Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Spamhaus listed an entire /16 - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Spamhaus listed an entire /16

2

Comments

  • Let's blacklist /0 and be done with it.

    Thanked by 3Hxxx switsys Eased
  • jarjar Patron Provider, Top Host, Veteran
    edited September 2017

    Have you talked to them? What did they say? It's important not to be confrontational and simply explain your position and ask them how you can best help.

    First, though, resolve any reports that are within your ability to resolve.

    I've filled over 150 removal requests or requests for additional details in the last week and they have been nothing but friendly.

    Thanked by 2vimalware marrco
  • @rds100 I like your logic. Next level :)

  • Incoming partnership between spamhaus and DO? :)

    @jarland said:
    Have you talked to them? What did they say? It's important not to be confrontational and simply explain your position and ask them how you can best help.

    First, though, resolve any reports that are within your ability to resolve.

    I've filled over 150 removal requests or requests for additional details in the last week and they have been nothing but friendly.

  • randvegetarandvegeta Member, Host Rep

    jetchirag said: It would be 100x harder to get this into action than creating spamhaus's alternative

    Not really. Actually the tech/service already exists. But it's hard to get off the ground. There is a catch 22 situation where no one will use the service because no else is using the service.

    There software had the ability to white-list and even had disposable addresses that could be used to bypass the whole token system if needed. But ultimately making it easier to not use a token provided zero incentive to join the system so it never went any where. If the spam problem gets big enough then perhaps there would be more interest. But services like SpamExperts are pretty good at filtering spam and since it's normally not the hosting client who pays, the economics are not as clear to the end users.

  • williewillie Member
    edited September 2017

    randvegeta said:

    A token with real value (and can be exchanged for cash) can be attached to an E-mail. The value can be small. Say $0.10.

    Your post advocates a
    
    (x) technical ( ) legislative (x) market-based ( ) vigilante
    
    approach to fighting spam. Your idea will not work.
    Here is why it won't work. (One or more of the following may apply
    to your particular idea, and it may have other flaws which used to
    vary from state to state before a bad federal law was passed.)
    
    ( ) Spammers can easily use it to harvest email addresses
    (x) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (x) It will stop spam for two weeks and then we'll be stuck with it
    (x) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (x) Requires immediate total cooperation from everybody at once
    (x) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business
    
    Specifically, your plan fails to account for
    
    ( ) Laws expressly prohibiting it
    (x) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (x) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (x) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    (x) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook
    
    and the following philosophical objections may also apply:
    
    (x) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    (x) Countermeasures should not involve sabotage of public networks
    (x) Countermeasures must work if phased in gradually
    (x) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (x) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough
    
    Furthermore, this is what I think about you:
    
    ( ) Sorry dude, but I don't think it would work.
    (x) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!
    
  • SplitIceSplitIce Member, Host Rep

    It's all just a count down to "/0"

  • randvegetarandvegeta Member, Host Rep
    edited September 2017

    @willie said:

    randvegeta said:

    A token with real value (and can be exchanged for cash) can be attached to an E-mail. The value can be small. Say $0.10.

    Your post advocates a
    
    (x) technical ( ) legislative (x) market-based ( ) vigilante
    
    approach to fighting spam. Your idea will not work.
    Here is why it won't work. (One or more of the following may apply
    to your particular idea, and it may have other flaws which used to
    vary from state to state before a bad federal law was passed.)
    
    ( ) Spammers can easily use it to harvest email addresses
    (x) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (x) It will stop spam for two weeks and then we'll be stuck with it
    (x) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (x) Requires immediate total cooperation from everybody at once
    (x) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business
    
    Specifically, your plan fails to account for
    
    ( ) Laws expressly prohibiting it
    (x) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (x) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (x) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    (x) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook
    
    and the following philosophical objections may also apply:
    
    (x) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    (x) Countermeasures should not involve sabotage of public networks
    (x) Countermeasures must work if phased in gradually
    (x) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (x) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough
    
    Furthermore, this is what I think about you:
    
    ( ) Sorry dude, but I don't think it would work.
    (x) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!
    

    You clearly don't understand how it works. The only problem I see is the catch 22 where users signing up is hard given there are too few users on the system.

    The technology already exists and works with existing mail servers with zero configuration on the server required. It can even work with Gmail as it works with any kind of IMAP/POP3/SMTP server.

    There are no technical issues that prevent this.

    And no matter how profitable spam is, it won't be 10c per email profitable. And even if it is, the value of the token can simply be increased until it is no longer economical to do so.

    There are already means of whitelisting addresses or domains to get around the mailing list issue, and disposable addresses for other uses.

    None of the problema you've mentioned exist.

    I'm sorry your lack of understanding makes you feel others are stupid. I guess it's easier than educating yourself.

  • I'm sorry your lack of understanding makes you feel others are stupid. I guess it's easier than educating yourself.

    Proposing a 10c cost per email is beyond absurd, don't be a dick to this guy.

    Thanked by 1Clouvider
  • randvegetarandvegeta Member, Host Rep
    edited September 2017

    Aidan said: Proposing a 10c cost per email is beyond absurd, don't be a dick to this guy.

    The whole point is that with a 10c 'cost' to send mail, it becomes uneconomical to send spam. The only way spam is made uneconomical is if there is some cost to sending out the emails in the first place.

    But unlike a postage stamp, the value (token) attached to each mail would be received by the recipient. And under normal e-mail use, e-mail is still effectively free as the token is passed back and forth.

    i.e. it cost you $0.10 to send, but you also receive $0.10 for every e-mail you receive. So if you send me an e-mail it cost you $0.10 but when you receive my reply, you get that $0.10 back.

    willie said: (x) This is a stupid idea, and you're a stupid person for suggesting it.

    If he can be a dick, why can't I?

  • ClouviderClouvider Member, Patron Provider

    Heh. IPv6 cannot be adopted in more than a decade and you want to turn the whole Enterprise world upside down in how long ? 100 years is probably not enough time.

    Thanked by 1vimalware
  • randvegetarandvegeta Member, Host Rep
    edited September 2017

    Clouvider said: Heh. IPv6 cannot be adopted in more than a decade and you want to turn the whole Enterprise world upside down in how long ? 100 years is probably not enough time.

    Are you referring to my anti-spam solution?

    Don't get me wrong. Universal adoption is a big problem and it probably won't ever take off. But that doesn't mean it doesn't, or cannot work, nor does it make it a bad idea. The IPv6 analogy is great actually, as the merits of moving to IPv6 are clear. But we are all stuck on IPv4 and adoption of IPv6 is very much in a similar catch 22 situation where end users (broadband customers) don't want it because 99.99% of the web is IPv4 only, and website owners can't be bothered to make the switch because 100% of their client base are on IPv4.

    Eventually it will have to happen as IPv4 must eventually run out.

    So the only way I see the system I have suggested ever becoming mainstream is if SPAM is SOO BAD that people simply can no longer bare it. Or if it were part of a completely different communication system entirely (as in not technically E-Mail).

    But even if there were no whitelists and all mail had to include a $0.10 token, I would think that overall the economics would still make sense for legitimate mailing lists.

    If you think about how much physical paper we still receive in the mail, it costs way more than $0.10. Flyers, bank statements, take-away menus, etc. I believe we pretty much all still receive these things. So it's obviously not going to kill businesses or even incur prohibitive costs.

    But if you also consider the savings to companies not having to deal with spam, it could be huge. Maybe you only spend 5 - 10 mins /day clearing out your inbox, but you multiply that by the number of people in the work force multiplied by the average wage and the savings are enormous. Productivity increases could be huge.

  • iKeyZiKeyZ Veteran
    edited September 2017

    What about large websites with large non-spam email lists (say ~10,000 users) - they suddenly have this financial hit with no return, as who replies to email lists?

    Just because spammers may have to pay $0.10 per email is not to say they will not continue to do so, if they are still earning more than they are spending, it will continue.

    It will end up with spam continuing and people now having to pay to use email.

    Thanked by 1Aidan
  • randvegetarandvegeta Member, Host Rep
    edited September 2017

    @iKeyZ said:
    What about large websites with large non-spam email lists (say ~10,000 users) - they suddenly have this financial hit with no return, as who replies to email lists?

    Just because spammers may have to pay $0.10 per email is not to say they will not continue to do so, if they are still earning more than they are spending, it will continue.

    It will end up with spam continuing and people now having to pay to use email.

    Did you read the part where the recipient received the token? People will get PAID to receive email in this case. And I highlighted spam would not be economical at 10c. But even if it were, the value can simply be increased.

    And I already stated that you can get around the mailing list issue by using a whitelist. But even if you don't whitelist, some mailing lists would continue, as is proved by the fact that we all still receive paper mail at a higher cost.

    If you got paid to receive spam, would you be so against receiving it?

  • AnthonySmithAnthonySmith Member, Patron Provider
    edited September 2017

    @randvegeta I understand your method, I suspect it would be open to financial abuse.

    I think the real issue is that email is an open door system and spamhaus (and others) only act in transit.

    I appreciate what I am about to say makes NO sense for personal grade/level email, but for business, I agree with the idea of a paid whitelist, you want to be verified, pay £50 once p/year, anyone not paying that wants to send you an email will need to jump through a few hoops of verification per email to get it delivered, e.g. confirmation link + capcha.

    Such systems already exist, they just need to be joined up and adopted.

  • RhysRhys Member, Host Rep

    Honestly heard some pretty stupid ideas over the years but holy shit this one trump's everything.

    Thanked by 1Aidan
  • AnthonySmithAnthonySmith Member, Patron Provider

    Rhys said: Honestly heard some pretty stupid ideas over the years but holy shit this one trump's everything.

    It's not that stupid, but it has 2 problems, it is open to financial abuse and assumes people are not dicks, which is kind of a self-defeating loop, as the solution is only suggested because people are dicks generally, to begin with.

    Thanked by 2vimalware southy
  • randvegetarandvegeta Member, Host Rep

    AnthonySmith said: Such systems already exist, they just need to be joined up and adopted.

    The system I am referring to also already exists.

    E-Mail already works as is and there is no desire to 'complicate' things. Plenty of anti-spam solutions also exist which makes the problem LESS of a problem and so I concede that the solution I have suggested would find it difficult to actually get any traction.

    Just to be clear though, I am not coming up with some theoretical software. It already exists, and all the issues (except for the Catch 22) have already been addressed.

    There are white-lists, disposable addresses and a challenge-response system that all help with gradual adoption to make e-mail still usable even if no one else is using the token. And the tokens are reusable and have value so if you receive spam, you are effectively being paid for it! And you can use those tokens to send mail to others who are also using the same system.

    The problem is when you have a challenge response system, and can use white-lists, there is no incentive for others to use the software too. It's the equivalent, I think, of using NAT. NAT prolongs the life of IPv4 by reducing the number of public addresses required for people to get online. Get rid of NAT and you'll probably find IPv6 adoption is much faster.

    So until the problem becomes SOO BAD that regular E-mail is unusable because it's full of spam, such a system may be extremely difficult actually take-off.

    It's not stupid.

  • randvegetarandvegeta Member, Host Rep
    edited September 2017

    AnthonySmith said: it is open to financial abuse

    What kind of abuse?

    AnthonySmith said: and assumes people are not dicks

    Why does it assume that?

  • There are two basic problems, one of which rears its head in far more places than email, which is the fact that the email system is decades old and was conceived in times where trust could be reasonably assumed.

    Hence the email system has quite few (and rather feeble) safeguards against abuse.

    The other problem is the one beyond spamhaus and it's about as old as mankind: Give someone largely uncontrolled power and he will abuse it or at least be careless.

    spamhaus came into existence to respond to an urgent question that again came into existence because the email system had been conceived with benevolent, or at least not malevolent, users in mind.
    spamhaus was very useful in addressing that problem. The logic is behind is simple and powerful: spam by definition addresses very many and hence that very fact can be used, also practically, to recognize it and to make that information available so as to fight it.

    The next level, every wordpress or similar user knows that, came when spammers found a simple way to escape that trap by sending from frequently changing IPs. The natural response was to enhance the recognition mechanism by spotting providers/networks who seemed to be careless or even supportive of spammers. The problem, though, is that those providers do not tell their honest customers "listen, we are fraudsters" which leads to many innocent customers being caught in spam filters.

    The other factor that escalated the problem was spamhaus itself; it de facto escalated and became a bully by focussing to one-sidedly on the evil guys and by all but ignoring the good guys who just happened to be caught and hit by spamhaus, too.

    Finally there is the factor of leverage and propagation. If I as single blogger block whole networks the damage is quite limited. If, however, spamhaus does that the damage is enormous.

    Considering that often we ourselves are the product, that we, the users, have a high value, at least in big numbers, on the internet, I do see a chance to succeed and a promising attempt in creating a "better spamhaus".
    What we need is something like a spamhaus, which is useful, but one where we do not one-sidedly focus on the evil guys, gratuituously "killing" lots and lots of innocent people along the way but where we offer reasonable and acceptable ways to escape the blacklist net when not being evil or when a real problem has been solved.

    And we have another factor on our side: spamhaus just like email itself is aeons old. Today we have very much progressed technologies and means available. Some obstacles that would have seemed unsurmountable 20 years ago can be easily overcome today; we can, for instance, easily do much better evaluation logic and more complex mechanisms (e.g. if a spammer abuses the possibility to clear himself, he will be hit very much harder the next time or, another example, the fact that a certain provider frequently has spammers in his network but is known to quickly and effectively react can be considered in the mechanism).
    Just think of the Kegels 10k problem. Even a few years ago that was indeed a problem. Nowadays there are even scripting engines (e.g. node) that can deal with 10k req/s.

    Finally: I don't expect either law or economy to provide solutions. laws can be easily circumvented on the internet (even "simple" locality attribution can be hard) and having to pay for some kind of token will almost certainly lead to merely shifting the problem.

    No, this is a problem rooted in technology and, to be honest, in bad technological decisions decades ago and we will need to solve it in that realm, too.

    Thanked by 1Ole_Juul
  • WilliamWilliam Member
    edited September 2017

    randvegeta said: We have a few ranges from Host1Plus

    Not that i did not warn you or anyone else, already years ago.

    6ixth said: Yeah, H1P's main business is leasing ranges so this is super excessive

    Aside that they do this violating various RIR policies they do have very interesting tax payments (or rather: not) and do not check usage plus rent to anyone without revoking (which they have no solid system for, they just try to revoke the LOA but customers can continue to use space easily, long time).

    Their main customers are shady VPN providers (yea, the Pakistani especially), spammers and scam (remember the Youtube ad scam? Remember all this 191/8 LACNIC ranges? Yea, that is H1P space.) so... yea, not unexpected.

    In this case, regardless of SH listed "rightfully" based on their policies or not, consideirng this gives me now enormous leverage over Afrinic and Lacnic: Run. Run from H1P space. It might as well be de-registered in a year or less.

  • AnthonySmithAnthonySmith Member, Patron Provider

    randvegeta said: What kind of abuse?

    Lets say I penetrate a network and use it to bulk send emails.

    randvegeta said: Why does it assume that?

    See above.

  • randvegetarandvegeta Member, Host Rep

    AnthonySmith said: Lets say I penetrate a network and use it to bulk send emails.

    Again not sure what you mean here.

    Since the system I am referring to works ontop of existing mail servers, there is no 1 network you can penetrate to bypass the requirement of a token.

    And if a hacker gains access to someones tokens, then they are probably better off redeeming those tokens for cash instead of spamming. But if they do use those tokens then the recipients receive those tokens and so they benefit financially.

    It is a completely trust-less system actually. I do not see how it could be abused.

  • If in some North-Korean fashion you manage to get everyone to comply, then paid email would simply kill the email standard - people would develop something new & free in next to no time.

    Thanked by 1MasonR
  • @randvegeta said:

    AnthonySmith said: Lets say I penetrate a network and use it to bulk send emails.

    Again not sure what you mean here.

    Since the system I am referring to works ontop of existing mail servers, there is no 1 network you can penetrate to bypass the requirement of a token.

    And if a hacker gains access to someones tokens, then they are probably better off redeeming those tokens for cash instead of spamming. But if they do use those tokens then the recipients receive those tokens and so they benefit financially.

    It is a completely trust-less system actually. I do not see how it could be abused.

    how do you deal with bounces / double bounces / mail forwardings ?

    think about user which receive a mail into their inbox while also forwarding it to some second account which actively multiplies the mail - that would add costs for the end user?

    I do have quite some different mail-boxes. I highly doubt I'd want to keep track of token-balances for all of them or even connect them to whatever payment system.

    while I get the point of the system I don't think there is a way to get that working in large scale.

    Thanked by 1MasonR
  • randvegetarandvegeta Member, Host Rep

    Falzo said: how do you deal with bounces / double bounces / mail forwardings ?

    You can easily deal with bounces. If you send an email out and it bounces, it typically contains the original message (uniquie ids and such) that the filter can let that through.

    Mail forwarding can simply be 'white-listed'.

    What's a double bounce?

    Falzo said: think about user which receive a mail into their inbox while also forwarding it to some second account which actively multiplies the mail - that would add costs for the end user?

    Nothing. It would cost you nothing to forward or send mail to yourself. You would probably whitelist your own addresses, but even if you didnt, you are sending a token from yourself to yourself. So you still get to keep the token. So it cost nothing.

    Falzo said: I do have quite some different mail-boxes. I highly doubt I'd want to keep track of token-balances for all of them or even connect them to whatever payment system.

    Use the same 'token manager' application to manage all your inboxes? Or just whitelist? Seems pretty simple to me.

    Think about how many wallet addresses people have with BitCoin. It all ends up in the same wallet no matter how many addresses you create. It's not that hard.

    Falzo said: while I get the point of the system I don't think there is a way to get that working in large scale.

    There are no technical challenged that I can think of. It is purely a matter of adoption. It's not unlikle the initial adoption of BitCoin. Consider why so many other blockchain currencies are still basically worthless. Because no one accepts them and they are perfectly happy with BTC, even with all it's faults and limitations.

  • randvegetarandvegeta Member, Host Rep
    edited September 2017

    Aidan said: If in some North-Korean fashion you manage to get everyone to comply, then paid email would simply kill the email standard - people would develop something new & free in next to no time.

    As a regular user, you are unlikely to ever have to pay for E-Mail as most people typically receive as much as they send.

    Actually most people typically receive more!

  • jarjar Patron Provider, Top Host, Veteran
    edited September 2017

    @Aidan said:
    If in some North-Korean fashion you manage to get everyone to comply, then paid email would simply kill the email standard - people would develop something new & free in next to no time.

    And yet my physical mailbox is still filled with junk every day, despite the costs :P

    It's an interesting thought exercise. Charging for incoming mail can't be a total impossibility, US postal service does fine with it (their financial issues are not related to adoption of their product/service).

    Thanked by 1Clouvider
  • raindog308raindog308 Administrator, Veteran
    edited September 2017

    randvegeta said: Don't get me wrong. Universal adoption is a big problem and it probably won't ever take off. But that doesn't mean it doesn't, or cannot work, nor does it make it a bad idea.

    It's a bad idea, and it was discussed to death in the early 90s. Just search USENET from that era.

    randvegeta said: Get rid of NAT and you'll probably find IPv6 adoption is much faster.

    Gee, ya think?

    Wasn't sure you were trolling before, but...

  • raindog308 said: Just search USENET from that era.

    Ah USENET, so much glorious misspent youth.

Sign In or Register to comment.