Re: [exim] Who is APEWS.ORG

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Ian Eiloart
CC: exim users, Peter Bowyer
Subject: Re: [exim] Who is APEWS.ORG


Ian Eiloart wrote:
> --On 29 March 2007 11:39:49 +0100 Peter Bowyer <peter@???> wrote:
>
>
>> On 29/03/07, Ian Eiloart <iane@???> wrote:
>>
>>> Actually, the only thing 'Perkel specific' here is the objections that
>>> are being raised. Had anyone else started this thread, I don't believe
>>> those objections would have been raised.
>>>
>>> It's certainly not unusual to discuss the merits of implementing certain
>>> features that Exim provides. Indeed, it's quite common for people to
>>> reply "you should not do that" in response to a "how to question".
>>>
>> True, but the merits or otherwise of sender callbacks are a path
>> well-trodden - a bit like the SPF example that Nigel quotes in the
>> list info on the wiki.
>>
>
> Perhaps. I've not checked, but I don't recall any discussion of RBLs
> listing (or claiming to list) servers *because* they do sender address
> verification callouts. I'm grateful to Marc for alerting us to this. I also
> think its interesting to find out something about the RBL, and the people
> behind it (including what disinformation is out there).
>
> So, I think this thread has been useful, and would have died already were
> it not for the unnecessary complaints.
>


The two lists I mention UCEPROTECT and APEWS block people who do sender
verification callouts. And they have manually added me to the list
because I'm standing up to them about it. If you search google you'll
find that they started blocking Verizon for the same thing.

The reason I know that they manually entered my data into their system
is that they list specific IP addresses of mine that I used for dummy MX
records that they claim to have received activity from when I know that
there has never been a computer on those IP addresses. That why I'm
trying to hunt these people down and expose them. I'm pretty sure at
this point that APEWS is just a front for UCEPROTECT allowing them to do
more mischevious stuff than they would do under their company name.

Here is the policy of UCEPROTECT

*What we consider abusive too!*

Spamming is not the only thing that can get your IP address or netblock
on UCEPROTECT-Lists.

Actually following techniques are considered abusive too, even if some
seem to become or are very popular;
SRS (Sender Rewriting Scheme)
<http://www.uceprotect.net/en/index.php?m=10&s=12>, Sender callouts
(Verifys) <http://www.uceprotect.net/en/index.php?m=10&s=13>, Virus
reports <http://www.uceprotect.net/en/index.php?m=10&s=14>, Backscatter
<http://www.uceprotect.net/en/index.php?m=10&s=15>.
.
Simply use common sense before using any new technique. If a technique
or procedure is capable of causing your computer system to be part of a
DDOS against others, you would be better not use it.
*Please read the submenus to get an idea what you should prevent to do.
*

The thing is with Exim sender verify is extremely light and it works
really well when done correctly. And Exim - thanks Phil - does it
correctly, and then some. I welcome sender verification calls myself
because it keeps spammers from wanting to use domains that I host as
fake from addresses which greatly reduces the load on my servers. Sender
Address verifiction works.

So - when someone is adding people to spam block lists like me and
Verizon because we use SAV then that's an issue that is worth discussing.