Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Spamhaus, Tax Evasion, Shell Companies, Extortion Strategies, Blackmail and Much Much More - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Spamhaus, Tax Evasion, Shell Companies, Extortion Strategies, Blackmail and Much Much More

24

Comments

  • SASPSASP Member

    @jarland said:
    Economics. If the provider won't take 60 seconds to delist their IP and terminate the spammer then they deserve to be punished with a free market solution by losing their customers to a provider that actually cares about their customers.

    This is absurd, at the time the spam is received the spammer is already at another provider. The Internet is meant to be decentralized, therefore each entity on the network should be autonomous and there should not be a central organization that you must subscribe or unsubscribe to send e-mails.

    Thanked by 1Mark_R
  • SASPSASP Member

    @eddynetweb said:
    Spam can be cut down with many hosting companies by blocking port 25 by default, and having valid justification for unblocking it.

    I think this is a very bad idea, you should not have to ask anybody to have permission to run a mail server or whatsoever.

  • jarjar Patron Provider, Top Host, Veteran

    @SASP said:
    This is absurd, at the time the spam is received the spammer is already at another provider.

    Not true. Mail queues don't clear that quickly and keep processing. If a spammer got in through a compromise, the user is effectively the spammer until it has been secured. Also, spammers have started using domains with valid spf and DKIM more lately. They do not always move on quickly.

    I know my spam ;)

  • @SASP said:
    I think this is a very bad idea, you should not have to ask anybody to have permission to run a mail server or whatsoever.

    Although I agree, but look at how many blacklisted IP's there are because of this thinking. A few spammers = thousands of IP's blacklisted. Want an example? Look at ColoCrossing.

  • SASPSASP Member
    edited June 2014

    @jarland said:
    Not true. Mail queues don't clear that quickly and keep processing. If a spammer got in through a compromise, the user is effectively the spammer until it has been secured. Also, spammers have started using domains with valid spf and DKIM more lately. They do not always move on quickly.

    These are spams that are legal in countries like the U.S, they don't have to fear anything and the content of the messages are totally inoffensive crap, as a matter of fact they are filtered properly and I still don't need a blacklist :)

  • @SASP said:
    These are spams that are legal in countries like the U.S, they don't have to fear anything and the content of the crap is totally inoffensive, as a matter of fact it is filtered properly and I still don't need a blacklist :)

    That depends what you mean by "spams". Unsolicited mail is one thing, irritating junk mail is another.

  • jarjar Patron Provider, Top Host, Veteran
    edited June 2014

    @SASP said:
    These are spams that are legal in countries like the U.S, they don't have to fear anything and the content of the messages are totally inoffensive crap, as a matter of fact they are filtered properly and I still don't need a blacklist :)

    Nope. Not the ones I've been seeing the last 2 months. They're as much spam as the worst you've ever had and they do not always move on quickly, but often use providers that do a poor job of policing their own network. Providers inside and outside of the US. I've seen them use the same IPs for weeks at a time.

  • SASPSASP Member

    @jarland said:
    Nope. Not the ones I've been seeing the last 2 months. They're as much spam as the worst you've ever had and they do not always move on quickly, but often use providers that do a poor job of policing their own network. Providers inside and outside of the US. I've seen them use the same IPs for weeks at a time.

    Yes, ok let's imagine that it last 2 months, what is the problem as long as it is properly filtered?
    Of course then if you receive a hundred message from the same sender per second then you might need to have it blocked, but that should still be for a short period of time, just as an anti-flood. Therefore you still don't need a centralized blacklist.

  • SASPSASP Member
    edited June 2014

    @eddynetweb said:
    Although I agree, but look at how many blacklisted IP's there are because of this thinking. A few spammers = thousands of IP's blacklisted. Want an example? Look at ColoCrossing.

    That's a problem of education. If we think like this we would have to disconnect 99% of the Internet users.

    Also this is completely ridiculous, if you're a spammer and you got your spam rejected, you're immediately going to send from somewhere else... That's why we have more and more spam imho, because of lies from the blacklists maintainers about how efficient they are.

  • jarjar Patron Provider, Top Host, Veteran
    edited June 2014

    Not need, I just feel that the nature of the Internet involves a mentality of sharing the wealth and letting people know "hey these guys won't stop spam and it's picking up from their network, here's the IPs we've caught so far that won't stop sending it."

    Maybe I'm just a fan of working together instead of every man for himself.

    Thanked by 2Mark_R shovenose
  • SASPSASP Member

    @jarland said:
    Maybe I'm just a fan of working together instead of every man for himself.

    We work all together to be independent from each other.
    That's like the organization that pretend to be helping you while all they want is to keep you under control instead of educating you to do things on your own independently and help others.

  • @SASP said:
    Also this is completely ridiculous, if you're a spammer and you got your spam rejected, you're immediately going to send from somewhere else... That's why we have more and more spam imho, because of lies from the blacklists maintainers about how efficient they are.

    Spam lists are only for reference. It is up to the website administrator to use that resource for the better, or for the worse. It's not like they're being forced to use them.

    Thanked by 2jar lazyt
  • Funny that I have not received any junk mail under my domain in my signature.

  • SASPSASP Member
    edited June 2014

    @eddynetweb said:
    Spam lists are only for reference. It is up to the website administrator to use that resource for the better, or for the worse. It's not like they're being forced to use them.

    That is true, however here we criticize the fact that some organizations which have a very large amount of users have activated Spamhaus blacklisted in the back of their users and that these users are Spamhaus "coercive powers".

    Therefore the argument "our users decide on their own to use our filters" is invalid.

    If a small organization use Spamhaus it will be usually pretty easy to reach this organization to tell that something went wrong and as a matter of facts this organization will remove Spamhaus, that is not possible with the big craps mentioned earlier.

    So the mission is to show,

    1. How bad blacklists are.
    2. How shady are the maintainers of these blacklists.
    3. Really effective solutions.

    So, education in fact.

    Thanked by 1Mark_R
  • jarjar Patron Provider, Top Host, Veteran
    edited June 2014

    Therefore the argument "our users decide on their own to use our filters" is invalid.

    I think it's still valid. I think spamhaus is not the enemy. I think the service provider that subscribes to their list is. Spamhaus should be free to do what they want, but providers should be shown that they need our money and if they want to keep it they should drop spamhaus.

    Thanked by 1mpkossen
  • SASPSASP Member

    @jarland said:
    I think it's still valid. I think spamhaus is not the enemy. I think the service provider that subscribes to their list is. Spamhaus should be free to do what they want, but providers should be shown that they need our money and if they want to keep it they should drop spamhaus.

    Yes, I totally agree with this one. This is why we're showing what Spamhaus and blacklists are for these providers to stop using them.

    Thanked by 1jar
  • From what I can see, Spamhaus's tactics are the same as a 1960/70s military junta. I've long believed that they're not to be trusted; however there must be a bigger game here; they're being supported by some bigger network companies. The whole centralization idea fits the bill. I wonder who their backers are.

  • SASP said: @Microlinux said: Blacklists are information that most people use responsibility.

    Oh, and do you believe that users of outlook.com, aol.com, mail.com, yahoo.com... are even aware that blacklists are applied on their mailboxes?

    Just to clear up one thing, I meant irresponsibly.

    But, to answer your question, some do some don't. That doesn't change the fact that someone at one of those companies chose to use blacklists. Spamhaus is a problem because people make it a problem.

  • tchentchen Member

    @SASP said:
    This is why we're showing what Spamhaus and blacklists are for these providers to stop using them.

    FWIW, the above mentioned properties don't rely solely on spamhaus lists. Outlook for instance uses Forefront which while it may use spamhaus as occasional input, has its own set of heuristics and feedback loop with other microsoft properties (e.g. junk mail flagging in outlook). Jarland already covered gmail.

    As for ending up on a spamhaus list even though you're SURE your IP/domain/host is clean, be forewarned that they have a boatload of zombie spamtraps which 'purchased' lists are full of. On the rare chance you aren't a spammer marketer and you're showing up on the DBL, be sure to lock down your SPF as your spoofed domain is likely being used to scan for these spamtraps. IP range blocks are a different unrelated administrative matter.

    As for dspam, it is useful but it doesn't combat a good fraction of phishing-type spam. That's why it's typically paired with SpamAssassin and the usual blacklist suspects. In all likelihood, hybrid proprietary inference engines are what the big mail providers use in-house anyways so waving that purist bayesian banner is so 2005.

    Thanked by 1marrco
  • nunimnunim Member
    edited June 2014

    @jarland said:
    The key is to use respectable blacklists. SpamCop still has my vote. Friendly, easy to work with, and if you spam you get listed.

    I think Spamcop is pretty good as well, I've never had a false positive and they provide an easy and automated delisting mechanism (unless you've been naughty several times).

    I really hate email, the major blacklists aren't so bad as you can easily query them online, it's the internal ones that are a real PITA as you don't know you're on it until your mail is rejected. Making sure all mail gets where it's supposed to go is more than a full time job unfortunately, that's why hosted solutions, i.e. Gmail/Outlook/Zoho are so popular.

    Thanked by 1jar
  • SASPSASP Member

    tchen said: Outlook for instance uses Forefront which while it may use spamhaus as occasional input, has its own set of heuristics and feedback loop with other microsoft properties (e.g. junk mail flagging in outlook).

    In this case the message is sent to junk, the user can still view the message and eventually know the reason why it was flagged as spam.

    tchen said: As for ending up on a spamhaus list even though you're SURE your IP/domain/host is clean, be forewarned that they have a boatload of zombie spamtraps which 'purchased' lists are full of. On the rare chance you aren't a spammer marketer and you're showing up on the DBL, be sure to lock down your SPF as your spoofed domain is likely being used to scan for these spamtraps. IP range blocks are a different unrelated administrative matter.

    Anything that Spamhaus does not like is added in their lists, no matter it is spam or not, what they've done last year is one of the many examples.

    tchen said: As for dspam, it is useful but it doesn't combat a good fraction of phishing-type spam. That's why it's typically paired with SpamAssassin and the usual blacklist suspects. In all likelihood, hybrid proprietary inference engines are what the big mail providers use in-house anyways so waving that purist bayesian banner is so 2005.

    Among this my server is capable of tagging e-mails that are suspected of being fishing by detecting the phrasing and checking the headers.

    Spamhaus cannot protect you against fishing, however it can help the scammer to know whether or not his scam will get to the user's mailbox.

  • SASPSASP Member

    @nunim said:
    I really hate email, the major blacklists aren't so bad as you can easily query them online

    Yes, so the spammer will check it too, notice he's blacklisted then use another source.

    Please read, http://www.toad.com/grokmail/antispam.html

  • MaouniqueMaounique Host Rep, Veteran

    jarland said: The key is to use respectable blacklists. SpamCop still has my vote. Friendly, easy to work with, and if you spam you get listed.

    Yes. However, you may not know how spamcop would behave if they were used by major mail providers.

    tchen said: In all likelihood, hybrid proprietary inference engines are what the big mail providers use in-house anyways

    That might explain why microsoft blocks new ranges while nobody else does. Maybe something is going wrong there.

    Thanked by 1Mark_R
  • SASPSASP Member

    Maounique said: That might explain why microsoft blocks new ranges while nobody else does. Maybe something is going wrong there.

    It is also to me one of the many reasons why people are switching to Gmail, because they've got more sophisticated filters. That's also why Spamhaus and their friends lead smear campaign against Gmail, because the mass moves to it and Spamhaus does not have control over it. This causes Spamhaus to lose extortion/coercion power.

  • @tchen said:
    In all likelihood, hybrid proprietary inference engines are what the big mail providers use in-house

    I would say you are very likely right.

    I work for a company that handles a pretty sizable amount of mail, though not anywhere near Google or Microsoft, and we've developed this. Pretty good bet the big guys aren't using "worse" methodologies.

    We use some blacklists - but they are rarely used on sole merit. By intelligently integrating the information, false positives are nearly nil.

    If we're doing this, you can bet the big guys have something similar.

  • raindog308raindog308 Administrator, Veteran

    Maounique said: Thay actually blacklisted a whole country TLD...

    Meh...there are several I block in CSF routinely.

    SASP said: We have powerful decentralized spam filters that are using Bayesian statistics.

    Yeah, and we've had them since the late 90s. They were "powerful" and used "Bayesian statistics" as well. SpamAssassin, for example, dates from that period. DSPAM has been around for 10+ years as well.

    Apparently a lot of people decided they were not enough.

    Thanked by 1TheHackBox
  • doughmanesdoughmanes Member
    edited June 2014

    Microlinux said: Blacklists are not bad, people who don't know how to use them are bad.

    What about that one black list check that all the spammers use to check every Tom, Dick and Harry's blacklist which is build on another blacklist because my blacklist is super awesome built on 10 blacklists, which don't even get removed when the 10 blacklists drop the offending IP.

    Blacklists are either about the community, a for profit business model or just delusions of grandeur.


    I deal with Spamhaus a lot. This is how I see their "organization":

    Level 1 Spamhaus:

    Thomas Morrison - like a Level 1 ticket bumper. Usual cut and paste reply from him.

    Gianmarco Pagani - same as Thomas.

    There was a "woman" working with them at one time. Same as the above with Thomas and Gianmarco.

    Level 2 Spamhaus:

    "HH" - Heil Hitler? I get replies from him from time to time. Usually psychobabbling about delusions of grandeur of Spamhaus and their mission. I just ignore the email if HH replies and the SBL listing is removed. He's like the fat grumpy guy nobody talks to in the office, unless absolutely necessary, because of a bunch of too long; didn't read rants.

    Rob Schultz - not bad to deal with but gets lippy and when cornered by his statements, throws it to MBTC. Rob gets called in when something goes over Thomas' head.

    Chris Thompson - same description as Rob but more pushier. Seems the most technical out of the operation.

    Level 3 / Man at the Top:

    "Man Behind the Curtain", has no signature. Usually is the most pushy and probably Steve Linford himself.


    A note on the "Spamhaus myths" link on their page, they cite "derrr the FBI wouldn't work with us if that was true about us being a scam". Oh, from a press release dated March 16, 2006. Got anything newer Steve?

    Just a note for any company owners/abuse department employees: do NOT go above and beyond to help them by violating your own company's privacy policy when Spamhaus DEMANDS information about your customers to have a SBL listing removed even when the service is terminated.

    Thanked by 1Mark_R
  • DewlanceVPSDewlanceVPS Member, Patron Provider

    We do not use Spamhaus, we manually blacklist IPs and use custom exim rules to detect spam emails.


    Eg: "Win lottery", etc ;)


  • DewlanceVPS said: We do not use Spamhaus, we manually blacklist IPs and use custom exim rules to detect spam emails.

    You also don't run your own network

    Thanked by 2GIANT_CRAB Floris
  • I agree that the concept of blacklists is not ideal, but it works and from my experience it is a more lightweight solution than other spam filter solutions, which is an essential bonus especially on LEB/LET VPS.

    Otherwise, I have to say that I am very happy with ix.dnsbl.manitu.net. Also it seems like a more credible option as it is backed by iX, a well established German IT magazine.

Sign In or Register to comment.