[...]

Top Page
Delete this message
Reply to this message
Author: Unknown
Date:  
Subject: [...]
From all the evidence available, SPEWS isn't particularly address-based for
listing criteria - they just list IP addresses as the most convenient way to
reference errant entities. If someone who is known to be a bad egg pops up
on new address space, SPEWS has been known to list "on-sight".

Also, the onus is, I think, on the erring party to make some good-will
gesture to indicate that they have erred, and that they know they have.
Simply saying "oh, we terminated that spammer" says nothing about whether
the listed party knows that what they have done is not good Internet
practice. That's something that Eli has patently failed to do.

> > At any rate, it may not even be *your* addresses listed in SPEWS. If
> > you're renting those addresses from someone else, (say your upstream) it
> > may be their inaction that has caused your addresses to be listed, in
> > which case, it's time to move.
>
> O.K. the guy may be a fool but I didn't see anything in your post that
> explained how he should go about getting himself removed. I say that not
> for his benefit but for others on the list.


The SPEWS FAQ has some points on the matter. Short answer: boot all the
spammers from your network, and respond effectively to spam complaints sent
to the appropriate addresses.

That is, of course, assuming it's you that's listed - and I'll admit that
SPEWS records are open to misinterpretation. If it's your ISP that's listed
(and if you don't have your own IP space, that's fairly likely) then your
options are to force your ISP to remove all traces of spam support from
their network, move to another network provider, or live with it and use
someone else as your mailhost.

> >>Anyways, several years later and our ips are still blocked and we never hear
> >
> > So contact those who are blocking them and ask to be whitelisted. If the
> > recipient really wants your e-mail, they'll be happy to do so.
>
> As I said the blocking list is not going to be of much use if you have
> to white list everyone. I like the idea of spews being the bad cop. If


Yeah, it would be. It would appear that those who use SPEWS are pretty
happy with things as they are, though, because there are an awful lot of
people who whinge about being listed in SPEWS - and that wouldn't be
happening if nobody used it...

> someone gets on there list because they didn't react to an abuse email
> promptly then good but a minimum sentence of one week for each day the
> problem existed before parole will be considered sounds like a deterrent
> to get ISPs to run a tighter shop and yet cause people still to use spews.


Putting absolute listing criteria like that just codifies the rules for the
spammers, and allows ISPs to do a risk/benefit analysis. "OK, we'll host
this spammer for a week, because we can keep the rest of our customers
hanging for seven weeks with excuses and bullshit, and that one week's worth
of spammer revenue is worth X lost customers...".

SPEWS being a shadowy entity does have some benefits...

> If spews sets the rules for getting off the list to so hard then no one


Truly it is not hard to get off SPEWS if you truly want to - it's just that
there are plenty of people who want off SPEWS without really cleaning up
their act. There are a few hard-bitten anti-spammers who started off life
in a SPEWS listing - but they listened to the advice given, cleaned up their
act, and they're now in the fight against spam. Plenty more people have
gotten themselves unlisted.

It's a pity that SPEWS doesn't keep old records around, otherwise I could
give you a few netblocks that have been cleaned up and de-listed.

And, as much as SPEWS is largely automated and expiry-driven, mistakes do
happen. There is evidence that a discussion about your listing will be
noticed fairly quickly by SPEWS, and acted on if accurate. But the listed
party *has* to remember that *they* are the cause of their listing, and that
*they* are the guilty party. Ranting about unfairness, Frea Speach (sic)
and frivolous lawsuits does not help one's case.

> > There are plenty of things you can do. If you listened in nanae, you'll
> > know all the options.
>
> Well he and many other postmaster are listening on this email thread why
> not post them. I don't even know what nanae is yet. It would take even


nanae = news.admin.net-abuse.email. It's basically discussion of e-mail
abuse, ways to combat it and so on.

> extra time to track it down and find out all the issues.


OK, I'll give everyone here the standard rundown. I'm working entirely from
conjecture, because SPEWS doesn't have a codified set of standards, but it's
popular conjecture from those on nanae, who are probably the best
SPEWS-studiers around.

The first big question which people need to know is, how does SPEWS operate,
listing wise? Best guesses are that SPEWS runs spamtraps on multiple
independent systems on the 'net, which are probably publicised in various
ways, but for which e-mail is not solicited. As a result, any e-mail which
lands there is, most likely, spam. Either automatically or as the result of
a simple vetting procedure, any e-mail hitting these spamtraps is reported
as spam to the netblock owner it came from, as well as any spamvertized
URLs. If nothing is seen to be done about the problem (hosts still up, DNS
and websites still available) the offending IP addresses are listed. If
more of the same spam is received, the listing widens appropriately.

So, the first way to stay off SPEWS is to read abuse@ and swat any spammers
who come calling, very quickly. This isn't just good SPEWS-avoiding
practice, it also limits the abuse which spammers can wreak on the 'net at
large, so you're being a good net citizen by doing so. In short, acting
quickly keeps you off SPEWS, and is really the minimum you should be doing
to keep your net neighbours happy.

If you do somehow get listed, then you really do have to do a complete
spammerdectomy. SPEWS lists those entities which are the cause of the
listing, so removing all traces (connectivity, e-mail boxes, DNS, websites,
the *whole* *lot*) of the spammers (and any other accounts they might have)
is a pre-requisite. SPEWS appears to monitor these goings on, so the
listing might disappear. Discussing it rationally on nanae appears also to
highlight the case, and listing exactly what you've done, how you've got
someone reading abuse@, beefed up your ToS, and are suing the spamming
customers you just booted for their abuse of your system, will likely be
seen as a good thing.

I know there are at least two other nanaeites who participate on this list,
so if they'd like to fill in my blank spots, I'd be most grateful.

--
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer, Geek In Residence
http://ieee.uow.edu.au/~mjp16