Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Spamhaus, Tax Evasion, Shell Companies, Extortion Strategies, Blackmail and Much Much More
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Spamhaus, Tax Evasion, Shell Companies, Extortion Strategies, Blackmail and Much Much More

SASPSASP Member
edited June 2014 in General

Good day,

Browsing lowendtalk I believe this might be a suitable place to post the following. A lot of network operators who are knowledgeable about the true nature of Spamhaus hang on this place.

I always heard bad things about Spamhaus especially at the RIPE meetings. I understood what the Spamhaus really are after what happened last year when I was put in the middle of a mass censorship attempt where they demonstrated how they corrupt some ISPs, censor and extort the others. Fighting obscurantism and protecting the Internet neutrality are extremely important to me. I hope that the following information provide enough clues of the deep seated corruption in the Spamhaus project and its founding members.

Note: Spamhaus does not want you to know this information.

Spamhaus recently posted a bunch of FUD to distract the attention from the new recently leaked information regarding their money laundering schemes. link

Spamhaus techniques consist of disrupting mail exchanges to push people toward massively centralized solutions that they have under control.

Spamhaus is also greatly responsible of the depletion of the IPv4 market when marketing companies (mostly American) purchase entire prefixes for huge money.

Anybody who dares to discuss the wrong doing of Spamhaus is immediately labeled a "spammer" and risks a rampaging vendetta from them against ones network and upstream providers.

The following quotes are from the Spamhaus pages where they intended to spread distortions of what some people tell about them.

Myth: "Spamhaus claims to be a non-profit to evade taxes"

Spamhaus founding members use a "sham directors" trick, the technique is described by the The Guardian and the Daily Mail.

Today business registers can be checked online it makes it harder for Spamhaus to hide their embezzlements.

Some examples:

"Spamhaus Technology Limited" is the earliest company registered in the name of Spamhaus in the U.K, you can check the history of directors on companycheck.co.uk. Look at the previous Director and Secretary, they have served only for a day and for more than 24,000 other companies. The next day they are both replaced respectively by Stephen John Linford and Geraldine Myra Peters (Linford's girlfriend). This is what we call the "sham directors".

The registration address, Communications House, 26 York Street, London, W1U6PZ, is the address of w1office a company specialized in virtual offices, fake presence and mail forwarding.

"The Spamhaus Project" is the second registration in the U.K, it is the one that is supposedly "non-profit". The first interesting point is that it was registered after the "Spamhaus Technology Limited".

Its business structure is similar to the first one, see companycheck. The company is registered at the same address (w1office, the virtual office company) as the first company.

The sham directors COMPANY DIRECTORS LIMITED and TEMPLE SECRETARIES LIMITED have served more than 200,000 other companies...

You may also notice, "Stephen John Linford" changed to "Stephen Linford". The trick is used to mix up records, creating two entries in the database.

The most interesting part is the "Current directors and Secretaries" where it shows "SPAMHAUS LOGISTICS CORP.". This make a direct connection to a tax-haven country.

"The Spamhaus Logistic Corp" is the company said to be a "logistics and holdings company maintaining the Spamhaus DNS blacklist".

The first record shows evidences of a direct linking to an offshore tax-haven country (Mauritius) here. The address, 1001 Alexander House, 35 Ebene Cybercity, Mauritius points to Imara Investing a specialist in offshore incorporation and tax optimization...

It is not the only tax-haven where The Spamhaus Logistic Corp can be found:

Another registration in the Mauritius is viewable on the Mauritius official portal which Spamhaus is currently trying to get rid of.

"The Spamhaus Logistic Corp" is also incorporated in the Seychelles at 103 Sham Peng Tong Plaza, Victoria, Mahe, the address of Apollo Business Solutions (PTY) LTD, the company's business consist of tax optimization, Spamhaus claims The Spamhaus Logistic Corp to be a IBC (International Business Company) a a tax-free corporation type. Apollo tells how good it is as an alternative to the British Virgin Islands.

More?

"The Spamhaus Whitelist Company" is a non-existent bogus company, the project's plan here is to become the regulator of e-mail exchanges, the central authority that allows you or not to use e-mail by providing white-lists. The worst possibly imaginable.

Spamhaus claims: "The Spamhaus Whitelist Company Ltd., is a privately held company based in St Helier, Jersey (Great Britain)". Once again, an island with a lot of tax advantages. We can figure out this address too, PO Box 532, Green Street, St Helier JE4 5UW. There is nothing like Spamhaus registered at this address, however we can find a now defunct company called "The Channel House Trustees", a company once again specialized in the provision of trustee and corporate services, tax optimization etc...

Are we done? Nope.

Remember "Spamhaus Technology Limited", the first one which Spamhaus say is to "provides commercial distribution services for the technologies developed by the Spamhaus Project, such as the Spamhaus Datafeed" and then "These are resource-intensive services for which there is high demand but which the Spamhaus Project, as a nonprofit organization focused on fighting spam, has no commercial interest in handling itself." Spamhaus insist very much on saying that it is a "non-profit" project. We've got the same gang, registering multiple companies in multiple tax-havens trying to convince us that they are totally dissociated organizations...

SpamTEQ (Spamhaus Technology Limited), seems to be used to launder money. They disperse/burst the funds through 3 companies that Spamhaus call "Authorized Datafeed Vendors", one for the big funds, "ras-asia" in Singapore the two others as decoys for pennies. You may visit the site (http://ras-asia.com) and compare it with spamhaus.com to find out how similar they can be, if you're into HTML and CSS you may also fingerprints the same author.

Ras-asia has changed address multiple times. You can see that with https://web.archive.org/. (we also keep our own archive ofc.)

20 Cecil Street #04-05 Equity Plaza, 20 Cecil St #15-08 Equity Plaza and 3 Phillip St #13-03 Royal Group Building.

The two first are the addresses of international capital raising ventures like http://www.ventures-international.net which of course are specialized in providing virtual offices, mail redirection etc.

The last one is "TrustSphere", an attempt from Spamhaus to legitimate the company by linking it to a local organization. You can see that it is recent by using the archives.

More shady and bogus addresses:

On this page, they pretend to be based in Geneva, they list an address while Spamhaus is operated by Linford from southern France and the Balearic Islands in Spain where he has purchased villas. The Swiss address points to a business center where a mail forwarding company resides that has Spamhaus as customer. This trick is very efficient against legal troubles. The authorities of the U.K will tend to believe that the organization is in Switzerland. No company such as Spamhaus is registered in Geneva and this was confirmed by the local government. Several people have also been there to confirm the facts.

The building is called "Tour Balexert", it belongs to "Regus". As usual, virtual offices and mail handling services are available

From Spamhaus: Myth: "The Russian Government has declared that Spamhaus is an illegal organization"

Never happened. Russian spammers love to spread this myth, especially in responses to Russian ISPs who disconnect them. Occasionally a naive Russian ISP believes the myth and quotes it back to us confirming that stupidity is not limited to spammers. This myth relies on "I heard from someone who heard from someone..." etc.

Spamhaus attempted to shutdown stophaus.com after it led a huge propaganda to get it shut down because some people where listing the very shady Spamhaus operations. Spamhaus has been powerful enough to successfully got someone jailed and deported, he was later released and no charges where left against him (more about this later).

The truth is that the Russian government has not made Spamhaus illegal indeed but stated that an ISP cannot disconnect a customers when it is harassed and extorted by Spamhaus. If a provider disconnects a customer because it is harrassed by Spamhaus, it could risk a license revocation. This actually explains why stophaus.com is still online despite Spamhaus numerous attempts to extort the providers that have hosted it.

Myth: "Spamhaus wants to stop spamming so that they can control the 'spam industry' for themselves"

This is one of the oldest myths, and almost too silly to try and comment about. Spammers often just are not wired in a way where they can understand that life is not all about greed and making money by annoying others. They do not realize that there are many people on the internet want to keep it usable for the world. Spamhaus tries to stop spam so that email can remain the very powerful communication medium it has become.

In reality, Spamhaus tactics consist of pushing to centralization by making self mail hosting difficult. People will then switch to centralized Spamhaus' sponsors.

When America introduced the CAN-SPAM it allowed marketing companies to send Spam as long as they would allow the recipient to unsubscribe, Spamhaus could not fight against it and instead adapted its business.

In exchange of a paid subscription and activation of Spamhaus blocklists (aka giving coercive powers to Spamhaus) a network can be made free from Spamhaus' aggressive blacklisting.

ISPs which have an agreement with Spamhaus may then begin to lease prefixes to spammers or sponsor marketing services designed for spamming purposes such as, mandrill.com, serversmtp.com, turbo-smtp.info etc.

A very large amount of the marketing services are under the same company, one of them is Softlayer. It was discovered that Softlayer blocked on all ports traffic from prefixes listed by spamhaus. Yes, that makes Softlayer involved in Internet neutrality violations. Softlayer was asked to comment and came out with a brilliant excuse:

When a Softlayer's customer figured out that he was unable to reach certain networks. The customer wrote a complaint. Softlayer attempted to demonstrate that the issue was not on their side, claiming to have no censorship or blocklists on its network until it was made an undeniable fact only then Softlayer admitted to be dropping traffic on Spamhaus' demands using their DROP list. Softlayer then presented claims of extensive damages that removing the DROP list would cause to their network as an excuse. Anybody that operates an ethical network here would find this ridiculous and absurd.

While your concerns about net neutrality are noted, please be advised that at this time, we are not able to remove the Spamhaus DROPlist from our network borders, as doing so has the potential to cause extensive damage to our network and infrastructure.

When we received the transcript, we queried Softlayer to comment the allegations. Softlayer never replied despite we ealier received replied when it was about a different subject.

It seems that the activation of Spamhaus' censorship on Softlayer's network has been done very secretly, we have a reliable source working at Softlayer who told us that he was absolutely not aware of the presence of Spamhaus blocklists on the network.

Myth: "Spamhaus gets information by hacking servers"

Spamhaus doesn't even test for open-email-relays, let alone any other form of computer trespass. We do not do penetration testing, test for various server vulnerabilities, or do any other sort of "hacking." We watch for overt, publicly accessible indications of spam and spam support, all things which can be publicly verified.

Spamhaus receives information from script-kiddies who use Spamhaus as a vendetta tool. However when Spamhaus extorts a provider it will eventually scan the provider's network to figure out where most mail servers hosts are. Spamhaus then add the prefixes to its blocklists to disrupt the provider and its clients and the extortion begin.

Myth: "Spamhaus blocklisted Wikileaks"

Never happened. This myth was circulated by a Russian malware hosting gang known as "Heihachi" in 2010 and further propagated by a blocklisted Dutch spam and malware host known as 'Cyberbunker/CB3ROB' who attempted to trick members of the hacktivist group Anonymous into attacking Spamhaus on his behalf. Quite the contrary, in December 2010 Spamhaus had contacted Wikileaks to warn them that this gang was trying to trick Wikileaks readers into visiting a fake 'Wikileaks' mirror in Russia on which the gang was hosting trojan malware poised to infect anyone who visited. The Spamhaus malware warning report concerning this is here.

Spamhaus was attacking a Russian hosting company that was known to be "bulletproof" and a free-speech haven.

WikiLeaks.info chose this company to host the site after they've got kicked off Amazon upon requested by the U.S. Spamhaus then made up a story to tell that the page was hosted by criminals who had implanted a malware in the page, the message was relayed by several sites until the administrators responded that what Spamhaus claims were false. And yes, it was just defamation.

"We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it. We monitor the wikileaks.info site and we can guarantee that there is no malware on it," the WikiLeaks.info site said. (http://www.cnet.com/news/wikileaks-info-rebuts-malware-warnings/)

Myth: "Spamhaus are Criminals and Terrorists"

Spammers have for years claimed that Spamhaus is a criminal organization, with claims ranging wildly from the CEO of Spamhaus being a "wanted criminal on the run" to our staff being "convicted criminals" to our organization being linked with Al-Queda or other such nonsense. Were any Spamhaus staff, from our CEO and senior management to our cyber threat researchers, to have any type of criminal record whatsoever, let alone be "wanted" by any Government, Spamhaus would not be listed as a member of International Law Enforcement work groups, including: LAP: http://londonactionplan.org/members/ Nor would Spamhaus receive awards from Cybercrime Law Enforcement such as from FBI NCFTA: http://www.spamhaus.org/organization/ncftaaward/. Likewise, were we to have any connection whatsoever to cybercrime or terrorism the FBI would not publicly declare a partnership with Spamhaus such as at: http://www.fbi.gov/news/testimony/small-business-cyber-security These spammer rants seem to be in many cases a mirrored "projection" of the spammer's own character and actions. Often, quite criminal.

Spamhaus brags about awards they've received from organizations which are know to be anti-Internet. However they've got none from organizations that are really campaigning for users' freedom on the Internet and there are very low chances that they ever get one. Please read what the EFF thinks about blacklists. You can also read John's Gilmore (co-founder of the EFF) about anti-spammers propaganda and extortion.

Spamhaus actively use their awards to convince people of their goodwill. The organizations which have awarded Spamhaus had no clue about what is behind Spamhaus' curtain. Knowing these information, even anti-Internet organizations should not be able to award Spamhaus anymore.

Spamhaus also try to convince people by twisting what their opponents (that they call "spammers") claim about them. This is part of their campaign of disinformation. For instance Spamhaus claims that "spammers" say that Spamhaus are "criminals and terrorists" while it's more adequately said that Spamhaus is a "multi million dollar bank rolls, spam, money laundering and corrupted organization which use extortion and other coercive methods which verge on terrorism".

Next

«13

Comments

  • SASPSASP Member

    Myth: "Spamhaus blocks whole ISPs because of one spam"

    There has never been a case in the history of Spamhaus where an entire ISP has been blocklisted because of one spam, nor even a small amount of spam. To reach the point of listing an entire ISP on the Spamhaus Block List requires a very serious volume of unchecked spamming or chronic spammer or cybercriminal hosting infestation. The listing of a whole ISP's netblocks can only occur where an ISP has gone 'rogue' and is overrun with spammers, has intentionally ignored all reports and listing warnings from Spamhaus and is knowingly providing a "Spam Support Service" for profit. It is extremely rare for any legitimate ISP to reach that point and usually only occurs with small Eastern European and Asian ISPs in financial difficulty. Most cases where Spamhaus blocklists "whole ISPs" is where the 'ISP' involved is actually the spam gang simply pretending to be an 'ISP' and has no customers except for spammers.

    Spamhaus does blacklist ISPs entirely even though no spam has ever been sent. Last year when stophaus.com was created, Spamhaus blacklisted the providers where stophaus.com was hosted. When the provider asked an explanation, Spamhaus threaten it to mass blacklisting if they would not shutdown the site. When they refused their whole network got immediately blacklisted. When new information about Spamhaus were again posted on the site, spamhaus scanned the upstream provider's provider's mail servers and blacklisted them to force them to disconnect the hosting provider from the Internet.

    Spamhaus tactic to gain power over a provider consist of forcing the provider to comply with their views. Once this is done Spamhaus will approach the provider by proposing to create a "dedicated entry" in their database then maliciously suggest to activate Spamhaus services and subscribe. If there's a refusal Spamhaus might aggressively blacklist this provider in the future.

    One provider that investigated Spamhaus played the game, it ended up with someone at Spamhaus suggesting a meeting in London to discuss an agreement...

    A lot of providers pay Spamhaus to be able to rent prefixes to marketing companies, a spammer can pay very big money for a small prefix. Any provider receives their e-mails where they request IPv4 and are ready to pay big money, of course this is very tempting for a lot of companies. These marketing companies are legal, there is no risk of legal pursuits, this is why Spamhaus took control over this business.

    Spamhaus also claim that it got never sued, this is because when a large organization threaten them they comply before it happens. For the small ones that have less resources, the fake addresses and other Spamhaus' decoys are sufficient to lure opponents and protect Spamhaus from lawsuits.

    Spamhaus also advocate to reject the connections from the hosts that they list. Creating such an obscurantism prevent users from knowing the reason why they haven't received the messages as well as from knowing that it is because of Spamhaus, this is one the many tricks that keep Spamhaus in the darkness.

    Spamhaus also list a fake user counter where they pretend to be "protecting" more than 2 billions users, this would be more users than sites such as facebook...

    Spamhaus also told that despite being non-profit it is also maintained entirely by "volunteers", therefore people are not paid. This statement disappeared from their page last year when Spamhaus was in the turmoil. They also mentioned that funding is done through "The Spamhaus Foundation", a foundation that can be found nowhere, this was removed from their page. The difference can be seen using the waybackmachine, here is the original and this is what you can read today.

    Spamhaus listings also contained an identification number "SRXX" where XX is replaced by digits, this is the login used by Spamhaus operators, when stophaus.com begun to match these login against names Spamhaus removed them. This is what a Spamhaus blocklist page looked like before May 2013.

    --

    The questions are: Why does Spamhaus operate the way they do in terms of company structure if they are a non-profit? Does a setup like this look trustworthy to you?

    If you have details you want to share with me feel free to contact me. If Spamhaus wants to be the white knight to protect you from spam crossing into our systems it should be no issue for them to be transparent about their structure.

    This is just the first chapter.

    More to come in the next posts.

  • WilliamWilliam Member, Provider

    I'm... not surprised. You should really read the RIPE members only mailing list, stuff like this weekly.

    Thanked by 1TheHackBox
  • SASPSASP Member
    edited June 2014

    @William said: I'm... not surprised. You should really read the RIPE members only mailing list, stuff like this weekly.

    I am also actively talking to people during meetings to gather opinions. I'd really like to meet face to face with the American providers because those are the most corrupted as they usually had very large amounts of unused IPv4 space.

    But there are individuals in each of these organizations that have the ability to discretely setup the very shady things without the others to know, Spamhaus is kind of pro at making this approach.

  • Spamhaus take-down request incoming?

  • rds100rds100 Member

    Virtovo said: Spamhaus take-down request incoming?

    Half of ColoCrossing is already blacklisted, so why bother?

    -

  • SASPSASP Member
    edited June 2014

    @Virtovo said: Spamhaus take-down request incoming?

    This is also something very important for me, Spamhaus should not be shutdown but everyone should know how bad this type of system is.

    The goal is that the few major customers of Spamhaus (outlook.com, yahoo.com, mail.com, aol.com) that allow them to have very aggressive coercive powers drop them.

    Regarding yahoo, they are not the hardest to reach, so I've actually got in touch with a few people there who are very interested by the story.

  • tchentchen Member

    The internet is open to alternatives. Feel free to come up with something better.

    Thanked by 2Gunter marrco
  • Mark_RMark_R Member

    @tchen said: The internet is open to alternatives. Feel free to come up with something better.

    Start using software that is capable of learning potential spam threats without the use of spamlists? if we all would invest in software like this then we could all stop using those public blacklists that are managed by power-hungry individuals. even if we manage to takedown spamhaus then just another similair organization will popup. it is like a endless loop. i'm suprised that people dont realize this.

  • SASPSASP Member

    @tchen said: The internet is open to alternatives. Feel free to come up with something better.

    We have powerful decentralized spam filters that are using Bayesian statistics.

    I suggest dspam.

  • tl;dr, but the problem per-se is not Spamhaus, the problem is providers that use Spamhaus irresponsibly (probably most of them).

    Spamhaus provides information - right, or wrong. What stupid things a provider does with that information is up to them.

    Complain to providers that don't know how to properly use RBLs.

    Thanked by 1tchen
  • eddynetwebeddynetweb Member
    edited June 2014

    @rds100 said: Half of ColoCrossing is already blacklisted, so why bother?

    I had to chuckle at this.

    I never liked Spamhaus, they're practices and beliefs in preventing spam is horrendous. They think that they solve all the spam issues by blacklisting whole subnets (inb4blacklistme).

    Is inflation really at 0.5%? What a conundrum...

    eddynetweb.net | DigitalOcean referral.

    Thanked by 1SASP
  • SASPSASP Member

    @Microlinux said: tl;dr, but the problem per-se is not Spamhaus, the problem is providers that use Spamhaus irresponsibly (probably most of them).

    Spamhaus provides information - right, or wrong. What stupid things a provider does with that information is up to them.

    Complain to providers that don't know how to properly use RBLs.

    A lot of them are using them in order to be able to continue their business with Spam.

    This topic is to show how bad blacklists are in general and why they should not be used.

    Of course this article targets Spamhaus primarily because they are the most obvious example and because I have been investigating them after how I've seen the way they do.

  • MicrolinuxMicrolinux Member
    edited June 2014

    @SASP said: This topic is to show how bad blacklists are in general and why they should not be used.

    Blacklists are not bad, people who don't know how to use them are bad. If you really want to help, become a doctor and find a way to fix the stupid gene.

  • eddynetweb said:

    Thay actually blacklisted a whole country TLD...

    If privacy is outlawed, only outlaws will have privacy. Romanian Protests

  • SASPSASP Member

    @Microlinux said: Blacklists are not bad, people who don't know how to use them are bad.

    I disagree, I think blacklists are bad. A blacklist can be only tolerable when it is temporarily and very precise.

    For instance, I use fail2ban to block brute force attacks floods when the software itself can't do it, when a target is blocked it is blocked on the very specific port and for a very short period.

    I think this is acceptable.

  • jarlandjarland Administrator
    edited June 2014

    @Mark_R said: Start using software that is capable of learning potential spam threats without the use of spamlists?

    Easier said than done. If you've ever run a truly large mail cluster then you are aware that you absolutely must maintain blacklists, whether internal or external. Not that it isn't smart, it just isn't always reasonable. Either way you're going to end up with service providers that revolve around stopping spam, whether it be by providing a superior filtering algorithm or by running a blacklist.

    The key is to use respectable blacklists. SpamCop still has my vote. Friendly, easy to work with, and if you spam you get listed.

    I'm using A2Hosting right now for shared, love it. Referral link.

    Thanked by 1Maounique
  • @Maounique said: Thay actually blacklisted a whole country TLD...

    Is inflation really at 0.5%? What a conundrum...

    eddynetweb.net | DigitalOcean referral.

    Thanked by 20xdragon TheHackBox
  • MicrolinuxMicrolinux Member
    edited June 2014

    @SASP said: I disagree, I think blacklists are bad. A blacklist can be only tolerable when it is temporarily and very precise.

    You still don't understand . . . blacklists do not block anything.

    Blacklists are information that most people use irresponsibly. Spamhaus, for example, hasn't blocked a single e-mail or IP. They distribute a list that providers use to block e-mails or IPs.

    Thanked by 1marrco
  • SASPSASP Member

    @jarland said: Easier said than done. If you've ever run a truly large mail cluster then you are aware that you absolutely must maintain blacklists, whether internal or external.

    That is not true, gmail does not use blacklists. Try to find larger. Also you can decentralize your

    (please don't consider this comment as a suggestion to use gmail).

    @Microlinux said: Blacklists are information that most people use responsibility.

    Oh, and do you believe that users of outlook.com, aol.com, mail.com, yahoo.com... are even aware that blacklists are applied on their mailboxes?

    This is an excuse used very often by Spamhaus, "our users decide to use the lists on their own". 99% of the people being filtered by Spamhaus are not even aware of the existence of this organization.

  • jarlandjarland Administrator
    edited June 2014

    That is not true, gmail does not use blacklists. Try to find larger. Also you can decentralize your

    Yes they do. They use an internal blacklist. As I said, internal or external, you have to block IPs sometimes, and that is a blacklist. Public ones are intended to just be sharing the wealth. They are not inherently bad.

    I'm using A2Hosting right now for shared, love it. Referral link.

  • SASPSASP Member

    @jarland said: Yes they do. They use an internal blacklist. As I said, internal or external, you have to block IPs sometimes, and that is a blacklist.

    Internals and temporary as I said. That is not what Spamhaus is meant to be. You don't need a centralize organization to build your "blacklist".

    When you use them it is for commodity, because you don't care about your users and don't want to spend time on developing something solid.

  • jarlandjarland Administrator
    edited June 2014

    @SASP said: When you use them it is for commodity, because you don't care about your users and don't want to spend time on developing something solid.

    I never support spamhaus, but don't throw the baby out with the bath water. Give SpamCop a try, legit people do exist. They mostly do temporary blocks as you suggested.

    I'm using A2Hosting right now for shared, love it. Referral link.

  • AlexanderMAlexanderM Top Provider

    Is their a TD;LD for this? Reading that much is too time consuming lol

    HostUS | OpenVZ & KVM VPS in 9 worldwide locations with our own Breeze Panel!
    AS7489 | View our network

  • @AlexanderM said: Is their a TD;LD for this? Reading that much is too time consuming lol

    OP thinks they're preforming malicious activities, mixed feelings.

    Is inflation really at 0.5%? What a conundrum...

    eddynetweb.net | DigitalOcean referral.

  • SASPSASP Member
    edited June 2014

    @jarland said: I never support spamhaus, but don't throw the baby out with the bath water. Give SpamCop a try, legit people do exist. They mostly do temporary blocks as you suggested.

    As I said, 24 hours ago I wanted to send an e-mail from an account I have at safe-mail.net (safe-mail runs individual spam filters) so sometimes I use them.

    My e-mail was rejected by the recipient's server because safe-mail.net IP were listed.

    So that's already enough for me to not use Spamcop.

    I don't even need to try them because my system works fine without any blacklist, people who use it also gave me very positive feedback and I am very happy about that because, yes, it is important to provide real solutions.

  • SASPSASP Member
    edited June 2014

    @Liam said: I've posted it up on ycombinator to get some more coverage and opinions. Feel free to upvote/share if anyone her uses it https://news.ycombinator.com/item?id=7880497

    I cannot see anything on the page? Wrong link or content deleted?

  • jarlandjarland Administrator
    edited June 2014

    @SASP said: I don't even need to try them because my system works.

    So the filter fails because your provider doesn't stop outgoing spam? Surely if theres a reasonable bone in your body you must agree that providers allowing outgoing spam must be held responsible to some degree. Not spamhaus level but still treated fairly for their contribution to the Internet being that of taking a dump on everyone else's mail server.

    I'm using A2Hosting right now for shared, love it. Referral link.

  • SASPSASP Member

    @jarland said: So the filter fails because your provider doesn't stop outgoing spam? Surely if theres a reasonable bone in your body you must agree that providers allowing outgoing spam must be held responsible to some degree.

    No, even if the ISP has not promptly suppressed the spammer it cannot be entirely blacklisted, simply because you cannot punish innocent customers.

  • jarlandjarland Administrator
    edited June 2014

    @SASP said: No, even if the ISP has not promptly suppressed the spammer it cannot be entirely blacklisted, simply because you cannot punish innocent customers.

    Economics. If the provider won't take 60 seconds to delist their IP and terminate the spammer then they deserve to be punished with a free market solution by losing their customers to a provider that actually cares about their customers.

    I'm using A2Hosting right now for shared, love it. Referral link.

  • Spam can be cut down with many hosting companies by blocking port 25 by default, and having valid justification for unblocking it.

    Is inflation really at 0.5%? What a conundrum...

    eddynetweb.net | DigitalOcean referral.

    Thanked by 2jarland Pwner
  • SASPSASP Member

    @jarland said: Economics. If the provider won't take 60 seconds to delist their IP and terminate the spammer then they deserve to be punished with a free market solution by losing their customers to a provider that actually cares about their customers.

    This is absurd, at the time the spam is received the spammer is already at another provider. The Internet is meant to be decentralized, therefore each entity on the network should be autonomous and there should not be a central organization that you must subscribe or unsubscribe to send e-mails.

    Thanked by 1Mark_R
  • SASPSASP Member

    @eddynetweb said: Spam can be cut down with many hosting companies by blocking port 25 by default, and having valid justification for unblocking it.

    I think this is a very bad idea, you should not have to ask anybody to have permission to run a mail server or whatsoever.

  • jarlandjarland Administrator

    @SASP said: This is absurd, at the time the spam is received the spammer is already at another provider.

    Not true. Mail queues don't clear that quickly and keep processing. If a spammer got in through a compromise, the user is effectively the spammer until it has been secured. Also, spammers have started using domains with valid spf and DKIM more lately. They do not always move on quickly.

    I know my spam ;)

    I'm using A2Hosting right now for shared, love it. Referral link.

  • @SASP said: I think this is a very bad idea, you should not have to ask anybody to have permission to run a mail server or whatsoever.

    Although I agree, but look at how many blacklisted IP's there are because of this thinking. A few spammers = thousands of IP's blacklisted. Want an example? Look at ColoCrossing.

    Is inflation really at 0.5%? What a conundrum...

    eddynetweb.net | DigitalOcean referral.

  • SASPSASP Member
    edited June 2014

    @jarland said: Not true. Mail queues don't clear that quickly and keep processing. If a spammer got in through a compromise, the user is effectively the spammer until it has been secured. Also, spammers have started using domains with valid spf and DKIM more lately. They do not always move on quickly.

    These are spams that are legal in countries like the U.S, they don't have to fear anything and the content of the messages are totally inoffensive crap, as a matter of fact they are filtered properly and I still don't need a blacklist :)

  • @SASP said: These are spams that are legal in countries like the U.S, they don't have to fear anything and the content of the crap is totally inoffensive, as a matter of fact it is filtered properly and I still don't need a blacklist :)

    That depends what you mean by "spams". Unsolicited mail is one thing, irritating junk mail is another.

    Is inflation really at 0.5%? What a conundrum...

    eddynetweb.net | DigitalOcean referral.

  • jarlandjarland Administrator
    edited June 2014

    @SASP said: These are spams that are legal in countries like the U.S, they don't have to fear anything and the content of the messages are totally inoffensive crap, as a matter of fact they are filtered properly and I still don't need a blacklist :)

    Nope. Not the ones I've been seeing the last 2 months. They're as much spam as the worst you've ever had and they do not always move on quickly, but often use providers that do a poor job of policing their own network. Providers inside and outside of the US. I've seen them use the same IPs for weeks at a time.

    I'm using A2Hosting right now for shared, love it. Referral link.

  • SASPSASP Member

    @jarland said: Nope. Not the ones I've been seeing the last 2 months. They're as much spam as the worst you've ever had and they do not always move on quickly, but often use providers that do a poor job of policing their own network. Providers inside and outside of the US. I've seen them use the same IPs for weeks at a time.

    Yes, ok let's imagine that it last 2 months, what is the problem as long as it is properly filtered? Of course then if you receive a hundred message from the same sender per second then you might need to have it blocked, but that should still be for a short period of time, just as an anti-flood. Therefore you still don't need a centralized blacklist.

  • SASPSASP Member
    edited June 2014

    @eddynetweb said: Although I agree, but look at how many blacklisted IP's there are because of this thinking. A few spammers = thousands of IP's blacklisted. Want an example? Look at ColoCrossing.

    That's a problem of education. If we think like this we would have to disconnect 99% of the Internet users.

    Also this is completely ridiculous, if you're a spammer and you got your spam rejected, you're immediately going to send from somewhere else... That's why we have more and more spam imho, because of lies from the blacklists maintainers about how efficient they are.

  • jarlandjarland Administrator
    edited June 2014

    Not need, I just feel that the nature of the Internet involves a mentality of sharing the wealth and letting people know "hey these guys won't stop spam and it's picking up from their network, here's the IPs we've caught so far that won't stop sending it."

    Maybe I'm just a fan of working together instead of every man for himself.

    I'm using A2Hosting right now for shared, love it. Referral link.

    Thanked by 2Mark_R shovenose
  • SASPSASP Member

    @jarland said: Maybe I'm just a fan of working together instead of every man for himself.

    We work all together to be independent from each other. That's like the organization that pretend to be helping you while all they want is to keep you under control instead of educating you to do things on your own independently and help others.

  • @SASP said: Also this is completely ridiculous, if you're a spammer and you got your spam rejected, you're immediately going to send from somewhere else... That's why we have more and more spam imho, because of lies from the blacklists maintainers about how efficient they are.

    Spam lists are only for reference. It is up to the website administrator to use that resource for the better, or for the worse. It's not like they're being forced to use them.

    Is inflation really at 0.5%? What a conundrum...

    eddynetweb.net | DigitalOcean referral.

    Thanked by 2jarland lazyt
  • Funny that I have not received any junk mail under my domain in my signature.

    Is inflation really at 0.5%? What a conundrum...

    eddynetweb.net | DigitalOcean referral.

  • SASPSASP Member
    edited June 2014

    @eddynetweb said: Spam lists are only for reference. It is up to the website administrator to use that resource for the better, or for the worse. It's not like they're being forced to use them.

    That is true, however here we criticize the fact that some organizations which have a very large amount of users have activated Spamhaus blacklisted in the back of their users and that these users are Spamhaus "coercive powers".

    Therefore the argument "our users decide on their own to use our filters" is invalid.

    If a small organization use Spamhaus it will be usually pretty easy to reach this organization to tell that something went wrong and as a matter of facts this organization will remove Spamhaus, that is not possible with the big craps mentioned earlier.

    So the mission is to show,

    1. How bad blacklists are.
    2. How shady are the maintainers of these blacklists.
    3. Really effective solutions.

    So, education in fact.

    Thanked by 1Mark_R
  • jarlandjarland Administrator
    edited June 2014

    Therefore the argument "our users decide on their own to use our filters" is invalid.

    I think it's still valid. I think spamhaus is not the enemy. I think the service provider that subscribes to their list is. Spamhaus should be free to do what they want, but providers should be shown that they need our money and if they want to keep it they should drop spamhaus.

    I'm using A2Hosting right now for shared, love it. Referral link.

    Thanked by 1mpkossen
  • SASPSASP Member

    @jarland said: I think it's still valid. I think spamhaus is not the enemy. I think the service provider that subscribes to their list is. Spamhaus should be free to do what they want, but providers should be shown that they need our money and if they want to keep it they should drop spamhaus.

    Yes, I totally agree with this one. This is why we're showing what Spamhaus and blacklists are for these providers to stop using them.

    Thanked by 1jarland
  • From what I can see, Spamhaus's tactics are the same as a 1960/70s military junta. I've long believed that they're not to be trusted; however there must be a bigger game here; they're being supported by some bigger network companies. The whole centralization idea fits the bill. I wonder who their backers are.

    CEO, CTO, Technician, Network Specialist, Tech Support, Janitor @ Spring Break Worldwide Networks (Delaware) LLP, a subsidiary of Oversold Craphost Shelf Company (UK) LLC and Scriptkiddie International Telecommunications Pty Ltd (India)

  • SASP said: @Microlinux said: Blacklists are information that most people use responsibility.

    Oh, and do you believe that users of outlook.com, aol.com, mail.com, yahoo.com... are even aware that blacklists are applied on their mailboxes?

    Just to clear up one thing, I meant irresponsibly.

    But, to answer your question, some do some don't. That doesn't change the fact that someone at one of those companies chose to use blacklists. Spamhaus is a problem because people make it a problem.

  • tchentchen Member

    @SASP said: This is why we're showing what Spamhaus and blacklists are for these providers to stop using them.

    FWIW, the above mentioned properties don't rely solely on spamhaus lists. Outlook for instance uses Forefront which while it may use spamhaus as occasional input, has its own set of heuristics and feedback loop with other microsoft properties (e.g. junk mail flagging in outlook). Jarland already covered gmail.

    As for ending up on a spamhaus list even though you're SURE your IP/domain/host is clean, be forewarned that they have a boatload of zombie spamtraps which 'purchased' lists are full of. On the rare chance you aren't a spammer marketer and you're showing up on the DBL, be sure to lock down your SPF as your spoofed domain is likely being used to scan for these spamtraps. IP range blocks are a different unrelated administrative matter.

    As for dspam, it is useful but it doesn't combat a good fraction of phishing-type spam. That's why it's typically paired with SpamAssassin and the usual blacklist suspects. In all likelihood, hybrid proprietary inference engines are what the big mail providers use in-house anyways so waving that purist bayesian banner is so 2005.

    Thanked by 1marrco
  • nunimnunim Member
    edited June 2014

    @jarland said: The key is to use respectable blacklists. SpamCop still has my vote. Friendly, easy to work with, and if you spam you get listed.

    I think Spamcop is pretty good as well, I've never had a false positive and they provide an easy and automated delisting mechanism (unless you've been naughty several times).

    I really hate email, the major blacklists aren't so bad as you can easily query them online, it's the internal ones that are a real PITA as you don't know you're on it until your mail is rejected. Making sure all mail gets where it's supposed to go is more than a full time job unfortunately, that's why hosted solutions, i.e. Gmail/Outlook/Zoho are so popular.

    SonicBoxes.com - VPS Tips, Tricks & Tutorials
    6UA.net Various tools, screenshots, password gen, looking glass, etc..

    Thanked by 1jarland
Sign In or Register to comment.