Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
The Internet Technology

Ask Slashdot: Dealing With Anti-Spam Service Extortion? 279

Posted by Unknown Lamer
from the with-an-axe dept.
An anonymous reader writes "I work for a European ISP, and lately we're receiving quite a few complaints from customers about not being able to send emails because of UCEProtect's listings. After checking with their site, we found out that our whole AS (!) was blacklisted. Their 'immediate removal policy' asks for money, around 90 euros Per IP for end users and 300 euros for ISPs, and their site has bold statements like 'YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL...' Could this be considered extortion-blackmail ? Has anyone else on Slashdot dealt with this service before?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Dealing With Anti-Spam Service Extortion?

Comments Filter:
  • by Anonymous Coward

    In the US, I'd say what they're doing is restraint of trade. It's kinda like what Yelp does here. People list a business or service. It cost extra to remove negative reports. I avoid them.

    While you may not have the resources to deal with these assholes long term, maybe the lawyer will say "litegate" or they may just say "Pay the extortion".

    Or you could just find the principles involved and do an Anonymous disclosure on them. Maybe they don't want a bullseye painted on their foreheads or their cars or w

    • Re: (Score:2, Informative)

      by Anonymous Coward

      www.law.cornell.edu/uscode/text/47/230

      They can run this service within the law. Like it or not, it's legal.

    • by terec (2797475)
      Restraint of trade is about enforceability of contractual restrictions on trade that you agreed to; I don't see how that applies here.
  • by jimpop (27817) * on Tuesday December 25, 2012 @03:21AM (#42386083) Homepage Journal

    I'm a receiver, I use UCEProtect to score emails, they help to block a LOT of recent and bleeding edge spam. I don't have to pay them anything for their assistance.

    • by LourensV (856614)
      How many false positives do you get though? In a classifier, having a high true positive rate is good, but only if it comes with a low false positive rate. It seems that in this case, perhaps there are a few too many false positives.
      • You find that when you start turning up spam solutions to high levels, a lot of legit shit gets filtered.

        I mean if all you care about is blocking spam, I can give you a 100% solution: Just block "." as in the root of all DNS. No more spam, ever. Of course it also will have a massive false positive rate, you won't get any e-mail at all.

        If a spam service just takes the "Block all of the things!" attitude it really isn't that useful overall.

        • L3 is pretty much reserved for networks that have been spewing ext ream amounts of spam and failed to do anything about it 250 ish are currently listed. Often the non technical guys in charge (also known as PHB's) are willing to ignore outbound spam from paying customers as it costs them nothing and makes them money. L3 is pretty much for those companies that ignore any and all outbound spam those with abuse@ sent to /dev/null as loosing there other customers is the only way to get them to act. As to rat

        • by russotto (537200) on Tuesday December 25, 2012 @09:56AM (#42387095) Journal

          I mean if all you care about is blocking spam, I can give you a 100% solution: Just block "." as in the root of all DNS. No more spam, ever. Of course it also will have a massive false positive rate, you won't get any e-mail at all.

          And since anti-spam blacklist maintainers are fanatics who only get more fanatical, they do tend towards blocking /0 as their endgame.

      • by jimpop (27817) *

        Rarely a FP, perhaps one a year. Like I said, I don't use them (or any RBL) to block, I do use them to aid in scoring.

      • Re:Flip side.... (Score:4, Insightful)

        by Anonymous Coward on Tuesday December 25, 2012 @04:43AM (#42386253)

        There are two kinds of false positives: The individual email kind and the netblock kind. Users care about individual email. They want to receive legitimate email even if it comes from an IP address that belongs to a spam-friendly ISP. Blacklists are more concerned with netblocks. They don't rate individual messages. They rate ISPs. The submitter is affiliated with a hosting cooperative. They're probably not openly spam friendly, but cooperatives are usually short on manpower, so their monitoring and their response times may not make them sufficiently "tough on spam" for some tastes.

        If UCEProtect is run properly, then they have evidence of spam coming from that netblock, and if their listing and delisting policies are well defined and implemented, then they are well within their rights to require compensation if an ISP wants them to manually check that they've cleaned up their act and expedite delisting. If UCEProtect is much too trigger happy, then wrongfully accused ISPs should complain to the recipients' ISPs who use UCEProtect to block email and get them to remove or reduce the influence in the scoring. A rogue DNSBL has no power if nobody uses them.

  • by hxnwix (652290) on Tuesday December 25, 2012 @03:23AM (#42386093) Journal

    Adding an IP address to their whitelist is no easy thing. You see, they hire only blind, deaf quadriplegics, so each octet is entered in binary through a mouth open/close morse code interface. But that's only after your request makes it through the queue to be read through tactile forehead tapping tty... Perfectly understandable that these folks detest spam, isn't it?

  • By some definitions it sure is, whether that means anything legally where you are located is a "lawyer question."

    blackmail [blak-meyl]
    noun
    1. any payment extorted by intimidation, as by threats of injurious revelations or accusations.
    2. the extortion of such payment: He confessed rather than suffer the dishonor of blackmail.
    3. a tribute formerly exacted in the north of England and in Scotland by freebooting chiefs for protection from pillage. verb (used with object)
    4. to extort money from (a person) by the use of threats.
    5. to force or coerce into a particular action, statement, etc

    blackmailer, noun
    blackmail (blækmel)

    1. the act of attempting to obtain money by intimidation, as by threats to disclose discreditable information
    2. the exertion of pressure or threats, esp unfairly, in an attempt to influence someone's actions
    3. to exact or attempt to exact (money or anything of value) from (a person) by threats or intimidation; extort
    4. to attempt to influence the actions of (a person), esp by unfair pressure or threats

  • Ask your company's legal team about options, such as suing in the UK for defamation.

    Just a thought.

    How about sending a bunch of spam from a laptop at an open Wifi like Starbucks, where the spam is promoting UCEprotect.org. Send it to/through Gmail and other blacklist organizations. The goal being to get them placed on a spam blacklist...

    Either seems preferable to spending 300 Euros for an express de-list. Then, doing it again, etc.

    Make sure you monitor out-going email through your ISP's servers so that n

    • by jopsen (885607)

      How about sending a bunch of spam from a laptop at an open Wifi like Starbucks, where the spam is promoting UCEprotect.org. Send it to/through Gmail and other blacklist organizations. The goal being to get them placed on a spam blacklist...

      How about considering the fact that 300 Euros is nothing to an ISP. But it's enough to make it infeasible for spammers to pay up.

      Ever considered the fact that UCEprotect might be a legitimate organization? (I wouldn't know)

      Sure, the telling people that they are stupid if they claim blackmail and thusly, will not be allowed to delist, might not be the wording a lawyer would have used. But it's probably a lot less evil than the EULAs we click OK to on a daily basis, it least this one is honest :)

      PLEASE NOTE THAT THIS IS AN OPTIONAL OFFER ONLY.
      YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL, EXTORTION, SCAM OR SIMILAR BULLSHIT.

      Also, not

      • by nabsltd (1313397)

        How about considering the fact that 300 Euros is nothing to an ISP. But it's enough to make it infeasible for spammers to pay up.

        A spammer with one IP address would be paying US$115 (I don't know why the summary lists the fees in Euros, as all of them are actually in US dollars) and US$345 for one "allocation". The de-listing has to come with a guarantee of not getting back on the list as easily (because the assumption is you're not going to pay to remove a real spammer). For those low prices, a real spammer would actually be glad to pay. And, without the guarantee, UCEPROTECT's unknown method of determining spam could put the IP

      • You say:

        Ever considered the fact that UCEprotect might be a legitimate organization? (I wouldn't know)

        But then you say:

        PLEASE NOTE THAT THIS IS AN OPTIONAL OFFER ONLY.
        YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL, EXTORTION, SCAM OR SIMILAR BULLSHIT.

        I think we know whether they're a professional organisation...
        Let's also take a look at their website [uceprotect.net], and their 'Cart00ney' publication [uceprotect.org] of legal documents Piratebay-stylee.
        If they're not an outright illegitimate organisation, they're a jolly dubious one.
        They also seem to imply that they're involved with 'Bavarian municipals', but seem awfully coy about naming them.

        A good response may be to draw the attention of the service providers you can't get email through to as to the nature

    • Ask your company's legal team about options, such as suing in the UK for defamation.

      Just a thought.

      How about sending a bunch of spam from a laptop at an open Wifi like Starbucks, where the spam is promoting UCEprotect.org. Send it to/through Gmail and other blacklist organizations. The goal being to get them placed on a spam blacklist...

      Either seems preferable to spending 300 Euros for an express de-list. Then, doing it again, etc.

      Make sure you monitor out-going email through your ISP's servers so that no spam is being sent by your customers.

      Not only is that immoral, it's likely illegal.

    • by The Moof (859402)
      You're not the first comment to suggest legal action, but here's my thought: Perhaps there is something going on that legitimately got them on the list.

      The summary states they're an ISP, so I don't think it's out of the question that a few customers picked up some malware. The malware might be sending out the spam that gets them blacklisted. The might use non-static addresses, which could've led to the whole block getting flagged. If you take them to court, this fact will not only ensure you lose, but
  • by egcagrac0 (1410377) on Tuesday December 25, 2012 @03:31AM (#42386113)

    Maybe it's the language barrier, but that seems like a lot of smiley faces and profanity for a professional organization.

    Their revenue model seems odd as well - it's almost like they're set up just to extract money from senders.

    My instinct is don't pay them, figure out why you got listed, and stop whatever triggered the listing.

    If the customers are complaining excessively, consider the unblock fee - once. Definitely terminate the accounts of the spammers.

  • Some Suggestions (Score:5, Insightful)

    by Anonymous Coward on Tuesday December 25, 2012 @04:14AM (#42386187)

    Firstly, as Pamela Jones over at Groklaw would tell you in a heartbeat, convince someone at your company to take legal advice. If your company is contemplating action of any kind in response to what has happened, it is critically important that you understand that your intended steps will not undermine you at some later date. Only a legal professional can tell you that. So please, get proper legal advice.

    Secondly, thinking about the relationship between yourself and the party you believe to be performing the blocking/spam filtering. Is the issue between your company and the third party, or your *clients* and the third party? I can understand that you are coming under fire from your clients, but please refer back to the first point, above.

    Third, go get familiar with the relevant legal frameworks. Your legal support, when you hire, them, is going to start asking legal questions. You understand the tech, but take the time to familiarise yourself with the law. Start with: RIPA (the Regulation of Investigatory Powers, which, IIRC, makes it illegal to intercept any communication between two parties), PEC (the Privacy in Electronic Communications Act [2003]), and take a quick look at the DPA (Data Protection Act [1998]) inasmuch as the data being generated and acted upon by the third party [email addresses] was created for the express purpose of *routing email traffic*, not *filtering* email traffic. There may be an argument that the filtering is inappropriate. See how a lawyer (I'm not one) can help you here???

    Fourth, are there any professional trade bodies or organisations that both your company and the third party subscribe to (i.e. a UK Association of ISPs) that may have a dispute handling process? Are the two parties able to sit down with an arbitrator? If so, this might be a free service that you could try?

    Fifth, if all of the above fail, then use of the Internet in the UK is regulated by various Government departments and Quango Regulators, such as the ICO (Information Commissioner's Office) and Ofcom (the Communications Watchdog). As above if you have taken proper legal advice from a law firm with expertise in this area, they should advise you on the best method of engagement.

    I understand that you want to help your clients, but in this case it's critically important that any steps you take don't make it worse. Legal advice must be step 1.

    Hope this helps...

    • Yah... legal advice (Score:4, Interesting)

      by SmallFurryCreature (593017) on Tuesday December 25, 2012 @05:13AM (#42386315) Journal

      The guy posts the question as an AC. Why? That is a MAJOR red flag.

      Secondly, no consumer ISP would tolerate such a question being asked on a public forum, they have lawyers in house to deal with this kind of stuff, they do NOT Ask Slashdot. Never. No way, no how.

      10 to 1 that this is some east European with a couple of servers at a hosting party who hires them out to spammers and now finds his leased servers are useless to those same spammers because his IP range has been blocked and he wants them unbanned to he can continue to rent out his servers to spammers.

      DNS block lists do on occasion hurt real newsletters. But this is about a legit newsletter, why is not mentioned? If this is a legit service that is being hurt, why is not mentioned. If it is a legit ISP that is being hurt, why is it not named?

      Could it be that this question is posted by an AC with not even a hint about the nature of the hurt party being the very generic label "ISP" is that even the simplest google research would reveal that the ISP in question is a spam haven?

      Anyway, a DNS list is just a list of numbers. It is a fact list that does nothing unless someone ELSE uses that list. Listing ip's on a list cannot be illegal and block mail from MY server is perfectly legal as well.

      Spammers have tried fighting DNS lists for years now and failed. This question should never even have been asked.

  • by ThreeGigs (239452) on Tuesday December 25, 2012 @05:02AM (#42386295)

    Obviously anyone giving you legal advice has failed due diligence. From their site: "Every IP listed will expire 7 days after the LAST abuse is detected, and FREE of charge."

    So, find out whoever is spamming, and put a stop to it. It might be different if your ASN is listed, but I'd still be looking for spam sources on your own network.

  • It looks more like UCEProtect is declaring to its customers that you are a spam haven and that they should not be accepting any mail from your systems. That sounds more they are libeling/slandering you. I am not a lawyer but I imagine an imaginative legal team would be able to sue UCEProtect in that way.

    • by strredwolf (532)

      True, but then they'd be hit with proof: The spam that hit the spamtrap from that IP address. They keep those things!

      UCEProtect isn't the first one to get sued. It won't be the last.

  • by silas_moeckel (234313) <silas AT dsminc-corp DOT com> on Tuesday December 25, 2012 @06:42AM (#42386507) Homepage

    Stop sending spam, wait 7 days and your good. Your at level 3 your AS has been spewing spam for awhile and you have done NOTHING to fix it. As an ISP you should be checking all your IPs against all major spam lists and proactively dealing with spam. This will probably mean loosing customers. Some things to consider it's trivial to setup a relay server for your own mail servers outside your AS to keep outbound email going. Look into some technical means like transparent outbound spam filters, outbound port 25 syn rate limiting, or a plethora of other aids. Those clients will all claim it's triple opt in super secret they have everybody's dna on file, they are lies. Remember that spammers are at worst criminals at best have absolutely no morals in either event they have no compunction lying to you. Strengthen your TOS put BIG fines in there for repeated spamming wave them based on your gut and history. Often you need something to push legit companies to fix there issues.

    All thing considered getting to l3 means your just ignoring the spam coming from your network. You need to get proactive and fix the root issue of spam spewing from your network. There are plenty of technical methods to avoid the 7 days block that are far cheaper then paying them. At the end of the day spend less energy railing about "blackmail" and more policing your network. If you do not, your facing the internet death penalty and the business needs to go under this is the internet working as intended.

  • by Anonymous Coward on Tuesday December 25, 2012 @06:50AM (#42386531)

    I've had to deal with UCEProtect in my job as a system administrator. Whenever we got listed it was because their spambots (that send mail coming from the droppatrol.de domain) managed to get a bounce out of our system. We allow our users to forward mail offsite and some do to sites that are far far less permissive then us, and when that happens we properly send the bounce.

    I would say that running spam bots, and then asking someone to pay to get off a blacklist that their spambots got you onto, is effectively organized crime type extortion.

  • by strredwolf (532) on Tuesday December 25, 2012 @07:49AM (#42386685) Homepage Journal

    There is a reason you are listed:

    * You have spam originating from your system for too long of a time.
    * You are unresponsive to reports.

    So, your entire network range is listed. Everyone is bouncing emails. Everyone is complaining to you, and you've noticed. You've been forwarded the site, and you're contemplating just paying them off... except that it just won't work. You'll be relisted again, and with reason -- someone on your network spammed and nobody's listening.

    Thus:

    * If you haven't done so, open up abuse@ and point it to somebody with the power to diagnose, disable, and close accounts.
    * If the guy behind abuse@ doesn't have said above power, GIVE IT TO HIM.
    * If the guy behind abuse@ does, but doesn't use it, FIRE HIM.
    * If you haven't done so, disable outbound port 25 at your border router with the exception of an out-bound SMTP server.
    * Put an outbound spam filter in place.

    If you are unwilling to do the above, then there is one last thing you will eventually do: CLOSE SHOP.

    • * you do not get any notifications if you are blacklisted, except whatever obscure message is in your logs
      * you do not have to have spam originating from your system, it can be perfectly normal e-mail to an address used by someone you knew in the past, that is now used by someone else as a spam honeypot.
      UCEprotect sucks. It's no wonder the people behind it are hiding their identities.
  • 1) Determine why you are listed
    2) Change your infrastructure to avoid that in the future (port 587, auth, etc)
    3) Be patient, watch it work
  • by andycal (127447) on Tuesday December 25, 2012 @09:07AM (#42386913)
    Years ago I was running an email server, (Very low output 3 to 5 users personal email only, no lists) and we had some inbound addresses that were overloaded with spam, so we abandoned them. But rather than just discarding email sent to those addresses ( for fear that someone didn't get the new address) I set them up so (via a piped script in the aliases file ) to fail on receipt with the message "your message to abandoned@email can not be delivered, please use the webform here to send your message"

    So we got blacklisted, and checking the logs we had *NO* outgoing email at the time of the accursed spam message(s). The blacklist service didn't give me the whole message, but it contained enough for me to find reference to it in my log.

    Near as I can figure, some spammer sent email to us through an open relay, using a honeypot (you get classed as a spammer if you send email to this address ) as his spoofed 'from: address'. My mailer refused to accept the email to the abandoned address, so the relay returned the 'undelivered' message to the honeypot address.

    Now I had several problems with this. First, to avoid blacklisting, I had to remove this helpful service. Now those messages go to /dev/null. second, I didn't actually send the email, but we got blacklisted simply because our IP adress was in the chain of Received headers in the email header.

    More recently, I had newsletter messages sent to a members of a private club bounced by their local ISP. The sending IP address was not listed in any blacklist I could find. The ISP was just refusing connection, No message, nothing. (I could send email to that ISP from other services like gmail) They wouldn't take my call ( I'm not their customer) so I had some of their customers call and ask "Why am I not getting these newsletter messages?" . I wasn't on the call, but it sounded like they just played dumb. A few of the list members gave us non-local-isp addresses (gmail , yahoo) and now they get the newsletter there.

    Again, legitimate email loses out.

    And finally, Just about every time, my "password reset" messages end up in people's spam folder. This is one of my most common support calls. (this even after the page where they request the password reset says right on it "check your spam folder" ) There are lots of false positives on spam.
  • As long as you confirm thricely that the targets of your spam are willing to receive it you should be good. I'd suggest meeting each and everyone of your in person and with verified live human witnesses present to attest that your prey is willing to subjected to the advertising that you are want to force upon him.

  • by Dynamoo (527749) on Tuesday December 25, 2012 @10:03AM (#42387139) Homepage
    If you don't want to be blacklisted, then stop sending spam. Simple.

    I've seen this story several times before with people complaining about "blackmail" with different blacklists and filters, and in all cases I have ever seen there has been some sort of real problem. Remember that there are different levels of blacklisting, from the lowly backscatter blacklisting which hits a lot of legitimate organisations, up to Level 3 (which indicates that you've been informed of a problem for a long time but basically don't give a fuck), up to the next step which is de-peering or permanent widespread blacklisting. OP is clearly drinking in the last-chance saloon on this one.

    Top tip: running an ISP is harder than it looks. Not managing abuse of your systems will eventually cause major problems, and in the worst cases will drive you out of business and have law enforcement forcing their way into you server rooms to take your kit. Don't assume that YOU are the innocent party and the the complainers are just making it up if you want to remain in the ISP business..

    • by Lazy Jones (8403) on Tuesday December 25, 2012 @02:20PM (#42389399) Homepage Journal

      If you don't want to be blacklisted, then stop sending spam. Simple.

      You're an ignorant fool. Unfortunately, too many sysadmins are just as ignorant, so they trust these badly-run, possibly with malicious intent, services. We've never sent 1 spam e-mail in 12 years doing business online and have been blacklisted several times by UCEprotect due to them recycling old domains (which were used by users to register on our site) for use as spam honeypots. They wasted countless hours of our time for nothing.

  • Use of RBLs isn't government-mandated.

    When customers contact us because they can't receive certain mail, we try to whitelist the IP(s).

    When customers complain that they can't send mail to a certain person because our IPs are blacklisted, we ask them to ask their recipients to have our ranges whitelisted. It's almost the only way this is going to work. No point in trying to have someone whitelist our range over the phone in a company with several layers of managers between a helpdesk-agent and a server-o

  • It's freedom of speech.

    If UCEProtect has an email they think is spam they are perfectly within their rights to proclaim said email is spam from the tops of the highest mountains. Other people have the right to either listen to them (and block the OP), or ignore them (and not block the OP). They do not have to be real nice to the alleged spammer and spend thousands of man-hours a year on appeals. It would be nice of them if they did, but their is no legal requirement to be nice to people.

  • sometimes I also have the feeling that these services are somewhat extortionist. I find this to be the case when they really don't help you in any way to track down the spam they think you're sending.

    some of these are helpful and provide sample spam e-mails that they caught. usually the message ID is enough for me to track down the spam and spammer in question.

    why such an organization would actually _not help_ fighting spam in this way is beyond me though.

  • by Animats (122034) on Tuesday December 25, 2012 @02:45PM (#42389571) Homepage

    For traditional reasons dating back to the dial-up UUCP era, most email systems are store and forward. That's really no longer necessary. In an "always-on" era, mail should be synchronous. When an SMTP server receives a mail that it needs to forward (presumably only to a known address) it should, while holding the incoming connection open, send the appropriate outgoing mail. If the outgoing send succeeds, the SMTP server should reply to the its client with success. If not, it replies with a failure code. No "bounce" messages are ever sent. So there's no possibility of sending a "bounce" message to a faked address. "Joe jobs" become completely ineffective.

    Any non-success status from the outgoing send gets passed back to the incoming connection. If the destination server is down, the SMTP 450 status (Requested mail action not taken: mailbox unavailable) should be returned. For 4xx statuses, most mailers will resend, so the first mailer in the chain will handle retransmission. If the first mailer is a user SMTP client (rare today), the person sending will get an immediate fail, indicating that the mail was not received.

    A simplified SMTP server like that would be appropriate for machines that only handle mail as a sideline and forward it somewhere else, like most web servers.

"Why should we subsidize intellectual curiosity?" -Ronald Reagan

Working...