Ask Slashdot: Dealing With Anti-Spam Service Extortion? 279
An anonymous reader writes "I work for a European ISP, and lately we're receiving quite a few complaints from customers about not being able to send emails because of UCEProtect's listings. After checking with their site, we found out that our whole AS (!) was blacklisted. Their 'immediate removal policy' asks for money, around 90 euros Per IP for end users and 300 euros for ISPs, and their site has bold statements like
'YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL...'
Could this be considered extortion-blackmail ? Has anyone else on Slashdot dealt with this service before?"
NEVER trust and AC (Score:5, Informative)
NEVER trust an AC. The TRUTH is RIGHT there on the linked page
FREE OF CHARGE REMOVAL:
There is no need for you to request removal, if you do not want to pay.
Every IP address temporary listed as Level 1 expires automatically 7 days after the last spam email from it hits our SPAMTRAPS. This means your IP address will be removed, lesson learned, no more spam from your computer.
The FREE option is listed FIRST, you ONLY need to pay if you want someone to manually check your SPAM sending IP can be cleared. Spammers LIE, they will abuse ANY complaint system and this costs time and energy.
Spammers rely on the low costs of their operation to remain profitable, they spend nothing and instead leech from others people infrastructure, efforts and time to make their money. The easiest way to combat this is to cost the Spammers time, energy and money. That hurts their profits the most and is the only way to hinder them.
Yes it sucks to hell and back if you are caught in between with your "legit" reasons to run a mass emailer from your own computer. But the needs of the many outweigh the needs of the one. Don't like it? You PAY ME then to deal with spam. You don't want to pay? Well... then what do you want? Email was ruined by the spammers, the old idea of anyone being able to mail anyone else is GONE thanks to them. You fix the spammers then because I am NOT going back to the days when 99% of email hitting my systems was spam.
Frankly there are so many alternatives to sending mass mail from your own system, only highly suspicious people want to go around this. And yes, loss of freedom for one means loss of freedom for all... but the costs associated with combatting spam all on your own are just to big. Installing a DNS blacklist is a cheap reliable option and the number of people hurt by it are statistical rounding errors. Really, nobody I know still uses their own email system but instead uses something like gmail with their own domain name. I use Amazon. And gosh, it just works.
Basically, it all comes down who has to spend time and effort. The recipient or the mailer. Do YOU have to make sure as a sender that your system can send to everyone OR does the recipient have to make sure that he can receive from everyone?
The recipient is the person with the least interest here in case of spam AND indeed in regular emails. If some entity wants to mail me from some home IP in black listed range. What is my motivation in wanting to receive said message? The spammer/sender is the one who needs the message to be received.
AND ALL THIS BLACKLIST REQUIRES: Is that AFTER your system has been caught sending spam, it stops sending spam for 7 days. That is all. Just 7 days without spam. The AC whiner clearly is running a system that sends endless spam. He needs to deal with that and NOT demand the entire rest of the world open their system to his spammy criminal customers.
When you sign up for Amazon EMS there are several security measures in place to avoid you using their systems to send spam. That is because Amazon and other email providers spend a LOT of money making sure their IP range remains unblocked and they do this by having people actively making sure no spam is send through their system.
Is it that difficult to ask that an ISP does the same?
Again yes it sucks if you are caught in between but hey, there are alternatives and YOU are FREE to come up with a better system. In the meantime, I take my DNS blacklist thank you very much and not shed a tear about your home mail setup. Hey, at least it is better then in the old days when many including me would just black list entire regions of the world. Still do for that matter, you would be suprised how much less attempts at hacking you get on a small webserver if you just block Africa, Asia, Middle Eaast, East-block, South-America etc etc. But you might get a legit visitor from those regions! For a local amateur soccer club home page?
My time is money,
Re:By some definitions.... (Score:4, Informative)
"You will not recieve e-mail during the next seven days UNLESS you agree to pay us 90 euro! No discussion possible!"
Sounds like blackmail to me .. It especially fits the definition "the act of attempting to obtain money by intimidation, as by threats to disclose discreditable information" - they are disclosing discreditable information, possibly even false - namely that you are a spammer, which may or may not be true. I don't think they will be so tough in court. I'd love to see them tried by the way.
ISPs can't work with this (Score:5, Informative)
If you run an ISP and use dynamic address allocation, chances are that a low percentage of your users is infected and they appear to be coming from your entire address pool. This will mean that in practice, your entire AS will be blacklisted permanently.
The way it often is solved, is that the abuse department for the ISP sets up a "custom" communications protocol with the blacklist operators. In that protocol, it's usually described how the blacklister deals with IPs (only block individuals, block for $lease_period) and that the ISP will get abuse mail for each of those offending IPs. In return, the ISP will have to take measures to pull the offending machine/customer offline in a very short timeframe, usually well within 24 hrs after the abuse mail has been sent. Often ISPs will have some sort of mechanism that will re-route the customers sending spam into a walled garden environment, in which they can only send mail via the outgoing mail servers of the ISP and not browse the web, apart from web sites of the ISP themselves and anti-virus and update websites and such.
This is by no means a perfect solution, since you are automatically tossing customers in a non net-neutrality setup because some third party triggered your abuse system. However, when configured and tweaked correctly, you get less than 3% false positives and your customers generally appreciate what you do. If you deal openly and swiftly with the false positives, even those tend to agree with your policy, but you have to make sure that you help them quickly and take the blame.
If you have a setup like this working in your environment, getting a "custom" deal with the blacklist admins usually isn't that hard, but you have to take the initiative and prove to them that you do anything reasonably within your power to take care of spammers and zombies, before they will cut you some slack.
UCEprotect is spamtrap based (Score:5, Informative)
Stop sending spam, wait 7 days and your good. Your at level 3 your AS has been spewing spam for awhile and you have done NOTHING to fix it. As an ISP you should be checking all your IPs against all major spam lists and proactively dealing with spam. This will probably mean loosing customers. Some things to consider it's trivial to setup a relay server for your own mail servers outside your AS to keep outbound email going. Look into some technical means like transparent outbound spam filters, outbound port 25 syn rate limiting, or a plethora of other aids. Those clients will all claim it's triple opt in super secret they have everybody's dna on file, they are lies. Remember that spammers are at worst criminals at best have absolutely no morals in either event they have no compunction lying to you. Strengthen your TOS put BIG fines in there for repeated spamming wave them based on your gut and history. Often you need something to push legit companies to fix there issues.
All thing considered getting to l3 means your just ignoring the spam coming from your network. You need to get proactive and fix the root issue of spam spewing from your network. There are plenty of technical methods to avoid the 7 days block that are far cheaper then paying them. At the end of the day spend less energy railing about "blackmail" and more policing your network. If you do not, your facing the internet death penalty and the business needs to go under this is the internet working as intended.
Re:NEVER trust and AC (Score:3, Informative)
So, if there is *one* low-rate (one message per day) zombie spambox connected somewhere in Comcast LA's AS, the reasonable thing for a blacklist maintainer to do is to blacklist *every* Comcast customer in LA?
Yes. It's not worth anybody's time and effort to sort through sock puppets beyond that scale. Questions of who is responsible for what falls into the category of "Not my fucking problem."
We have already long since learned that the chainsaw really is preferable to the scalpel when dealing with spam.
Re:Someone is full of himself (Score:5, Informative)
been hiding under a rock much?
http://en.wikipedia.org/wiki/The_Abusive_Hosts_Blocking_List [wikipedia.org], considering his own name is HARDLY spattered over the internet as a karma whore / full of himself - I would be much more likely to to believe him than some trolling A/C that has what, committed translations from English UK to English US? Of course that is on the assumption that the poster is who he says he is but if you did actually google rather than being arrogant and full of yourself - then you would find that the guy has indeed been rather involved in anti spam lawsuits etc.
http://www.declude.com/Articles.asp?ID=262 [declude.com]
OR
"My name is Andrew D Kirch, I'm one of the founders of the AHBL, and served in that capacity until 2008. I've been harassed, extorted, sued, and defamed by a Mr. Richard Morton Scoville, a resident of San Antonio, Texas for a period of 7 years. During that time I have suffered nearly irreparable damage to my character, and public reputation. I've been questioned by police, and my customers, and I have incurred over $10,000 in legal costs defending myself in court against this person."
So, AC - is your code contributions worth $10k to you?
OR
http://www.ahbl.org/legal/scoville/courtdocs [ahbl.org]
Let me just make another assumption here, You are American and don't know who "Tim" Berners-Lee is either? I actually couldn't care less if you do or don't know who he is - but my point being is you wouldn't do the extra effort to look it up.
not posted anon, because I've not been a pussy since 1994.
Re:Contact local prosecutors (Score:2, Informative)
www.law.cornell.edu/uscode/text/47/230
They can run this service within the law. Like it or not, it's legal.
These blacklist services break normal email (Score:5, Informative)
So we got blacklisted, and checking the logs we had *NO* outgoing email at the time of the accursed spam message(s). The blacklist service didn't give me the whole message, but it contained enough for me to find reference to it in my log.
Near as I can figure, some spammer sent email to us through an open relay, using a honeypot (you get classed as a spammer if you send email to this address ) as his spoofed 'from: address'. My mailer refused to accept the email to the abandoned address, so the relay returned the 'undelivered' message to the honeypot address.
Now I had several problems with this. First, to avoid blacklisting, I had to remove this helpful service. Now those messages go to
More recently, I had newsletter messages sent to a members of a private club bounced by their local ISP. The sending IP address was not listed in any blacklist I could find. The ISP was just refusing connection, No message, nothing. (I could send email to that ISP from other services like gmail) They wouldn't take my call ( I'm not their customer) so I had some of their customers call and ask "Why am I not getting these newsletter messages?" . I wasn't on the call, but it sounded like they just played dumb. A few of the list members gave us non-local-isp addresses (gmail , yahoo) and now they get the newsletter there.
Again, legitimate email loses out.
And finally, Just about every time, my "password reset" messages end up in people's spam folder. This is one of my most common support calls. (this even after the page where they request the password reset says right on it "check your spam folder" ) There are lots of false positives on spam.
Re:Stop sending spam then. (Score:5, Informative)
If you don't want to be blacklisted, then stop sending spam. Simple.
You're an ignorant fool. Unfortunately, too many sysadmins are just as ignorant, so they trust these badly-run, possibly with malicious intent, services. We've never sent 1 spam e-mail in 12 years doing business online and have been blacklisted several times by UCEprotect due to them recycling old domains (which were used by users to register on our site) for use as spam honeypots. They wasted countless hours of our time for nothing.