast.net pcp01189487pcs.waldlk01.mi.comcast.net pcp01204582pcs.nrockv01.md.comcast.net pcp01257907pcs.whaven01.ct.comcast.net pcp01329652pcs.chrstn01.pa.comcast.net pcp01713183pcs.nrockv01.md.comcast.net pcp01741346pcs.howard01.md.comcast.net pcp01757297pcs.gambrl01.md.comcast.net pcp01768425pcs.audubn01.nj.comcast.net pcp01944238pcs.canton01.mi.comcast.net pcp02105240pcs.towson01.md.comcast.net pcp02159548pcs.paduca01.ky.comcast.net pcp02426223pcs.kensgt01.pa.comcast.net pcp02604896pcs.ivylnd01.pa.comcast.net pcp02644507pcs.verona01.nj.comcast.net pcp02731045pcs.ivylnd01.pa.comcast.net pcp03453737pcs.indpnd01.mo.comcast.net pcp03570379pcs.wodhvn01.mi.comcast.net pcp03673255pcs.grosep01.mi.comcast.net pcp04041869pcs.walngs01.pa.comcast.net pcp04097478pcs.neave01.pa.comcast.net pcp067262pcs.glst3401.nj.comcast.net pcp748483pcs.manass01.va.comcast.net pcp945502pcs.cstltn01.in.comcast.net tyumat_private If I had included all the other cable modem networks, DSL providers, and dialup connections, this would be a MUCH longer list. Now consider that the particular mail server in question here has exactly one user -- me -- and try to imagine what this list would look like if it were compiled from the inbound mail logs of a sizable ISP, company, or university. You might want to take that list to Comcast and ask them when they will be willing to address the torrent of abuse coming from their network, of which this is just a tiny sample. Perhaps if they were to adequately address these issues, it wouldn't be necessary for the rest of the world to take steps to defend themselves. But until that happens, I don't see any reason why all of us should bend over and grab our ankles just because Comcast doesn't (to date) appear ready, willing and able to properly operate their network. In other words, you need to realize that the DNSBL listing is not the source of your problem: it's merely a symptom. The problem exists at your ISP, and only your ISP can solve it. Since you are (presumably) paying them to operate their service in a professional manner, perhaps you should demand that they do exactly that. ---Rsk --- To: declanat_private Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? References: <5.2.1.1.0.20030709114509.0ae4d0e0at_private> From: Russ Allbery <rraat_private> Organization: The Eyrie Date: Wed, 09 Jul 2003 11:12:57 -0700 Declan McCullagh <declanat_private> writes: > Date: Tue, 8 Jul 2003 21:29:28 -0400 > From: philo <philoat_private> > To: declanat_private > Subject: Blacklist Complaint: Fwd: Postmaster Notify: Delivery Failure. > Declan, some of the blacklists are listing the IP's that cablemodem > providers assign their clients. This is screwing small publishers - > often cablemodem is the only broadband we can get (no DSL out past a > DLC), so their unilateral decision that "cablemodem=spammer" has > screwed a lot of people. They're not deciding cablemodem = spammer. They're deciding that cablemodem = should use their ISP's mail server. This is normally a very simple configuration change. If their ISP is not providing a mail server, that's another problem, and certainly a serious one. But if their ISP has their own mail server, they can solve this problem simply and easily by switching to it for outgoing mail. The reason why this is done is because cable modem and DSL address blocks tend to be *full* of people running systems who have no idea what they're doing. In particular, open proxies (people running proxy software with remote access enabled and with no or insufficient passwords) are a huge problem. They are widely and actively abused by spammers on a daily basis, perhaps even more so than open relays these days. Generally all of that spam goes out directly from the system with the open proxy on it, since the spamware won't know how to route through the ISP's mail server. This means that blocking all SMTP connections direct from cable modem connections and instead accepting mail routed through the ISP's SMTP server blocks all of that spam. There are other reasons for this as well, but I think this is the largest one these days. I agree that it's a damnable inconvenience; as an experience systems administrator, I would always much prefer to send my mail out directly from my own systems, be able to watch my own mail queues, and be in direct control of the disposition of my mail. But the fact of the matter is that the vast majority of systems on the Internet are run by naive or incompetent administrators, and those of us who know what we're doing are suffering from restrictions put in place to keep those who don't know what they're doing from causing too much damage. Don't blame the people doing spam filtering for this one. They're just trying to use what measures they can, and as spam filtering goes, this one is extremely effective at stopping spam, relatively benign, and easy to avoid. Blame the people who set up proxies on their systems without having any idea what they're doing, the authors of the proxy software for not adding sufficient security controls, and the authors of operating systems without sufficient security protection against viruses (viruses installing open proxies is becoming more common). -- Russ Allbery (rraat_private) <http://www.eyrie.org/~eagle/> --- Date: Wed, 9 Jul 2003 14:48:52 -0400 From: Mike To: Declan McCullagh <declanat_private> Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small Please redact my email address if published. Thanks. On Wed, Jul 09, 2003 at 11:45:51AM -0400, Declan McCullagh wrote: > From: philo <philoat_private> > > Declan, some of the blacklists are listing the IP's that cablemodem > providers assign their clients. This is screwing small publishers - > often cablemodem is the only broadband we can get (no DSL out past a > DLC), so their unilateral decision that "cablemodem=spammer" has > screwed a lot of people. Nobody has been screwed. He can still send mail through his ISP's server. It's a trivial change in one config file to tell sendmail to forward everything through the ISP's server. He can still recieve mail from anywhere, and his outgoing mail can have any "from" address he wants. What's the problem? If spammers weren't hijacking systems on cable, this wouldn't be needed. Sadly, the rest of us now need to protect our systems. In addition, philo will probably find that his AUP with his cable provider prohibits him from running mail or web servers on their connection. There are plenty of other places to get hosting, if not not connectivity to his home. -- mike --- Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? From: Shaya Potter <spotterat_private> To: declanat_private What's the problem? It's against the TOS of almost all cable modem providers to run a server on one's own machine. Beyond that, almost all cable modem providers allow you to send e-mail through their smtp servers. If you are in a situation where they only allow you send email from username@cable-modem.company.com, then there are plenty of fairly cheap (in reference to cable modem fees) servers that one can pay for that provide smtp via smtp authentication. the only small issue would be where a cable modem company prevents all outgoing traffic on port 25. I say small, because there's no real limitation of using smtp on port 25, you can use it on any port. Yes, we have a limit on our privacy, but the spam problems is a serious issue, and spammers would jump all over dynamic address blocks if they could. --- X-Sender: bs663385at_private Message-Id: <a0600123bbb323d0af7be@[192.168.0.3]> In-Reply-To: <5.2.1.1.0.20030709114509.0ae4d0e0at_private> References: <5.2.1.1.0.20030709114509.0ae4d0e0at_private> Date: Thu, 10 Jul 2003 01:52:26 +0400 To: declanat_private From: Brad Knowles <brad.knowlesat_private> Subject: Re: FC: Anti-spam blacklists list cable modems, hurting small publishers? Cc: philo <philoat_private> Content-Type: text/plain; charset="us-ascii" ; format="flowed" At 11:45 AM -0400 2003/07/09, Declan McCullagh quoted philo as saying: > Declan, some of the blacklists are listing the IP's that cablemodem > providers assign their clients. This is screwing small publishers - > often cablemodem is the only broadband we can get (no DSL out past a > DLC), so their unilateral decision that "cablemodem=spammer" has > screwed a lot of people. > > Their decision seems to be based on the fact that my IP is listed as > "dynamic" as it's issued by a DHCP server and listed > as dynamic in ARIN. However, my IP hasn't changed in over a > year. I think they're being asinine and seriously misguided. Most > importantly, they're doing the baby/bathwater thing and hurting those > of us who are trying to keep the spirit of the internet alive. Problem is that many people who are using cablemodems are wide-open security-wise, and are severely infected with one or more viruses/Trojan Horses/spyware/adware programs, and are being used and sorely abused as open proxy/open relay spamming servers. Recently, the Mail Abuse Protection Service (MAPS) added an "open proxy" black list, and this has been extremely effective in blocking much of the latest round of spam. This list is also, by far, the biggest list that MAPS has ever hosted, needing over fifty megabytes of RAM to store, and requiring that sites who subscribe to the MAPS RBL+ service via zone transfer (so that they can serve the data locally) are forced to upgrade to the very latest release of BIND 9 so that they can use the "IXFR" (incremental zone transfer) feature. If you want to run a business over a DSL line, you either need to get a static IP address (not a dynamic IP address that supposedly hasn't changed in a year), or you need to use the mail relay servers from your provider, or you need to contract with a third party to provide secure mail relay services through their machines (either authenticated but unencrypted with SMTPAUTH, or authenticated and encrypted with TLSSMTP). Oh, and make sure that your site really is secure against being used as an open relay or open proxy. I'm sorry. That's just the way life is these days. -- Brad Knowles, <brad.knowlesat_private> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 10 2003 - 08:32:06 PDT