[Techtalk] Over-zealous spam filtering (by Raven's ISP?)

Whoppo whoppo at whoppo.net
Sun Sep 22 20:03:57 EST 2002 

I ususally don't bother wasting bandwidth to justify what I do with my 
personal time or my personal property, but I'm feeling somewhat compelled to
repsond to the unrest that seems to be resulting from the "Zero-Toleance" 
policy we've adopted towards email spammers.

I'll start by emphasizing that Raven and I run our own servers for hosting of 
domains, websites, email and various other internet-related content.
These servers are 100% privately owned and administered by us. WE  pay the 
hundreds of dollars per month for both co-location and a high bandwidth
commercial connection at home and we do so for OUR convenience. The accounts 
on these servers are for our personal use and the use of family
members and a few select friends.. that's all... nobody else... period. 

Now...  about the filtering of entire domains.. If a domain is obviously no 
more than a source of spam (ie- optin-offers.com,
emailoffersforyou.com, etc) it gets banned as soon as we see it soiling our 
in-boxes.  Domains that are more generic (co.uk, co.jp, mail.com, etc.)
are given a little more slack to begin with.. When we smell the stench of 
spam from one of these, the host gets banned..  when a domain racks up 5
to 10 host bans, those host bans go away and the entire domain gets banned.  
If it turns out that a domain ban is a problem for any of the handful
of accounts on our private server, then we'll work around that... otherwise 
it stays in place.  So there are a million users somewhere on the other
side of the planet that can't send email to this handful of addresses... 
sorry 'bout that, but they'll just have to get over it. If the inability to 
send us email causes them pain or anguish, perhaps they should get out more.
If the wording on the bounce message is offensive, I'll gladly furnish a 
sampling of the far-more offensive material that earned that host and/or 
domain a place on our list.

A word about notifying ISP's: There may indeed be some very dutiful and 
responsive "abuse" managers scattered amongst the vast sea of ISP's, however 
these number very few in the big picture. Since I put my first co-located 
server on line 4+ years ago, I have sent literally hundreds of letters to 
ISPs regarding spam and other types of malicious traffic from their users and 
to date I have never received more than an auto-responder message stating how 
much they care, while the traffic continued. 'nuff said.

Our current "shit list" (yes... this list is for the most part appropriately 
named) blocks an average of 100 - 300 pieces of junk mail every single
day.  To date, there have been only two(2) pieces of legitimate mail 
blocked..  Let's quantify this for just the past calendar year...  that's TWO
pieces of legit mail bounced compared to 30,000+ pieces of unwanted and often 
offensive spam rejected..  looks to me like our policy works just
fine.

If you're taking offense to our spam policy, well..  there's most likely not 
much I can say to make you feel better... please don't take it personally 
(unless you're a spammer of course). If you think making a big fuss over this 
policy will cause it to change, you'll surely be disappointed. We are 
violating no laws nor are we in violation of any AUP that our providers may 
have in place and subsequently not under any obligation to change it. 


To wrap up my little rant I'll offer the following:
As a result of the flurry of concern over our filtering "every company in 
Japan" I decided to remove the "co.jp" domain from the list as a test and 
within just a few hours I was blessed with a great offer from a co.jp host 
where I could obtain all the "Farm animals with Teen-age sluts" my monitor
could handle. They were even kind enough to provide a sample of this 
wonderful pictorial offering. Perhaps this might help explain the descriptive
name of our filter list.

We are not "evil administrators"... we are not bad people...  we've just had 
enough spam and these are the measures we taken to deal with... 

There... I'm done ranting..  Thanks for your attention and apoligies for 
consuming your bandwidth by adding to this already off-topic thread.

Flames are gladly accepted, though frequently redirected to /dev/null.

Ron

--
If you lived here, you'd be home now.


---------- Original Message -----------
From: Maria Blackmore <mariab at cats.meow.at>
To: techtalk at linuxchix.org
Sent: Sun, 22 Sep 2002 23:21:32 +0100 (BST)
Subject: Re: [Techtalk] Over-zealous spam filtering (by Raven's ISP?)

> On Sat, 21 Sep 2002, Raven Brooke wrote:
> > I'm sorry if the filtering on our mailservers has inconvenienced anyone 
on 
> > the linuxchiq lists. For more detailed information about the situation, 
> > please point your browser at:
> > 
> > http://banned-for-spamming.us/about-the-spam-policy.txt
> 
> Hmm.
> 
> I've read through this
> 
> To be honest, as an abuse contact at an ISP, I feel really quite annoyed
> about this.
> 
> How the hell am I supposed to know that one of our customers is sending
> spam unless you *tell*me* ?
> 
> Neither me nor our smarthosts are psychic.
> 
> > On Fri, 20 Sep 2002, James wrote:
> > > permanent, unless you contact them by snail-mail (not online) to object!
> > 
> > it wouldn't be very practical to expect them to email after we had 
blocked 
> > their domain,
> 
> What is wrong with email from postmaster@$domain, or to
> postmaster@$yourdomain?
> 
> > and we certainly aren't going to provide known spammers with a webform
> > or other additional means to continue targeting us.
> 
> Well, considering that the person that sent the spam is never going 
> to see the rude message, what does it matter?
> 
> > > (It's also pretty rude: "553 ##### YOU HAVE BEEN SHIT-LISTED **..." - 
> > > hardly a helpful message to send other Net users!
> > 
> > I'm sorry if this offended you, but if you saw even a small percentage of 
> > the "XXX These women will actually fsck animals! XXX" mails that caused 
us 
> > to create the banned-for-spamming.us domain you might agree that this is 
a 
> > very mild response.
> 
> Sorry, I do get those emails, and I still don't agree.
> 
> Two wrongs do not make a right.
> 
> This seems to me like a very angry response, lashing out without focus.
> 
> > > Among others, they have blocked ALL mail from: Chello, the largest cable
> > > ISP in Holland; Rogers cable; CharterPipeline; *.co.jp;  Eudoramail.com;
> > > GMX; the University of Waterloo, Canada; Wanadoo, France's broadband 
ISP -
> > > with filters like that, does ANY mail get through?!
> > 
> > yup, all these offenders are guilty, guilty guilty of sending unsolicited 
> > and sometimes highly offensive material to us and/or our friends, family 
> > (including our teenage children) and the few others who share our 
> > mailserver. They bring this stuff in our home once, we don't invite 'em 
> > back.
> 
> Except they're not though, are they?
> 
> They're ISPs, they're being paid for a service, it's none of their
> business what the content of the email is, they are being paid to 
> send the email to the destination.
> 
> You're shooting the messenger, and you're shooting the messenger in 
> such a way that word never gets back that the messenger was shot.
> 
> You're blaming completely the wrong organisation here.
> 
> The ISPs do NOT know that any one particular user has sent spam, you 
> have to TELL THEM.  This message contains no useful information and 
> is in itself abusive.
> 
> > Once again James, I apologise if you or anyone on the list was 
> > inconvenienced. Thank you for being concerned :-)
> 
> My concern here is that this is going to become a more widely adopted
> practice, especially with such an abusive bounce response.
> 
> This is thoroughly the wrong way to go about this.
> 
> ISPs need to be told when their users are sending spam, we don't magically
> know.  Where I work we have statistics on email sent through the mail
> servers ... but how do we know if the spike of 5000 emails from a single
> user is someone sending spam, a customer with an open relay, or a
> legitimate customer that is sending email out to a mailing list that 
> their customers are subscribed to?
> 
> This message is *NOT* helpful.
> 
> By all means, refuse messages from an ISP, but you have to do three
> things.  You have to tell the ISP that you are doing this, you have 
> to tell them why you are doing this, and then you have to provide a 
> means for the ISP to tell you that they have eliminated the problem.
> 
> The thought occurs that a suitably petty response to this petty 
> action is for some large ISP to advertise your netblock(s) via BGP,
>  and then null route them.  The reason for this is that I am pretty 
> certain that that bounce message must violate at least a few 
> acceptable use policies, and also violates the Telecommunications 
> Act 1984, here in England and Wales, which states that it is an 
> offence to send
> 
> 	'by means of a public telecommunications system,
> 	a message or other matter that is grossly offensive
> 	or of an indecent, obscene or menacing character'.
> 
> The act itself is available online here:
> 
http://www.communicationsbill.gov.uk/legislation/Telecommunications_Act_1984.d
oc
> I can't seem to find a more friendly format, but google does a good 
> job of rendering it as HTML.
> 
> Just my .. hmm .. must be a good 4p by now :)
> 
> As always these are my own comments, and in no way related to my employer.
> 
> Maria
> 
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
------- End of Original Message -------

More information about the Techtalk mailing list